Répondre à : HELP Clé usb infectée 2016-09-08T13:14:48+00:00
istawi
Participant
Nombre d'articles : 3

Merci de m’aider 🙂 -voici le rapport (ps: pourquoi a cote de la marque de mon pc est inscrit invalid (ligne12), cela n’aura aucune incidence ?)

############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: Hachim (Administrateur) # IDEA-PC
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 17:14:58 | 07/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: LENOVO (INVALID)
CPU: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
RAM -> [Total : 8058 | Free : 5301]
Bios: LENOVO
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16384
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 884 Go (391 Go libre(s) – 44%) [Windows8_OS] # NTFS
D: -> Disque fixe # 25 Go (22 Go libre(s) – 89%) [LENOVO] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 15 Go (9 Go libre(s) – 64%) [PATRIOT] # FAT32

################## | Référence de comparaison MD5 |

Md5 : DENIED -> C:UsersHachimAppDataLocalTempiTunesHelper.vbe
Md5 : DENIED -> C:UsersHachimAppDataLocalTempiTunesHelper.vbe

################## | Processus Stoppés |

Stoppé! C:WINDOWSsystem32nvvsvc.exe (ID: 948 |ParentID: 728)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 312 |ParentID: 948)
Stoppé! C:WINDOWSsystem32nvvsvc.exe (ID: 328 |ParentID: 948)
Stoppé! C:WINDOWSSystem32spoolsv.exe (ID: 1392 |ParentID: 728)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1544 |ParentID: 728)
Stoppé! C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1604 |ParentID: 728)
Stoppé! C:Program Files (x86)BonjourmDNSResponder.exe (ID: 1676 |ParentID: 728)
Stoppé! C:Program Files (x86)BlueStacksHD-LogRotatorService.exe (ID: 1696 |ParentID: 728)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1772 |ParentID: 728)
Stoppé! C:Program FileslenovoSystemAgentSystemAgentService.exe (ID: 1820 |ParentID: 728)
Stoppé! C:Program Files (x86)Norton ManagementEngine3.2.2.12ccSvcHst.exe (ID: 1844 |ParentID: 728)
Stoppé! C:Program Files (x86)Norton 360 Premier EditionEngine21.1.0.18N360.exe (ID: 1912 |ParentID: 728)
Stoppé! C:Program FilesCommon FilesNitroPro8.0NitroPDFDriverService8x64.exe (ID: 2016 |ParentID: 728)
Stoppé! C:WINDOWSSysWOW64NLSSRV32.EXE (ID: 508 |ParentID: 728)
Stoppé! C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 1172 |ParentID: 728)
Stoppé! C:WINDOWSsystem32rundll32.exe (ID: 1784 |ParentID: 1568)
Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 2056 |ParentID: 728)
Stoppé! C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID: 2164 |ParentID: 728)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2660 |ParentID: 876)
Stoppé! C:WINDOWSExplorer.EXE (ID: 2968 |ParentID: 2960)
Stoppé! C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 3004 |ParentID: 1172)
Stoppé! C:WINDOWSsystem32conhost.exe (ID: 3020 |ParentID: 3004)
Stoppé! C:Program Files (x86)Norton ManagementEngine3.2.2.12ccSvcHst.exe (ID: 3036 |ParentID: 1844)
Stoppé! C:WINDOWSsystem32taskhostex.exe (ID: 2052 |ParentID: 556)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2476 |ParentID: 556)
Stoppé! C:UsersHachimAppDataLocalPokkiEnginepokki.exe (ID: 3156 |ParentID: 2968)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 3648 |ParentID: 312)
Stoppé! C:WINDOWSsystem32SearchIndexer.exe (ID: 3736 |ParentID: 728)
Stoppé! C:WindowsSystem32skydrive.exe (ID: 4004 |ParentID: 816)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 4044 |ParentID: 2968)
Stoppé! C:WINDOWSsystem32igfxsrvc.exe (ID: 4076 |ParentID: 816)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 4084 |ParentID: 2968)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 1316 |ParentID: 2968)
Stoppé! C:Program FilesCONEXANTcAudioFilterAgentCAudioFilterAgent64.exe (ID: 2976 |ParentID: 2968)
Stoppé! C:Program Files (x86)LenovoEnergy ManagementEnergy Management.exe (ID: 3504 |ParentID: 2968)
Stoppé! C:Program Files (x86)LenovoEnergy Managementutility.exe (ID: 3512 |ParentID: 2968)
Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe (ID: 3488 |ParentID: 2968)
Stoppé! C:Program Files (x86)Common FilesTERRATECRemoteTTTvRc.exe (ID: 2480 |ParentID: 2968)
Stoppé! C:UsersHachimAppDataLocalAkamainetsession_win.exe (ID: 1064 |ParentID: 2968)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3620 |ParentID: 2968)
Stoppé! C:WindowsSystem32StikyNot.exe (ID: 1968 |ParentID: 2968)
Stoppé! C:UsersHachimAppDataLocalAkamainetsession_win.exe (ID: 1272 |ParentID: 1064)
Stoppé! C:Program Files (x86)USB CameraVM331STI.EXE (ID: 1572 |ParentID: 1888)
Stoppé! C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe (ID: 2276 |ParentID: 1888)
Stoppé! C:Program Files (x86)IntelIntelAppStorebinismagent.exe (ID: 1136 |ParentID: 1888)
Stoppé! C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID: 2428 |ParentID: 1888)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3092 |ParentID: 1888)
Stoppé! C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID: 4792 |ParentID: 1056)
Stoppé! C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 4828 |ParentID: 1056)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 4836 |ParentID: 728)
Stoppé! C:Program Files (x86)Bluetooth SuiteActivateDesktop.exe (ID: 4876 |ParentID: 4828)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3100 |ParentID: 728)
Stoppé! C:WindowsSystem32SettingSyncHost.exe (ID: 2120 |ParentID: 816)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4164 |ParentID: 728)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 5528 |ParentID: 2648)
Stoppé! C:UsersHachimDownloadswifree connect 4.0.exe (ID: 5496 |ParentID: 2968)
Stoppé! C:WINDOWSWinStoreWSHost.exe (ID: 3264 |ParentID: 816)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbweLiveComm.exe (ID: 5416 |ParentID: 816)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 5200 |ParentID: 816)
Stoppé! C:WINDOWSsystem32rundll32.exe (ID: 2692 |ParentID: 556)
Stoppé! C:WindowsSystem32WWAHost.exe (ID: 7228 |ParentID: 816)
Stoppé! C:Program Files (x86)BlueStacksHD-Agent.exe (ID: 4300 |ParentID: 7060)
Stoppé! C:WINDOWSsystem32taskhost.exe (ID: 9060 |ParentID: 556)
Stoppé! C:WINDOWSsystem32wwahost.exe (ID: 3216 |ParentID: 816)
Stoppé! C:WINDOWSsystem32wwahost.exe (ID: 8676 |ParentID: 816)
Stoppé! C:WINDOWSsystem32wwahost.exe (ID: 1560 |ParentID: 816)
Stoppé! C:WINDOWSsystem32DllHost.exe (ID: 9344 |ParentID: 816)
Stoppé! C:WINDOWSsystem32dashost.exe (ID: 10772 |ParentID: 876)
Stoppé! C:Program Files (x86)Norton 360 Premier EditionEngine21.1.0.18N360.exe (ID: 10296 |ParentID: 1912)
Stoppé! C:Program Files (x86)Internet ExplorerIELowutil.exe (ID: 8196 |ParentID: 472)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5308 |ParentID: 876)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [331BigDog] – C:Program Files (x86)USB CameraVM331STI.EXE
04 – HKLMSOFTWARE | Run : [Dolby Advanced Audio v2] – “C:Program Files (x86)Dolby Advanced Audio v2pcee4.exe” -autostart
04 – HKLMSOFTWARE | Run : [UpdateP2GShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go5.0”
04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWARE | Run : [YouCam Service] – “C:Program Files (x86)CyberLinkYouCamYouCamService.exe” /s
04 – HKLMSOFTWARE | Run : [Lenovo App Shop] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [BlueStacks Agent] – C:Program Files (x86)BlueStacksHD-Agent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [331BigDog] – C:Program Files (x86)USB CameraVM331STI.EXE
04 – HKLMSOFTWAREwow6432Node | Run : [Dolby Advanced Audio v2] – “C:Program Files (x86)Dolby Advanced Audio v2pcee4.exe” -autostart
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go5.0”
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWAREwow6432Node | Run : [YouCam Service] – “C:Program Files (x86)CyberLinkYouCamYouCamService.exe” /s
04 – HKLMSOFTWAREwow6432Node | Run : [Lenovo App Shop] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BlueStacks Agent] – C:Program Files (x86)BlueStacksHD-Agent.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Remote Control Editor] – “C:Program Files (x86)Common FilesTERRATECRemoteTTTvRc.exe”
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Pokki] – C:WINDOWSsystem32rundll32.exe “%LOCALAPPDATA%PokkiEngineLauncher.dll”,RunLaunchPlatform
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersHachimAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersHachimAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe

################## | Recherche générique |

Supprimé! F:bilan.lnk
Supprimé! F:films.lnk
Supprimé! F:docu 2.lnk
Supprimé! F:vehicules dispo.lnk
Supprimé! F:Applications supprimées.lnk
Supprimé! F:emploi.lnk
Supprimé! F:E4 Com1 espace forme le littoral.lnk
Supprimé! F:tableau dynamique.lnk
Supprimé! F:Location de voitures MERLINET.lnk
Supprimé! F:td1 realiser des simulations avec la valeur cible.lnk
Supprimé! F:Chapitre 6 Approfondir-BD-Elève.lnk
Supprimé! F:Diagramme Ishikawa DOPS SL productions.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! F:SL CONSTRUCTIONS.lnk
Supprimé! F:DOPS SL CONSTRUCTIONS.lnk
Supprimé! F:System Volume Information.lnk
Supprimé! F:DOPS SL CONSTRUCTIONS Diagramme d’Hishikawa.lnk
Supprimé! F:Fiches E4 E6.lnk
Supprimé! F:nouveau office.lnk
Supprimé! F:Finalité 4 – Organisation de l’action.lnk
Supprimé! F:applications.lnk
Supprimé! F:Nouveau dossier (2).lnk
Supprimé! F:docu 1.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! C:UsersHachimAppDataLocalTempoct6731.tmp.exe
Supprimé! C:UsersHachimAppDataLocalTemp228726-672518-bluestacks.exe

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

################## | Listing |

[18/10/2013 – 06:32:11 | SHD ] C:$Recycle.Bin
[11/10/2012 – 17:56:46 | SHD ] C:Boot
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[18/06/2013 – 13:18:29 | N | 1] C:BOOTNXT
[10/10/2012 – 01:07:57 | RASH | 8192] C:BOOTSECT.BAK
[06/11/2013 – 20:01:26 | SHD ] C:Config.Msi
[22/08/2013 – 15:45:52 | SHD ] C:Documents and Settings
[18/10/2013 – 15:35:37 | D ] C:Drivers
[06/11/2013 – 19:50:22 | ASH | 6759342080] C:hiberfil.sys
[11/08/2013 – 11:45:20 | D ] C:Intel
[10/10/2013 – 13:37:12 | D ] C:ldiag
[18/10/2013 – 17:36:40 | RHD ] C:MSOCache
[05/08/2013 – 13:36:49 | D ] C:NVIDIA
[06/08/2013 – 19:34:37 | D ] C:NvidiaLogging
[06/11/2013 – 19:50:23 | ASH | 1342177280] C:pagefile.sys
[22/08/2013 – 16:22:35 | D ] C:PerfLogs
[22/10/2013 – 20:13:08 | D ] C:Program Files
[07/11/2013 – 15:29:36 | D ] C:Program Files (x86)
[28/10/2013 – 14:15:50 | HD ] C:ProgramData
[18/10/2013 – 06:41:58 | SHD ] C:Recovery
[22/03/2013 – 20:03:32 | D ] C:sources
[07/11/2013 – 16:34:17 | ASH | 268435456] C:swapfile.sys
[06/11/2013 – 15:45:47 | SHD ] C:System Volume Information
[07/11/2013 – 16:35:15 | D ] C:UsbFix
[07/11/2013 – 16:31:58 | N | 1334] C:UsbFix [Clean 2] IDEA-PC.txt
[07/11/2013 – 16:35:16 | A | 14965] C:UsbFix [Clean 3] IDEA-PC.txt
[07/11/2013 – 15:45:05 | N | 17424] C:UsbFix [Scan 1] IDEA-PC.txt
[07/11/2013 – 15:52:53 | N | 15604] C:UsbFix [Scan 2] IDEA-PC.txt
[07/11/2013 – 16:19:22 | N | 16769] C:UsbFix [Scan 3] IDEA-PC.txt
[22/03/2013 – 11:41:08 | D ] C:UserGuidePDF
[18/10/2013 – 05:54:35 | RD ] C:Users
[06/11/2013 – 15:43:32 | D ] C:Windows
[03/08/2013 – 18:02:42 | SHD ] D:$RECYCLE.BIN
[22/03/2013 – 11:47:25 | D ] D:Application
[22/03/2013 – 11:38:30 | D ] D:drivers
[03/08/2013 – 18:39:42 | D ] D:Lenovo
[30/10/2013 – 11:38:31 | SHD ] D:System Volume Information
[30/09/2013 – 14:42:56 | D ] F:docu 2
[07/10/2013 – 15:38:48 | D ] F:films
[30/11/2012 – 20:59:54 | D ] F:emploi
[09/10/2013 – 10:25:02 | D ] F:Nouveau dossier
[30/10/2012 – 13:02:44 | N | 26340] F:Applications supprimées.html
[08/10/2013 – 10:15:32 | N | 10344] F:E4 Com1 espace forme le littoral.docx
[30/09/2013 – 14:21:52 | D ] F:Fiches E4 E6
[07/10/2013 – 15:39:26 | D ] F:nouveau office
[09/10/2013 – 11:52:54 | N | 148726] F:bilan.png
[09/10/2013 – 10:30:52 | D ] F:Finalité 4 – Organisation de l’action
[07/10/2013 – 15:39:02 | D ] F:applications
[09/10/2013 – 10:29:08 | N | 13178] F:Location de voitures MERLINET.docx
[09/10/2013 – 11:49:30 | N | 179742] F:tableau dynamique.png
[09/10/2013 – 11:51:18 | N | 156077] F:vehicules dispo.png
[05/11/2013 – 09:06:46 | D ] F:Nouveau dossier (2)
[11/10/2013 – 14:40:54 | N | 9958] F:td1 realiser des simulations avec la valeur cible.xlsx
[17/09/2013 – 09:46:50 | D ] F:docu 1
[05/11/2013 – 09:32:28 | N | 1126400] F:Chapitre 6 Approfondir-BD-Elève.mdb
[04/11/2013 – 16:34:00 | N | 16660] F:Diagramme Ishikawa DOPS SL productions.docx
[05/11/2013 – 10:56:00 | N | 17360] F:DOPS SL CONSTRUCTIONS Diagramme d’Hishikawa.docx
[03/11/2013 – 21:17:24 | SHD ] F:System Volume Information
[04/11/2013 – 16:37:22 | N | 17090] F:SL CONSTRUCTIONS.docx
[04/11/2013 – 16:28:40 | N | 22607] F:DOPS SL CONSTRUCTIONS.docx
[07/11/2013 – 16:31:32 | SHD ] F:Autorun.inf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |