Répondre à : Création de fichiers raccourci – pc infecté – Rapport usbfix 2016-09-08T13:15:42+00:00
pryme
Participant
Nombre d'articles : 7

Oui malheureusement, c’est qui arrive quand on essaie de vérifier la clé sur plusieurs pc :what:

Voilà le rapport :

[spoiler:gu3bo8qo]############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Pryme (Administrateur) # PRYME-HP
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 18:49:45 | 09/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3689 | Free : 1735]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 268 Go (144 Go libre(s) – 54%) [] # NTFS
D: -> Disque fixe # 26 Go (3 Go libre(s) – 10%) [Recovery] # NTFS
E: -> Disque fixe # 4 Go (1 Go libre(s) – 27%) [HP_TOOLS] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1756 |ParentID: 572)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1208 |ParentID: 572)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 3208 |ParentID: 2424)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 2712 |ParentID: 1208)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe (ID: 3272 |ParentID: 572)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe (ID: 324 |ParentID: 3272)
Stoppé! C:Windowsexplorer.exe (ID: 7916 |ParentID: 532)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 784 |ParentID: 572)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 6228 |ParentID: 680)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 8756 |ParentID: 572)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 5732 |ParentID: 8756)
Stoppé! C:Program Files (x86)BatBrowseupdateBatBrowse.exe (ID: 6476 |ParentID: 572)
Stoppé! C:Program Files (x86)BatBrowsebinutilBatBrowse.exe (ID: 8796 |ParentID: 572)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 9556 |ParentID: 572)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 9384 |ParentID: 572)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 4440 |ParentID: 572)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 5992 |ParentID: 572)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 8120 |ParentID: 572)
Stoppé! C:Windowssystem32DllHost.exe (ID: 8324 |ParentID: 680)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7240 |ParentID: 7916)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6580 |ParentID: 7240)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5648 |ParentID: 7240)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8672 |ParentID: 7240)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8780 |ParentID: 7240)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8196 |ParentID: 7240)
Stoppé! C:Windowssystem32taskeng.exe (ID: 9324 |ParentID: 984)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [HPQuickWebProxy] – “C:Program Files (x86)Hewlett-PackardHP QuickWebhpqwutils.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
04 – HKLMSOFTWARE | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
04 – HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [ConnectionCenter] – “C:Program Files (x86)CitrixICA Clientconcentr.exe” /startup
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [HPQuickWebProxy] – “C:Program Files (x86)Hewlett-PackardHP QuickWebhpqwutils.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
04 – HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [ConnectionCenter] – “C:Program Files (x86)CitrixICA Clientconcentr.exe” /startup
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3635000046-248825801-293222117-1000SOFTWARE | Run : [Sony PC Companion] – “C:Program Files (x86)SonySony PC CompanionPCCompanion.exe” /Background
04 – HKUS-1-5-21-3635000046-248825801-293222117-1000SOFTWARE | Run : [Spotify] – “C:UsersPrymeAppDataRoamingSpotifySpotify.exe” /uri spotify:autostart
04 – HKUS-1-5-21-3635000046-248825801-293222117-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsersPrymeAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-3635000046-248825801-293222117-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-3635000046-248825801-293222117-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-3635000046-248825801-293222117-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersPrymeAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersPrymeAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersPrymeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersPrymeAppDataLocalTempJRHWzEJS.vbs
Supprimé! C:UsersPrymeAppDataLocalTempGenial_Oza.hta
Supprimé! D:desktop.ini

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersPrymeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersPrymeAppDataLocalTempiTunesHelper.vbe
Md5 : B5E7BFBBAC3B4E9DB51960169132E9FD -> C:UsersPrymeAppDataLocalTempJRHWzEJS.vbs

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-3635000046-248825801-293222117-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-3635000046-248825801-293222117-1000Software….Mountpoints2{c8ee94dc-953b-11e2-bbc6-c01885cd470b}

################## | Listing |

[04/11/2013 – 15:16:43 | SHD ] C:$Recycle.Bin
[24/10/2011 – 06:48:51 | SHD ] C:boot
[21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[08/11/2013 – 18:13:54 | ASH | 2901467136] C:hiberfil.sys
[15/05/2012 – 01:11:31 | D ] C:HP
[23/03/2013 – 02:50:22 | RHD ] C:MSOCache
[08/11/2013 – 18:13:59 | ASH | 3868622848] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[21/10/2013 – 23:20:48 | D ] C:Program Files
[04/11/2013 – 19:20:47 | D ] C:Program Files (x86)
[05/11/2013 – 09:00:43 | HD ] C:ProgramData
[22/03/2013 – 17:48:11 | SHD ] C:Recovery
[25/05/2013 – 08:27:04 | D ] C:SWSetup
[05/11/2013 – 08:55:31 | SHD ] C:System Volume Information
[22/03/2013 – 17:48:18 | D ] C:SYSTEM.SAV
[09/11/2013 – 19:02:29 | D ] C:UsbFix
[09/11/2013 – 19:02:44 | A | 9897] C:UsbFix [Clean 2] PRYME-HP.txt
[09/11/2013 – 17:45:49 | N | 15862] C:UsbFix [Scan 1] PRYME-HP.txt
[22/03/2013 – 15:41:24 | RD ] C:Users
[19/06/2013 – 12:32:46 | D ] C:Windows
[22/03/2013 – 17:53:36 | SHD ] D:$RECYCLE.BIN
[22/03/2013 – 17:53:24 | RASHD ] D:boot
[14/07/2009 – 19:39:00 | RASH | 383562] D:bootmgr
[22/03/2013 – 17:53:24 | D ] D:FactoryUpdate
[22/03/2013 – 17:53:24 | D ] D:hp
[23/03/2013 – 09:14:19 | N | 20] D:HPSF_Rep.txt
[22/03/2013 – 17:49:43 | N | 8] D:HP_WSD.dat
[22/03/2013 – 17:53:24 | RSHD ] D:preload
[22/03/2013 – 17:53:24 | RSD ] D:recovery
[22/03/2013 – 17:53:24 | D ] D:RM_Reserve
[22/05/2013 – 01:05:57 | SHD ] D:System Volume Information
[15/05/2012 – 01:56:12 | D ] E:Hewlett-Packard
[15/05/2012 – 02:18:50 | SHD ] E:$RECYCLE.BIN
[22/03/2013 – 17:49:44 | N | 8] E:HP_WSD.dat
[23/03/2013 – 09:14:20 | N | 20] E:HPSF_Rep.txt

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:gu3bo8qo]