Répondre à : virus sur disques amovibles et usb 2016-09-08T13:18:42+00:00
nadouche92
Nombre d'articles : 0

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Nadia (Administrateur) # NADIA-TOSH

voici mon rapport.
g un deuxième petit pc (windows 7 starter), et g désinfecter ttes mes clé usb sur le premier, est ce que en installant usbfix sur le 2em sans brancher de clé, il va qd mm désinffecter mon pc???

Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 21:18:30 | 17/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (PWWAM)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
RAM -> [Total : 3933 | Free : 1699]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (62 Go libre(s) – 41%) [WINDOWS] # NTFS
D: -> Disque fixe # 148 Go (140 Go libre(s) – 94%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [NADIA ASH 4] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1268 |ParentID: 580)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4744 |ParentID: 2544)
Stoppé! C:Windowsexplorer.exe (ID: 6828 |ParentID: 680)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2836 |ParentID: 1004)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 6596 |ParentID: 748)
Stoppé! C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 1056 |ParentID: 580)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 6736 |ParentID: 580)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6844 |ParentID: 580)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3808 |ParentID: 580)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 5856 |ParentID: 3808)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 4276 |ParentID: 476)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1856 |ParentID: 580)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1668 |ParentID: 580)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 6132 |ParentID: 580)
Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID: 7140 |ParentID: 580)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 2508 |ParentID: 2028)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 3396 |ParentID: 6828)
Stoppé! C:Program FilesInternet ExplorerIEXPLORE.EXE (ID: 6480 |ParentID: 5904)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 1084 |ParentID: 6480)
Stoppé! C:Windowssystem32DllHost.exe (ID: 6584 |ParentID: 748)
Stoppé! C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe (ID: 1672 |ParentID: 1084)
Stoppé! C:Program FilesAdblock Plus for IEAdblockPlusEngine.exe (ID: 2160 |ParentID: 1084)
Stoppé! C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 2912 |ParentID: 748)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 6808 |ParentID: 6480)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 2488 |ParentID: 3396)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_7_700_224.exe (ID: 2244 |ParentID: 2488)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_7_700_224.exe (ID: 6204 |ParentID: 2244)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
04 – HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLMSOFTWARE | Run : [KeNotify] – “C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe” LPCM
04 – HKLMSOFTWARE | Run : [ToshibaServiceStation] – C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe /hide:60
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [jusched7] – C:UsersNadiaAppDataRoamingPublicjusched.exe
04 – HKLMSOFTWARE | Run : [Intel(R)TCP] – C:UsersPublicIntel(R)TCP.exe
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
04 – HKLMSOFTWAREwow6432Node | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLMSOFTWAREwow6432Node | Run : [KeNotify] – “C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe” LPCM
04 – HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe /hide:60
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [jusched7] – C:UsersNadiaAppDataRoamingPublicjusched.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Intel(R)TCP] – C:UsersPublicIntel(R)TCP.exe
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKLMSOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersNadiaAppDataRoamingPublicjusched.exe
04 – HKLMSOFTWARE | PoliciesExplorerrun : [Intel(R)LSM] – C:UsersPublicIntel(R)TCP.exe
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2945581834-3016043712-3197114360-1001SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-21-2945581834-3016043712-3197114360-1001SOFTWARE | Run : [Intel(R)TCP] – C:UsersPublicIntel(R)TCP.exe
04 – HKUS-1-5-21-2945581834-3016043712-3197114360-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersNadiaAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-2945581834-3016043712-3197114360-1001SOFTWARE | Run : [8jusched] – C:UsersNadiaAppDataRoamingPublicjusched.exe
04 – HKUS-1-5-18SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601
04 – HKUS-1-5-21-2945581834-3016043712-3197114360-1001SOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersNadiaAppDataRoamingPublicjusched.exe
04 – HKUS-1-5-21-2945581834-3016043712-3197114360-1001SOFTWARE | PoliciesExplorerrun : [Intel(R)LSM] – C:UsersPublicIntel(R)TCP.exe

################## | Recherche générique |

Supprimé! C:UsersNadiaAppDataRoamingACFEA309ak.tmp
Supprimé! C:UsersNadiaAppDataRoamingACFEA309
Supprimé! C:UsersNadiaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
Supprimé! C:UsersNadiaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! C:UsersPublic4z1z.VBE
Supprimé! C:UsersPublic4zz.VBE
Supprimé! C:UsersPublic7z1z.VBE
Supprimé! C:UsersPublic7zz.VBE
Supprimé! C:UsersPublicIntel(R)TCP.exe
Supprimé! C:UsersNadiaAppDataRoamingNadia-wchelper.dll
Supprimé! C:UsersNadiaAppDataRoamingPublic
Supprimé! C:UsersNadiaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe
Supprimé! C:UsersNadiaAppDataLocalTempNadia7
Supprimé! C:UsersNadiaAppDataLocalTempNadia8

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic4z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic4zz.VBE
Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic7z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic7zz.VBE
Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UsersPublicIntel(R)TCP.exe
Md5 : E89028D8068170E606AA0996D457AAA3 -> C:UsersNadiaAppDataRoamingPublicjusched.exe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersNadiaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UsersNadiaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> F:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKCUSoftwareÀ classé
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKUS-1-5-21-2945581834-3016043712-3197114360-1001SoftwareMicrosoftWindowsCurrentVersionRun|8jusched
Supprimé! HKUS-1-5-21-2945581834-3016043712-3197114360-1001SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Intel(R)LSM
Supprimé! HKUS-1-5-21-2945581834-3016043712-3197114360-1001SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
Supprimé! HKUS-1-5-21-2945581834-3016043712-3197114360-1001SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|jusched9
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Intel(R)LSM
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|jusched7
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|jusched9
Supprimé! HKLMSOFTWAREMicrosoftActive SetupInstalled Components{HHX1E7D2-5XOC-6B71-CC12-760IE2EFRCQE}
Supprimé! HKUS-1-5-21-2945581834-3016043712-3197114360-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-2945581834-3016043712-3197114360-1001Software….Mountpoints2{7de5c4cd-0147-11e2-9e49-1c7508710116}

################## | Listing |

[23/11/2012 – 16:46:20 | SHD ] C:$RECYCLE.BIN
[17/11/2013 – 20:25:34 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[17/11/2013 – 20:12:27 | ASH | 3092942848] C:hiberfil.sys
[04/09/2012 – 18:54:51 | D ] C:Intel
[11/11/2013 – 18:22:37 | RHD ] C:MSOCache
[17/11/2013 – 20:12:31 | ASH | 4123926528] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[11/11/2013 – 20:33:28 | D ] C:Program Files
[17/11/2013 – 21:19:26 | D ] C:Program Files (x86)
[11/11/2013 – 20:33:34 | HD ] C:ProgramData
[19/10/2010 – 13:19:27 | N | 70] C:SWSTAMP.TXT
[17/11/2013 – 21:05:06 | SHD ] C:System Volume Information
[04/09/2012 – 19:22:45 | D ] C:Toshiba
[17/11/2013 – 21:21:25 | D ] C:UsbFix
[17/11/2013 – 21:21:31 | A | 11317] C:UsbFix [Clean 3] NADIA-TOSH.txt
[17/11/2013 – 20:38:52 | N | 16183] C:UsbFix [Scan 1] NADIA-TOSH.txt
[04/09/2012 – 19:19:44 | RD ] C:Users
[11/11/2013 – 18:57:57 | D ] C:Windows
[04/09/2012 – 19:22:50 | SHD ] D:$RECYCLE.BIN
[05/09/2012 – 04:18:21 | D ] D:HDDRecovery
[11/11/2013 – 18:12:37 | D ] D:Office 2013 64 bit
[04/09/2012 – 18:48:15 | SHD ] D:System Volume Information
[20/06/2013 – 14:46:14 | N | 28690] F:Thomas Arnaud.odt
[21/06/2013 – 15:28:30 | D ] F:dicredico
[11/06/2013 – 15:19:34 | D ] F:gacem
[21/01/2013 – 15:46:16 | D ] F:politique de la ville
[27/05/2013 – 13:52:14 | N | 34127] F:Aziz.odt
[07/01/2013 – 12:14:38 | N | 35911] F:Bardini.odt
[18/10/2012 – 10:15:30 | N | 16078] F:hafidi.odt
[26/02/2013 – 12:48:44 | N | 29975] F:Ituri.odt
[24/09/2013 – 09:51:10 | N | 33826] F:lamour.odt
[18/06/2013 – 11:50:08 | N | 30585] F:large.odt
[09/10/2012 – 14:45:32 | N | 19286] F:Le Boiteux.odt
[01/10/2012 – 21:45:20 | N | 11113] F:Mathevon Stephanie.odt
[18/06/2013 – 09:19:22 | N | 54345] F:perrain.odt
[15/10/2012 – 15:07:48 | N | 17783] F:Petry.odt
[28/05/2013 – 15:21:38 | N | 24744] F:sorel.odt
[12/11/2013 – 15:20:46 | D ] F:Nouveau dossier
[17/11/2013 – 21:05:44 | RASHD ] F:Autorun.inf
[12/11/2013 – 15:19:12 | D ] F:2 eme année

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |