Répondre à : virus qur clé usb 2016-09-08T13:19:25+00:00
mymy
Nombre d'articles : 0

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: emilie (Administrateur) # EMILIE
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 19:18:51 | 19/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
RAM -> [Total : 6091 | Free : 4719]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 669 Go (625 Go libre(s) – 93%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (7 Go libre(s) – 99%) [TDK EMILIE] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1440 |ParentID: 840)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3140 |ParentID: 916)
Stoppé! E:urDrive.exe (ID: 792 |ParentID: 3656)
Stoppé! C:Windowsexplorer.exe (ID: 4104 |ParentID: 6860)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 6872 |ParentID: 840)
Stoppé! C:Windowssystem32DllHost.exe (ID: 6928 |ParentID: 960)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4268 |ParentID: 840)
Stoppé! C:Program Files (x86)SonyVAIO Control CenterVESMgr.exe (ID: 6088 |ParentID: 840)
Stoppé! C:Program Files (x86)SonyVAIO Control CenterVESMgrSub.exe (ID: 6336 |ParentID: 6088)
Stoppé! C:Program Files (x86)SonyVAIO Control CenterVESMgrSub.exe (ID: 216 |ParentID: 6088)
Stoppé! C:WindowsSysWOW64DllHost.exe (ID: 5048 |ParentID: 960)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 4536 |ParentID: 840)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 6588 |ParentID: 840)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5200 |ParentID: 840)
Stoppé! C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 6184 |ParentID: 840)
Stoppé! C:WindowsSystem32vds.exe (ID: 1104 |ParentID: 840)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweLiveComm.exe (ID: 6868 |ParentID: 960)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 808 |ParentID: 960)
Stoppé! C:WindowsSystem32ThumbnailExtractionHost.exe (ID: 3088 |ParentID: 960)
Stoppé! C:WindowsSystem32ThumbnailExtractionHost.exe (ID: 3816 |ParentID: 960)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
04 – HKLMSOFTWARE | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “c:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [Intel AppUp(R) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “c:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(R) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-2048194076-3241101371-304686481-1001SOFTWARE | Run : [EPSON SX100 Series] – C:Windowssystem32spoolDRIVERSx643E_IATIEDE.EXE /FU “C:WindowsTEMPE_S6B90.tmp” /EF “HKCU”
04 – HKUS-1-5-21-2048194076-3241101371-304686481-1001SOFTWARE | Run : [EPSON Stylus SX100] – C:Windowssystem32spoolDRIVERSx643E_IATIEDE.EXE /FU “C:UsersemilieAppDataLocalTempE_SA78B.tmp” /EF “HKCU”
04 – HKUS-1-5-21-2048194076-3241101371-304686481-1001SOFTWARE | Run : [iLivid] – “C:UsersemilieAppDataLocaliLividiLivid.exe” -autorun
04 – HKUS-1-5-21-2048194076-3241101371-304686481-1001SOFTWARE | Run : [WxEduNKr] – wscript.exe //B “C:UsersemilieAppDataLocalTempWxEduNKr.vbs”

################## | Recherche générique |

Supprimé! E:888.lnk
Supprimé! C:UsersemilieAppDataLocalTemp7z920.exe
Supprimé! E:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:UsersemilieAppDataLocalTemp7z920.exe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> E:iTunesHelper.vbe
Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:UsersemilieAppDataLocalTemp7z920.exe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> E:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-2048194076-3241101371-304686481-1001Software….Mountpoints2{b62ef0e3-fdf4-11e2-be7f-a41731ec1e3a}
Supprimé! HKUS-1-5-21-2048194076-3241101371-304686481-1001Software….Mountpoints2{e6ce28c8-1c80-11e3-be80-a41731ec1e3a}

################## | Listing |

[26/06/2013 – 19:37:46 | SHD ] C:$Recycle.Bin
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
[29/01/2013 – 21:05:53 | D ] C:Documentation
[26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
[29/07/2013 – 16:10:58 | D ] C:EPSON
[18/11/2013 – 20:40:16 | ASH | 5109727232] C:hiberfil.sys
[29/01/2013 – 20:32:33 | D ] C:Intel
[27/06/2013 – 09:14:52 | RHD ] C:MSOCache
[18/11/2013 – 20:40:29 | ASH | 1006632960] C:pagefile.sys
[26/07/2012 – 08:33:46 | D ] C:PerfLogs
[27/06/2013 – 09:29:07 | D ] C:Program Files
[19/10/2013 – 14:29:35 | D ] C:Program Files (x86)
[26/09/2013 – 20:25:46 | HD ] C:ProgramData
[29/01/2013 – 20:37:03 | N | 2243] C:RHDSetup.log
[29/01/2013 – 20:27:42 | D ] C:sources
[18/11/2013 – 20:40:30 | ASH | 268435456] C:swapfile.sys
[18/11/2013 – 21:07:30 | SHD ] C:System Volume Information
[19/11/2013 – 19:23:58 | D ] C:UsbFix
[19/11/2013 – 19:24:04 | A | 6953] C:UsbFix [Clean 2] EMILIE.txt
[19/11/2013 – 18:27:18 | N | 10479] C:UsbFix [Scan 1] EMILIE.txt
[19/11/2013 – 19:12:38 | N | 6424] C:UsbFix [Scan 2] EMILIE.txt
[26/06/2013 – 19:33:19 | RD ] C:Users
[26/09/2013 – 20:25:05 | D ] C:Windows
[18/11/2013 – 21:19:34 | N | 9875] E:888.docx

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Voilà le rapport merci 🙂