Répondre à : Infection clef usb 2016-09-08T13:19:46+00:00
sganarel
Participant
Post count: 8

Voici le rapport, merci pour votre aide précieuse.
[spoiler:35zfoyz2]############################## | UsbFix V 7.151 | [Suppression]

Utilisateur: Utilisateur (Administrateur) # UTILISATEUR-PC
Mis à jour le 19/11/2013 par El Desaparecido – Team SosVirus
Lancé à 16:27:06 | 20/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Intel Corporation (DH61AGL)
CPU: Intel(R) Celeron(R) CPU G550 @ 2.60GHz
RAM -> [Total : 3928 | Free : 2754]
Bios: Intel Corp.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 466 Go (428 Go libre(s) – 92%) [] # NTFS
D: -> CD-ROM

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 712 |ParentID: 448)
Stoppé! C:WindowsExplorer.EXE (ID: 1200 |ParentID: 1180)
Stoppé! C:Windowssystem32ctfmon.exe (ID: 1268 |ParentID: 1200)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1500 |ParentID: 584)
Stoppé! C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 1768 |ParentID: 1200)
Stoppé! C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 1872 |ParentID: 1200)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-78817022-2858582013-449199913-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersUTILIS~1AppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersUTILIS~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersUtilisateurAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : DACBA269D0F8495B048A9E0B71244565 -> C:UsersUtilisateurAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : DACBA269D0F8495B048A9E0B71244565 -> C:UsersUTILIS~1AppDataLocalTempiTunesHelper.vbe
Md5 : DACBA269D0F8495B048A9E0B71244565 -> C:UsersUtilisateurAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-78817022-2858582013-449199913-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-78817022-2858582013-449199913-1000Software….Mountpoints2{2912e6e9-13c0-11e3-a967-eca86bf1974a}

################## | Listing |

[28/08/2013 – 11:27:37 | SHD ] C:$Recycle.Bin
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[22/10/2013 – 14:48:48 | D ] C:Epsilog
[20/11/2013 – 16:26:21 | ASH | 3088834560] C:hiberfil.sys
[13/06/2013 – 11:44:11 | D ] C:Intel
[20/11/2013 – 16:26:24 | ASH | 4118446080] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[09/10/2013 – 20:41:44 | D ] C:Program Files
[20/11/2013 – 14:29:05 | D ] C:Program Files (x86)
[20/11/2013 – 14:29:06 | HD ] C:ProgramData
[12/06/2013 – 17:29:45 | SHD ] C:Recovery
[17/06/2013 – 11:35:07 | D ] C:sesam
[19/11/2013 – 00:37:49 | SHD ] C:System Volume Information
[20/11/2013 – 16:28:09 | D ] C:UsbFix
[20/11/2013 – 16:25:19 | N | 4753] C:UsbFix [Clean 2] UTILISATEUR-PC.txt
[20/11/2013 – 16:28:10 | A | 4533] C:UsbFix [Clean 3] UTILISATEUR-PC.txt
[20/11/2013 – 14:12:14 | N | 9702] C:UsbFix [Listing 1 ] UTILISATEUR-PC.txt
[20/11/2013 – 14:10:04 | N | 9145] C:UsbFix [Scan 1] UTILISATEUR-PC.txt
[20/11/2013 – 15:39:16 | N | 4621] C:UsbFix [Scan 4] UTILISATEUR-PC.txt
[12/06/2013 – 17:29:52 | RD ] C:Users
[20/11/2013 – 15:42:14 | D ] C:Vega5
[20/11/2013 – 16:17:27 | D ] C:Vega5maj
[20/11/2013 – 15:37:28 | D ] C:Windows

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:35zfoyz2]