Répondre à : Virus cléf USB 2016-09-08T13:19:53+00:00
MrOnOff
Participant
Nombre d'articles : 6

Voici mon rapport 🙂

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Bastian (Administrateur) # BABA
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 18:32:25 | 20/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
CPU: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
RAM -> [Total : 16136 | Free : 12800]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 918 Go (778 Go libre(s) – 85%) [TI31107200A] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 4 Go (888 Mo libre(s) – 23%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1504 |ParentID: 704)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1952 |ParentID: 704)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 2988 |ParentID: 1952)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavwebg7.exe (ID: 3008 |ParentID: 704)
Stoppé! C:Program FilesToshibaHotkeyTCrdMain_Win8.exe (ID: 9788 |ParentID: 2284)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 5504 |ParentID: 15464)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 10460 |ParentID: 704)
Stoppé! C:windowsexplorer.exe (ID: 5304 |ParentID: 6924)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4540 |ParentID: 348)
Stoppé! C:windowssystem32DllHost.exe (ID: 10148 |ParentID: 820)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 7960 |ParentID: 704)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 5844 |ParentID: 704)
Stoppé! C:UsersBastianAppDataRoamingSpotifySpotify.exe (ID: 6408 |ParentID: 12200)
Stoppé! C:UsersBastianAppDataRoamingSpotifyDataSpotifyHelper.exe (ID: 15080 |ParentID: 6408)
Stoppé! C:UsersBastianAppDataRoamingSpotifyDataSpotifyHelper.exe (ID: 4420 |ParentID: 6408)
Stoppé! C:UsersBastianAppDataRoamingSpotifyDataSpotifyHelper.exe (ID: 12696 |ParentID: 6408)
Stoppé! C:UsersBastianAppDataRoamingSpotifyDataSpotifyHelper.exe (ID: 9568 |ParentID: 6408)
Stoppé! C:UsersBastianAppDataRoamingSpotifyDataSpotifyHelper.exe (ID: 16368 |ParentID: 6408)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 12340 |ParentID: 704)
Stoppé! C:windowssystem32dashost.exe (ID: 7132 |ParentID: 348)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweLiveComm.exe (ID: 184 |ParentID: 820)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 10596 |ParentID: 820)
Stoppé! C:windowsSysWOW64NOTEPAD.EXE (ID: 3868 |ParentID: 13468)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 10336 |ParentID: 5304)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 756 |ParentID: 10336)
Stoppé! C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 4288 |ParentID: 756)
Stoppé! C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 7276 |ParentID: 4288)
Stoppé! C:windowssystem32wwahost.exe (ID: 11756 |ParentID: 820)
Stoppé! C:windowssyswow64wwahost.exe (ID: 1500 |ParentID: 820)
Stoppé! C:Program Files (x86)Movies ToolbarSafetyNutSafetyNutManager.exe (ID: 1476 |ParentID: 704)
Stoppé! C:Program Files (x86)Movies ToolbarSafetyNutSafetyNutManager.exe (ID: 5412 |ParentID: 1476)
Stoppé! C:Program Files (x86)Movies ToolbarSafetyNutsafetynut.exe (ID: 5424 |ParentID: 1476)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Intel AppUp(R) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWARE | Run : [TSVU] – “c:Program FilesTOSHIBATOSHIBA Smart View UtilityTosSmartViewLauncher.exe”
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Adobe Acrobat Speed Launcher] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrobat_sl.exe”
04 – HKLMSOFTWARE | Run : [Acrobat Assistant 8.0] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrotray.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(R) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWAREwow6432Node | Run : [TSVU] – “c:Program FilesTOSHIBATOSHIBA Smart View UtilityTosSmartViewLauncher.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Acrobat Speed Launcher] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrobat_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Acrobat Assistant 8.0] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrotray.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWAREwow6432Node | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-2314414145-2179725052-4188640036-1002SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersBastianAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-2314414145-2179725052-4188640036-1002SOFTWARE | Run : [AdobeBridge] –

################## | Recherche générique |

Supprimé! F:.lnk
Supprimé! F:ROBOT.lnk
Supprimé! F:template.lnk
Supprimé! F:formu.lnk
Supprimé! F:maison3D.lnk
Supprimé! F:WMPInfo.lnk
Supprimé! F:~WRL2580.lnk
Supprimé! F:.Spotlight-V100.lnk
Supprimé! F:.Trashes.lnk
Supprimé! F:IMAGESmaj.lnk
Supprimé! F:Fichier HDD sur clé.lnk
Supprimé! F:ex1-css.lnk
Supprimé! F:TUTO ROBOT.lnk
Supprimé! F:Bab création page web.lnk
Supprimé! F:.mayaSwatches.lnk
Supprimé! F:Keyboard.lnk
Supprimé! F:CI2D – PS1.lnk
Supprimé! F:Clé USB.lnk
Supprimé! F:2191-Jimmy Havenith.lnk
Supprimé! F:2191-BOUCHAT-BASTIAN.lnk
Supprimé! F:PDF.lnk
Supprimé! F:GABARITS.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! C:UsersBastianAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersBastianAppDataLocalTemputt3FC3.tmp.exe
Supprimé! C:UsersBastianAppDataLocalTempiTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersBastianAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersBastianAppDataLocalTempiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> F:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

################## | Listing |

[11/10/2013 – 15:46:09 | SHD ] C:$RECYCLE.BIN
[13/10/2013 – 19:23:33 | D ] C:Autodesk
[26/07/2012 – 04:44:30 | RAS | 398156] C:bootmgr
[02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
[26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
[15/11/2013 – 09:27:57 | ASH | 13536083968] C:hiberfil.sys
[02/08/2013 – 16:00:55 | D ] C:Intel
[15/11/2013 – 09:27:59 | ASH | 2415919104] C:pagefile.sys
[26/07/2012 – 08:33:46 | D ] C:PerfLogs
[10/11/2013 – 12:50:33 | D ] C:Program Files
[18/11/2013 – 12:25:31 | D ] C:Program Files (x86)
[11/11/2013 – 09:48:21 | D ] C:ProgramData
[13/10/2013 – 19:29:10 | D ] C:sources
[15/11/2013 – 09:28:00 | ASH | 268435456] C:swapfile.sys
[18/11/2013 – 21:44:05 | SHD ] C:System Volume Information
[06/05/2013 – 21:12:59 | D ] C:Toshiba
[20/11/2013 – 18:33:14 | D ] C:UsbFix
[20/11/2013 – 18:33:18 | A | 9869] C:UsbFix [Clean 2] BABA.txt
[12/11/2013 – 19:51:33 | N | 9927] C:UsbFix [Scan 3] BABA.txt
[20/11/2013 – 18:17:30 | N | 14587] C:UsbFix [Scan 4] BABA.txt
[11/10/2013 – 15:37:46 | RD ] C:Users
[16/10/2013 – 14:43:22 | D ] C:Windows
[26/11/2011 – 11:45:58 | SD ] F:.Spotlight-V100
[14/04/2010 – 20:19:40 | SD ] F:.Trashes
[14/04/2010 – 20:19:40 | S | 4096] F:._.Trashes
[17/04/2010 – 18:33:46 | N | 6148] F:.DS_Store
[05/11/2013 – 10:19:16 | N | 695904] F:ROBOT.mb
[24/01/2012 – 13:34:44 | N | 4096] F:._Boom.mov
[26/02/2013 – 20:18:36 | D ] F:Fichier HDD sur clé
[24/01/2012 – 13:34:42 | N | 4096] F:._Montaigle.mov
[31/03/2012 – 14:08:00 | N | 4096] F:._Rusko – 2012 – Songs
[14/04/2012 – 12:57:02 | N | 4096] F:._FLASHMOB.mp4
[21/10/2013 – 14:15:02 | N | 527527] F:ROBOT.pdf
[31/03/2012 – 14:08:16 | N | 4096] F:._Featurecast – EP Mini Mix.mp3
[24/10/2013 – 10:14:08 | N | 317172] F:maison3D.mb
[22/10/2013 – 08:30:10 | D ] F:IMAGESmaj
[25/10/2013 – 15:29:38 | D ] F:ex1-css
[24/09/2013 – 08:52:52 | D ] F:TUTO ROBOT
[18/10/2013 – 08:31:20 | D ] F:Bab création page web
[01/10/2013 – 10:18:12 | D ] F:.mayaSwatches
[01/10/2013 – 10:18:30 | D ] F:Keyboard
[25/10/2013 – 14:17:00 | N | 2565] F:template.html
[18/10/2013 – 15:31:06 | N | 2574] F:formu.html
[18/10/2013 – 15:32:24 | N | 4096] F:._formu.html
[25/10/2013 – 14:18:10 | N | 4096] F:._template.html
[04/10/2013 – 10:20:58 | N | 94722] F:._Bouchat Bastian exercice 1.psd
[04/10/2013 – 10:21:52 | D ] F:CI2D – PS1
[07/11/2013 – 08:35:46 | D ] F:2191-Jimmy Havenith
[07/11/2013 – 08:43:48 | D ] F:2191-BOUCHAT-BASTIAN
[30/09/2013 – 07:37:12 | D ] F:PDF
[30/09/2013 – 07:37:10 | D ] F:GABARITS
[07/11/2013 – 16:29:02 | D ] F:Nouveau dossier
[25/10/2008 – 20:26:08 | N | 296] F:WMPInfo.xml
[16/05/2009 – 15:46:50 | N | 2206720] F:~WRL2580.tmp
[07/06/2011 – 20:56:30 | D ] F:Clé USB

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |