Répondre à : ports USB de l’ordinateur infecté 2016-09-08T13:20:31+00:00
Marion01
Participant
Nombre d'articles : 3

J’ai fait ce que vous m’avez dit avec ma clé USB, parce que je l’avais déjà sauvegarder sur mon ordinateur. Voilà le nouveau rapport :

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: util (Administrateur) # UTIL-VAIO
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 18:50:40 | 22/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
RAM -> [Total : 3950 | Free : 2333]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 0.0.0.0
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 455 Go (76 Go libre(s) – 17%) [] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 4 Go (2 Go libre(s) – 54%) [MARION] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2532 |ParentID: 3020)
Stoppé! C:Windowsexplorer.exe (ID: 5508 |ParentID: 712)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 6636 |ParentID: 532)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 1912 |ParentID: 844)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5252 |ParentID: 676)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5000 |ParentID: 676)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5740 |ParentID: 676)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1636 |ParentID: 676)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 3888 |ParentID: 676)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 6548 |ParentID: 676)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 2016 |ParentID: 5508)
Stoppé! C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 5892 |ParentID: 844)
Stoppé! C:UsersutilAppDataRoamingDropboxbinDropbox.exe (ID: 4380 |ParentID: 844)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2152 |ParentID: 788)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [NortonOnlineBackupReminder] – “C:Program Files (x86)SymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
04 – HKLMSOFTWARE | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
04 – HKLMSOFTWARE | Run : [MarketingTools] – C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [NortonOnlineBackupReminder] – “C:Program Files (x86)SymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
04 – HKLMSOFTWAREwow6432Node | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
04 – HKLMSOFTWAREwow6432Node | Run : [MarketingTools] – C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [ccleaner] – “C:Program FilesCCleanerCCleaner64.exe” /AUTO
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [EPSON SX510W Series] – C:Windowssystem32spoolDRIVERSx643E_IATIFIE.EXE /FU “C:WindowsTEMPE_S6FA3.tmp” /EF “HKCU”
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [Facebook Update] – “C:UsersutilAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [cacaoweb] – “C:UsersutilAppDataRoamingcacaowebcacaoweb.exe” -noplayer
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersutilAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Recherche générique |

Supprimé! C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : E0EB892AA2F6A759B68EB0F11F9B5A47 -> C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : E0EB892AA2F6A759B68EB0F11F9B5A47 -> C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 5
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-4171943823-1265886224-166694169-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-4171943823-1265886224-166694169-1000Software….Mountpoints2{7a980a4f-d5c8-11df-86d4-c44619bb62e2}

################## | Listing |

[11/10/2010 – 17:48:01 | SHD ] C:$Recycle.Bin
[12/05/2012 – 00:16:00 | D ] C:9da37e14f75b731e18f1e2013591
[26/03/2013 – 12:56:26 | N | 16528] C:AdwCleaner[R1].txt
[26/03/2013 – 12:56:46 | N | 16900] C:AdwCleaner[S1].txt
[20/11/2013 – 03:33:47 | SHD ] C:Config.Msi
[20/05/2010 – 10:40:16 | D ] C:Documentation
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[22/11/2013 – 17:54:07 | ASH | 3106480128] C:hiberfil.sys
[19/05/2010 – 22:10:37 | D ] C:Intel
[20/05/2010 – 09:58:23 | N | 310122] C:lv.log
[22/01/2011 – 09:27:29 | RHD ] C:MSOCache
[22/11/2013 – 17:54:14 | ASH | 4141977600] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[20/09/2013 – 15:45:12 | D ] C:Program Files
[16/11/2013 – 15:25:32 | D ] C:Program Files (x86)
[04/11/2013 – 16:38:42 | HD ] C:ProgramData
[20/05/2010 – 09:53:14 | N | 2895] C:RHDSetup.log
[19/11/2012 – 13:50:58 | D ] C:SphinxIQ
[20/05/2010 – 09:58:15 | D ] C:SPLASH.000
[20/05/2010 – 09:58:15 | N | 73] C:splash.idx
[20/05/2010 – 09:58:02 | D ] C:SPLASH.SYS
[22/11/2013 – 17:59:20 | SHD ] C:System Volume Information
[20/05/2010 – 10:30:43 | D ] C:Temp
[08/01/2013 – 20:19:39 | N | 201977] C:test.xml
[22/11/2013 – 18:52:08 | D ] C:UsbFix
[22/11/2013 – 18:52:10 | A | 10546] C:UsbFix [Clean 1] UTIL-VAIO.txt
[22/11/2013 – 18:12:37 | N | 15169] C:UsbFix [Scan 1] UTIL-VAIO.txt
[11/10/2010 – 16:34:45 | RD ] C:Users
[15/12/2009 – 10:53:48 | N | 3872] C:version
[22/11/2013 – 18:00:22 | D ] C:Windows
[29/03/2013 – 08:19:06 | N | 31482] C:xlstatsupport.txt
[20/05/2010 – 10:40:16 | D ] C:_FS_SWRINFO
[29/03/2012 – 12:02:54 | N | 141069] G:organi.jpg
[11/05/2012 – 19:37:46 | N | 692107] G:FORMATION INITIATEURS.docx
[17/10/2012 – 09:06:54 | D ] G:LOST.DIR
[27/02/2012 – 14:23:46 | AH | 4096] G:._.Trashes
[17/10/2012 – 09:07:00 | D ] G:DCIM
[27/02/2012 – 14:23:46 | HD ] G:.Trashes
[12/06/2012 – 18:12:28 | N | 28672] G:oral T.doc
[27/02/2012 – 14:23:48 | HD ] G:.Spotlight-V100
[07/10/2013 – 11:13:56 | N | 126632] G:ETUDE DE CAS.pptx
[28/02/2012 – 08:43:40 | N | 1227023] G:Numériser0002.jpg
[22/10/2012 – 13:05:00 | N | 67072] G:Enquête.doc
[22/10/2013 – 12:34:30 | N | 12168] G:Cas SCAMI.xlsx
[14/10/2013 – 10:25:00 | N | 277339] G:AFF CM.docx
[05/06/2012 – 16:30:10 | N | 3747757] G:Rapport de stage TA.docx
[22/11/2013 – 18:34:14 | RASHD ] G:Autorun.inf
[09/03/2012 – 11:48:10 | N | 39632] G:Sté TUBES BRESTOISE Partie 1 -.xlsx
[07/06/2012 – 14:59:32 | N | 9348] G:CV rapport.pdf
[13/11/2012 – 22:18:42 | N | 16572] G:Revue de presse Les priorités du second mandat de Barack Obama.docx
[14/11/2012 – 16:02:42 | N | 15124] G:plan powerpoint revue de presse.docx
[16/11/2012 – 14:57:12 | N | 19532] G:Le conflit social.docx
[16/11/2012 – 15:36:58 | N | 13504] G:Un conflit chez Copitol SA.docx
[16/11/2012 – 16:27:18 | N | 17596] G:Un conflit chez Copitol td RH.docx
[17/10/2012 – 09:06:54 | D ] G:.android_secure
[17/10/2012 – 09:15:42 | D ] G:~wmtthumb
[27/01/2013 – 14:18:22 | N | 32256] G:III LA HIERARCHIE.doc
[20/02/2013 – 10:22:16 | N | 9598] G:HEURES SAINT PRIEST.xlsx
[07/03/2013 – 16:34:40 | N | 144624] G:media.docx
[22/02/2013 – 14:27:04 | N | 12629] G:Exo chap 5.xlsx
[06/03/2013 – 16:21:12 | N | 138282] G:rapport DM.docx
[06/04/2013 – 09:20:12 | N | 38912] G:Tableau de financement.doc
[20/03/2013 – 10:17:48 | N | 1171883] G:Semi partiel Compta.pdf
[26/03/2013 – 11:49:20 | N | 20439] G:lettre de recommandation.pdf
[15/04/2013 – 13:46:20 | N | 825675] G:Ex_avr10.pdf
[03/05/2013 – 09:32:36 | D ] G:Stage Faivre expert
[26/03/2013 – 14:17:42 | D ] G:Dossier Adri
[10/04/2013 – 08:30:44 | D ] G:Analyse de l’information comptable
[26/03/2013 – 12:39:44 | D ] G:Analyse Info Comptable
[31/05/2013 – 10:06:24 | D ] G:coalaclient
[16/06/2013 – 17:40:54 | D ] G:adrien photos
[04/11/2010 – 17:13:22 | D ] G:IUT
[14/12/2010 – 16:44:06 | N | 16091] G:~WRL0190.tmp
[12/01/2011 – 12:13:36 | D ] G:Adri

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |