Répondre à : usb infected 2016-09-08T13:20:35+00:00
enna
Nombre d'articles : 0

Voici le rapport de suppresion ;) :merci2:
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: HP (Administrateur) # HP-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 13:09:20 | 23/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (3674)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3894 | Free : 1684]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 244 Go (161 Go libre(s) – 66%) [] # NTFS
D: -> Disque fixe # 222 Go (5 Mo libre(s) – 0%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (2 Go libre(s) – 65%) [] # FAT32
G: -> Disque amovible # 0 Mo (0 Mo libre(s) – 24%) [] # FAT

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1232 |ParentID: 592)
Stoppé! C:WindowsExplorer.EXE (ID: 1400 |ParentID: 1368)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1684 |ParentID: 592)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1788 |ParentID: 592)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1888 |ParentID: 592)
Stoppé! C:Program Files (x86)RealNetworksRealDownloaderrndlresolversvc.exe (ID: 1876 |ParentID: 592)
Stoppé! C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 2124 |ParentID: 592)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2108 |ParentID: 1400)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2164 |ParentID: 1400)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2752 |ParentID: 592)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1160 |ParentID: 592)
Stoppé! C:Program Files (x86)Salaat TimeSalaatTime.exe (ID: 3508 |ParentID: 1400)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID: 3640 |ParentID: 1400)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3660 |ParentID: 1400)
Stoppé! C:Windowssplwow64.exe (ID: 3752 |ParentID: 3508)
Stoppé! C:UsersHPAppDataLocalFacebookMessenger2.1.4814.0FacebookMessenger.exe (ID: 3776 |ParentID: 1400)
Stoppé! C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe (ID: 3916 |ParentID: 3668)
Stoppé! C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (ID: 3992 |ParentID: 3668)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4040 |ParentID: 3668)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 1068 |ParentID: 3860)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 2984 |ParentID: 592)
Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID: 3868 |ParentID: 592)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 1844 |ParentID: 592)
Stoppé! C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 4092 |ParentID: 592)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 2992 |ParentID: 592)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 4204 |ParentID: 592)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 4916 |ParentID: 296)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2176 |ParentID: 972)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1012 |ParentID: 1400)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1732 |ParentID: 1012)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5028 |ParentID: 1012)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2928 |ParentID: 1012)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1176 |ParentID: 1012)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5476 |ParentID: 1012)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5552 |ParentID: 1012)
Stoppé! C:UsersHPAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6012 |ParentID: 1012)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5232 |ParentID: 296)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1501123679-1413266380-2526980405-1000SOFTWARE | Run : [Facebook Update] – “C:UsersHPAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-1501123679-1413266380-2526980405-1000SOFTWARE | Run : [SalaatTime] – C:Program Files (x86)Salaat TimeSalaatTime.exe
04 – HKUS-1-5-21-1501123679-1413266380-2526980405-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-1501123679-1413266380-2526980405-1000SOFTWARE | Run : [Google Update] – “C:UsersHPAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-1501123679-1413266380-2526980405-1000SOFTWARE | Run : [zayclerhlx] – wscript.exe //B “C:UsersHPAppDataRoamingzayclerhlx.vbs”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersHPAppDataRoamingzayclerhlx.vbs
Supprimé! C:UsersHPAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupzayclerhlx.vbs
Supprimé! F:zayclerhlx.vbs
Supprimé! F:rm924_SD_conpack_conf.lnk
Supprimé! F:YouTube3.lnk
Supprimé! F:sayabni 5anachta7.lnk
Supprimé! F:Extra.lnk
Supprimé! F:predeftemp.lnk
Supprimé! F:nokia_unprocessed_images_.lnk
Supprimé! F:Photos.lnk
Supprimé! F:temp.lnk
Supprimé! F:WhatsApp.lnk
Supprimé! F:Enregistrements.lnk
Supprimé! F:Vidéos.lnk
Supprimé! F:Received.lnk
Supprimé! F:Ebook.lnk
Supprimé! F:Videos.lnk
Supprimé! F:old.lnk
Supprimé! F:new.lnk
Supprimé! F:love songs.lnk
Supprimé! F:top.lnk
Supprimé! F:3assi 7eléni.lnk
Supprimé! F:Bollywood.lnk
Supprimé! F:tarab.lnk
Supprimé! F:@Playlists.lnk
Supprimé! F:majda roumi.lnk
Supprimé! F:variété.lnk
Supprimé! F:Fichiers reçus.lnk
Supprimé! F:My Music.lnk
Supprimé! F:Audio.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! F:Nouveau dossier (2).lnk
Supprimé! G:@mms.lnk
Supprimé! G:Download.lnk
Supprimé! G:Images.lnk
Supprimé! G:Audio.lnk
Supprimé! G:sat.lnk
Supprimé! G:Settings.lnk
Supprimé! G:Phbimage.lnk
Supprimé! G:Ebook.lnk
Supprimé! G:Photos.lnk
Supprimé! G:Received.lnk
Supprimé! G:@Playlists.lnk
Supprimé! G:brs.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 702CF90576262E15F2B83770534CD14E -> C:UsersHPAppDataRoamingzayclerhlx.vbs
Md5 : 702CF90576262E15F2B83770534CD14E -> C:UsersHPAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupzayclerhlx.vbs
Md5 : 702CF90576262E15F2B83770534CD14E -> F:zayclerhlx.vbs
Md5 : 702CF90576262E15F2B83770534CD14E -> C:UsersHPAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupzayclerhlx.vbs

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 1
Supprimé! HKUS-1-5-21-1501123679-1413266380-2526980405-1000SoftwareMicrosoftWindowsCurrentVersionRun|zayclerhlx
Supprimé! HKUS-1-5-21-1501123679-1413266380-2526980405-1000Software….Mountpoints2{4ad19bbd-25c5-11e2-9803-9cb70d077c5f}

################## | Listing |

[01/09/2013 – 20:34:58 | SHD ] C:$Recycle.Bin
[20/05/2012 – 14:40:48 | D ] C:80f364bdcd7e2185f1
[24/05/2012 – 19:22:26 | SHD ] C:Boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[16/05/2012 – 10:49:59 | RASH | 8192] C:BOOTSECT.BAK
[13/09/2013 – 20:01:50 | N | 3288] C:bootsqm.dat
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[18/08/2012 – 16:15:51 | D ] C:found.000
[16/05/2012 – 12:34:57 | N | 206376] C:grldr
[23/11/2013 – 10:11:16 | ASH | 3062251520] C:hiberfil.sys
[16/05/2012 – 15:54:15 | D ] C:Intel
[21/05/2012 – 16:43:50 | RHD ] C:MSOCache
[23/11/2013 – 10:11:22 | ASH | 4083003392] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[12/05/2013 – 07:09:12 | D ] C:Program Files
[21/11/2013 – 19:29:06 | D ] C:Program Files (x86)
[08/09/2013 – 14:22:35 | HD ] C:ProgramData
[16/05/2012 – 11:11:16 | SHD ] C:Recovery
[12/05/2013 – 06:51:06 | D ] C:SWSetup
[22/11/2013 – 19:58:23 | SHD ] C:System Volume Information
[12/05/2013 – 06:32:49 | D ] C:System.sav
[23/11/2013 – 13:15:38 | D ] C:UsbFix
[23/11/2013 – 13:15:46 | A | 11247] C:UsbFix [Clean 2] HP-PC.txt
[23/11/2013 – 09:15:09 | N | 10265] C:UsbFix [Scan 1] HP-PC.txt
[23/11/2013 – 10:02:17 | N | 11733] C:UsbFix [Scan 2] HP-PC.txt
[16/05/2012 – 11:11:29 | RD ] C:Users
[22/11/2013 – 20:47:58 | D ] C:Windows
[22/05/2012 – 12:25:18 | SHD ] D:$RECYCLE.BIN
[30/06/2013 – 19:03:26 | D ] D:HP-PC
[16/09/2012 – 11:25:54 | N | 528] D:MediaID.bin
[23/06/2013 – 19:55:48 | SHD ] D:System Volume Information
[16/09/2012 – 13:07:33 | D ] D:WindowsImageBackup
[01/01/2012 – 00:00:00 | D ] F:Extra
[01/01/2012 – 12:00:00 | RAH | 65] F:SD Content Package sd_mea_ma1
[01/01/2012 – 12:00:00 | N | 21] F:rm924_SD_conpack_conf.cnfp
[01/01/2012 – 12:00:00 | RAH | 124] F:card_content.xml
[01/01/2010 – 00:00:00 | D ] F:predeftemp
[01/01/2010 – 00:00:00 | D ] F:nokia_unprocessed_images_
[01/07/2013 – 09:21:34 | D ] F:Photos
[01/07/2013 – 10:42:46 | D ] F:temp
[01/09/2013 – 15:41:04 | D ] F:WhatsApp
[01/09/2013 – 18:03:20 | D ] F:Enregistrements
[01/09/2013 – 18:19:36 | D ] F:Vidéos
[24/08/2013 – 19:44:24 | D ] F:Received
[24/08/2013 – 19:44:30 | D ] F:Ebook
[10/11/2013 – 06:43:48 | D ] F:Videos
[09/05/2013 – 18:29:16 | D ] F:old
[12/11/2012 – 14:05:16 | D ] F:new
[26/05/2012 – 22:05:38 | D ] F:love songs
[14/02/2012 – 19:30:06 | N | 2934912] F:???? ???????? – ???? ?????.mp3
[09/05/2013 – 18:57:04 | D ] F:top
[16/05/2012 – 21:54:30 | D ] F:3assi 7eléni
[19/02/2013 – 20:26:28 | D ] F:Bollywood
[13/05/2013 – 19:11:48 | N | 28864315] F:YouTube3.mp3
[12/05/2013 – 15:49:50 | N | 7535022] F:sayabni 5anachta7.mp3
[01/09/2013 – 21:41:04 | D ] F:tarab
[10/11/2013 – 09:08:00 | D ] F:@Playlists
[01/09/2013 – 21:51:48 | D ] F:majda roumi
[01/09/2013 – 22:33:52 | D ] F:variété
[07/10/2013 – 22:01:46 | D ] F:Fichiers reçus
[10/11/2013 – 09:08:00 | D ] F:My Music
[12/11/2013 – 20:02:04 | D ] F:Audio
[22/11/2013 – 14:40:30 | D ] F:Nouveau dossier
[22/11/2013 – 14:41:28 | D ] F:Nouveau dossier (2)
[24/08/2013 – 19:47:12 | D ] G:@mms
[22/11/2013 – 14:16:54 | D ] G:Download
[24/08/2013 – 22:30:42 | D ] G:Images
[24/08/2013 – 22:30:42 | D ] G:Audio
[24/08/2013 – 22:30:42 | D ] G:sat
[24/08/2013 – 22:30:42 | D ] G:Settings
[24/08/2013 – 22:30:50 | D ] G:Phbimage
[24/08/2013 – 22:30:50 | D ] G:Ebook
[26/08/2013 – 22:46:42 | D ] G:Photos
[29/08/2013 – 12:10:46 | D ] G:Received
[06/09/2013 – 17:27:58 | D ] G:@Playlists
[07/09/2013 – 16:10:36 | D ] G:brs

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |