Répondre à : Infection USB réseau université 2016-09-08T13:21:26+00:00
Marvin
Nombre d'articles : 0

Merci 🙂
Alors voila le rapport après avoir cliqué sur “Supression”:

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Marvin (Administrateur) # MARVIN-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 10:59:17 | 27/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (3639)
CPU: AMD Athlon(tm) II Dual-Core M320
RAM -> [Total : 4092 | Free : 1544]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 244 Go (122 Go libre(s) – 50%) [] # NTFS
D: -> Disque fixe # 14 Go (2 Go libre(s) – 16%) [RECOVERY] # NTFS
E: -> Disque fixe # 99 Mo (97 Mo libre(s) – 97%) [HP_TOOLS] # FAT32
F: -> CD-ROM
G: -> CD-ROM
H: -> Disque fixe # 40 Go (22 Go libre(s) – 54%) [Données] # NTFS
I: -> Disque amovible # 31 Go (27 Go libre(s) – 85%) [USB 32GO] # NTFS

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID: 880 |ParentID: 604)
Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_960c1f056a541068STacSV64.exe (ID: 552 |ParentID: 604)
Stoppé! C:Windowssystem32atieclxx.exe (ID: 1324 |ParentID: 880)
Stoppé! C:Windowssystem32Hpservice.exe (ID: 1332 |ParentID: 604)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1516 |ParentID: 604)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1640 |ParentID: 604)
Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_960c1f056a541068AESTSr64.exe (ID: 1776 |ParentID: 604)
Stoppé! C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1804 |ParentID: 604)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1844 |ParentID: 604)
Stoppé! C:WindowsSysWOW64PnkBstrA.exe (ID: 1916 |ParentID: 604)
Stoppé! C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe (ID: 2080 |ParentID: 604)
Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID: 2464 |ParentID: 604)
Stoppé! C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe (ID: 2828 |ParentID: 604)
Stoppé! C:Windowssystem32taskhost.exe (ID: 668 |ParentID: 604)
Stoppé! C:Windowssystem32taskeng.exe (ID: 224 |ParentID: 452)
Stoppé! C:WindowsExplorer.EXE (ID: 3112 |ParentID: 1172)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3620 |ParentID: 604)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3808 |ParentID: 604)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3960 |ParentID: 3112)
Stoppé! C:Program FilesIDTWDMsttray64.exe (ID: 3376 |ParentID: 3112)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 3360 |ParentID: 3112)
Stoppé! C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 3272 |ParentID: 3112)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3348 |ParentID: 3112)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 2260 |ParentID: 3396)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 1248 |ParentID: 3396)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 440 |ParentID: 3396)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3752 |ParentID: 3396)
Stoppé! C:UsersMarvinAppDataRoamingDropboxbinDropbox.exe (ID: 3672 |ParentID: 3112)
Stoppé! C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID: 2628 |ParentID: 3396)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3704 |ParentID: 2176)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 4124 |ParentID: 4028)
Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4132 |ParentID: 604)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 4328 |ParentID: 604)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 4744 |ParentID: 3704)
Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqToaster.exe (ID: 5044 |ParentID: 744)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 5112 |ParentID: 604)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5588 |ParentID: 604)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 172 |ParentID: 3112)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 5512 |ParentID: 172)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 2372 |ParentID: 5512)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 5792 |ParentID: 2372)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5980 |ParentID: 1016)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate3b4ea0d5-9308-4d36-bebb-78d052c40dd0.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [QlbCtrl.exe] – C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [WirelessAssistant] – C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate3b4ea0d5-9308-4d36-bebb-78d052c40dd0.exe /check
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1272072030-2096322919-1193001997-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-1272072030-2096322919-1193001997-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-21-1272072030-2096322919-1193001997-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersMarvinAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersMarvinAppDataRoaminginst.exe
Supprimé! C:UsersMarvinAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersMarvinAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! I:iTunesHelper.vbe
Supprimé! D:uninstall.exe
Supprimé! I:.lnk
Supprimé! I:capt3.lnk
Supprimé! I:Expo Anglais insectes.lnk
Supprimé! I:L1 Géo.lnk
Supprimé! I:proportion.lnk
Supprimé! I:Remember.Me-Black Box.lnk
Supprimé! I:Sans nom 1.lnk
Supprimé! I:SORTIE TERRAIN 2.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersMarvinAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

Et voici le lien direct de mon rapport avec ZHPdiag:
https://antimalware.top/log/SosUpload.34faab5347db52a34566840f484a6727.txt” onclick=”window.open(this.href);return false;

Merci de votre attention 🙂