Répondre à : Virus sur clef usb 2016-09-08T13:22:05+00:00
Delphine94
Post count: 0

Merci !!
J’ai utilisé ma clef sur un autre ordinateur , dois-je faire la même procédure pour les deux ordis ??

Voici le rapport :
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: delphine (Administrateur) # DELPHINE-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 11:22:17 | 30/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Aspire 5741G )
CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
RAM -> [Total : 3959 | Free : 1974]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 19.0.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 285 Go (108 Go libre(s) – 38%) [Acer] # NTFS
D: -> CD-ROM
E: -> CD-ROM
G: -> Disque amovible # 4 Go (2 Go libre(s) – 54%) [KINGSTON] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1292 |ParentID: 700)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3184 |ParentID: 2968)
Stoppé! C:Windowsexplorer.exe (ID: 3836 |ParentID: 832)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 2888 |ParentID: 844)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 864 |ParentID: 552)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 5408 |ParentID: 700)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1268 |ParentID: 700)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 728 |ParentID: 5408)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 1392 |ParentID: 700)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3276 |ParentID: 700)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 812 |ParentID: 700)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3312 |ParentID: 700)
Stoppé! C:WindowsSystem32wscript.exe (ID: 4260 |ParentID: 5868)
Stoppé! C:Windowssystem32DllHost.exe (ID: 4284 |ParentID: 844)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 3780 |ParentID: 5660)
Stoppé! c:program fileswindows defenderMpCmdRun.exe (ID: 5752 |ParentID: 3844)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
04 – HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWARE | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
04 – HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWAREwow6432Node | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesHelper] – C:Program Files (x86)SamsungKiesKiesHelper.exe /s
04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesPDLR] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [SergeLeLama] – wscript.exe //B “C:UsersdelphineAppDataLocalTempSergeLeLama.vbs”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersdelphineAppDataLocalTempSergeLeLama.vbs
Supprimé! C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Supprimé! G:SergeLeLama.vbs
Supprimé! G:epicerie.lnk
Supprimé! G:MVI_4093.lnk
Supprimé! G:Thumbs.lnk
Supprimé! G:IMG_4593.lnk
Supprimé! G:IMG_1248.lnk
Supprimé! G:IMG_1249.lnk
Supprimé! G:IMG_1250.lnk
Supprimé! G:Cahier de vie P1 jeudi.lnk
Supprimé! G:5 sens la vue.lnk
Supprimé! G:Je fais mes courses JEU RETZ.lnk
Supprimé! G:IMG_1246.lnk
Supprimé! G:IMG_1247.lnk
Supprimé! G:Trombinoscopecl5.lnk
Supprimé! G:IMG_4596.lnk
Supprimé! G:histogramme (1).lnk
Supprimé! G:facture6433047.lnk
Supprimé! G:Sans nom 1.lnk
Supprimé! G:histogramme TPS.lnk
Supprimé! G:Fichier+Sudoku+niv1+et+2.lnk
Supprimé! G:coordonées.lnk
Supprimé! G:_Affichages.lnk
Supprimé! G:SERATOR.lnk
Supprimé! G:Photos eleves.lnk
Supprimé! G:T1 Villejuif (TPS-PS).lnk
Supprimé! G:Grimm.lnk
Supprimé! C:UsersdelphineAppDataLocalTempubi228E.tmp.exe
Supprimé! C:UsersdelphineAppDataLocalTempubi39D6.tmp.exe
Supprimé! C:UsersdelphineAppDataLocalTempubi7BF.tmp.exe
Supprimé! C:UsersdelphineAppDataLocalTempubi8442.tmp.exe
Supprimé! C:UsersdelphineAppDataLocalTempubiDFA5.tmp.exe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataLocalTempSergeLeLama.vbs
Md5 : 1235D5E19493B587A4B204CC61E7CE21 -> G:SergeLeLama.vbs
Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-619028284-149165148-3271107766-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
Supprimé! HKUS-1-5-21-619028284-149165148-3271107766-1001Software….Mountpoints2{0622739b-dea4-11df-b145-88ae1d00e3fb}

################## | Listing |

[26/05/2013 – 18:57:44 | SHD ] C:$Recycle.Bin
[08/10/2010 – 14:03:19 | D ] C:59c7f0d97b96f15629f6
[30/06/2013 – 15:50:02 | D ] C:Apres.Mai.FRENCH.DVDRip.x264.AC3-KINeMA
[08/10/2010 – 14:24:37 | N | 2006] C:aqua_bitmap.cpp
[06/06/2010 – 13:13:17 | D ] C:book
[06/05/2010 – 13:03:18 | RASH | 8192] C:BOOTSECT.BAK
[24/09/2011 – 13:57:18 | D ] C:c600a21fd9bb53dd2d2370223fc7d0
[13/11/2013 – 14:27:30 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1028.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1031.txt
[07/11/2007 – 07:00:40 | N | 10134] C:eula.1033.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1036.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1040.txt
[07/11/2007 – 07:00:40 | N | 118] C:eula.1041.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1042.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.2052.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.3082.txt
[07/11/2007 – 07:00:40 | N | 1110] C:globdata.ini
[30/11/2013 – 09:47:32 | ASH | 3113254912] C:hiberfil.sys
[07/11/2007 – 07:44:20 | N | 855040] C:install.exe
[07/11/2007 – 07:00:40 | N | 843] C:install.ini
[07/11/2007 – 07:44:20 | N | 75280] C:install.res.1028.dll
[07/11/2007 – 07:44:20 | N | 95248] C:install.res.1031.dll
[07/11/2007 – 07:44:20 | N | 90128] C:install.res.1033.dll
[07/11/2007 – 07:44:20 | N | 96272] C:install.res.1036.dll
[07/11/2007 – 07:44:20 | N | 94224] C:install.res.1040.dll
[07/11/2007 – 07:44:20 | N | 80400] C:install.res.1041.dll
[07/11/2007 – 07:44:20 | N | 78864] C:install.res.1042.dll
[07/11/2007 – 07:44:20 | N | 74768] C:install.res.2052.dll
[07/11/2007 – 07:44:20 | N | 95248] C:install.res.3082.dll
[06/05/2010 – 12:20:18 | D ] C:Intel
[13/10/2010 – 18:14:53 | RHD ] C:MSOCache
[06/12/2012 – 18:24:08 | D ] C:Nico
[08/10/2010 – 13:46:08 | D ] C:OEM
[30/11/2013 – 09:47:35 | ASH | 4151009280] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[06/03/2011 – 22:40:18 | D ] C:PhotoshopCS5Portable
[11/09/2013 – 16:01:40 | D ] C:Program Files
[23/10/2013 – 11:01:34 | D ] C:Program Files (x86)
[04/11/2013 – 19:32:01 | HD ] C:ProgramData
[08/10/2010 – 13:44:04 | SHD ] C:Recovery
[06/05/2010 – 12:23:58 | N | 3274] C:RHDSetup.log
[30/11/2013 – 09:56:58 | SHD ] C:System Volume Information
[13/05/2013 – 19:07:47 | D ] C:Temp
[30/11/2013 – 11:30:06 | D ] C:UsbFix
[30/11/2013 – 11:30:26 | A | 12528] C:UsbFix [Clean 2] DELPHINE-PC.txt
[30/11/2013 – 10:48:08 | N | 15345] C:UsbFix [Scan 1] DELPHINE-PC.txt
[08/10/2010 – 13:44:17 | RD ] C:Users
[07/11/2007 – 07:00:40 | N | 5686] C:vcredist.bmp
[07/11/2007 – 07:50:40 | N | 1927956] C:VC_RED.cab
[07/11/2007 – 07:53:12 | N | 242176] C:VC_RED.MSI
[13/05/2013 – 19:05:40 | D ] C:Windows
[13/10/2012 – 19:06:42 | D ] C:Worms
[13/08/2013 – 13:50:03 | D ] C:_DATAS
[31/01/2013 – 18:03:40 | N | 104826] G:epicerie.docx
[05/02/2013 – 13:59:44 | N | 111616] G:epicerie.doc
[14/06/2013 – 17:54:44 | N | 175365875] G:MVI_4093.MOV
[12/09/2013 – 22:04:20 | D ] G:_Affichages
[19/04/2000 – 07:18:18 | N | 11417088] G:Cahier de vie P1 jeudi.doc
[20/04/2000 – 06:55:30 | N | 22016] G:5 sens la vue.doc
[19/11/2013 – 12:15:02 | RASH | 46080] G:Thumbs.db
[31/01/2013 – 18:03:48 | N | 1042414] G:Je fais mes courses JEU RETZ.docx
[15/03/2000 – 03:35:08 | D ] G:SERATOR
[04/11/2013 – 12:11:54 | N | 2977492] G:IMG_4593.JPG
[07/10/2012 – 15:24:38 | N | 1119518] G:IMG_1248.JPG
[07/10/2012 – 15:24:42 | N | 1254831] G:IMG_1249.JPG
[07/10/2012 – 15:24:44 | N | 1027874] G:IMG_1250.JPG
[07/10/2012 – 15:24:46 | N | 1037768] G:IMG_1246.JPG
[07/10/2012 – 15:24:36 | N | 1060829] G:IMG_1247.JPG
[15/10/2013 – 14:15:34 | N | 87620417] G:Trombinoscopecl5.odt
[04/11/2013 – 17:04:52 | N | 2474592] G:IMG_4596.JPG
[17/11/2013 – 16:54:38 | N | 151552] G:histogramme (1).xls
[16/01/2013 – 16:12:06 | N | 57105] G:facture6433047.pdf
[05/11/2013 – 13:12:52 | N | 21912382] G:Sans nom 1.odt
[18/11/2013 – 13:51:22 | N | 158208] G:histogramme TPS.xls
[06/09/2013 – 07:04:44 | D ] G:Photos eleves
[08/04/2013 – 21:56:32 | N | 10047481] G:Fichier+Sudoku+niv1+et+2.pdf
[15/03/2000 – 02:28:42 | N | 29696] G:coordonées.doc
[05/09/2013 – 14:17:12 | D ] G:T1 Villejuif (TPS-PS)
[02/11/2013 – 14:37:54 | N | 366062928] G:Grimm.S02E08.PROPER.VOSTFR.HDTV.XviD-ATeam.avi

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |