Répondre à : Infection USB (avec rapport USBfix) 2016-09-08T13:22:46+00:00
Jestrov
Post count: 0

Je ne sais comment vous remercier de votre rapidité… ah si, je vais faire un don!
donc voilà le rapport USBfix. J’ai du relancer le programme car la première fois ça a planté tout à la fin (à 95% au moment de la vaccination):
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Joël (Administrateur) # JOËL-TOSH
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 08:57:58 | 02/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3959 | Free : 2078]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 233 Go (97 Go libre(s) – 42%) [WINDOWS] # NTFS
D: -> Disque fixe # 233 Go (98 Go libre(s) – 42%) [Data] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 14 Go (11 Go libre(s) – 79%) [NANO PRO] # FAT32
H: -> Disque amovible # 30 Go (20 Go libre(s) – 68%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1372 |ParentID: 676)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 348 |ParentID: 3776)
Stoppé! C:Windowsexplorer.exe (ID: 5752 |ParentID: 880)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 796 |ParentID: 676)
Stoppé! C:Windowssystem32WUDFHost.exe (ID: 5720 |ParentID: 428)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 128 |ParentID: 676)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5708 |ParentID: 676)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 436 |ParentID: 128)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 4016 |ParentID: 676)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1112 |ParentID: 4016)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 1108 |ParentID: 556)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1392 |ParentID: 676)
Stoppé! C:Windowssystem32DllHost.exe (ID: 3740 |ParentID: 808)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4376 |ParentID: 5752)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 5528 |ParentID: 4376)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 3016 |ParentID: 5528)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 4696 |ParentID: 3016)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3536 |ParentID: 556)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 3984 |ParentID: 128)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NBAgent] – “c:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate607bc439-f995-453a-a5ce-d883fc6aa6ba.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “c:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate607bc439-f995-453a-a5ce-d883fc6aa6ba.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [KiesHelper] – C:Program Files (x86)SamsungKiesKiesHelper.exe /s
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [KiesPDLR] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [Spotify Web Helper] – “C:UsersJoëlAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-18SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[29/05/2011 – 12:31:24 | SHD ] C:$RECYCLE.BIN
[23/06/2010 – 17:24:22 | D ] C:1033
[18/05/2013 – 22:03:58 | N | 4855] C:AdwCleaner[R1].txt
[18/05/2013 – 22:05:29 | N | 5033] C:AdwCleaner[R2].txt
[18/05/2013 – 22:04:18 | N | 359] C:AdwCleaner[S1].txt
[18/05/2013 – 22:05:06 | N | 359] C:AdwCleaner[S2].txt
[18/05/2013 – 22:06:10 | N | 4985] C:AdwCleaner[S3].txt
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[23/02/2013 – 01:22:17 | D ] C:Games
[02/12/2013 – 01:50:21 | ASH | 3113365504] C:hiberfil.sys
[23/06/2010 – 17:03:12 | D ] C:Intel
[12/03/2013 – 21:23:12 | D ] C:Jeux
[20/04/2012 – 14:15:41 | D ] C:Matrix Games
[02/12/2013 – 01:50:26 | ASH | 4151156736] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[01/12/2013 – 23:29:50 | D ] C:Program Files
[02/12/2013 – 00:42:38 | D ] C:Program Files (x86)
[02/12/2013 – 00:22:07 | HD ] C:ProgramData
[10/05/2010 – 07:29:26 | N | 70] C:SWSTAMP.TXT
[02/12/2013 – 00:23:30 | SHD ] C:System Volume Information
[26/10/2013 – 23:40:35 | D ] C:Temp
[08/01/2011 – 17:44:56 | D ] C:Toshiba
[02/12/2013 – 08:58:04 | D ] C:UsbFix
[02/12/2013 – 08:49:44 | N | 13400] C:UsbFix [Clean 2] JOËL-TOSH.txt
[02/12/2013 – 08:58:18 | A | 7377] C:UsbFix [Clean 3] JOËL-TOSH.txt
[01/12/2013 – 22:55:53 | N | 12654] C:UsbFix [Scan 1] JOËL-TOSH.txt
[01/12/2013 – 23:40:29 | N | 12764] C:UsbFix [Scan 2] JOËL-TOSH.txt
[02/12/2013 – 00:56:48 | N | 10858] C:UsbFix [Scan 3] JOËL-TOSH.txt
[02/12/2013 – 01:23:23 | N | 10388] C:UsbFix [Scan 4] JOËL-TOSH.txt
[02/12/2013 – 01:30:23 | N | 6809] C:UsbFix [Scan 5] JOËL-TOSH.txt
[02/12/2013 – 01:46:04 | N | 7121] C:UsbFix [Scan 6] JOËL-TOSH.txt
[05/07/2013 – 00:40:40 | RD ] C:Users
[02/12/2013 – 01:34:39 | D ] C:Windows
[23/06/2010 – 17:23:06 | D ] C:Works
[29/05/2011 – 12:31:24 | SHD ] D:$RECYCLE.BIN
[25/04/2012 – 09:38:49 | D ] D:Bibliothèque numérique
[06/08/2011 – 14:41:44 | D ] D:Cyanide
[30/07/2013 – 22:05:30 | D ] D:Documents lourds divers
[30/07/2013 – 22:05:39 | D ] D:Films
[09/01/2011 – 02:33:02 | D ] D:HDDRecovery
[21/06/2012 – 09:52:34 | D ] D:Images
[27/07/2012 – 13:52:10 | D ] D:Jeux
[05/08/2011 – 17:30:57 | D ] D:msdownld.tmp
[23/06/2010 – 16:58:02 | SHD ] D:System Volume Information
[26/07/2012 – 22:14:00 | D ] D:Système
[07/03/2013 – 11:54:36 | N | 1697429] G:ImationLOCKv20-E Manual.pdf
[02/12/2013 – 08:50:42 | RASHD ] G:Autorun.inf
[23/11/2013 – 17:33:24 | D ] G:Recherches
[02/12/2013 – 08:57:16 | D ] H:Autorun.inf
[12/09/2013 – 08:21:48 | D ] H:Documents

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |