Répondre à : Infection USB (avec rapport USBfix) 2016-09-08T13:22:47+00:00
Jestrov
Post count: 0

Voilà pour le premier:
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Joël (Administrateur) # JOËL-TOSH
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 08:41:21 | 02/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3959 | Free : 1984]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 233 Go (97 Go libre(s) – 42%) [WINDOWS] # NTFS
D: -> Disque fixe # 233 Go (98 Go libre(s) – 42%) [Data] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 14 Go (11 Go libre(s) – 79%) [NANO PRO] # FAT32
H: -> Disque amovible # 30 Go (20 Go libre(s) – 67%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID: 1004 |ParentID: 676)
Stoppé! C:Program FilesHitmanProhmpsched.exe (ID: 1188 |ParentID: 676)
Stoppé! C:Windowssystem32atieclxx.exe (ID: 1360 |ParentID: 1004)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1372 |ParentID: 676)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1564 |ParentID: 676)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1672 |ParentID: 676)
Stoppé! C:Program Files (x86)BonjourmDNSResponder.exe (ID: 1792 |ParentID: 676)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1824 |ParentID: 676)
Stoppé! C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe (ID: 1896 |ParentID: 676)
Stoppé! C:Program Files (x86)Common FilesMicrosoft SharedVS7Debugmdm.exe (ID: 1956 |ParentID: 676)
Stoppé! C:Program FilesCommon FilesNitro PDFReader2.0NitroPDFReaderDriverService2x64.exe (ID: 1988 |ParentID: 676)
Stoppé! C:Windowssystem32ThpSrv.exe (ID: 1664 |ParentID: 676)
Stoppé! C:Windowssystem32TODDSrv.exe (ID: 1108 |ParentID: 676)
Stoppé! C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID: 1728 |ParentID: 676)
Stoppé! C:Program FilesTOSHIBATECOTecoService.exe (ID: 2120 |ParentID: 676)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2208 |ParentID: 676)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2664 |ParentID: 676)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2756 |ParentID: 2208)
Stoppé! C:Windowssystem32taskhost.exe (ID: 3056 |ParentID: 676)
Stoppé! C:WindowsExplorer.EXE (ID: 2284 |ParentID: 2596)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 3148 |ParentID: 808)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3452 |ParentID: 2284)
Stoppé! C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID: 3532 |ParentID: 2284)
Stoppé! C:Program FilesTOSHIBABulletinBoardTosNcCore.exe (ID: 3572 |ParentID: 2284)
Stoppé! C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID: 3608 |ParentID: 2284)
Stoppé! C:Program FilesCONEXANTcAudioFilterAgentcAudioFilterAgent64.exe (ID: 3652 |ParentID: 2284)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3756 |ParentID: 3452)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 3780 |ParentID: 2284)
Stoppé! C:Program FilesTOSHIBATECOTeco.exe (ID: 3840 |ParentID: 2284)
Stoppé! C:Program FilesTOSHIBARegistrationToshibaReminder.exe (ID: 3964 |ParentID: 2284)
Stoppé! C:Program FilesCommon FilesCommon Desktop AgentCDASrv.exe (ID: 1944 |ParentID: 2284)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3260 |ParentID: 556)
Stoppé! C:Program Files (x86)DAEMON Tools LiteDTLite.exe (ID: 3520 |ParentID: 2284)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID: 3552 |ParentID: 3260)
Stoppé! C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe (ID: 3372 |ParentID: 2284)
Stoppé! C:UsersJoëlAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 3560 |ParentID: 2284)
Stoppé! C:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe (ID: 3936 |ParentID: 3776)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 348 |ParentID: 3776)
Stoppé! C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID: 4052 |ParentID: 3776)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 1700 |ParentID: 1168)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID: 3620 |ParentID: 3552)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3876 |ParentID: 1700)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID: 4252 |ParentID: 676)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID: 4280 |ParentID: 676)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 4716 |ParentID: 676)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID: 4816 |ParentID: 676)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID: 4892 |ParentID: 3472)
Stoppé! C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID: 4276 |ParentID: 676)
Stoppé! C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID: 2264 |ParentID: 3900)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5056 |ParentID: 676)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 1612 |ParentID: 556)
Stoppé! C:Windowssystem32WLANExt.exe (ID: 2932 |ParentID: 428)
Stoppé! C:Windowssystem32conhost.exe (ID: 3640 |ParentID: 536)
Stoppé! C:Windowssystem32WUDFHost.exe (ID: 920 |ParentID: 428)
Stoppé! C:Windowssystem32taskhost.exe (ID: 3176 |ParentID: 676)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4588 |ParentID: 2284)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 424 |ParentID: 4588)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 3900 |ParentID: 424)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 304 |ParentID: 3900)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NBAgent] – “c:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate607bc439-f995-453a-a5ce-d883fc6aa6ba.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “c:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate607bc439-f995-453a-a5ce-d883fc6aa6ba.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [KiesHelper] – C:Program Files (x86)SamsungKiesKiesHelper.exe /s
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [KiesPDLR] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-896825162-99512129-4184289744-1001SOFTWARE | Run : [Spotify Web Helper] – “C:UsersJoëlAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-18SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! G:ImationLock_v232.exe
Supprimé! C:UsersJoëlAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersJOL~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersJOL~1AppDataLocalTempDrives.vbs
Supprimé! G:iTunesHelper.vbe
Supprimé! H:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 207333B7866BDEF1048397335113FC55 -> C:UsersJoëlAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 207333B7866BDEF1048397335113FC55 -> C:UsersJOL~1AppDataLocalTempiTunesHelper.vbe
Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:UsersJOL~1AppDataLocalTempDrives.vbs
Md5 : 207333B7866BDEF1048397335113FC55 -> G:iTunesHelper.vbe
Md5 : 207333B7866BDEF1048397335113FC55 -> H:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-896825162-99512129-4184289744-1001Software….Mountpoints2{37c01355-9334-11e0-ba3c-e839df25dbd3}

################## | Listing |

[29/05/2011 – 12:31:24 | SHD ] C:$RECYCLE.BIN
[23/06/2010 – 17:24:22 | D ] C:1033
[18/05/2013 – 22:03:58 | N | 4855] C:AdwCleaner[R1].txt
[18/05/2013 – 22:05:29 | N | 5033] C:AdwCleaner[R2].txt
[18/05/2013 – 22:04:18 | N | 359] C:AdwCleaner[S1].txt
[18/05/2013 – 22:05:06 | N | 359] C:AdwCleaner[S2].txt
[18/05/2013 – 22:06:10 | N | 4985] C:AdwCleaner[S3].txt
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[23/02/2013 – 01:22:17 | D ] C:Games
[02/12/2013 – 01:50:21 | ASH | 3113365504] C:hiberfil.sys
[23/06/2010 – 17:03:12 | D ] C:Intel
[12/03/2013 – 21:23:12 | D ] C:Jeux
[20/04/2012 – 14:15:41 | D ] C:Matrix Games
[02/12/2013 – 01:50:26 | ASH | 4151156736] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[01/12/2013 – 23:29:50 | D ] C:Program Files
[02/12/2013 – 00:42:38 | D ] C:Program Files (x86)
[02/12/2013 – 00:22:07 | HD ] C:ProgramData
[10/05/2010 – 07:29:26 | N | 70] C:SWSTAMP.TXT
[02/12/2013 – 00:23:30 | SHD ] C:System Volume Information
[26/10/2013 – 23:40:35 | D ] C:Temp
[08/01/2011 – 17:44:56 | D ] C:Toshiba
[02/12/2013 – 08:49:40 | D ] C:UsbFix
[02/12/2013 – 08:49:44 | A | 12063] C:UsbFix [Clean 2] JOËL-TOSH.txt
[01/12/2013 – 22:55:53 | N | 12654] C:UsbFix [Scan 1] JOËL-TOSH.txt
[01/12/2013 – 23:40:29 | N | 12764] C:UsbFix [Scan 2] JOËL-TOSH.txt
[02/12/2013 – 00:56:48 | N | 10858] C:UsbFix [Scan 3] JOËL-TOSH.txt
[02/12/2013 – 01:23:23 | N | 10388] C:UsbFix [Scan 4] JOËL-TOSH.txt
[02/12/2013 – 01:30:23 | N | 6809] C:UsbFix [Scan 5] JOËL-TOSH.txt
[02/12/2013 – 01:46:04 | N | 7121] C:UsbFix [Scan 6] JOËL-TOSH.txt
[05/07/2013 – 00:40:40 | RD ] C:Users
[02/12/2013 – 01:34:39 | D ] C:Windows
[23/06/2010 – 17:23:06 | D ] C:Works
[29/05/2011 – 12:31:24 | SHD ] D:$RECYCLE.BIN
[25/04/2012 – 09:38:49 | D ] D:Bibliothèque numérique
[06/08/2011 – 14:41:44 | D ] D:Cyanide
[30/07/2013 – 22:05:30 | D ] D:Documents lourds divers
[30/07/2013 – 22:05:39 | D ] D:Films
[09/01/2011 – 02:33:02 | D ] D:HDDRecovery
[21/06/2012 – 09:52:34 | D ] D:Images
[27/07/2012 – 13:52:10 | D ] D:Jeux
[05/08/2011 – 17:30:57 | D ] D:msdownld.tmp
[23/06/2010 – 16:58:02 | SHD ] D:System Volume Information
[26/07/2012 – 22:14:00 | D ] D:Système
[07/03/2013 – 11:54:36 | N | 1697429] G:ImationLOCKv20-E Manual.pdf
[23/11/2013 – 17:33:24 | D ] G:Recherches
[12/09/2013 – 08:21:48 | D ] H:Documents

################## | Vaccin |