Répondre à : Clefs USB vérolées (raccourcis automatiques) 2016-09-08T13:24:00+00:00
Lola
Nombre d'articles : 0

Bonsoir !

Merci pour ta rapidité, c’est super !

Voici le dernier rapport après suppression :

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Les ulis (Administrateur) # LESULIS-TOSH
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 19:41:00 | 07/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: AMD (Renmore)
CPU: AMD E1-1200 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3686 | Free : 1966]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Protection antivirus et antispyware McAfee [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 682 Go (292 Go libre(s) – 43%) [TI30905600A] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (347 Mo libre(s) – 5%) [CLEM’] # FAT32
F: -> Disque amovible # 7 Go (7 Go libre(s) – 99%) [ARKIL82] # FAT32
G: -> Disque amovible # 250 Mo (144 Mo libre(s) – 58%) [] # FAT

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1492 |ParentID: 776)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 1860 |ParentID: 1704)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3508 |ParentID: 2728)
Stoppé! C:Windowssystem32mfevtps.exe (ID: 3912 |ParentID: 776)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 4500 |ParentID: 776)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 4856 |ParentID: 776)
Stoppé! C:windowsexplorer.exe (ID: 9560 |ParentID: 832)
Stoppé! C:windowsSystem32WUDFHost.exe (ID: 2720 |ParentID: 1072)
Stoppé! C:windowsSystem32rundll32.exe (ID: 6040 |ParentID: 960)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 3160 |ParentID: 776)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 11540 |ParentID: 776)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 5844 |ParentID: 11540)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6044 |ParentID: 776)
Stoppé! C:windowssystem32wuauclt.exe (ID: 8088 |ParentID: 1148)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 7384 |ParentID: 776)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 7624 |ParentID: 776)
Stoppé! C:Program FilesCommon FilesMcAfeeMcSvcHostMcSvHost.exe (ID: 7476 |ParentID: 776)
Stoppé! c:PROGRA~1mcafee.comagentmcagent.exe (ID: 6292 |ParentID: 960)
Stoppé! C:windowssystem32DllHost.exe (ID: 3248 |ParentID: 960)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 11136 |ParentID: 9560)
Stoppé! C:UsersLes ulisAppDataRoaminguTorrentuTorrent.exe (ID: 3064 |ParentID: 11136)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 6240 |ParentID: 11136)
Stoppé! C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 5852 |ParentID: 6240)
Stoppé! C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 3232 |ParentID: 5852)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-1361115407-4209325156-1920050401-1000SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product InformationTOPI.exe /STARTUP
04 – HKUS-1-5-21-1361115407-4209325156-1920050401-1000SOFTWARE | Run : [uTorrent] – “C:UsersLes ulisAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-21-1361115407-4209325156-1920050401-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersLESULI~1AppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersLESULI~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersLes ulisAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! E:iTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! G:iTunesHelper.vbe
Supprimé! E:.lnk
Supprimé! E:iPod_Control.lnk
Supprimé! F:Dessins Tangram.lnk
Supprimé! G:Techniques de caractérisation étudiées & application des prothèses de la hanche.lnk
Supprimé! G:infos pole emploi.lnk
Supprimé! G:presentation.lnk
Supprimé! G:Nouveau dossier.lnk
Supprimé! G:~$présentation Techniques de caractérisation étudiées & application des prothèses de la hanche.lnk
Supprimé! G:présentation Techniques de caractérisation étudiées & application des prothèses de la hanche.lnk
Supprimé! G:Quelques techniques de caractérisation & distrib élements prostatique.lnk
Supprimé! C:UsersPublic4z1z.VBE
Supprimé! C:UsersPublic7z1z.VBE
Supprimé! C:UsersLESULI~1AppDataLocalTempfftB3CA.tmp.exe
Supprimé! C:UsersLESULI~1AppDataLocalTemputt8465.tmp.exe
Supprimé! C:UsersLESULI~1AppDataLocalTempdsa.hta

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic4z1z.VBE
Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic7z1z.VBE
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> C:UsersLes ulisAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> C:UsersLESULI~1AppDataLocalTempiTunesHelper.vbe
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> E:iTunesHelper.vbe
Md5 : 8BDA0DF67BB571FC4F5AEB8339CDE406 -> F:iTunesHelper.vbe
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> G:iTunesHelper.vbe
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> C:UsersLes ulisAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-1361115407-4209325156-1920050401-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[26/06/2013 – 13:43:53 | SHD ] C:$Recycle.Bin
[04/09/2013 – 08:47:17 | D ] C:3a63b402a08a6e0b1b1f18
[27/09/2013 – 09:13:52 | D ] C:757a4e366d5359fa64774bb3ed17
[07/01/2013 – 10:52:58 | D ] C:7fa676dfdca1743723b78023544b4477
[07/12/2013 – 17:23:28 | D ] C:AdwCleaner
[17/04/2012 – 00:52:43 | SHD ] C:Boot
[21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
[17/04/2012 – 00:52:45 | RASH | 8192] C:BOOTSECT.BAK
[07/12/2013 – 12:19:23 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[07/12/2013 – 17:15:17 | ASH | 2899075072] C:hiberfil.sys
[18/11/2012 – 18:56:34 | RHD ] C:MSOCache
[07/12/2013 – 17:15:17 | ASH | 3865436160] C:pagefile.sys
[28/11/2013 – 21:40:29 | D ] C:Program Files
[07/12/2013 – 17:12:49 | D ] C:Program Files (x86)
[07/12/2013 – 17:12:46 | HD ] C:ProgramData
[07/12/2013 – 12:07:29 | SHD ] C:System Volume Information
[30/10/2012 – 19:56:51 | D ] C:Toshiba
[07/12/2013 – 19:50:51 | D ] C:UsbFix
[07/12/2013 – 19:51:25 | A | 9669] C:UsbFix [Clean 3] LESULIS-TOSH.txt
[07/12/2013 – 18:01:21 | N | 13420] C:UsbFix [Scan 1] LESULIS-TOSH.txt
[07/12/2013 – 18:27:51 | N | 9835] C:UsbFix [Scan 2] LESULIS-TOSH.txt
[21/07/2012 – 16:14:54 | RD ] C:Users
[07/12/2013 – 16:40:03 | D ] C:Windows
[04/08/2012 – 13:24:04 | D ] E:iPod_Control
[04/08/2012 – 04:24:08 | N | 0] E:.metadata_never_index
[21/08/2012 – 21:41:36 | D ] E:Photos
[13/04/2013 – 20:09:06 | D ] E:Recordings
[20/06/2013 – 10:51:38 | N | 692790] F:Dessins Tangram.bmp
[03/07/2013 – 16:25:26 | D ] F:Solidays
[17/10/2013 – 11:16:50 | D ] G:cvet lm
[17/10/2013 – 11:19:12 | D ] G:docs pole emploi
[17/10/2013 – 11:37:24 | D ] G:cours M1
[18/10/2013 – 11:38:30 | N | 213620] G:CV Apprenti Master 1 sciences des matériaux attendu.pdf
[19/10/2013 – 10:59:44 | N | 293422] G:CV Apprenti M1 Matériaux.png
[28/10/2013 – 12:02:26 | N | 1276770] G:Certificat de scolarité 2013 2014.jpg
[28/10/2013 – 12:50:52 | N | 777586] G:Certificat de scolarité et carte étudiant 2013 2014.jpg
[28/10/2013 – 13:00:38 | N | 917610] G:certif scolarité verso 2013 2014.jpg
[31/10/2013 – 00:47:44 | N | 1411988] G:Techniques de caractérisation étudiées & application des prothèses de la hanche.pptx
[03/11/2013 – 13:57:20 | D ] G:att
[03/11/2013 – 15:34:32 | D ] G:Mes Courriers_fichiers
[03/11/2013 – 15:35:42 | N | 10163] G:Mes Courriers.htm
[03/11/2013 – 15:37:54 | D ] G:infos pole emploi_fichiers
[03/11/2013 – 15:39:10 | N | 10289] G:infos pole emploi.htm
[20/11/2013 – 21:29:08 | D ] G:Nouveau dossier
[20/11/2013 – 21:35:54 | N | 641099] G:présentation Techniques de caractérisation étudiées & application des prothèses de la hanche.pdf
[20/11/2013 – 22:04:56 | N | 1427934] G:présentation Techniques de caractérisation étudiées & application des prothèses de la hanche.pptx
[26/11/2013 – 17:37:12 | N | 29994] G:nos quartiers ont des talents.pdf
[26/11/2013 – 18:23:42 | N | 17044] G:prog quartier talent .docx
[26/11/2013 – 19:46:30 | D ] G:huoada
[26/11/2013 – 19:54:10 | N | 184481] G:nos talents.png
[26/11/2013 – 20:06:04 | N | 161881] G:NQT forum.pdf
[26/11/2013 – 20:07:04 | N | 218513] G:NQT forum.docx
[28/11/2013 – 23:22:50 | D ] G:nqt
[28/11/2013 – 23:19:24 | N | 1698282] G:Quelques techniques de caractérisation & distrib élements prostatique.pptx

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Est-ce que c’était un virus Itunes qui faisait tout buger ?