Répondre à : Virus raccourcis clé usb 2016-09-08T13:24:57+00:00
Julie
Participant
Nombre d'articles : 10

Ok c’est fait, voici le rapport:

Spoiler for 2pnkpvcf

############################## | UsbFix V 7.153 | [Suppression]

Utilisateur: JulieVer (Administrateur) # JULIEVER-TOSH
Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
Lancé à 11:54:34 | 13/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (PWWAA)
CPU: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
RAM -> [Total : 3891 | Free : 2831]
Bios: TOSHIBA
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (64 Go libre(s) – 43%) [WINDOWS] # NTFS
D: -> Disque fixe # 149 Go (140 Go libre(s) – 94%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 15 Go (5 Go libre(s) – 36%) [] # FAT32
G: -> Disque amovible # 2 Go (1 Go libre(s) – 59%) [] # FAT
H: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [FLASH DRIVE] # FAT32

################## | Processus Stoppés |

Stoppé! C:WindowsExplorer.EXE (ID: 1084 |ParentID: 1076)
Stoppé! C:Windowssystem32ctfmon.exe (ID: 1132 |ParentID: 1084)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1576 |ParentID: 628)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NBAgent] – “c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWARE | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
04 – HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLMSOFTWARE | Run : [KeNotify] – “C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe” LPCM
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatecb351f77-a92e-47cb-ae6d-7abd9359b6f8.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWAREwow6432Node | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
04 – HKLMSOFTWAREwow6432Node | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLMSOFTWAREwow6432Node | Run : [KeNotify] – “C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe” LPCM
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatecb351f77-a92e-47cb-ae6d-7abd9359b6f8.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-1152382003-1529554644-1580167732-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[26/07/2011 – 11:13:48 | N | 0 Ko] – C:SWSTAMP.TXT
[12/12/2013 – 22:28:56 | N | 11 Ko] – C:UsbFix [Clean 1] JULIEVER-TOSH.txt
[12/12/2013 – 22:58:15 | N | 17 Ko] – C:UsbFix [Clean 2] JULIEVER-TOSH.txt
[13/12/2013 – 11:55:20 | A | 5 Ko] – C:UsbFix [Clean 3] JULIEVER-TOSH.txt
[13/12/2013 – 11:52:33 | ASH | 2988036 Ko] – C:hiberfil.sys
[13/12/2013 – 11:52:36 | ASH | 3984048 Ko] – C:pagefile.sys
[24/08/2012 – 21:09:40 | N | 0 Ko] – C:extensions.sqlite
[11/12/2013 – 18:10:48 | D] – C:Config.Msi
[20/03/2012 – 10:34:32 | N | 2 Ko] – C:RHDSetup.log
[20/03/2012 – 12:57:52 | SHD] – C:$RECYCLE.BIN
[12/12/2013 – 21:11:59 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[14/07/2009 – 04:20:08 | D] – C:PerfLogs
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[20/03/2012 – 10:29:02 | D] – C:Intel
[20/03/2012 – 12:56:53 | D] – C:Users
[20/03/2012 – 12:59:00 | D] – C:Toshiba
[21/03/2012 – 12:17:33 | RHD] – C:MSOCache
[12/12/2013 – 20:54:03 | HD] – C:ProgramData
[12/12/2013 – 22:36:34 | D] – C:Program Files
[12/12/2013 – 22:36:43 | D] – C:Program Files (x86)
[12/12/2013 – 22:41:34 | SHD] – C:System Volume Information
[12/12/2013 – 22:51:51 | D] – C:Windows
[13/12/2013 – 10:14:29 | D] – C:AdwCleaner
[13/12/2013 – 11:54:36 | D] – C:UsbFix
[11/08/2011 – 01:48:58 | N | 0 Ko] – D:R16147DU.tag
[12/12/2013 – 22:58:14 | RASHD] – D:Autorun.inf
[20/03/2012 – 12:57:52 | SHD] – D:$RECYCLE.BIN
[03/02/2012 – 09:41:10 | SHD] – D:System Volume Information
[20/03/2012 – 20:21:49 | D] – D:HDDRecovery
[23/11/2013 – 15:31:24 | N | 65 Ko] – F:RAPPORT DE STAGE.pdf
[12/12/2013 – 22:58:16 | RASHD] – F:Autorun.inf
[05/08/2013 – 11:42:42 | N | 383 Ko] – F:pagedegarde2011_2012.doc
[24/11/2013 – 17:55:06 | SHD] – F:$RECYCLE.BIN
[23/11/2013 – 16:55:00 | D] – F:3. Histoire de l'art Temps Modernes
[23/11/2013 – 16:54:44 | D] – F:2. Histoire comparée des arts Temps Modernes
[23/11/2013 – 16:56:34 | D] – F:4. Gestion des collections
[24/11/2013 – 19:29:22 | D] – F:1. Architecture et arts plastiques des Temps Modernes
[09/10/2013 – 22:57:22 | D] – F:- Extrafilm 8 –
[09/11/2013 – 15:06:06 | D] – F:Mémoire
[12/12/2013 – 22:50:56 | N | 0 Ko] – G:trz3029.lnk
[12/12/2013 – 22:58:16 | RASHD] – G:Autorun.inf
[31/07/2012 – 14:18:38 | N | 1 Ko] – G:NIKON001.DSC
[01/01/1601 – 01:00:00 | D] – G:MISC
[01/01/1601 – 01:00:00 | D] – G:DCIM
[12/12/2013 – 12:53:04 | N | 4 Ko] – H:._.Trashes
[12/12/2013 – 12:53:04 | SHD] – H:.Trashes
[12/12/2013 – 12:53:04 | D] – H:.Spotlight-V100
[07/12/2013 – 10:01:12 | N | 211 Ko] – H:tickets.pdf
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trzFF3F.lnk
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trzFC70.lnk
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trz99D1.lnk
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trz9C61.lnk
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trzD76F.lnk
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trzF3A7.lnk
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trzF702.lnk
[12/12/2013 – 17:41:44 | N | 0 Ko] – H:trzF9B1.lnk
[12/12/2013 – 17:45:26 | N | 0 Ko] – H:.fseventsd.lnk
[12/12/2013 – 17:45:26 | N | 0 Ko] – H:.Trashes.lnk
[12/12/2013 – 17:45:26 | N | 0 Ko] – H:tickets.lnk
[12/12/2013 – 17:43:54 | SH | 0 Ko] – H:autorun.inf
[12/12/2013 – 12:53:04 | D] – H:.fseventsd

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par Bitdefender USB Immunizer (Bitdefender Antivirus)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2pnkpvcf]