Répondre à : clef infectée 2016-09-08T13:25:17+00:00
manumanu
Nombre d'articles : 0

Salut,
Merci pour ta réponse super rapide 🙂
J’ai lancée la suppression, la clef remarche. youhou!
Un fichier vault a été cré, dois-je le supprimmer?
Puis-je la vacciner, j’adore ce concept?
Voila le rapport
Merci encore :merci2:

############################## | UsbFix V 7.154 | [Suppression]

Utilisateur: Emmanuel (Administrateur) # POMPOM
Mis à jour le 13/12/2013 par El Desaparecido – Team SosVirus
Lancé à 11:33:53 | 15/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3950 | Free : 2095]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit)
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2014 [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 285 Go (56 Go libre(s) – 20%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (5 Go libre(s) – 68%) [MOLETTE] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)AVGAVG2014avgwdsvc.exe (ID: 5252 |ParentID: 848)
Stoppé! C:Program Files (x86)AVGAVG2014avgnsa.exe (ID: 3708 |ParentID: 5252)
Stoppé! C:Program Files (x86)AVGAVG2014avgemca.exe (ID: 6580 |ParentID: 5252)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 1848 |ParentID: 1088)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 560 |ParentID: 992)
Stoppé! C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe (ID: 3492 |ParentID: 848)
Stoppé! C:WindowsSysWOW64DllHost.exe (ID: 4004 |ParentID: 992)
Stoppé! C:Program Files (x86)SonyVAIO Event ServiceVESMgrSub.exe (ID: 6796 |ParentID: 3492)
Stoppé! C:Program Files (x86)AVGAVG2014avgrsa.exe (ID: 4368 |ParentID: 5252)
Stoppé! C:Program Files (x86)AVGAVG2014avgcsrva.exe (ID: 5012 |ParentID: 4368)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 508 |ParentID: 848)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2948 |ParentID: 848)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1884 |ParentID: 848)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1504 |ParentID: 848)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 5636 |ParentID: 848)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2512 |ParentID: 1380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5600 |ParentID: 2512)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1816 |ParentID: 2512)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID: 6188 |ParentID: 5244)
Stoppé! C:Windowssplwow64.exe (ID: 120 |ParentID: 5380)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 5104 |ParentID: 848)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3540 |ParentID: 1128)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
04 – HKLMSOFTWARE | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [SHTtray.exe] – C:Program Files (x86)Common FilesSony SharedSOHLibSHTtray.exe
04 – HKLMSOFTWARE | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
04 – HKLMSOFTWAREwow6432Node | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [SHTtray.exe] – C:Program Files (x86)Common FilesSony SharedSOHLibSHTtray.exe
04 – HKLMSOFTWAREwow6432Node | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-607756409-2548948119-2316470549-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-607756409-2548948119-2316470549-1001SOFTWARE | Run : [Elbserver] – C:Program Files (x86)SonyMedia GalleryElbServer.exe /Stay
04 – HKUS-1-5-21-607756409-2548948119-2316470549-1001SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program Files (x86)SFRKit9props.exe” /trayicon
04 – HKUS-1-5-21-607756409-2548948119-2316470549-1001SOFTWARE | Run : [Virtual Audio Streaming(Sound Card Switch)] – “C:Program Files (x86)ShiningMorningVirtualAudioStreamingVirtualAudioStreaming.exe” /minimized

################## | Recherche générique |

Supprimé! E:GROGNON 1-12-13.lnk
Supprimé! E:M2Gro.lnk
Supprimé! E:A-votre–coute–co-te-que-co-te.lnk

(!) Fichiers temporaires supprimés. (6 Ko)

################## | Registre |

################## | Listing |

[29/05/2013 – 22:42:27 | N | 0 Ko] – C:log2.txt
[29/05/2013 – 23:48:46 | N | 10 Ko] – C:AdwCleaner[S1].txt
[14/12/2013 – 23:54:23 | N | 19 Ko] – C:ComboFix.txt
[14/12/2013 – 23:59:20 | N | 11 Ko] – C:UsbFix [Scan 1] POMPOM.txt
[15/12/2013 – 00:08:37 | N | 11 Ko] – C:UsbFix [Scan 2] POMPOM.txt
[15/12/2013 – 10:49:40 | N | 11 Ko] – C:UsbFix [Scan 3] POMPOM.txt
[15/12/2013 – 11:34:40 | A | 6 Ko] – C:UsbFix [Clean 1] POMPOM.txt
[10/09/2010 – 11:25:23 | D] – C:SPLASH.SYS
[15/12/2013 – 10:19:18 | ASH | 4044900 Ko] – C:pagefile.sys
[15/12/2013 – 10:19:20 | ASH | 3033672 Ko] – C:hiberfil.sys
[14/12/2013 – 22:29:13 | D] – C:Config.Msi
[10/09/2010 – 10:53:01 | N | 3 Ko] – C:RHDSetup.log
[10/09/2010 – 11:25:46 | N | 314 Ko] – C:lv.log
[10/09/2010 – 11:25:39 | N | 0 Ko] – C:splash.idx
[14/12/2013 – 23:54:28 | SHD] – C:$RECYCLE.BIN
[12/03/2011 – 20:34:44 | D] – C:SPLASH.000
[21/09/2013 – 21:50:38 | D] – C:found.000
[14/07/2009 – 04:20:08 | D] – C:PerfLogs
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[22/06/2010 – 23:14:20 | N | 4 Ko] – C:version
[12/07/2010 – 21:49:45 | D] – C:Intel
[10/09/2010 – 10:58:40 | D] – C:Documentation
[10/09/2010 – 10:58:41 | D] – C:_FS_SWRINFO
[10/09/2010 – 11:33:05 | D] – C:VAIO Sample Contents
[14/02/2011 – 19:24:59 | D] – C:Users
[14/02/2011 – 19:58:39 | D] – C:Update
[19/02/2011 – 18:23:19 | D] – C:VAIO Entertainment
[21/03/2011 – 19:46:39 | D] – C:Temp
[14/06/2011 – 22:50:39 | D] – C:a765c50c99a0bef708db9
[25/06/2011 – 17:34:34 | D] – C:a501826d3a2821eef2292af44d89
[12/08/2011 – 00:07:34 | D] – C:b69440f7d57fe0b7e54145b3d4b89a
[19/09/2011 – 17:48:17 | D] – C:8931cc6d737fe1d64523
[27/09/2011 – 16:45:18 | D] – C:c0f31d9e70859ac145
[02/10/2011 – 09:02:09 | D] – C:175dd095edb6511f729cf1d4cfddd613
[05/10/2011 – 22:19:17 | D] – C:d118c0bd9b75933f96ca
[06/10/2011 – 21:21:49 | D] – C:ed2c1ad7073a8a34148f1759cfb7
[09/10/2011 – 11:58:30 | D] – C:7b4229694c7b47eff97bd7f8
[09/10/2011 – 21:11:34 | D] – C:7df4b6764d81f4b0c66303dc85d7
[10/10/2011 – 18:49:26 | D] – C:6182802a876b2b61ab1c
[11/10/2011 – 21:39:27 | D] – C:51b3b79ffe892e7c99b8
[05/11/2011 – 21:23:31 | D] – C:LGP970
[12/10/2012 – 05:29:36 | D] – C:Log
[02/12/2012 – 11:52:00 | D] – C:Firefox
[16/04/2013 – 23:49:40 | D] – C:Odyssey
[20/07/2013 – 16:07:28 | RD] – C:MSOCache
[10/10/2013 – 16:23:09 | D] – C:$AVG
[10/10/2013 – 17:33:26 | D] – C:Program Files
[10/10/2013 – 23:49:40 | D] – C:50fcdcd0d58d4221ed
[14/12/2013 – 22:26:41 | SHD] – C:System Volume Information
[14/12/2013 – 22:43:40 | D] – C:Program Files (x86)
[14/12/2013 – 22:43:51 | D] – C:AdwCleaner
[14/12/2013 – 23:54:24 | D] – C:Windows
[14/12/2013 – 23:54:25 | D] – C:Qoobox
[15/12/2013 – 10:48:34 | D] – C:ProgramData
[15/12/2013 – 11:34:34 | D] – C:UsbFix
[14/12/2013 – 13:13:54 | N | 2743 Ko] – E:cours_p53_M2_cancero_2013-Pujals.pdf
[15/12/2013 – 10:49:42 | RASHD] – E:Autorun.inf
[07/11/2013 – 18:42:18 | D] – E:A-votre–coute–co-te-que-co-te
[01/12/2013 – 12:39:18 | D] – E:GROGNON 1-12-13
[01/12/2013 – 12:46:52 | D] – E:M2Gro
[14/12/2013 – 22:34:46 | D] – E:$AVG

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |