Répondre à : PC+Clés infectés 2016-09-08T13:25:46+00:00
ambar
Nombre d'articles : 0

Voici mon rapport:

############################## | UsbFix V 7.155 | [Suppression]

Utilisateur: ANEMONA (Administrateur) # ANEMONANONIMA
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 09:28:34 | 17/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
RAM -> [Total : 4056 | Free : 1418]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 681 Go (574 Go libre(s) – 84%) [TI30880600C] # NTFS
D: -> CD-ROM
G: -> Disque amovible # 7 Go (1 Go libre(s) – 17%) [BEATRIZVARG] # FAT32
H: -> Disque amovible # 7 Go (7 Go libre(s) – 89%) [GYB] # FAT32

################## | Processus Stoppés |

Stoppé! C:windowssystem32atiesrxx.exe (ID: 568 |ParentID: 752)
Stoppé! C:windowssystem32atieclxx.exe (ID: 1360 |ParentID: 568)
Stoppé! C:WindowsSystem32GFNEXSrv.exe (ID: 1420 |ParentID: 752)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 1540 |ParentID: 752)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1624 |ParentID: 752)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1988 |ParentID: 752)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 2024 |ParentID: 752)
Stoppé! C:Program Files (x86)CanonIJPLMIJPLMSVC.EXE (ID: 1236 |ParentID: 752)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1676 |ParentID: 752)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 1928 |ParentID: 752)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1064 |ParentID: 752)
Stoppé! C:Program Files (x86)PANDORA.TVPanServicePandoraService.exe (ID: 2140 |ParentID: 752)
Stoppé! C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe (ID: 2264 |ParentID: 752)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2272 |ParentID: 1852)
Stoppé! C:Program FilesSRS LabsSRS Control PanelSRSPanel_64.exe (ID: 2288 |ParentID: 1852)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2300 |ParentID: 1852)
Stoppé! C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID: 2380 |ParentID: 1852)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 2504 |ParentID: 2444)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 2592 |ParentID: 1852)
Stoppé! C:Program FilesTOSHIBATECOTeco.exe (ID: 2600 |ParentID: 1852)
Stoppé! C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID: 2688 |ParentID: 1852)
Stoppé! C:Program FilesCanonMyPrinterBJMYPRT.EXE (ID: 2716 |ParentID: 1852)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID: 2796 |ParentID: 1852)
Stoppé! C:Program Files (x86)SteamSteam.exe (ID: 2820 |ParentID: 1852)
Stoppé! C:Program FilesTOSHIBATOSHIBA Places Icon UtilityTosDIMonitor.exe (ID: 2940 |ParentID: 1852)
Stoppé! C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe (ID: 3068 |ParentID: 2900)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe (ID: 1592 |ParentID: 2900)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 1916 |ParentID: 3060)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 2192 |ParentID: 2900)
Stoppé! C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe (ID: 3088 |ParentID: 2900)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3512 |ParentID: 1916)
Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 2788 |ParentID: 752)
Stoppé! C:windowssystem32TODDSrv.exe (ID: 3856 |ParentID: 752)
Stoppé! C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID: 3276 |ParentID: 752)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 4000 |ParentID: 752)
Stoppé! C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe (ID: 4152 |ParentID: 752)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4180 |ParentID: 4000)
Stoppé! C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe (ID: 4504 |ParentID: 752)
Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 4544 |ParentID: 752)
Stoppé! C:windowssystem32DllHost.exe (ID: 4640 |ParentID: 888)
Stoppé! C:Program FilesTOSHIBATECOTecoService.exe (ID: 4744 |ParentID: 752)
Stoppé! C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 5008 |ParentID: 752)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 3588 |ParentID: 2024)
Stoppé! C:Program Files (x86)AviraAntiVir DesktopAVWEBGRD.EXE (ID: 5364 |ParentID: 752)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 5440 |ParentID: 752)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5812 |ParentID: 752)
Stoppé! C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 6048 |ParentID: 752)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe (ID: 6268 |ParentID: 752)
Stoppé! C:windowssystem32DllHost.exe (ID: 6676 |ParentID: 888)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID: 5972 |ParentID: 752)
Stoppé! C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID: 3540 |ParentID: 752)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID: 6864 |ParentID: 2628)
Stoppé! C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID: 6444 |ParentID: 2616)
Stoppé! C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 3364 |ParentID: 4676)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 4932 |ParentID: 752)
Stoppé! C:Program Files (x86)NeroUpdateNASvc.exe (ID: 2084 |ParentID: 752)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 6684 |ParentID: 752)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 8292 |ParentID: 1852)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 8896 |ParentID: 8292)
Stoppé! C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 8932 |ParentID: 8896)
Stoppé! C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 8952 |ParentID: 8932)
Stoppé! C:windowsSystem32WUDFHost.exe (ID: 2360 |ParentID: 1028)
Stoppé! C:windowssystem32SearchProtocolHost.exe (ID: 6108 |ParentID: 5440)
Stoppé! C:windowssystem32SearchFilterHost.exe (ID: 7696 |ParentID: 5440)
Stoppé! C:windowssystem32DllHost.exe (ID: 9664 |ParentID: 888)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
04 – HKLMSOFTWARE | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [SDTray] – “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWAREwow6432Node | Run : [SDTray] – “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-2251023235-3244022043-3250570890-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-2251023235-3244022043-3250570890-1000SOFTWARE | Run : [Steam] – “C:Program Files (x86)SteamSteam.exe” -silent
04 – HKUS-1-5-21-2251023235-3244022043-3250570890-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersANEMONAAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-2251023235-3244022043-3250570890-1000SOFTWARE | Run : [Spybot-S&D Cleaning] – “C:Program Files (x86)Spybot – Search & Destroy 2SDCleaner.exe” /autoclean
04 – HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersANEMONAAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersANEMONAAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersANEMONAAppDataLocalTempavgnt.exe
Supprimé! G:iTunesHelper.vbe
Supprimé! G:FileZ.lnk
Supprimé! G:Turismo Gastronómico.lnk
Supprimé! G:Texte_8_EL_-SMARTPHONE_REVOLUCIONA_LAS_EMPRESAS-.lnk
Supprimé! G:VIDEOS.lnk
Supprimé! G:Tours.lnk
Supprimé! G:Grabaciones.Tours.lnk
Supprimé! G:BTS.lnk
Supprimé! G:LOST.DIR.lnk
Supprimé! G:btsblancdecembre2012.lnk
Supprimé! C:windowsSysWOW64update.exe

################## | Référence de comparaison MD5 |

Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersANEMONAAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersANEMONAAppDataLocalTempiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> G:iTunesHelper.vbe

################## | Comparaison MD5 |

Supprimé! Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersANEMONAAppDataLocalSlimWare Utilities IncSlimCleanerBackupsStartupFilesiTunesHelper.vbe

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKUS-1-5-21-2251023235-3244022043-3250570890-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-2251023235-3244022043-3250570890-1000Software….Mountpoints2{de2a0c27-5193-11e2-a703-4c72b974b02e}

################## | Listing |

[17/12/2013 – 09:37:29 | A | 12 Ko] – C:UsbFix [Clean 2] ANEMONANONIMA.txt
[16/12/2013 – 17:25:56 | ASH | 3114856 Ko] – C:hiberfil.sys
[16/12/2013 – 17:25:57 | ASH | 4153144 Ko] – C:pagefile.sys
[01/11/2013 – 22:05:27 | N | 3 Ko] – C:bootsqm.dat
[06/09/2012 – 19:34:23 | D] – C:$Recycle.Bin
[11/05/2012 – 12:29:51 | N | 8 Ko] – C:BOOTSECT.BAK
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[21/11/2010 – 04:23:51 | RASH | 375 Ko] – C:bootmgr
[11/05/2012 – 12:29:48 | SHD] – C:Boot
[03/08/2012 – 18:18:15 | D] – C:Intel
[06/09/2012 – 19:31:45 | D] – C:Users
[06/09/2012 – 19:34:00 | D] – C:Toshiba
[17/07/2013 – 17:10:58 | D] – C:UBIOS
[11/10/2013 – 21:08:35 | N | 0 Ko] – C:END
[01/11/2013 – 23:46:11 | D] – C:Program Files
[02/11/2013 – 23:02:56 | HD] – C:ProgramData
[17/11/2013 – 16:38:45 | D] – C:Program Files (x86)
[16/12/2013 – 17:25:54 | D] – C:Windows
[16/12/2013 – 17:31:34 | SHD] – C:System Volume Information
[17/12/2013 – 09:36:49 | D] – C:UsbFix
[10/12/2013 – 14:50:56 | N | 0 Ko] – G:FileZ.URL
[10/10/2013 – 14:11:10 | N | 12 Ko] – G:shortcutremover.exe.txt
[10/12/2013 – 11:11:42 | D] – G:Grabaciones.Tours
[29/09/2013 – 17:30:58 | N | 12985 Ko] – G:Turismo Gastronómico.mp4
[17/12/2013 – 09:15:34 | N | 0 Ko] – G:shortcutremover.lnk
[14/09/2013 – 15:53:54 | N | 17 Ko] – G:Texte_8_EL_-SMARTPHONE_REVOLUCIONA_LAS_EMPRESAS-.docx
[10/12/2013 – 16:09:24 | D] – G:LOST.DIR
[24/11/2013 – 12:33:26 | D] – G:BTS
[08/12/2013 – 23:14:18 | D] – G:VIDEOS
[09/12/2013 – 23:07:10 | D] – G:Tours
[15/12/2013 – 16:41:12 | D] – G:btsblancdecembre2012
[01/08/2012 – 03:55:40 | D] – H:DCIM

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |