Répondre à : Infection ordinateur+clé usb par ituneshelper.vbe 2016-09-08T13:28:45+00:00
dante
Participant
Post count: 37

Rapport usbfix

############################## | UsbFix V 7.159 | [Suppression]

Utilisateur: Thibaut (Administrateur) # PC-DE-THIBAUT
Mis à jour le 06/01/2014 par El Desaparecido – Team SosVirus
Lancé à 22:40:25 | 06/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: LENOVO (8927A59)
CPU: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
RAM -> [Total : 2046 Mo| Free : 685 Mo]
Bios: LENOVO
Boot: Normal boot

OS: Microsoft® Windows Vista™ Professionnel (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 16.0.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 30 Go (725 Mo libre(s) – 2%) [Système] # NTFS
D: -> Disque fixe # 67 Go (13 Go libre(s) – 20%) [Données] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 8 Go (7 Go libre(s) – 86%) [] # FAT32
G: -> Disque amovible # 245 Mo (245 Mo libre(s) – 100%) [KINGSTON] # FAT32

################## | Processus Stoppés |

Stoppé! C:Windowssystem32ibmpmsvc.exe (ID: 944 |ParentID: 692)
Stoppé! C:Windowssystem32nvvsvc.exe (ID: 972 |ParentID: 692)
Stoppé! C:Program FilesApoint2KApRunSvc.exe (ID: 1304 |ParentID: 692)
Stoppé! C:Windowssystem32SLsvc.exe (ID: 1352 |ParentID: 692)
Stoppé! C:Windowssystem32rundll32.exe (ID: 1556 |ParentID: 972)
Stoppé! C:Program FilesApoint2KApoint.exe (ID: 1784 |ParentID: 1304)
Stoppé! C:WindowsExplorer.EXE (ID: 2000 |ParentID: 1908)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 2008 |ParentID: 692)
Stoppé! C:Program FilesWindows DefenderMSASCui.exe (ID: 896 |ParentID: 2000)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 1144 |ParentID: 2000)
Stoppé! C:Program FilesThreatFireTFTray.exe (ID: 640 |ParentID: 2000)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1584 |ParentID: 692)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2044 |ParentID: 1148)
Stoppé! C:Program FilesAnalog DevicesCoresmax4pnp.exe (ID: 2100 |ParentID: 2000)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2276 |ParentID: 1148)
Stoppé! C:Program FilesOpenOffice.org 2.4programsoffice.exe (ID: 2304 |ParentID: 2116)
Stoppé! C:Windowssystem32IPSSVC.EXE (ID: 2888 |ParentID: 692)
Stoppé! C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe (ID: 2916 |ParentID: 692)
Stoppé! C:Windowssystem32AEADISRV.EXE (ID: 3084 |ParentID: 692)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 3100 |ParentID: 692)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 3148 |ParentID: 692)
Stoppé! C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (ID: 3196 |ParentID: 692)
Stoppé! C:Program FilesOpenOffice.org 2.4programsoffice.BIN (ID: 3204 |ParentID: 2304)
Stoppé! C:Program FilesIntelWirelessBinEvtEng.exe (ID: 3320 |ParentID: 692)
Stoppé! C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe (ID: 3548 |ParentID: 692)
Stoppé! C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE (ID: 3680 |ParentID: 692)
Stoppé! C:Program FilesIntelWirelessBinRegSrvc.exe (ID: 3720 |ParentID: 692)
Stoppé! C:Program FilesSFRGestionnaire de ConnexionSFR.DashBoard.Service.exe (ID: 3804 |ParentID: 692)
Stoppé! C:Program FilesThreatFireTFService.exe (ID: 3984 |ParentID: 692)
Stoppé! C:WindowsSystem32TPHDEXLG.exe (ID: 4044 |ParentID: 692)
Stoppé! C:Program FilesLENOVOHOTKEYTPHKSVC.exe (ID: 4080 |ParentID: 692)
Stoppé! C:Program FilesLenovoRescue and Recoveryrrpservice.exe (ID: 756 |ParentID: 692)
Stoppé! C:Program FilesLenovoRescue and Recoveryrrservice.exe (ID: 2272 |ParentID: 692)
Stoppé! c:Program FilesCommon FilesLenovoSchedulertvtsched.exe (ID: 1528 |ParentID: 692)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 404 |ParentID: 692)
Stoppé! C:Windowssystem32DRIVERSxaudio.exe (ID: 1824 |ParentID: 692)
Stoppé! C:Program FilesThinkPadConnectUtilitiesAcSvc.exe (ID: 2300 |ParentID: 692)
Stoppé! c:program fileslenovosystem updatesuservice.exe (ID: 2792 |ParentID: 692)
Stoppé! C:Program FilesThinkPadConnectUtilitiesSvcGuiHlpr.exe (ID: 2120 |ParentID: 2300)
Stoppé! C:Program FilesApoint2KApMsgFwd.exe (ID: 4308 |ParentID: 1784)
Stoppé! C:Program FilesApoint2KApntex.exe (ID: 4396 |ParentID: 4364)
Stoppé! C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 2780 |ParentID: 2000)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3996 |ParentID: 692)
Stoppé! C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe (ID: 5376 |ParentID: 692)
Stoppé! C:Windowssystem32UI0Detect.exe (ID: 2768 |ParentID: 692)
Stoppé! C:Program FilesDiskeeper CorporationDiskeeperDfrgNTFS.exe (ID: 5232 |ParentID: 3196)
Stoppé! C:Program FilesDiskeeper CorporationDiskeeperDkIcon.exe (ID: 5176 |ParentID: 3196)
Stoppé! C:Windowssystem32vssvc.exe (ID: 2016 |ParentID: 692)
Stoppé! C:Windowssystem32conime.exe (ID: 1704 |ParentID: 2688)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1768 |ParentID: 2000)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4980 |ParentID: 1768)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4296 |ParentID: 1768)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4916 |ParentID: 1768)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 5136 |ParentID: 404)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 5532 |ParentID: 404)

################## | Regedit Run |

04 – HKLM..Run : [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLM..Run : [DiskeeperSystray] “C:Program FilesDiskeeper CorporationDiskeeperDkIcon.exe”
04 – HKLM..Run : [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui
04 – HKLM..Run : [ThreatFire] C:Program FilesThreatFireTFTray.exe
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLM..Run : [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
04 – HKLM..RunOnce : []
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[11/06/2011 – 16:51:53 | SHD] – C:$Recycle.Bin
[12/07/2012 – 16:00:10 | D] – C:A
[18/09/2006 – 22:43:36 | N | 0 Ko] – C:autoexec.bat
[16/01/2013 – 07:12:32 | D] – C:B
[21/11/2012 – 18:57:40 | ASHD] – C:Boot
[11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
[05/02/2008 – 21:53:28 | N | 8 Ko] – C:BOOTSECT.BAK
[13/02/2013 – 18:08:41 | D] – C:C
[18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
[24/10/2013 – 18:53:17 | D] – C:D
[06/01/2014 – 22:35:16 | N | 1 Ko | 7C280631AA7A2F8363A18D05DB9EA398] – C:DelFix.txt
[02/11/2006 – 14:02:24 | SHD] – C:Documents and Settings
[11/08/2008 – 23:18:46 | D] – C:DRIVERS
[11/08/2008 – 22:58:56 | D] – C:Icons
[05/01/2014 – 17:13:24 | ASH | 2401820 Ko] – C:pagefile.sys
[21/01/2008 – 03:33:10 | D] – C:PerfLogs
[05/01/2014 – 16:58:29 | D] – C:Program Files
[01/01/2014 – 15:19:01 | HD] – C:ProgramData
[11/08/2008 – 23:30:03 | RSHD] – C:RRbackups
[11/08/2008 – 22:44:55 | N | 0 Ko] – C:setup.log
[12/08/2008 – 20:54:24 | N | 0 Ko] – C:sqmdata00.sqm
[12/08/2008 – 20:54:24 | N | 0 Ko] – C:sqmnoopt00.sqm
[12/08/2008 – 00:55:28 | D] – C:SWSHARE
[12/08/2008 – 19:01:42 | D] – C:SWTOOLS
[12/08/2008 – 08:10:34 | N | 0 Ko] – C:syslevel.lgl
[06/01/2014 – 22:35:14 | SHD] – C:System Volume Information
[11/08/2008 – 23:28:32 | N | 2 Ko] – C:tvtpktfilter.dat
[06/01/2014 – 22:40:29 | D] – C:UsbFix
[06/01/2014 – 22:43:57 | A | 8 Ko | 6E5A4D31E749D1F18CCD60CACC50B1BA] – C:UsbFix [Clean 1] PC-DE-THIBAUT.txt
[01/12/2013 – 12:29:23 | D] – C:Users
[05/01/2014 – 15:29:17 | D] – C:Windows
[07/08/2009 – 11:52:38 | SHD] – D:$RECYCLE.BIN
[01/12/2013 – 12:37:32 | D] – D:3b6035a41a56e7d85d376830
[09/05/2012 – 06:23:20 | D] – D:815dc5603c39767b7227
[08/02/2010 – 21:24:05 | N | 0 Ko] – D:Lecteur CD – Raccourci.lnk
[02/03/2011 – 12:23:44 | D] – D:Starcraft
[17/08/2008 – 17:32:04 | SHD] – D:System Volume Information
[06/06/2013 – 12:52:27 | D] – D:Thibaut
[30/11/2013 – 09:34:08 | N | 555580 Ko] – F:game.of.thrones.s01e01-jmt.avi
[01/12/2013 – 11:48:26 | N | 559047 Ko] – F:game.of.thrones.s01e02-jmt.avi
[08/12/2013 – 21:16:44 | RASHD] – F:Autorun.inf

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |