RSG145
Participant
Nombre d'articles : 12

Super rapide, merci :super:
J’ai pris note du Keylogger, est-ce que c’est lié au virus qui transforme les documents en raccourcis ?
Voilà le rapport de suppression:

############################## | UsbFix V 7.159 | [Suppression]

Utilisateur: Thierry (Administrateur) # PCBUREAU
Mis à jour le 06/01/2014 par El Desaparecido – Team SosVirus
Lancé à 20:20:14 | 08/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: MSI (IONA)
CPU: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
RAM -> [Total : 8151 Mo| Free : 5937 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: -> Disque fixe # 1386 Go (1215 Go libre(s) – 88%) [HP] # NTFS
D: -> Disque fixe # 11 Go (2 Go libre(s) – 14%) [FACTORY_IMAGE] # NTFS
E: -> Disque fixe # 1397 Go (1218 Go libre(s) – 87%) [HP2] # NTFS
F: -> CD-ROM
K: -> Disque amovible # 15 Go (10 Go libre(s) – 66%) [FLASH DRIVE] # FAT32
L: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [USB DISK] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesMcAfeeMSCMcAPExe.exe (ID: 1116 |ParentID: 816)
Stoppé! C:Windowssystem32mfevtps.exe (ID: 1340 |ParentID: 816)
Stoppé! C:Program FilesCommon FilesMcAfeeAMCoremcshield.exe (ID: 2052 |ParentID: 816)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 2244 |ParentID: 816)
Stoppé! C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe (ID: 1276 |ParentID: 816)
Stoppé! c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe (ID: 10188 |ParentID: 996)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 6300 |ParentID: 996)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 12024 |ParentID: 416)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 8532 |ParentID: 816)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 688 |ParentID: 8532)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 6468 |ParentID: 816)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 9836 |ParentID: 816)
Stoppé! C:PROGRA~1McAfeeMSMMcSmtFwk.exe (ID: 3752 |ParentID: 3080)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3672 |ParentID: 816)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 5328 |ParentID: 12864)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 308 |ParentID: 6656)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7360 |ParentID: 308)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 13988 |ParentID: 308)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 13624 |ParentID: 308)
Stoppé! C:Program FilesCommon FilesMcAfeePlatformmcuicnt.exe (ID: 6992 |ParentID: 4740)
Stoppé! C:Windowssystem32DllHost.exe (ID: 12608 |ParentID: 996)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 6888 |ParentID: 6468)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 3484 |ParentID: 6468)
Stoppé! C:Windowssystem32DllHost.exe (ID: 11192 |ParentID: 996)

################## | Regedit Run |

04 – HKLM..Run : [hpsysdrv] c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe
04 – HKLM..Run : [BATINDICATOR] C:Program Files (x86)Hewlett-PackardHP MAINSTREAM KEYBOARDBATINDICATOR.exe
04 – HKLM..Run : [LaunchHPOSIAPP] C:Program Files (x86)Hewlett-PackardHP MAINSTREAM KEYBOARDLaunchApp.exe
04 – HKLM..Run : [HP Remote Solution] %ProgramFiles%Hewlett-PackardHP Remote SolutionHP_Remote_Solution.exe
04 – HKLM..Run : [IAStorIcon] C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLM..Run : [mcui_exe] “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [ApnUpdater] “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
04 – HKLM..Run : []
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [mcpltui_exe] “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLM..RunOnce : []
04 – HKLM64..Run : [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
04 – HKLM64..Run : [SmartMenu] C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe /background
04 – HKLM64..Run : [PC-Doctor for Windows localizer] C:Program FilesPC-Doctor for Windowslocalizer.exe
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3996975368-2883083243-2639967671-1001..Run : [Akamai NetSession Interface] “C:UsersThierryAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-3996975368-2883083243-2639967671-1001..Run : [SURVIVAL] wscript.exe //B “C:UsersThierryAppDataLocalTempSURVIVAL.vbe”
04 – HKUS-1-5-21-3996975368-2883083243-2639967671-1001..Run : [APS] C:UsersPublicconhost.exe
04 – HKUS-1-5-21-3996975368-2883083243-2639967671-1004..Run : [SURVIVAL] wscript.exe //B “C:UsersZ-frthAppDataLocalTempSURVIVAL.vbe”
04 – HKUS-1-5-21-3996975368-2883083243-2639967671-1004..Run : [APS] C:UsersPublicconhost.exe
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersPublicconhost.exe
Supprimé! C:UsersThierryAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSURVIVAL.vbe
Supprimé! C:UsersThierryAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe
Supprimé! C:UsersThierryAppDataLocalTempSURVIVAL.vbe
Supprimé! C:UsersThierryAppDataLocalTempDATA.exe
Supprimé! K:SURVIVAL.vbe
Supprimé! L:SURVIVAL.vbe
Supprimé! C:UsersThierryAppDataRoamingE42FAE461-01-2014
Supprimé! C:UsersThierryAppDataRoamingE42FAE462-01-2014
Supprimé! C:UsersThierryAppDataRoamingE42FAE463-01-2014
Supprimé! C:UsersThierryAppDataRoamingE42FAE464-01-2014
Supprimé! C:UsersThierryAppDataRoamingE42FAE465-01-2014
Supprimé! C:UsersThierryAppDataRoamingE42FAE466-01-2014
Supprimé! C:UsersThierryAppDataRoamingE42FAE467-01-2014
Supprimé! C:UsersThierryAppDataRoamingE42FAE4631-12-2013
Supprimé! C:UsersThierryAppDataRoamingE42FAE46ak.tmp
Supprimé! C:UsersThierryAppDataRoamingE42FAE46
Supprimé! C:UsersThierryAppDataLocalTempThierry7
Supprimé! C:UsersThierryAppDataLocalTempThierry8
Supprimé! K:Docs Caroline.lnk
Supprimé! K:Docs Francoise.lnk
Supprimé! K:Docs Thierry.lnk
Supprimé! C:UsersPublicsdelevURL.tmp
Supprimé! C:UsersThierryAppDataRoamingThierry-wchelper.dll
Non supprimé ! C:UsersThierryAppDataLocalTemp5555etilqs_7OoXdBUc14ideje.pif
Non supprimé ! C:UsersThierryAppDataLocalTemp575tilqs_7OoXdBUc14ideje.pif

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareHolaa
Supprimé! HKUS-1-5-21-3996975368-2883083243-2639967671-1004SoftwareHolaa
Supprimé! HKUS-1-5-21-3996975368-2883083243-2639967671-1001SoftwareMicrosoftWindowsCurrentVersionRun|APS
Supprimé! HKUS-1-5-21-3996975368-2883083243-2639967671-1004SoftwareMicrosoftWindowsCurrentVersionRun|APS
Supprimé! HKUS-1-5-21-3996975368-2883083243-2639967671-1001SoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL
Supprimé! HKUS-1-5-21-3996975368-2883083243-2639967671-1004SoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL

################## | UsbFix – Information |

UsbFix a détecté sur votre ordinateur, une infection qui dispose d’une fonction de Keylogger.
Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectué des achats sur internet,
veuillez contacter votre banque afin d’envisager une opposition sur votre carte bancaire.

Info : infection-dinihou-vous-explique-son-fonctionnement-t4852.html

################## | Listing |

[02/01/2011 – 19:46:22 | SHD] – C:$Recycle.Bin
[08/01/2014 – 19:15:31 | RASHD] – C:Autorun.inf
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[07/09/2010 – 22:12:50 | N | 0 Ko | 0168645847484AF1F37D413AF65B9A7F] – C:FINIS_IT.TXT
[10/12/2012 – 17:22:10 | D] – C:found.000
[04/01/2014 – 21:44:06 | ASH | 6260028 Ko] – C:hiberfil.sys
[31/10/2011 – 13:26:13 | D] – C:hp
[04/01/2010 – 16:16:35 | D] – C:Intel
[05/09/2010 – 08:39:28 | RHD] – C:MSOCache
[04/01/2014 – 21:44:08 | ASH | 8346704 Ko] – C:pagefile.sys
[14/07/2009 – 04:20:08 | D] – C:PerfLogs
[12/10/2013 – 20:34:14 | D] – C:Program Files
[05/01/2014 – 18:11:07 | D] – C:Program Files (x86)
[24/12/2013 – 18:33:06 | HD] – C:ProgramData
[05/01/2014 – 20:41:20 | SHD] – C:System Volume Information
[08/01/2014 – 20:20:15 | D] – C:UsbFix
[08/01/2014 – 20:21:22 | A | 9 Ko | A5AE1BD78CD2A0E4C0EAF8FD15C1326A] – C:UsbFix [Clean 1] PCBUREAU.txt
[08/01/2014 – 20:00:26 | N | 13 Ko | B4312D31F61CBB848BBE62589A88422D] – C:UsbFix [Scan 2] PCBUREAU.txt
[01/09/2010 – 20:42:21 | D] – C:Users
[04/12/2013 – 00:04:15 | D] – C:Windows
[01/09/2010 – 20:42:24 | SHD] – D:$RECYCLE.BIN
[08/01/2014 – 19:15:31 | RASHD] – D:Autorun.inf
[22/08/2010 – 16:18:13 | SHD] – D:boot
[13/07/2009 – 18:39:00 | ASH | 375 Ko] – D:bootmgr
[22/08/2010 – 16:18:11 | N | 0 Ko] – D:BT_HP.FLG
[05/01/2010 – 02:11:51 | N | 0 Ko] – D:CSP.DAT
[05/01/2010 – 02:24:08 | N | 15 Ko] – D:DeployRp.log
[19/09/2010 – 17:05:36 | D] – D:hp
[22/08/2010 – 16:18:02 | N | 0 Ko] – D:language.ini
[22/08/2010 – 16:18:14 | SHD] – D:preload
[22/08/2010 – 16:18:14 | SD] – D:Recovery
[05/01/2010 – 02:24:07 | N | 0 Ko] – D:RPCONFIG.LOG
[05/01/2014 – 19:00:49 | SHD] – D:System Volume Information
[01/09/2010 – 20:42:24 | SHD] – E:$RECYCLE.BIN
[08/01/2014 – 19:15:32 | RASHD] – E:Autorun.inf
[10/12/2013 – 23:59:12 | D] – E:d3a4abdc02eb8be7ac716bfb
[21/07/2012 – 09:02:10 | D] – E:Firefox
[04/01/2014 – 20:31:20 | N | 1 Ko] – E:MediaID.bin
[04/01/2014 – 20:31:40 | D] – E:PCBUREAU
[05/01/2014 – 20:48:21 | SHD] – E:System Volume Information
[05/01/2014 – 19:06:03 | D] – E:WindowsImageBackup
[05/01/2014 – 18:24:34 | D] – K:Docs Caroline
[05/01/2014 – 18:25:16 | D] – K:Docs Francoise
[05/01/2014 – 18:27:02 | D] – K:Docs Thierry
[08/01/2014 – 19:15:34 | RASHD] – K:Autorun.inf
[08/01/2014 – 19:15:34 | RASHD] – L:Autorun.inf

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
K:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
L:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |