Répondre à : Rapport USBFIX Virus Raccourcis 2016-09-08T13:37:29+00:00
jaja
Participant
Nombre d'articles : 5

OK super,merci pour ta réactivité.
voici le rapport
[spoiler:1iqbh6l6]############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: GÈGÈ (Administrateur) # G…G…-VAIO
Mis ‡ jour le 31/03/2014 par El Desaparecido – Team SosVirus
LancÈ ‡ 10:55:31 | 29/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Atom(TM) CPU N280 @ 1.66GHz
RAM -> [Total : 1014 Mo| Free : 128 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows†7 …dition Starter (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 9.0.8112.16421

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 45 Go (20 Go libre(s) – 44%) [] # NTFS
D: -> Disque amovible # 29 Go (725 Mo libre(s) – 2%) [TOSHIBA] # FAT32
G: -> Disque fixe # 98 Go (96 Go libre(s) – 99%) [GG Disk] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 440 |ParentID: 380)
C:Windowssystem32wininit.exe (ID: 480 |ParentID: 380)
C:Windowssystem32csrss.exe (ID: 488 |ParentID: 472)
C:Windowssystem32winlogon.exe (ID: 544 |ParentID: 472)
C:Windowssystem32services.exe (ID: 600 |ParentID: 480)
C:Windowssystem32lsass.exe (ID: 608 |ParentID: 480)
C:Windowssystem32lsm.exe (ID: 616 |ParentID: 480)
C:Windowssystem32svchost.exe (ID: 736 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 840 |ParentID: 600)
C:WindowsSystem32svchost.exe (ID: 916 |ParentID: 600)
C:WindowsSystem32svchost.exe (ID: 1000 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 1056 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 1216 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 1404 |ParentID: 600)
G:UtilitairesAvastaswUpdSv.exe (ID: 1488 |ParentID: 600)
G:UtilitairesAvastashServ.exe (ID: 1520 |ParentID: 600)
C:WindowsSystem32spoolsv.exe (ID: 1784 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 1820 |ParentID: 600)
C:Program FilesBonjourmDNSResponder.exe (ID: 1928 |ParentID: 600)
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 1956 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 2004 |ParentID: 600)
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe (ID: 500 |ParentID: 600)
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID: 316 |ParentID: 600)
C:Program FilesArcSoftMagic-i Visual Effects 2uCamMonitor.exe (ID: 1368 |ParentID: 600)
C:Program FilesSonyVAIO Event ServiceVESMgr.exe (ID: 1340 |ParentID: 600)
C:Program FilesSonyVAIO Power ManagementSPMService.exe (ID: 1584 |ParentID: 600)
C:Windowssystem32DllHost.exe (ID: 1600 |ParentID: 736)
C:Program FilesCommon FilesSony SharedVAIO Content Folder WatcherVCFw.exe (ID: 112 |ParentID: 600)
C:Program FilesSonyVAIO Smart NetworkVSNService.exe (ID: 856 |ParentID: 600)
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe (ID: 1324 |ParentID: 600)
C:WindowsSystem32svchost.exe (ID: 436 |ParentID: 600)
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe (ID: 2492 |ParentID: 600)
G:UtilitairesAvastashMaiSv.exe (ID: 2572 |ParentID: 600)
G:UtilitairesAvastashWebSv.exe (ID: 2664 |ParentID: 600)
C:WindowsSystem32WUDFHost.exe (ID: 2860 |ParentID: 1000)
C:Program FilesSonyVAIO Event ServiceVESMgrSub.exe (ID: 3136 |ParentID: 1340)
C:Windowssystem32SearchIndexer.exe (ID: 2264 |ParentID: 600)
C:Windowssystem32taskhost.exe (ID: 1104 |ParentID: 600)
C:Program FilesSonyVAIO Smart NetworkVSNClient.exe (ID: 3824 |ParentID: 856)
C:Windowssystem32Dwm.exe (ID: 3364 |ParentID: 1000)
C:WindowsExplorer.EXE (ID: 556 |ParentID: 3264)
C:Windowssystem32taskeng.exe (ID: 708 |ParentID: 1056)
C:Windowssystem32igfxsrvc.exe (ID: 2744 |ParentID: 736)
C:Program FilesSonyVAIO Update 4VAIOUpdt.exe (ID: 3960 |ParentID: 708)
C:Program FilesSonyVAIO Power ManagementSPMgr.exe (ID: 3928 |ParentID: 3324)
C:WindowsSystem32hkcmd.exe (ID: 756 |ParentID: 556)
C:WindowsSystem32igfxpers.exe (ID: 1296 |ParentID: 556)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 1500 |ParentID: 556)
C:Program FilesSonyISB UtilityISBMgr.exe (ID: 2824 |ParentID: 556)
C:Program FilesSonyMarketing ToolsMarketingTools.exe (ID: 2660 |ParentID: 556)
G:UtilitairesAvastashDisp.exe (ID: 712 |ParentID: 556)
C:Program FilesAirPortAPAgent.exe (ID: 472 |ParentID: 556)
C:Program FilesJavajre6binjusched.exe (ID: 3776 |ParentID: 556)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3676 |ParentID: 1500)
C:Program FilesCanonMyPrinterBJMYPRT.EXE (ID: 1716 |ParentID: 556)
C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.exe (ID: 3476 |ParentID: 556)
C:Windowssystem32taskeng.exe (ID: 3768 |ParentID: 1056)
C:Program FilesSonyVAIO GateVAIO Gate.exe (ID: 1632 |ParentID: 3768)
C:Program FilesSearchqu ToolbarDatamngrdatamngrUI.exe (ID: 2892 |ParentID: 556)
C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3328 |ParentID: 556)
C:Program FilesWindows Sidebarsidebar.exe (ID: 996 |ParentID: 556)
C:Program FilesSamsungKiesKies.exe (ID: 3752 |ParentID: 556)
C:Program FilesSamsungKiesKiesAirMessage.exe (ID: 2280 |ParentID: 556)
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 4236 |ParentID: 556)
G:UtilitairesObjectDockObjectDock.exe (ID: 4396 |ParentID: 556)
C:Program FilesSonyMarketing ToolsMarketingTools.exe (ID: 4432 |ParentID: 556)
C:Program FilesIncrediMailBinImApp.exe (ID: 4968 |ParentID: 736)
C:Windowssystem32svchost.exe (ID: 4984 |ParentID: 600)
C:Windowssystem32taskhost.exe (ID: 5884 |ParentID: 600)
C:Program FilesMcAfee Security Scan3.8.141SSScheduler.exe (ID: 4624 |ParentID: 4852)
C:WindowsSystem32svchost.exe (ID: 596 |ParentID: 600)
\?C:Windowssystem32wbemWMIADAP.EXE (ID: 3680 |ParentID: 1056)
C:Windowssystem32wbemwmiprvse.exe (ID: 4384 |ParentID: 736)
C:Windowssystem32wuauclt.exe (ID: 720 |ParentID: 1056)
C:WindowsservicingTrustedInstaller.exe (ID: 5224 |ParentID: 600)
C:Windowssystem32SearchProtocolHost.exe (ID: 5372 |ParentID: 2264)
C:Windowssystem32SearchFilterHost.exe (ID: 4040 |ParentID: 2264)
C:Windowssystem32wbemwmiprvse.exe (ID: 5532 |ParentID: 736)

################## | Recherche gÈnÈrique |

SupprimÈ! C:UsersGG1ABD~1AppDataLocalTempFlashPlayerUpdate.exe
SupprimÈ! D:AAA CÈcile Copie USB.lnk
SupprimÈ! D:System Volume Information.lnk
SupprimÈ! D:dessous blancs.lnk

(!) Fichiers temporaires supprimÈs.

################## | Registre |

SupprimÈ! HKUS-1-5-21-2868101362-2020593684-553202056-1000SoftwareMicrosoftWindowsCurrentVersionRunOnce|FlashPlayerUpdate
SupprimÈ! HKUS-1-5-21-2868101362-2020593684-553202056-1000Software….Mountpoints2{5396360f-f13f-11de-8eac-002433fc2172}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKCU..Run : [IncrediMail] C:Program FilesIncrediMailbinIncMail.exe /c
04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKCU..Run : [] C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
04 – HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLM..Run : [ISBMgr.exe] “C:Program FilesSonyISB UtilityISBMgr.exe”
04 – HKLM..Run : [NortonOnlineBackupReminder] “C:Program FilesSymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
04 – HKLM..Run : [MarketingTools] C:Program FilesSonyMarketing ToolsMarketingTools.exe
04 – HKLM..Run : [avast!] “G:UtilitairesAvastashDisp.exe”
04 – HKLM..Run : [AirPort Base Station Agent] “C:Program FilesAirPortAPAgent.exe”
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesJavajre6binjusched.exe”
04 – HKLM..Run : [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
04 – HKLM..Run : [CanonSolutionMenu] C:Program FilesCanonSolutionMenuCNSLMAIN.exe /logon
04 – HKLM..Run : [IJNetworkScanUtility] C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.exe
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [DATAMNGR] C:PROGRA~1SEARCH~1DatamngrDATAMN~1.EXE
04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
04 – HKLM..RunOnce : []
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [IncrediMail] C:Program FilesIncrediMailbinIncMail.exe /c
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [] C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[11/12/2009 – 13:53:22 | SHD] – C:$Recycle.Bin
[10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
[22/11/2012 – 04:54:30 | D] – C:Config.Msi
[10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
[30/09/2009 – 05:02:43 | D] – C:Documentation
[14/07/2009 – 06:53:55 | SHD] – C:Documents and Settings
[22/11/2012 – 04:54:32 | ASH | 779080 Ko] – C:hiberfil.sys
[27/08/2009 – 15:28:53 | D] – C:Intel
[30/09/2009 – 04:29:06 | RHD] – C:MSOCache
[29/04/2014 – 09:27:31 | ASH | 1048576 Ko] – C:pagefile.sys
[14/07/2009 – 04:37:05 | D] – C:PerfLogs
[29/04/2014 – 09:23:56 | D] – C:Program Files
[13/10/2012 – 12:12:32 | HD] – C:ProgramData
[27/08/2009 – 15:44:28 | N | 2 Ko] – C:RHDSetup.log
[29/04/2014 – 10:49:28 | SHD] – C:System Volume Information
[13/10/2012 – 12:32:23 | D] – C:Temp
[29/04/2014 – 09:32:31 | D] – C:UsbFix
[29/04/2014 – 11:02:46 | A | 11 Ko | 990FEC0EBCCE235B3B2C8B4ADF994EFE] – C:UsbFix [Clean 2] G…G…-VAIO.txt
[29/04/2014 – 09:54:02 | N | 11 Ko | A81B83204C9A1226EB72D88F96C51B37] – C:UsbFix [Scan 1] G…G…-VAIO.txt
[29/04/2014 – 09:55:12 | N | 11 Ko | 0160685FEFDE75747BA1894F4952AD2B] – C:UsbFix [Scan 2] G…G…-VAIO.txt
[29/04/2014 – 10:15:26 | N | 11 Ko | 733592A70EEA11AD7C13A2B0FF33A478] – C:UsbFix [Scan 3] G…G…-VAIO.txt
[11/12/2009 – 13:52:29 | D] – C:Users
[30/09/2009 – 04:51:10 | N | 401 Ko] – C:vcredist_x86.log
[13/10/2012 – 12:13:00 | D] – C:Windows
[30/09/2009 – 05:02:43 | D] – C:_FS_SWRINFO
[18/01/2014 – 12:02:18 | D] – D:AAA CÈcile Copie USB
[19/01/2014 – 10:54:10 | SHD] – D:System Volume Information
[21/01/2014 – 23:12:40 | D] – D:dessous blancs
[26/02/2014 – 11:34:52 | N | 5089 Ko] – D:LinÈaire Terra Humana.pptx
[10/02/2014 – 21:07:04 | N | 811 Ko] – D:Charte2014.pptx
[26/02/2014 – 17:06:06 | N | 3136 Ko] – D:CDI PrÈsentation 3.pptx
[26/02/2014 – 17:16:08 | N | 306 Ko] – D:LinÈaire Terra Humana.pdf
[26/02/2014 – 17:34:28 | N | 883 Ko] – D:linÈaire Son Haut.pptx
[26/02/2014 – 17:34:40 | N | 180 Ko] – D:linÈaire Son Haut.pdf
[26/02/2014 – 19:02:38 | N | 348 Ko] – D:vitrine et presentoirs .pdf
[26/02/2014 – 19:12:02 | N | 1512 Ko] – D:PrÈsentation2.pptx
[26/02/2014 – 19:30:50 | N | 1361 Ko] – D:CDI PrÈsentation 3.pdf
[28/02/2014 – 16:46:52 | N | 0 Ko] – D:~$PrÈsentation2.pptx
[07/03/2014 – 09:15:54 | N | 0 Ko] – D:~$Copie de contact G7 G9.xlsx
[07/03/2014 – 09:15:54 | N | 12 Ko] – D:Copie de contact G7 G9.xlsx
[28/04/2013 – 11:04:54 | N | 2394 Ko] – D:speaker.JPG
[10/03/2014 – 11:00:54 | N | 83 Ko] – D:logo.docx
[01/04/2014 – 21:41:20 | N | 116 Ko] – D:PrÈsentation1.pdf
[11/12/2009 – 15:18:37 | SHD] – G:$RECYCLE.BIN
[04/10/2012 – 17:34:03 | N | 0 Ko] – G:end
[29/04/2014 – 09:29:50 | D] – G:Mes Telechargements
[11/12/2009 – 15:46:40 | D] – G:Musique
[12/03/2012 – 23:04:59 | D] – G:Photos
[11/12/2009 – 16:24:16 | D] – G:Program Files
[11/12/2009 – 15:42:22 | SHD] – G:System Volume Information
[27/12/2009 – 13:15:00 | D] – G:Utilitaires

################## | Vaccin |

D:Autorun.inf -> Vaccin crÈÈ par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin crÈÈ par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1iqbh6l6]

J’ai une seconde clé infectée, je peux faire la meme manip ?

Merci