Répondre à : Rapport USBFIX Virus Raccourcis 2016-09-08T13:37:29+00:00
Photo du profil de jajajaja
Participant
Post count: 5

OK voici le second rapport
[spoiler:11hk8pzb]############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: GÈGÈ (Administrateur) # G…G…-VAIO
Mis ‡ jour le 31/03/2014 par El Desaparecido – Team SosVirus
LancÈ ‡ 11:09:12 | 29/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Atom(TM) CPU N280 @ 1.66GHz
RAM -> [Total : 1014 Mo| Free : 366 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows†7 …dition Starter (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 9.0.8112.16421

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 45 Go (20 Go libre(s) – 44%) [] # NTFS
D: -> Disque amovible # 29 Go (27 Go libre(s) – 94%) [USB DISK] # FAT32
G: -> Disque fixe # 98 Go (96 Go libre(s) – 99%) [GG Disk] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 444 |ParentID: 388)
C:Windowssystem32wininit.exe (ID: 484 |ParentID: 388)
C:Windowssystem32csrss.exe (ID: 496 |ParentID: 476)
C:Windowssystem32winlogon.exe (ID: 552 |ParentID: 476)
C:Windowssystem32services.exe (ID: 612 |ParentID: 484)
C:Windowssystem32lsass.exe (ID: 620 |ParentID: 484)
C:Windowssystem32lsm.exe (ID: 628 |ParentID: 484)
C:Windowssystem32svchost.exe (ID: 736 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 860 |ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 948 |ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 1028 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 1084 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 1204 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 1320 |ParentID: 612)
G:UtilitairesAvastaswUpdSv.exe (ID: 1484 |ParentID: 612)
G:UtilitairesAvastashServ.exe (ID: 1516 |ParentID: 612)
C:WindowsSystem32spoolsv.exe (ID: 1820 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 1856 |ParentID: 612)
C:Program FilesBonjourmDNSResponder.exe (ID: 1976 |ParentID: 612)
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 2004 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 236 |ParentID: 612)
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe (ID: 596 |ParentID: 612)
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID: 904 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 1140 |ParentID: 612)
C:Program FilesArcSoftMagic-i Visual Effects 2uCamMonitor.exe (ID: 1492 |ParentID: 612)
C:Program FilesSonyVAIO Event ServiceVESMgr.exe (ID: 1580 |ParentID: 612)
C:Program FilesSonyVAIO Power ManagementSPMService.exe (ID: 1640 |ParentID: 612)
C:Windowssystem32DllHost.exe (ID: 1984 |ParentID: 736)
C:Program FilesSonyVAIO Event ServiceVESMgrSub.exe (ID: 276 |ParentID: 1580)
C:Program FilesCommon FilesSony SharedVAIO Content Folder WatcherVCFw.exe (ID: 2076 |ParentID: 612)
C:Program FilesSonyVAIO Smart NetworkVSNService.exe (ID: 2112 |ParentID: 612)
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe (ID: 2156 |ParentID: 612)
C:WindowsSystem32svchost.exe (ID: 2192 |ParentID: 612)
C:Windowssystem32wbemwmiprvse.exe (ID: 2560 |ParentID: 736)
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe (ID: 2728 |ParentID: 612)
G:UtilitairesAvastashWebSv.exe (ID: 2796 |ParentID: 612)
G:UtilitairesAvastashMaiSv.exe (ID: 2848 |ParentID: 612)
C:WindowsSystem32WUDFHost.exe (ID: 3216 |ParentID: 1028)
C:Windowssystem32taskhost.exe (ID: 3500 |ParentID: 612)
C:Windowssystem32Dwm.exe (ID: 3612 |ParentID: 1028)
C:Program FilesSonyVAIO Smart NetworkVSNClient.exe (ID: 3648 |ParentID: 2112)
C:WindowsExplorer.EXE (ID: 3676 |ParentID: 3584)
C:Program FilesSonyVAIO Power ManagementSPMgr.exe (ID: 3692 |ParentID: 3620)
C:Windowssystem32runonce.exe (ID: 3932 |ParentID: 3676)
C:Windowssystem32taskeng.exe (ID: 3984 |ParentID: 1084)
C:Program FilesSonyVAIO Update 4VAIOUpdt.exe (ID: 4040 |ParentID: 3984)
C:Windowssystem32wbemwmiprvse.exe (ID: 2164 |ParentID: 736)
C:Program FilesSonyVAIO GateVAIO Gate.exe (ID: 3276 |ParentID: 3984)

################## | Recherche gÈnÈrique |

SupprimÈ! D:Plaquette versofranÁais.lnk
SupprimÈ! D:Plaquette rectomaroc.lnk
SupprimÈ! D:Carte_dbl_hor_CDI_2.lnk
SupprimÈ! D:System Volume Information.lnk
SupprimÈ! D:impot.lnk
SupprimÈ! D:Ancein contenu.lnk
SupprimÈ! D:COLAS.lnk

(!) Fichiers temporaires supprimÈs.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKCU..Run : [IncrediMail] C:Program FilesIncrediMailbinIncMail.exe /c
04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKCU..Run : [] C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
04 – HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLM..Run : [ISBMgr.exe] “C:Program FilesSonyISB UtilityISBMgr.exe”
04 – HKLM..Run : [NortonOnlineBackupReminder] “C:Program FilesSymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
04 – HKLM..Run : [MarketingTools] C:Program FilesSonyMarketing ToolsMarketingTools.exe
04 – HKLM..Run : [avast!] “G:UtilitairesAvastashDisp.exe”
04 – HKLM..Run : [AirPort Base Station Agent] “C:Program FilesAirPortAPAgent.exe”
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesJavajre6binjusched.exe”
04 – HKLM..Run : [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
04 – HKLM..Run : [CanonSolutionMenu] C:Program FilesCanonSolutionMenuCNSLMAIN.exe /logon
04 – HKLM..Run : [IJNetworkScanUtility] C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.exe
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [DATAMNGR] C:PROGRA~1SEARCH~1DatamngrDATAMN~1.EXE
04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [IncrediMail] C:Program FilesIncrediMailbinIncMail.exe /c
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-2868101362-2020593684-553202056-1000..Run : [] C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[11/12/2009 – 13:53:22 | SHD] – C:$Recycle.Bin
[10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
[22/11/2012 – 04:54:30 | D] – C:Config.Msi
[10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
[30/09/2009 – 05:02:43 | D] – C:Documentation
[14/07/2009 – 06:53:55 | SHD] – C:Documents and Settings
[29/04/2014 – 11:06:50 | ASH | 779080 Ko] – C:hiberfil.sys
[27/08/2009 – 15:28:53 | D] – C:Intel
[30/09/2009 – 04:29:06 | RHD] – C:MSOCache
[29/04/2014 – 11:07:33 | ASH | 1048576 Ko] – C:pagefile.sys
[14/07/2009 – 04:37:05 | D] – C:PerfLogs
[29/04/2014 – 09:23:56 | D] – C:Program Files
[13/10/2012 – 12:12:32 | HD] – C:ProgramData
[27/08/2009 – 15:44:28 | N | 2 Ko] – C:RHDSetup.log
[29/04/2014 – 10:49:28 | SHD] – C:System Volume Information
[13/10/2012 – 12:32:23 | D] – C:Temp
[29/04/2014 – 11:04:58 | D] – C:UsbFix
[29/04/2014 – 11:02:47 | N | 13 Ko | 2776EB68031D4A6EF4D98E0BCB9BFDB0] – C:UsbFix [Clean 2] G…G…-VAIO.txt
[29/04/2014 – 11:11:20 | A | 9 Ko | 242BFA9F05B029D7F848D218A1660262] – C:UsbFix [Clean 4] G…G…-VAIO.txt
[29/04/2014 – 09:54:02 | N | 11 Ko | A81B83204C9A1226EB72D88F96C51B37] – C:UsbFix [Scan 1] G…G…-VAIO.txt
[29/04/2014 – 09:55:12 | N | 11 Ko | 0160685FEFDE75747BA1894F4952AD2B] – C:UsbFix [Scan 2] G…G…-VAIO.txt
[29/04/2014 – 10:15:26 | N | 11 Ko | 733592A70EEA11AD7C13A2B0FF33A478] – C:UsbFix [Scan 3] G…G…-VAIO.txt
[11/12/2009 – 13:52:29 | D] – C:Users
[30/09/2009 – 04:51:10 | N | 401 Ko] – C:vcredist_x86.log
[13/10/2012 – 12:13:00 | D] – C:Windows
[30/09/2009 – 05:02:43 | D] – C:_FS_SWRINFO
[11/12/2013 – 14:45:44 | SHD] – D:System Volume Information
[11/12/2013 – 14:47:38 | N | 190 Ko] – D:Plaquette versofranÁais.docx
[11/12/2013 – 14:48:50 | N | 145 Ko] – D:Plaquette rectomaroc.docx
[03/12/2013 – 22:20:06 | N | 382 Ko] – D:Carte_dbl_hor_CDI_2.pdf
[11/12/2013 – 15:59:26 | N | 56 Ko] – D:Plaquette rectomaroc.pdf
[11/12/2013 – 16:00:04 | N | 105 Ko] – D:Plaquette versofranÁais.pdf
[13/12/2013 – 19:00:56 | D] – D:COLAS 2
[17/12/2013 – 10:53:14 | D] – D:impot
[17/12/2013 – 17:30:28 | D] – D:Ancein contenu
[22/12/2013 – 18:07:50 | D] – D:COLAS
[21/03/2014 – 23:28:02 | N | 103 Ko] – D:arbre CDI.pdf
[21/03/2014 – 23:30:14 | N | 8 Ko] – D:oreille.pdf
[22/03/2014 – 00:16:28 | N | 376 Ko] – D:carte correspondance x 3.pdf
[17/03/2014 – 09:39:54 | N | 11145 Ko] – D:PrÈsentation investisseur courte.ppt
[27/03/2014 – 10:25:10 | N | 0 Ko] – D:~$PrÈsentation investisseur courte.ppt
[27/03/2014 – 10:29:48 | N | 0 Ko] – D:~$titre.pptx
[27/03/2014 – 10:29:50 | N | 673 Ko] – D:titre.pptx
[27/01/2014 – 20:46:54 | N | 80 Ko] – D:Diapositive1.JPG
[01/04/2014 – 21:41:20 | N | 116 Ko] – D:PrÈsentation1.pdf
[11/12/2009 – 15:18:37 | SHD] – G:$RECYCLE.BIN
[04/10/2012 – 17:34:03 | N | 0 Ko] – G:end
[29/04/2014 – 09:29:50 | D] – G:Mes Telechargements
[11/12/2009 – 15:46:40 | D] – G:Musique
[12/03/2012 – 23:04:59 | D] – G:Photos
[11/12/2009 – 16:24:16 | D] – G:Program Files
[11/12/2009 – 15:42:22 | SHD] – G:System Volume Information
[27/12/2009 – 13:15:00 | D] – G:Utilitaires

################## | Vaccin |

D:Autorun.inf -> Vaccin crÈÈ par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin crÈÈ par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:11hk8pzb]

et voila