Répondre à : Infection clé usb 2016-09-08T13:38:57+00:00
Photo du profil de marv95marv95
Participant
Nombre d'articles : 9

Voici le rapport :

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Marvin (Administrateur) # MARVIN-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 16:13:30 | 06/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Intel Corporation (DG31PR)
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
RAM -> [Total : 3325 Mo| Free : 1448 Mo]
Bios: Intel Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 22.0

SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
AV: AVG Internet Security 2012 [Enabled | Updated]
AS: AVG Internet Security 2012 [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: AVG Firewall [Enabled]
FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 466 Go (343 Go libre(s) – 74%) [] # NTFS
D: -> CD-ROM
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 4 Go (996 Mo libre(s) – 26%) [MARVIN] # NTFS
H: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [NEGRILLON] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 408 |ParentID: 384)
C:Windowssystem32csrss.exe (ID: 468 |ParentID: 460)
C:Windowssystem32wininit.exe (ID: 476 |ParentID: 384)
C:Windowssystem32winlogon.exe (ID: 524 |ParentID: 460)
C:Windowssystem32services.exe (ID: 572 |ParentID: 476)
C:Windowssystem32lsass.exe (ID: 580 |ParentID: 476)
C:Windowssystem32lsm.exe (ID: 588 |ParentID: 476)
C:Windowssystem32svchost.exe (ID: 704 |ParentID: 572)
C:Windowssystem32nvvsvc.exe (ID: 776 |ParentID: 572)
C:Windowssystem32svchost.exe (ID: 816 |ParentID: 572)
C:WindowsSystem32svchost.exe (ID: 912 |ParentID: 572)
C:WindowsSystem32svchost.exe (ID: 944 |ParentID: 572)
C:Windowssystem32svchost.exe (ID: 976 |ParentID: 572)
C:Windowssystem32svchost.exe (ID: 1108 |ParentID: 572)
C:Windowssystem32svchost.exe (ID: 1244 |ParentID: 572)
C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1408 |ParentID: 776)
C:Windowssystem32nvvsvc.exe (ID: 1416 |ParentID: 776)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1456 |ParentID: 572)
C:Windowssystem32Dwm.exe (ID: 1788 |ParentID: 944)
C:WindowsSystem32spoolsv.exe (ID: 1816 |ParentID: 572)
C:WindowsExplorer.EXE (ID: 1824 |ParentID: 1780)
C:Windowssystem32taskhost.exe (ID: 1884 |ParentID: 572)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 2024 |ParentID: 572)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 260 |ParentID: 572)
C:Windowssystem32taskeng.exe (ID: 428 |ParentID: 976)
C:Program FilesBonjourmDNSResponder.exe (ID: 1044 |ParentID: 572)
C:WindowsSystem32svchost.exe (ID: 1184 |ParentID: 572)
C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50ST7.EXE (ID: 1348 |ParentID: 572)
C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RP7.EXE (ID: 1208 |ParentID: 572)
C:Program FilesGarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe (ID: 1604 |ParentID: 572)
C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 2240 |ParentID: 1408)
C:Program Filesma-config.comMaConfigAgent.exe (ID: 2316 |ParentID: 572)
C:Windowssystem32svchost.exe (ID: 2508 |ParentID: 572)
C:Program FilesTeamViewerVersion9TeamViewer_Service.exe (ID: 2604 |ParentID: 572)
c:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2648 |ParentID: 572)
c:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2960 |ParentID: 2648)
C:Windowssystem32WUDFHost.exe (ID: 3076 |ParentID: 944)
C:Windowssystem32taskeng.exe (ID: 3240 |ParentID: 976)
C:Program FilesLogitechLWSWebcam SoftwareLWS.exe (ID: 3456 |ParentID: 1824)
C:Program FilesNeroNero 10Nero BackItUpNBAgent.exe (ID: 3492 |ParentID: 1824)
C:Program FilesPhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe (ID: 3652 |ParentID: 1824)
C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3756 |ParentID: 1824)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3852 |ParentID: 1824)
C:Program FilesiTunesiTunesHelper.exe (ID: 3900 |ParentID: 1824)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3980 |ParentID: 1824)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4020 |ParentID: 572)
C:Program FilesWindows Sidebarsidebar.exe (ID: 4064 |ParentID: 1824)
C:Program FilesWindows LiveMessengermsnmsgr.exe (ID: 4092 |ParentID: 1824)
C:Program FilesNokiaNokia SuiteNokiaSuite.exe (ID: 1220 |ParentID: 1824)
C:Program FilesiPodbiniPodService.exe (ID: 2284 |ParentID: 572)
C:Program FilesGarminExpress TrayExpressTray.exe (ID: 376 |ParentID: 1824)
C:UsersMarvinAppDataRoamingcacaowebcacaoweb.exe (ID: 2168 |ParentID: 1824)
C:WindowsSystem32wscript.exe (ID: 2852 |ParentID: 1824)
C:Windowssystem32svchost.exe (ID: 2868 |ParentID: 572)
C:Program FilesMozilla Firefoxfirefox.exe (ID: 3580 |ParentID: 1824)
C:Windowssystem32wbemwmiprvse.exe (ID: 3892 |ParentID: 704)
C:Program FilesPC Connectivity SolutionServiceLayer.exe (ID: 3188 |ParentID: 572)
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe (ID: 3196 |ParentID: 3188)
C:Program FilesNeroUpdateNASvc.exe (ID: 3804 |ParentID: 572)
C:Windowssystem32sppsvc.exe (ID: 2812 |ParentID: 572)
C:Windowssystem32wbemwmiprvse.exe (ID: 4312 |ParentID: 704)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 4772 |ParentID: 3580)
C:Program FilesPC Connectivity SolutionTransportsNclMSBTSrvEx.exe (ID: 4880 |ParentID: 3188)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 4900 |ParentID: 4772)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 4940 |ParentID: 4900)
C:WindowsSystem32svchost.exe (ID: 6068 |ParentID: 572)

################## | Recherche générique |

Supprimé! C:UsersMarvinAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Supprimé! G:SergeLeLama.vbs
Supprimé! H:SergeLeLama.vbs
Supprimé! C:UsersMarvinAppDataLocalTempSergeLeLama.vbs
Supprimé! G:ATI.lnk
Supprimé! G:Logiciel.lnk
Supprimé! G:RadioCar Unlock 2012 deblokgsm.com.lnk
Supprimé! G:son.lnk
Supprimé! G:System Volume Information.lnk
Supprimé! H:facture_17492824.lnk
Supprimé! C:UsersMarvinAppDataRoamingdclogs2012-08-03-6.dc
Supprimé! C:UsersMarvinAppDataRoamingdclogs

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareDC3_FEXEC
Supprimé! HKUS-1-5-21-2956370262-3700548036-2250991033-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
Supprimé! HKUS-1-5-21-2956370262-3700548036-2250991033-1001Software….Mountpoints2{a520a62a-091c-11e1-bbc1-001cc087dfbf}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKCU..Run : [msnmsgr] “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKCU..Run : [] C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
04 – HKCU..Run : [sbitunesagent] C:Program FilesPhilipsPhilips Songbirdsongbirditunesagent.exe
04 – HKCU..Run : [Google Update] “C:UsersMarvinAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKCU..Run : [GarminExpressTrayApp] “C:Program FilesGarminExpress TrayExpressTray.exe”
04 – HKCU..Run : [cacaoweb] “C:UsersMarvinAppDataRoamingcacaowebcacaoweb.exe” -noplayer
04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [LWS] C:Program FilesLogitechLWSWebcam SoftwareLWS.exe -hide
04 – HKLM..Run : [NBAgent] “C:Program FilesNeroNero 10Nero BackItUpNBAgent.exe” /WinStart
04 – HKLM..Run : [AdobeAAMUpdater-1.0] “C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe”
04 – HKLM..Run : [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLM..Run : [AdobeCS6ServiceManager] “C:Program FilesCommon FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
04 – HKLM..Run : [Philips Device Listener] “C:Program FilesPhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [QuickTime Task] “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..RunOnce : []
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [msnmsgr] “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [] C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [sbitunesagent] C:Program FilesPhilipsPhilips Songbirdsongbirditunesagent.exe
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [Google Update] “C:UsersMarvinAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [GarminExpressTrayApp] “C:Program FilesGarminExpress TrayExpressTray.exe”
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [cacaoweb] “C:UsersMarvinAppDataRoamingcacaowebcacaoweb.exe” -noplayer
04 – HKUS-1-5-21-2956370262-3700548036-2250991033-1001..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[06/11/2011 – 21:58:54 | SHD] – C:$Recycle.Bin
[29/07/2012 – 13:17:22 | N | 0 Ko] – C:1BCC0465DE1F
[01/06/2012 – 08:30:50 | D] – C:47ce3468107d5c407f8e48f3ce72925c
[20/08/2013 – 16:10:55 | D] – C:74e94fb3d3babac78ce8827997
[10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
[06/05/2014 – 14:51:57 | D] – C:Config.Msi
[10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
[14/07/2009 – 06:53:55 | SHD] – C:Documents and Settings
[27/06/2013 – 14:50:20 | N | 0 Ko] – C:END
[06/05/2014 – 16:07:23 | ASH | 2553528 Ko] – C:hiberfil.sys
[06/11/2011 – 22:00:35 | D] – C:Intel
[09/11/2011 – 01:41:09 | RHD] – C:MSOCache
[03/08/2012 – 00:23:27 | D] – C:NVIDIA
[06/05/2014 – 16:07:27 | ASH | 3404704 Ko] – C:pagefile.sys
[14/07/2009 – 04:37:05 | D] – C:PerfLogs
[25/04/2014 – 10:44:39 | D] – C:Program Files
[06/05/2014 – 14:57:06 | HD] – C:ProgramData
[06/11/2011 – 21:58:32 | SHD] – C:Recovery
[06/05/2014 – 14:54:20 | SHD] – C:System Volume Information
[06/05/2014 – 16:13:18 | D] – C:UsbFix
[06/05/2014 – 16:05:47 | N | 6 Ko | 040C0357DDB3563596D9768F5A2DF896] – C:UsbFix [Clean 2] MARVIN-PC.txt
[06/05/2014 – 16:19:42 | A | 12 Ko | B01BC08753A124977B6778C98D25A11E] – C:UsbFix [Clean 4] MARVIN-PC.txt
[06/05/2014 – 15:37:44 | N | 11 Ko | AF28C42E4D03198C11FBB425B869B98B] – C:UsbFix [Scan 1] MARVIN-PC.txt
[03/08/2012 – 00:26:18 | D] – C:Users
[06/05/2014 – 14:59:07 | D] – C:Windows
[16/12/2013 – 10:32:59 | D] – G:ATI
[13/10/2013 – 13:14:16 | D] – G:Logiciel
[27/09/2013 – 14:46:05 | D] – G:RadioCar Unlock 2012 deblokgsm.com
[16/08/2013 – 22:23:08 | D] – G:son
[13/10/2013 – 13:30:26 | SHD] – G:System Volume Information
[06/05/2014 – 14:36:00 | N | 24 Ko] – H:facture_17492824.pdf

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |