Répondre à : Infection USB 2016-09-08T13:39:12+00:00
Photo du profil de khedoujakhedouja
Participant
Post count: 9

Voici le rapport d’analyse:

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: KHELFAOUI (Administrateur) # KHELFAOUI-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 22:52:20 | 06/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (3674)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 2998 Mo| Free : 1076 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 34.0.1847.131
WB: Mozilla Firefox : 28.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AV: avast! Antivirus [Enabled | Updated]
AV: AVG Anti-Virus Free [Enabled | Updated]
AS: AVG Anti-Virus Free [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: avast! Antivirus [Enabled | Updated]
AS: Microsoft Security Essentials [Enabled | Updated]
FW: avast! Antivirus [Enabled]
FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 196 Go (122 Go libre(s) – 62%) [] # NTFS
D: -> Disque fixe # 270 Go (24 Go libre(s) – 9%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 2 Go (2 Go libre(s) – 84%) [FAIZA DISK] # FAT
G: -> Disque fixe # 932 Go (527 Go libre(s) – 57%) [] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 524 |ParentID: 516)
C:Windowssystem32wininit.exe (ID: 576 |ParentID: 516)
C:Windowssystem32csrss.exe (ID: 584 |ParentID: 568)
C:Windowssystem32services.exe (ID: 632 |ParentID: 576)
C:Windowssystem32lsass.exe (ID: 648 |ParentID: 576)
C:Windowssystem32lsm.exe (ID: 656 |ParentID: 576)
C:Windowssystem32svchost.exe (ID: 772 |ParentID: 632)
C:Windowssystem32winlogon.exe (ID: 796 |ParentID: 568)
C:Windowssystem32svchost.exe (ID: 908 |ParentID: 632)
c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 972 |ParentID: 632)
C:WindowsSystem32svchost.exe (ID: 1072 |ParentID: 632)
C:WindowsSystem32svchost.exe (ID: 1116 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 1140 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 1284 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 1420 |ParentID: 632)
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1496 |ParentID: 632)
C:WindowsSystem32spoolsv.exe (ID: 1668 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 1820 |ParentID: 632)
C:Program FilesAlwil SoftwareAvast5afwServ.exe (ID: 1876 |ParentID: 632)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1368 |ParentID: 632)
C:Windowssystem32taskhost.exe (ID: 620 |ParentID: 632)
C:WindowsExplorer.EXE (ID: 440 |ParentID: 2040)
C:Program FilesRealtekAudioHDAAERTSrv.exe (ID: 2196 |ParentID: 632)
C:Program FilesAVGAVG9avgwdsvc.exe (ID: 2224 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 2324 |ParentID: 632)
C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe (ID: 2372 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 3096 |ParentID: 632)
C:WindowsSystem32rundll32.exe (ID: 3272 |ParentID: 772)
C:Program FilesAVGAVG9avgnsx.exe (ID: 3284 |ParentID: 2224)
C:Program FilesAVGAVG9avgrsx.exe (ID: 3652 |ParentID: 2224)
C:Program FilesAVGAVG9avgchsvx.exe (ID: 3660 |ParentID: 2224)
C:WindowsSystem32igfxtray.exe (ID: 3732 |ParentID: 440)
C:Program FilesAVGAVG9avgcsrvx.exe (ID: 3744 |ParentID: 3652)
C:WindowsSystem32hkcmd.exe (ID: 4064 |ParentID: 440)
C:WindowsSystem32igfxpers.exe (ID: 4088 |ParentID: 440)
C:Windowssystem32SearchIndexer.exe (ID: 3040 |ParentID: 632)
C:Program FilesRealtekAudioHDARtkNGUI.exe (ID: 3008 |ParentID: 440)
C:Program FilesInternet Exploreriexplore.exe (ID: 3632 |ParentID: 440)
C:Program FilesInternet Exploreriexplore.exe (ID: 1408 |ParentID: 3632)
C:Program FilesAVGAVG9avgtray.exe (ID: 1704 |ParentID: 440)
C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 260 |ParentID: 440)
C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 4044 |ParentID: 440)
C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe (ID: 2764 |ParentID: 1408)
C:Program FilesSalaat TimeSalaatTime.exe (ID: 4396 |ParentID: 440)
c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 4404 |ParentID: 632)
C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupLittle transparency.exe (ID: 4488 |ParentID: 440)
C:Program FilesMcAfee Security Scan3.8.141SSScheduler.exe (ID: 4640 |ParentID: 440)
C:Program FilesRocketDockRocketDock.exe (ID: 4656 |ParentID: 440)
C:Windowssystem32Dwm.exe (ID: 6124 |ParentID: 1116)
C:Windowssystem32wbemwmiprvse.exe (ID: 5928 |ParentID: 772)
C:Program FilesInternet Exploreriexplore.exe (ID: 2396 |ParentID: 3632)
C:WindowsSystem32WUDFHost.exe (ID: 3616 |ParentID: 1116)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5428 |ParentID: 5184)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4768 |ParentID: 5428)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1084 |ParentID: 5428)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5312 |ParentID: 5428)
C:Windowssystem32SearchProtocolHost.exe (ID: 2480 |ParentID: 3040)
C:Windowssystem32SearchFilterHost.exe (ID: 5828 |ParentID: 3040)
C:Windowssystem32wbemwmiprvse.exe (ID: 4912 |ParentID: 772)

################## | Recherche générique |

Supprimé! C:UsersKHELFAOUIAppDataRoamingLogs.dat

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareServer
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbpsvc.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsersafeguard.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotectedsearch.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssnapdo.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst32.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst64.exe
Supprimé! HKUS-1-5-21-2888526138-363167191-3065889109-1000Software….Mountpoints2{1b8f4422-77ad-11e3-ab53-2c768adaeb51}
Supprimé! HKUS-1-5-21-2888526138-363167191-3065889109-1000Software….Mountpoints2{895102b5-6b0b-11e2-9808-2c768adaeb51}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [SalaatTime] C:Program FilesSalaat TimeSalaatTime.exe
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI.exe -s
04 – HKLM..Run : [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKLM..RunOnce : []
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2888526138-363167191-3065889109-1000..Run : [SalaatTime] C:Program FilesSalaat TimeSalaatTime.exe
04 – HKUS-1-5-18..Run : [Welcome Center] C:Windowssystem32rundll32.exe C:Windowssystem32OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
04 – HKUS-1-5-18..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-18..Run : [SearchProtect] SearchProtectbincltmng.exe
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[19/09/2013 – 18:55:43 | D] – C:$AVG
[06/12/2012 – 18:25:24 | SHD] – C:$Recycle.Bin
[09/04/2014 – 00:33:10 | D] – C:c1e8c63fa7eb2379c01d27e16
[18/03/2014 – 12:24:20 | D] – C:3e717373688293e3a14196bd1eb0c4
[15/01/2014 – 19:14:15 | D] – C:8ea90d6365c4c3d4651e54394fbf34
[10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
[10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
[14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
[11/02/2014 – 22:06:55 | D] – C:e5578b75eae1369b7bb6ee1a77d6
[04/03/2013 – 11:44:25 | N | 0 Ko] – C:END
[06/05/2014 – 19:36:35 | ASH | 2302352 Ko] – C:hiberfil.sys
[28/05/2013 – 18:59:37 | D] – C:HSF
[06/12/2012 – 18:40:29 | D] – C:Intel
[06/12/2012 – 18:36:21 | RHD] – C:MSOCache
[06/05/2014 – 19:36:35 | ASH | 3069804 Ko] – C:pagefile.sys
[14/07/2009 – 03:37:05 | D] – C:PerfLogs
[06/05/2014 – 20:09:43 | D] – C:Program Files
[13/04/2014 – 19:23:29 | HD] – C:ProgramData
[06/12/2012 – 18:21:45 | SHD] – C:Recovery
[24/05/2013 – 01:08:06 | D] – C:SearchProtect
[06/05/2014 – 22:20:41 | SHD] – C:System Volume Information
[06/05/2014 – 22:50:03 | D] – C:UsbFix
[06/05/2014 – 22:54:20 | A | 10 Ko | 6AEAF29A3A11028597964C12E259CDC2] – C:UsbFix [Clean 2] KHELFAOUI-PC.txt
[06/12/2012 – 18:25:05 | D] – C:Users
[25/04/2014 – 00:29:39 | D] – C:Windows
[06/12/2012 – 22:40:56 | SHD] – D:$RECYCLE.BIN
[15/06/2013 – 18:46:33 | D] – D:architecture
[11/12/2013 – 22:20:44 | D] – D:divers
[04/05/2014 – 10:18:41 | D] – D:Divesité Culturelle
[04/05/2014 – 09:08:09 | D] – D:modules de medecine
[07/12/2012 – 09:55:49 | SHD] – D:System Volume Information
[04/05/2014 – 11:06:27 | D] – D:Vidéos
[01/05/2013 – 11:04:04 | N | 3271 Ko] – F:112-eleni_karaindrou-l_eternite_et_un_jour.[www.CienPorCien.Music.com].mp3
[10/10/2013 – 23:58:02 | N | 7481 Ko] – F:16. I Dreamed A Dream.mp3
[11/10/2013 – 17:38:34 | N | 4159 Ko] – F:AMDS_groupe_polyphene_mohal_omri_nansak_1995_83843.mp3
[26/04/2013 – 23:50:34 | N | 9453 Ko] – F:37. Of Monsters And Men – Little Talks.mp3
[04/05/2014 – 11:44:20 | N | 3284 Ko] – F:Buena Vista Social Club – El Carretero.mp3
[04/05/2014 – 11:34:12 | N | 4842 Ko] – F:Chris Malinchak – So Good To Me.mp3
[28/03/2014 – 01:43:38 | N | 3925 Ko] – F:Charlie Brown – Coldplay HQ (Lyrics).mp3
[04/05/2014 – 11:38:46 | N | 4287 Ko] – F:Tito Puente – Oye Como Va.mp3
[28/03/2014 – 01:33:40 | N | 3906 Ko] – F:Coldplay – Every Teardrop Is A Waterfall.mp3
[28/03/2014 – 01:36:42 | N | 3899 Ko] – F:Coldplay – How You See The World.mp3
[11/10/2013 – 17:27:52 | N | 8829 Ko] – F:Andre bocelli-_Because_We_Believe.mp3
[22/03/2014 – 01:24:12 | N | 4972 Ko] – F:El Dia de Mi Suerte Marc Anthony.mp3
[11/10/2013 – 17:27:58 | N | 2380 Ko] – F:Andrea boceliiJurame__feat_Mario_Reyes_(1).mp3
[11/10/2013 – 17:27:58 | N | 3956 Ko] – F:Andrea Bocelli – Con Te Partiro.mp3
[22/03/2014 – 00:55:18 | N | 9779 Ko] – F:Hector Lavoe EL CANTANTE.mp3
[24/04/2014 – 21:51:02 | N | 3791 Ko] – F:Shakira – Empire.mp3
[27/02/2014 Р14:51:38 | N | 3384 Ko] РF:Indila РDerni̬re Danse.mp3
[27/02/2014 – 14:47:24 | N | 3541 Ko] – F:Indila – Tourner Dans Le Vide.mp3
[17/02/2014 – 22:31:00 | N | 9544 Ko] – F:????? ???? ?????? ?? ?? ????? ??? ?????? ???? ???? ?????.mp3
[13/04/2014 – 14:18:02 | N | 5517 Ko] – F:TITO PUENTE-Oye Como Va.mp3
[09/03/2014 – 23:14:50 | N | 5868 Ko] – F:le NOUVEAU 2013 de cheba fouzia ngoulkom cha gali (1).mp3
[28/03/2014 – 01:02:00 | N | 4185 Ko] – F:Let’s Go Sailing "Sideways" music video.mp3
[09/02/2014 – 21:50:16 | N | 3453 Ko] – F:Lyrics_ John Newman – Love Me Again.mp3
[28/12/2013 – 22:50:06 | N | 3976 Ko] – F:Passenger – Let Her Go [Official Video].mp3
[28/04/2014 – 20:38:32 | N | 3903 Ko] – F:Nancy Ajram – Rahent Aleik 2014 _ ????? ???? – ????? ????.mp3
[29/04/2014 – 07:24:00 | N | 2816 Ko] – F:Nancy Ajram Ft Cheb Khaled – Shagga3 Helmak -??? ???? [Officielle Sound].mp3
[28/04/2014 – 22:03:50 | N | 3648 Ko] – F:Magic System Ft. Chawki_ Magic In The Air_ [With RedOne].mp3
[13/04/2014 – 14:18:24 | N | 2766 Ko] – F:Louis Prima.- Buona Sera.mp3
[20/01/2014 – 18:55:50 | N | 3630 Ko] – F:Pharrell Williams – Happy ( Traduction FR ).mp3
[22/03/2014 – 01:22:38 | N | 4782 Ko] – F:Que Lio – Marc Anthony.mp3
[24/04/2014 – 21:12:44 | N | 3896 Ko] – F:Carrie Underwood – See You Again.mp3
[02/05/2014 – 19:14:52 | N | 4343 Ko] – F:Johnny Depp – If You Want it to be Good Girl.mp3
[02/05/2014 – 19:57:58 | N | 12601 Ko] – F:Mozart_ Sinfonia concertante, K 364 – 1. Allegro maestoso @ Zagreb Int. Chamber Music Festival.mp3
[02/05/2014 – 19:05:40 | N | 2398 Ko] – F:blow theme – tu cabeza en mi hombro.mp3
[02/05/2014 – 18:50:58 | N | 2243 Ko] – F:Fame – Black & Gold full dance.mp3
[27/03/2014 – 23:32:54 | N | 4038 Ko] – F:Stars – Your Ex Lover Is Dead lyrics (1).mp3
[02/05/2014 – 19:12:22 | N | 5074 Ko] – F:Nikka Costa – Push & Pull.mp3
[05/03/2014 – 06:57:16 | N | 3861 Ko] – F:The Boxer Rebellion – Diamonds.mp3
[27/03/2014 – 23:41:00 | N | 3921 Ko] – F:The Helio Sequence – Lately.mp3
[11/04/2014 – 00:06:08 | N | 3642 Ko] – F:Djmawi Africa – Avancez l’arrière [ Nouvel Album ].mp3
[11/10/2013 – 18:22:42 | N | 8467 Ko] – F:Touati Toufik – Tlata zahoua oua mraha.mp3
[02/05/2014 – 14:14:36 | N | 3120 Ko] – F:Asher Monroe Book – Someone To Watch Over Me (Official Video).mp3
[02/05/2014 – 19:48:34 | N | 3282 Ko] – F:Bashy ft Loick Essien – When The Sky Falls.mp3
[13/11/2013 – 05:31:32 | N | 5148 Ko] – F:Tracy Chapman – The Promise.mp3
[02/05/2014 – 14:22:22 | N | 3344 Ko] – F:naturi naughton and collins pennie – fame lyrics!!.mp3
[28/12/2013 – 22:36:28 | N | 3640 Ko] – F:ya ourida MALYA SAADI.mp3
[02/05/2014 – 19:05:04 | N | 3704 Ko] – F:blow soundtrack – keep it comin love.mp3
[02/05/2014 – 19:11:50 | N | 3322 Ko] – F:Blow soundtrack – Willie Rosario – Let’s Boogaloo.mp3
[28/03/2014 – 01:44:04 | N | 4530 Ko] – F:?Coldplay? – Speed of Sound.mp3
[02/05/2014 – 18:37:50 | N | 3265 Ko] – F:FAME Theme Song Naturi Naughton & Collins Pennie.mp3
[17/02/2014 – 22:17:32 | N | 10441 Ko] – F:_ _ _____ _______ ___ ______ ____ _ _.mp3
[14/02/2014 – 22:14:20 | N | 4130 Ko] – F:_____ _____ ____ ____ ______ ________.mp3
[02/05/2014 – 14:26:10 | N | 5271 Ko] – F:Hold Your Dream Fame Soundtrack.mp3
[13/03/2014 – 21:54:38 | N | 3279 Ko] – F:4 – Freeklane – El Madani.mp3
[13/03/2014 – 21:55:38 | N | 1385 Ko] – F:9 – Freeklane – Intro Bent Sultan.mp3
[02/05/2014 – 14:12:36 | N | 3972 Ko] – F:Ordinary People Fame Soundtrack.mp3
[13/03/2014 – 21:56:02 | N | 5806 Ko] – F:10 – Freeklane – Bent Sultan.mp3
[20/10/2013 – 07:22:06 | N | 11222 Ko] – F:11 Exogenesis_ Symphony, Pt. 3_ Rede.mp3
[02/05/2014 – 19:30:34 | N | 5882 Ko] – F:Schubert – Ave Maria (Opera).mp3
[02/05/2014 – 14:04:48 | N | 3241 Ko] – F:Try Fame Soundtrack.mp3
[04/05/2014 – 11:09:14 | N | 3624 Ko] – F:I Wanna Get Next To You – Rose Royce.mp3
[04/05/2014 – 11:29:14 | N | 4270 Ko] – F:Stereophonics – Maybe Tomorrow lyrics.mp3
[04/05/2014 – 11:35:52 | N | 2826 Ko] – F:Tito Puente – Ran Kan Kan (The Mambo Kings).mp3
[04/05/2014 – 11:40:14 | N | 3687 Ko] – F:Buena Vista Social Club – Chan Chan.mp3
[04/05/2014 – 11:46:10 | N | 4029 Ko] – F:Buena Vista Social Club-Chan Chan.mp3
[04/05/2014 – 11:47:04 | N | 4784 Ko] – F:Buena Vista Social Club – De Camino a La Vereda.mp3
[16/06/2013 – 19:16:33 | SHD] – G:$RECYCLE.BIN
[21/06/2013 – 18:14:16 | D] – G:FAIZA
[11/06/2013 – 11:05:50 | D] – G:MAMA
[11/06/2013 – 11:52:09 | D] – G:NOUR
[12/06/2013 – 14:21:31 | D] – G:PAPA
[20/06/2013 – 21:55:36 | D] – G:Recettes de cuisine
[12/06/2013 – 13:02:11 | SHD] – G:RECYCLER
[12/06/2013 – 08:58:50 | SHD] – G:System Volume Information
[11/06/2013 – 11:54:16 | D] – G:YASMINE

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |