Répondre à : Clé USB infectée et documents transformés en raccourcis – ordinateur peut-être infecté 2016-09-08T13:41:35+00:00

SOSVirus : Dépannage PC Gratuit Support Aide à la désinfection – Forum Virus Sécurité Clé USB infectée et documents transformés en raccourcis – ordinateur peut-être infecté Répondre à : Clé USB infectée et documents transformés en raccourcis – ordinateur peut-être infecté

mibenall
Participant
Nombre d'articles : 6

Bonjour BillMaxime 🙂 🙂

Merci pour le temps que tu prends pour analyser mon cas.
Voilà, j’ai suivi tes instructions 🙂
[spoiler:smdx8ztc]############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: Miryam (Administrateur) # MIRYAM-PC
Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
Lancé à 19:29:35 | 19/05/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Acer (Aspire 5253)
CPU: AMD E-350 Processor
RAM -> [Total : 3819 Mo| Free : 1822 Mo]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107
WB: Google Chrome : 34.0.1847.137
WB: Mozilla Firefox : 29.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.50

C: (%SystemDrive%) -> Disque fixe # 684 Go (596 Go libre(s) – 87%) [Acer] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 29 Go (28 Go libre(s) – 97%) [FLASH DRIVE] # FAT32

################## | Processus Stoppés |

C:WindowsSystem32atiesrxx.exe (ID: 816|ParentID: 516)
C:WindowsSystem32atieclxx.exe (ID: 1148|ParentID: 816)
C:WindowsSystem32spoolsv.exe (ID: 1336|ParentID: 516)
C:WindowsSystem32CxAudMsg64.exe (ID: 1612|ParentID: 516|Système)
C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 1652|ParentID: 516|Système)
C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID: 1696|ParentID: 516|Système)
C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 1712|ParentID: 1652|Système)
C:Program Files (x86)AcerRegistrationGREGsvc.exe (ID: 1740|ParentID: 516|Système)
C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 1768|ParentID: 516|Système)
C:Program Files (x86)Common Filesmicrosoft sharedVS7DEBUGMDM.EXE (ID: 1812|ParentID: 516|Système)
C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID: 1844|ParentID: 516|Système)
C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe (ID: 1888|ParentID: 516|Système)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 1484|ParentID: 516|Système)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2092|ParentID: 516|Système)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2136|ParentID: 516|Système)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE (ID: 2236|ParentID: 2092|Système)
C:WindowsSystem32taskhost.exe (ID: 2628|ParentID: 516|Miryam)
C:Windowsexplorer.exe (ID: 2752|ParentID: 2692|Miryam)
C:WindowsSystem32taskeng.exe (ID: 2788|ParentID: 112|Miryam)
C:Program FilesElantechETDCtrl.exe (ID: 2352|ParentID: 2752|Miryam)
C:Program FilesTortoiseHgTortoiseHgOverlayServer.exe (ID: 2604|ParentID: 2752|Miryam)
C:Program FilesWindows Sidebarsidebar.exe (ID: 2704|ParentID: 2752|Miryam)
C:Program FilesHPHP Deskjet 3520 seriesBinScanToPCActivationApp.exe (ID: 2968|ParentID: 2752|Miryam)
C:Program Files (x86)SkypePhoneSkype.exe (ID: 2932|ParentID: 2752|Miryam)
C:WindowsSystem32wscript.exe (ID: 2076|ParentID: 2752|Miryam)
C:Program FilesMcAfee Security Scan3.8.141SSScheduler.exe (ID: 2976|ParentID: 2752|Miryam)
C:WindowsSystem32rundll32.exe (ID: 1208|ParentID: 2752|Miryam)
C:UsersMiryamAppDataRoamingDropboxbinDropbox.exe (ID: 3088|ParentID: 2752|Miryam)
C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe (ID: 3112|ParentID: 2936|Miryam)
C:Program Files (x86)EgisTec IPSPmmUpdate.exe (ID: 3124|ParentID: 2936|Miryam)
C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE (ID: 3324|ParentID: 516|Système)
C:Program FilesHPHP Deskjet 3520 seriesBinHPNetworkCommunicatorCom.exe (ID: 3492|ParentID: 692|Miryam)
C:WindowsSystem32SearchIndexer.exe (ID: 3644|ParentID: 516|Système)
C:Program Files (x86)Acerclear.fiMVPclear.fiAgent.exe (ID: 372|ParentID: 2788|Miryam)
C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe (ID: 1220|ParentID: 2936|Miryam)
C:Program Files (x86)Launch ManagerLManager.exe (ID: 868|ParentID: 2936|Miryam)
C:Program Files (x86)EgisTec IPSEgisUpdate.exe (ID: 3336|ParentID: 3144|Miryam)
C:Program Files (x86)Acerclear.fiMovieclear.fiMovieService.exe (ID: 2896|ParentID: 2936|Miryam)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 2840|ParentID: 2936|Miryam)
C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID: 3260|ParentID: 868|Miryam)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3956|ParentID: 516|SERVICE RÉSEAU)
C:Program Files (x86)Acerclear.fiMVPKernelDMRDMREngine.exe (ID: 356|ParentID: 2788|Miryam)
C:Program FilesElantechETDCtrlHelper.exe (ID: 1688|ParentID: 2352|Miryam)
C:Program Files (x86)Launch ManagerLMworker.exe (ID: 3912|ParentID: 1652|Miryam)
C:Program FilesHPHP Deskjet 3520 seriesBinHPNetworkCommunicator.exe (ID: 4472|ParentID: 2968|Miryam)
C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID: 4656|ParentID: 2936|Miryam)
C:WindowsSystem32wbemunsecapp.exe (ID: 3964|ParentID: 692|Miryam)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2872|ParentID: 2752|Miryam)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4188|ParentID: 2872|Miryam)
C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 2288|ParentID: 516|Système)
C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe (ID: 5016|ParentID: 536|Miryam)
C:Program Files (x86)MicrosoftBingBar7.3.132.0SeaPort.EXE (ID: 4712|ParentID: 516|Système)
C:WindowsSystem32taskeng.exe (ID: 5396|ParentID: 112|Miryam)
C:WindowsSystem32WUDFHost.exe (ID: 5608|ParentID: 940|SERVICE LOCAL)
C:WindowsSystem32SearchProtocolHost.exe (ID: 4336|ParentID: 3644|Système)

################## | Autorun |

E:explorer.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:n2de.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Thumbs .lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Rapport iodométrie.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Laboratoire iodométrie fin.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Copie de frigo.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Thumbs.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Hygrométrie.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:REACTEURS – leçon3 -effets thermiques.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Curriculum vitae.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Chimie inorganique y compris les aspects analytiques.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Doc2.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Ilias.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:génie des procédés.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:System Volume Information.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:Cours Ba3.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:.Trashes.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)
E:.Spotlight-V100.lnk -> E:iTunesHelper.vbe – (SHA1: CC2EAD8DA038BAD10FC3D4ECDBA8002B2D52BF07)

################## | Recherche générique |

Supprimé! C:UsersMiryamAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersMiryamAppDataLocalTempiTunesHelper.vbe
Supprimé! E:iTunesHelper.vbe
Supprimé! E:explorer.exe
Supprimé! E:System Volume Information.lnk
Supprimé! E:Laboratoire iodométrie fin.lnk
Supprimé! E:.lnk
Supprimé! E:Rapport iodométrie.lnk
Supprimé! E:explorer.lnk
Supprimé! E:Thumbs.lnk
Supprimé! E:Thumbs .lnk
Supprimé! E:n2de.lnk
Supprimé! E:Copie de frigo.lnk
Supprimé! E:Hygrométrie.lnk
Supprimé! E:Curriculum vitae.lnk
Supprimé! E:REACTEURS – leçon3 -effets thermiques.lnk
Supprimé! E:Doc2.lnk
Supprimé! E:Ilias.lnk
Supprimé! E:Chimie inorganique y compris les aspects analytiques.lnk
Supprimé! E:génie des procédés.lnk
Supprimé! E:.Trashes.lnk
Supprimé! E:.Spotlight-V100.lnk
Supprimé! E:Cours Ba3.lnk
Supprimé! C:UsersPublicsdelevURL.tmp
Supprimé! E:n2de.cmd
Supprimé! E:Thumbs .db
Supprimé! E:Thumbs.com

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3631987431-141533729-2769264094-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKCU..Run : [HP Deskjet 3520 series (NET)] “C:Program FilesHPHP Deskjet 3520 seriesBinScanToPCActivationApp.exe” -deviceID “CN358134SG05SY:NW” -scfn “HP Deskjet 3520 series (NET)” -AutoStart 1
04 – HKCU..Run : [Skype] “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKLM..Run : [SuiteTray] “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLM..Run : [EgisTecPMMUpdate] “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
04 – HKLM..Run : [EgisUpdate] “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
04 – HKLM..Run : [Norton Online Backup] C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [BackupManagerTray] “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLM..Run : [LManager] C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [ArcadeMovieService] “C:Program Files (x86)Acerclear.fiMovieclear.fiMovieService.exe”
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLM..Run : [Malwarebytes' Anti-Malware] “C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe” /starttray
04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
04 – [x64] HKLM..Run : [Power Management] C:Program FilesAcerAcer ePower ManagementePowerTray.exe
04 – [x64] HKLM..Run : [TortoiseHgOverlayIconServer] C:Program FilesTortoiseHgTortoiseHgOverlayServer.exe
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3631987431-141533729-2769264094-1000..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-3631987431-141533729-2769264094-1000..Run : [HP Deskjet 3520 series (NET)] “C:Program FilesHPHP Deskjet 3520 seriesBinScanToPCActivationApp.exe” -deviceID “CN358134SG05SY:NW” -scfn “HP Deskjet 3520 series (NET)” -AutoStart 1
04 – HKUS-1-5-21-3631987431-141533729-2769264094-1000..Run : [Skype] “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-19..RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-18..RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

################## | C: %SystemDrive% – Disque Fixe (NTFS) |

[09/12/2013 – 13:19:14 | N | 1 Ko] – C:log.txt
[19/05/2014 – 17:12:34 | ASH | 2932916 Ko] – C:hiberfil.sys
[19/05/2014 – 17:12:34 | ASH | 3910556 Ko] – C:pagefile.sys
[22/11/2012 – 19:52:40 | N | 855 Ko] – C:odepkg-0.8.2.tar.gz
[14/03/2013 – 18:06:05 | SHD] – C:$Recycle.Bin
[17/05/2011 – 10:47:16 | RASH | 8 Ko] – C:BOOTSECT.BAK
[11/11/2012 – 17:21:19 | D] – C:Octave3.6.2MinGW
[09/01/2013 – 17:04:21 | D] – C:Octave-3.6.2
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[23/09/2011 – 20:48:51 | SHD] – C:Recovery
[23/09/2011 – 20:50:13 | D] – C:Users
[23/09/2011 – 21:15:11 | D] – C:book
[23/09/2011 – 21:15:16 | D] – C:OEM
[05/11/2011 – 16:48:58 | RHD] – C:MSOCache
[12/02/2012 – 15:37:44 | D] – C:Python27
[02/09/2012 – 12:59:12 | D] – C:Firefox
[27/10/2012 – 10:49:40 | D] – C:Rummy Royal
[09/12/2012 – 12:34:16 | D] – C:__MACOSX
[10/01/2013 – 09:09:04 | D] – C:TpsAnaNum
[23/03/2013 – 13:47:18 | D] – C:features
[23/03/2013 – 13:47:18 | D] – C:plugins
[19/04/2013 – 18:58:46 | D] – C:MesRepertoiresOctaves
[01/01/2014 – 20:28:47 | D] – C:AntiVirus
[04/01/2014 – 11:53:21 | D] – C:TEST-ULB
[22/01/2014 – 01:54:42 | D] – C:eclipse
[27/02/2014 – 11:57:22 | D] – C:Windows
[17/05/2014 – 15:03:47 | SHD] – C:System Volume Information
[19/05/2014 – 17:10:18 | HD] – C:ProgramData
[19/05/2014 – 17:10:20 | D] – C:Program Files
[19/05/2014 – 17:10:59 | D] – C:AdwCleaner
[19/05/2014 – 17:22:52 | D] – C:Program Files (x86)
[19/05/2014 – 19:29:13 | D] – C:UsbFix

################## | E: – Disque USB (FAT32) |

[27/03/2014 – 23:08:46 | N | 25 Ko] – E:Hygrométrie.xlsx
[14/03/2013 – 01:30:52 | N | 3 Ko] – E:Copie de frigo.xls
[14/03/2014 – 08:08:22 | SHD] – E:.Trashes
[14/03/2014 – 08:08:22 | SH | 4 Ko] – E:._.Trashes
[14/03/2014 – 08:08:22 | SHD] – E:.Spotlight-V100
[02/12/2010 – 13:48:04 | N | 365 Ko] – E:REACTEURS – leçon3 -effets thermiques.pdf
[21/03/2014 – 09:18:44 | N | 7238 Ko] – E:Rapport iodométrie.pdf
[21/03/2014 – 09:20:02 | N | 4 Ko] – E:._Rapport iodométrie.pdf
[13/03/2014 – 15:20:14 | N | 41 Ko] – E:Laboratoire iodométrie fin.docx
[27/04/2014 – 18:18:22 | N | 1753 Ko] – E:génie des procédés.docx
[30/04/2014 – 11:49:02 | N | 10361 Ko] – E:Chimie inorganique y compris les aspects analytiques.docx
[14/05/2014 – 14:10:04 | N | 70 Ko] – E:Doc2.docx
[18/05/2014 – 14:03:44 | N | 47 Ko] – E:Ilias.docx
[04/03/2014 – 17:21:12 | N | 34 Ko] – E:Curriculum vitae.pdf.doc
[05/04/2014 – 20:40:18 | D] – E:Cours Ba3
[08/05/2014 – 15:32:02 | SHD] – E:System Volume Information

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:smdx8ztc]

Dans l’attente d’une de tes réponses,
merci encore