L'utilité du rapport usbfix

rachida Messages postés 6 Statut Membre -  
rachida Messages postés 6 Statut Membre -
Bonjour,

j'ai utilisé UsbFix et j'ai eu le rapport suivant :
############################## | UsbFix V 7.097 | [Research]
Updated 02/09/2012 by El Desaparecido
Started at 14:00:10 | 03/09/2012

Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Hewlett-Packard (HP xw4400 Workstation) (x64-based PC
CPU: Intel(R) Pentium(R) D CPU 3.40GHz (3400)
CPU: Intel(R) Pentium(R) D CPU 3.40GHz (3400)
RAM -> [Total : 2047 | Free : 780]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft(R) Windows(R) XP Professionnel Edition x64 (5.2.3790 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 7.0.5730.13

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 141 Gb (65 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 8 Gb (4 Mb free - 51%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [IMENE] # FAT32

################## | Active Processes |

C:\WINDOWS\system32\winlogon.exe (964)
C:\WINDOWS\system32\services.exe (192)
C:\WINDOWS\system32\lsass.exe (216)
C:\WINDOWS\system32\svchost.exe (568)
C:\WINDOWS\System32\svchost.exe (784)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1136)
C:\WINDOWS\system32\spoolsv.exe (1648)
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (2032)
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (792)
C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.1.419.7\bProtect.exe (816)
C:\WINDOWS\System32\svchost.exe (420)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaantmon.exe (1212)
C:\WINDOWS\system32\nvsvc64.exe (1260)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (1912)
C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sgvpn.exe (152)
C:\PROGRA~2\Bandoo\Bandoo.exe (2080)
C:\WINDOWS\system32\wscntfy.exe (2312)
C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.1.419.7\bProtect.exe (2316)
C:\WINDOWS\Explorer.EXE (2936)
C:\WINDOWS\system32\wuauclt.exe (2192)
C:\WINDOWS\RTHDCPL.EXE (2064)
C:\Program Files\Messenger\msmsgs.exe (2856)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (2976)
C:\WINDOWS\system32\ctfmon.exe (1528)
C:\Program Files (x86)\uTorrent\uTorrent.exe (1352)
C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (1832)
C:\WINDOWS\SysWOW64\ctfmon.exe (368)
C:\Program Files (x86)\WinZip\WZQKPICK.EXE (2152)
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (1700)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe (2944)
C:\Program Files (x86)\PDF Complete\pdfsty.exe (1220)
C:\WINDOWS\SMINST\Scheduler.exe (2288)
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (2232)
C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sggui.exe (3136)
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (3192)
C:\Program Files\Alwil Software\Avast5\avastUI.exe (3200)
C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sgcrypto.exe (3792)
C:\Program Files (x86)\EasyPHP-5.3.3.1\EasyPHP-5.3.3.1.exe (2464)
C:\PROGRA~2\EASYPH~1.1\Apache\bin\apache.exe (3076)
C:\Program Files (x86)\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (3152)
C:\PROGRA~2\EASYPH~1.1\MySql\bin\mysqld.exe (3256)
C:\PROGRA~2\EASYPH~1.1\Apache\bin\apache.exe (3296)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp (3704)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp (1536)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (896)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3700)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2752)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3312)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3824)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1840)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1420)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4708)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4876)
C:\UsbFix\Go.exe (4980)

################## | Files # Infected Folders |

Found ! C:\Program Files (x86)\System

################## | Registry |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{174013e1-a062-11df-be54-001a4bc114cd}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LueMuU.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d43360e1-4b96-11df-846a-806e6f6e6963}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F |

Ma question est : que dois-je faire après ????
merci.

4 réponses

  1. g3n-h@ckm@n
     
    salut ben tu relances , tu cliques sur supression et tu fournis le rapport
    1
  2. rachida Messages postés 6 Statut Membre
     
    Bonjour;
    pardon mais j'ai pas bien compris ??? je clique ou ????
    0
  3. ¡El Desaparecido! Messages postés 1519 Date d'inscription   Statut Membre Dernière intervention   195
     
    Hello rachida ,

    # Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
    # Double clique sur UsbFix.exe.

    # Clique sur Suppression.
    # Laisse travailler l'outil.

    # À la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum.

    # Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).

    ( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )

    # Tutoriel en images
    0
  4. rachida Messages postés 6 Statut Membre
     
    Salut,
    voici le rapport de la suppression après avoir utilisé UsbFix:
    ############################## | UsbFix V 7.097 | [Deletion]

    Updated 02/09/2012 by El Desaparecido
    Started at 08:38:35 | 04/09/2012

    Website: https://www.sosvirus.net/
    Forum: http://forum.eldesaparecido.com
    Suspicious file ? : http://eldesaparecido.com/upload.php
    Contact: contact@eldesaparecido.com

    PC: Hewlett-Packard (HP xw4400 Workstation) (x64-based PC
    CPU: Intel(R) Pentium(R) D CPU 3.40GHz (3400)
    CPU: Intel(R) Pentium(R) D CPU 3.40GHz (3400)
    RAM -> [Total : 2047 | Free : 1371]
    BIOS: Default System BIOS
    BOOT: Normal boot

    OS: Microsoft(R) Windows(R) XP Professionnel Edition x64 (5.2.3790 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 7.0.5730.13

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C:\ (%systemdrive%) -> Fixed drive # 141 Gb (69 Mb free - 49%) [] # NTFS
    D:\ -> Fixed drive # 8 Gb (4 Mb free - 52%) [HP_RECOVERY] # NTFS
    E:\ -> CD-ROM
    F:\ -> Removable drive # 2 Gb (43 Mb free - 2%) [IMENE] # FAT32

    ################## | Active Processes |

    C:\WINDOWS\system32\winlogon.exe (948)
    C:\WINDOWS\system32\services.exe (1008)
    C:\WINDOWS\system32\lsass.exe (1020)
    C:\WINDOWS\system32\svchost.exe (484)
    C:\WINDOWS\System32\svchost.exe (740)
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1092)
    C:\WINDOWS\system32\spoolsv.exe (1540)
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (1948)
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (520)
    C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.1.419.7\bProtect.exe (560)
    C:\WINDOWS\System32\svchost.exe (816)
    C:\WINDOWS\system32\schtasks.exe (908)
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaantmon.exe (1176)
    C:\WINDOWS\system32\nvsvc64.exe (364)
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe (1760)
    C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sgvpn.exe (1812)
    C:\PROGRA~2\Bandoo\Bandoo.exe (2332)
    C:\Program Files\Alwil Software\Avast5\setup\avast.setup (2632)
    C:\WINDOWS\system32\wscntfy.exe (356)
    C:\WINDOWS\Explorer.EXE (2992)
    C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.1.419.7\bProtect.exe (2140)
    C:\WINDOWS\RTHDCPL.EXE (888)
    C:\Program Files\Messenger\msmsgs.exe (3064)
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (904)
    C:\WINDOWS\system32\ctfmon.exe (1800)
    C:\Program Files (x86)\uTorrent\uTorrent.exe (2180)
    C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (812)
    C:\WINDOWS\system32\wuauclt.exe (2916)
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE (1104)
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (2408)
    C:\Program Files (x86)\PDF Complete\pdfsty.exe (2468)
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe (2400)
    C:\WINDOWS\SysWOW64\ctfmon.exe (2788)
    C:\WINDOWS\SMINST\Scheduler.exe (3204)
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (3412)
    C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sggui.exe (3568)
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe (3700)
    C:\Program Files\Alwil Software\Avast5\avastUI.exe (3724)
    C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sgcrypto.exe (3356)
    C:\UsbFix\Go.exe (2708)

    ################## | Stopped processes |

    Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1092)
    Stopped! C:\WINDOWS\system32\spoolsv.exe (1540)
    Stopped! C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (1948)
    Stopped! C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (520)
    Stopped! C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.1.419.7\bProtect.exe (560)
    Stopped! C:\WINDOWS\system32\schtasks.exe (908)
    Stopped! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaantmon.exe (1176)
    Stopped! C:\WINDOWS\system32\nvsvc64.exe (364)
    Stopped! C:\Program Files (x86)\PDF Complete\pdfsvc.exe (1760)
    Stopped! C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sgvpn.exe (1812)
    Stopped! C:\PROGRA~2\Bandoo\Bandoo.exe (2332)
    Stopped! C:\Program Files\Alwil Software\Avast5\setup\avast.setup (2632)
    Stopped! C:\WINDOWS\system32\wscntfy.exe (356)
    Stopped! C:\WINDOWS\Explorer.EXE (2992)
    Stopped! C:\Documents and Settings\All Users\Application Data\bProtectorForWindows\2.1.419.7\bProtect.exe (2140)
    Stopped! C:\WINDOWS\RTHDCPL.EXE (888)
    Stopped! C:\Program Files\Messenger\msmsgs.exe (3064)
    Stopped! C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (904)
    Stopped! C:\WINDOWS\system32\ctfmon.exe (1800)
    Stopped! C:\Program Files (x86)\uTorrent\uTorrent.exe (2180)
    Stopped! C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (812)
    Stopped! C:\WINDOWS\system32\wuauclt.exe (2916)
    Stopped! C:\Program Files (x86)\WinZip\WZQKPICK.EXE (1104)
    Stopped! C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (2408)
    Stopped! C:\Program Files (x86)\PDF Complete\pdfsty.exe (2468)
    Stopped! C:\Documents and Settings\Administrator\Application Data\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe (2400)
    Stopped! C:\WINDOWS\SysWOW64\ctfmon.exe (2788)
    Stopped! C:\WINDOWS\SMINST\Scheduler.exe (3204)
    Stopped! C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (3412)
    Stopped! C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sggui.exe (3568)
    Stopped! C:\Program Files (x86)\Ask.com\Updater\Updater.exe (3700)
    Stopped! C:\Program Files\Alwil Software\Avast5\avastUI.exe (3724)
    Stopped! C:\Program Files (x86)\Stonesoft\StoneGate IPsec VPN\bin\sgcrypto.exe (3356)

    ################## | Files # Infected Folders |

    Deleted ! C:\Recycler\S-1-5-21-3454904167-367663124-662330355-500
    Deleted ! D:\Recycler\S-1-5-21-3454904167-367663124-662330355-500

    (!) Temporary files deleted.

    ################## | Registry |

    ################## | Mountpoints2 |

    ################## | Listing |

    [15/02/2012 - 16:31:25 | D ] C:\215bd1a5b6635da5987f
    [15/09/2011 - 16:27:36 | D ] C:\251397c6897bc33322e705b01b2f
    [13/07/2011 - 16:28:32 | D ] C:\25dba121db9ae54d867ca5eee6a1
    [26/08/2012 - 16:24:58 | D ] C:\37797f8772aee9417ab92d574fd611a5
    [14/04/2011 - 16:27:06 | D ] C:\39eedf0b193354ac20f6
    [09/11/2011 - 16:28:35 | D ] C:\48517c935bd378efd9
    [15/04/2012 - 16:31:33 | D ] C:\4ef6a461246b57962b470f3d0012d6
    [22/08/2011 - 10:31:45 | D ] C:\93b70073487323bbd704f3d5
    [23/08/2011 - 15:31:02 | D ] C:\9584b60e3f2ac9f7af8393f69b63
    [04/04/2007 - 08:28:54 | D ] C:\AMD64
    [02/09/2012 - 08:54:37 | D ] C:\archive
    [01/06/2006 - 09:50:16 | N | 0] C:\AUTOEXEC.BAT
    [03/09/2012 - 16:00:38 | RASHD ] C:\Autorun.inf
    [15/12/2010 - 16:29:08 | D ] C:\b6f0bd62f356ad5f4d21b8f8b4fa09
    [04/04/2007 - 08:28:50 | D ] C:\BIOS
    [19/04/2010 - 10:34:26 | N | 213] C:\boot.ini
    [10/01/2007 - 10:53:04 | D ] C:\COMPAQ
    [01/06/2006 - 09:50:16 | N | 0] C:\CONFIG.SYS
    [21/04/2010 - 14:49:25 | D ] C:\Copie de OFFICE2003_bien
    [11/05/2011 - 16:28:32 | D ] C:\d58b28873c35f2f7d987eb22434b
    [15/07/2012 - 15:28:32 | D ] C:\Documents and Settings
    [21/04/2010 - 13:48:06 | D ] C:\Doc_Php
    [02/09/2012 - 16:10:26 | D ] C:\Downloads
    [15/07/2012 - 13:17:24 | D ] C:\Facemoi
    [26/04/2012 - 08:47:45 | D ] C:\found.000
    [02/09/2012 - 08:26:45 | D ] C:\found.001
    [04/09/2012 - 08:21:05 | ASH | 2146820096] C:\hiberfil.sys
    [04/04/2007 - 08:28:55 | D ] C:\I386
    [01/06/2006 - 09:50:16 | N | 0] C:\IO.SYS
    [08/03/2012 - 11:53:38 | D ] C:\Macromedia
    [01/06/2006 - 09:50:16 | N | 0] C:\MSDOS.SYS
    [11/01/2012 - 13:38:54 | RHD ] C:\MSOCache
    [04/04/2006 - 01:00:00 | N | 47772] C:\NTDETECT.COM
    [04/04/2006 - 01:00:00 | N | 295536] C:\ntldr
    [04/09/2012 - 08:21:00 | ASH | 2145386496] C:\pagefile.sys
    [02/09/2012 - 08:56:45 | D ] C:\payement 2012_2013
    [27/05/2012 - 14:51:57 | D ] C:\pcomr9
    [15/12/2011 - 10:30:32 | D ] C:\Program Files
    [03/09/2012 - 15:57:28 | D ] C:\Program Files (x86)
    [04/09/2012 - 08:39:35 | SHD ] C:\RECYCLER
    [04/04/2007 - 08:52:11 | D ] C:\SWSetup
    [13/09/2010 - 08:33:24 | SHD ] C:\System Volume Information
    [19/04/2010 - 10:34:35 | D ] C:\SYSTEM.SAV
    [22/08/2011 - 12:49:45 | D ] C:\Temp
    [04/09/2012 - 08:39:35 | D ] C:\UsbFix
    [04/09/2012 - 08:39:36 | A | 5945] C:\UsbFix.txt
    [17/07/2012 - 12:01:18 | N | 831] C:\user.js
    [03/09/2012 - 11:16:13 | D ] C:\WINDOWS
    [03/09/2012 - 16:00:38 | RASHD ] D:\Autorun.inf
    [13/03/2011 - 10:14:09 | D ] D:\DAT
    [01/07/2005 - 23:16:54 | ASH | 102] D:\Desktop.ini
    [23/11/2004 - 03:28:00 | N | 8130] D:\Folder.htt
    [03/11/2005 - 11:29:50 | N | 0] D:\HP_RECOVERY
    [04/04/2007 - 08:53:22 | D ] D:\I386
    [30/11/2004 - 23:01:00 | N | 73728] D:\Info.exe
    [04/04/2007 - 08:40:01 | D ] D:\ISOS
    [04/04/2007 - 08:53:22 | N | 1202] D:\MASTER.LOG
    [04/04/2007 - 08:53:22 | D ] D:\minint
    [29/08/2002 - 07:00:00 | N | 47580] D:\NTDETECT.COM
    [13/05/2006 - 00:07:42 | N | 0] D:\NTFS
    [29/08/2002 - 07:00:00 | N | 245920] D:\NTLDR
    [04/04/2007 - 08:53:22 | RSHD ] D:\PRELOAD
    [10/09/2002 - 21:58:12 | N | 181616] D:\protect.ed
    [04/04/2007 - 08:53:22 | RD ] D:\RECOVERY
    [04/09/2012 - 08:39:35 | SHD ] D:\RECYCLER
    [29/08/2002 - 07:00:00 | N | 245920] D:\STLDR
    [04/04/2007 - 08:31:07 | RSHD ] D:\System Volume Information
    [09/02/2002 - 03:44:00 | N | 88038] D:\Warning.bmp
    [26/03/2005 - 00:00:00 | N | 10] D:\WIN51
    [23/01/2001 - 05:00:00 | N | 11] D:\WIN51.B2
    [26/07/2001 - 05:00:00 | N | 11] D:\WIN51.RC1
    [26/07/2001 - 10:47:00 | N | 11] D:\WIN51.RC2
    [26/03/2005 - 00:00:00 | N | 10] D:\WIN51IA
    [26/03/2005 - 00:00:00 | N | 10] D:\WIN51IA.SP1
    [19/08/2001 - 05:00:00 | N | 10] D:\WIN51IC
    [21/03/2001 - 05:00:00 | N | 11] D:\WIN51IC.B2
    [26/07/2001 - 05:00:00 | N | 11] D:\WIN51IC.RC1
    [26/07/2001 - 05:00:00 | N | 11] D:\WIN51IC.RC2
    [18/08/2001 - 05:00:00 | N | 10] D:\WIN51IP
    [23/01/2001 - 05:00:00 | N | 11] D:\WIN51IP.B2
    [26/07/2001 - 10:47:00 | N | 11] D:\WIN51IP.RC2
    [18/08/2001 - 05:00:00 | N | 10] D:\WIN51IP.SP1
    [18/08/2001 - 05:00:00 | N | 10] D:\WIN51IP2
    [26/03/2005 - 00:00:00 | N | 167] D:\WINBOM.INI
    [13/03/2011 - 10:08:22 | D ] D:\www
    [13/05/2006 - 00:07:42 | N | 0] D:\XGA
    [03/09/2012 - 15:10:22 | D ] F:\Downloads2
    [03/09/2012 - 11:48:56 | N | 1271178] F:\UsbFix.exe
    [03/09/2012 - 15:38:24 | N | 393914903] F:\[YOUTUBE]-??????_???????_???????_?????_?????????_??????.mp4.rar
    [03/09/2012 - 16:00:40 | RASHD ] F:\Autorun.inf

    ################## | Vaccin |

    C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F |
    0