clef et portable infecté par des raccourcis 2013-11-09T17:38:29+00:00
  • Auteur
    Messages
  • rawette
    Participant
    Post count: 0

    Voilà, j’ai crée un sujet.
    Je poste le dernier bloc-notes car je ne sais pas si ma clef est désinfectée ^^

    Utilisateur: FAPART5 (Administrateur) # FAPART5-PC
    Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 18:26:33 | 09/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (K50IJ )
    CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
    RAM -> [Total : 4061 | Free : 2636]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 25.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 149 Go (45 Go libre(s) – 30%) [OS] # NTFS
    D: -> Disque fixe # 134 Go (134 Go libre(s) – 100%) [DATA] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 30 Go (18 Go libre(s) – 61%) [USB Ka 32Gb SanDisk] # NTFS

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe (ID: 852 |ParentID: 556)
    Stoppé! C:Windowssystem32FBAgent.exe (ID: 1368 |ParentID: 556)
    Stoppé! C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe (ID: 1416 |ParentID: 556)
    Stoppé! C:Program FilesATKGFNEXGFNEXSrv.exe (ID: 1564 |ParentID: 556)
    Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1596 |ParentID: 556)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1764 |ParentID: 556)
    Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1888 |ParentID: 556)
    Stoppé! C:WindowsSysWOW64Fast BootFastBootAgent.exe (ID: 1940 |ParentID: 556)
    Stoppé! C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe (ID: 2584 |ParentID: 556)
    Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 2792 |ParentID: 556)
    Stoppé! C:Windowssystem32taskhost.exe (ID: 2904 |ParentID: 556)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2936 |ParentID: 356)
    Stoppé! C:Program Files (x86)ASUSSplendidACMON.exe (ID: 3064 |ParentID: 2936)
    Stoppé! C:Program Files (x86)ASUSSmartLogonsensorsrv.exe (ID: 2164 |ParentID: 2936)
    Stoppé! C:Program Files (x86)ASUSASUS CopyProtectaspg.exe (ID: 1328 |ParentID: 2936)
    Stoppé! C:Program FilesP4GBatteryLife.exe (ID: 2476 |ParentID: 2936)
    Stoppé! C:Program Files (x86)ASUSControlDeckControlDeckStartUp.exe (ID: 2512 |ParentID: 2936)
    Stoppé! C:Program Files (x86)ASUSWireless Console 3wcourier.exe (ID: 2484 |ParentID: 2936)
    Stoppé! C:WindowsSysWOW64ACEngSvr.exe (ID: 2152 |ParentID: 712)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2556 |ParentID: 356)
    Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 2408 |ParentID: 2556)
    Stoppé! C:Program Files (x86)ASUSATK HotkeyHControl.exe (ID: 432 |ParentID: 1416)
    Stoppé! C:WindowsSystem32rundll32.exe (ID: 2540 |ParentID: 712)
    Stoppé! C:WindowsExplorer.EXE (ID: 2420 |ParentID: 2424)
    Stoppé! C:Program Files (x86)ASUSATK HotkeyAtouch64.exe (ID: 2764 |ParentID: 432)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID: 3480 |ParentID: 2420)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3488 |ParentID: 2420)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 3496 |ParentID: 2420)
    Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 3540 |ParentID: 712)
    Stoppé! C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe (ID: 3588 |ParentID: 2420)
    Stoppé! C:Program Files (x86)ASUSATK HotkeyATKOSD.exe (ID: 3596 |ParentID: 432)
    Stoppé! C:Program Files (x86)ASUSATK HotkeyKBFiltr.exe (ID: 3708 |ParentID: 432)
    Stoppé! C:Program FilesElantechETDCtrl.exe (ID: 3768 |ParentID: 2420)
    Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3780 |ParentID: 2420)
    Stoppé! C:Program Files (x86)ASUSATK HotkeyWDC.exe (ID: 3812 |ParentID: 432)
    Stoppé! C:Program Files (x86)VIAVIAudioiVDeckVDECK.EXE (ID: 4032 |ParentID: 3796)
    Stoppé! C:Program Files (x86)ASUSATK HotkeyHControlUser.exe (ID: 4080 |ParentID: 3796)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2972 |ParentID: 556)
    Stoppé! C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe (ID: 1288 |ParentID: 3796)
    Stoppé! C:Program Files (x86)ASUSATK MediaDMedia.exe (ID: 3320 |ParentID: 3796)
    Stoppé! C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID: 3244 |ParentID: 3796)
    Stoppé! C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 2932 |ParentID: 3796)
    Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3336 |ParentID: 3796)
    Stoppé! C:WindowsAsScrPro.exe (ID: 3920 |ParentID: 1940)
    Stoppé! C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 4044 |ParentID: 1940)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4104 |ParentID: 988)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
    04 – HKLMSOFTWARE | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    04 – HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
    04 – HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
    04 – HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
    04 – HKLMSOFTWARE | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
    04 – HKLMSOFTWAREwow6432Node | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    04 – HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1582993713-3607038955-3277453227-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | Recherche générique |

    Supprimé! F:2013-2014 journal de classe .lnk
    Supprimé! F:bericht1.lnk
    Supprimé! F:bericht2.lnk
    Supprimé! F:bericht3.lnk
    Supprimé! F:Elèves 2013 EO 2.lnk
    Supprimé! F:elèves privés.lnk
    Supprimé! F:Formation TICE.lnk
    Supprimé! F:habits.lnk
    Supprimé! F:images.lnk
    Supprimé! F:INTENSO copie au 13 oct 2012.lnk
    Supprimé! F:LDD diapo.lnk
    Supprimé! F:MATRICE POSSIBLE POUR TEST sur base Test H3 voc Units 1 and 2 28 02 13 pr KA.lnk
    Supprimé! F:MindMapping.lnk

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-1582993713-3607038955-3277453227-1000Software….Mountpoints2{0a944d00-6e9f-11e1-a686-90e6ba47987b}
    Supprimé! HKUS-1-5-21-1582993713-3607038955-3277453227-1000Software….Mountpoints2{3dc62390-727c-11e1-a2b6-90e6ba47987b}

    ################## | Listing |

    [14/09/2013 – 13:28:19 | SHD ] C:$Recycle.Bin
    [18/10/2013 – 07:19:24 | D ] C:161e5c22def74a30befef9a92fc2d8
    [17/10/2013 – 07:32:20 | D ] C:483776c9be91265e70
    [15/06/2009 – 12:11:59 | N | 54] C:AdobeReader.log
    [09/11/2013 – 18:19:16 | D ] C:asus.dat
    [22/10/2013 – 00:04:45 | SHD ] C:Boot
    [20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
    [29/07/2009 – 07:03:37 | RASH | 8192] C:BOOTSECT.BAK
    [26/09/2009 – 11:49:08 | N | 13613] C:devlist.txt
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [26/09/2009 – 11:49:06 | N | 9] C:Finish.log
    [28/10/2013 – 15:47:49 | D ] C:FreeOCR
    [08/03/2012 – 16:00:39 | D ] C:gen5
    [09/11/2013 – 18:17:27 | ASH | 3193765888] C:hiberfil.sys
    [26/09/2009 – 11:27:44 | D ] C:Intel
    [10/07/2009 – 09:35:33 | N | 1048576] C:K40IJ.BIN
    [29/07/2009 – 12:46:19 | N | 18] C:K40IJ_K50IJ_WIN7.10
    [10/07/2009 – 09:40:31 | N | 1048576] C:K50IJ.BIN
    [22/10/2009 – 15:00:17 | RHD ] C:MSOCache
    [02/07/2009 – 08:17:15 | N | 37] C:Nero.Log
    [12/06/2009 – 02:32:00 | N | 57] C:OFFICE2007_L.TXT
    [09/11/2013 – 18:17:32 | ASH | 4258357248] C:pagefile.sys
    [25/09/2009 – 23:04:29 | N | 146] C:Pass.txt
    [24/07/2009 – 07:46:46 | N | 3598] C:Patch.LOG
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [28/10/2013 – 15:41:16 | D ] C:Program Files
    [09/11/2013 – 09:30:14 | D ] C:Program Files (x86)
    [30/10/2013 – 10:02:58 | HD ] C:ProgramData
    [22/10/2009 – 11:54:50 | SHD ] C:Recovery
    [29/07/2009 – 12:46:19 | N | 14] C:RECOVERY.DAT
    [26/09/2009 – 11:38:23 | N | 90] C:setup.log
    [14/05/2006 – 09:22:24 | N | 5] C:store.log
    [26/09/2009 – 11:19:14 | N | 170] C:SumHidd.txt
    [26/09/2009 – 11:17:59 | N | 98] C:SumOS.txt
    [09/11/2013 – 09:39:08 | SHD ] C:System Volume Information
    [09/11/2013 – 18:26:52 | D ] C:UsbFix
    [09/11/2013 – 17:36:49 | N | 12075] C:UsbFix [Clean 2] FAPART5-PC.txt
    [09/11/2013 – 18:26:55 | A | 11493] C:UsbFix [Clean 3] FAPART5-PC.txt
    [14/09/2013 – 13:28:05 | RD ] C:Users
    [07/09/2009 – 12:59:54 | N | 25] C:v811.txt
    [15/09/2013 – 10:54:09 | D ] C:VanDale
    [02/11/2013 – 12:37:15 | D ] C:Windows
    [14/09/2013 – 13:28:20 | SHD ] D:$RECYCLE.BIN
    [23/10/2013 – 13:29:02 | N | 93184] D:P10.doc
    [26/09/2009 – 10:45:44 | SHD ] D:System Volume Information
    [04/10/2013 – 15:59:20 | N | 29696] F:2013-2014 journal de classe .doc
    [31/08/2009 – 10:17:12 | N | 1056687] F:bericht1.mp3
    [31/08/2009 – 10:17:34 | N | 1674222] F:bericht2.mp3
    [31/08/2009 – 10:17:54 | N | 1486141] F:bericht3.mp3
    [11/05/2013 – 13:20:56 | D ] F:Elèves 2013 EO 2
    [06/11/2013 – 19:29:17 | D ] F:elèves privés
    [26/02/2013 – 13:27:42 | D ] F:Formation TICE
    [15/11/2012 – 17:26:54 | D ] F:habits
    [22/10/2013 – 22:58:30 | D ] F:images
    [06/11/2013 – 16:38:43 | D ] F:INTENSO copie au 13 oct 2012
    [02/11/2013 – 16:21:10 | D ] F:LDD diapo
    [09/03/2013 – 13:19:18 | N | 92672] F:MATRICE POSSIBLE POUR TEST sur base Test H3 voc Units 1 and 2 28 02 13 pr KA.doc
    [17/09/2013 – 13:01:14 | D ] F:MindMapping

    ################## | Vaccin |

    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Anonyme
    Post count: 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Pour ta clé c’est ok ;)

    Souhaites tu que nous fassions un diagnostique du PC pour voir si il contient d’autres types d’infections ?

  • Anonyme
    Post count: 0

    Considéré comme résolu via MP ;)

Le sujet ‘clef et portable infecté par des raccourcis’ est fermé à de nouvelles réponses.