Répondre à : Pc infecté 2016-09-08T13:00:21+00:00
labar6
Nombre d'articles : 0

UsbFix
[spoiler:2diduiwn]############################# | UsbFix V 7.128 | [Suppression]

Utilisateur: Rabah (Administrateur) # ASUS-RABAH
Mis à jour le 20/06/2013 par El Desaparecido
Lancé à 19:45:30 | 21/06/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: forum-virus-securite/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: ASUSTeK COMPUTER INC. (X301A) (x64-based PC)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz (2300)
RAM -> [Total : 3980 | Free : 2292]
BIOS: X301A.209
BOOT: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16599

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 279 Go (182 Go libre(s) – 65%) [OS] # NTFS
D: -> Disque fixe # 398 Go (398 Go libre(s) – 100%) [Data] # NTFS
E: -> Disque amovible # 2 Go (371 Mo libre(s) – 21%) [] # FAT

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-2203322381-341757179-510493727-1001SOFTWARE | Run : [GoogleChromeAutoLaunch_FD2534094C42160DAB216F324E9F1350] – “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –no-startup-window
HKUS-1-5-21-2203322381-341757179-510493727-1001SOFTWARE | Run : [help.vbs] – “C:UsersRabahAppDataLocalTemphelp.vbs”

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (1228)
Stoppé! C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (1304)
Stoppé! C:WindowsSystem32spoolsv.exe (1512)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (1720)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (1740)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (1780)
Stoppé! C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe (1812)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (1844)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (2000)
Stoppé! C:Windowssystem32dashost.exe (2016)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (1112)
Stoppé! C:Program Files (x86)ASUSASUS InstantOnInsOnCfg.exe (2536)
Stoppé! C:Windowssystem32taskhostex.exe (2548)
Stoppé! C:Program FilesASUSP4GBatteryLife.exe (2556)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (2564)
Stoppé! C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe (2596)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (2812)
Stoppé! C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (3032)
Stoppé! C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (3036)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweLiveComm.exe (3236)
Stoppé! C:Windowssystem32SearchIndexer.exe (3632)
Stoppé! C:WindowsSystem32igfxtray.exe (4020)
Stoppé! C:WindowsSystem32hkcmd.exe (4072)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (3096)
Stoppé! C:Program Files (x86)ASUSSplendidACMON.exe (3148)
Stoppé! C:WindowsSysWOW64ACEngSvr.exe (1088)
Stoppé! C:Windowssystem32igfxpers.exe (1212)
Stoppé! C:WindowsSystem32WScript.exe (2808)
Stoppé! C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe (3200)
Stoppé! C:WindowsSysWOW64schtasks.exe (1056)
Stoppé! C:Windowssystem32conhost.exe (4500)
Stoppé! C:Program Files (x86)iTunesiTunesHelper.exe (4760)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (4836)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (4892)
Stoppé! C:Program FilesiPodbiniPodService.exe (5080)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (2100)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (5068)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (4032)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (4812)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (4012)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (1256)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (5088)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (2300)
Stoppé! C:WindowsSysWOW64ctfmon.exe (5124)
Stoppé! C:UsersRabahDesktopRogueKiller.exe (5236)
Stoppé! C:ProgramDataBrowserProtect2.6.1339.144{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserProtect.exe (4564)
Stoppé! C:WindowsSysWOW64schtasks.exe (2256)
Stoppé! C:ProgramDataBrowserProtect2.6.1339.144{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserProtect.exe (1752)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (5568)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (2424)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (3612)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (4428)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (768)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (6116)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (1432)
Stoppé! C:Program Files (x86)ZHPDiagZHPDiag.exe (1792)
Stoppé! C:WindowsSystem32WUDFHost.exe (1884)

################## | Éléments infectieux |

Supprimé! E:SiT_start.exe
Supprimé! E:SiT_start.exe.lnk
Supprimé! E:autorun.inf.lnk
Supprimé! E:GETTING TO YES (1).pdf.lnk
Supprimé! E:LEARNING AGREEMENT RABAH0001.pdf.lnk
Supprimé! E:Dossier_Licence3_MICC.pdf.lnk
Supprimé! E:Les Temps en anglais.pdf.lnk
Supprimé! E:Temps Francais.pdf.lnk
Supprimé! E:L.Antisemite.FRENCH.DVDRiP.XViD-MARSH.avi.lnk
Supprimé! E:100_0972.MOV.lnk
Supprimé! E:FINANCE PUBLIQUE F.docx.lnk
Supprimé! E:Dossier Éco Droit, Les réseaux sociaux.docx.lnk
Supprimé! E:Dossier Art.A Histoire-Visuel.docx.lnk
Supprimé! E:hamza.odt.lnk
Supprimé! E:Composition1.pub.lnk
Supprimé! E:planche tendance.pub.lnk
Supprimé! E:Interview For St Michel School.docx.lnk
Supprimé! E:Souhaïb, dossier de stage.doc.lnk
Supprimé! C:UsersRabahAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuphelp.vbs
Supprimé! C:UsersRabahAppDataLocalTemphelp.vbs
Supprimé! C:UsersRabahAppDataLocalTempwinziprosetup-WZRO6_20130221.exe
Supprimé! E:autorun.inf
Supprimé! E:help.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|help.vbs

################## | Mountpoints2 |

################## | Listing |

[23/02/2013 – 23:27:18 | SHD ] C:$Recycle.Bin
[20/02/2013 – 15:36:41 | D ] C:$SysReset
[26/09/2012 – 08:11:07 | D ] C:AsusVibeData
[21/06/2013 – 17:06:05 | D ] C:avast! sandbox
[17/08/2012 – 11:42:50 | SHD ] C:Boot
[26/07/2012 – 05:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 16:30:55 | N | 1] C:BOOTNXT
[26/07/2012 – 09:22:08 | SHD ] C:Documents and Settings
[26/09/2012 – 08:10:51 | D ] C:eSupport
[21/06/2013 – 16:16:38 | ASH | 3338485760] C:hiberfil.sys
[26/09/2012 – 07:56:26 | D ] C:Intel
[30/03/2013 – 01:51:58 | RHD ] C:MSOCache
[21/06/2013 – 16:16:39 | ASH | 738197504] C:pagefile.sys
[26/07/2012 – 09:33:46 | D ] C:PerfLogs
[21/06/2013 – 19:25:02 | N | 512] C:PhysicalDisk0_MBR.bin
[21/06/2013 – 13:04:47 | D ] C:Program Files
[21/06/2013 – 19:14:33 | D ] C:Program Files (x86)
[21/06/2013 – 13:03:34 | HD ] C:ProgramData
[21/02/2013 – 21:39:16 | D ] C:sources
[21/06/2013 – 16:16:39 | ASH | 268435456] C:swapfile.sys
[21/06/2013 – 13:04:42 | SHD ] C:System Volume Information
[21/06/2013 – 19:52:33 | D ] C:UsbFix
[21/06/2013 – 19:53:00 | A | 9245] C:UsbFix [Clean 1] ASUS-RABAH.txt
[19/02/2013 – 22:53:54 | D ] C:Users
[21/06/2013 – 17:08:11 | D ] C:Windows
[20/02/2013 – 15:45:43 | D ] C:Windows.old
[20/08/2012 – 15:50:18 | N | 6293504] C:X301A.BIN
[20/08/2012 – 15:50:38 | N | 6293504] C:X301A1.BIN
[20/08/2012 – 15:30:48 | N | 6293504] C:X401A.BIN
[20/08/2012 – 15:48:18 | N | 6293504] C:X401A1.BIN
[20/08/2012 – 14:47:06 | N | 6293504] C:X501A.BIN
[20/08/2012 – 14:52:30 | N | 6293504] C:X501A1.BIN
[21/06/2013 – 19:25:10 | D ] C:ZHP
[19/02/2013 – 22:03:58 | SHD ] D:$RECYCLE.BIN
[21/06/2013 – 17:06:12 | D ] D:avast! sandbox
[26/09/2012 – 07:52:01 | SHD ] D:System Volume Information
[08/11/2011 – 13:33:14 | D ] E:files
[08/11/2011 – 13:33:16 | D ] E:SiT_start_Mac.app
[12/02/2012 – 18:14:22 | N | 588776] E:GETTING TO YES (1).pdf
[01/03/2012 – 14:18:34 | D ] E:International Business
[07/02/2012 – 14:04:56 | N | 650705] E:LEARNING AGREEMENT RABAH0001.pdf
[05/03/2012 – 13:02:06 | N | 421978] E:Dossier_Licence3_MICC.pdf
[20/03/2012 – 23:26:16 | N | 143501] E:Les Temps en anglais.pdf
[21/03/2012 – 00:25:50 | D ] E:the-round-table-talks-mwmqcdh7rb4u-080_232547_987860
[24/03/2012 – 17:33:58 | N | 150297] E:Temps Francais.pdf
[05/04/2012 – 00:48:00 | N | 733788160] E:L.Antisemite.FRENCH.DVDRiP.XViD-MARSH.avi
[11/03/2012 – 12:02:04 | N | 79954518] E:100_0972.MOV
[09/10/2012 – 20:07:14 | D ] E:COURS YAM!!!!!!!
[23/01/2013 – 18:41:40 | D ] E:Microsoft Office 2007
[02/05/2013 – 18:06:24 | D ] E:CIVE VIC
[04/05/2013 – 15:39:04 | N | 78702] E:FINANCE PUBLIQUE F.docx
[07/05/2013 – 00:25:24 | N | 276011] E:Dossier Éco Droit, Les réseaux sociaux.docx
[10/05/2013 – 00:10:38 | N | 1193199] E:Dossier Art.A Histoire-Visuel.docx
[10/05/2013 – 10:31:50 | N | 184761] E:hamza.odt
[22/03/2013 – 13:20:04 | N | 81920] E:Composition1.pub
[12/04/2013 – 12:22:02 | N | 472576] E:planche tendance.pub
[06/06/2013 – 18:41:34 | N | 13084] E:Interview For St Michel School.docx
[14/06/2013 – 16:10:14 | D ] E:MAMA JOB
[21/06/2013 – 15:07:12 | N | 845312] E:Souhaïb, dossier de stage.doc
[21/06/2013 – 16:14:58 | D ] E:cucs 2013 souhaib

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2diduiwn]