Répondre à : fichiers sur clé usb transformés en raccourcis 2016-09-08T13:07:41+00:00
TERESA
Participant
Post count: 3

voilà ce que j’ai :[spoiler:1gj5tova]############################## | UsbFix V 7.140 | [Suppression]

Utilisateur: Famille Ben (Administrateur) # FAMILLEBEN-PC
Mis à jour le 30/09/2013 par El Desaparecido – Team SosVirus
Lancé à 20:13:01 | 30/09/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (JE51_MV)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
RAM -> [Total : 4026 | Free : 1855]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 453 Go (84 Go libre(s) – 19%) [Acer] # NTFS
D: -> Disque fixe # 100 Mo (85 Mo libre(s) – 85%) [Réservé au système] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
HKLMSOFTWARE | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
HKLMSOFTWAREwow6432Node | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
HKLMSOFTWAREwow6432Node | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [nBHfBEux] – wscript.exe //B “C:UsersFAMILL~1AppDataLocalTempnBHfBEux.vbs”
HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [EPSON SX125 Series] – C:Windowssystem32spoolDRIVERSx643E_IATIGGE.EXE /FU “C:WindowsTEMPE_S9EE.tmp” /EF “HKCU”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1340 |ParentID 612)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1460 |ParentID 612)
Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID 1596 |ParentID 612)
Stoppé! C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID 1636 |ParentID 612)
Stoppé! C:Program Files (x86)AcerRegistrationGREGsvc.exe (ID 1688 |ParentID 612)
Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID 1724 |ParentID 612)
Stoppé! C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe (ID 1760 |ParentID 612)
Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID 1864 |ParentID 612)
Stoppé! C:Windowssystem32taskhost.exe (ID 1980 |ParentID 612)
Stoppé! C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID 1204 |ParentID 612)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 1392 |ParentID 612)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 384 |ParentID 1392)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 2904 |ParentID 2684)
Stoppé! C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe (ID 2980 |ParentID 2684)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 2996 |ParentID 2684)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 3052 |ParentID 2684)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 3060 |ParentID 2684)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID 2364 |ParentID 776)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2344 |ParentID 2684)
Stoppé! C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID 2316 |ParentID 2684)
Stoppé! C:WindowsSystem32wscript.exe (ID 2612 |ParentID 2684)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 2648 |ParentID 2684)
Stoppé! C:Windowssystem32igfxext.exe (ID 2816 |ParentID 776)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3188 |ParentID 612)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 3264 |ParentID 2344)
Stoppé! C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID 3352 |ParentID 1636)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3504 |ParentID 612)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 4012 |ParentID 2704)
Stoppé! C:Program Files (x86)Launch ManagerLManager.exe (ID 3180 |ParentID 2704)
Stoppé! C:Program Files (x86)EgisTec IPSPmmUpdate.exe (ID 512 |ParentID 2704)
Stoppé! C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe (ID 2204 |ParentID 2704)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 676 |ParentID 2704)
Stoppé! C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID 2436 |ParentID 3180)
Stoppé! C:Program Files (x86)Launch ManagerLMworker.exe (ID 2196 |ParentID 1596)
Stoppé! C:Program Files (x86)EgisTec IPSEgisUpdate.exe (ID 3208 |ParentID 2328)
Stoppé! C:Windowssystem32DllHost.exe (ID 4268 |ParentID 776)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID 4600 |ParentID 612)
Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID 4648 |ParentID 612)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 4772 |ParentID 612)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 2792 |ParentID 2684)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 2556 |ParentID 2792)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 2760 |ParentID 2556)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 3612 |ParentID 2760)
Stoppé! C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.EXE (ID 2212 |ParentID 612)
Stoppé! C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50STB.EXE (ID 2464 |ParentID 612)
Stoppé! C:Program Files (x86)Microsoft OfficeOffice12MSPUB.EXE (ID 3144 |ParentID 2684)
Stoppé! C:Windowssplwow64.exe (ID 4516 |ParentID 3144)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID 4948 |ParentID 2884)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 4568 |ParentID 1008)
Stoppé! C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0mswinext.exe (ID 5196 |ParentID 3492)
Stoppé! C:WindowsSysWOW64werfault.exe (ID 2576 |ParentID 4956)
Stoppé! C:Program Files (x86)Microsoft OfficeOffice12MSPUB.EXE (ID 3212 |ParentID 2684)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5804 |ParentID 2684)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4300 |ParentID 5804)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6016 |ParentID 5804)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4704 |ParentID 5804)
Stoppé! C:Program Files (x86)Common FilesAdobeUpdater6Adobe_Updater.exe (ID 5208 |ParentID 5144)
Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSCServerSCServer.exe (ID 5632 |ParentID 776)
Stoppé! C:Windowssystem32taskhost.exe (ID 4868 |ParentID 612)

################## | Éléments infectieux |

Supprimé! F:nBHfBEux.vbs
Supprimé! C:UsersFAMILL~1AppDataLocalTempnBHfBEux.vbs
Supprimé! C:UsersFamille BenAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupnBHfBEux.vbs
Supprimé! F:élèves points 3 et 4.lnk
Supprimé! F:RECETTES.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! F:Nouveau dossier (2).lnk
Supprimé! C:BackupteresaAppDataLocalTempnBHfBEux.vbs
Supprimé! C:BackupteresaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupnBHfBEux.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|nBHfBEux

################## | Listing |

[30/09/2013 – 06:57:12 | SHD ] C:$Recycle.Bin
[17/06/2013 – 10:17:29 | N | 23924] C:AdwCleaner[R1].txt
[17/06/2013 – 10:36:13 | N | 451] C:AdwCleaner[S1].txt
[25/06/2013 – 20:06:28 | N | 0] C:autoexec.bat
[30/09/2013 – 19:30:18 | RASHD ] C:Autorun.inf
[30/09/2013 – 13:15:39 | D ] C:Backup
[29/05/2012 – 23:45:31 | D ] C:book
[22/11/2010 – 14:13:52 | SHD ] C:Boot
[14/07/2009 – 03:38:58 | RASH | 383562] C:bootmgr
[22/11/2010 – 14:13:54 | RASH | 8192] C:BOOTSECT.BAK
[30/09/2013 – 17:38:26 | SHD ] C:Config.Msi
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[23/05/2013 – 12:26:16 | D ] C:drivers
[29/09/2013 – 11:11:52 | N | 9] C:END
[30/09/2013 – 18:52:04 | ASH | 3166146560] C:hiberfil.sys
[22/11/2010 – 14:39:44 | D ] C:Intel
[02/06/2012 – 22:56:40 | N | 40] C:log.txt
[17/03/2013 – 15:59:47 | RHD ] C:MSOCache
[30/09/2013 – 06:57:00 | D ] C:OEM
[30/09/2013 – 18:52:09 | ASH | 4221530112] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[30/09/2013 – 16:50:22 | D ] C:Program Files
[30/09/2013 – 19:02:19 | D ] C:Program Files (x86)
[30/09/2013 – 19:04:05 | HD ] C:ProgramData
[30/09/2013 – 06:54:38 | SHD ] C:Recovery
[22/11/2010 – 14:47:03 | N | 2264] C:RHDSetup.log
[30/09/2013 – 19:03:15 | SHD ] C:System Volume Information
[30/09/2013 – 20:13:51 | D ] C:UsbFix
[30/09/2013 – 20:14:12 | A | 11613] C:UsbFix [Clean 1] FAMILLEBEN-PC.txt
[30/09/2013 – 19:34:28 | N | 10801] C:UsbFix [Scan 3] FAMILLEBEN-PC.txt
[30/09/2013 – 19:37:21 | N | 11421] C:UsbFix [Scan 4] FAMILLEBEN-PC.txt
[26/07/2012 – 09:44:21 | N | 413] C:user.js
[30/09/2013 – 06:54:45 | RD ] C:Users
[30/09/2013 – 11:49:33 | D ] C:Windows
[30/09/2013 – 06:57:12 | SHD ] D:$RECYCLE.BIN
[30/09/2013 – 19:30:20 | RASHD ] D:Autorun.inf
[03/03/2013 – 18:39:31 | N | 369] D:INTENSO (G) – Raccourci.lnk
[29/05/2012 – 23:39:47 | SHD ] D:System Volume Information
[29/09/2013 – 10:38:12 | N | 127972] F:élèves points 3 et 4.pdf
[29/09/2013 – 10:41:24 | N | 522920] F:RECETTES.pdf
[29/09/2013 – 12:53:50 | D ] F:Nouveau dossier
[29/09/2013 – 12:53:56 | D ] F:Nouveau dossier (2)

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1gj5tova]