Répondre à : Virus qui créé des raccourcis sur les USB 2016-09-08T13:07:48+00:00
Photo du profil de AlhanAlhan
Participant
Post count: 12

le voici
[spoiler:1yjde2ms]############################## | UsbFix V 7.142 | [Suppression]

Utilisateur: Alhan (Administrateur) # ALHAN-PC
Mis à jour le 02/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:23:37 | 04/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (N71Jq)
CPU: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
RAM -> [Total : 4021 | Free : 3258]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 681 Go (141 Go libre(s) – 21%) [OS] # NTFS
D: -> Disque fixe # 298 Go (8 Go libre(s) – 3%) [] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 298 Go (70 Go libre(s) – 23%) [] # NTFS
G: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [STORE N GO] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWARE | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [Intel(TM)7z] – “C:windowsIntel(TM)7z.exe”
HKLMSOFTWAREwow6432Node | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
HKLMSOFTWAREwow6432Node | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [Intel(TM)7z] – “C:windowsIntel(TM)7z.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-2351134466-4085927225-1477360203-1000SOFTWARE | Run : [Facebook Update] – “C:UsersAlhanAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver

################## | Processus Stoppés |

Stoppé! C:WindowsSysWOW64ctfmon.exe (ID 1336 |ParentID 1904)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[04/10/2013 – 11:29:25 | SHD ] C:$RECYCLE.BIN
[15/06/2009 – 13:11:59 | N | 54] C:AdobeReader.log
[29/09/2013 – 22:37:41 | D ] C:AdwCleaner
[21/05/2013 – 16:09:13 | N | 3663] C:AdwCleaner[S1].txt
[19/05/2013 – 14:14:16 | D ] C:ASUS.DAT
[26/02/2010 – 18:55:13 | D ] C:ASUS.SYS
[04/10/2013 – 12:22:45 | RASHD ] C:Autorun.inf
[29/07/2009 – 08:03:34 | D ] C:Boot
[14/07/2009 – 03:38:58 | RASH | 383562] C:bootmgr
[29/07/2009 – 08:03:37 | RASH | 8192] C:BOOTSECT.BAK
[01/10/2013 – 22:44:06 | D ] C:Config.Msi
[26/02/2010 – 19:06:26 | N | 18109] C:devlist.txt
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[26/02/2010 – 18:55:43 | D ] C:eSupport
[06/08/2013 – 15:45:56 | D ] C:FFOutput
[26/02/2010 – 19:06:25 | N | 9] C:Finish.log
[04/10/2013 – 12:17:10 | ASH | 3161866240] C:hiberfil.sys
[26/02/2010 – 18:55:24 | N | 457308] C:if.log
[26/02/2010 – 18:37:46 | N | 2180993] C:inject.log.txt
[26/02/2010 – 18:48:04 | D ] C:Intel
[04/10/2013 – 11:25:58 | D ] C:Léon
[26/02/2010 – 17:51:49 | RD ] C:MSOCache
[11/12/2009 – 11:53:19 | N | 2097152] C:N71Jq.BIN
[15/12/2009 – 15:58:14 | N | 18] C:N71JQ_WIN7.10
[12/06/2009 – 03:32:00 | N | 57] C:OFFICE2007_L.TXT
[04/10/2013 – 12:17:09 | ASH | 4215824384] C:pagefile.sys
[26/02/2010 – 04:23:40 | N | 146] C:Pass.txt
[08/01/2010 – 05:49:43 | N | 339] C:Patch_Win7.log
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[19/09/2013 – 13:24:36 | D ] C:Program Files
[29/09/2013 – 22:48:24 | D ] C:Program Files (x86)
[29/09/2013 – 22:48:25 | D ] C:ProgramData
[02/10/2013 – 23:10:32 | D ] C:Qoobox
[19/05/2013 – 15:04:35 | D ] C:Recovery
[15/12/2009 – 15:58:14 | N | 7] C:RECOVERY.DAT
[26/02/2010 – 18:52:48 | N | 3451] C:RHDSetup.log
[22/05/2013 – 22:32:37 | D ] C:Riot Games
[26/02/2010 – 18:54:02 | N | 90] C:setup.log
[26/02/2010 – 17:54:13 | N | 170] C:SumHidd.txt
[26/02/2010 – 17:52:52 | N | 98] C:SumOS.txt
[02/10/2013 – 23:20:17 | SHD ] C:System Volume Information
[04/10/2013 – 12:24:33 | D ] C:UsbFix
[04/10/2013 – 11:09:21 | N | 10877] C:UsbFix [Clean 1] ALHAN-PC.txt
[04/10/2013 – 12:22:48 | N | 12041] C:UsbFix [Clean 2] ALHAN-PC.txt
[04/10/2013 – 12:25:09 | A | 7341] C:UsbFix [Clean 3] ALHAN-PC.txt
[04/10/2013 – 10:49:50 | N | 12448] C:UsbFix [Scan 10] ALHAN-PC.txt
[04/10/2013 – 10:51:34 | N | 12850] C:UsbFix [Scan 11] ALHAN-PC.txt
[30/09/2013 – 10:52:47 | N | 12736] C:UsbFix [Scan 1] ALHAN-PC.txt
[02/10/2013 – 18:05:05 | N | 12642] C:UsbFix [Scan 3] ALHAN-PC.txt
[02/10/2013 – 22:49:16 | N | 11903] C:UsbFix [Scan 4] ALHAN-PC.txt
[02/10/2013 – 23:47:16 | N | 12720] C:UsbFix [Scan 5] ALHAN-PC.txt
[02/10/2013 – 23:49:17 | N | 12777] C:UsbFix [Scan 6] ALHAN-PC.txt
[03/10/2013 – 14:13:00 | N | 13082] C:UsbFix [Scan 7] ALHAN-PC.txt
[04/10/2013 – 09:36:56 | N | 12789] C:UsbFix [Scan 8] ALHAN-PC.txt
[04/10/2013 – 09:38:59 | N | 13191] C:UsbFix [Scan 9] ALHAN-PC.txt
[19/05/2013 – 15:17:39 | RD ] C:Users
[16/09/2009 – 20:04:46 | N | 24] C:v82.txt
[02/10/2013 – 23:16:52 | D ] C:Windows
[19/05/2013 – 15:19:14 | D ] D:$RECYCLE.BIN
[04/10/2013 – 12:22:45 | RASHD ] D:Autorun.inf
[29/08/2013 – 23:09:05 | D ] D:C'est Pas Sorcier
[19/08/2013 – 16:06:39 | N | 13367597068] D:Dead Man Down.mkv
[08/05/2013 – 19:42:58 | N | 13730698234] D:Demain Ne Meurt Jamais.mkv
[11/07/2013 – 13:30:53 | N | 13813544887] D:Enf Of Watch.mkv
[11/07/2013 – 12:36:33 | N | 9600894527] D:G.I. Joe Retaliation.mkv
[08/05/2013 – 19:38:14 | N | 13076996266] D:GoldenEye.mkv
[04/05/2013 – 13:56:49 | N | 8525648548] D:Hot Shots Part 2.mkv
[13/11/2012 – 10:29:33 | D ] D:Images
[11/07/2013 – 13:48:21 | N | 15523160478] D:Inside Man.mkv
[08/05/2013 – 19:42:57 | N | 14969172217] D:Le Monde Ne Suffit Pas.mkv
[08/05/2013 – 19:00:32 | N | 18006208876] D:Meurs Un Autre Jour.mkv
[01/05/2013 – 14:04:46 | N | 13615266106] D:Million Dollar Baby.mkv
[22/09/2013 – 23:09:39 | D ] D:Music
[04/08/2013 – 13:16:44 | N | 18677558920] D:Oblivion.mkv
[04/08/2013 – 15:48:24 | N | 11741303746] D:Open Range.mkv
[19/08/2010 – 01:18:11 | D ] D:setup
[30/04/2013 – 22:35:14 | N | 8533191364] D:Sixième Sens.mkv
[25/02/2010 – 23:52:36 | SHD ] D:System Volume Information
[23/07/2013 – 11:23:13 | N | 12146350493] D:Trance.mkv
[19/05/2013 – 15:19:15 | D ] F:$RECYCLE.BIN
[28/02/2013 – 21:23:17 | N | 15581987050] F:Argo.mkv
[04/10/2013 – 12:22:45 | RASHD ] F:Autorun.inf
[28/02/2013 – 20:57:34 | N | 8531507663] F:God Bless America.mkv
[07/05/2013 – 13:19:57 | N | 7035745602] F:hot shots.mkv
[27/02/2013 – 14:21:20 | N | 12819023130] F:Independence Day.mkv
[28/04/2013 – 22:40:59 | N | 14229782440] F:Le Jour Ou La Terre S'Arreta.mkv
[21/03/2013 – 13:42:05 | N | 7472919175] F:Le Maître Du Jeu.mkv
[10/09/2012 – 06:48:28 | N | 14564402981] F:Les Infiltrés.mkv
[02/03/2013 – 02:46:31 | N | 12575651963] F:Looper.mkv
[07/10/2012 – 21:50:19 | N | 13715507760] F:Madagascar 3.mkv
[26/06/2013 – 15:07:46 | N | 14090058079] F:Mémoires d'une geisha.mkv
[20/03/2013 – 11:57:03 | N | 8214511958] F:Next.mkv
[18/03/2013 – 16:26:08 | N | 8503421826] F:Pearl Harbor.mkv
[23/02/2013 – 01:38:12 | N | 13175574252] F:Seven.mkv
[18/03/2013 – 16:09:34 | N | 8533485065] F:Source Code.mkv
[22/02/2013 – 23:40:42 | N | 11738730772] F:Spy Game.mkv
[25/02/2010 – 23:52:36 | SHD ] F:System Volume Information
[04/08/2013 – 19:30:57 | D ] F:Séries
[27/09/2012 – 18:43:06 | N | 15619605476] F:Taken.mkv
[18/03/2013 – 17:17:24 | N | 15537610873] F:The Usual Suspect.mkv
[20/05/2013 – 13:38:19 | D ] F:Transfert
[03/08/2013 – 02:31:00 | N | 361472] G:P04-1708.xls
[04/10/2013 – 12:22:46 | RASHD ] G:Autorun.inf

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1yjde2ms]