Répondre à : clé usb infectée 2016-09-08T13:08:22+00:00
ilema
Nombre d'articles : 0

[spoiler:2wf6lc6z]############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Amélie (Administrateur) # PC-DE-AMÉLIE
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 22:59:01 | 08/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (F5SL )
CPU: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
RAM -> [Total : 3071 | Free : 2487]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (63 Go libre(s) – 42%) [VistaOS] # NTFS
D: -> Disque fixe # 139 Go (53 Go libre(s) – 38%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (2 Go libre(s) – 48%) [USB AMÉLIE] # FAT32
H: -> CD-ROM

################## | Regedit Run |

HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
HKLMSOFTWARE | Run : [ccApp] – “C:Program FilesCommon FilesSymantec SharedccApp.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe”
HKLMSOFTWARE | Run : [RtHDVCpl] – RtHDVCpl.exe
HKLMSOFTWARE | Run : [SMSERIAL] – C:Program FilesMotorolaSMSERIALsm56hlpr.exe
HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program FilesASUSATK MediaDMEDIA.EXE
HKLMSOFTWARE | Run : [ASUSTPE] – C:Windowssystem32ASUSTPE.exe
HKLMSOFTWARE | Run : [PowerForPhone] – “C:Program FilesP4PP4P.exe”
HKLMSOFTWARE | Run : [ASUS Camera ScreenSaver] – C:WindowsASScrProlog.exe
HKLMSOFTWARE | Run : [ASUS Screen Saver Protector] – C:WindowsASScrPro.exe
HKLMSOFTWARE | Run : [SpeedTouch USB Diagnostics] – “C:Program FilesThomsonSpeedTouch USBDragdiag.exe” /icon
HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [Skytel] – Skytel.exe
HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
HKLMSOFTWARE | Run : [hpqSRMon] – C:Program FilesHPDigital ImagingbinhpqSRMon.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [RAV8Tray] – C:Program FilesGeCADRAV8 Desktopravtray8.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWARE | RunOnce : [RAV8Autoscan] – “C:Program FilesGeCADRAV8 Desktopravwin8.exe” “–ahd”
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [RocketDock] – “C:Program FilesRocketDockRocketDock.exe”
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [BitTorrent DNA] – “C:UsersAmélieProgram FilesDNAbtdna.exe”
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [Livestation] – C:Program FilesLivestationLivestation.exe -startup
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [AlcoholAutomount] – “C:Program FilesAlcohol SoftAlcohol 52axcmd.exe” /automount
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [MailNotifier] – C:Program FilesOrangeMailNotifierMailNotifier.exe
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [MyTomTomSA.exe] – “C:Program FilesMyTomTom 3MyTomTomSA.exe”
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
HKUS-1-5-19SOFTWARE | RunOnce : [] –
HKUS-1-5-20SOFTWARE | RunOnce : [] –
HKUS-1-5-18SOFTWARE | RunOnce : [] –

################## | Processus Stoppés |

Stoppé! C:Windowshelppane.exe (ID 1768 |ParentID 780)
Stoppé! C:Windowssystem32DllHost.exe (ID 1204 |ParentID 780)
Stoppé! C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID 1556 |ParentID 1564)
Stoppé! C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID 1844 |ParentID 1556)

################## | Éléments infectieux |

Supprimé! C:UsersAMLIE~1AppDataLocalTemputt51B5.tmp.exe
Supprimé! C:UsersAMLIE~1AppDataLocalTemputtDD88.tmp.exe
Supprimé! C:UsersAMLIE~1AppDataLocalTemp42050-359-rav-antivirus-desktop.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKLMSoftwarePoliciesMicrosoftWindows NTSystemRestore|DisableConfig
Supprimé! HKLMSoftwarePoliciesMicrosoftWindows NTSystemRestore|DisableSR
Supprimé! HKCU….ExplorerMountPoints2{1a53499f-232d-11e0-8223-00221577b14a}
Supprimé! HKCU….ExplorerMountPoints2{27f505ba-d8b5-11dd-abdf-00221577b14a}

################## | Listing |

[04/10/2008 – 18:23:28 | SHD ] C:$RECYCLE.BIN
[18/09/2006 – 23:43:36 | N | 24] C:autoexec.bat
[27/09/2009 – 12:56:40 | SHD ] C:Boot
[11/04/2009 – 08:36:36 | RASH | 333257] C:bootmgr
[16/04/2008 – 13:27:17 | RAS | 8192] C:BOOTSECT.BAK
[04/04/2007 – 21:01:54 | N | 19] C:CA21.txt
[08/10/2013 – 21:58:03 | HD ] C:Config.Msi
[18/09/2006 – 23:43:37 | N | 10] C:config.sys
[18/01/2011 – 23:59:37 | N | 606] C:debug.log
[08/08/2008 – 13:32:59 | N | 16749] C:devlist.txt
[04/10/2008 – 18:12:28 | SHD ] C:Documents and Settings
[21/05/2008 – 12:00:56 | N | 26] C:Driver.30
[06/05/2008 – 04:32:23 | N | 1048576] C:F5SLAS.BIN
[08/08/2008 – 13:29:38 | N | 9] C:Finish.log
[03/08/2009 – 20:49:00 | D ] C:Games
[06/03/2011 – 14:14:05 | N | 0] C:IO.SYS
[13/02/2012 – 22:29:32 | D ] C:LOVELY
[06/03/2011 – 14:14:05 | N | 0] C:MSDOS.SYS
[22/03/2011 – 23:04:31 | RHD ] C:MSOCache
[22/04/2008 – 11:40:32 | N | 31] C:NERO.LOG
[04/07/2008 – 06:35:34 | N | 21] C:NIS2008.TXT
[16/03/2007 – 01:18:45 | N | 25] C:OFFICE2007_A.TXT
[08/10/2013 – 22:56:43 | ASH | 3534262272] C:pagefile.sys
[08/08/2008 – 00:29:28 | N | 105] C:Pass.txt
[23/07/2008 – 09:40:31 | N | 2238] C:Patch.LOG
[21/01/2008 – 04:32:31 | D ] C:PerfLogs
[08/10/2013 – 21:56:55 | D ] C:Program Files
[08/10/2013 – 21:50:39 | HD ] C:ProgramData
[29/04/2008 – 16:30:15 | N | 20] C:READER_A.TXT
[18/12/2007 – 03:43:17 | N | 26] C:RECOVERY.DAT
[08/08/2008 – 12:53:50 | N | 426] C:RHDSetup.log
[01/11/2008 – 20:56:43 | N | 268] C:sqmdata00.sqm
[02/11/2008 – 12:58:35 | N | 268] C:sqmdata01.sqm
[02/11/2008 – 23:02:03 | N | 268] C:sqmdata02.sqm
[03/11/2008 – 21:44:09 | N | 268] C:sqmdata03.sqm
[04/11/2008 – 23:40:50 | N | 268] C:sqmdata04.sqm
[06/11/2008 – 13:53:18 | N | 268] C:sqmdata05.sqm
[06/11/2008 – 14:26:46 | N | 268] C:sqmdata06.sqm
[01/11/2008 – 20:56:43 | N | 244] C:sqmnoopt00.sqm
[02/11/2008 – 12:58:35 | N | 244] C:sqmnoopt01.sqm
[02/11/2008 – 23:02:03 | N | 244] C:sqmnoopt02.sqm
[03/11/2008 – 21:44:09 | N | 244] C:sqmnoopt03.sqm
[04/11/2008 – 23:40:50 | N | 244] C:sqmnoopt04.sqm
[06/11/2008 – 13:53:18 | N | 244] C:sqmnoopt05.sqm
[06/11/2008 – 14:26:46 | N | 244] C:sqmnoopt06.sqm
[16/05/2006 – 02:22:24 | N | 5] C:store.log
[08/08/2008 – 12:25:47 | N | 166] C:SumHidd.txt
[08/08/2008 – 12:24:56 | N | 98] C:SumOS.txt
[08/10/2013 – 22:43:16 | SHD ] C:System Volume Information
[02/12/2010 – 18:41:35 | D ] C:Temp
[08/10/2013 – 23:06:53 | D ] C:UsbFix
[08/10/2013 – 22:47:08 | N | 11177] C:UsbFix [Clean 1] PC-DE-AMÉLIE.txt
[08/10/2013 – 23:09:20 | A | 8817] C:UsbFix [Clean 2] PC-DE-AMÉLIE.txt
[08/10/2013 – 21:51:28 | N | 12806] C:UsbFix [Scan 1] PC-DE-AMÉLIE.txt
[31/01/2009 – 13:16:12 | RD ] C:Users
[17/04/2008 – 02:32:52 | N | 24] C:V541.TXT
[08/10/2013 – 22:56:48 | D ] C:Windows
[29/03/2013 – 19:31:16 | SHD ] D:$RECYCLE.BIN
[10/02/2013 – 23:51:01 | D ] D:films
[25/04/2009 – 14:57:58 | D ] D:internat
[06/09/2013 – 23:20:56 | D ] D:Music
[01/04/2013 – 17:45:24 | D ] D:PHOTOS
[26/01/2009 – 20:46:48 | D ] D:surprise
[08/08/2008 – 11:43:30 | SHD ] D:System Volume Information
[06/03/2011 – 14:16:24 | D ] D:~MSSTFQF.T
[14/09/2012 – 07:41:20 | N | 2565265] F:OMEDIT_LPM_EHPAD.pdf
[07/12/2010 – 16:27:08 | D ] F:GraphPad
[10/05/2013 – 20:17:56 | D ] F:stage_ARS
[16/04/2013 – 17:56:16 | D ] F:stage_Roche
[11/10/2012 – 16:29:32 | D ] F:Etude SAMED
[11/10/2012 – 16:28:50 | D ] F:photos
[11/10/2012 – 16:29:48 | D ] F:CV
[10/05/2013 – 20:26:46 | D ] F:Endnote
[11/10/2012 – 16:30:10 | D ] F:année recherche
[10/05/2013 – 20:16:58 | D ] F:Formation
[06/10/2013 – 19:36:12 | N | 1618432] F:thèse_AmélieRousseau_141013.ppt
[09/07/2013 – 21:41:54 | D ] F:applications

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2wf6lc6z]