Répondre à : Je suis tout vérolé…. 2016-09-08T13:08:34+00:00
Arsouille Slick
Participant
Nombre d'articles : 10

OUF ! Le sans échec à mis le temps… Quelques surchauffes du PC…
Voici le rapport:
[spoiler:2vcajbk5]############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Arsouille Slick (Administrateur) # ARSOUILLESLICK
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 23:48:25 | 09/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0YXXJJ)
CPU: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
RAM -> [Total : 3959 | Free : 3451]
Bios: Dell Inc.
Boot: Fail-safe boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 581 Go (337 Go libre(s) – 58%) [OS] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [] # FAT32
G: -> Disque amovible # 961 Mo (961 Mo libre(s) – 100%) [] # FAT

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Adobe Photo Downloader] – “C:Program Files (x86)AdobePhotoshop Elements 6.0apdproxy.exe”
HKLMSOFTWARE | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
HKLMSOFTWARE | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
HKLMSOFTWARE | Run : [Freecorder FLV Service] – “C:Program Files (x86)FreecorderFLVSrvc.exe” /run
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWARE | Run : [BackupNowEZtray] – “C:Program Files (x86)NewTech InfosystemsBackup Now EZBackupNowEZtray.exe” -k
HKLMSOFTWARE | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [tvncontrol] – “C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe” -controlservice -slave
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Photo Downloader] – “C:Program Files (x86)AdobePhotoshop Elements 6.0apdproxy.exe”
HKLMSOFTWAREwow6432Node | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
HKLMSOFTWAREwow6432Node | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
HKLMSOFTWAREwow6432Node | Run : [Freecorder FLV Service] – “C:Program Files (x86)FreecorderFLVSrvc.exe” /run
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWAREwow6432Node | Run : [BackupNowEZtray] – “C:Program Files (x86)NewTech InfosystemsBackup Now EZBackupNowEZtray.exe” -k
HKLMSOFTWAREwow6432Node | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [tvncontrol] – “C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe” -controlservice -slave
HKLMSOFTWARE | RunOnce : [“C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”] – “C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [“C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”] – “C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [EPSON Stylus DX4000 Series] – C:Windowssystem32spoolDRIVERSx643E_FATIBEE.EXE /FU “C:WindowsTEMPE_S4F0C.tmp” /EF “HKCU”
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [Facebook Update] – “C:UsersArsouille SlickAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [Media Finder] – “C:Program Files (x86)Media FinderMF.exe” /opentotray
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsersArsouille SlickAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [mhH5Vwcp] – wscript.exe //B “C:UsersARSOUI~1AppDataLocalTempmhH5Vwcp.vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Processus Stoppés |

Stoppé! C:Windowssystem32ctfmon.exe (ID 640 |ParentID 404)
Stoppé! C:Windowssystem32DllHost.exe (ID 1084 |ParentID 608)

################## | Éléments infectieux |

Supprimé! E:mhH5Vwcp.vbs
Supprimé! G:mhH5Vwcp.vbs
Supprimé! C:UsersARSOUI~1AppDataLocalTempmhH5Vwcp.vbs
Supprimé! C:UsersArsouille SlickAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmhH5Vwcp.vbs
Supprimé! C:UsersBénédicte Le RouxAppDataLocalTempmhH5Vwcp.vbs
Supprimé! C:UsersBénédicte Le RouxAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmhH5Vwcp.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-996638935-1206935677-1497400228-1000SoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Supprimé! HKCU….ExplorerMountPoints2{2531fb7a-4f3f-11e1-b0f0-bf7c4a783d88}

################## | Listing |

[15/06/2013 – 13:31:51 | SHD ] C:$Recycle.Bin
[06/04/2011 – 01:07:47 | D ] C:27d7dbdf68879e1170b156db2dce216b
[28/04/2009 – 18:27:08 | SHD ] C:Boot
[14/07/2009 – 03:38:58 | RASH | 383562] C:bootmgr
[28/04/2009 – 18:27:09 | RASH | 8192] C:BOOTSECT.BAK
[09/10/2013 – 18:38:28 | SHD ] C:Config.Msi
[03/04/2011 – 22:44:36 | D ] C:Dell
[29/03/2011 – 20:00:40 | N | 3301] C:dell.sdr
[03/04/2011 – 22:57:28 | SHD ] C:Documents and Settings
[09/10/2013 – 23:46:35 | ASH | 3113234432] C:hiberfil.sys
[29/03/2011 – 17:49:12 | D ] C:Intel
[09/10/2013 – 23:46:39 | ASH | 4150980608] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[04/04/2011 – 00:29:52 | D ] C:PFiles
[20/07/2013 – 13:05:45 | D ] C:Program Files
[08/10/2013 – 16:02:19 | D ] C:Program Files (x86)
[07/10/2013 – 20:27:52 | HD ] C:ProgramData
[03/04/2011 – 23:03:16 | SHD ] C:System Recovery
[09/10/2013 – 11:31:00 | SHD ] C:System Volume Information
[09/10/2013 – 23:59:55 | D ] C:UsbFix
[09/10/2013 – 22:32:08 | N | 14312] C:UsbFix [Clean 1] ARSOUILLESLICK.txt
[10/10/2013 – 00:00:58 | A | 9335] C:UsbFix [Clean 2] ARSOUILLESLICK.txt
[09/10/2013 – 22:11:17 | N | 17379] C:UsbFix [Scan 2] ARSOUILLESLICK.txt
[15/06/2013 – 13:30:54 | RD ] C:Users
[09/10/2013 – 23:46:36 | D ] C:Windows

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2vcajbk5]