Répondre à : Virus clé USB 2016-09-08T13:08:40+00:00
Photo du profil de liobartliobart
Participant
Post count: 20

Voici

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Lionel (Administrateur) # LIONEL-VAIO
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 09:34:32 | 11/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
RAM -> [Total : 4078 | Free : 2618]
Bios: INSYDE
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 451 Go (166 Go libre(s) – 37%) [] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 4 Go (3 Go libre(s) – 76%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [NBKeyScan] – “C:Program Files (x86)NeroNero8Nero BackItUpNBKeyScan.exe”
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [Reader Application Helper] – C:Program Files (x86)SonyReaderDesktopappHelperReaderAppHelper.exe
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [NBKeyScan] – “C:Program Files (x86)NeroNero8Nero BackItUpNBKeyScan.exe”
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [Reader Application Helper] – C:Program Files (x86)SonyReaderDesktopappHelperReaderAppHelper.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-452830476-2162888841-3733067985-1001SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-452830476-2162888841-3733067985-1001SOFTWARE | Run : [Steam] – “C:Program Files (x86)Steamsteam.exe” -silent
HKUS-1-5-21-452830476-2162888841-3733067985-1001SOFTWARE | Run : [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] – “C:Program Files (x86)Common FilesNeroLibNMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
HKUS-1-5-21-452830476-2162888841-3733067985-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-452830476-2162888841-3733067985-1001SOFTWARE | Run : [26cdCWs2] – wscript.exe //B “C:UsersLionelAppDataLocalTemp26cdCWs2.vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32ctfmon.exe (ID 1404 |ParentID 1360)
Stoppé! C:Windowssystem32DllHost.exe (ID 1616 |ParentID 644)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 1924 |ParentID 1360)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 1332 |ParentID 1924)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 1516 |ParentID 1924)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 1772 |ParentID 1924)

################## | Éléments infectieux |

Supprimé! C:UsersLionelAppDataRoaminginst.exe
Supprimé! F:activation.lnk
Supprimé! F:MicrosoftOffice2010x64.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU….ExplorerMountPoints2{37f4e0a6-fffd-11e2-93c5-78843cfab0bd}

################## | Listing |

[26/09/2013 – 21:46:27 | SHD ] C:$Recycle.Bin
[11/10/2013 – 08:33:49 | SHD ] C:Config.Msi
[24/01/2013 – 12:54:03 | D ] C:Crash
[26/08/2012 – 19:27:03 | D ] C:Documentation
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[08/06/2013 – 11:08:20 | D ] C:drivers
[03/10/2013 – 10:59:50 | N | 9] C:END
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1028.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1031.txt
[07/11/2007 – 08:00:40 | N | 10134] C:eula.1033.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1036.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1040.txt
[07/11/2007 – 08:00:40 | N | 118] C:eula.1041.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1042.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.2052.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.3082.txt
[30/09/2013 – 20:23:45 | D ] C:Firefox
[07/11/2007 – 08:00:40 | N | 1110] C:globdata.ini
[11/10/2013 – 09:33:06 | ASH | 3206959104] C:hiberfil.sys
[07/11/2007 – 08:03:18 | N | 562688] C:install.exe
[07/11/2007 – 08:00:40 | N | 843] C:install.ini
[07/11/2007 – 08:03:18 | N | 76304] C:install.res.1028.dll
[07/11/2007 – 08:03:18 | N | 96272] C:install.res.1031.dll
[07/11/2007 – 08:03:18 | N | 91152] C:install.res.1033.dll
[07/11/2007 – 08:03:18 | N | 97296] C:install.res.1036.dll
[07/11/2007 – 08:03:18 | N | 95248] C:install.res.1040.dll
[07/11/2007 – 08:03:18 | N | 81424] C:install.res.1041.dll
[07/11/2007 – 08:03:18 | N | 79888] C:install.res.1042.dll
[07/11/2007 – 08:03:18 | N | 75792] C:install.res.2052.dll
[07/11/2007 – 08:03:18 | N | 96272] C:install.res.3082.dll
[26/08/2012 – 19:57:05 | N | 317132] C:lv.log
[06/01/2013 – 18:35:55 | RHD ] C:MSOCache
[11/10/2013 – 09:33:07 | ASH | 4275945472] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[11/09/2013 – 09:56:12 | D ] C:Program Files
[10/10/2013 – 23:40:49 | D ] C:Program Files (x86)
[10/10/2013 – 23:40:54 | HD ] C:ProgramData
[28/10/2012 – 11:51:25 | D ] C:Riot Games
[26/08/2012 – 19:56:52 | D ] C:SPLASH.000
[26/08/2012 – 19:56:52 | N | 87] C:splash.idx
[26/08/2012 – 19:56:29 | D ] C:SPLASH.SYS
[11/10/2013 – 07:52:12 | SHD ] C:System Volume Information
[26/08/2012 – 20:00:55 | D ] C:temp
[13/03/2013 – 20:12:32 | N | 348186] C:test.xml
[14/08/2012 – 12:08:10 | N | 927] C:tmp1
[14/08/2012 – 12:08:12 | N | 128] C:tmp2
[27/09/2013 – 10:59:54 | D ] C:Update
[11/10/2013 – 09:39:12 | D ] C:UsbFix
[11/10/2013 – 09:11:24 | N | 10079] C:UsbFix [Clean 2] LIONEL-VAIO.txt
[11/10/2013 – 09:40:30 | A | 6932] C:UsbFix [Clean 3] LIONEL-VAIO.txt
[11/10/2013 – 09:08:59 | N | 11430] C:UsbFix [Scan 2] LIONEL-VAIO.txt
[26/08/2012 – 19:11:41 | RD ] C:Users
[26/08/2012 – 20:01:04 | D ] C:VAIO Sample Contents
[07/11/2007 – 08:00:40 | N | 5686] C:vcredist.bmp
[07/11/2007 – 08:09:22 | N | 1442522] C:VC_RED.cab
[07/11/2007 – 08:12:28 | N | 232960] C:VC_RED.MSI
[10/01/2011 – 20:27:44 | N | 4112] C:version
[11/10/2013 – 09:33:06 | D ] C:Windows
[26/08/2012 – 19:27:04 | D ] C:_FS_SWRINFO
[06/01/2013 – 18:23:52 | D ] F:activation
[06/01/2013 – 18:10:34 | D ] F:MicrosoftOffice2010x64

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)