Répondre à : clé usb infectée 2016-09-08T13:09:43+00:00
gabrielle67
Participant
Nombre d'articles : 11

voila le rapport!

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: oceane (Administrateur) # OCEANE-PC
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 17:03:25 | 16/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Packard Bell (EG50_HC_HR)
CPU: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
RAM -> [Total : 1884 | Free : 592]
Bios: Packard Bell
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 280 Go (131 Go libre(s) – 47%) [Packard Bell] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (7 Go libre(s) – 92%) [USB DISK] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
HKLMSOFTWARE | Run : [Tutorials] –
HKLMSOFTWARE | Run : [PrivitizeVPN] – C:Program Files (x86)PrivitizeVPNPrivitizeVPN.exe /autorun
HKLMSOFTWARE | Run : [ROC_roc_ssl_v12] – “C:Program Files (x86)AVG Secure SearchROC_roc_ssl_v12.exe” / /PROMPT /CMPID=roc_ssl_v12
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [Nikon Message Center 2] – C:Program Files (x86)NikonNikon Message Center 2NkMC2.exe -s
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
HKLMSOFTWAREwow6432Node | Run : [Tutorials] –
HKLMSOFTWAREwow6432Node | Run : [PrivitizeVPN] – C:Program Files (x86)PrivitizeVPNPrivitizeVPN.exe /autorun
HKLMSOFTWAREwow6432Node | Run : [ROC_roc_ssl_v12] – “C:Program Files (x86)AVG Secure SearchROC_roc_ssl_v12.exe” / /PROMPT /CMPID=roc_ssl_v12
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [Nikon Message Center 2] – C:Program Files (x86)NikonNikon Message Center 2NkMC2.exe -s
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-779274523-282585124-311088928-1000SOFTWARE | Run : [Driver Whiz] – C:Program Files (x86)Driver WhizDriver WhizDriverWhiz.exe /applicationMode:systemTray /showWelcome:false
HKUS-1-5-21-779274523-282585124-311088928-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1252 |ParentID 624)
Stoppé! C:Windowssystem32WLANExt.exe (ID 1260 |ParentID 1020)
Stoppé! C:Windowssystem32conhost.exe (ID 1272 |ParentID 472)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1388 |ParentID 624)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1504 |ParentID 624)
Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID 1548 |ParentID 624)
Stoppé! C:Program FilesPackard BellPackard Bell Power ManagementePowerSvc.exe (ID 1680 |ParentID 624)
Stoppé! C:Program Files (x86)Launch ManagerLMutilps32.exe (ID 1688 |ParentID 1548)
Stoppé! C:Program Files (x86)Packard BellRegistrationGREGsvc.exe (ID 1756 |ParentID 624)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID 1808 |ParentID 624)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID 1848 |ParentID 624)
Stoppé! C:Program FilesPackard BellPackard Bell UpdaterUpdaterService.exe (ID 1872 |ParentID 624)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine19.9.0.9ccSvcHst.exe (ID 1920 |ParentID 624)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 2252 |ParentID 1020)
Stoppé! C:Windowssystem32taskhost.exe (ID 2992 |ParentID 624)
Stoppé! C:Windowssystem32taskeng.exe (ID 1936 |ParentID 488)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 2840 |ParentID 2480)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 2820 |ParentID 2480)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 776 |ParentID 624)
Stoppé! C:Program FilesPackard BellPackard Bell Power ManagementePowerTray.exe (ID 1868 |ParentID 2480)
Stoppé! C:WindowsvVX1000.exe (ID 1396 |ParentID 2480)
Stoppé! C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe (ID 1056 |ParentID 2480)
Stoppé! C:Windowssystem32igfxext.exe (ID 612 |ParentID 780)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID 2680 |ParentID 780)
Stoppé! C:Program Files (x86)Launch ManagerLManager.exe (ID 2760 |ParentID 960)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 504 |ParentID 960)
Stoppé! C:Program Files (x86)MyPC BackupMyPC Backup.exe (ID 1944 |ParentID 2480)
Stoppé! C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID 3132 |ParentID 2760)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 3192 |ParentID 776)
Stoppé! C:Program Files (x86)Launch ManagerLMworker.exe (ID 3264 |ParentID 1548)
Stoppé! C:Program FilesPackard BellPackard Bell Power ManagementePowerEvent.exe (ID 3404 |ParentID 1680)
Stoppé! C:Program Files (x86)MyPC BackupBackupStack.exe (ID 3980 |ParentID 624)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID 4040 |ParentID 624)
Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID 3492 |ParentID 624)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 4136 |ParentID 624)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 4276 |ParentID 624)
Stoppé! C:Program Files (x86)NeroUpdateNASvc.exe (ID 4368 |ParentID 624)
Stoppé! C:Windowssystem32sppsvc.exe (ID 4624 |ParentID 624)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 4916 |ParentID 624)
Stoppé! C:Windowssystem32taskhost.exe (ID 4944 |ParentID 624)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4248 |ParentID 2480)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4328 |ParentID 4248)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4752 |ParentID 4248)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3380 |ParentID 4248)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2000 |ParentID 4248)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 4312 |ParentID 776)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 3004 |ParentID 776)
Stoppé! C:Windowssystem32taskeng.exe (ID 3684 |ParentID 488)

################## | Éléments infectieux |

Supprimé! C:UsersoceaneAppDataLocalTemp27713-659804-daemon-tools.exe
Supprimé! C:UsersoceaneAppDataLocalTemp79787-671657-google-chrome.exe
Supprimé! C:UsersoceaneAppDataLocalTempOB.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU….ExplorerMountPoints2{da8d78eb-4f48-11e2-a5e9-b888e34b0665}

################## | Listing |

[20/11/2012 – 18:20:35 | SHD ] C:$Recycle.Bin
[24/06/2012 – 13:09:09 | D ] C:book
[23/05/2012 – 12:33:50 | RASH | 8192] C:BOOTSECT.BAK
[16/10/2013 – 16:52:49 | SHD ] C:Config.Msi
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[06/10/2012 – 17:22:26 | D ] C:Download
[14/05/2013 – 19:16:21 | N | 9] C:END
[11/04/2008 – 11:07:18 | N | 3820] C:eula.1028.txt
[11/04/2008 – 11:07:18 | N | 15428] C:eula.1031.txt
[11/04/2008 – 11:07:18 | N | 10058] C:eula.1033.txt
[11/04/2008 – 11:07:18 | N | 12246] C:eula.1036.txt
[11/04/2008 – 11:07:18 | N | 13912] C:eula.1040.txt
[11/04/2008 – 11:07:18 | N | 5868] C:eula.1041.txt
[11/04/2008 – 11:07:18 | N | 5970] C:eula.1042.txt
[11/04/2008 – 11:07:18 | N | 10134] C:eula.1049.txt
[11/04/2008 – 11:07:18 | N | 3814] C:eula.2052.txt
[11/04/2008 – 11:07:18 | N | 12936] C:eula.3082.txt
[11/04/2008 – 11:07:18 | N | 1110] C:globdata.ini
[16/10/2013 – 16:58:25 | ASH | 1481920512] C:hiberfil.sys
[28/10/2012 – 21:18:09 | N | 230424] C:img2-001.raw
[11/04/2008 – 09:03:48 | N | 562688] C:install.exe
[11/04/2008 – 11:07:18 | N | 843] C:install.ini
[11/04/2008 – 09:03:48 | N | 76304] C:install.res.1028.dll
[11/04/2008 – 09:03:48 | N | 96272] C:install.res.1031.dll
[11/04/2008 – 09:03:48 | N | 91152] C:install.res.1033.dll
[11/04/2008 – 09:03:48 | N | 97296] C:install.res.1036.dll
[11/04/2008 – 09:03:48 | N | 95248] C:install.res.1040.dll
[11/04/2008 – 09:03:48 | N | 81424] C:install.res.1041.dll
[11/04/2008 – 09:03:48 | N | 79888] C:install.res.1042.dll
[11/04/2008 – 11:09:24 | N | 93200] C:install.res.1049.dll
[11/04/2008 – 09:03:48 | N | 75792] C:install.res.2052.dll
[11/04/2008 – 09:03:48 | N | 96272] C:install.res.3082.dll
[24/06/2012 – 13:05:24 | D ] C:Intel
[06/10/2012 – 16:17:29 | D ] C:OEM
[16/10/2013 – 16:58:43 | ASH | 1975894016] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[14/05/2013 – 19:31:54 | D ] C:Poker
[16/10/2013 – 13:17:29 | D ] C:Program Files
[16/10/2013 – 15:24:42 | D ] C:Program Files (x86)
[16/10/2013 – 15:24:25 | HD ] C:ProgramData
[10/01/2013 – 20:13:46 | D ] C:Programs
[06/10/2012 – 16:15:17 | SHD ] C:Recovery
[22/09/2013 – 19:35:09 | SHD ] C:System Volume Information
[06/10/2012 – 17:22:26 | D ] C:tmpDownload
[06/10/2012 – 17:23:49 | N | 202] C:urllog.txt
[16/10/2013 – 17:09:31 | D ] C:UsbFix
[16/10/2013 – 17:12:53 | A | 10232] C:UsbFix [Clean 10] OCEANE-PC.txt
[16/10/2013 – 16:57:20 | N | 4004] C:UsbFix [Clean 9] OCEANE-PC.txt
[16/10/2013 – 15:44:35 | N | 9033] C:UsbFix [Scan 1] OCEANE-PC.txt
[20/11/2012 – 12:14:56 | N | 454] C:user.js
[23/10/2012 – 11:40:25 | RD ] C:Users
[11/04/2008 – 11:07:18 | N | 5686] C:vcredist.bmp
[11/04/2008 – 11:09:38 | N | 3797292] C:VC_RED.cab
[11/04/2008 – 11:11:40 | N | 233472] C:VC_RED.MSI
[02/06/2013 – 21:09:44 | D ] C:Windows
[06/10/2012 – 17:22:15 | N | 213158] C:ymdlog.txt
[06/10/2012 – 17:33:15 | D ] C:YoutubeMusicDownloader
[20/09/2003 – 00:12:44 | RAD ] D:VIDEO_TS
[13/10/2013 – 13:43:12 | D ] E:LOST.DIR
[13/10/2013 – 13:54:10 | D ] E:The Last House On The Left.French.DVDrip.Xvid.AC3-FwD
[13/10/2013 – 16:06:06 | N | 0] E:Prisoners.2013.FRENCH.TS.XVid-STVFR.avi
[01/01/2000 – 02:09:24 | D ] E:µMSTPVR

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |