Répondre à : infection 2016-09-08T13:09:52+00:00
MATHILDE
Participant
Nombre d'articles : 19

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Mathilde (Administrateur) # MATHILDE-PC
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 22:09:03 | 18/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0RGR2N)
CPU: Intel(R) Celeron(R) CPU 1017U @ 1.60GHz
RAM -> [Total : 1908 | Free : 610]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

B: -> Disque fixe # 15 Go (6 Go libre(s) – 41%) [] # NTFS
C: -> Disque fixe # 98 Go (71 Go libre(s) – 73%) [OS] # NTFS
D: (%systemdrive%) -> Disque fixe # 181 Go (165 Go libre(s) – 91%) [Données] # NTFS
E: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
HKLMSOFTWAREwow6432Node | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-908918248-3973319080-3294201301-1002SOFTWARE | Run : [Dell Audio] –
HKUS-1-5-21-908918248-3973319080-3294201301-1002SOFTWARE | Run : [] –
HKUS-1-5-21-908918248-3973319080-3294201301-1002SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-908918248-3973319080-3294201301-1002SOFTWARE | Run : [updat] – wscript.exe //B “D:UTILIS~1MathildeAppDataLocalTempupdat.vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 1008 |ParentID 652)
Stoppé! C:Windowssystem32vcsFPService.exe (ID 1252 |ParentID 652)
Stoppé! C:Program FilesDellDW WLAN CardWLTRYSVC.EXE (ID 1388 |ParentID 652)
Stoppé! C:Windowssystem32WLANExt.exe (ID 1412 |ParentID 452)
Stoppé! C:Program FilesDellDW WLAN Cardbcmwltry.exe (ID 1420 |ParentID 1388)
Stoppé! C:Windowssystem32conhost.exe (ID 1432 |ParentID 472)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1544 |ParentID 652)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1692 |ParentID 652)
Stoppé! C:Program Files (x86)Dell WirelessBluetooth Suiteadminservice.exe (ID 1712 |ParentID 652)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID 1732 |ParentID 652)
Stoppé! C:Windowssystem32CxAudMsg64.exe (ID 1772 |ParentID 652)
Stoppé! C:Program FilesConexantSA3CxUtilSvc.exe (ID 1792 |ParentID 652)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID 1828 |ParentID 652)
Stoppé! C:windowsSysWOW64irstrtsv.exe (ID 1880 |ParentID 652)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID 1908 |ParentID 652)
Stoppé! C:Program Files (x86)Dell DataSafe Local Backupsftservice.EXE (ID 1964 |ParentID 652)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 1344 |ParentID 652)
Stoppé! C:Program Files (x86)Dell WirelessAth_WlanAgent.exe (ID 376 |ParentID 652)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2160 |ParentID 1344)
Stoppé! C:Program FilesMicrosoft Security ClientNisSrv.exe (ID 2424 |ParentID 652)
Stoppé! C:Windowssystem32taskhost.exe (ID 2932 |ParentID 652)
Stoppé! C:Program Files (x86)Dell DataSafe Local BackupTOASTER.EXE (ID 2664 |ParentID 1964)
Stoppé! C:Program Files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXE (ID 2808 |ParentID 1964)
Stoppé! C:Program FilesCirrus Logic Audio PanelCirrusAudioPanel_Dell.exe (ID 2884 |ParentID 3036)
Stoppé! C:Program FilesDellQuickSetquickset.exe (ID 3392 |ParentID 3036)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID 3516 |ParentID 3036)
Stoppé! C:Program FilesDellDW WLAN CardWLTRAY.EXE (ID 3536 |ParentID 3036)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 3544 |ParentID 3036)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 3552 |ParentID 3036)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 3688 |ParentID 3036)
Stoppé! C:Program Files (x86)Dell WirelessBluetooth SuiteBtvStack.exe (ID 3876 |ParentID 3036)
Stoppé! C:Program Files (x86)Dell WirelessBluetooth SuiteAthBtTray.exe (ID 3900 |ParentID 3036)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 3920 |ParentID 3036)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 3956 |ParentID 3036)
Stoppé! C:WindowsSystem32wscript.exe (ID 3964 |ParentID 3036)
Stoppé! C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe (ID 4200 |ParentID 356)
Stoppé! C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe (ID 4328 |ParentID 356)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 4464 |ParentID 4252)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 4568 |ParentID 652)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 4392 |ParentID 652)
Stoppé! C:Windowssystem32DllHost.exe (ID 5536 |ParentID 824)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 5696 |ParentID 3036)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 4748 |ParentID 4224)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID 3752 |ParentID 652)
Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID 3592 |ParentID 652)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 4496 |ParentID 652)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 2644 |ParentID 652)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 4228 |ParentID 652)
Stoppé! C:Windowssystem32wuauclt.exe (ID 6024 |ParentID 396)
Stoppé! C:windowsSystem32WUDFHost.exe (ID 2912 |ParentID 452)
Stoppé! D:UTILIS~1MathildeAppDataLocalTempAvira Free Antivirus 2013 13.0.0.3185.exe (ID 784 |ParentID 5328)
Stoppé! D:UTILIS~1MathildeAppDataLocalTempRarSFX0avwebloader.exe (ID 4440 |ParentID 784)
Stoppé! D:UTILIS~1MathildeAppDataLocalTempavnwldrtempsetuppresetup.exe (ID 5592 |ParentID 4440)
Stoppé! D:UTILIS~1MathildeAppDataLocalTempavnwldrtempsetupsetup.exe (ID 6280 |ParentID 5592)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 7004 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 7016 |ParentID 7004)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 6588 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir DesktopAVWEBGRD.EXE (ID 6652 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 6092 |ParentID 3036)
Stoppé! C:Windowssystem32taskhost.exe (ID 6728 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavconfig.exe (ID 5608 |ParentID 6280)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavcenter.exe (ID 6500 |ParentID 5608)
Stoppé! C:program files (x86)aviraantivir desktopavscan.exe (ID 5372 |ParentID 6500)
Stoppé! C:Program Files (x86)AskPartnerNetworkToolbarapnmcp.exe (ID 5684 |ParentID 652)
Stoppé! C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe (ID 4172 |ParentID 4544)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 6460 |ParentID 5696)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 6844 |ParentID 6460)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 1724 |ParentID 6844)
Stoppé! C:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID 5708 |ParentID 8588)
Stoppé! C:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID 8792 |ParentID 1008)
Stoppé! C:Windowssystem32conhost.exe (ID 6220 |ParentID 472)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID 8852 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavcenter.exe (ID 7404 |ParentID 6092)

################## | Éléments infectieux |

Supprimé! D:UTILIS~1MathildeAppDataLocalTempupdat.vbs
Supprimé! E:modèle de l’atome.lnk
Supprimé! E:Expérience de Rutherford.lnk
Supprimé! E:Autorun.inf.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[14/10/2013 – 15:52:19 | SHD ] B:$RECYCLE.BIN
[18/10/2013 – 22:16:42 | RASHD ] B:Autorun.inf
[17/10/2013 – 18:12:29 | D ] B:SuiteLoRdi
[11/10/2013 – 12:06:38 | SHD ] C:$Recycle.Bin
[18/10/2013 – 22:16:42 | RASHD ] C:Autorun.inf
[15/05/2012 – 13:43:25 | SHD ] C:Boot
[21/11/2010 – 05:23:51 | RASH | 383786] C:bootmgr
[23/02/2011 – 15:08:04 | RASH | 8192] C:BOOTSECT.BAK
[15/05/2012 – 12:15:16 | N | 2124] C:dell.sdr
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[17/10/2013 – 17:58:29 | ASH | 1500704768] C:hiberfil.sys
[13/09/2012 – 15:26:05 | D ] C:Intel
[17/10/2013 – 17:58:35 | ASH | 2000941056] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[06/06/2012 – 09:16:04 | D ] C:Pilotes
[06/05/2013 – 22:42:55 | D ] C:Program Files
[17/10/2013 – 19:05:04 | D ] C:Program Files (x86)
[17/10/2013 – 19:05:04 | HD ] C:ProgramData
[15/05/2012 – 14:06:45 | SHD ] C:System Recovery
[17/10/2013 – 17:51:08 | SHD ] C:System Volume Information
[18/10/2013 – 22:14:51 | D ] C:UsbFix
[24/05/2012 – 18:46:25 | RD ] C:Users
[17/10/2013 – 17:54:08 | D ] C:Windows
[11/10/2013 – 12:06:38 | SHD ] D:$RECYCLE.BIN
[18/10/2013 – 22:16:42 | RASHD ] D:Autorun.inf
[17/10/2013 – 20:11:14 | N | 15728640512] D:SuiteLoRdi.vhd
[05/06/2012 – 17:33:43 | SHD ] D:System Volume Information
[18/10/2013 – 22:17:46 | A | 11873] D:UsbFix [Clean 4] MATHILDE-PC.txt
[18/10/2013 – 22:16:46 | A | 7643] D:UsbFix [Clean 5] MATHILDE-PC.txt
[17/10/2013 – 18:14:22 | N | 10746] D:UsbFix [Scan 1] MATHILDE-PC.txt
[17/10/2013 – 18:32:07 | N | 10439] D:UsbFix [Scan 2] MATHILDE-PC.txt
[17/10/2013 – 18:52:11 | N | 10383] D:UsbFix [Scan 6] MATHILDE-PC.txt
[11/10/2013 – 12:05:32 | D ] D:Utilisateurs
[18/10/2013 – 22:16:44 | RASHD ] E:Autorun.inf

################## | Vaccin |

B:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)