Répondre à : infection 2016-09-08T13:09:53+00:00
MATHILDE
Participant
Nombre d'articles : 20

voici le premier rapport : https://antimalware.top/log/SosUpload.4468757666562e073a47e5626a3b7d72.txt” onclick=”window.open(this.href);return false;

et là le scan de usbfix : ############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Mathilde (Administrateur) # MATHILDE-PC
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 19:57:57 | 20/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0RGR2N)
CPU: Intel(R) Celeron(R) CPU 1017U @ 1.60GHz
RAM -> [Total : 1908 | Free : 647]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

B: -> Disque fixe # 15 Go (6 Go libre(s) – 41%) [] # NTFS
C: -> Disque fixe # 98 Go (71 Go libre(s) – 73%) [OS] # NTFS
D: (%systemdrive%) -> Disque fixe # 181 Go (166 Go libre(s) – 92%) [Données] # NTFS

################## | Regedit Run |

HKLMSOFTWARE | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
HKLMSOFTWAREwow6432Node | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-908918248-3973319080-3294201301-1002SOFTWARE | Run : [] –
HKUS-1-5-21-908918248-3973319080-3294201301-1002SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 1008 |ParentID 652)
Stoppé! C:Program FilesMicrosoft Security ClientNisSrv.exe (ID 2424 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 7004 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 7016 |ParentID 7004)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 6588 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir DesktopAVWEBGRD.EXE (ID 6652 |ParentID 652)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 6092 |ParentID 3036)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID 6048 |ParentID 652)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 9048 |ParentID 652)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 656 |ParentID 9048)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 3376 |ParentID 652)
Stoppé! C:Windowssystem32wuauclt.exe (ID 8328 |ParentID 396)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 5724 |ParentID 652)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 7456 |ParentID 652)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID 3720 |ParentID 652)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 6376 |ParentID 652)
Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID 8836 |ParentID 652)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID 5656 |ParentID 652)
Stoppé! C:Windowssystem32DllHost.exe (ID 4500 |ParentID 824)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavcenter.exe (ID 2872 |ParentID 3036)
Stoppé! C:windowsSystem32WUDFHost.exe (ID 7248 |ParentID 452)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 3564 |ParentID 3036)
Stoppé! D:UtilisateursMathildeDesktopRogueKillerX64.exe (ID 504 |ParentID 3036)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 6240 |ParentID 3564)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 1476 |ParentID 6240)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 8720 |ParentID 1476)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[14/10/2013 – 15:52:19 | SHD ] B:$RECYCLE.BIN
[18/10/2013 – 22:17:46 | RASHD ] B:Autorun.inf
[17/10/2013 – 18:12:29 | D ] B:SuiteLoRdi
[11/10/2013 – 12:06:38 | SHD ] C:$Recycle.Bin
[18/10/2013 – 22:17:46 | RASHD ] C:Autorun.inf
[21/11/2010 – 05:23:51 | RASH | 383786] C:bootmgr
[23/02/2011 – 15:08:04 | RASH | 8192] C:BOOTSECT.BAK
[15/05/2012 – 12:15:16 | N | 2124] C:dell.sdr
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[17/10/2013 – 17:58:29 | ASH | 1500704768] C:hiberfil.sys
[13/09/2012 – 15:26:05 | D ] C:Intel
[17/10/2013 – 17:58:35 | ASH | 2000941056] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[18/10/2013 – 22:54:00 | N | 512] C:PhysicalDisk0_MBR.bin
[06/06/2012 – 09:16:04 | D ] C:Pilotes
[06/05/2013 – 22:42:55 | D ] C:Program Files
[18/10/2013 – 22:33:31 | D ] C:Program Files (x86)
[17/10/2013 – 19:05:04 | HD ] C:ProgramData
[15/05/2012 – 14:06:45 | SHD ] C:System Recovery
[20/10/2013 – 19:16:12 | SHD ] C:System Volume Information
[20/10/2013 – 20:03:06 | D ] C:UsbFix
[24/05/2012 – 18:46:25 | RD ] C:Users
[17/10/2013 – 17:54:08 | D ] C:Windows
[11/10/2013 – 12:06:38 | SHD ] D:$RECYCLE.BIN
[18/10/2013 – 22:17:47 | RASHD ] D:Autorun.inf
[19/10/2013 – 04:46:32 | N | 15728640512] D:SuiteLoRdi.vhd
[05/06/2012 – 17:33:43 | SHD ] D:System Volume Information
[18/10/2013 – 22:17:47 | N | 12693] D:UsbFix [Clean 4] MATHILDE-PC.txt
[18/10/2013 – 22:16:46 | N | 7643] D:UsbFix [Clean 5] MATHILDE-PC.txt
[20/10/2013 – 20:04:45 | A | 7385] D:UsbFix [Clean 6] MATHILDE-PC.txt
[17/10/2013 – 18:14:22 | N | 10746] D:UsbFix [Scan 1] MATHILDE-PC.txt
[17/10/2013 – 18:32:07 | N | 10439] D:UsbFix [Scan 2] MATHILDE-PC.txt
[17/10/2013 – 18:52:11 | N | 10383] D:UsbFix [Scan 6] MATHILDE-PC.txt
[11/10/2013 – 12:05:32 | D ] D:Utilisateurs

################## | Vaccin |

B:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |