Répondre à : fichier transformé en racourci sur mes 2 clefs usb 2016-09-08T13:11:06+00:00
Photo du profil de greattomgreattom
Participant
Post count: 2

voila ça a l’air ok

[spoiler:j7z3hk34]############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Tom (Administrateur) # TOM-HP
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 20:48:10 | 23/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (1659)
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
RAM -> [Total : 6092 | Free : 3625]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 449 Go (104 Go libre(s) – 23%) [] # NTFS
D: -> Disque fixe # 17 Go (2 Go libre(s) – 10%) [RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 99 Mo (89 Mo libre(s) – 90%) [HP_TOOLS] # FAT32
G: -> CD-ROM
H: -> Disque amovible # 30 Go (25 Go libre(s) – 84%) [MOMO] # FAT32
I: -> Disque amovible # 2 Go (2 Go libre(s) – 100%) [] # FAT

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [HPConnectionManager] – C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [NUSB3MON] – “C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [HPConnectionManager] – C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
HKLMSOFTWARE | RunOnce : [Malwarebytes Anti-Malware] – C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [Malwarebytes Anti-Malware] – C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [Free Download Manager] – C:Program Files (x86)Free Download Managerfdm.exe -autorun
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [Software Informer] – “C:Program Files (x86)Software Informersoftinfo.exe” -autorun
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [fsm] –
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [RegistryBooster] – “C:Program Files (x86)UniblueRegistryBoosterlauncher.exe” delay 20000
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [Steam] – “C:Program Files (x86)Steamsteam.exe” -silent
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /nosplash /minimized
HKUS-1-5-21-4178896189-2504729496-1843057098-1000SOFTWARE | Run : [EPLTargetP0000000000000000] – C:Windowssystem32spoolDRIVERSx643E_IATIIOE.EXE /EPT “EPLTargetP0000000000000000” /M “XP-30 33 Series”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1816 |ParentID 768)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4836 |ParentID 3284)
Stoppé! C:Windowsexplorer.exe (ID 6048 |ParentID 536)
Stoppé! C:WindowsSystem32rundll32.exe (ID 1980 |ParentID 896)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 7792 |ParentID 1028)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 7616 |ParentID 768)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3596 |ParentID 768)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 6284 |ParentID 768)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 1592 |ParentID 768)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 6948 |ParentID 6284)
Stoppé! C:Windowssystem32taskeng.exe (ID 7092 |ParentID 1108)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 844 |ParentID 768)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID 1624 |ParentID 768)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine18.7.2.3ccSvcHst.exe (ID 2564 |ParentID 768)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7860 |ParentID 6048)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2172 |ParentID 7860)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7596 |ParentID 7860)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6856 |ParentID 7860)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4032 |ParentID 7860)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5856 |ParentID 7860)
Stoppé! C:Program FilesInternet ExplorerIEXPLORE.EXE (ID 3344 |ParentID 3792)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 1664 |ParentID 3344)
Stoppé! C:Windowssystem32DllHost.exe (ID 5756 |ParentID 896)
Stoppé! C:Program Files (x86)MicrosoftBingBar7.2.241.0BingApp.exe (ID 6080 |ParentID 896)
Stoppé! C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe (ID 3912 |ParentID 3344)
Stoppé! C:Program Files (x86)MicrosoftBingBar7.2.241.0SeaPort.exe (ID 1572 |ParentID 768)
Stoppé! C:Program Files (x86)MicrosoftBingBar7.2.241.0BingBar.exe (ID 6232 |ParentID 896)
Stoppé! C:Program Files (x86)MicrosoftBingBar7.2.241.0BingSurrogate.exe (ID 4524 |ParentID 896)
Stoppé! C:Program Files (x86)MicrosoftBingBar7.2.241.0BingSurrogate.exe (ID 4848 |ParentID 896)
Stoppé! C:Program Files (x86)MicrosoftBingBar7.2.241.0BingSurrogate.exe (ID 2156 |ParentID 896)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 1864 |ParentID 1028)

################## | Éléments infectieux |

Non supprimé ! E:Launcher.exe
Non supprimé ! E:Autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[10/09/2011 – 15:58:50 | SHD ] C:$Recycle.Bin
[23/10/2013 – 19:45:27 | D ] C:AdwCleaner
[20/08/2013 – 15:56:53 | D ] C:ArcTemp
[23/10/2013 – 20:21:54 | RASHD ] C:Autorun.inf
[25/04/2011 – 01:27:09 | SD ] C:boot
[21/11/2010 – 05:23:51 | RAS | 383786] C:bootmgr
[16/10/2013 – 10:40:02 | SHD ] C:Config.Msi
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[16/08/2013 – 23:38:28 | D ] C:Downloads
[07/11/2007 – 09:00:40 | N | 17734] C:eula.1028.txt
[07/11/2007 – 09:00:40 | N | 17734] C:eula.1031.txt
[07/11/2007 – 09:00:40 | N | 10134] C:eula.1033.txt
[07/11/2007 – 09:00:40 | N | 17734] C:eula.1036.txt
[07/11/2007 – 09:00:40 | N | 17734] C:eula.1040.txt
[07/11/2007 – 09:00:40 | N | 118] C:eula.1041.txt
[07/11/2007 – 09:00:40 | N | 17734] C:eula.1042.txt
[11/04/2008 – 10:07:18 | N | 10134] C:eula.1049.txt
[07/11/2007 – 09:00:40 | N | 17734] C:eula.2052.txt
[07/11/2007 – 09:00:40 | N | 17734] C:eula.3082.txt
[11/04/2008 – 10:07:18 | N | 1110] C:globdata.ini
[23/10/2013 – 19:46:45 | ASH | 4790833152] C:hiberfil.sys
[15/07/2011 – 17:10:40 | D ] C:HP
[11/04/2008 – 08:03:48 | N | 562688] C:install.exe
[11/04/2008 – 10:07:18 | N | 843] C:install.ini
[11/04/2008 – 08:03:48 | N | 76304] C:install.res.1028.dll
[11/04/2008 – 08:03:48 | N | 96272] C:install.res.1031.dll
[11/04/2008 – 08:03:48 | N | 91152] C:install.res.1033.dll
[11/04/2008 – 08:03:48 | N | 97296] C:install.res.1036.dll
[11/04/2008 – 08:03:48 | N | 95248] C:install.res.1040.dll
[11/04/2008 – 08:03:48 | N | 81424] C:install.res.1041.dll
[11/04/2008 – 08:03:48 | N | 79888] C:install.res.1042.dll
[11/04/2008 – 10:09:24 | N | 93200] C:install.res.1049.dll
[11/04/2008 – 08:03:48 | N | 75792] C:install.res.2052.dll
[11/04/2008 – 08:03:48 | N | 96272] C:install.res.3082.dll
[15/07/2011 – 16:54:25 | D ] C:Intel
[23/10/2013 – 19:46:45 | ASH | 6387777536] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[15/09/2013 – 12:47:01 | D ] C:Program Files
[23/10/2013 – 19:50:08 | D ] C:Program Files (x86)
[23/10/2013 – 19:50:09 | D ] C:ProgramData
[10/09/2011 – 15:52:43 | SHD ] C:Recovery
[02/06/2013 – 21:21:38 | D ] C:SWSetup
[22/10/2013 – 08:24:34 | SHD ] C:System Volume Information
[10/09/2011 – 15:52:49 | D ] C:SYSTEM.SAV
[14/09/2013 – 11:53:02 | D ] C:temp
[23/10/2013 – 20:50:36 | D ] C:UsbFix
[23/10/2013 – 20:17:11 | N | 19726] C:UsbFix [Clean 4] TOM-HP.txt
[23/10/2013 – 20:21:59 | N | 15226] C:UsbFix [Clean 5] TOM-HP.txt
[23/10/2013 – 20:51:35 | A | 11944] C:UsbFix [Clean 7] TOM-HP.txt
[23/10/2013 – 19:02:44 | N | 14086] C:UsbFix [Scan 1] TOM-HP.txt
[23/10/2013 – 19:40:27 | N | 13672] C:UsbFix [Scan 4] TOM-HP.txt
[23/10/2013 – 19:58:50 | N | 16623] C:UsbFix [Scan 5] TOM-HP.txt
[28/05/2012 – 11:34:00 | N | 1579] C:user.js
[20/08/2013 – 16:11:24 | RD ] C:Users
[11/04/2008 – 10:07:18 | N | 5686] C:vcredist.bmp
[07/11/2007 – 08:09:22 | N | 1442522] C:VC_RED.cab
[07/11/2007 – 08:12:28 | N | 232960] C:VC_RED.MSI
[23/10/2013 – 19:27:43 | D ] C:Windows
[10/09/2011 – 15:58:50 | SHD ] D:$RECYCLE.BIN
[23/10/2013 – 20:21:54 | RASHD ] D:Autorun.inf
[10/09/2011 – 15:58:48 | RASD ] D:boot
[14/07/2009 – 20:39:00 | RAS | 383562] D:bootmgr
[10/09/2011 – 15:58:48 | D ] D:FactoryUpdate
[10/09/2011 – 15:58:48 | D ] D:hp
[14/02/2012 – 10:48:00 | N | 20] D:HPSF_Rep.txt
[17/04/2012 – 12:04:01 | N | 8] D:HP_WSD.dat
[10/09/2011 – 15:58:48 | RSD ] D:preload
[10/09/2011 – 15:58:48 | RSD ] D:recovery
[10/09/2011 – 15:58:48 | D ] D:RM_Reserve
[28/01/2013 – 23:46:49 | SHD ] D:System Volume Information
[03/06/2011 – 15:01:07 | RA | 59] E:Autorun.inf
[03/06/2011 – 15:03:26 | RAD ] E:DirectX 9.0c
[03/06/2011 – 15:03:27 | RAD ] E:dotNET Framework
[03/06/2011 – 15:01:08 | RA | 305056] E:Launcher.exe
[03/06/2011 – 16:41:30 | RAD ] E:LauncherData
[03/06/2011 – 15:01:18 | RA | 2249632] E:Setup.exe
[03/06/2011 – 16:33:34 | RA | 2097756416] E:Setup-1.bin
[03/06/2011 – 16:33:41 | RA | 2100000000] E:Setup-2.bin
[03/06/2011 – 15:11:44 | RA | 108223947] E:Setup-3.bin
[03/06/2011 – 15:01:10 | RAD ] E:Visual Studio Redistribuable
[15/07/2011 – 17:16:18 | SHD ] F:$RECYCLE.BIN
[17/04/2012 – 12:04:02 | N | 8] F:HP_WSD.dat
[15/07/2011 – 17:00:50 | D ] F:Hewlett-Packard
[14/02/2012 – 09:48:02 | N | 20] F:HPSF_Rep.txt
[23/10/2013 – 20:21:56 | RASHD ] F:Autorun.inf
[19/08/2013 – 10:57:14 | N | 576148674] H:[www.Cpasbien.me] Game.of.Thrones.S03E08.FRENCH.LD.HDTV.XviD-MiND.avi
[19/08/2013 – 11:06:22 | N | 578455392] H:[www.Cpasbien.me] Game.of.Thrones.S03E01.FRENCH.LD.HDTV.XviD-MiND.avi
[19/08/2013 – 10:51:26 | N | 578627968] H:[www.Cpasbien.me] Game.of.Thrones.S03E09.FRENCH.LD.HDTV.XviD-MiND.avi
[19/08/2013 – 10:57:20 | N | 578323306] H:[www.Cpasbien.me] Game.of.Thrones.S03E07.FRENCH.LD.HDTV.XviD-MiND.avi
[19/08/2013 – 00:19:18 | N | 579819714] H:[www.Cpasbien.me] Game.of.Thrones.S03E05.FRENCH.LD.HDTV.XviD-MiND.avi
[19/08/2013 – 11:13:34 | N | 572581888] H:[www.Cpasbien.me] Game.of.Thrones.S03E02.FRENCH.HDTV.XviD-ATN.avi
[18/08/2013 – 21:57:28 | N | 578250406] H:[www.Cpasbien.me] Game.of.Thrones.S03E04.FRENCH.LD.HDTV.XviD-MiND.avi
[18/08/2013 – 21:44:38 | N | 578157834] H:[www.Cpasbien.me] Game.of.Thrones.S03E03.FRENCH.LD.HDTV.XviD-MiND.avi
[18/08/2013 – 23:47:46 | N | 576506234] H:[www.Cpasbien.me] Game.of.Thrones.S03E06.FRENCH.LD.HDTV.XviD-MiND.avi
[12/10/2013 – 14:45:18 | N | 11264] H:Pestel bar gaming.doc
[12/10/2013 – 14:45:18 | N | 11264] H:Pestel bar gaming (2).doc
[23/10/2013 – 20:21:56 | RASHD ] H:Autorun.inf
[23/10/2013 – 20:21:56 | RASHD ] I:Autorun.inf
[29/05/2013 – 15:24:34 | N | 9646592] I:Solutions ecommerce et positionnement commercial.ppt

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:j7z3hk34]