Répondre à : Dossiers et fichiers en raccourcis sur clé USB 2016-09-08T13:11:15+00:00
nico001
Post count: 0

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: MEDION (Administrateur) # MEDION-PC
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:24:19 | 26/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: MEDIONPC (MS-7621)
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
RAM -> [Total : 3327 | Free : 1022]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 900 Go (77 Go libre(s) – 9%) [System] # NTFS
D: -> Disque fixe # 30 Go (19 Go libre(s) – 63%) [Recovery] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> CD-ROM
H: -> CD-ROM
J: -> Disque amovible # 4 Go (1 Go libre(s) – 27%) [MP122] # FAT32
K: -> Disque amovible # 7 Go (1 Go libre(s) – 20%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe
HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
HKLMSOFTWARE | Run : [CLMLServer] – “C:Program FilesCyberLinkPower2GoCLMLSvc.exe”
HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam3.0”
HKLMSOFTWARE | Run : [YouCam Mirror Tray icon] – “C:Program FilesCyberLinkYouCamYouCamTray.exe” /s
HKLMSOFTWARE | Run : [Nikon Transfer Monitor] – C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [MSC] – “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
HKLMSOFTWARE | Run : [Samsung PanelMgr] – C:WindowsSamsungPanelMgrSSMMgr.exe /autorun
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [Google Update] – “C:UsersMEDIONAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [msnmsgr] – “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program FilesDAEMON Tools LiteDTLite.exe” -autorun
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsersMEDIONAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [360desktop] –
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersMEDIONAppDataLocalTempiTunesHelper.vbe”
HKUS-1-5-21-1153575936-1959217106-897109580-1000SOFTWARE | Run : [8jusched] – C:UsersPublicjusched.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID 732 |ParentID 528)
Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 824 |ParentID 528)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1376 |ParentID 528)
Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID 1440 |ParentID 528)
Stoppé! C:Windowssystem32nvvsvc.exe (ID 1480 |ParentID 732)
Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID 1496 |ParentID 1044)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1744 |ParentID 528)
Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID 1804 |ParentID 1044)
Stoppé! C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID 1812 |ParentID 1044)
Stoppé! C:WindowsExplorer.EXE (ID 1900 |ParentID 1848)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 2008 |ParentID 528)
Stoppé! C:Windowssystem32PnkBstrA.exe (ID 292 |ParentID 528)
Stoppé! C:Windowssystem32PnkBstrB.exe (ID 1068 |ParentID 528)
Stoppé! C:Program FilesCyberLinkShared filesRichVideo.exe (ID 1600 |ParentID 528)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2084 |ParentID 528)
Stoppé! C:Program FilesmsiOSD hot keysWMI_Hook_Service.exe (ID 2124 |ParentID 528)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2332 |ParentID 2084)
Stoppé! C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID 2496 |ParentID 1900)
Stoppé! C:Program FilesCyberLinkPower2GoCLMLSvc.exe (ID 2556 |ParentID 1900)
Stoppé! C:Program FilesCyberLinkYouCamYouCamTray.exe (ID 2740 |ParentID 1900)
Stoppé! C:Program FilesCommon FilesNikonMonitorNkMonitor.exe (ID 2784 |ParentID 1900)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID 2972 |ParentID 1900)
Stoppé! C:WindowsSamsungPanelMgrSSMMgr.exe (ID 3020 |ParentID 1900)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID 3028 |ParentID 1900)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID 3048 |ParentID 1900)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID 3096 |ParentID 1900)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 3120 |ParentID 1900)
Stoppé! C:UsersMEDIONAppDataLocalGoogleUpdateGoogleUpdate.exe (ID 3128 |ParentID 1900)
Stoppé! C:Program FilesWindows LiveMessengermsnmsgr.exe (ID 3164 |ParentID 1900)
Stoppé! C:Program FilesDAEMON Tools LiteDTLite.exe (ID 3188 |ParentID 1900)
Stoppé! C:UsersMEDIONAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID 3336 |ParentID 1900)
Stoppé! C:WindowsSystem32StikyNot.exe (ID 3368 |ParentID 1900)
Stoppé! C:WindowsSystem32wscript.exe (ID 3404 |ParentID 1900)
Stoppé! C:Windowssystem32DllHost.exe (ID 4092 |ParentID 668)
Stoppé! C:UsersPublicjusched.exe (ID 3300 |ParentID 1724)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID 1104 |ParentID 528)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 1996 |ParentID 528)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3640 |ParentID 528)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID 5264 |ParentID 1104)
Stoppé! C:Program FilesAviraAntiVir DesktopAVWEBGRD.EXE (ID 5548 |ParentID 528)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 5768 |ParentID 1044)
Stoppé! C:UsersMEDIONAppDataRoamingDropboxbinDropbox.exe (ID 4708 |ParentID 1900)
Stoppé! C:Program FilesGoogleUpdateGoogleUpdate.exe (ID 3864 |ParentID 1848)
Stoppé! C:Program FilesNeroUpdateNASvc.exe (ID 3880 |ParentID 528)
Stoppé! C:Windowssystem32sppsvc.exe (ID 5404 |ParentID 528)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID 4128 |ParentID 528)

################## | Éléments infectieux |

Supprimé! K:iTunesHelper.vbe
Supprimé! C:UsersMEDIONAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersMEDIONAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersMEDIONAppDataRoaming7477C2F4ak.tmp
Supprimé! C:UsersMEDIONAppDataRoaming7477C2F4
Supprimé! K:.lnk
Supprimé! K:Quel est alors le but littraturre p2.lnk
Supprimé! K:litt max corrigé.lnk
Supprimé! K:La littérature entête.lnk
Supprimé! K:Défense de mémoire.lnk
Supprimé! K:NON MERCY_1.lnk
Supprimé! K:jamey aebersold – My Funny Valentine.lnk
Supprimé! K:POLS1326-fiche_1.lnk
Supprimé! K:FICHE 1.lnk
Supprimé! K:Note de lecture DURKHEIM.lnk
Supprimé! K:cd t.lnk
Supprimé! K:.Trashes.lnk
Supprimé! K:.fseventsd.lnk
Supprimé! K:.Spotlight-V100.lnk
Supprimé! K:Searching.for.Sugar.Man.2012.lnk
Supprimé! K:Moonrise Kingdom (HD).lnk
Supprimé! K:The Darjeeling Limited (HD).lnk
Supprimé! K:Musique A. Latine.lnk
Supprimé! K:Essai Jackie Assayag.lnk
Supprimé! K:Note de lecture ASSAYAG.lnk
Supprimé! K:7 – Ethio Blues.lnk
Supprimé! C:UsersPublic4z1z.VBE
Supprimé! C:UsersPublic7z1z.VBE
Supprimé! C:UsersPublicjusched.exe
Supprimé! C:UsersMEDIONAppDataRoamingMEDION-wchelper.dll
Supprimé! C:UsersMEDIONAppDataLocalTempMEDION7
Supprimé! C:UsersMEDIONAppDataLocalTempMEDION8
Supprimé! C:UsersMEDIONAppDataLocalTemputt340B.tmp.exe
Supprimé! C:UsersMEDIONAppDataLocalTemputt7841.tmp.exe
Supprimé! C:UsersMEDIONAppDataLocalTempc4afg.hta
Supprimé! C:UsersMEDIONAppDataLocalTemp397nua.exe
Supprimé! C:UsersMEDIONAppDataLocalTempAutoRun.exe
Non supprimé ! H:autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1153575936-1959217106-897109580-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKCU….ExplorerMountPoints2H
Supprimé! HKCU….ExplorerMountPoints2{4399d8bb-71b5-11e1-bf9e-4061862ad4d6}
Supprimé! HKCU….ExplorerMountPoints2{fe2a4ed4-64f7-11e0-a2d7-0025d31f0f0c}

################## | Listing |

[03/11/2011 – 20:45:14 | SHD ] C:$RECYCLE.BIN
[14/06/2011 – 13:41:26 | D ] C:3d5c449ae364980ef3bf46c63650
[25/10/2013 – 22:57:21 | D ] C:AdwCleaner
[02/04/2013 – 17:45:24 | N | 32316] C:AdwCleaner[S1].txt
[14/05/2013 – 09:49:04 | N | 4038] C:AdwCleaner[S2].txt
[10/06/2009 – 23:42:20 | N | 24] C:autoexec.bat
[05/04/2012 – 15:48:39 | D ] C:AuxData
[10/06/2009 – 23:42:20 | N | 10] C:config.sys
[31/01/2013 – 17:12:00 | D ] C:copie usb ben
[16/08/2011 – 13:18:13 | N | 237] C:debugInstaller.txt
[12/04/2011 – 14:59:24 | N | 1103] C:debugwst.log
[12/04/2011 – 14:32:59 | SHD ] C:Documents and Settings
[10/06/2011 – 17:08:07 | D ] C:EPSON
[26/10/2013 – 12:16:40 | ASH | 2616643584] C:hiberfil.sys
[26/08/2009 – 17:49:13 | N | 0] C:IO.SYS
[12/04/2011 – 16:31:07 | D ] C:MQAReport
[26/08/2009 – 17:49:13 | N | 0] C:MSDOS.SYS
[19/08/2009 – 12:41:22 | RHD ] C:MSOCache
[26/10/2013 – 12:16:45 | ASH | 3488862208] C:pagefile.sys
[24/10/2013 – 17:01:55 | D ] C:Program Files
[25/10/2013 – 22:57:09 | HD ] C:ProgramData
[12/04/2011 – 14:33:00 | SHD ] C:Recovery
[11/12/2011 – 12:09:58 | D ] C:sooi832.bin
[24/10/2013 – 17:02:03 | SHD ] C:System Volume Information
[26/10/2013 – 12:44:17 | D ] C:UsbFix
[26/10/2013 – 12:46:10 | A | 11990] C:UsbFix [Clean 1] MEDION-PC.txt
[25/10/2013 – 22:05:50 | N | 15409] C:UsbFix [Scan 2] MEDION-PC.txt
[03/11/2011 – 20:45:03 | RD ] C:Users
[12/04/2011 – 14:59:24 | N | 200] C:uxdcmnFL.log
[17/10/2013 – 11:04:36 | D ] C:Windows
[12/04/2011 – 14:43:57 | N | 250] C:_Atom.log
[03/11/2011 – 20:45:16 | SHD ] D:$RECYCLE.BIN
[10/09/2009 – 16:48:51 | D ] D:DRIVERS
[12/02/2012 – 17:26:13 | N | 425] D:Lecteur de CD – Raccourci.lnk
[28/08/2013 – 10:28:13 | D ] D:photos afrique du sud
[15/09/2009 – 00:06:23 | D ] D:RECOVER
[12/04/2011 – 14:59:24 | D ] D:report
[14/09/2009 – 13:09:21 | N | 22] D:swconf.dat
[12/04/2011 – 13:25:29 | SHD ] D:System Volume Information
[10/09/2009 – 16:48:50 | D ] D:TOOLS
[12/04/2011 – 16:15:36 | N | 2097152000] D:wst0.tmp
[12/04/2011 – 14:59:24 | N | 1107] D:wstpro.txt
[23/10/2007 – 09:22:58 | R | 277] H:autorun.inf
[23/10/2007 – 10:35:38 | R | 5227783] H:LaunchPad.zip
[23/10/2007 – 09:45:39 | R | 1336632] H:LaunchU3.exe
[22/10/2013 – 16:12:40 | D ] K:.fseventsd
[04/06/2013 – 21:15:18 | SH | 4096] K:._.Trashes
[10/12/2012 – 21:45:02 | D ] K:cd t
[04/06/2013 – 21:15:18 | SHD ] K:.Trashes
[04/06/2013 – 20:33:10 | N | 14860] K:Quel est alors le but littraturre p2.docx
[04/06/2013 – 21:09:06 | N | 21328] K:litt max corrigé.docx
[03/06/2013 – 18:38:36 | N | 35562] K:La littérature entête.docx
[04/06/2013 – 21:15:18 | SHD ] K:.Spotlight-V100
[04/06/2013 – 21:19:18 | N | 250] K:.apdisk
[25/05/2013 – 18:04:34 | D ] K:Searching.for.Sugar.Man.2012
[04/06/2013 – 17:52:46 | N | 15930] K:Défense de mémoire.docx
[04/06/2013 – 17:51:46 | N | 120074] K:Défense de mémoire.pptx
[23/06/2013 – 22:56:28 | D ] K:Moonrise Kingdom (HD)
[23/06/2013 – 23:45:10 | D ] K:The Darjeeling Limited (HD)
[26/07/2013 – 00:49:56 | N | 109223262] K:NON MERCY_1.wmv
[21/09/2013 – 14:11:54 | D ] K:Musique A. Latine
[17/10/2013 – 01:50:22 | N | 7292936] K:jamey aebersold – My Funny Valentine.mp3
[17/10/2013 – 12:25:54 | N | 129831] K:POLS1326-fiche_1.pdf
[21/10/2013 – 21:55:50 | N | 1448344] K:FICHE 1.docx
[21/10/2013 – 21:56:04 | N | 368040] K:FICHE 1.pdf
[20/10/2013 – 05:48:58 | N | 29184] K:Essai Jackie Assayag.doc
[23/10/2013 – 09:25:30 | N | 22981] K:Note de lecture ASSAYAG.docx
[02/10/2013 – 00:56:20 | N | 29181] K:Note de lecture DURKHEIM.docx
[23/10/2013 – 09:25:18 | N | 255098] K:Note de lecture ASSAYAG.pdf
[24/10/2013 – 17:42:42 | N | 16886086] K:7 – Ethio Blues.mp3

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
K:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |