Répondre à : Virus clé USB – Raccourci 2016-09-08T13:11:20+00:00
NQuenton
Participant
Post count: 4

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Quentin (Administrateur) # QUENTIN-HP
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 22:18:17 | 25/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (1672)
CPU: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
RAM -> [Total : 4044 | Free : 2868]
Bios: Hewlett-Packard
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 443 Go (377 Go libre(s) – 85%) [] # NTFS
D: -> Disque fixe # 18 Go (2 Go libre(s) – 11%) [Recovery] # NTFS
E: -> Disque fixe # 4 Go (1 Go libre(s) – 27%) [HP_TOOLS] # FAT32
F: -> CD-ROM
I: -> Disque amovible # 4 Go (352 Mo libre(s) – 9%) [CLE QUENTIN] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [HPQuickWebProxy] – “C:Program Files (x86)Hewlett-PackardHP QuickWebhpqwutils.exe”
HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [HPQuickWebProxy] – “C:Program Files (x86)Hewlett-PackardHP QuickWebhpqwutils.exe”
HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-737973149-907713067-2972627852-1000SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 724 |ParentID 488)
Stoppé! C:WindowsExplorer.EXE (ID 1492 |ParentID 1440)
Stoppé! C:Windowssystem32ctfmon.exe (ID 1556 |ParentID 1492)
Stoppé! C:Windowssystem32DllHost.exe (ID 1812 |ParentID 608)

################## | Éléments infectieux |

Supprimé! I:Divers.lnk
Supprimé! I:exercices_-_conjugaison__-niveau_1-.lnk
Supprimé! I:Grammaire_-2-_-_conjugaison.lnk
Supprimé! I:Welterbe_der_Menschheit.lnk
Supprimé! I:exercices_declinaisons_-2eme_serie-.lnk
Supprimé! I:BAC II Histoire.lnk
Supprimé! I:Livres – Documents.lnk
Supprimé! I:BAC III Histoire.lnk
Supprimé! I:Carnets.lnk
Supprimé! I:BAC 1 Histoire.lnk
Supprimé! D:desktop.ini

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe

################## | Listing |

[03/01/2012 – 00:01:15 | SHD ] C:$Recycle.Bin
[30/07/2011 – 17:41:22 | SHD ] C:boot
[21/11/2010 – 05:23:51 | RASH | 383786] C:bootmgr
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[23/02/2013 – 15:56:37 | D ] C:Firefox
[25/10/2013 – 22:15:51 | ASH | 3180220416] C:hiberfil.sys
[23/09/2011 – 02:07:22 | D ] C:HP
[23/09/2011 – 01:45:07 | D ] C:Intel
[16/12/2011 – 16:27:25 | RHD ] C:MSOCache
[25/10/2013 – 22:15:50 | ASH | 4240293888] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[29/04/2012 – 23:30:11 | D ] C:PFiles
[06/08/2012 – 15:23:36 | D ] C:Program Files
[25/10/2013 – 20:32:27 | D ] C:Program Files (x86)
[25/10/2013 – 20:12:20 | HD ] C:ProgramData
[13/12/2011 – 17:55:19 | SHD ] C:Recovery
[10/06/2013 – 16:46:21 | D ] C:SWSetup
[23/10/2013 – 20:19:44 | SHD ] C:System Volume Information
[13/12/2011 – 17:55:24 | D ] C:SYSTEM.SAV
[25/10/2013 – 22:27:37 | D ] C:UsbFix
[25/10/2013 – 20:37:26 | N | 10359] C:UsbFix [Clean 1] QUENTIN-HP.txt
[25/10/2013 – 22:28:45 | A | 6426] C:UsbFix [Clean 2] QUENTIN-HP.txt
[23/04/2012 – 19:55:00 | N | 1491] C:user.js
[13/12/2011 – 17:54:13 | RD ] C:Users
[25/10/2013 – 22:15:51 | D ] C:Windows
[13/12/2011 – 19:59:42 | SHD ] D:$RECYCLE.BIN
[13/12/2011 – 19:59:36 | RASHD ] D:boot
[14/07/2009 – 20:39:00 | RASH | 383562] D:bootmgr
[13/12/2011 – 19:59:36 | D ] D:FactoryUpdate
[13/12/2011 – 19:59:36 | D ] D:hp
[22/03/2012 – 19:13:37 | N | 20] D:HPSF_Rep.txt
[13/12/2011 – 19:59:21 | N | 8] D:HP_WSD.dat
[13/12/2011 – 19:59:36 | RSHD ] D:preload
[12/08/2013 – 09:16:15 | RSD ] D:recovery
[13/12/2011 – 19:59:36 | D ] D:RM_Reserve
[15/02/2012 – 22:45:34 | SHD ] D:System Volume Information
[23/09/2011 – 01:54:10 | D ] E:Hewlett-Packard
[16/07/2013 – 22:10:06 | N | 974] E:Images – Raccourci.lnk
[23/09/2011 – 02:13:36 | SHD ] E:$RECYCLE.BIN
[08/02/2013 – 11:42:30 | N | 8] E:HP_WSD.dat
[22/03/2012 – 18:13:38 | N | 20] E:HPSF_Rep.txt
[18/09/2012 – 18:27:56 | D ] I:BAC II Histoire
[23/10/2013 – 15:59:04 | N | 61835] I:nombres.pdf
[25/10/2013 – 19:15:24 | N | 506] I:nombres.lnk
[03/04/2012 – 14:46:16 | D ] I:Livres – Documents
[23/10/2013 – 15:59:16 | N | 61236] I:exercices_-_conjugaison__-niveau_1-.pdf
[07/10/2013 – 20:14:24 | D ] I:BAC III Histoire
[18/06/2012 – 15:11:14 | D ] I:Divers
[04/05/2013 – 13:54:28 | D ] I:Carnets
[05/03/2012 – 11:45:10 | D ] I:BAC 1 Histoire
[23/10/2013 – 15:59:08 | N | 45537] I:Grammaire_-2-_-_conjugaison.pdf
[23/10/2013 – 15:58:48 | N | 197280] I:Welterbe_der_Menschheit.pdf
[23/10/2013 – 15:58:56 | N | 95487] I:Prepositions_-apercu-_.PDF
[23/10/2013 – 15:59:12 | N | 61378] I:exercices_declinaisons_-2eme_serie-.pdf
[25/10/2013 – 19:29:24 | N | 613] I:Prepositions_-apercu-_.lnk

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Il y avait deux rapports, j’ai pris le deuxième.