Répondre à : virus dossiers clé USB transformés en raccourci 2016-09-08T13:13:58+00:00
perso
Nombre d'articles : 0

############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: ADMIN (Administrateur) # PORTADMIN
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 22:20:25 | 05/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0T816J)
CPU: Processeur Intel Pentium III Xeon
RAM -> [Total : 3033 | Free : 2261]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 50 Go (1 Go libre(s) – 3%) [] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 99 Go (7 Go libre(s) – 7%) [data] # NTFS
F: -> Disque amovible # 58 Go (28 Go libre(s) – 49%) [USB DISK] # FAT32
G: -> Disque amovible # 961 Mo (960 Mo libre(s) – 100%) [] # FAT32

################## | Référence de comparaison MD5 |

Md5 : b5e7bfbbac3b4e9db51960169132e9fd -> C:DOCUME~1ADMINLOCALS~1Temp868JmSmh.vbs
Md5 : b5e7bfbbac3b4e9db51960169132e9fd -> C:DOCUME~1ADMINLOCALS~1TemprquBPamL.vbs
Md5 : 38139914a81ebec818ed8428888f5a38 -> F:rquBPamL.vbs
Md5 : 38139914a81ebec818ed8428888f5a38 -> G:rquBPamL.vbs

################## | Processus Stoppés |

Stoppé! C:WINDOWSSystem32WLTRYSVC.EXE (ID: 1132 |ParentID: 1760)
Stoppé! C:WINDOWSSystem32bcmwltry.exe (ID: 1148 |ParentID: 1132)
Stoppé! C:WINDOWSsystem32spoolsv.exe (ID: 1248 |ParentID: 1760)
Stoppé! c:program filesidtxpv10_6147v005wdmstacsv.exe (ID: 1300 |ParentID: 1760)
Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1380 |ParentID: 1760)
Stoppé! C:WINDOWSExplorer.EXE (ID: 736 |ParentID: 648)
Stoppé! C:WINDOWSsystem32igfxtray.exe (ID: 908 |ParentID: 736)
Stoppé! C:WINDOWSsystem32hkcmd.exe (ID: 916 |ParentID: 736)
Stoppé! C:WINDOWSsystem32igfxpers.exe (ID: 928 |ParentID: 736)
Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 936 |ParentID: 736)
Stoppé! C:WINDOWSsystem32AESTFltr.exe (ID: 944 |ParentID: 736)
Stoppé! C:WINDOWSsystem32igfxsrvc.exe (ID: 972 |ParentID: 1960)
Stoppé! C:Program FilesDellTPadApoint.exe (ID: 988 |ParentID: 736)
Stoppé! C:WINDOWSsystem32WLTRAY.exe (ID: 1016 |ParentID: 736)
Stoppé! C:Program FilesFichiers communsSpigotSearch SettingsSearchSettings.exe (ID: 1024 |ParentID: 736)
Stoppé! C:Program FilesFichiers communsJavaJava Updatejusched.exe (ID: 1044 |ParentID: 736)
Stoppé! C:Program FilesAsk.comUpdaterUpdater.exe (ID: 1056 |ParentID: 736)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 1116 |ParentID: 736)
Stoppé! C:WINDOWSsystem32wscript.exe (ID: 832 |ParentID: 736)
Stoppé! C:WINDOWSsystem32ctfmon.exe (ID: 1296 |ParentID: 736)
Stoppé! C:Program FilesDesktop CalendarDesktop Calendar.exe (ID: 1348 |ParentID: 736)
Stoppé! C:Documents and SettingsADMINApplication DataSearchProtectbincltmng.exe (ID: 1480 |ParentID: 1028)
Stoppé! C:Program FilesDellTPadApMsgFwd.exe (ID: 688 |ParentID: 988)
Stoppé! C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe (ID: 1544 |ParentID: 736)
Stoppé! C:Program FilesDellTPadHidFind.exe (ID: 2204 |ParentID: 988)
Stoppé! C:Program FilesDellTPadApntex.exe (ID: 2272 |ParentID: 1656)
Stoppé! C:Program FilesAviraAntiVir Desktopavfwsvc.exe (ID: 2340 |ParentID: 1760)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 2368 |ParentID: 1760)
Stoppé! C:Program FilesApplication UpdaterApplicationUpdater.exe (ID: 2404 |ParentID: 1760)
Stoppé! C:Program FilesSearchProtectbinCltMngSvc.exe (ID: 2528 |ParentID: 1760)
Stoppé! C:Program FilesJavajre7binjqs.exe (ID: 2608 |ParentID: 1760)
Stoppé! C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGmdm.exe (ID: 2656 |ParentID: 1760)
Stoppé! C:WINDOWSsystem32DRIVERSo2flash.exe (ID: 2916 |ParentID: 1760)
Stoppé! C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 3216 |ParentID: 1760)
Stoppé! C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (ID: 3492 |ParentID: 1760)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 2304 |ParentID: 2368)
Stoppé! C:Program FilesAviraAntiVir Desktopavmailc.exe (ID: 2764 |ParentID: 1760)
Stoppé! C:Program FilesAviraAntiVir DesktopAVWEBGRD.EXE (ID: 3092 |ParentID: 1760)
Stoppé! C:WINDOWSsystem32wbemwmiapsrv.exe (ID: 3080 |ParentID: 1760)
Stoppé! C:WINDOWSsystem32wscntfy.exe (ID: 4052 |ParentID: 340)
Stoppé! C:WINDOWSsystem32NOTEPAD.EXE (ID: 2448 |ParentID: 3444)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3204 |ParentID: 1236)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4032 |ParentID: 3204)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 620 |ParentID: 3204)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:WINDOWSsystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:WINDOWSsystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:WINDOWSsystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
04 – HKLMSOFTWARE | Run : [AESTFltr] – %SystemRoot%system32AESTFltr.exe /NoDlg
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesDellTPadApoint.exe
04 – HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:WINDOWSsystem32WLTRAY.exe
04 – HKLMSOFTWARE | Run : [SearchSettings] – “C:Program FilesFichiers communsSpigotSearch SettingsSearchSettings.exe”
04 – HKLMSOFTWARE | Run : [SearchProtectAll] – C:Program FilesSearchProtectbincltmng.exe
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesFichiers communsJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program FilesAsk.comUpdaterUpdater.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [rquBPamL] – wscript.exe //B “C:DOCUME~1ADMINLOCALS~1TemprquBPamL.vbs”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-21-1644491937-776561741-1801674531-1003SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-21-1644491937-776561741-1801674531-1003SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] – “C:Program FilesFichiers communsAheadLibNMBgMonitor.exe”
04 – HKUS-1-5-21-1644491937-776561741-1801674531-1003SOFTWARE | Run : [Desktop Calendar] – C:Program FilesDesktop CalendarDesktop Calendar.exe
04 – HKUS-1-5-21-1644491937-776561741-1801674531-1003SOFTWARE | Run : [rquBPamL] – wscript.exe //B “C:DOCUME~1ADMINLOCALS~1TemprquBPamL.vbs”
04 – HKUS-1-5-21-1644491937-776561741-1801674531-1003SOFTWARE | Run : [SearchProtect] – C:Documents and SettingsADMINApplication DataSearchProtectbincltmng.exe
04 – HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Recherche générique |

Supprimé! C:DOCUME~1ADMINLOCALS~1TemprquBPamL.vbs
Supprimé! C:Documents and SettingsADMINMenu DémarrerProgrammesDémarragerquBPamL.vbs
Supprimé! F:rquBPamL.vbs
Supprimé! G:rquBPamL.vbs
Supprimé! F:eclipse.lnk
Supprimé! F:jdk-7u21-windows-x64.lnk
Supprimé! F:COMUTITRES-RFI-CandidatureDOCA-20130610-V1.lnk
Supprimé! F:autorun.lnk
Supprimé! F:RECYCLER.lnk
Supprimé! F:E-book.lnk
Supprimé! F:Photoshop CS6.lnk
Supprimé! F:YDAHMANE.lnk
Supprimé! F:client oracle.lnk
Supprimé! F:Java.lnk
Supprimé! F:Sources.lnk
Supprimé! F:Versioning Vie des Produits.lnk
Supprimé! F:cpo-tapas.lnk
Supprimé! F:drivers.lnk
Supprimé! F:office 2010.lnk
Supprimé! F:Versioning reporting de prod.lnk
Supprimé! F:reporting FI.lnk
Supprimé! F:My_Data.lnk
Supprimé! F:REPORTINGS.lnk
Supprimé! F:[www.Cpasbien.me] Django.Unchained.2012.FRENCH.BDRip.XviD-AYMO.lnk
Supprimé! F:Minoration_Mai2013.lnk
Supprimé! F:Minoration_20130411.lnk
Supprimé! F:soft.lnk
Supprimé! F:javasource.lnk
Supprimé! F:ODNCCG.lnk
Supprimé! F:Datamining.lnk
Supprimé! F:C2A.lnk
Supprimé! F:DOCA_V0.lnk
Supprimé! F:DOCA.lnk
Supprimé! F:Larbi.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! G:doc nat.lnk
Supprimé! G:Autorun.inf.lnk
Supprimé! C:Documents and SettingsADMINApplication DataPublic
Supprimé! C:Documents and SettingsADMINMenu DémarrerProgrammesDémarrageiz710bclD.lnk
Supprimé! C:DOCUME~1ADMINLOCALS~1Temp868JmSmh.vbs
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempfd52fd.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Temp77u.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1TempBZIK.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1TempCG75.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1TempCH785.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempddddddddddd.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempfzd.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempiiiiiiiiiiiiz7.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempsssssssssi.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempziii4.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempziiiii7.hta
Supprimé! C:DOCUME~1ADMINLOCALS~1Tempzzzzzzzzzzzz5.hta
Supprimé! F:RECYCLERS-1-5-21-1482476501-3352491937-682996330-1013

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKLMSoftwarerquBPamL
Supprimé! HKUS-1-5-21-1644491937-776561741-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|rquBPamL
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|rquBPamL
Supprimé! HKUS-1-5-21-1644491937-776561741-1801674531-1003Software….Mountpoints2{668d63d4-ad39-11df-b19c-0ceee68e7e19}
Supprimé! HKUS-1-5-21-1644491937-776561741-1801674531-1003Software….Mountpoints2{6d1eb532-d4ae-11df-b1f6-0ceee68e7e19}
Supprimé! HKUS-1-5-21-1644491937-776561741-1801674531-1003Software….Mountpoints2{e9cef6d0-f0c6-11df-b245-0ceee68e7e19}

################## | Listing |

[08/06/2013 – 10:34:27 | D ] C:1b2875b82ec720d99711fb57
[16/06/2010 – 13:05:55 | N | 0] C:AUTOEXEC.BAT
[16/06/2010 – 12:33:49 | N | 212] C:boot.ini
[14/04/2008 – 00:00:00 | N | 4952] C:Bootfont.bin
[14/10/2013 – 22:13:08 | SHD ] C:Config.Msi
[16/06/2010 – 13:05:55 | N | 0] C:CONFIG.SYS
[16/06/2010 – 13:19:09 | D ] C:DELL
[27/04/2011 – 13:26:40 | D ] C:Dev-Cpp
[17/07/2011 – 22:43:55 | N | 0] C:DFR35.tmp
[18/07/2011 – 19:42:28 | N | 0] C:DFRCF.tmp
[11/03/2011 – 23:18:09 | D ] C:Documents and Settings
[20/02/2013 – 03:06:23 | D ] C:Downloads
[14/02/2011 – 16:39:07 | D ] C:eltri
[09/03/2013 – 19:46:43 | N | 0] C:END
[17/05/2011 – 16:02:20 | D ] C:HP_P2055_default_install_v6.1_ww
[16/06/2010 – 13:22:21 | D ] C:Intel
[16/06/2010 – 13:05:55 | N | 0] C:IO.SYS
[26/04/2011 – 17:35:51 | D ] C:Modulaire
[16/06/2010 – 13:05:55 | N | 0] C:MSDOS.SYS
[01/08/2010 – 00:59:04 | RD ] C:MSOCache
[14/04/2008 – 00:00:00 | N | 47564] C:NTDETECT.COM
[14/04/2008 – 00:00:00 | N | 252240] C:ntldr
[05/11/2013 – 21:54:34 | ASH | 2145386496] C:pagefile.sys
[02/07/2012 – 11:23:10 | N | 726480] C:photo.jpg
[10/10/2013 – 05:01:15 | D ] C:Program Files
[01/08/2011 – 00:48:44 | SHD ] C:RECYCLER
[10/10/2013 – 04:53:37 | SHD ] C:System Volume Information
[16/12/2012 – 19:10:52 | D ] C:TEMP
[30/05/2011 – 17:56:54 | D ] C:test
[23/03/2012 – 19:50:04 | D ] C:tmp
[05/11/2013 – 22:22:46 | D ] C:UsbFix
[05/11/2013 – 22:22:47 | A | 11857] C:UsbFix [Clean 6] PORTADMIN.txt
[05/11/2013 – 13:34:42 | N | 7762] C:UsbFix [Scan 1] PORTADMIN.txt
[05/11/2013 – 22:12:39 | N | 10935] C:UsbFix [Scan 2] PORTADMIN.txt
[02/10/2013 – 19:59:56 | D ] C:Users
[18/04/2013 – 22:13:57 | D ] C:wamp
[05/11/2013 – 21:55:55 | D ] C:WINDOWS
[11/09/2013 – 21:05:27 | D ] E:480ee55bc4d4f9bb5f
[14/01/2011 – 22:06:59 | D ] E:d07103b62ba4a78798
[08/12/2012 – 01:52:12 | D ] E:export
[25/05/2013 – 22:12:05 | D ] E:films
[17/04/2013 – 21:45:16 | D ] E:java
[19/08/2012 – 22:15:52 | D ] E:Private
[16/10/2011 – 13:03:54 | SHD ] E:RECYCLER
[11/09/2013 – 21:05:28 | D ] E:sqldeveloper
[20/04/2013 – 09:10:07 | SHD ] E:System Volume Information
[26/01/2013 – 17:15:49 | D ] E:TAPAS
[26/04/2011 – 17:31:59 | D ] E:tdCPP
[05/10/2011 – 18:40:10 | N | 12806] E:Théorie des trois tamis.docx
[06/02/2013 – 10:27:12 | SHD ] F:RECYCLER
[07/02/2013 – 09:23:32 | D ] F:E-book
[07/02/2013 – 09:44:56 | D ] F:Photoshop CS6
[12/02/2013 – 15:28:00 | D ] F:YDAHMANE
[13/02/2013 – 15:23:54 | D ] F:client oracle
[15/02/2013 – 08:46:42 | D ] F:Java
[15/02/2013 – 14:54:32 | SHD ] F:Sources
[15/02/2013 – 17:00:08 | D ] F:Versioning Vie des Produits
[15/02/2013 – 17:25:48 | D ] F:cpo-tapas
[18/02/2013 – 08:31:08 | D ] F:drivers
[18/02/2013 – 16:09:00 | D ] F:office 2010
[22/02/2013 – 17:37:44 | D ] F:Versioning reporting de prod
[28/02/2013 – 17:17:38 | D ] F:reporting FI
[14/03/2013 – 18:26:36 | D ] F:My_Data
[18/03/2013 – 15:18:18 | D ] F:REPORTINGS
[10/04/2013 – 15:29:16 | D ] F:[www.Cpasbien.me] Django.Unchained.2012.FRENCH.BDRip.XviD-AYMO
[12/04/2013 – 18:08:10 | D ] F:Minoration_Mai2013
[11/04/2013 – 15:44:02 | D ] F:Minoration_20130411
[16/04/2013 – 17:25:16 | D ] F:soft
[17/04/2013 – 09:40:50 | D ] F:javasource
[23/04/2013 – 17:54:14 | D ] F:ODNCCG
[09/05/2013 – 22:56:18 | D ] F:Datamining
[26/04/2013 – 14:25:22 | D ] F:C2A
[31/05/2013 – 10:52:16 | N | 201381906] F:eclipse.zip
[27/05/2013 – 17:38:40 | N | 94973848] F:jdk-7u21-windows-x64.exe
[15/07/2013 – 18:53:38 | N | 10378473] F:COMUTITRES-RFI-CandidatureDOCA-20130610-V1.2_TR.pdf
[27/03/2013 – 10:45:46 | D ] F:DOCA_V0
[27/03/2013 – 10:45:46 | D ] F:DOCA
[24/10/2013 – 11:10:04 | D ] F:Larbi
[05/11/2013 – 13:33:52 | SHD ] F:Autorun.inf
[04/11/2013 – 13:27:42 | D ] G:doc nat
[05/11/2013 – 13:33:58 | SHD ] G:Autorun.inf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |