Répondre à : Clés USB fichiers remplacés par des raccourcis 2016-09-08T13:17:28+00:00
Photo du profil de LuckyoneLuckyone
Participant
Nombre d'articles : 10

############################## | UsbFix V 7.150 | [Recherche]

Utilisateur: Luc (Administrateur) # LUC-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 10:27:11 | 13/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Aspire X3990)
CPU: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
RAM -> [Total : 4078 | Free : 2527]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 922 Go (548 Go libre(s) – 59%) [Acer] # NTFS
D: -> Disque fixe # 922 Go (464 Go libre(s) – 50%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 932 Go (393 Go libre(s) – 42%) [DD LUC] # NTFS
I: -> Disque amovible # 30 Go (28 Go libre(s) – 94%) [CORSAIR] # NTFS
J: -> CD-ROM
K: -> CD-ROM
L: -> CD-ROM
N: -> Disque amovible # 7 Go (3 Go libre(s) – 47%) [SONY ORANGE] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 528 |ParentID: 516)
C:Windowssystem32csrss.exe (ID: 596 |ParentID: 588)
C:Windowssystem32wininit.exe (ID: 604 |ParentID: 516)
C:Windowssystem32services.exe (ID: 676 |ParentID: 604)
C:Windowssystem32lsass.exe (ID: 684 |ParentID: 604)
C:Windowssystem32lsm.exe (ID: 696 |ParentID: 604)
C:Windowssystem32winlogon.exe (ID: 728 |ParentID: 588)
C:Windowssystem32svchost.exe (ID: 824 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 972 |ParentID: 676)
C:WindowsSystem32svchost.exe (ID: 412 |ParentID: 676)
C:WindowsSystem32svchost.exe (ID: 516 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 428 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 988 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 1324 |ParentID: 676)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1476 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 1884 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 1072 |ParentID: 676)
C:Windowssystem32Dwm.exe (ID: 2256 |ParentID: 516)
C:Windowssystem32svchost.exe (ID: 2908 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 3132 |ParentID: 676)
C:WindowsSystem32svchost.exe (ID: 4124 |ParentID: 676)
C:Windowssystem32wbemwmiprvse.exe (ID: 4360 |ParentID: 824)
C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 4540 |ParentID: 3652)
C:Windowssystem32wbemunsecapp.exe (ID: 5508 |ParentID: 824)
C:WindowsSystem32svchost.exe (ID: 5840 |ParentID: 676)
C:Windowsexplorer.exe (ID: 2712 |ParentID: 728)
C:WindowsSystem32rundll32.exe (ID: 6848 |ParentID: 824)
C:WindowsSystem32WUDFHost.exe (ID: 7048 |ParentID: 516)
C:Windowssystem32DllHost.exe (ID: 4044 |ParentID: 824)
C:Program Files (x86)Motorola MobilityMotorola Device ManagerMotoHelperService.exe (ID: 1044 |ParentID: 676)
C:Program Files (x86)Motorola MobilityMotorola Device ManagerMotoHelperAgent.exe (ID: 1868 |ParentID: 1044)
C:Program Files (x86)MotorolaMotForwardDaemonForwardDaemon.exe (ID: 6060 |ParentID: 676)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 4988 |ParentID: 676)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1184 |ParentID: 676)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3668 |ParentID: 1184)
C:Windowssystem32SearchIndexer.exe (ID: 5876 |ParentID: 676)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5612 |ParentID: 676)
C:Program Files (x86)ZHPDiagZHPDiag.exe (ID: 4644 |ParentID: 2540)
C:WindowsSysWOW64cmd.exe (ID: 4512 |ParentID: 4644)
C:Windowssystem32conhost.exe (ID: 4516 |ParentID: 596)
C:WindowsSystem32spoolsv.exe (ID: 1596 |ParentID: 676)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 5748 |ParentID: 676)
C:Program Files (x86)ZHPDiagZHPDiag.exe (ID: 3740 |ParentID: 3372)
C:WindowsSysWOW64cmd.exe (ID: 4224 |ParentID: 3740)
C:Windowssystem32conhost.exe (ID: 6796 |ParentID: 596)
C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 2316 |ParentID: 676)
C:UsbFixGo.exe (ID: 3564 |ParentID: 4028)
C:Windowssystem32wbemwmiprvse.exe (ID: 4280 |ParentID: 824)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
04 – HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
04 – HKLMSOFTWARE | Run : [ArcadeMovieService] – “C:Program Files (x86)Acerclear.fiMovieclear.fiMovieService.exe”
04 – HKLMSOFTWARE | Run : [Hotkey Utility] – C:Program Files (x86)AcerHotkey UtilityHotkeyUtility.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [Adobe Creative Cloud] – “C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe” –showwindow=false –onOSstartup=true
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
04 – HKLMSOFTWAREwow6432Node | Run : [ArcadeMovieService] – “C:Program Files (x86)Acerclear.fiMovieclear.fiMovieService.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Hotkey Utility] – C:Program Files (x86)AcerHotkey UtilityHotkeyUtility.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Creative Cloud] – “C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe” –showwindow=false –onOSstartup=true
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1819515576-3932681837-3535538092-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-1819515576-3932681837-3535538092-1001SOFTWARE | Run : [AdobeBridge] –
04 – HKUS-1-5-21-1819515576-3932681837-3535538092-1001SOFTWARE | Run : [Intel(R)Service] – wscript.exe //B “C:UsersLucAppDataLocalTempIntel(R)Service.vbs”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-18SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}

################## | Recherche générique |

Présent! C:UsersLucAppDataLocalTempIntel(R)Service.vbs
Présent! C:UsersLucAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)Service.vbs
Présent! I:Intel(R)Service.vbs
Présent! N:Intel(R)Service.vbs
Présent! I:(2) Jack l’Éventreur, son vrai visage – L’ombre d’un doute.lnk
Présent! I:Fast and Furious 6 2013.lnk
Présent! I:Jeffrey Dahmer – Le cannibale de Milwaukee – [FR].lnk
Présent! N:buda_vfs.lnk
Présent! N:Jillian Michaels 30 Day Shred Level 1.lnk
Présent! N:Projet Saut à l’élastique Raphfinal 2.lnk
Présent! N:puppetry_of_the_penis_cfnm_portions.lnk
Présent! N:ReviveLink.lnk
Présent! N:sardaigne2.lnk
Présent! N:saut commun audrey.lnk
Présent! N:Very Good Trip – Las Vegas.lnk
Présent! N:Video Arcachon.lnk
Présent! K:setuprsrcautorun.exe
Présent! K:autorun.inf

################## | Référence de comparaison MD5 |

Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:UsersLucAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:UsersLucAppDataLocalTempIntel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> I:Intel(R)Service.vbs
Md5 : FFD49C51DDE6FDE37C9949BC6DE0EF46 -> K:WindowsInstaller-KB893803-x86.exe
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> N:Intel(R)Service.vbs

################## | Comparaison MD5 |

Présent! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:UsersLucAppDataLocalTempIntel(R)Service.vbs
Présent! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:UsersLucAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)Service.vbs
Présent! Md5 : FFD49C51DDE6FDE37C9949BC6DE0EF46 -> F:RAPHLogiciels et jeuxUnreal.Tournament.3.(FR).By.KolrikWindowsInstaller-KB893803-x86.exe
Présent! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> I:Intel(R)Service.vbs
Présent! Md5 : FFD49C51DDE6FDE37C9949BC6DE0EF46 -> K:WindowsInstaller-KB893803-x86.exe
Présent! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> N:Intel(R)Service.vbs

################## | Registre |

Présent! HKUS-1-5-21-1819515576-3932681837-3535538092-1001SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)Service
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)Service

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |