Répondre à : Pc infecté Usb + Infesté par Rvzr-a.akamaihd.net 2016-09-08T13:20:25+00:00
daleryr
Participant
Nombre d'articles : 12

rapport usb fix

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: PC (Administrateur) # PC-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 09:15:56 | 22/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (F7L )
CPU: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
RAM -> [Total : 2039 | Free : 860]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 22.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 75 Go (12 Go libre(s) – 16%) [] # NTFS
D: -> Disque fixe # 67 Go (66 Go libre(s) – 99%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 96%) [USB DISK] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1376 |ParentID: 464)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 2000 |ParentID: 464)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 2708 |ParentID: 2000)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 4064 |ParentID: 1544)
Stoppé! C:Program FilesSaltarSmartupdateSaltarSmart.exe (ID: 4204 |ParentID: 464)
Stoppé! C:Program FilesSaltarSmartbinutilSaltarSmart.exe (ID: 5820 |ParentID: 464)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1620 |ParentID: 464)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3864 |ParentID: 1620)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4948 |ParentID: 464)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3628 |ParentID: 464)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 5696 |ParentID: 464)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 2992 |ParentID: 640)
Stoppé! C:WindowsExplorer.exe (ID: 4484 |ParentID: 1852)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7368 |ParentID: 860)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 7588 |ParentID: 7008)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 7296 |ParentID: 7588)
Stoppé! C:Windowssystem32DllHost.exe (ID: 7260 |ParentID: 640)
Stoppé! C:Program FilesAviraAntiVir Desktopavcenter.exe (ID: 7488 |ParentID: 4484)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1364 |ParentID: 464)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 7008 |ParentID: 4484)
Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 5480 |ParentID: 7008)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 6772 |ParentID: 5480)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 7372 |ParentID: 6772)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [hpqSRMon] – C:Program FilesHPDigital ImagingbinhpqSRMon.exe
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWARE | RunOnce : [FromDocToPDF_65bar Uninstall] – rundll32 C:PROGRA~165UNIN~1.DLL,O -3
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-357619399-2214583466-4099962987-1000SOFTWARE | Run : [SearchProtect] – C:UsersPCAppDataRoamingSearchProtectbincltmng.exe
04 – HKUS-1-5-21-357619399-2214583466-4099962987-1000SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-21-357619399-2214583466-4099962987-1000SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersPCAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-357619399-2214583466-4099962987-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersPCAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-21-357619399-2214583466-4099962987-1000SOFTWARE | RunOnce : [Uninstall C:UsersPCAppDataLocalMicrosoftSkyDrive17.0.2015.0811] – C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersPCAppDataLocalMicrosoftSkyDrive17.0.2015.0811”
04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601
04 – HKUS-1-5-18SOFTWARE | RunOnce : [SpUninstallDeleteDir] – rmdir /s /q “SearchProtect”

################## | Recherche générique |

Supprimé! F:iTunesHelper.vbe
Supprimé! F:.lnk
Supprimé! F:PLAN EXE CLOISONS RDC indA.lnk
Supprimé! F:PLAN EXE CLOISONS R+1 indA.lnk
Supprimé! F:PCMI5 FACADES maison Segura Sevoz juillet 2013_46.lnk
Supprimé! F:PCMI6 Perspective projet Segura Sevoz juillet 2013_47.lnk
Supprimé! F:PLAN EXE GO RDC indA.lnk
Supprimé! F:PLAN EXE GO R+1 indA.lnk
Supprimé! F:PLAN EXE MEN R+1 indA.lnk
Supprimé! F:PLAN EXE MEN RDC indA.lnk
Supprimé! F:FOUND.000.lnk
Supprimé! F:.Trashes.lnk
Supprimé! F:Scan Folder.lnk
Supprimé! F:.Spotlight-V100.lnk
Supprimé! F:financement_oblas.lnk
Supprimé! F:A IMPRIMER.lnk
Supprimé! F:plan geomtere.lnk
Supprimé! F:plan masse nouvel implant segura sevoz 16 10 20131 Layout2 (1).lnk
Supprimé! F:rapport etude de sol.lnk
Supprimé! F:ATTESTATION_DE_NON_SINISTRALITE.lnk
Supprimé! F:Autorisation_de_prelevement_SFS_ASSURANCES.lnk
Supprimé! F:LETTRE POUR MUR MITOYEN.lnk
Supprimé! F:FOUND.001.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> F:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-357619399-2214583466-4099962987-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[09/04/2013 – 09:32:35 | SHD ] C:$Recycle.Bin
[05/09/2013 – 07:33:36 | D ] C:Autodesk
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[20/05/2013 – 10:15:45 | SHD ] C:Boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[09/04/2013 – 10:21:22 | RASH | 8192] C:BOOTSECT.BAK
[21/11/2013 – 09:07:40 | N | 3344] C:bootsqm.dat
[22/11/2013 – 09:02:41 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[16/04/2013 – 10:46:59 | D ] C:CYPE Ingenieros
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[10/11/2013 – 22:23:41 | N | 0] C:END
[22/11/2013 – 08:10:39 | ASH | 1603723264] C:hiberfil.sys
[21/11/2013 – 09:24:53 | N | 0] C:IO.SYS
[21/11/2013 – 11:26:08 | D ] C:Kafeo
[21/11/2013 – 09:24:53 | N | 0] C:MSDOS.SYS
[22/11/2013 – 08:10:42 | ASH | 2138300416] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[22/11/2013 – 09:02:11 | D ] C:Program Files
[22/11/2013 – 08:51:18 | HD ] C:ProgramData
[09/04/2013 – 09:32:06 | SHD ] C:Recovery
[13/05/2013 – 10:11:50 | D ] C:SearchProtect
[22/11/2013 – 09:02:03 | SHD ] C:System Volume Information
[25/07/2013 – 15:20:38 | D ] C:tmp
[22/11/2013 – 09:19:15 | D ] C:UsbFix
[22/11/2013 – 09:19:18 | A | 8348] C:UsbFix [Clean 2] PC-PC.txt
[09/04/2013 – 09:32:20 | RD ] C:Users
[16/04/2013 – 10:31:25 | D ] C:usr
[14/06/2013 – 09:14:00 | N | 4668456] C:VUE 1.3 oytier light.tif
[21/11/2013 – 09:25:11 | D ] C:Windows
[09/04/2013 – 09:32:36 | SHD ] D:$RECYCLE.BIN
[11/12/2009 – 14:14:03 | N | 2357034] D:ABSOLU TELECOM SA 11-12-2009 14-13-57.zip
[18/11/2009 – 13:42:05 | N | 2378726] D:ABSOLU TELECOM SA 18-11-2009 13-42-00.zip
[18/10/2011 – 14:28:53 | N | 1928823] D:ABSOLU-TELECOM 18-10-2011 15-28-44.zip
[18/11/2009 – 13:44:42 | N | 1326224] D:APPLEGREEN SARL 18-11-2009 13-44-37.zip
[09/05/2011 – 07:53:52 | N | 1028428] D:INTERNET JURIDIQUE EDITIONS S.A 09-05-2011 08-53-48.zip
[23/11/2009 – 11:19:34 | N | 1003436] D:INTERNET JURIDIQUE EDITIONS S.A 23-11-2009 11-19-30.zip
[11/12/2009 – 09:37:15 | N | 1101263] D:LIGHTNET EDITIONS 11-12-2009 09-37-11.zip
[11/04/2013 – 10:21:29 | RHD ] D:MSOCache
[19/01/2008 – 01:56:31 | SHD ] D:System Volume Information
[24/11/2011 – 14:16:40 | SH | 4096] F:._.Trashes
[19/06/2013 – 15:48:32 | D ] F:FOUND.000
[24/11/2011 – 14:16:40 | SHD ] F:.Trashes
[19/11/2013 – 09:25:20 | D ] F:Scan Folder
[24/11/2011 – 14:16:42 | SHD ] F:.Spotlight-V100
[23/07/2013 – 17:39:12 | D ] F:financement_oblas
[18/09/2013 – 07:50:00 | N | 263545] F:PLAN EXE CLOISONS RDC indA.pdf
[18/09/2013 – 07:50:00 | N | 160083] F:PLAN EXE CLOISONS R+1 indA.pdf
[18/10/2013 – 13:35:00 | N | 1646880] F:PCMI5 FACADES maison Segura Sevoz juillet 2013_46.pdf
[18/10/2013 – 13:35:00 | N | 872549] F:PCMI6 Perspective projet Segura Sevoz juillet 2013_47.pdf
[18/09/2013 – 07:50:00 | N | 627452] F:PLAN EXE GO RDC indA.pdf
[18/09/2013 – 07:50:00 | N | 203611] F:PLAN EXE GO R+1 indA.pdf
[18/09/2013 – 07:50:00 | N | 110565] F:PLAN EXE MEN R+1 indA.pdf
[18/09/2013 – 07:50:00 | N | 392937] F:PLAN EXE MEN RDC indA.pdf
[14/11/2013 – 13:10:18 | N | 233180] F:plan geomtere.pdf
[14/11/2013 – 13:13:18 | N | 212637] F:plan masse nouvel implant segura sevoz 16 10 20131 Layout2 (1).pdf
[19/11/2013 – 13:41:10 | D ] F:FOUND.001
[05/09/2013 – 11:05:22 | D ] F:A IMPRIMER
[14/11/2013 – 13:20:10 | N | 4025888] F:rapport etude de sol.pdf
[14/11/2013 – 16:31:42 | N | 52522] F:ATTESTATION_DE_NON_SINISTRALITE.pdf
[14/11/2013 – 16:39:04 | N | 80785] F:Autorisation_de_prelevement_SFS_ASSURANCES.pdf
[18/11/2013 – 14:19:58 | N | 6323] F:LETTRE POUR MUR MITOYEN.pdf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |