Répondre à : Rapport malware antimalware, AdwCleaner, ZHPDiag … Clé USB infecté 2016-09-08T13:21:44+00:00
necro973
Participant
Nombre d'articles : 3

[spoiler:ecx4jjnp]############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: I (Administrateur) # IANIS
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 23:17:55 | 27/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (X750JB)
CPU: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
RAM -> [Total : 8077 | Free : 6892]
Bios: American Megatrends Inc.
Boot: Fail-safe boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16438
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: McAfee Anti-Virus et Anti-Spyware [Enabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 372 Go (273 Go libre(s) – 73%) [OS] # NTFS
D: -> Disque fixe # 538 Go (538 Go libre(s) – 100%) [DATA] # NTFS
E: -> Disque amovible # 2 Go (30 Mo libre(s) – 2%) [PHONE CARD] # FAT
F: -> CD-ROM

################## | Processus Stoppés |

Stoppé! C:WINDOWSExplorer.EXE (ID: 660 |ParentID: 668)
Stoppé! C:WINDOWSsystem32ctfmon.exe (ID: 812 |ParentID: 660)
Stoppé! C:WINDOWSSystem32ThumbnailExtractionHost.exe (ID: 1244 |ParentID: 700)
Stoppé! C:Windowshelppane.exe (ID: 1268 |ParentID: 700)
Stoppé! C:WINDOWSsystem32DllHost.exe (ID: 1304 |ParentID: 700)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | Run : [CLMLServer] – “C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe”
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [CLMLServer] – “C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-3552526935-3610135780-3772605591-1002SOFTWARE | Run : [Power2GoExpress] – “C:Program Files (x86)CyberLinkPower2GoPower2GoExpress.exe”
04 – HKUS-1-5-21-3552526935-3610135780-3772605591-1002SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
04 – HKUS-1-5-21-3552526935-3610135780-3772605591-1002SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-3552526935-3610135780-3772605591-1002SOFTWARE | Run : [SkyDrive] – “C:UsersIAppDataLocalMicrosoftSkyDriveSkyDrive.exe” /background
04 – HKUS-1-5-21-3552526935-3610135780-3772605591-1002SOFTWARE | Run : [uTorrent] – “C:UsersIAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-21-3552526935-3610135780-3772605591-1002SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-3552526935-3610135780-3772605591-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersIAppDataLocalTempiTunesHelper.vbe”

################## | Recherche générique |

Supprimé! C:UsersIAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersIAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! E:CDAInfo.lnk
Supprimé! E:MEMSTICK.lnk
Supprimé! E:MSTK_PRO.lnk
Supprimé! E:Traceability.lnk
Supprimé! E:MemStickInfo.lnk
Supprimé! E:default-capability.lnk
Supprimé! E:customized-capability.lnk
Supprimé! E:Christophe.lnk
Supprimé! E:Cl Fix.lnk
Supprimé! E:Dorian.lnk
Supprimé! E:Fiofix.lnk
Supprimé! E:Fiona.lnk
Supprimé! E:Greygoire.lnk
Supprimé! E:Julie.lnk
Supprimé! E:Karil.lnk
Supprimé! E:Kevin.lnk
Supprimé! E:Leslie.lnk
Supprimé! E:Maison.lnk
Supprimé! E:Malou.lnk
Supprimé! E:Manu.lnk
Supprimé! E:Mathieu.lnk
Supprimé! E:Mehdi2.lnk
Supprimé! E:Nathan.lnk
Supprimé! E:Niels.lnk
Supprimé! E:Pascale.lnk
Supprimé! E:Patrice.lnk
Supprimé! E:MarketEnabler_v3.lnk
Supprimé! E:vCard.lnk
Supprimé! E:WMPInfo.lnk
Supprimé! E:PUMPED UP KICKS-DUBSTEP.lnk
Supprimé! E:Avicii 'Levels' Skrillex Remix [FULL].lnk
Supprimé! E:Reptile – Skrillex.lnk
Supprimé! E:Skrillex – Cinema (Official).lnk
Supprimé! E:temporary.lnk
Supprimé! E:.demovideo.lnk
Supprimé! E:alarms.lnk
Supprimé! E:Android.lnk
Supprimé! E:games.lnk
Supprimé! E:image.lnk
Supprimé! E:music.lnk
Supprimé! E:notifications.lnk
Supprimé! E:others.lnk
Supprimé! E:PCCompanion.lnk
Supprimé! E:ringtones.lnk
Supprimé! E:TryAndBuy.lnk
Supprimé! E:video.lnk
Supprimé! E:LOST.DIR.lnk
Supprimé! E:.android_secure.lnk
Supprimé! E:DCIM.lnk
Supprimé! E:bluetooth.lnk
Supprimé! E:.medieval_software.lnk
Supprimé! E:Black Eyed Peas-The Beginning (Super Deluxe Edition) 2CD 2010.lnk
Supprimé! E:z7logs.lnk
Supprimé! E:media.lnk
Supprimé! E:droidhen.lnk
Supprimé! E:Attachments.lnk
Supprimé! E:download.lnk
Supprimé! E:tmp.lnk
Supprimé! E:burstlyImageCache.lnk
Supprimé! E:deezer.lnk
Supprimé! E:burstlyVideoCache.lnk
Supprimé! E:hu.tonuzaba.android.lnk
Supprimé! E:System.lnk
Supprimé! E:openfeint.lnk
Supprimé! E:.beintoo.lnk
Supprimé! E:Mikulu.lnk
Supprimé! E:mp3download.lnk
Supprimé! E:temp.lnk
Supprimé! E:Pictures.lnk
Supprimé! E:svox.lnk
Supprimé! E:.doodlemobile_featureviewnew.lnk
Supprimé! E:zausan.lnk
Supprimé! E:.downloadTemp.lnk
Supprimé! E:.eCtcQjbu1dgnvtFnvnr6yepTp1M=.lnk
Supprimé! E:Jeux.lnk
Supprimé! E:System Volume Information.lnk
Supprimé! C:ProgramDataSetStretch.VBS

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersIAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersIAppDataLocalTempiTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersIAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-3552526935-3610135780-3772605591-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[18/11/2013 – 16:02:15 | SHD ] C:$Recycle.Bin
[27/11/2013 – 19:55:46 | D ] C:AdwCleaner
[04/09/2013 – 12:48:53 | D ] C:AsusVibeData
[26/04/2013 – 09:05:33 | SHD ] C:Boot
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[18/06/2013 – 13:18:29 | N | 1] C:BOOTNXT
[22/08/2013 – 15:45:52 | SHD ] C:Documents and Settings
[04/09/2013 – 12:49:00 | D ] C:eSupport
[27/11/2013 – 23:16:53 | ASH | 6775488512] C:hiberfil.sys
[04/09/2013 – 12:29:01 | D ] C:Intel
[27/11/2013 – 23:16:56 | ASH | 1342177280] C:pagefile.sys
[22/08/2013 – 16:22:35 | D ] C:PerfLogs
[27/11/2013 – 20:07:08 | N | 512] C:PhysicalDisk0_MBR.bin
[18/11/2013 – 14:35:07 | D ] C:Program Files
[27/11/2013 – 20:02:48 | D ] C:Program Files (x86)
[27/11/2013 – 23:20:51 | HD ] C:ProgramData
[18/11/2013 – 14:13:46 | SHD ] C:Recovery
[29/10/2013 – 15:18:03 | D ] C:Riot Games
[30/10/2013 – 10:08:37 | D ] C:sources
[27/11/2013 – 23:16:57 | ASH | 268435456] C:swapfile.sys
[21/11/2013 – 12:35:10 | SHD ] C:System Volume Information
[27/11/2013 – 23:20:50 | D ] C:UsbFix
[27/11/2013 – 20:11:13 | N | 11242] C:UsbFix [Clean 3] IANIS.txt
[27/11/2013 – 23:20:52 | A | 9568] C:UsbFix [Clean 4] IANIS.txt
[27/11/2013 – 19:24:13 | N | 15674] C:UsbFix [Scan 1] IANIS.txt
[18/11/2013 – 14:24:53 | RD ] C:Users
[27/11/2013 – 23:16:53 | D ] C:Windows
[04/09/2013 – 12:27:15 | SHD ] D:$RECYCLE.BIN
[15/11/2013 – 10:55:47 | D ] D:53db3272110864fe1168f3a1
[18/11/2013 – 14:35:23 | SHD ] D:System Volume Information
[23/05/2011 – 17:40:26 | N | 156] E:CDAInfo.txt
[23/05/2011 – 17:40:26 | N | 0] E:MEMSTICK.IND
[23/05/2011 – 17:40:26 | N | 0] E:MSTK_PRO.IND
[23/05/2011 – 17:41:28 | D ] E:.demovideo
[23/05/2011 – 17:41:28 | D ] E:alarms
[23/05/2011 – 17:41:28 | D ] E:Android
[23/05/2011 – 17:41:40 | D ] E:games
[23/05/2011 – 17:41:40 | D ] E:image
[03/04/2012 – 22:17:20 | D ] E:music
[23/05/2011 – 17:41:40 | D ] E:notifications
[23/05/2011 – 17:41:40 | D ] E:others
[23/05/2011 – 17:46:22 | D ] E:PCCompanion
[23/05/2011 – 17:46:26 | D ] E:ringtones
[23/05/2011 – 17:46:26 | D ] E:TryAndBuy
[23/05/2011 – 17:46:32 | D ] E:video
[28/07/2011 – 17:09:32 | N | 220] E:Traceability.txt
[28/07/2011 – 17:09:32 | N | 101] E:MemStickInfo.txt
[06/01/1980 – 00:02:44 | D ] E:LOST.DIR
[26/11/2012 – 09:18:12 | D ] E:.android_secure
[05/08/2013 – 12:31:32 | N | 8216] E:default-capability.xml
[05/08/2013 – 12:31:32 | N | 145] E:customized-capability.xml
[31/08/2013 – 20:07:26 | D ] E:DCIM
[12/07/2013 – 21:05:14 | D ] E:bluetooth
[08/10/2011 – 20:20:52 | D ] E:.medieval_software
[08/10/2011 – 20:40:56 | N | 232] E:Christophe.vcf
[08/10/2011 – 20:40:56 | N | 224] E:Cl Fix.vcf
[08/10/2011 – 20:40:56 | N | 224] E:Dorian.vcf
[08/10/2011 – 20:40:56 | N | 224] E:Fiofix.vcf
[08/10/2011 – 20:40:56 | N | 222] E:Fiona.vcf
[08/10/2011 – 20:40:56 | N | 230] E:Greygoire.vcf
[08/10/2011 – 20:40:56 | N | 222] E:Julie.vcf
[08/10/2011 – 20:40:58 | N | 221] E:Karil.vcf
[08/10/2011 – 20:40:58 | N | 222] E:Kevin.vcf
[08/10/2011 – 20:40:58 | N | 224] E:Leslie.vcf
[08/10/2011 – 20:40:58 | N | 224] E:Maison.vcf
[08/10/2011 – 20:40:58 | N | 222] E:Malou.vcf
[08/10/2011 – 20:40:58 | N | 220] E:Manu.vcf
[08/10/2011 – 20:40:58 | N | 226] E:Mathieu.vcf
[08/10/2011 – 20:40:58 | N | 224] E:Mehdi2.vcf
[08/10/2011 – 20:40:58 | N | 224] E:Nathan.vcf
[08/10/2011 – 20:41:00 | N | 222] E:Niels.vcf
[08/10/2011 – 20:41:00 | N | 226] E:Pascale.vcf
[08/10/2011 – 20:41:00 | N | 226] E:Patrice.vcf
[08/10/2011 – 23:38:52 | D ] E:Black Eyed Peas-The Beginning (Super Deluxe Edition) 2CD 2010
[06/01/1980 – 00:22:20 | D ] E:z7logs
[03/04/2012 – 22:16:34 | D ] E:media
[11/10/2011 – 18:42:04 | D ] E:droidhen
[25/08/2012 – 13:18:08 | D ] E:Attachments
[27/10/2013 – 19:00:16 | D ] E:download
[12/10/2011 – 12:58:40 | N | 173899] E:MarketEnabler_v3.1.1.2.apk
[12/10/2011 – 17:31:58 | D ] E:tmp
[29/11/2012 – 01:18:46 | D ] E:burstlyImageCache
[05/11/2011 – 02:05:38 | D ] E:deezer
[23/10/2011 – 18:10:36 | D ] E:burstlyVideoCache
[30/10/2011 – 02:20:14 | D ] E:hu.tonuzaba.android
[20/12/2011 – 18:26:28 | SHD ] E:System
[01/12/2012 – 14:30:48 | N | 83] E:vCard.vcf
[10/02/2012 – 02:10:04 | D ] E:openfeint
[10/02/2012 – 02:10:06 | D ] E:.beintoo
[29/02/2012 – 06:09:48 | D ] E:Mikulu
[29/02/2012 – 06:11:12 | D ] E:mp3download
[03/04/2012 – 22:17:20 | N | 296] E:WMPInfo.xml
[06/07/2012 – 20:16:46 | D ] E:temp
[10/04/2012 – 04:44:36 | N | 5235388] E:PUMPED UP KICKS-DUBSTEP.mp3
[08/04/2012 – 10:50:58 | N | 4502706] E:Avicii 'Levels' Skrillex Remix [FULL].mp3
[07/09/2012 – 06:32:42 | D ] E:Pictures
[13/04/2012 – 18:48:22 | N | 3793011] E:Reptile – Skrillex.mp3
[11/04/2012 – 14:26:10 | N | 4931532] E:Skrillex – Cinema (Official).mp3
[22/08/2012 – 17:41:32 | D ] E:svox
[25/08/2012 – 15:05:16 | D ] E:.doodlemobile_featureviewnew
[18/10/2012 – 17:20:10 | N | 559708] E:temporary.jpg
[20/11/2012 – 22:10:28 | D ] E:zausan
[27/10/2013 – 19:00:16 | D ] E:.downloadTemp
[30/10/2013 – 19:31:06 | D ] E:.eCtcQjbu1dgnvtFnvnr6yepTp1M=
[18/01/2013 – 13:33:20 | D ] E:Jeux
[18/11/2013 – 14:35:24 | SHD ] E:System Volume Information

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:ecx4jjnp]