Répondre à : Clé infectée 2016-09-08T13:22:17+00:00
Huvelle
Participant
Nombre d'articles : 7

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: jeanmarie (Administrateur) # JEANMARIE-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 19:05:57 | 30/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (N150/N210/N220 )
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
RAM -> [Total : 1013 | Free : 158]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 67 Go (10 Go libre(s) – 15%) [] # NTFS
D: -> Disque fixe # 67 Go (18 Go libre(s) – 27%) [] # NTFS
E: -> Disque amovible # 15 Go (9 Go libre(s) – 60%) [KINGSTON] # FAT32
F: -> Disque amovible # 7 Go (836 Mo libre(s) – 11%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1516 |ParentID: 528)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 1820 |ParentID: 528)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 2380 |ParentID: 1820)
Stoppé! C:Program FilesAviraAntiVir DesktopAVWEBGRD.EXE (ID: 2548 |ParentID: 528)
Stoppé! C:Program FilesHTCInternet Pass-ThroughPassThruSvr.exe (ID: 5868 |ParentID: 528)
Stoppé! C:windowsSystem32rundll32.exe (ID: 5928 |ParentID: 696)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 1724 |ParentID: 528)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 5468 |ParentID: 528)
Stoppé! C:windowsExplorer.exe (ID: 5160 |ParentID: 2508)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4148 |ParentID: 5160)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5156 |ParentID: 4148)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2616 |ParentID: 4148)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1784 |ParentID: 4148)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5500 |ParentID: 4148)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1088 |ParentID: 4148)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Windows Mobile-based device management] – %windir%WindowsMobilewmdcBase.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [TkBellExe] – “C:Program FilesRealRealPlayerupdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [Tutorials] –
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [ApnTBMon] – “C:Program FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe”
04 – HKLMSOFTWARE | Run : [mobilegeni daemon] – C:Program FilesMobogenieDaemonProcess.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [OrangePlayer] – C:Program FilesOrangeMedia PlayerMedia Player.exe /systray
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [OrangePlayer] – C:Program FilesOrangeMedia PlayerMedia Player.exe /systray
04 – HKUS-1-5-21-2071869296-2185399040-3217962726-1000SOFTWARE | Run : [Orange Installer] – “C:Program FilesOrangeOrange InstallerOrangeInstaller.exe”
04 – HKUS-1-5-21-2071869296-2185399040-3217962726-1000SOFTWARE | Run : [orangeinside] – C:UsersjeanmarieAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
04 – HKUS-1-5-18SOFTWARE | Run : [OrangePlayer] – C:Program FilesOrangeMedia PlayerMedia Player.exe /systray
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! E:predevisagathe.pdf.lnk
Supprimé! E:PDFCreator-1_7_1_setup.exe.lnk
Supprimé! E:livre.lnk
Supprimé! E:typoart.lnk
Supprimé! E:projetltypoartdef.pdf.lnk
Supprimé! E:émission cogito Aristote.mp3.lnk
Supprimé! E:La Grèce d’Alexandre doc complet.mp3.lnk
Supprimé! E:Le livre des morts des anciens égyptiens .1 . 5..mp3.lnk
Supprimé! E:Les trésors de la bibliothèque d’Alexandrie – Film Français Entier 2013 [VF] (docu).mp3.lnk
Supprimé! E:L’histoire des Sumériens ..mp3.lnk
Supprimé! E:Mésopotamie, les orignes de notre civilisation doc complet.mp3.lnk
Supprimé! F:condé.odt.lnk
Supprimé! F:émission cogito Aristote.mpeg.lnk
Supprimé! F:SKMBT_22313032618190.pdf.lnk
Supprimé! F:céline.pdf.lnk
Supprimé! F:deviscollegecondedebut2014.odt.lnk
Supprimé! F:deviscollegecondedebut2014.pdf.lnk
Supprimé! F:P1000878.JPG.lnk
Supprimé! F:lectionnairedel.pdf.lnk
Supprimé! F:les contes merveilleux impression TYPO.pdf.lnk
Supprimé! F:Paola Requena. Sonata heróica.mpeg.lnk
Supprimé! F:caracteres.pdf.lnk
Supprimé! F:XnView-win-small.exe.lnk
Supprimé! F:blank_guitare tab.pdf.lnk
Supprimé! F:présentation profession de foi 2013.docx.lnk
Supprimé! F:final plaq pme 2013 VFF reduit.pdf.lnk
Supprimé! F:diplome.pdf.lnk
Supprimé! F:LOST.DIR.lnk
Supprimé! F:canonip5000 seven.lnk
Supprimé! F:marylene2013.lnk
Supprimé! F:colle.lnk
Supprimé! F:VIDEO.lnk
Supprimé! F:grar.lnk
Supprimé! F:typonews_11_2012.lnk
Supprimé! F:pdflausane.lnk
Supprimé! F:nebiolo.lnk
Supprimé! F:format papier.lnk
Supprimé! F:casse.lnk
Supprimé! F:papier_cerig.lnk
Supprimé! F:amelie.lnk
Supprimé! F:site057.lnk
Supprimé! F:typoart.lnk
Supprimé! F:typonews.lnk
Supprimé! F:Périodique 1er trimestre 2013.lnk
Supprimé! F:calendrierhergnies.lnk
Supprimé! F:factures.lnk
Supprimé! F:françoise.lnk
Supprimé! F:la vie degutenberg.pdf.lnk
Supprimé! F:N6439522_PDF_1_-1DM.pdf.lnk
Supprimé! F:N5859830_PDF_1_-1DM.pdf.lnk
Supprimé! F:N5436716_PDF_1_-1DM.pdf.lnk
Supprimé! F:discours du concours typo 2012.docx.lnk
Supprimé! F:Planning provisoire des ateliers 2013.docx.lnk
Supprimé! F:SWOP.xlsx.lnk
Supprimé! F:pieces jointes_18_11_2013.zip.lnk
Supprimé! F:pieces jointes_20_11_2013.zip.lnk
Supprimé! C:UsersjeanmarieAppDataLocalBITE99C.tmp
Supprimé! C:UsersJEANMA~1AppDataLocalTempavgnt.exe
Non supprimé ! E:Facebook.vbs

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : D41D8CD98F00B204E9800998ECF8427E -> E:Facebook.vbs

################## | Comparaison MD5 |

Non supprimé ! Md5 : D41D8CD98F00B204E9800998ECF8427E -> C:ProgramDataBrowserDefender2.6.1519.190{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserDefender.exe
Non supprimé ! Md5 : D41D8CD98F00B204E9800998ECF8427E -> C:UsersAll UsersBrowserDefender2.6.1519.190{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserDefender.exe
Non supprimé ! Md5 : D41D8CD98F00B204E9800998ECF8427E -> E:Facebook.vbs

################## | Registre |

Supprimé! HKUS-1-5-21-2071869296-2185399040-3217962726-1000Software….Mountpoints2{04c031d7-9c63-11df-a91a-00245457dea2}
Supprimé! HKUS-1-5-21-2071869296-2185399040-3217962726-1000Software….Mountpoints2{231b8587-1ad1-11e3-9f09-00245457dea2}
Supprimé! HKUS-1-5-21-2071869296-2185399040-3217962726-1000Software….Mountpoints2{4d3ad162-7e5d-11e1-b845-00245457dea2}
Supprimé! HKUS-1-5-21-2071869296-2185399040-3217962726-1000Software….Mountpoints2{e74ef244-b597-11df-a826-964ce59c9d34}

################## | Listing |

[03/02/2010 – 14:14:58 | SHD ] C:$Recycle.Bin
[15/12/2010 – 11:30:40 | | 0] C:AdobeDebug.txt
[10/06/2009 – 22:42:20 | | 24] C:autoexec.bat
[21/05/2011 – 16:41:41 | | 668] C:binternet.lnk
[22/06/2010 – 13:53:49 | D ] C:CLJ3800mfp_ICC_color_profiles_CMYK
[21/12/2012 – 21:07:36 | D ] C:clj3800winprnsys
[29/11/2013 – 09:12:59 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | | 10] C:config.sys
[28/12/2011 – 22:04:06 | D ] C:C_DILLA
[21/12/2012 – 21:07:32 | | 382] C:Disque amovible (F) – Raccourci.lnk
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[25/02/2011 – 21:55:18 | D ] C:DriveKey
[29/03/2010 – 21:09:09 | D ] C:francoise
[24/01/2011 – 17:02:31 | D ] C:GTK
[29/11/2013 – 16:16:01 | ASH | 796889088] C:hiberfil.sys
[22/06/2010 – 14:06:57 | D ] C:HP Universal Print Driver v5.1 PCL5 32-bit Driver
[22/06/2010 – 14:10:20 | D ] C:HP Universal Print Driver v5.1 PCL6 32-bit Driver
[17/06/2010 – 04:56:55 | D ] C:imprimantes
[09/12/2009 – 02:05:44 | D ] C:Intel
[16/05/2010 – 10:37:21 | | 0] C:IO.SYS
[26/06/2011 – 20:54:17 | D ] C:latex
[06/12/2011 – 19:08:45 | D ] C:MININT
[16/05/2010 – 10:37:21 | | 0] C:MSDOS.SYS
[13/12/2010 – 15:51:05 | D ] C:Nouveau dossier (2)
[29/02/2004 – 16:44:34 | | 52576] C:orange.bmp
[29/11/2013 – 16:16:03 | ASH | 1073741824] C:pagefile.sys
[09/02/2011 – 13:19:48 | | 13030] C:PDOXUSRS.NET
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[18/09/2011 – 11:35:42 | D ] C:PFiles
[29/11/2013 – 09:23:38 | D ] C:Program Files
[29/11/2013 – 08:57:37 | HD ] C:ProgramData
[24/07/2010 – 20:05:00 | D ] C:Put a directory on PYTHONPATH here
[24/07/2010 – 20:03:09 | D ] C:Python27
[03/02/2010 – 13:36:00 | SHD ] C:Recovery
[22/02/2010 – 18:16:46 | | 2163] C:RHDSetup.log
[22/02/2010 – 18:16:46 | | 206] C:setup.log
[22/06/2010 – 13:59:17 | D ] C:SureSupply
[29/11/2013 – 14:37:15 | SHD ] C:System Volume Information
[28/05/2012 – 16:46:05 | D ] C:Temp
[23/01/2012 – 15:34:53 | D ] C:texlive
[30/11/2013 – 19:12:01 | D ] C:UsbFix
[30/11/2013 – 19:12:09 | A | 10374] C:UsbFix [Clean 4] JEANMARIE-PC.txt
[29/11/2013 – 09:55:41 | | 10943] C:UsbFix [Scan 1] JEANMARIE-PC.txt
[30/11/2013 – 18:54:30 | | 10537] C:UsbFix [Scan 2] JEANMARIE-PC.txt
[26/08/2012 – 17:44:59 | | 1844] C:user.js
[29/11/2013 – 08:59:05 | RD ] C:Users
[05/12/2011 – 17:14:04 | D ] C:videos
[29/11/2013 – 09:12:20 | D ] C:Windows
[03/02/2010 – 14:39:45 | SHD ] D:$RECYCLE.BIN
[28/12/2011 – 20:23:18 | D ] D:glabels
[19/08/2012 – 18:05:54 | D ] D:JEANMARIE-PC
[03/02/2010 – 21:38:22 | N | 528] D:MediaID.bin
[18/12/2011 – 20:53:34 | SHD ] D:System Volume Information
[05/11/2013 – 08:49:08 | D ] E:livre
[09/10/2013 – 16:30:30 | N | 70412] E:predevisagathe.pdf
[16/10/2013 – 04:47:32 | N | 17810632] E:PDFCreator-1_7_1_setup.exe
[18/10/2013 – 13:37:32 | D ] E:typoart
[19/09/2008 – 16:12:34 | N | 110869] E:projetltypoartdef.pdf
[01/08/2013 – 15:38:28 | N | 12628251] E:émission cogito Aristote.mp3
[20/10/2013 – 10:47:22 | N | 41252186] E:La Grèce d’Alexandre doc complet.mp3
[06/07/2012 – 20:02:54 | N | 17301035] E:Le livre des morts des anciens égyptiens .1 . 5..mp3
[19/07/2013 – 10:58:22 | N | 44365564] E:Les trésors de la bibliothèque d’Alexandrie – Film Français Entier 2013 [VF] (docu).mp3
[20/07/2013 – 07:05:04 | N | 49331337] E:L’histoire des Sumériens ..mp3
[20/10/2013 – 11:52:38 | N | 41949342] E:Mésopotamie, les orignes de notre civilisation doc complet.mp3
[04/11/2013 – 23:25:04 | N | 1517979648] E:»» L’EGYPTE DES PHARAONS ??{DOCUMENTAIRE COMPLET}.mpeg
[23/02/2013 – 03:21:22 | N | 6796] E:Facebook.vbs
[10/12/2012 – 14:19:20 | D ] F:LOST.DIR
[12/03/2013 – 16:53:18 | D ] F:canonip5000 seven
[01/08/2013 – 16:38:28 | N | 202061824] F:émission cogito Aristote.mpeg
[27/03/2013 – 07:35:52 | N | 328418] F:SKMBT_22313032618190.pdf
[19/03/2013 – 07:19:48 | D ] F:marylene2013
[28/03/2013 – 07:51:58 | D ] F:colle
[30/03/2013 – 13:32:38 | N | 11872] F:condé.odt
[11/05/2013 – 21:32:44 | D ] F:VIDEO
[30/10/2012 – 16:18:34 | N | 361491] F:céline.pdf
[30/03/2013 – 13:54:46 | N | 36620] F:deviscollegecondedebut2014.odt
[30/03/2013 – 13:55:02 | N | 73289] F:deviscollegecondedebut2014.pdf
[03/06/2013 – 09:28:54 | D ] F:grar
[02/11/2012 – 12:15:16 | D ] F:typonews_11_2012
[31/03/2013 – 12:02:58 | D ] F:pdflausane
[02/06/2013 – 12:26:02 | D ] F:nebiolo
[05/11/2012 – 11:15:30 | D ] F:format papier
[14/06/2013 – 09:09:42 | N | 2185862] F:P1000878.JPG
[05/11/2012 – 11:18:24 | D ] F:casse
[06/04/2013 – 14:17:22 | D ] F:papier_cerig
[19/06/2013 – 08:34:28 | D ] F:amelie
[14/11/2012 – 08:44:18 | D ] F:site057
[02/06/2013 – 12:24:32 | N | 43925189] F:lectionnairedel.pdf
[12/06/2013 – 10:03:08 | N | 8430883] F:les contes merveilleux impression TYPO.pdf
[28/06/2013 – 11:55:00 | D ] F:typoart
[08/12/2012 – 12:18:58 | N | 107442176] F:Paola Requena. Sonata heróica.mpeg
[03/05/2013 – 12:19:46 | D ] F:typonews
[16/01/2013 – 10:10:06 | D ] F:Périodique 1er trimestre 2013
[19/08/2013 – 22:05:46 | N | 102886049] F:caracteres.pdf
[18/10/2013 – 10:47:38 | N | 2744192] F:XnView-win-small.exe
[18/10/2013 – 10:52:16 | D ] F:calendrierhergnies
[01/02/2013 – 07:09:30 | D ] F:factures
[06/02/2013 – 14:16:36 | D ] F:françoise
[20/02/2013 – 12:01:16 | N | 18212] F:blank_guitare tab.pdf
[24/02/2013 – 09:11:16 | N | 61121] F:présentation profession de foi 2013.docx
[19/02/2013 – 14:24:24 | N | 1192818] F:final plaq pme 2013 VFF reduit.pdf
[19/02/2013 – 14:26:10 | N | 57971] F:diplome.pdf
[03/11/2013 – 11:12:22 | N | 1730176] F:la vie degutenberg.pdf
[08/11/2013 – 11:46:36 | N | 28919810] F:N6439522_PDF_1_-1DM.pdf
[08/11/2013 – 11:53:30 | N | 19816236] F:N5859830_PDF_1_-1DM.pdf
[08/11/2013 – 11:55:06 | N | 23401034] F:N5436716_PDF_1_-1DM.pdf
[12/11/2013 – 07:48:02 | N | 18503] F:discours du concours typo 2012.docx
[12/11/2013 – 07:48:46 | N | 12033] F:Planning provisoire des ateliers 2013.docx
[18/11/2013 – 08:40:28 | N | 10678] F:SWOP.xlsx
[18/11/2013 – 08:44:36 | N | 252089] F:pieces jointes_18_11_2013.zip
[20/11/2013 – 12:55:20 | N | 1217377] F:pieces jointes_20_11_2013.zip

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |