Répondre à : Clé infectée 2016-09-08T13:22:17+00:00
Huvelle
Participant
Nombre d'articles : 7

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: jeanmarie (Administrateur) # JEANMARIE-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 19:58:03 | 30/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (N150/N210/N220 )
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
RAM -> [Total : 1013 | Free : 179]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 67 Go (11 Go libre(s) – 16%) [] # NTFS
D: -> Disque fixe # 67 Go (18 Go libre(s) – 27%) [] # NTFS
E: -> Disque amovible # 4 Go (260 Mo libre(s) – 7%) [TYPOART01] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1516 |ParentID: 536)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 1752 |ParentID: 536)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 2696 |ParentID: 1752)
Stoppé! C:Program FilesAviraAntiVir DesktopAVWEBGRD.EXE (ID: 3192 |ParentID: 536)
Stoppé! C:Program FilesHTCInternet Pass-ThroughPassThruSvr.exe (ID: 5712 |ParentID: 536)
Stoppé! C:windowsSystem32rundll32.exe (ID: 5536 |ParentID: 696)
Stoppé! C:Windowssystem32WUDFHost.exe (ID: 5684 |ParentID: 932)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 5528 |ParentID: 536)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 1280 |ParentID: 536)
Stoppé! C:windowsExplorer.exe (ID: 4200 |ParentID: 5104)
Stoppé! C:windowssystem32NOTEPAD.EXE (ID: 3748 |ParentID: 5104)
Stoppé! C:windowssystem32taskeng.exe (ID: 2544 |ParentID: 988)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2068 |ParentID: 2932)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5508 |ParentID: 2068)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 336 |ParentID: 2068)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2012 |ParentID: 2068)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5748 |ParentID: 2068)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Windows Mobile-based device management] – %windir%WindowsMobilewmdcBase.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [TkBellExe] – “C:Program FilesRealRealPlayerupdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [ApnTBMon] – “C:Program FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe”
04 – HKLMSOFTWARE | Run : [mobilegeni daemon] – C:Program FilesMobogenieDaemonProcess.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [OrangePlayer] – C:Program FilesOrangeMedia PlayerMedia Player.exe /systray
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [OrangePlayer] – C:Program FilesOrangeMedia PlayerMedia Player.exe /systray
04 – HKUS-1-5-21-2071869296-2185399040-3217962726-1000SOFTWARE | Run : [Orange Installer] – “C:Program FilesOrangeOrange InstallerOrangeInstaller.exe”
04 – HKUS-1-5-21-2071869296-2185399040-3217962726-1000SOFTWARE | Run : [orangeinside] – C:UsersjeanmarieAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
04 – HKUS-1-5-18SOFTWARE | Run : [OrangePlayer] – C:Program FilesOrangeMedia PlayerMedia Player.exe /systray
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! E:clétypoart01.lnk
Supprimé! E:gutenberglamartine.pdf.lnk
Supprimé! E:Vie de Gutenberg – Alphonse de Lamartine.htm.lnk
Supprimé! E:Vie de Gutenberg – Alphonse de Lamartine_files.lnk
Supprimé! E:.~lock.gutenberglamartine.odt#.lnk
Supprimé! E:gutenberglamartine.odt.lnk
Supprimé! E:gutenberglamartine02.pdf.lnk
Supprimé! C:UsersJEANMA~1AppDataLocalTempavgnt.exe
Non supprimé ! E:Facebook.vbs

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : D41D8CD98F00B204E9800998ECF8427E -> E:Facebook.vbs

################## | Comparaison MD5 |

Non supprimé ! Md5 : D41D8CD98F00B204E9800998ECF8427E -> E:Facebook.vbs

################## | Registre |

################## | Listing |

[03/02/2010 – 14:14:58 | SHD ] C:$Recycle.Bin
[15/12/2010 – 11:30:40 | | 0] C:AdobeDebug.txt
[30/11/2013 – 19:22:04 | D ] C:AdwCleaner
[10/06/2009 – 22:42:20 | | 24] C:autoexec.bat
[22/06/2010 – 13:53:49 | D ] C:CLJ3800mfp_ICC_color_profiles_CMYK
[21/12/2012 – 21:07:36 | D ] C:clj3800winprnsys
[29/11/2013 – 09:12:59 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | | 10] C:config.sys
[28/12/2011 – 22:04:06 | D ] C:C_DILLA
[21/12/2012 – 21:07:32 | | 382] C:Disque amovible (F) – Raccourci.lnk
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[25/02/2011 – 21:55:18 | D ] C:DriveKey
[29/03/2010 – 21:09:09 | D ] C:francoise
[24/01/2011 – 17:02:31 | D ] C:GTK
[30/11/2013 – 19:25:37 | ASH | 796889088] C:hiberfil.sys
[22/06/2010 – 14:06:57 | D ] C:HP Universal Print Driver v5.1 PCL5 32-bit Driver
[22/06/2010 – 14:10:20 | D ] C:HP Universal Print Driver v5.1 PCL6 32-bit Driver
[17/06/2010 – 04:56:55 | D ] C:imprimantes
[09/12/2009 – 02:05:44 | D ] C:Intel
[16/05/2010 – 10:37:21 | | 0] C:IO.SYS
[26/06/2011 – 20:54:17 | D ] C:latex
[06/12/2011 – 19:08:45 | D ] C:MININT
[16/05/2010 – 10:37:21 | | 0] C:MSDOS.SYS
[13/12/2010 – 15:51:05 | D ] C:Nouveau dossier (2)
[29/02/2004 – 16:44:34 | | 52576] C:orange.bmp
[30/11/2013 – 19:25:39 | ASH | 1073741824] C:pagefile.sys
[09/02/2011 – 13:19:48 | | 13030] C:PDOXUSRS.NET
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[18/09/2011 – 11:35:42 | D ] C:PFiles
[30/11/2013 – 19:21:06 | D ] C:Program Files
[30/11/2013 – 19:20:59 | HD ] C:ProgramData
[24/07/2010 – 20:05:00 | D ] C:Put a directory on PYTHONPATH here
[24/07/2010 – 20:03:09 | D ] C:Python27
[03/02/2010 – 13:36:00 | SHD ] C:Recovery
[22/02/2010 – 18:16:46 | | 2163] C:RHDSetup.log
[22/02/2010 – 18:16:46 | | 206] C:setup.log
[22/06/2010 – 13:59:17 | D ] C:SureSupply
[29/11/2013 – 14:37:15 | SHD ] C:System Volume Information
[28/05/2012 – 16:46:05 | D ] C:Temp
[23/01/2012 – 15:34:53 | D ] C:texlive
[30/11/2013 – 19:58:17 | D ] C:UsbFix
[30/11/2013 – 19:12:11 | | 14860] C:UsbFix [Clean 4] JEANMARIE-PC.txt
[30/11/2013 – 20:03:22 | A | 7615] C:UsbFix [Clean 6] JEANMARIE-PC.txt
[29/11/2013 – 09:55:41 | | 10943] C:UsbFix [Scan 1] JEANMARIE-PC.txt
[30/11/2013 – 18:54:30 | | 10537] C:UsbFix [Scan 2] JEANMARIE-PC.txt
[30/11/2013 – 19:53:17 | | 8978] C:UsbFix [Scan 3] JEANMARIE-PC.txt
[26/08/2012 – 17:44:59 | | 1844] C:user.js
[29/11/2013 – 08:59:05 | RD ] C:Users
[05/12/2011 – 17:14:04 | D ] C:videos
[29/11/2013 – 09:12:20 | D ] C:Windows
[03/02/2010 – 14:39:45 | SHD ] D:$RECYCLE.BIN
[28/12/2011 – 20:23:18 | D ] D:glabels
[19/08/2012 – 18:05:54 | D ] D:JEANMARIE-PC
[03/02/2010 – 21:38:22 | N | 528] D:MediaID.bin
[18/12/2011 – 20:53:34 | SHD ] D:System Volume Information
[23/02/2013 – 03:21:22 | N | 6796] E:Facebook.vbs
[28/10/2013 – 12:53:50 | D ] E:clétypoart01
[29/10/2013 – 11:30:14 | N | 3371604] E:gutenberglamartine.pdf
[29/10/2013 – 11:34:12 | D ] E:Vie de Gutenberg – Alphonse de Lamartine_files
[29/10/2013 – 11:34:12 | N | 81653] E:Vie de Gutenberg – Alphonse de Lamartine.htm
[30/10/2013 – 17:04:32 | N | 45447] E:gutenberglamartine.odt
[30/10/2013 – 17:04:42 | N | 156690] E:gutenberglamartine02.pdf

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Aller à la barre d’outils