Répondre à : Clef usb infectée 2016-09-12T13:44:28+00:00
Itsumi
Participant
Nombre d'articles : 3

Merci énormément pour ton aide !

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: user (Administrateur) # USER-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 13:18:44 | 30/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: FOXCONN (45CS/45CSX)
CPU: Intel(R) Atom(TM) CPU 230 @ 1.60GHz
RAM -> [Total : 1015 Mo| Free : 458 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Google Chrome : 34.0.1847.131

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | (!) Outdated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 17 Go (489 Mo libre(s) – 3%) [] # NTFS
D: -> Disque fixe # 20 Go (8 Go libre(s) – 39%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [JAMILA] # FAT32
G: -> Disque amovible # 7 Go (220 Mo libre(s) – 3%) [TOSHIBA] # FAT32
Z: -> Disque fixe # 100 Mo (70 Mo libre(s) – 70%) [Réservé au système] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 396 |ParentID: 388)
C:Windowssystem32wininit.exe (ID: 436 |ParentID: 388)
C:Windowssystem32csrss.exe (ID: 448 |ParentID: 428)
C:Windowssystem32winlogon.exe (ID: 504 |ParentID: 428)
C:Windowssystem32services.exe (ID: 544 |ParentID: 436)
C:Windowssystem32lsass.exe (ID: 552 |ParentID: 436)
C:Windowssystem32lsm.exe (ID: 560 |ParentID: 436)
C:Windowssystem32svchost.exe (ID: 668 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 756 |ParentID: 544)
C:WindowsSystem32svchost.exe (ID: 840 |ParentID: 544)
C:WindowsSystem32svchost.exe (ID: 896 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 940 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 1092 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 1200 |ParentID: 544)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1280 |ParentID: 544)
C:WindowsSystem32spoolsv.exe (ID: 1500 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 1576 |ParentID: 544)
C:Windowssystem32taskhost.exe (ID: 1628 |ParentID: 544)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1752 |ParentID: 544)
C:Windowssystem32taskeng.exe (ID: 1788 |ParentID: 940)
C:Program FilesSkypeUpdaterUpdater.exe (ID: 1828 |ParentID: 544)
C:Windowssystem32sppsvc.exe (ID: 1852 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 1900 |ParentID: 544)
C:Windowssystem32WUDFHost.exe (ID: 1732 |ParentID: 896)
C:Windowssystem32wbemwmiprvse.exe (ID: 2248 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 2260 |ParentID: 544)
C:Windowssystem32Dwm.exe (ID: 2444 |ParentID: 896)
C:WindowsExplorer.EXE (ID: 2468 |ParentID: 2436)
C:Windowssystem32runonce.exe (ID: 2504 |ParentID: 2468)

################## | Recherche générique |

Supprimé! C:UsersuserAppDataRoamingSysBackUp.vbs
Supprimé! C:UsersuserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSysBackUp.vbs
Supprimé! F:SysBackUp.vbs
Supprimé! G:SysBackUp.vbs
Supprimé! G:12 Years A Slave 2013 FRENCH BRRiP XviD-CARPEDIEM.lnk
Supprimé! G:Junyi Zhang – Equilibre & contorsion – L’Empereur de Jade (extrait).lnk
Supprimé! G:[www.lnk
Supprimé! G:Au.lnk
Supprimé! G:- YouTube_d6ei.lnk
Supprimé! G:Captain.lnk
Supprimé! C:UsersuserAppDataRoamingFlashPlayer Install

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwarePowerPack
Supprimé! HKUS-1-5-21-2195047794-2104562677-999096182-1000SoftwareMicrosoftWindowsCurrentVersionRun|SysBackUp

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKCU..Run : [cacaoweb] “C:UsersuserAppDataRoamingcacaowebcacaoweb.exe” -noplayer
04 – HKCU..Run : [LiveSupport] “C:Program FilesLiveSupportLiveSupport.exe” /noshow /log
04 – HKCU..Run : [uTorrent] “C:UsersuserAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [mobilegeni daemon] C:Program FilesMobogenieDaemonProcess.exe
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2195047794-2104562677-999096182-1000..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-2195047794-2104562677-999096182-1000..Run : [cacaoweb] “C:UsersuserAppDataRoamingcacaowebcacaoweb.exe” -noplayer
04 – HKUS-1-5-21-2195047794-2104562677-999096182-1000..Run : [LiveSupport] “C:Program FilesLiveSupportLiveSupport.exe” /noshow /log
04 – HKUS-1-5-21-2195047794-2104562677-999096182-1000..Run : [uTorrent] “C:UsersuserAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[03/11/2013 – 17:27:01 | SHD] – C:$Recycle.Bin
[10/06/2009 – 21:42:20 | A | 0 Ko] – C:autoexec.bat
[10/06/2009 – 21:42:20 | N | 0 Ko] – C:config.sys
[14/07/2009 – 04:53:55 | SHD] – C:Documents and Settings
[30/04/2014 – 13:17:45 | ASH | 779800 Ko] – C:hiberfil.sys
[03/11/2013 – 20:03:56 | RHD] – C:MSOCache
[14/07/2009 – 02:37:05 | D] – C:PerfLogs
[28/04/2014 – 12:53:15 | D] – C:Program Files
[28/04/2014 – 12:50:05 | HD] – C:ProgramData
[03/11/2013 – 17:26:04 | SHD] – C:Recovery
[29/04/2014 – 14:21:26 | SHD] – C:System Volume Information
[30/04/2014 – 12:49:33 | D] – C:UsbFix
[30/04/2014 – 13:23:34 | A | 6 Ko | FB07DC72557F5CE834AF21D5562BC18E] – C:UsbFix [Clean 2] USER-PC.txt
[31/12/2013 – 11:05:32 | D] – C:Users
[29/04/2014 – 08:54:40 | D] – C:Windows
[03/11/2013 – 17:27:01 | SHD] – D:$RECYCLE.BIN
[30/03/2014 – 13:55:15 | N | 494 Ko | 137F08E74BE67E26819DCC400B69D5DA] – D:Appnimi ZIP Password Unlocker.exe
[30/03/2014 – 10:18:34 | D] – D:Config.Msi
[29/04/2014 – 18:28:08 | N | 718612 Ko] – D:Drag.Me.To.Hell.TRUEFRENCH.DVDRiP.XviD-HARIJO.avi
[12/04/2014 – 19:02:47 | N | 143959 Ko] – D:Eminem – Rap God (Explicit).mp4
[23/04/2014 – 14:34:38 | N | 23 Ko] – D:EXEMPLE_OTIP.doc
[18/04/2014 – 18:32:20 | N | 29 Ko] – D:fairy.tail.film.1.la.pretresse.du.phoenix.french.bdrip.2013.[www.zetorrents.com].torrent
[18/04/2014 – 18:48:40 | N | 719596 Ko] – D:Fairy.Tail.Le.Film.La.Pretresse.Du.Phoenix.FRENCH.BDRip.XviD-MiND..avi
[21/04/2014 – 17:11:29 | N | 195 Ko] – D:Formulaire_visa_long_sejour_et_OFII-2.pdf
[22/04/2014 – 13:50:10 | N | 15 Ko] – D:Hunegr games 1.torrent
[22/04/2014 – 13:50:19 | N | 21 Ko] – D:Huner games 2.torrent
[22/04/2014 – 15:34:20 | N | 1443568 Ko] – D:Hunger games 1.avi
[29/04/2014 – 15:56:57 | N | 56 Ko] – D:Jusqu’en enfer.torrent
[22/04/2014 – 14:43:11 | N | 1430624 Ko] – D:Les enfants loups.avi
[22/04/2014 – 13:23:36 | N | 15 Ko] – D:Les enfants loups.torrent
[20/04/2014 – 16:44:00 | N | 73 Ko] – D:ma-bimbo-smileys.zip
[01/12/2012 – 10:30:08 | D] – D:Microsoft Office 2007 Complete (French)
[16/04/2014 – 22:31:21 | D] – D:Musique
[30/04/2014 – 13:17:46 | ASH | 1048576 Ko] – D:pagefile.sys
[01/10/2013 – 19:48:26 | D] – D:PhotoFiltre 7
[23/04/2014 – 14:33:44 | N | 23 Ko] – D:pieces constitutives préconsulaire 2014- 2015 .doc
[04/04/2014 – 16:06:03 | D] – D:RAR Password Unlocker
[30/03/2014 – 08:29:21 | N | 13025 Ko | 115073414B19AE3258A166962E7603F3] – D:rar_password_unlocker_trial.exe
[01/12/2012 – 10:29:57 | SHD] – D:System Volume Information
[30/03/2014 – 10:00:18 | N | 316 Ko | 0DEB079A476DFD61A977CA1773CE52E5] – D:Tara duncan 11 pdf.exe
[30/03/2014 – 10:06:08 | N | 12109 Ko] – D:Tara duncan 11 PDF.zip
[30/03/2014 – 14:48:40 | N | 5285 Ko] – D:Tara duncan 11.epub
[22/04/2014 – 15:48:59 | N | 2158170 Ko] – D:The.Hunger.Games.Catching.Fire.2013.FRENCH.BDRip.XviD.AC3-FrIeNdS.avi
[23/04/2014 – 07:25:27 | N | 3810274 Ko] – D:Warm Bodies 2013 FRENCH 720p BluRay x264-CARPEDIEM.mkv
[22/04/2014 – 13:28:36 | N | 19 Ko] – D:Warm bodies.torrent
[29/04/2014 – 19:28:16 | N | 272 Ko] – D:~uTorrentPartFile_E88F9BDE.dat
[26/02/2014 – 11:24:16 | N | 1432124 Ko] – G:12 Years A Slave 2013 FRENCH BRRiP XviD-CARPEDIEM.avi
[07/01/2014 – 11:04:18 | N | 21038 Ko] – G:Junyi Zhang – Equilibre & contorsion – L’Empereur de Jade (extrait).mp4
[04/11/2013 – 10:12:26 | N | 1433142 Ko] – G:[www.Cpasbien.me] sde-lincoln.avi
[25/10/2013 – 11:23:32 | N | 1434327 Ko] – G:[www.OMGTORRENT.com] The.Grandmaster.2013.FRENCH.DVDRip.XviD-ARTEFAC.avi
[18/08/2013 – 11:37:10 | N | 1534392 Ko] – G:Au.delà.de.nos.rêves.1998.Fantastique.DVDRiP.XViD.FRENCH-LDD.avi
[12/03/2014 – 17:36:34 | N | 31518 Ko] – G:- YouTube_d6ei.720p.mp4
[19/01/2014 – 12:28:34 | N | 1448256 Ko] – G:Captain.Phillips.2013.FRENCH.SUBFORCED.BDRip.XviD-FrIeNdS.avi
[03/11/2013 – 17:58:25 | SHD] – Z:$RECYCLE.BIN
[03/11/2013 – 17:16:34 | SHD] – Z:Boot
[16/08/2009 – 15:30:57 | RASH | 375 Ko] – Z:bootmgr
[03/11/2013 – 17:16:35 | RASH | 8 Ko] – Z:BOOTSECT.BAK
[04/08/2009 – 17:06:10 | N | 167 Ko] – Z:grldr
[03/11/2013 – 17:19:06 | SHD] – Z:System Volume Information

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
Z:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |