Répondre à : Fichiers transformés en raccourcis sur clé USB 2016-09-08T13:07:54+00:00
oxi-do
Participant
Post count: 9

Voilà pour le second scan. Par contre, lors de certaines étapes (par exemple, à 46% de la procédure), la tour de mon PC faisait un très gros bruit, alors qu’il ne fait jamais ça. Est-ce normal, dû au scan ?[spoiler:2d1t5xkp]############################## | UsbFix V 7.143 | [Suppression]

Utilisateur: Oxido (Administrateur) # FLORENT
Mis à jour le 05/10/2013 par El Desaparecido – Team SosVirus
Lancé à 17:02:28 | 05/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (M2N4-SLI)
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
RAM -> [Total : 2046 | Free : 604]
Bios: Phoenix Technologies, LTD
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 98 Go (14 Go libre(s) – 14%) [] # NTFS
D: -> Disque fixe # 135 Go (79 Go libre(s) – 58%) [Data] # NTFS
E: -> CD-ROM
F: -> CD-ROM
I: -> Disque amovible # 8 Go (8 Go libre(s) – 100%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [WinampAgent] – “C:Program Files (x86)Winampwinampa.exe”
HKLMSOFTWARE | Run : [AdobeCS4ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [WinampAgent] – “C:Program Files (x86)Winampwinampa.exe”
HKLMSOFTWAREwow6432Node | Run : [AdobeCS4ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-3484056935-2339844932-1707882040-1000SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-3484056935-2339844932-1707882040-1000SOFTWARE | Run : [EA Core] – “C:Program Files (x86)Electronic ArtsEADMCore.exe” -silent
HKUS-1-5-21-3484056935-2339844932-1707882040-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
HKUS-1-5-21-3484056935-2339844932-1707882040-1000SOFTWARE | Run : [A7KGEquN] – wscript.exe //B “C:UsersOxidoAppDataLocalTempA7KGEquN.vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID 752 |ParentID 508)
Stoppé! C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID 776 |ParentID 508)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID 1208 |ParentID 752)
Stoppé! C:Windowssystem32nvvsvc.exe (ID 1216 |ParentID 752)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1308 |ParentID 508)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 1400 |ParentID 508)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1592 |ParentID 508)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 1628 |ParentID 508)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1656 |ParentID 508)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 1732 |ParentID 508)
Stoppé! C:Windowssystem32taskhost.exe (ID 1072 |ParentID 508)
Stoppé! C:WindowsSOUNDMAN.EXE (ID 2532 |ParentID 1488)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 2752 |ParentID 2564)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 2784 |ParentID 2564)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID 2884 |ParentID 1208)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 2564 |ParentID 1628)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 2852 |ParentID 508)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3528 |ParentID 508)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 3060 |ParentID 1184)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 2080 |ParentID 508)
Stoppé! C:WindowsSystem32wscript.exe (ID 5056 |ParentID 5108)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 5080 |ParentID 968)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 1668 |ParentID 3060)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 1484 |ParentID 1668)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 4540 |ParentID 1484)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID 4720 |ParentID 508)
Stoppé! C:Windowssystem32taskhost.exe (ID 4364 |ParentID 508)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 4424 |ParentID 2852)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 1996 |ParentID 2852)

################## | Éléments infectieux |

Supprimé! I:A7KGEquN.vbs
Supprimé! C:UsersOxidoAppDataLocalTempA7KGEquN.vbs
Supprimé! C:UsersOxidoAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupA7KGEquN.vbs
Supprimé! I:Mountain Tree House.lnk
Supprimé! C:UsersOxidoAppDataLocalTempWindowsInstaller-KB893803-v2-x86.exe
Supprimé! D:desktop.ini

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|A7KGEquN
Supprimé! HKCU….ExplorerMountPoints2{96a46bb3-7bbd-11e1-bcdd-0018f37e1288}
Supprimé! HKCU….ExplorerMountPoints2{d14c9c42-012f-11e1-8343-0018f37e1288}

################## | Listing |

[19/11/2010 – 19:00:54 | SHD ] C:$Recycle.Bin
[08/02/2011 – 21:27:40 | D ] C:9e582d37dc6d44d729fe7d9ab55e7e
[04/10/2013 – 20:33:54 | SHD ] C:Config.Msi
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1028.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1031.txt
[07/11/2007 – 08:00:40 | N | 10134] C:eula.1033.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1036.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1040.txt
[07/11/2007 – 08:00:40 | N | 118] C:eula.1041.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1042.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.2052.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.3082.txt
[07/11/2007 – 08:00:40 | N | 1110] C:globdata.ini
[05/10/2013 – 09:39:13 | ASH | 1609424896] C:hiberfil.sys
[07/11/2007 – 08:03:18 | N | 562688] C:install.exe
[07/11/2007 – 08:00:40 | N | 843] C:install.ini
[07/11/2007 – 08:03:18 | N | 76304] C:install.res.1028.dll
[07/11/2007 – 08:03:18 | N | 96272] C:install.res.1031.dll
[07/11/2007 – 08:03:18 | N | 91152] C:install.res.1033.dll
[07/11/2007 – 08:03:18 | N | 97296] C:install.res.1036.dll
[07/11/2007 – 08:03:18 | N | 95248] C:install.res.1040.dll
[07/11/2007 – 08:03:18 | N | 81424] C:install.res.1041.dll
[07/11/2007 – 08:03:18 | N | 79888] C:install.res.1042.dll
[07/11/2007 – 08:03:18 | N | 75792] C:install.res.2052.dll
[07/11/2007 – 08:03:18 | N | 96272] C:install.res.3082.dll
[24/06/2013 – 19:09:55 | RHD ] C:MSOCache
[01/07/2011 – 20:00:57 | D ] C:NVIDIA
[05/10/2013 – 09:39:16 | ASH | 2145902592] C:pagefile.sys
[04/10/2013 – 20:31:59 | D ] C:Program Files
[05/10/2013 – 09:53:14 | D ] C:Program Files (x86)
[04/10/2013 – 20:31:49 | HD ] C:ProgramData
[31/07/2010 – 17:47:53 | SHD ] C:Recovery
[27/09/2013 – 22:03:05 | SHD ] C:System Volume Information
[11/12/2011 – 11:23:00 | D ] C:Uninstall
[05/10/2013 – 17:10:29 | D ] C:UsbFix
[05/10/2013 – 17:10:54 | A | 9089] C:UsbFix [Clean 2] FLORENT.txt
[05/10/2013 – 16:06:53 | N | 7853] C:UsbFix [Scan 1] FLORENT.txt
[05/10/2013 – 16:27:58 | N | 8173] C:UsbFix [Scan 2] FLORENT.txt
[21/02/2012 – 18:52:06 | RD ] C:Users
[07/11/2007 – 08:00:40 | N | 5686] C:vcredist.bmp
[07/11/2007 – 08:09:22 | N | 1442522] C:VC_RED.cab
[07/11/2007 – 08:12:28 | N | 232960] C:VC_RED.MSI
[03/07/2013 – 21:43:14 | D ] C:Windows
[31/07/2010 – 17:48:09 | SHD ] D:$RECYCLE.BIN
[05/10/2013 – 17:01:33 | D ] D:Mes Documents
[28/09/2013 – 14:31:52 | SHD ] D:System Volume Information
[28/09/2013 – 20:04:58 | N | 59617] I:Mountain Tree House.docx

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2d1t5xkp]