Répondre à : transformation des fichiers en raccourci 2016-09-08T13:11:14+00:00
taddeo
Participant
Nombre d'articles : 2

voici le rapport après suppression sachant que tout est redevenu normal sur la clé usb et l’ordi tourne beaucoup mieux
merci

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: christine hamann (Administrateur) # HAMANN-064A4922
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 20:45:33 | 24/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: (4CoreDual-SATA2)
CPU: Intel(R) Celeron(R) CPU 2.66GHz
RAM -> [Total : 3071 | Free : 2463]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 75 Go (41 Go libre(s) – 55%) [] # NTFS
D: -> Disque amovible # 489 Mo (267 Mo libre(s) – 55%) [TRAVELDRIVE] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Microsoft Security Essentials] – C:Documents and Settingschristine hamannApplication DataMsEss.exe
HKLMSOFTWARE | Run : [CTHelper] – CTHELPER.EXE
HKLMSOFTWARE | Run : [4StoryPrePatch] – C:Program FilesGameforge4D4Story_FRPrePatch.exe
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesFichiers communsJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [tmxnftcqgr] – wscript.exe //B “C:DOCUME~1CHRIST~1LOCALS~1Temptmxnftcqgr..vbs”
HKLMSOFTWARE | Run : [Aeria Ignite] – “C:Program FilesAeria GamesIgniteaeriaignite.exe” silent
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-21-746137067-436374069-682003330-1004SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
HKUS-1-5-21-746137067-436374069-682003330-1004SOFTWARE | Run : [MSMSGS] – “C:Program FilesMessengermsmsgs.exe” /background
HKUS-1-5-21-746137067-436374069-682003330-1004SOFTWARE | Run : [EPSON Stylus DX8400 Series] – C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICEE.EXE /FU “C:WINDOWSTEMPE_SBC.tmp” /EF “HKCU”
HKUS-1-5-21-746137067-436374069-682003330-1004SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-746137067-436374069-682003330-1004SOFTWARE | Run : [Akamai NetSession Interface] – “C:Documents and Settingschristine hamannLocal SettingsApplication DataAkamainetsession_win.exe”
HKUS-1-5-21-746137067-436374069-682003330-1004SOFTWARE | Run : [tmxnftcqgr] – wscript.exe //B “C:DOCUME~1CHRIST~1LOCALS~1Temptmxnftcqgr..vbs”
HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Processus Stoppés |

Stoppé! C:WINDOWSsystem32spoolsv.exe (ID 1404 |ParentID 684)
Stoppé! C:Program FilesCreativeShared FilesCTAudSvc.exe (ID 1456 |ParentID 684)
Stoppé! C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1552 |ParentID 684)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 1568 |ParentID 684)
Stoppé! C:Program FilesJavajre7binjqs.exe (ID 1700 |ParentID 684)
Stoppé! C:WINDOWSExplorer.EXE (ID 860 |ParentID 1140)
Stoppé! C:WINDOWSsystem32wscntfy.exe (ID 1484 |ParentID 1020)
Stoppé! C:WINDOWSsystem32CTHELPER.EXE (ID 1632 |ParentID 860)
Stoppé! C:Program FilesFichiers communsJavaJava Updatejusched.exe (ID 1692 |ParentID 860)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID 1988 |ParentID 860)
Stoppé! C:WINDOWSsystem32ctfmon.exe (ID 128 |ParentID 860)
Stoppé! C:WINDOWSSystem32spoolDRIVERSW32X863E_FATICEE.EXE (ID 248 |ParentID 860)
Stoppé! C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID 272 |ParentID 860)
Stoppé! C:Documents and Settingschristine hamannLocal SettingsApplication DataAkamainetsession_win.exe (ID 280 |ParentID 860)
Stoppé! C:WINDOWSsystem32wscript.exe (ID 292 |ParentID 860)
Stoppé! C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe (ID 1220 |ParentID 860)
Stoppé! C:Documents and Settingschristine hamannLocal SettingsApplication DataAkamainetsession_win.exe (ID 604 |ParentID 280)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 2028 |ParentID 684)
Stoppé! C:Program FilesFichiers communsJavaJava Updatejucheck.exe (ID 2620 |ParentID 1692)
Stoppé! C:WINDOWSsystem32NOTEPAD.EXE (ID 2676 |ParentID 872)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 2608 |ParentID 860)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 2804 |ParentID 2608)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 3508 |ParentID 2608)

################## | Éléments infectieux |

Supprimé! D:tmxnftcqgr..vbs
Supprimé! C:DOCUME~1CHRIST~1LOCALS~1Temptmxnftcqgr..vbs
Supprimé! C:Documents and Settingschristine hamannMenu DémarrerProgrammesDémarragetmxnftcqgr..vbs
Supprimé! C:Documents and Settingschristine hamannApplication DataMsEss.exe
Supprimé! D:autorun.lnk
Supprimé! D:BS detail rubriques fondation 2010 AGREGATION 4.lnk
Supprimé! D:BS fondation 2010 3.lnk
Supprimé! D:2012-02-27 AVAD Budget Recalculé Salaries_BP2012_SsiadCcu_V01.lnk
Supprimé! D:BOOTEX.lnk
Supprimé! D:les deux famille3.lnk
Supprimé! D:liste HAMANN Christine Fiche de Poste – 2011-09-29.lnk
Supprimé! D:chat papa.lnk
Supprimé! D:REUNION DES DIRECTEURS.lnk
Supprimé! D:pLAN.lnk
Supprimé! D:FOUND.000.lnk
Supprimé! D:recours.lnk
Supprimé! D:LATZER.lnk
Supprimé! D:BILAN SOCIAL.lnk
Supprimé! D:PHOTOS SIEGE.lnk
Supprimé! D:RECYCLER.lnk
Supprimé! D:2010-201 Fougères autocontrol jour.lnk
Supprimé! D:2010-2011 Fougères autocontrol nuit.lnk
Supprimé! D:mdr sAINTE fAMILLE.lnk
Supprimé! D:factures 2009.lnk
Supprimé! D:JASON.lnk
Supprimé! D:MULLER.lnk
Supprimé! D:FEHAP GROUPE RRH.lnk
Supprimé! D:essai power point.lnk
Supprimé! D:2010.lnk
Supprimé! D:Nouveau dossier (2).lnk
Supprimé! D:Christine.lnk
Supprimé! D:christinre.lnk
Supprimé! D:COMITE D ETABLT.lnk
Supprimé! D:rapport CH.lnk
Supprimé! D:RECYCLERautorun.exe
Supprimé! D:autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnet3.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnet3[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnet3[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx30SP1setup.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx30SP1setup[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx30SP1setup[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx35.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx35setup.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx35setup[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx35setup[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx35[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx35[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3setup.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3setup[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3setup[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3_ia64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3_ia64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3_ia64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3_x64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3_x64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx3_x64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdotnetfx[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_ia64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_ia64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_ia64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_x64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_x64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_x64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_x86.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_x86[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP1_x86[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_ia64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_ia64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_ia64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_x64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_x64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_x64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_x86.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_x86[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx20SP2_x86[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx30SP1_x64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx30SP1_x64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx30SP1_x64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx30SP1_x86.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx30SP1_x86[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx30SP1_x86[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_ia64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_ia64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_ia64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_x64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_x64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_x64[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_x86.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_x86[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx35_x86[2].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx64.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx64[1].exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNetFx64[2].exe
Supprimé! HKUS-1-5-21-746137067-436374069-682003330-1004SoftwareMicrosoftWindowsCurrentVersionRun|tmxnftcqgr
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|tmxnftcqgr
Supprimé! HKCU….ExplorerMountPoints2{3c3c1862-260c-11e3-aa17-0019663ebb38}
Supprimé! HKCU….ExplorerMountPoints2{43513fa4-d6aa-11e2-a939-0019663ebb38}
Supprimé! HKCU….ExplorerMountPoints2{c97bd778-2c56-11e3-aa3c-0019663ebb38}
Supprimé! HKCU….ExplorerMountPoints2{f1252231-d695-11e2-91b9-806d6172696f}
Supprimé! HKCU….ExplorerMountPoints2{f9509d6e-0c13-11e3-a9aa-0019663ebb38}

################## | Listing |

[17/10/2013 – 11:55:33 | D ] C:AeriaGames
[21/09/2013 – 21:20:51 | D ] C:AHCache
[16/06/2013 – 17:04:44 | N | 0] C:AUTOEXEC.BAT
[16/06/2013 – 16:44:47 | N | 216] C:boot.ini
[02/03/2006 – 14:00:00 | N | 4952] C:Bootfont.bin
[16/06/2013 – 17:04:44 | N | 0] C:CONFIG.SYS
[16/06/2013 – 20:47:42 | D ] C:Documents and Settings
[24/10/2013 – 18:55:10 | ASH | 3220492288] C:hiberfil.sys
[16/06/2013 – 17:04:44 | N | 0] C:IO.SYS
[16/06/2013 – 17:04:44 | N | 0] C:MSDOS.SYS
[16/06/2013 – 20:15:08 | RHD ] C:MSOCache
[02/03/2006 – 14:00:00 | N | 47564] C:NTDETECT.COM
[02/03/2006 – 14:00:00 | N | 251712] C:ntldr
[24/10/2013 – 18:55:09 | ASH | 2145386496] C:pagefile.sys
[23/10/2013 – 10:42:03 | D ] C:Program Files
[17/10/2013 – 12:09:51 | D ] C:ProgramData
[04/07/2013 – 14:32:07 | SHD ] C:RECYCLER
[16/06/2013 – 17:08:30 | SHD ] C:System Volume Information
[24/10/2013 – 20:49:00 | D ] C:UsbFix
[24/10/2013 – 20:57:48 | A | 15280] C:UsbFix [Clean 1] HAMANN-064A4922.txt
[24/10/2013 – 19:33:17 | N | 5558] C:UsbFix [Scan 1] HAMANN-064A4922.txt
[24/10/2013 – 19:50:51 | N | 16228] C:UsbFix [Scan 2] HAMANN-064A4922.txt
[24/10/2013 – 11:00:11 | D ] C:WINDOWS
[11/02/2011 – 10:21:58 | D ] D:REUNION DES DIRECTEURS
[11/02/2011 – 09:56:40 | D ] D:pLAN
[22/07/2010 – 08:06:36 | D ] D:FOUND.000
[22/07/2010 – 18:17:32 | D ] D:recours
[23/07/2010 – 18:21:50 | D ] D:LATZER
[11/02/2011 – 09:54:34 | D ] D:BILAN SOCIAL
[21/09/2010 – 14:10:30 | D ] D:PHOTOS SIEGE
[08/12/2012 – 17:37:48 | SHD ] D:RECYCLER
[25/02/2011 – 12:07:06 | D ] D:2010-201 Fougères autocontrol jour
[25/02/2011 – 12:08:02 | D ] D:2010-2011 Fougères autocontrol nuit
[11/02/2011 – 09:55:34 | D ] D:mdr sAINTE fAMILLE
[04/04/2010 – 14:15:54 | D ] D:factures 2009
[23/09/2011 – 11:25:18 | D ] D:FEHAP GROUPE RRH
[07/10/2011 – 09:17:20 | N | 973312] D:BS detail rubriques fondation 2010 AGREGATION 4.xls
[08/02/2012 – 14:15:42 | N | 1760768] D:BS fondation 2010 3.xls
[14/03/2012 – 15:43:50 | N | 1774080] D:2012-02-27 AVAD Budget Recalculé Salaries_BP2012_SsiadCcu_V01.xls
[08/12/2012 – 17:45:36 | D ] D:essai power point
[09/12/2012 – 11:46:38 | N | 1622] D:BOOTEX.LOG
[21/12/2012 – 19:19:06 | D ] D:Nouveau dossier (2)
[09/12/2012 – 19:03:42 | D ] D:JASON
[21/12/2012 – 19:21:16 | N | 568320] D:les deux famille3.MSWMM
[08/01/2013 – 09:46:36 | D ] D:Christine
[07/01/2013 – 20:50:48 | D ] D:christinre
[07/01/2013 – 21:58:32 | N | 214932] D:liste HAMANN Christine Fiche de Poste – 2011-09-29.rtf
[15/04/2013 – 13:23:14 | N | 287516] D:chat papa.docx
[17/06/2010 – 15:08:26 | D ] D:COMITE D ETABLT
[20/06/2010 – 15:35:14 | D ] D:rapport CH
[18/07/2010 – 12:39:42 | D ] D:MULLER
[18/07/2010 – 14:06:50 | D ] D:2010

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |