Répondre à : Virus créant des raccourcis sur ma clé usb 2016-09-08T13:12:06+00:00
spirson
Participant
Nombre d'articles : 24

Zut j’ai mal fait ma manoeuvre excuse moi ^^’ Voilà ça devrait être ça !

Spoiler for 3hmhcyw6

############################## | UsbFix V 7.146 | [Suppression]

Utilisateur: Sylvie Eee PC (Administrateur) # SYLVIEEEEPC-PC
Mis à jour le 28/10/2013 par El Desaparecido – Team SosVirus
Lancé à 20:23:30 | 28/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (1215B)
CPU: AMD E-350 Processor
RAM -> [Total : 2668 | Free : 1328]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 466 Go (399 Go libre(s) – 86%) [] # NTFS
D: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID: 964 |ParentID: 648)
Stoppé! C:Windowssystem32atieclxx.exe (ID: 1400 |ParentID: 964)
Stoppé! C:Windowssystem32WLANExt.exe (ID: 1552 |ParentID: 1088)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1560 |ParentID: 648)
Stoppé! C:Windowssystem32conhost.exe (ID: 1576 |ParentID: 504)
Stoppé! C:ProgramDataeSafeeGdpSvc.exe (ID: 1684 |ParentID: 648)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1788 |ParentID: 648)
Stoppé! C:WindowsExplorer.EXE (ID: 1936 |ParentID: 1888)
Stoppé! C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 1144 |ParentID: 1936)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 1460 |ParentID: 1936)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID: 1624 |ParentID: 1936)
Stoppé! C:WindowsSystem32wscript.exe (ID: 1832 |ParentID: 1936)
Stoppé! C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 772 |ParentID: 1636)
Stoppé! C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 2696 |ParentID: 772)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3212 |ParentID: 648)
Stoppé! C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 3396 |ParentID: 648)
Stoppé! C:Windowssystem32AsusService.exe (ID: 3456 |ParentID: 648)
Stoppé! C:Program FilesMicrosoft Office 15ClientX86integratedoffice.exe (ID: 3492 |ParentID: 648)
Stoppé! C:Program FilesWhilokiiupdateWhilokii.exe (ID: 3948 |ParentID: 648)
Stoppé! C:Program FilesWhilokiibinutilWhilokii.exe (ID: 1232 |ParentID: 648)
Stoppé! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 3048 |ParentID: 648)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2080 |ParentID: 648)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5488 |ParentID: 648)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 4452 |ParentID: 1936)
Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 4864 |ParentID: 4452)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 428 |ParentID: 4864)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 3300 |ParentID: 428)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5576 |ParentID: 1088)

################## | Regedit Run |

HKLMSOFTWARE | Run : [mobilegeni daemon] – C:Program FilesMobogenieDaemonProcess.exe
HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
HKLMSOFTWARE | Run : [CapsHook] – AsusSender.exe C:Program FilesASUSCapsHookCapsHook.exe
HKLMSOFTWARE | Run : [HotkeyMon] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotKeyMon.exe
HKLMSOFTWARE | Run : [HotkeyService] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotkeyService.exe
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-3308946461-2212978058-1987145825-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-3308946461-2212978058-1987145825-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersSYLVIE~1AppDataLocalTempiTunesHelper.vbe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Référence de comparaison MD5 |

Md5 : aed4faf279abf7d7605e81707be3ce64 -> C:UsersSylvie Eee PCAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : aed4faf279abf7d7605e81707be3ce64 -> C:UsersSYLVIE~1AppDataLocalTempiTunesHelper.vbe
Md5 : aed4faf279abf7d7605e81707be3ce64 -> D:iTunesHelper.vbe

################## | Recherche générique |

Supprimé! D:iTunesHelper.vbe
Supprimé! C:UsersSYLVIE~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersSylvie Eee PCAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-3308946461-2212978058-1987145825-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-3308946461-2212978058-1987145825-1000Software….Mountpoints2{717be281-3427-11e3-8fc7-bad005bc2617}

################## | Listing |

[13/10/2013 – 18:00:19 | SHD ] C:$Recycle.Bin
[13/10/2013 – 18:15:34 | D ] C:32-bit
[13/10/2013 – 18:15:35 | D ] C:64-bit
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[14/10/2013 – 00:39:50 | SHD ] C:Boot
[20/11/2010 – 22:29:06 | RASH | 383786] C:bootmgr
[14/10/2013 – 00:39:52 | RASH | 8192] C:BOOTSECT.BAK
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[28/10/2013 – 18:28:15 | ASH | 2098507776] C:hiberfil.sys
[13/10/2013 – 18:15:37 | D ] C:ndis6xWin7
[28/10/2013 – 18:28:26 | ASH | 2798010368] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[23/10/2013 – 14:21:06 | D ] C:Program Files
[23/10/2013 – 14:21:06 | HD ] C:ProgramData
[13/10/2013 – 17:59:23 | SHD ] C:Recovery
[25/10/2013 – 20:10:42 | SHD ] C:System Volume Information
[28/10/2013 – 20:26:38 | D ] C:UsbFix
[28/10/2013 – 20:32:23 | A | 6965] C:UsbFix [Clean 1] SYLVIEEEEPC-PC.txt
[28/10/2013 – 20:02:34 | N | 7691] C:UsbFix [Scan 1] SYLVIEEEEPC-PC.txt
[13/10/2013 – 18:00:07 | RD ] C:Users
[23/10/2013 – 14:31:49 | D ] C:Windows
[13/10/2013 – 18:39:44 | D ] C:Wireless_NB047_V5_60_350_111
[13/10/2013 – 18:30:51 | D ] C:Wireless_NE785H_V8_0_0_316

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:3hmhcyw6]