Répondre à : Encore un virus qui transforme tout en raccourci sur la clé usb 2016-09-08T13:13:11+00:00
Photo du profil de jillesjilles
Participant
Post count: 17

Je suis vos instructions, et je suis épaté par la vitesse à laquelle vous répondez!
Voilà:

############################## | UsbFix V 7.147 | [Suppression]

Utilisateur: Lou (Administrateur) # LOU-PC
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 11:51:39 | 01/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: PEGATRON CORPORATION (EVANS)
CPU: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
RAM -> [Total : 4095 | Free : 2167]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Safari : 534.57.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 582 Go (286 Go libre(s) – 49%) [HP] # NTFS
D: -> Disque fixe # 14 Go (2 Go libre(s) – 18%) [FACTORY_IMAGE] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 2 Go (2 Go libre(s) – 90%) [EILERSEN] # FAT

################## | Référence de comparaison MD5 |

Md5 : 3278a76dec52931adccff421edbb9aeb -> C:UsersLouAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : DENIED -> C:UsersLouAppDataLocalTempiTunesHelper.vbe
Md5 : b5e7bfbbac3b4e9db51960169132e9fd -> C:UsersLouAppDataLocalTempTKNktUez.vbs
Md5 : 3278a76dec52931adccff421edbb9aeb -> G:iTunesHelper.vbe
Md5 : 3278a76dec52931adccff421edbb9aeb -> C:UsersLouAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : DENIED -> C:UsersLouAppDataLocalTempiTunesHelper.vbe
Md5 : b5e7bfbbac3b4e9db51960169132e9fd -> C:UsersLouAppDataLocalTempTKNktUez.vbs
Md5 : 3278a76dec52931adccff421edbb9aeb -> G:iTunesHelper.vbe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID: 848 |ParentID: 580)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1188 |ParentID: 580)
Stoppé! C:Windowssystem32nvvsvc.exe (ID: 1216 |ParentID: 848)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1400 |ParentID: 580)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1488 |ParentID: 580)
Stoppé! C:WindowsExplorer.EXE (ID: 1548 |ParentID: 1480)
Stoppé! C:Windowssystem32taskeng.exe (ID: 1564 |ParentID: 452)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1760 |ParentID: 580)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1876 |ParentID: 580)
Stoppé! C:Program FilesOrangemes contenus – mon disquemounter.exe (ID: 1904 |ParentID: 580)
Stoppé! c:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1840 |ParentID: 580)
Stoppé! C:Program Files (x86)TeamViewerVersion5TeamViewer_Service.exe (ID: 2176 |ParentID: 580)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2208 |ParentID: 580)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2344 |ParentID: 2208)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2964 |ParentID: 452)
Stoppé! c:Program Files (x86)Hewlett-PackardMediaDVDDVDAgent.exe (ID: 3012 |ParentID: 2964)
Stoppé! c:Program Files (x86)Hewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe (ID: 3020 |ParentID: 2964)
Stoppé! C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe (ID: 2240 |ParentID: 1548)
Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID: 2500 |ParentID: 1548)
Stoppé! C:UsersLouAppDataLocalAkamainetsession_win.exe (ID: 3568 |ParentID: 1548)
Stoppé! C:UsersLouAppDataLocalAkamainetsession_win.exe (ID: 3620 |ParentID: 3568)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3628 |ParentID: 580)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3676 |ParentID: 1548)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe (ID: 3808 |ParentID: 3684)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Remote SolutionHP_Remote_Solution.exe (ID: 3848 |ParentID: 3684)
Stoppé! C:Program Files (x86)hpHP Software Updatehpwuschd2.exe (ID: 3860 |ParentID: 3684)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3940 |ParentID: 112)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3980 |ParentID: 580)
Stoppé! C:Program Files (x86)IntelIntelAppStorebinserviceManager.exe (ID: 4044 |ParentID: 3684)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2828 |ParentID: 3684)
Stoppé! C:Program Files (x86)SweetIMMessengerSweetIM.exe (ID: 3424 |ParentID: 3684)
Stoppé! C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (ID: 3460 |ParentID: 3684)
Stoppé! C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe (ID: 3320 |ParentID: 3684)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3248 |ParentID: 3684)
Stoppé! C:Program Files (x86)AdobeReader 9.0Readerreader_sl.exe (ID: 3196 |ParentID: 3684)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID: 196 |ParentID: 3684)
Stoppé! C:Program Files (x86)iTunesiTunesHelper.exe (ID: 3232 |ParentID: 3684)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID: 3888 |ParentID: 580)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 4460 |ParentID: 580)
Stoppé! C:Windowssystem32DllHost.exe (ID: 4344 |ParentID: 768)
Stoppé! C:Windowssystem32sppsvc.exe (ID: 3108 |ParentID: 580)
Stoppé! C:Windowssystem32taskeng.exe (ID: 4884 |ParentID: 452)
Stoppé! C:WindowsSysWOW64ctfmon.exe (ID: 3048 |ParentID: 2828)

################## | Regedit Run |

HKLMSOFTWARE | Run : [hpsysdrv] – c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe
HKLMSOFTWARE | Run : [HP Remote Solution] – %ProgramFiles%Hewlett-PackardHP Remote SolutionHP_Remote_Solution.exe
HKLMSOFTWARE | Run : [HP Software Update] – c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWARE | Run : [UpdatePRCShortCut] – “C:Program Files (x86)Hewlett-PackardRecoveryMUITransferMUIStartMenu.exe” “C:Program Files (x86)Hewlett-PackardRecovery” UpdateWithCreateOnce “SoftwareCyberLinkPowerRecover”
HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinserviceManager.lnk”
HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWARE | Run : [SweetIM] – C:Program Files (x86)SweetIMMessengerSweetIM.exe
HKLMSOFTWARE | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
HKLMSOFTWARE | Run : [DivXMediaServer] – C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [hpsysdrv] – c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe
HKLMSOFTWAREwow6432Node | Run : [HP Remote Solution] – %ProgramFiles%Hewlett-PackardHP Remote SolutionHP_Remote_Solution.exe
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWAREwow6432Node | Run : [UpdatePRCShortCut] – “C:Program Files (x86)Hewlett-PackardRecoveryMUITransferMUIStartMenu.exe” “C:Program Files (x86)Hewlett-PackardRecovery” UpdateWithCreateOnce “SoftwareCyberLinkPowerRecover”
HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinserviceManager.lnk”
HKLMSOFTWAREwow6432Node | Run : [AppleSyncNotifier] – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [SweetIM] – C:Program Files (x86)SweetIMMessengerSweetIM.exe
HKLMSOFTWAREwow6432Node | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
HKLMSOFTWAREwow6432Node | Run : [DivXMediaServer] – C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
HKLMSOFTWAREwow6432Node | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [HPADVISOR] – C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe view=DOCKVIEW
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [Orange mes contenus] – “C:Program FilesOrangeOrange mes contenusOrangeSC.exe” /delayed
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [Bubble Dock] – “C:UsersLouAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [jesvkh] – “c:userslouappdatalocaljesvkh.exe” jesvkh
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersLouAppDataLocalAkamainetsession_win.exe”
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [MobileDocuments] – C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [JustVoip] – “C:Program Files (x86)JustVoip.comJustVoipJustVoip.exe” -nosplash -minimized
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [ALLUpdate] – “C:Program Files (x86)OpenSubtitlesPlayerALLUpdate.exe” “sleep”
HKUS-1-5-21-1863284315-1435146077-2789527976-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersLouAppDataLocalTempiTunesHelper.vbe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Recherche générique |

Supprimé! G:iTunesHelper.vbe
Supprimé! C:UsersLouAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersLouAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! G:desbureaux II.lnk
Supprimé! C:UsersLouAppDataLocalTempTKNktUez.vbs
Supprimé! C:UsersLouAppDataLocalTempGenial_O1.hta

(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-1863284315-1435146077-2789527976-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-1863284315-1435146077-2789527976-1000Software….Mountpoints2{0407f37b-fcb8-11df-9155-90e6ba879e80}

################## | Listing |

[22/09/2013 – 14:44:23 | SHD ] C:$Recycle.Bin
[17/06/2012 – 15:19:35 | D ] C:1111
[26/10/2013 – 18:21:45 | D ] C:Adobe Dreamweaver CS6
[30/10/2013 – 18:10:13 | D ] C:Alice
[17/09/2011 – 10:12:45 | D ] C:CanoScan
[01/11/2013 – 01:14:54 | D ] C:Claire
[01/11/2013 – 11:46:22 | SHD ] C:Config.Msi
[02/10/2013 – 19:00:03 | D ] C:Disque amovible
[15/09/2013 – 21:04:31 | D ] C:Disque amovible 0
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[02/01/2013 – 21:23:45 | N | 9] C:END
[13/10/2010 – 22:42:54 | D ] C:EPSON
[07/07/2012 – 13:06:20 | D ] C:Fabrice
[25/08/2010 – 14:45:01 | N | 1125] C:FINIS_IT.TXT
[24/09/2010 – 10:20:19 | D ] C:found.000
[26/10/2013 – 18:22:23 | D ] C:GerdooTemp
[01/11/2013 – 11:46:23 | ASH | 3220627456] C:hiberfil.sys
[25/08/2010 – 14:44:59 | D ] C:hp
[22/01/2010 – 12:38:24 | D ] C:ijji
[13/12/2012 – 23:34:33 | D ] C:Mahdi
[01/12/2006 – 23:37:14 | N | 904704] C:msdia80.dll
[01/11/2013 – 11:46:28 | ASH | 4294172672] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[01/01/2012 – 20:20:13 | D ] C:pour steph et cath
[22/09/2013 – 14:42:20 | D ] C:Program Files
[31/10/2013 – 22:55:01 | D ] C:Program Files (x86)
[31/10/2013 – 22:54:36 | HD ] C:ProgramData
[12/06/2013 – 23:11:12 | D ] C:Sauvegarde
[20/03/2013 – 10:56:36 | D ] C:swsetup
[31/10/2013 – 22:38:27 | SHD ] C:System Volume Information
[19/12/2010 – 19:13:42 | D ] C:SYSTEM.SAV
[26/08/2013 – 16:57:53 | D ] C:USA
[01/11/2013 – 12:00:36 | D ] C:UsbFix
[01/11/2013 – 11:43:44 | N | 1781] C:UsbFix [Clean 1] LOU-PC.txt
[01/11/2013 – 12:02:17 | A | 15175] C:UsbFix [Clean 2] LOU-PC.txt
[01/11/2013 – 02:03:13 | N | 17003] C:UsbFix [Scan 1] LOU-PC.txt
[25/02/2010 – 17:19:39 | RD ] C:Users
[31/10/2013 – 22:19:37 | D ] C:Windows
[22/09/2013 – 14:44:23 | SHD ] D:$RECYCLE.BIN
[09/01/2010 – 18:32:54 | SHD ] D:boot
[13/07/2009 – 18:39:00 | ASH | 383562] D:bootmgr
[09/01/2010 – 18:32:52 | N | 0] D:BT_HP.FLG
[27/10/2009 – 14:49:06 | N | 484] D:CSP.DAT
[27/10/2009 – 15:07:28 | N | 15333] D:DeployRp.log
[09/01/2010 – 18:32:54 | D ] D:hp
[09/01/2010 – 18:32:52 | N | 22] D:language.ini
[09/01/2010 – 18:32:54 | SHD ] D:preload
[09/01/2010 – 18:32:54 | SD ] D:Recovery
[27/10/2009 – 15:07:27 | N | 0] D:RPCONFIG.LOG
[22/06/2010 – 16:46:03 | SHD ] D:System Volume Information
[01/11/2013 – 01:10:36 | N | 137631150] G:desbureaux II.flv

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |