Répondre à : Problème de raccourcis dans clef USB 2016-09-08T13:13:12+00:00
Renaud2
Post count: 0

Sympa! Merci :)

Voici le récap:

############################## | UsbFix V 7.147 | [Suppression]

Utilisateur: Stéphanie (Administrateur) # STÉPHANIE-PC
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 18:28:35 | 01/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0667CC)
CPU: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
RAM -> [Total : 1974 | Free : 504]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (8 Go libre(s) – 5%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 980 Mo (159 Mo libre(s) – 16%) [CLEF GRISE] # FAT32
F: -> Disque amovible # 982 Mo (159 Mo libre(s) – 16%) [CLEF BLEUE] # FAT

################## | Référence de comparaison MD5 |

Md5 : DENIED -> C:UsersSTPHAN~1AppDataLocalTempmhH5Vwcp.vbs
Md5 : 38139914a81ebec818ed8428888f5a38 -> E:mhH5Vwcp.vbs
Md5 : 38139914a81ebec818ed8428888f5a38 -> F:mhH5Vwcp.vbs

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 868 |ParentID: 540)
Stoppé! C:Program FilesIDTWDMSTacSV.exe (ID: 1104 |ParentID: 540)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1584 |ParentID: 540)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1724 |ParentID: 540)
Stoppé! C:Program FilesIDTWDMaestsrv.exe (ID: 1748 |ParentID: 540)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1776 |ParentID: 540)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1800 |ParentID: 540)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 1832 |ParentID: 540)
Stoppé! C:Windowssystem32taskhost.exe (ID: 572 |ParentID: 540)
Stoppé! C:WindowsExplorer.EXE (ID: 2116 |ParentID: 428)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2156 |ParentID: 540)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 2424 |ParentID: 2116)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2748 |ParentID: 1020)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2812 |ParentID: 2156)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3076 |ParentID: 2116)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 3092 |ParentID: 2116)
Stoppé! C:Program FilesDellTPadApoint.exe (ID: 3108 |ParentID: 2116)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3164 |ParentID: 2116)
Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 3196 |ParentID: 2116)
Stoppé! C:Program FilesDellTPadApMsgFwd.exe (ID: 3208 |ParentID: 3108)
Stoppé! C:Program FilesDellTPadHidFind.exe (ID: 3328 |ParentID: 3108)
Stoppé! C:Program FilesDellTPadApntex.exe (ID: 3340 |ParentID: 3296)
Stoppé! C:Windowssystem32conhost.exe (ID: 3412 |ParentID: 492)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID: 3580 |ParentID: 2116)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3596 |ParentID: 2116)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3616 |ParentID: 540)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3664 |ParentID: 2116)
Stoppé! C:UsersStéphanieAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 3772 |ParentID: 2116)
Stoppé! C:UsersStéphanieAppDataLocalMicrosoftSkyDriveSkyDrive.exe (ID: 3796 |ParentID: 2116)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3832 |ParentID: 2116)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID: 3880 |ParentID: 540)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2584 |ParentID: 540)
Stoppé! C:Windowssystem32DllHost.exe (ID: 4448 |ParentID: 680)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 656 |ParentID: 680)
Stoppé! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 4960 |ParentID: 540)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2544 |ParentID: 1020)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5488 |ParentID: 2116)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4648 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5624 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6084 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5936 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5116 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3492 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4464 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2132 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4360 |ParentID: 5488)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 976 |ParentID: 5488)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5844 |ParentID: 1080)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2000 |ParentID: 5488)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 3548 |ParentID: 360)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1380 |ParentID: 680)

################## | Regedit Run |

HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
HKLMSOFTWARE | Run : [Apoint] – C:Program FilesDellTPadApoint.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [MSC] – “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [mhH5Vwcp] – wscript.exe //B “C:UsersSTPHAN~1AppDataLocalTempmhH5Vwcp.vbs”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2522388213-15676648-4119400170-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsersStéphanieAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
HKUS-1-5-21-2522388213-15676648-4119400170-1000SOFTWARE | Run : [mhH5Vwcp] – wscript.exe //B “C:UsersSTPHAN~1AppDataLocalTempmhH5Vwcp.vbs”
HKUS-1-5-21-2522388213-15676648-4119400170-1000SOFTWARE | Run : [SkyDrive] – “C:UsersStéphanieAppDataLocalMicrosoftSkyDriveSkyDrive.exe” /background
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! E:mhH5Vwcp.vbs
Supprimé! F:mhH5Vwcp.vbs
Supprimé! C:UsersSTPHAN~1AppDataLocalTempmhH5Vwcp.vbs
Supprimé! C:UsersStéphanieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmhH5Vwcp.vbs
Supprimé! E:Clé pour C&J.lnk
Supprimé! E:Camille & Jonathan Diaporama.lnk
Supprimé! F:Clé pour C&J.lnk
Supprimé! F:Camille & Jonathan Diaporama.lnk

(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKUS-1-5-21-2522388213-15676648-4119400170-1000SoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp

################## | Listing |

[05/05/2012 – 10:55:19 | SHD ] C:$Recycle.Bin
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[04/08/2012 – 11:51:46 | D ] C:dell
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[04/05/2012 – 09:08:46 | D ] C:Drivers
[29/06/2013 – 14:20:57 | N | 0] C:END
[01/11/2013 – 10:33:27 | ASH | 1552281600] C:hiberfil.sys
[04/05/2012 – 18:53:03 | D ] C:Hotfix
[04/05/2012 – 09:45:29 | D ] C:Intel
[04/05/2012 – 10:26:27 | RHD ] C:MSOCache
[01/11/2013 – 10:33:31 | ASH | 2069712896] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[15/10/2013 – 08:34:37 | D ] C:Program Files
[24/10/2013 – 22:44:30 | HD ] C:ProgramData
[04/05/2012 – 09:00:13 | SHD ] C:Recovery
[14/10/2013 – 11:40:36 | D ] C:SkyDriveTemp
[29/10/2013 – 23:44:40 | SHD ] C:System Volume Information
[01/11/2013 – 18:31:28 | D ] C:UsbFix
[01/11/2013 – 18:32:23 | A | 9514] C:UsbFix [Clean 2] STÉPHANIE-PC.txt
[01/11/2013 – 11:35:49 | N | 10707] C:UsbFix [Scan 1] STÉPHANIE-PC.txt
[04/05/2012 – 09:00:19 | D ] C:Users
[01/11/2013 – 10:36:42 | D ] C:Windows
[01/11/2013 – 11:12:12 | D ] E:Clé pour C&J
[06/10/2013 – 22:11:06 | N | 191245821] E:Camille & Jonathan Diaporama.mp4
[01/11/2013 – 11:12:12 | D ] F:Clé pour C&J
[06/10/2013 – 22:11:06 | N | 191245821] F:Camille & Jonathan Diaporama.mp4

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |