Répondre à : password.vbs sur clé USB transforme fichiers en raccourcis 2016-09-08T13:16:10+00:00
Macha
Nombre d'articles : 0

Rebonjour, et merci.

J’ai réussi non sans mal à désactiver la protection en temps réel d’Avast mais ça n’a rien changé.

(PS : j’ai énormément de mal avec vos capchas qui sont pour moi illisibles, il faut que je m’y reprenne à plusieurs fois pour arriver à mettre un code correct).

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Macha (Administrateur) # PC-DE-MACHA
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 15:44:32 | 10/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (30D9)
CPU: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
RAM -> [Total : 1013 | Free : 154]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 22.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 104 Go (27 Go libre(s) – 26%) [] # NTFS
D: -> Disque fixe # 8 Go (3 Go libre(s) – 36%) [PRESARIO_RP] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 487 Mo (175 Mo libre(s) – 36%) [JADE MALET] # FAT

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1812 |ParentID: 668)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2452 |ParentID: 1772)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3764 |ParentID: 1100)
Stoppé! C:Windowssystem32taskeng.exe (ID: 4180 |ParentID: 1136)
Stoppé! C:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 5952 |ParentID: 668)
Stoppé! C:Windowssystem32taskeng.exe (ID: 844 |ParentID: 1136)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3408 |ParentID: 668)
Stoppé! C:WindowsExplorer.exe (ID: 2176 |ParentID: 1976)
Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 3736 |ParentID: 1976)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1268 |ParentID: 2176)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 904 |ParentID: 1268)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5780 |ParentID: 1268)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3820 |ParentID: 1268)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5420 |ParentID: 1268)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5992 |ParentID: 1136)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5812 |ParentID: 1136)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – %ProgramFiles%Hewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [WAWifiMessage] – %ProgramFiles%Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
04 – HKLMSOFTWARE | Run : [BrMfcWnd] – C:Program FilesBrotherBrmfcmonBrMfcWnd.exe /AUTORUN
04 – HKLMSOFTWARE | Run : [ControlCenter3] – C:Program FilesBrotherControlCenter3brctrcen.exe /autorun
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [Adobe Acrobat Speed Launcher] – “C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe”
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Acrobat Assistant 8.0] – “C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program filesrealrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-786026711-835040279-3860697504-1000SOFTWARE | Run : [Gestionnaire Antidote.exe] – C:Program FilesDruideAntidoteGestionnaire Antidote.exe
04 – HKUS-1-5-21-786026711-835040279-3860697504-1000SOFTWARE | Run : [Akamai NetSession Interface] – C:UsersMachaAppDataLocalAkamainetsession_win.exe
04 – HKUS-1-5-21-786026711-835040279-3860697504-1000SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”

################## | Recherche générique |

Non supprimé ! G:~WRL0001.lnk
Non supprimé ! G:~WRL0002.lnk
Non supprimé ! G:~WRL0003.lnk
Non supprimé ! G:travail.lnk
Non supprimé ! G:perso.lnk
Non supprimé ! G:Autorun.inf.lnk
Supprimé! C:UsersMachaAppDataLocalTempDrives.vbs
Non supprimé ! G:password.vbs

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:UsersMachaAppDataLocalTempDrives.vbs
Md5 : 6A3FF687E4605FF061CD0BE4ACD9CBA6 -> G:password.vbs

################## | Comparaison MD5 |

Non supprimé ! Md5 : 6A3FF687E4605FF061CD0BE4ACD9CBA6 -> G:password.vbs

################## | Registre |

################## | Listing |

[14/01/2008 – 12:53:30 | SHD ] C:$RECYCLE.BIN
[26/06/2010 – 07:07:40 | D ] C:acfb9e6332a69691a2802321d6
[01/11/2007 – 02:50:27 | N | 74] C:autoexec.bat
[21/10/2009 – 12:21:03 | SHD ] C:boot
[11/04/2009 – 07:36:36 | RASH | 333257] C:bootmgr
[11/10/2013 – 16:53:28 | SHD ] C:Config.Msi
[18/09/2006 – 22:43:37 | N | 10] C:config.sys
[14/01/2008 – 12:42:12 | SHD ] C:Documents and Settings
[01/11/2007 – 03:19:01 | D ] C:HP
[01/03/2008 – 16:15:37 | D ] C:Intel
[24/07/2009 – 10:29:48 | N | 0] C:IO.SYS
[24/07/2009 – 10:29:48 | N | 0] C:MSDOS.SYS
[01/11/2007 – 02:18:06 | RHD ] C:MSOCache
[10/11/2013 – 10:07:40 | ASH | 6291456000] C:pagefile.sys
[13/06/2008 – 10:21:35 | D ] C:PerfLogs
[21/10/2013 – 10:27:33 | D ] C:Program Files
[21/11/2012 – 22:54:34 | HD ] C:ProgramData
[14/01/2008 – 12:52:58 | D ] C:SwSetup
[10/11/2013 – 12:51:38 | SHD ] C:System Volume Information
[14/01/2008 – 12:52:58 | D ] C:System.sav
[10/11/2013 – 15:44:51 | D ] C:UsbFix
[10/11/2013 – 14:58:36 | N | 9039] C:UsbFix [Clean 1] PC-DE-MACHA.txt
[10/11/2013 – 15:15:30 | N | 9246] C:UsbFix [Clean 3] PC-DE-MACHA.txt
[10/11/2013 – 15:51:37 | A | 7561] C:UsbFix [Clean 4] PC-DE-MACHA.txt
[10/11/2013 – 15:18:20 | N | 4150] C:UsbFix [Listing 1 ] PC-DE-MACHA.txt
[10/11/2013 – 14:45:16 | N | 10425] C:UsbFix [Scan 1] PC-DE-MACHA.txt
[14/01/2008 – 12:46:24 | RD ] C:Users
[12/10/2013 – 10:28:47 | D ] C:Windows
[12/03/2003 – 13:50:11 | N | 140] C:WM800918.bin
[20/05/2013 – 11:53:42 | D ] C:_AcroTemp
[14/01/2008 – 12:53:30 | SHD ] D:$RECYCLE.BIN
[11/09/2005 – 16:18:54 | N | 340] D:AUTOMODE
[14/01/2008 – 12:50:54 | N | 13] D:BLOCK.RIN
[04/12/2007 – 04:07:19 | SHD ] D:boot
[04/10/2006 – 00:02:44 | SH | 438328] D:bootmgr
[10/09/2002 – 17:14:28 | N | 8134] D:Folder.htt
[04/12/2007 – 04:07:19 | D ] D:HP
[04/12/2007 – 03:27:01 | N | 710] D:MASTER.LOG
[04/12/2007 – 04:07:19 | SHD ] D:preload
[29/01/2007 – 17:56:20 | SH | 109060] D:protect.ed
[04/12/2007 – 04:07:19 | RD ] D:RECOVERY
[04/12/2007 – 04:07:19 | SHD ] D:SOURCES
[20/02/2012 – 13:02:02 | SHD ] D:System Volume Information
[04/12/2007 – 04:07:20 | D ] D:Tools
[04/12/2007 – 03:27:13 | N | 0] D:USER
[04/12/2007 – 04:07:19 | D ] D:WINDOWS
[13/11/2012 – 00:04:40 | SH | 12288] G:~WRL0001.tmp
[13/11/2012 – 09:51:34 | SH | 24064] G:~WRL0002.tmp
[20/11/2012 – 10:45:06 | SH | 24064] G:~WRL0003.tmp
[30/09/2013 – 14:54:18 | SHD ] G:travail
[13/10/2013 – 18:41:00 | SHD ] G:perso
[06/11/2013 – 10:57:54 | SHD ] G:Autorun.inf
[10/08/2013 – 14:40:44 | SH | 225172] G:password.vbs
[07/11/2013 – 18:37:06 | A | 453] G:~WRL0001.lnk
[07/11/2013 – 18:37:08 | A | 453] G:~WRL0002.lnk
[07/11/2013 – 18:37:08 | A | 453] G:~WRL0003.lnk
[07/11/2013 – 18:37:08 | A | 497] G:travail.lnk
[07/11/2013 – 18:37:08 | A | 493] G:perso.lnk
[07/11/2013 – 18:37:08 | A | 505] G:Autorun.inf.lnk

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |