Répondre à : Virus transformant contenu des clés USB en raccourcis 2016-09-08T13:17:05+00:00
Photo du profil de bonaparte75bonaparte75
Participant
Post count: 19

Ne prenez pas en compte le dernier message.

Voici le script aprés installation USB fix Suppression

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Philippe (Administrateur) # COTON
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 11:19:11 | 13/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (NP300E5C-S08FR)
CPU: Intel(R) Pentium(R) CPU B970 @ 2.30GHz
RAM -> [Total : 3796 | Free : 1979]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 31.0.1650.48

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Windows Defender [Enabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 672 Go (609 Go libre(s) – 91%) [] # NTFS
D: -> CD-ROM

################## | Processus Stoppés |

Stoppé! C:windowssystem32nvvsvc.exe (ID: 848 |ParentID: 708)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1028 |ParentID: 848)
Stoppé! C:windowssystem32nvvsvc.exe (ID: 1040 |ParentID: 848)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 1436 |ParentID: 708)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1580 |ParentID: 708)
Stoppé! C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1720 |ParentID: 708)
Stoppé! C:windowssystem32dashost.exe (ID: 1772 |ParentID: 1092)
Stoppé! C:Program Files (x86)SamsungSettingsCmdServerEasyLauncher.exe (ID: 1796 |ParentID: 708)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1872 |ParentID: 708)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1904 |ParentID: 708)
Stoppé! C:Program FilesWindows DefenderMsMpEng.exe (ID: 1988 |ParentID: 708)
Stoppé! C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID: 1120 |ParentID: 708)
Stoppé! C:windowssystem32taskhostex.exe (ID: 1632 |ParentID: 708)
Stoppé! C:Program Files (x86)SamsungSettingsCmdServerEasySettingsCmdServer.exe (ID: 2004 |ParentID: 1796)
Stoppé! C:windowsExplorer.EXE (ID: 3076 |ParentID: 2532)
Stoppé! C:Program Files (x86)SamsungSettingssSettings.exe (ID: 3664 |ParentID: 708)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweLiveComm.exe (ID: 3864 |ParentID: 812)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 4068 |ParentID: 1028)
Stoppé! C:Program Files (x86)SamsungSW UpdateSWMAgent.exe (ID: 2604 |ParentID: 708)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 2736 |ParentID: 708)
Stoppé! C:windowssystem32DllHost.exe (ID: 3188 |ParentID: 812)
Stoppé! C:windowssystem32igfxext.exe (ID: 3932 |ParentID: 812)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 4300 |ParentID: 3076)
Stoppé! C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID: 4352 |ParentID: 3076)
Stoppé! C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 4416 |ParentID: 3076)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 4512 |ParentID: 3076)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 4572 |ParentID: 3076)
Stoppé! C:Program FilesElantechETDCtrl.exe (ID: 4620 |ParentID: 3076)
Stoppé! C:Program Files (x86)FnacFnacSynchroWebSynchro.exe (ID: 4768 |ParentID: 3076)
Stoppé! C:Program FilesElantechETDCtrlHelper.exe (ID: 4828 |ParentID: 4620)
Stoppé! C:WindowsSystem32wscript.exe (ID: 4896 |ParentID: 3076)
Stoppé! C:UsersPhilippeAppDataRoamingDropboxbinDropbox.exe (ID: 4932 |ParentID: 3076)
Stoppé! C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe (ID: 3812 |ParentID: 4920)
Stoppé! C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 4604 |ParentID: 4920)
Stoppé! C:Program FilesSamsungS AgentCommonAgent.exe (ID: 3244 |ParentID: 708)
Stoppé! C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 4088 |ParentID: 708)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 2128 |ParentID: 812)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 5752 |ParentID: 708)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5792 |ParentID: 708)
Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID: 5908 |ParentID: 708)
Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 2348 |ParentID: 708)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 1188 |ParentID: 708)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5544 |ParentID: 708)
Stoppé! C:Program FilesSamsungSupport CenterGuaranaAgent.exe (ID: 5300 |ParentID: 3244)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 4028 |ParentID: 708)
Stoppé! C:windowssystem32wwahost.exe (ID: 3880 |ParentID: 812)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbweLiveComm.exe (ID: 2260 |ParentID: 812)
Stoppé! C:windowssystem32taskhost.exe (ID: 4124 |ParentID: 708)
Stoppé! C:windowssystem32wwahost.exe (ID: 3524 |ParentID: 812)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7696 |ParentID: 7724)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7220 |ParentID: 7696)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7984 |ParentID: 7696)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5700 |ParentID: 7696)
Stoppé! C:windowssystem32SearchProtocolHost.exe (ID: 7644 |ParentID: 2736)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWARE | Run : [CLMLServer_For_P2G8] – “C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
04 – HKLMSOFTWARE | Run : [CLVirtualDrive] – “C:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWAREwow6432Node | Run : [CLMLServer_For_P2G8] – “C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [CLVirtualDrive] – “C:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-927294191-717072922-153577076-1002SOFTWARE | Run : [WebSynchro] – “C:Program Files (x86)FNACFnacSynchroWebSynchro.exe” Command::MinimizeRun
04 – HKUS-1-5-21-927294191-717072922-153577076-1002SOFTWARE | Run : [FSa6SN5F] – wscript.exe //B “C:UsersPhilippeAppDataLocalTempFSa6SN5F.vbs”

################## | Recherche générique |

Supprimé! C:UsersPhilippeAppDataLocalTempFSa6SN5F.vbs
Supprimé! C:UsersPhilippeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupFSa6SN5F.vbs

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 86135C147E1EC57C5F163769827B1ADC -> C:UsersPhilippeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupFSa6SN5F.vbs
Md5 : 86135C147E1EC57C5F163769827B1ADC -> C:UsersPhilippeAppDataLocalTempFSa6SN5F.vbs

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-927294191-717072922-153577076-1002SoftwareMicrosoftWindowsCurrentVersionRun|FSa6SN5F
Supprimé! HKUS-1-5-21-927294191-717072922-153577076-1002Software….Mountpoints2{86ea32d1-4e9b-11e2-be8f-50b7c32c715d}

################## | Listing |

[25/12/2012 – 14:49:03 | SHD ] C:$Recycle.Bin
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
[26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
[12/11/2013 – 09:18:24 | ASH | 3183919104] C:hiberfil.sys
[20/10/2012 – 06:36:14 | D ] C:Intel
[25/12/2012 – 14:56:18 | N | 1805] C:last.txt
[25/12/2012 – 13:47:58 | RHD ] C:MSOCache
[12/11/2013 – 09:18:28 | ASH | 2415919104] C:pagefile.sys
[26/07/2012 – 08:33:46 | D ] C:PerfLogs
[25/12/2012 – 15:00:04 | D ] C:Program Files
[23/10/2013 – 07:21:56 | D ] C:Program Files (x86)
[25/12/2012 – 17:32:56 | HD ] C:ProgramData
[20/10/2012 – 06:39:37 | N | 2214] C:RHDSetup.log
[20/10/2012 – 06:39:37 | N | 206] C:setup.log
[20/10/2012 – 21:38:24 | D ] C:sources
[12/11/2013 – 09:18:28 | ASH | 268435456] C:swapfile.sys
[23/10/2012 – 00:28:28 | D ] C:sysprep
[07/11/2013 – 19:43:45 | SHD ] C:System Volume Information
[20/10/2012 – 06:38:10 | D ] C:temp
[13/11/2013 – 11:24:34 | D ] C:UsbFix
[13/11/2013 – 11:24:37 | A | 9777] C:UsbFix [Clean 1] COTON.txt
[25/12/2012 – 13:37:54 | RD ] C:Users
[07/11/2013 – 18:26:02 | D ] C:Windows

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |