Répondre à : fichiers de clé usb transmformés en racourcis… 2016-09-08T13:17:55+00:00
annelaure1512
Participant
Post count: 4

Bonsoir Evasion60,

Voici une copie du rapport ############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Utilisateur (Administrateur) # PC-DE-UTILISATE
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 20:29:36 | 14/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Quanta (3060)
CPU: AMD Turion(tm) X2 Dual-Core Mobile RM-74
RAM -> [Total : 3070 | Free : 1544]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 455 Go (175 Go libre(s) – 39%) [] # NTFS
D: -> Disque fixe # 11 Go (3 Mo libre(s) – 0%) [RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [ANNE-LAURE] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1328 |ParentID: 532)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4064 |ParentID: 956)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 1948 |ParentID: 700)
Stoppé! C:Program FilesBatBrowseupdateBatBrowse.exe (ID: 2944 |ParentID: 532)
Stoppé! C:Program FilesBatBrowsebinutilBatBrowse.exe (ID: 3976 |ParentID: 532)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 804 |ParentID: 532)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2796 |ParentID: 804)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5328 |ParentID: 532)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4636 |ParentID: 532)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3448 |ParentID: 532)
Stoppé! C:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4812 |ParentID: 532)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 5440 |ParentID: 532)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 3012 |ParentID: 532)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 3852 |ParentID: 700)
Stoppé! C:WindowsExplorer.exe (ID: 3548 |ParentID: 4024)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 1848 |ParentID: 4024)
Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 1320 |ParentID: 4024)
Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 3228 |ParentID: 1848)
Stoppé! C:Windowsexplorer.exe (ID: 5552 |ParentID: 700)
Stoppé! C:Windowsexplorer.exe (ID: 4216 |ParentID: 700)

################## | Regedit Run |

04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3937222459-2557906112-1774850836-1000SOFTWARE | Run : [HPAdvisor] – C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
04 – HKUS-1-5-21-3937222459-2557906112-1774850836-1000SOFTWARE | Run : [msnmsgr] – “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-3937222459-2557906112-1774850836-1000SOFTWARE | Run : [TomTomHOME.exe] – “C:Program FilesTomTom HOME 2TomTomHOMERunner.exe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! F:Mémoire.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[11/06/2010 – 05:54:52 | D ] C:$INPLACE.~TR
[18/07/2010 – 22:12:09 | SHD ] C:$RECYCLE.BIN
[10/06/2010 – 21:14:54 | D ] C:$WINDOWS.~Q
[17/09/2012 – 22:48:20 | D ] C:36ddc694bba85a471816981fd07f29
[27/04/2011 – 23:03:56 | D ] C:75b14eb7f1765eb6ed16d59e5f52
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[24/09/2011 – 16:06:30 | SHD ] C:boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[11/06/2010 – 06:14:40 | RASH | 8192] C:BOOTSECT.BAK
[20/03/2011 – 12:03:26 | N | 3416] C:bootsqm.dat
[14/10/2010 – 23:21:03 | D ] C:cf680ef3dee541ba9683806aaa54ed1b
[14/11/2013 – 19:04:46 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[12/11/2013 – 20:11:10 | ASH | 2414215168] C:hiberfil.sys
[24/03/2010 – 16:42:32 | D ] C:HP
[01/07/2010 – 17:11:38 | N | 185] C:hpqlb.log
[24/03/2010 – 16:42:32 | RHD ] C:MSOCache
[24/03/2010 – 17:21:55 | N | 184] C:MSSTBJ.CAT
[12/11/2013 – 20:11:17 | ASH | 3218956288] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[06/11/2013 – 18:32:01 | D ] C:Program Files
[30/10/2013 – 21:28:28 | HD ] C:ProgramData
[11/06/2010 – 06:15:55 | SHD ] C:Recovery
[25/04/2010 – 08:19:32 | D ] C:Report
[18/03/2012 – 13:42:30 | D ] C:Sharing Downloads
[01/07/2010 – 17:41:02 | D ] C:SWSetup
[24/03/2010 – 17:20:37 | D ] C:System Recovery
[14/11/2013 – 18:59:33 | SHD ] C:System Volume Information
[24/03/2010 – 16:53:06 | D ] C:System.sav
[14/11/2013 – 20:29:54 | D ] C:UsbFix
[14/11/2013 – 20:14:17 | N | 9199] C:UsbFix [Clean 3] PC-DE-UTILISATE.txt
[14/11/2013 – 20:30:33 | A | 5571] C:UsbFix [Clean 4] PC-DE-UTILISATE.txt
[14/11/2013 – 19:39:33 | N | 7200] C:UsbFix [Scan 1] PC-DE-UTILISATE.txt
[13/04/2012 – 19:39:22 | N | 251] C:user.js
[18/06/2010 – 13:18:36 | RD ] C:Users
[01/05/2013 – 08:59:51 | D ] C:Windows
[18/06/2010 – 13:18:48 | SHD ] D:$RECYCLE.BIN
[25/07/2009 – 05:51:18 | N | 13] D:BLOCK.RIN
[24/03/2010 – 17:09:00 | SHD ] D:boot
[03/10/2006 – 22:02:44 | SH | 438328] D:bootmgr
[24/07/2009 – 16:10:53 | N | 0] D:DRECOVERY
[10/09/2002 – 15:14:28 | N | 8134] D:Folder.htt
[24/03/2010 – 17:09:00 | D ] D:HP
[21/07/2009 – 14:50:35 | SH | 22] D:HPCD.sys
[08/11/2013 – 17:57:33 | N | 8] D:HP_WSD.dat
[12/11/2013 – 20:12:14 | N | 283] D:MASTER.LOG
[30/10/2010 – 10:52:58 | N | 528] D:MediaID.bin
[26/12/2010 – 19:12:31 | D ] D:PC-DE-UTILISATE
[24/03/2010 – 17:19:40 | SHD ] D:PRELOAD
[12/09/2008 – 16:17:38 | SH | 381873] D:protect.arabic
[15/09/2008 – 14:57:58 | N | 182624] D:protect.bulgarian
[16/09/2002 – 13:37:48 | SH | 181898] D:protect.chinese hong kong
[16/09/2002 – 13:37:40 | SH | 181916] D:protect.chinese simplified
[16/09/2002 – 13:37:48 | SH | 181898] D:protect.chinese traditional
[27/04/2006 – 15:19:40 | SH | 181865] D:protect.czech
[03/11/2005 – 14:21:26 | SH | 181726] D:protect.danish
[10/09/2002 – 12:56:12 | SH | 181605] D:protect.dutch
[10/09/2002 – 12:50:18 | SH | 181651] D:protect.ed
[22/11/2004 – 14:28:30 | SH | 181648] D:protect.english
[03/11/2005 – 14:20:20 | SH | 181673] D:protect.finnish
[03/11/2005 – 14:19:52 | SH | 181736] D:protect.french
[03/11/2005 – 14:18:10 | SH | 181669] D:protect.german
[23/11/2005 – 14:56:46 | SH | 182689] D:protect.greek
[23/01/2006 – 08:18:00 | SH | 182605] D:protect.hebrew
[28/08/2007 – 13:58:08 | SH | 181696] D:protect.hungarian
[03/11/2005 – 14:17:00 | SH | 181554] D:protect.italian
[19/06/2007 – 14:22:10 | SH | 182351] D:protect.japanese
[24/11/2005 – 10:24:44 | SH | 218295] D:protect.korean
[03/11/2005 – 14:15:12 | SH | 181578] D:protect.norwegian
[25/04/2006 – 13:44:10 | SH | 181789] D:protect.polish
[03/11/2005 – 14:13:12 | SH | 181624] D:protect.portuguese
[27/10/2005 – 18:24:10 | SH | 181882] D:protect.portuguese brazilian
[15/09/2008 – 14:57:54 | SH | 181735] D:protect.romanian
[28/06/2004 – 07:52:46 | SH | 211936] D:protect.russian
[04/07/2007 – 10:46:44 | SH | 181954] D:protect.slovak
[03/11/2005 – 14:11:46 | SH | 181586] D:protect.spanish
[10/09/2002 – 13:15:06 | SH | 181602] D:protect.swedish
[12/08/2003 – 09:37:30 | SH | 181783] D:protect.turkish
[21/07/2009 – 13:38:48 | SH | 26] D:RCBoot.sys
[24/03/2010 – 17:19:40 | RD ] D:RECOVERY
[24/03/2010 – 17:19:54 | SHD ] D:SOURCES
[25/03/2010 – 07:43:57 | SHD ] D:System Volume Information
[24/03/2010 – 17:19:54 | D ] D:Tools
[24/03/2010 – 17:19:54 | D ] D:WINDOWS
[14/11/2013 – 20:14:18 | RASHD ] F:Autorun.inf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |