Répondre à : Virus transforme les fichiers en raccourcis sur clé USB 2016-09-08T13:22:45+00:00
Guesswhat
Participant
Post count: 12

:hello: Billmaxime,

Mille merci pour vos réponses (vous me sauvez). :content: C’est super chouette. :merci2: :merci2:

Alors j’ai accompli ce que vous m’avez demandé de faire : :)

Tout d’abord, voici le rapport [shadow=blue:dtd2w282][glow=red:dtd2w282]ZHPFix[/glow:dtd2w282][/shadow:dtd2w282] :

https://antimalware.top/log/SosUpload.8de3b931e7f4043f4d0cf7273bf4dc3c.txt” onclick=”window.open(this.href);return false;

Ensuite, le rapport [shadow=blue:dtd2w282][glow=red:dtd2w282]UsbFix[/glow:dtd2w282][/shadow:dtd2w282] :

############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: Shermarke (Administrateur) # PC-DE-SHERMARKE
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 21:32:30 | 03/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (N73SV)
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
RAM -> [Total : 4007 | Free : 2524]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 441 Go (268 Go libre(s) – 61%) [OS] # NTFS
D: -> Disque fixe # 233 Go (232 Go libre(s) – 100%) [SDATA1] # NTFS
E: -> Disque fixe # 233 Go (6 Mo libre(s) – 0%) [SDATA2] # NTFS
F: -> CD-ROM
G: -> Disque amovible # 2 Go (1 Go libre(s) – 54%) [IC RECORDER] # FAT
I: -> CD-ROM
J: -> Disque amovible # 2 Go (264 Mo libre(s) – 14%) [] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 624 |ParentID: 616)
C:Windowssystem32wininit.exe (ID: 748 |ParentID: 616)
C:Windowssystem32csrss.exe (ID: 772 |ParentID: 760)
C:Windowssystem32services.exe (ID: 812 |ParentID: 748)
C:Windowssystem32lsass.exe (ID: 832 |ParentID: 748)
C:Windowssystem32lsm.exe (ID: 840 |ParentID: 748)
C:Windowssystem32winlogon.exe (ID: 900 |ParentID: 760)
C:Windowssystem32svchost.exe (ID: 980 |ParentID: 812)
C:Windowssystem32nvvsvc.exe (ID: 364 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 400 |ParentID: 812)
C:WindowsSystem32svchost.exe (ID: 644 |ParentID: 812)
C:WindowsSystem32svchost.exe (ID: 676 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 932 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 424 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 1188 |ParentID: 812)
C:Windowssystem32FBAgent.exe (ID: 1272 |ParentID: 812)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1300 |ParentID: 812)
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1344 |ParentID: 812)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1372 |ParentID: 812)
C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1572 |ParentID: 364)
C:Windowssystem32nvvsvc.exe (ID: 1584 |ParentID: 364)
C:WindowsSystem32spoolsv.exe (ID: 1920 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 1948 |ParentID: 812)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1616 |ParentID: 812)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 2284 |ParentID: 812)
C:Windowssystem32rundll32.exe (ID: 2508 |ParentID: 1404)
C:Windowssystem32rundll32.exe (ID: 2516 |ParentID: 1404)
C:WindowsSysWOW64rundll32.exe (ID: 2528 |ParentID: 2508)
C:Program Files (x86)SiteAdvisor6261SAService.exe (ID: 2616 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 2640 |ParentID: 812)
C:Program FilesIntelTurboBoostTurboBoost.exe (ID: 2668 |ParentID: 812)
C:ExpressGateUtilVAWinService.exe (ID: 2736 |ParentID: 812)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2768 |ParentID: 812)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2896 |ParentID: 812)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3040 |ParentID: 2768)
C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 3512 |ParentID: 812)
C:Windowssystem32SearchIndexer.exe (ID: 3820 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 4036 |ParentID: 812)
C:Windowssystem32svchost.exe (ID: 4060 |ParentID: 812)
C:Windowssystem32taskhost.exe (ID: 4840 |ParentID: 812)
C:Windowssystem32taskeng.exe (ID: 4908 |ParentID: 424)
C:Windowssystem32taskeng.exe (ID: 5008 |ParentID: 424)
C:Program Files (x86)ASUSSplendidACMON.exe (ID: 5072 |ParentID: 4908)
C:Program FilesP4GBatteryLife.exe (ID: 5116 |ParentID: 4908)
C:Program Files (x86)ASUSSmartLogonsensorsrv.exe (ID: 4208 |ParentID: 4908)
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 4264 |ParentID: 5008)
C:Program Files (x86)ASUSASUS Live UpdateALU.exe (ID: 4188 |ParentID: 4908)
C:Program Files (x86)CyberLinkShared filesRichVideo.exe (ID: 2056 |ParentID: 812)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 4140 |ParentID: 1300)
C:WindowsAsScrPro.exe (ID: 4132 |ParentID: 1272)
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 1356 |ParentID: 4140)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 1412 |ParentID: 4140)
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 1668 |ParentID: 4140)
C:WindowsSysWOW64ACEngSvr.exe (ID: 2240 |ParentID: 980)
C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 2868 |ParentID: 1272)
C:Windowssystem32Dwm.exe (ID: 3320 |ParentID: 676)
C:WindowsExplorer.EXE (ID: 3288 |ParentID: 3184)
C:WindowsSystem32igfxtray.exe (ID: 2200 |ParentID: 3288)
C:WindowsSystem32hkcmd.exe (ID: 2244 |ParentID: 3288)
C:WindowsSystem32igfxpers.exe (ID: 2748 |ParentID: 3288)
C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 1872 |ParentID: 3288)
C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe (ID: 4404 |ParentID: 3288)
C:Program FilesElantechETDCtrl.exe (ID: 3480 |ParentID: 3288)
C:Program FilesWindows Sidebarsidebar.exe (ID: 3472 |ParentID: 3288)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 4356 |ParentID: 1272)
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 4684 |ParentID: 4424)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe (ID: 4776 |ParentID: 4424)
C:Program Files (x86)ASUSSonicMasterSonicMasterTray.exe (ID: 4976 |ParentID: 4424)
C:Program FilesFresco Logic IncFresco Logic USB3.0 Host ControllerhostFLxHCIm.exe (ID: 5100 |ParentID: 4424)
C:Program Files (x86)ASUSWireless Console 3wcourier.exe (ID: 2092 |ParentID: 4424)
C:ExpressGateUtilVAWinAgent.exe (ID: 2188 |ParentID: 4424)
C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 4340 |ParentID: 4424)
C:Program Files (x86)SiteAdvisor6261SiteAdv.exe (ID: 2272 |ParentID: 4424)
C:Program FilesElantechETDCtrlHelper.exe (ID: 4528 |ParentID: 3480)
C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID: 3908 |ParentID: 4424)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2752 |ParentID: 4424)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5288 |ParentID: 812)
C:WindowsSystem32svchost.exe (ID: 5544 |ParentID: 812)
C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (ID: 5904 |ParentID: 812)
C:WindowsSystem32svchost.exe (ID: 2564 |ParentID: 812)
C:Windowssystem32DllHost.exe (ID: 5236 |ParentID: 980)
C:Program Files (x86)CyberLinkMediaEspressoDeviceDetectorDeviceDetector.exe (ID: 6280 |ParentID: 5008)
C:Windowssystem32svchost.exe (ID: 2136 |ParentID: 812)
c:PROGRA~2mcafeeSITEAD~1saui.exe (ID: 1396 |ParentID: 980)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 8160 |ParentID: 812)
C:Windowssystem32taskhost.exe (ID: 9884 |ParentID: 812)
C:WindowsSystem32WUDFHost.exe (ID: 9084 |ParentID: 676)
C:Windowssplwow64.exe (ID: 8632 |ParentID: 3176)
C:Windowssystem32wbemwmiprvse.exe (ID: 7572 |ParentID: 980)
C:UsbFixGo.exe (ID: 6348 |ParentID: 7564)
C:Windowssystem32wbemwmiprvse.exe (ID: 1800 |ParentID: 980)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWARE | Run : [SonicMasterTray] – C:Program Files (x86)ASUSSonicMasterSonicMasterTray.exe
04 – HKLMSOFTWARE | Run : [FLxHCIm] – “C:Program FilesFresco Logic IncFresco Logic USB3.0 Host ControllerhostFLxHCIm.exe”
04 – HKLMSOFTWARE | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWARE | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberlinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWARE | Run : [SiteAdvisor] – “C:Program Files (x86)SiteAdvisor6261SiteAdv.exe”
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatee2f1e4f8-0aa0-4363-a0cc-307b8edab20c.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SonicMasterTray] – C:Program Files (x86)ASUSSonicMasterSonicMasterTray.exe
04 – HKLMSOFTWAREwow6432Node | Run : [FLxHCIm] – “C:Program FilesFresco Logic IncFresco Logic USB3.0 Host ControllerhostFLxHCIm.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWAREwow6432Node | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberlinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWAREwow6432Node | Run : [SiteAdvisor] – “C:Program Files (x86)SiteAdvisor6261SiteAdv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatee2f1e4f8-0aa0-4363-a0cc-307b8edab20c.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2120338015-3794941897-200333208-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! I:AutoRun.exe
Présent! J:Façon d’apprendre.lnk
Présent! J:0001.lnk
Présent! J:.android_secure.lnk
Présent! J:burstlyImageCache.lnk
Présent! J:burstlyVideoCache.lnk
Présent! J:sportstracker21.lnk
Présent! J:AlarmClockXtreme.lnk
Présent! I:autorun.inf
Présent! I:autorun.exe
Présent! J:iTunesHelper.vbe

################## | Référence de comparaison MD5 |

Md5 : 5C462386AC2558B2A71BD8F47B55334D -> J:iTunesHelper.vbe

################## | Comparaison MD5 |

Présent! Md5 : 5C462386AC2558B2A71BD8F47B55334D -> J:iTunesHelper.vbe

################## | Registre |

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

:merci2: