Répondre à : Virus transforme les fichiers en raccourcis sur clé USB 2016-09-08T13:22:45+00:00
Photo du profil de GuesswhatGuesswhat
Participant
Post count: 12

Avé billmaxime :hello:

Désolé pour le retard :shame:

Je ne sais pas si je vous l’aie dit mais… vous êtes… FORMIDABLE. Merci SOSVIRUS !! :content:

Voici le résultat du rapport [shadow=blue:1p3ydpw0][glow=red:1p3ydpw0]UsbFix[/glow:1p3ydpw0][/shadow:1p3ydpw0] (Suppression): :)

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Shermarke (Administrateur) # PC-DE-SHERMARKE
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 18:04:41 | 04/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (N73SV)
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
RAM -> [Total : 4007 | Free : 2973]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 441 Go (267 Go libre(s) – 61%) [OS] # NTFS
D: -> Disque fixe # 233 Go (232 Go libre(s) – 100%) [SDATA1] # NTFS
E: -> Disque fixe # 233 Go (6 Mo libre(s) – 0%) [SDATA2] # NTFS
F: -> CD-ROM
G: -> Disque amovible # 2 Go (1 Go libre(s) – 54%) [IC RECORDER] # FAT
I: -> CD-ROM
J: -> Disque amovible # 2 Go (264 Mo libre(s) – 14%) [] # FAT

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1612 |ParentID: 788)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4476 |ParentID: 4956)
Stoppé! C:Windowsexplorer.exe (ID: 5584 |ParentID: 904)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 7032 |ParentID: 968)
Stoppé! C:Program FilesIntelTurboBoostTurboBoost.exe (ID: 5420 |ParentID: 788)
Stoppé! C:Program Files (x86)SiteAdvisor6261SAService.exe (ID: 1660 |ParentID: 788)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 6168 |ParentID: 788)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5888 |ParentID: 788)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 5904 |ParentID: 788)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4548 |ParentID: 5904)
Stoppé! C:Windowssystem32nvvsvc.exe (ID: 6712 |ParentID: 788)
Stoppé! C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 6808 |ParentID: 6712)
Stoppé! C:Windowssystem32nvvsvc.exe (ID: 1468 |ParentID: 6712)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 6200 |ParentID: 788)
Stoppé! C:Windowssystem32DllHost.exe (ID: 2264 |ParentID: 968)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3236 |ParentID: 660)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5512 |ParentID: 1032)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWARE | Run : [SonicMasterTray] – C:Program Files (x86)ASUSSonicMasterSonicMasterTray.exe
04 – HKLMSOFTWARE | Run : [FLxHCIm] – “C:Program FilesFresco Logic IncFresco Logic USB3.0 Host ControllerhostFLxHCIm.exe”
04 – HKLMSOFTWARE | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWARE | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberlinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWARE | Run : [SiteAdvisor] – “C:Program Files (x86)SiteAdvisor6261SiteAdv.exe”
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatee2f1e4f8-0aa0-4363-a0cc-307b8edab20c.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SonicMasterTray] – C:Program Files (x86)ASUSSonicMasterSonicMasterTray.exe
04 – HKLMSOFTWAREwow6432Node | Run : [FLxHCIm] – “C:Program FilesFresco Logic IncFresco Logic USB3.0 Host ControllerhostFLxHCIm.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWAREwow6432Node | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberlinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWAREwow6432Node | Run : [SiteAdvisor] – “C:Program Files (x86)SiteAdvisor6261SiteAdv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatee2f1e4f8-0aa0-4363-a0cc-307b8edab20c.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2120338015-3794941897-200333208-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Non supprimé ! I:AutoRun.exe
Supprimé! J:Façon d’apprendre.lnk
Supprimé! J:0001.lnk
Supprimé! J:.android_secure.lnk
Supprimé! J:burstlyImageCache.lnk
Supprimé! J:burstlyVideoCache.lnk
Supprimé! J:sportstracker21.lnk
Supprimé! J:AlarmClockXtreme.lnk
Non supprimé ! I:autorun.inf
Non supprimé ! I:autorun.exe
Supprimé! J:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 5C462386AC2558B2A71BD8F47B55334D -> J:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-2120338015-3794941897-200333208-1001Software….Mountpoints2{38d64ee6-7b37-11e1-a687-f46d04fced15}

################## | Listing |

[06/04/2013 – 18:58:45 | SHD ] C:$Recycle.Bin
[02/12/2013 – 21:32:29 | D ] C:AdwCleaner
[25/03/2012 – 18:00:08 | D ] C:ASUS.DAT
[16/07/2012 – 22:43:19 | D ] C:AsusVibeData
[29/07/2009 – 07:03:34 | SHD ] C:Boot
[14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
[29/07/2009 – 07:03:37 | RASH | 8192] C:BOOTSECT.BAK
[26/03/2012 – 02:31:21 | N | 14771] C:devlist.txt
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[26/03/2012 – 02:06:04 | D ] C:eSupport
[26/03/2012 – 02:20:51 | D ] C:ExpressGateUtil
[25/03/2012 – 11:31:21 | N | 9] C:Finish.log
[03/12/2013 – 23:51:50 | ASH | 3151011840] C:hiberfil.sys
[26/03/2012 – 01:54:26 | D ] C:Intel
[25/03/2012 – 19:54:43 | RHD ] C:MSOCache
[14/04/2011 – 02:45:31 | N | 2621440] C:N73SV.BIN
[13/06/2011 – 02:33:37 | N | 19] C:N73SV_WIN7.70
[03/12/2013 – 23:51:50 | ASH | 4201349120] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[03/12/2013 – 12:43:27 | N | 512] C:PhysicalDisk0_MBR.bin
[11/10/2013 – 18:01:02 | N | 1388] C:preference.xml
[03/12/2013 – 10:39:37 | D ] C:Program Files
[03/12/2013 – 12:40:03 | D ] C:Program Files (x86)
[03/12/2013 – 09:01:13 | HD ] C:ProgramData
[25/03/2012 – 17:55:45 | SHD ] C:Recovery
[17/12/2010 – 02:50:23 | N | 5] C:RECOVERY.DAT
[26/03/2012 – 01:59:22 | N | 2306] C:RHDSetup.log
[26/03/2012 – 02:12:17 | N | 168] C:setup.log
[26/03/2012 – 02:05:56 | N | 378] C:setuplogfile.log
[03/12/2013 – 23:44:57 | SHD ] C:System Volume Information
[25/03/2012 – 18:59:32 | D ] C:temp
[03/09/2013 – 20:33:49 | N | 11] C:trace.ini
[04/12/2013 – 18:09:50 | D ] C:UsbFix
[04/12/2013 – 18:09:52 | A | 11654] C:UsbFix [Clean 2] PC-DE-SHERMARKE.txt
[03/12/2013 – 21:37:04 | N | 15178] C:UsbFix [Scan 1] PC-DE-SHERMARKE.txt
[04/12/2013 – 01:18:22 | N | 14465] C:UsbFix [Scan 2] PC-DE-SHERMARKE.txt
[06/04/2013 – 18:58:31 | RD ] C:Users
[26/03/2012 – 02:38:12 | D ] C:WIMAPPLY
[03/12/2013 – 23:45:22 | D ] C:Windows
[06/04/2013 – 18:58:45 | SHD ] D:$RECYCLE.BIN
[25/03/2012 – 12:29:17 | D ] D:Desktop
[29/07/2011 – 11:32:55 | SHD ] D:System Volume Information
[06/04/2013 – 18:58:45 | SHD ] E:$RECYCLE.BIN
[30/07/2013 – 00:20:19 | N | 86928] E:leucemie.pdf
[26/03/2012 – 18:56:04 | N | 528] E:MediaID.bin
[07/07/2013 – 19:43:02 | D ] E:PC-DE-SHERMARKE
[18/04/2013 – 11:12:03 | SHD ] E:System Volume Information
[26/03/2012 – 19:06:39 | D ] E:WindowsImageBackup
[26/03/2011 – 06:31:36 | D ] G:VOICE
[03/12/2013 – 23:17:54 | N | 4960] G:capability_01.xml
[15/01/2013 – 14:08:42 | AH | 4096] G:._.Trashes
[15/01/2013 – 14:08:42 | HD ] G:.Trashes
[15/01/2013 – 14:08:42 | HD ] G:.Spotlight-V100
[25/03/2011 – 06:35:52 | D ] G:Instructions
[15/09/2011 – 20:28:38 | R | 61976] I:AutoRun.exe
[26/09/2011 – 19:51:09 | R | 121] I:autorun.inf
[26/09/2011 – 20:18:42 | D ] I:Installer
[14/11/2009 – 02:15:22 | D ] J:LOST.DIR
[28/11/2013 – 15:01:54 | D ] J:.android_secure
[14/11/2009 – 02:15:54 | D ] J:bluetooth
[02/12/2013 – 15:48:10 | D ] J:DCIM
[03/10/2012 – 23:36:56 | D ] J:Android
[08/01/2012 – 18:02:28 | D ] J:.dataviz
[30/12/2011 – 21:21:34 | D ] J:documents
[30/12/2011 – 21:54:14 | D ] J:media
[02/01/2012 – 16:22:48 | D ] J:openfeint
[02/01/2012 – 16:22:50 | D ] J:.beintoo
[03/01/2012 – 13:33:06 | D ] J:Coran
[12/12/2012 – 03:17:44 | D ] J:zemail
[12/09/2013 – 20:44:00 | D ] J:download
[09/01/2012 – 03:17:10 | N | 94905] J:Emploidutemps.pdf
[29/09/2013 – 09:21:44 | D ] J:recordings
[08/10/2013 – 02:56:50 | D ] J:data
[08/04/2012 – 10:34:12 | D ] J:nawawiaudio
[02/11/2012 – 07:37:26 | D ] J:burstlyImageCache
[22/10/2013 – 14:30:06 | D ] J:burstlyVideoCache
[06/05/2013 – 21:32:46 | D ] J:temp
[16/07/2012 – 22:31:10 | D ] J:Images
[16/07/2012 – 22:31:10 | D ] J:Videos
[16/07/2012 – 22:31:10 | D ] J:Sounds
[16/07/2012 – 22:31:10 | D ] J:Themes
[16/07/2012 – 22:31:12 | D ] J:Others
[16/07/2012 – 22:36:32 | N | 2299196] J:SThumbDB.tdb
[22/08/2012 – 20:14:16 | D ] J:social_cache
[05/08/2012 – 00:33:34 | D ] J:droidhen
[21/09/2012 – 07:35:50 | D ] J:.gameAd
[04/10/2012 – 00:16:58 | D ] J:gamevil
[18/11/2012 – 18:42:34 | D ] J:run-log.com
[18/11/2012 – 18:43:10 | D ] J:sportstracker21
[30/04/2013 – 14:10:28 | D ] J:.mmsyscache
[19/12/2012 – 23:09:08 | D ] J:inappad
[08/12/2012 – 12:06:34 | D ] J:data-app
[16/12/2012 – 17:47:20 | N | 134758] J:Façon d’apprendre.amr
[17/12/2012 – 02:34:00 | D ] J:AlarmClockXtreme
[29/12/2012 – 20:25:24 | N | 56804] J:0001.vcf
[16/02/2013 – 01:11:38 | D ] J:.skynet
[25/02/2013 – 01:00:08 | D ] J:icloudzone
[31/03/2013 – 20:36:02 | D ] J:runtastic
[15/08/2013 – 15:48:22 | D ] J:sleep-data
[09/10/2013 – 10:04:24 | D ] J:.gameloft
[25/10/2013 – 00:43:12 | D ] J:gameloft
[25/10/2013 – 13:19:02 | D ] J:.adc
[01/12/2013 – 23:58:28 | N | 0] J:Themes.lnk

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

:merci2: