Répondre à : Virus Usb raccourci (Survival) 2016-09-08T13:23:17+00:00
Photo du profil de soussoun29soussoun29
Participant
Post count: 1

J’avais oublier.

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Yassin (Administrateur) # YASSIN-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 04:21:39 | 04/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Wistron (360C)
CPU: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
RAM -> [Total : 3003 | Free : 1692]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Mozilla Firefox : 16.0.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 223 Go (112 Go libre(s) – 50%) [] # NTFS
D: -> Disque fixe # 10 Go (9 Go libre(s) – 95%) [Nouveau nom] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 15 Go (14 Go libre(s) – 94%) [MULTIBOOT] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1412 |ParentID: 608)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1560 |ParentID: 608)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1692 |ParentID: 608)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1716 |ParentID: 608)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1800 |ParentID: 608)
Stoppé! C:Program Filesma-config.comMaConfigAgent.exe (ID: 1844 |ParentID: 608)
Stoppé! C:Program FilesPANDORA.TVPanServicePandoraService.exe (ID: 1904 |ParentID: 608)
Stoppé! C:Program FilesTomTom HOME 2TomTomHOMEService.exe (ID: 2148 |ParentID: 608)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2220 |ParentID: 608)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2304 |ParentID: 2220)
Stoppé! C:WindowsSystem32alg.exe (ID: 2664 |ParentID: 608)
Stoppé! C:Windowssystem32taskhost.exe (ID: 3376 |ParentID: 608)
Stoppé! C:WindowsExplorer.EXE (ID: 3544 |ParentID: 3352)
Stoppé! C:Program FilesPANDORA.TVPanServicePanProcess.exe (ID: 3724 |ParentID: 1904)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3936 |ParentID: 608)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3340 |ParentID: 3544)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 3304 |ParentID: 3544)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 3708 |ParentID: 3544)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3824 |ParentID: 3544)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2128 |ParentID: 608)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 4052 |ParentID: 3544)
Stoppé! C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 2576 |ParentID: 3544)
Stoppé! C:Program FilesMicrosoft IntelliPointipoint.exe (ID: 2956 |ParentID: 3544)
Stoppé! C:Program FilesRealRealPlayerUpdaterealsched.exe (ID: 3140 |ParentID: 3544)
Stoppé! C:Program FilesDivXDivX UpdateDivXUpdate.exe (ID: 3148 |ParentID: 3544)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID: 4228 |ParentID: 3544)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 4272 |ParentID: 3544)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID: 4344 |ParentID: 608)
Stoppé! C:Program FilesHewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 5508 |ParentID: 608)
Stoppé! C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 5584 |ParentID: 608)
Stoppé! C:Program FilesNeroUpdateNASvc.exe (ID: 5704 |ParentID: 608)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 1620 |ParentID: 608)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4308 |ParentID: 1024)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3688 |ParentID: 3544)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1000 |ParentID: 3688)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3228 |ParentID: 3688)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3196 |ParentID: 3688)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1368 |ParentID: 3688)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 1092 |ParentID: 3936)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 3636 |ParentID: 3936)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3452 |ParentID: 3688)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 4812 |ParentID: 3688)
Stoppé! C:UsersYassinAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5828 |ParentID: 3688)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [IntelliPoint] – “c:Program FilesMicrosoft IntelliPointipoint.exe”
04 – HKLMSOFTWARE | Run : [TkBellExe] – “C:Program FilesRealRealPlayerupdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program FilesDivXDivX UpdateDivXUpdate.exe” /CHECKNOW
04 – HKLMSOFTWARE | Run : [WinampAgent] – “C:Program FilesWinampwinampa.exe”
04 – HKLMSOFTWARE | Run : [Wondershare Helper Compact.exe] – C:Program FilesCommon FilesWondershareWondershare Helper CompactWSHelper.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate3a485fa0-9ff3-4579-a44e-9ec5c3df883f.exe /check
04 – HKLMSOFTWARE | RunOnce : [NCPluginUpdater] – “C:Program FilesHewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe” Update
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3981078768-362347980-1431541858-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-3981078768-362347980-1431541858-1000SOFTWARE | Run : [AdobeBridge] – “C:Program FilesAdobeAdobe Bridge CS5.1Bridge.exe” -stealth
04 – HKUS-1-5-21-3981078768-362347980-1431541858-1000SOFTWARE | Run : [ShowBatteryBar] – “C:Program FilesBatteryBarShowBatteryBar.exe” show
04 – HKUS-1-5-21-3981078768-362347980-1431541858-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program FilesDAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-3981078768-362347980-1431541858-1000SOFTWARE | Run : [Google Update] – “C:UsersYassinAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3981078768-362347980-1431541858-1000SOFTWARE | Run : [ultracopier] – “C:Program FilesSupercopiersupercopier.exe”
04 – HKUS-1-5-21-3981078768-362347980-1431541858-1000SOFTWARE | Run : [TomTomHOME.exe] – “C:Program FilesTomTom HOME 2TomTomHOMERunner.exe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Non supprimé ! G:Web01.lnk
Non supprimé ! G:usb.lnk
Non supprimé ! G:Web02.lnk
Non supprimé ! G:tableau.lnk
Non supprimé ! G:SURVIVAL.lnk
Non supprimé ! G:Portable.lnk
Non supprimé ! G:img.lnk
Non supprimé ! G:pratique03.lnk
Non supprimé ! G:airbus.lnk
Non supprimé ! G:dates.lnk
Non supprimé ! G:exemple css.lnk
Non supprimé ! G:A imprimer.lnk
Non supprimé ! G:lien test.lnk
Non supprimé ! G:javascript.lnk
Non supprimé ! G:barcelone.lnk
Non supprimé ! G:ExerciceTableau.lnk
Non supprimé ! G:Historique de la société Airbus.lnk
Non supprimé ! G:Pagevierge.lnk
Non supprimé ! G:capitole.lnk
Non supprimé ! G:date.lnk
Non supprimé ! G:Start.lnk
Non supprimé ! G:EXPORT.lnk
Non supprimé ! G:Documents.lnk
Non supprimé ! G:paragraph_separator.lnk
Non supprimé ! G:Fiche_de_paie_20120919.lnk
Non supprimé ! G:Fiche_de_paie_20121002.lnk
Non supprimé ! G:Fiche_de_paie_20120925.lnk
Non supprimé ! G:PortableApps.lnk
Non supprimé ! F:AUTORUN.INF
Non supprimé ! G:SURVIVAL.vbe
Non supprimé ! G:Documentation.vbs
Non supprimé ! G:Autorun.inf
Non supprimé ! G:start.exe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 840C8EC64C07B9DF93713CEC43D7639C -> G:SURVIVAL.vbe
Md5 : B280C68FF9B65F978FC2D7F6C0A3775D -> G:Documentation.vbs

################## | Comparaison MD5 |

Non supprimé ! Md5 : 840C8EC64C07B9DF93713CEC43D7639C -> G:SURVIVAL.vbe
Non supprimé ! Md5 : B280C68FF9B65F978FC2D7F6C0A3775D -> G:Documentation.vbs

################## | Registre |

Supprimé! HKUS-1-5-21-3981078768-362347980-1431541858-1000Software….Mountpoints2{4f0c5535-df68-11d4-9fc1-001f164e33c4}

################## | Listing |

[06/07/2011 – 14:43:09 | SHD ] C:$Recycle.Bin
[04/12/2013 – 04:07:47 | D ] C:AdwCleaner
[20/12/2012 – 05:29:43 | D ] C:AllShare
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[02/12/2011 – 06:18:40 | SD ] C:Boot
[20/11/2010 – 13:40:07 | RAS | 383786] C:bootmgr
[28/03/2011 – 01:13:25 | RAS | 8192] C:BOOTSECT.BAK
[25/11/2013 – 02:31:31 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[02/10/2013 – 04:53:33 | D ] C:Download
[11/07/2012 – 20:56:42 | D ] C:Downloads
[17/07/2012 – 14:37:26 | D ] C:found.000
[02/12/2011 – 08:44:25 | D ] C:Games
[04/12/2013 – 04:09:00 | ASH | 2361802752] C:hiberfil.sys
[20/07/2011 – 20:57:11 | D ] C:Intel
[07/06/2011 – 21:39:44 | N | 0] C:IO.SYS
[22/07/2011 – 05:34:54 | N | 765460480] C:Le sang des Templiers – VoStFr -Partie 1 – by juju91480 for wawa-mania.rar
[07/06/2011 – 21:39:44 | N | 0] C:MSDOS.SYS
[10/11/2013 – 13:43:02 | D ] C:N++RECOV
[04/12/2013 – 04:09:03 | ASH | 3149074432] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[03/12/2013 – 19:29:46 | N | 512] C:PhysicalDisk0_MBR.bin
[12/10/2011 – 23:30:24 | D ] C:Poker
[06/12/2011 – 20:56:53 | N | 109] C:prefs.js
[04/12/2013 – 04:07:40 | D ] C:Program Files
[04/12/2013 – 04:07:40 | D ] C:ProgramData
[28/03/2011 – 00:46:13 | N | 325023] C:QAFZC
[28/03/2011 – 00:21:39 | SHD ] C:Recovery
[22/01/2013 – 14:06:48 | D ] C:swsetup
[03/12/2013 – 17:20:59 | SHD ] C:System Volume Information
[04/12/2013 – 04:23:04 | D ] C:UsbFix
[04/12/2013 – 04:29:54 | A | 11765] C:UsbFix [Clean 5] YASSIN-PC.txt
[08/02/2012 – 17:30:20 | N | 1491] C:user.js
[12/07/2012 – 22:37:07 | RD ] C:Users
[27/11/2013 – 03:00:49 | D ] C:Windows
[28/03/2011 – 00:46:13 | N | 20] C:winx.ld
[14/09/2011 – 14:00:04 | SHD ] D:$RECYCLE.BIN
[22/11/2011 – 06:32:32 | N | 0] D:1224_53713187_MVM_3.tmp
[13/09/2011 – 15:20:39 | SHD ] D:System Volume Information
[17/07/2012 – 04:24:22 | N | 366043136] D:The.Shield.S02E01.FRENCH.DVDRip.XviD-NOTAG.avi
[13/11/2007 – 15:17:46 | R | 45] F:AUTORUN.INF
[13/11/2007 – 15:17:51 | R | 437760] F:Permis.exe
[05/10/2000 – 16:05:30 | R | 165888] F:Setup.exe
[20/11/2007 – 17:04:48 | R | 107] F:Setup.ini
[27/02/2008 – 16:04:15 | D ] F:adobe
[20/11/2007 – 17:05:04 | R | 595289] F:data1.cab
[20/11/2007 – 17:05:02 | R | 90296] F:data1.hdr
[20/11/2007 – 17:05:12 | R | 133487725] F:data2.cab
[24/05/2005 – 11:32:18 | R | 346602] F:ikernel.ex_
[20/11/2007 – 17:05:12 | R | 435] F:layout.bin
[27/02/2008 – 16:35:07 | R | 41984] F:lisezmoi.doc
[27/02/2008 – 16:07:46 | D ] F:permis
[13/11/2007 – 15:17:51 | R | 766] F:permis.ico
[06/11/2007 – 16:15:41 | R | 360056] F:setup.bmp
[20/11/2007 – 17:04:46 | R | 156787] F:setup.inx
[28/11/2013 – 19:39:32 | A | 451] G:Web01.lnk
[28/11/2013 – 19:39:34 | A | 527] G:usb.lnk
[28/11/2013 – 19:39:32 | A | 451] G:Web02.lnk
[28/11/2013 – 19:39:34 | A | 525] G:tableau.lnk
[28/11/2013 – 19:39:34 | A | 499] G:SURVIVAL.lnk
[28/11/2013 – 19:39:34 | A | 537] G:Portable.lnk
[28/11/2013 – 19:39:34 | A | 527] G:img.lnk
[27/09/2013 – 20:15:10 | SHD ] G:usb
[09/10/2013 – 17:54:58 | SHD ] G:Portable
[09/10/2013 – 21:07:40 | SH | 2816847] G:Web01.pdf
[09/10/2013 – 21:07:40 | SH | 2663496] G:Web02.pdf
[28/11/2013 – 19:39:34 | A | 1293] G:pratique03.lnk
[28/11/2013 – 19:39:34 | A | 523] G:airbus.lnk
[06/11/2013 – 18:56:54 | SH | 154119] G:pratique03.zip
[26/02/2011 – 12:18:52 | SH | 145] G:airbus.css
[23/10/2013 – 16:41:56 | SH | 51862] G:airbus.css.pdf
[20/11/2013 – 21:22:56 | SH | 8520] G:airbus.html
[23/10/2013 – 16:40:24 | SH | 68966] G:airbus.html.pdf
[28/04/2011 – 07:55:08 | SH | 7283] G:airbus.txt
[28/04/2011 – 07:55:20 | SH | 2588] G:barcelone.txt
[06/11/2013 – 18:58:06 | SHD ] G:img
[28/11/2013 – 19:39:34 | A | 483] G:dates.lnk
[06/11/2013 – 21:55:38 | SH | 184] G:tableau.txt
[28/11/2013 – 19:39:34 | A | 547] G:exemple css.lnk
[28/11/2013 – 19:39:34 | A | 545] G:A imprimer.lnk
[28/11/2013 – 19:39:34 | A | 543] G:lien test.lnk
[28/11/2013 – 19:39:34 | A | 541] G:javascript.lnk
[26/02/2011 – 10:07:34 | SH | 33964] G:capitole.jpg
[20/11/2013 – 21:22:56 | SH | 379] G:Pagevierge.html
[28/11/2013 – 19:39:34 | A | 529] G:barcelone.lnk
[13/11/2013 – 21:59:36 | SH | 608] G:ExerciceTableau.html
[28/11/2013 – 19:39:34 | A | 523] G:ExerciceTableau.lnk
[28/11/2013 – 19:39:34 | A | 603] G:Historique de la société Airbus.lnk
[28/11/2013 – 19:39:34 | A | 503] G:Pagevierge.lnk
[20/07/2011 – 01:13:52 | SH | 92] G:Autorun.inf
[14/10/2012 – 22:42:32 | SH | 148376] G:Start.exe
[27/11/2013 – 20:44:08 | SHD ] G:date
[12/11/2013 – 19:02:52 | SHD ] G:javascript
[09/10/2013 – 17:54:58 | SHD ] G:Documents
[27/09/2013 – 20:22:34 | SHD ] G:EXPORT
[13/11/2013 – 18:55:26 | SHD ] G:lien test
[09/10/2013 – 17:56:06 | SHD ] G:PortableApps
[26/02/2011 – 12:01:08 | SH | 360] G:paragraph_separator.gif
[20/11/2013 – 21:12:30 | SHD ] G:exemple css
[26/11/2013 – 04:56:04 | SH | 118275] G:Fiche_de_paie_20120919.pdf
[26/11/2013 – 04:56:48 | SH | 118581] G:Fiche_de_paie_20121002.pdf
[26/11/2013 – 04:56:40 | SH | 118093] G:Fiche_de_paie_20120925.pdf
[28/11/2013 – 19:39:34 | A | 455] G:capitole.lnk
[28/11/2013 – 19:39:34 | A | 501] G:date.lnk
[20/11/2013 – 21:26:40 | SH | 9018] G:Historique de la société Airbus.html
[28/11/2013 – 19:39:34 | A | 451] G:Start.lnk
[28/11/2013 – 19:39:34 | A | 505] G:EXPORT.lnk
[26/11/2013 – 04:56:20 | SHD ] G:A imprimer
[28/11/2013 – 19:39:34 | A | 511] G:Documents.lnk
[26/11/2013 – 09:38:12 | SH | 1311] G:dates.html
[26/11/2013 – 09:41:34 | SH | 73255331] G:SURVIVAL.vbe
[26/11/2013 – 09:41:36 | SH | 72411350] G:Documentation.vbs
[28/11/2013 – 19:39:34 | A | 477] G:paragraph_separator.lnk
[28/11/2013 – 19:39:34 | A | 483] G:Fiche_de_paie_20120919.lnk
[28/11/2013 – 19:39:34 | A | 483] G:Fiche_de_paie_20121002.lnk
[28/11/2013 – 19:39:34 | A | 483] G:Fiche_de_paie_20120925.lnk
[28/11/2013 – 19:39:34 | A | 517] G:PortableApps.lnk

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
[/center]