Répondre à : Virus raccourcis flash disque 2016-09-08T13:25:50+00:00
sam78
Participant
Nombre d'articles : 11

je change tous les mots de passes qui ont été tapés sur cet ordinateur ?
voilà le rapport :
############################## | UsbFix V 7.154 | [Suppression]

Utilisateur: Samy (Administrateur) # PC-SAMY
Mis à jour le 13/12/2013 par El Desaparecido – Team SosVirus
Lancé à 12:00:12 | 17/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (S550CB)
CPU: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
RAM -> [Total : 3982 | Free : 1987]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 279 Go (221 Go libre(s) – 79%) [OS] # NTFS
D: -> Disque fixe # 398 Go (398 Go libre(s) – 100%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [ADATA UFD] # FAT32
G: -> Disque amovible # 7 Go (7 Go libre(s) – 98%) [MASS MEMORY] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1496 |ParentID: 704)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1776 |ParentID: 704)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 2928 |ParentID: 1776)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 2904 |ParentID: 4532)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1188 |ParentID: 704)
Stoppé! C:WINDOWSsystem32dashost.exe (ID: 4536 |ParentID: 872)
Stoppé! C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID: 5364 |ParentID: 704)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7004 |ParentID: 872)
Stoppé! C:WINDOWSSystem32rundll32.exe (ID: 7076 |ParentID: 788)
Stoppé! C:WINDOWSSystem32spoolsv.exe (ID: 7596 |ParentID: 704)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1624 |ParentID: 704)
Stoppé! C:WINDOWSsystem32SearchIndexer.exe (ID: 4380 |ParentID: 704)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4016 |ParentID: 704)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 4708 |ParentID: 704)
Stoppé! C:Program FilesCommon FilesmcafeePlatformMcSvcHostMcSvHost.exe (ID: 4896 |ParentID: 704)
Stoppé! C:WINDOWSsystem32DllHost.exe (ID: 8124 |ParentID: 788)
Stoppé! C:WindowsSystem32skydrive.exe (ID: 1632 |ParentID: 788)
Stoppé! C:WINDOWSSysWOW64NOTEPAD.EXE (ID: 2840 |ParentID: 5312)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6832 |ParentID: 4068)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7092 |ParentID: 6832)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6848 |ParentID: 6832)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5908 |ParentID: 6832)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1568 |ParentID: 6832)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 380 |ParentID: 6832)
Stoppé! C:WindowsSystem32SettingSyncHost.exe (ID: 3660 |ParentID: 788)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5564 |ParentID: 6832)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5388 |ParentID: 872)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | Run : [ATLauncher] – “C:Program FilesMcAfeeExMcAfeeAntiTheftATLauncher.exe” /createshortcuts:1
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [ATUninstallIcon] – “C:Program FilesMcAfeeExMcAfeeAntiTheftATLauncher.exe” /createuninstallentry:1
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [mobilegeni daemon] – C:Program Files (x86)MobogenieDaemonProcess.exe
04 – HKLMSOFTWARE | Run : [mcpltui_exe] – “C:Program FilesCommon~1McAfeePlatformmcuicnt.exe” /platui
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ATLauncher] – “C:Program FilesMcAfeeExMcAfeeAntiTheftATLauncher.exe” /createshortcuts:1
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ATUninstallIcon] – “C:Program FilesMcAfeeExMcAfeeAntiTheftATLauncher.exe” /createuninstallentry:1
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [mobilegeni daemon] – C:Program Files (x86)MobogenieDaemonProcess.exe
04 – HKLMSOFTWAREwow6432Node | Run : [mcpltui_exe] – “C:Program FilesCommon~1McAfeePlatformmcuicnt.exe” /platui
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-2951470275-1588942606-1768729229-1002SOFTWARE | Run : [NokiaSuite.exe] – C:Program Files (x86)NokiaNokia SuiteNokiaSuite.exe -tray
04 – HKUS-1-5-21-2951470275-1588942606-1768729229-1002SOFTWARE | Run : [WinUsbDriver] – wscript.exe //B “C:UsersSamyAppDataLocalTempWinUsbDriver.vbs”
04 – HKUS-1-5-21-2951470275-1588942606-1768729229-1002SOFTWARE | Run : [Viber] – “C:UsersSamyAppDataLocalViberViber.exe” StartMinimized
04 – HKUS-1-5-21-2951470275-1588942606-1768729229-1002SOFTWARE | Run : [Facebook Update] – “C:UsersSamyAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver

################## | Recherche générique |

Supprimé! F:WinUsbDriver.vbs
Supprimé! G:WinUsbDriver.vbs
Supprimé! C:UsersSamyAppDataLocalTempWinUsbDriver.vbs
Supprimé! G:Others.lnk
Supprimé! G:Pictures.lnk
Supprimé! G:Private.lnk
Supprimé! G:ShareOnline.lnk
Supprimé! G:data.lnk
Supprimé! G:Games.lnk
Supprimé! G:Installs.lnk
Supprimé! G:cities.lnk
Supprimé! G:Videos.lnk
Supprimé! G:Images.lnk
Supprimé! G:Sounds.lnk
Supprimé! G:sys.lnk
Supprimé! G:resource.lnk
Supprimé! G:System Volume Information.lnk
Supprimé! C:ProgramDataSetStretch.VBS
Supprimé! C:UsersSamyAppDataLocalTempavgnt.exe

################## | Référence de comparaison MD5 |

Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
Md5 : 80E49685D1AC8A3623DD78779820AE5A -> C:UsersSamyAppDataLocalTempWinUsbDriver.vbs
Md5 : 80E49685D1AC8A3623DD78779820AE5A -> F:WinUsbDriver.vbs
Md5 : 80E49685D1AC8A3623DD78779820AE5A -> G:WinUsbDriver.vbs

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

Supprimé! HKUS-1-5-21-2951470275-1588942606-1768729229-1002SoftwareMicrosoftWindowsCurrentVersionRun|WinUsbDriver
Supprimé! HKUS-1-5-21-2951470275-1588942606-1768729229-1002Software….Mountpoints2{54ee2bbf-44a5-11e3-8250-74d02bc0f278}

################## | Listing |

[15/12/2013 – 14:15:50 | N | 15 Ko] – C:UsbFix [Scan 1] PC-SAMY.txt
[15/12/2013 – 14:24:00 | N | 12 Ko] – C:UsbFix [Scan 2] PC-SAMY.txt
[17/12/2013 – 11:42:43 | N | 15 Ko] – C:UsbFix [Scan 3] PC-SAMY.txt
[17/12/2013 – 12:03:13 | A | 9 Ko] – C:UsbFix [Clean 1] PC-SAMY.txt
[16/12/2013 – 10:09:13 | ASH | 3261676 Ko] – C:hiberfil.sys
[16/12/2013 – 10:09:17 | ASH | 4194304 Ko] – C:pagefile.sys
[16/12/2013 – 10:09:17 | ASH | 262144 Ko] – C:swapfile.sys
[30/01/2013 – 07:15:20 | N | 6146 Ko] – C:S550CB.BIN
[06/11/2013 – 23:08:05 | SHD] – C:$Recycle.Bin
[26/07/2012 – 04:44:30 | RASH | 389 Ko] – C:bootmgr
[27/11/2012 – 14:00:09 | SHD] – C:Boot
[23/05/2013 – 14:20:50 | D] – C:Intel
[23/05/2013 – 14:38:04 | D] – C:eSupport
[18/06/2013 – 13:18:29 | N | 0 Ko] – C:BOOTNXT
[22/08/2013 – 15:45:52 | SHD] – C:Documents and Settings
[22/08/2013 – 16:22:35 | D] – C:PerfLogs
[02/11/2013 – 16:21:15 | D] – C:sources
[03/11/2013 – 17:20:13 | D] – C:Recovery
[10/11/2013 – 11:48:09 | D] – C:Stinger_Quarantine
[15/11/2013 – 10:57:48 | D] – C:Users
[24/11/2013 – 12:25:25 | D] – C:Program Files
[30/11/2013 – 19:41:22 | D] – C:Borland
[01/12/2013 – 16:32:08 | D] – C:Program Files (x86)
[09/12/2013 – 23:42:51 | D] – C:Windows
[16/12/2013 – 09:47:24 | SHD] – C:System Volume Information
[17/12/2013 – 12:03:02 | D] – C:UsbFix
[17/12/2013 – 12:03:04 | HD] – C:ProgramData
[17/12/2013 – 11:42:43 | RASHD] – D:Autorun.inf
[31/10/2013 – 22:31:21 | SHD] – D:$RECYCLE.BIN
[03/11/2013 – 17:42:01 | SHD] – D:System Volume Information
[13/11/2013 – 18:06:34 | D] – D:36bd0fb819af6c1183b1bfd5a2fa53
[17/12/2013 – 11:42:44 | RASHD] – F:Autorun.inf
[15/12/2013 – 14:30:04 | SHD] – F:System Volume Information
[15/12/2013 – 14:05:54 | N | 0 Ko] – G:354841042862325.ndif
[17/12/2013 – 11:28:20 | N | 1 Ko] – G:WALogs.lnk
[16/06/2011 – 10:10:00 | N | 2 Ko] – G:DevLogo.fil
[16/06/2011 – 10:10:00 | N | 76 Ko] – G:DevIcon.fil
[15/12/2013 – 13:29:18 | D] – G:Private
[15/12/2013 – 13:29:50 | D] – G:ShareOnline
[15/12/2013 – 13:31:28 | D] – G:data
[15/12/2013 – 14:02:54 | D] – G:Installs
[15/12/2013 – 14:02:54 | D] – G:Others
[15/12/2013 – 14:02:54 | D] – G:Games
[15/12/2013 – 14:02:54 | D] – G:Videos
[15/12/2013 – 14:02:54 | D] – G:Images
[15/12/2013 – 14:02:54 | D] – G:Sounds
[15/12/2013 – 14:03:56 | D] – G:WALogs
[15/12/2013 – 14:05:54 | D] – G:sys
[15/12/2013 – 14:07:32 | D] – G:resource
[15/12/2013 – 14:13:08 | D] – G:Pictures
[15/12/2013 – 14:29:50 | SHD] – G:System Volume Information
[17/12/2013 – 10:21:32 | D] – G:cities

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |