Répondre à : Fichiers clé USB transformés en raccourcis 2016-09-08T13:26:16+00:00
buyleb
Participant
Post count: 7

Voici le rapport USBfix :

############################## | UsbFix V 7.155 | [Suppression]

Utilisateur: Home (Administrateur) # HOME-PC
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 15:05:38 | 20/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0HX340)
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
RAM -> [Total : 3006 | Free : 1931]
Bios: Dell Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 74 Go (17 Go libre(s) – 23%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 15 Go (6 Go libre(s) – 39%) [KINGSTON] # FAT32

################## | Processus Stoppés |

Stoppé! C:WindowsExplorer.EXE (ID: 1272 |ParentID: 1264)
Stoppé! C:Windowssystem32ctfmon.exe (ID: 1392 |ParentID: 1272)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1616 |ParentID: 592)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [SDTray] – “C:Program FilesSpybot – Search & Destroy 2SDTray.exe”
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [GrooveMonitor] – “C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3101705759-114467594-3007676699-1001SOFTWARE | Run : [TomTomHOME.exe] – “C:Program FilesTomTom HOME 2TomTomHOMERunner.exe”
04 – HKUS-1-5-21-3101705759-114467594-3007676699-1001SOFTWARE | Run : [] –
04 – HKUS-1-5-21-3101705759-114467594-3007676699-1001SOFTWARE | Run : [NokiaSuite.exe] – C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
04 – HKUS-1-5-21-3101705759-114467594-3007676699-1001SOFTWARE | Run : [flashmemory] – wscript.exe //B “C:UsersHomeAppDataLocalTempflashmemory.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersHomeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupflashmemory.vbe
Supprimé! C:UsersHomeAppDataLocalTempflashmemory.vbe
Supprimé! E:flashmemory.vbe
Supprimé! E:A faire.lnk
Supprimé! E:Guindailles.lnk
Supprimé! E:Autres.lnk
Supprimé! E:Cercle ENCBW.lnk
Supprimé! E:UCL.lnk
Supprimé! E:Favoris.lnk
Supprimé! E:Maison du Tourisme du Pays de Charleroi.lnk
Supprimé! E:MR.lnk
Supprimé! E:Mes Programmes.lnk
Supprimé! E:A imprimer.lnk
Supprimé! E:Travail de séminaire de questions politiques, administratives.lnk

(!) Fichiers temporaires supprimés. (18 Ko)

################## | Référence de comparaison MD5 |

Md5 : 7B386C21FC5695E8BEE036494CCD4DDF -> C:UsersHomeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupflashmemory.vbe
Md5 : 7B386C21FC5695E8BEE036494CCD4DDF -> C:UsersHomeAppDataLocalTempflashmemory.vbe
Md5 : B974762ACAA9EC6AC426DD56E21818BE -> E:flashmemory.vbe

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

Supprimé! HKUS-1-5-21-3101705759-114467594-3007676699-1001SoftwareMicrosoftWindowsCurrentVersionRun|flashmemory

################## | Listing |

[20/12/2013 – 15:08:44 | A | 4 Ko] – C:UsbFix [Clean 1] HOME-PC.txt
[10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
[20/12/2013 – 15:04:30 | ASH | 2308548 Ko] – C:hiberfil.sys
[20/12/2013 – 15:04:31 | ASH | 3078068 Ko] – C:pagefile.sys
[15/12/2013 – 03:04:02 | D] – C:Config.Msi
[05/06/2013 – 15:50:10 | SHD] – C:$Recycle.Bin
[10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
[14/07/2009 – 03:37:05 | D] – C:PerfLogs
[14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
[05/06/2013 – 15:49:54 | SHD] – C:Recovery
[05/06/2013 – 16:27:58 | D] – C:Users
[19/06/2013 – 17:50:23 | RHD] – C:MSOCache
[19/06/2013 – 17:52:03 | D] – C:IDE
[18/12/2013 – 13:17:07 | SHD] – C:System Volume Information
[20/12/2013 – 13:52:58 | D] – C:Program Files
[20/12/2013 – 13:53:02 | HD] – C:ProgramData
[20/12/2013 – 14:20:47 | D] – C:AdwCleaner
[20/12/2013 – 15:04:31 | D] – C:Windows
[20/12/2013 – 15:08:37 | D] – C:UsbFix
[20/12/2013 – 12:47:48 | N | 163 Ko] – E:Travail de séminaire de questions politiques, administratives.pptx
[19/12/2013 – 12:07:48 | N | 13 Ko] – E:A faire.docx
[19/12/2013 – 10:00:14 | D] – E:Autres
[19/12/2013 – 10:02:04 | D] – E:Guindailles
[19/12/2013 – 10:42:40 | D] – E:Maison du Tourisme du Pays de Charleroi
[19/12/2013 – 10:44:58 | D] – E:Mes Programmes
[19/12/2013 – 10:45:38 | D] – E:MR
[19/12/2013 – 10:52:38 | D] – E:Favoris
[19/12/2013 – 10:55:12 | D] – E:Cercle ENCBW
[19/12/2013 – 10:59:34 | D] – E:UCL
[19/12/2013 – 19:06:50 | D] – E:A imprimer

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |