Répondre à : Fichiers USB transformés en Raccourci 2016-09-08T13:33:53+00:00
Photo du profil de Oreki2014Oreki2014
Participant
Nombre d'articles : 7

C’est bon j’ai fait l’analyse “supprimer” et voici le rapport:

Par contre je n’arrive pas avec l’autre site??

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Dell (Administrateur) # DELL-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 11:49:06 | 11/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0MR506)
CPU: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
RAM -> [Total : 3536 Mo| Free : 2389 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes’ Anti-Malware : 1.75.0001

C: (%systemdrive%) -> Disque fixe # 149 Go (114 Go libre(s) – 76%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 58 Go (34 Go libre(s) – 58%) [Lexar] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 352 |ParentID: 336)
C:Windowssystem32wininit.exe (ID: 404 |ParentID: 336)
C:Windowssystem32csrss.exe (ID: 416 |ParentID: 396)
C:Windowssystem32services.exe (ID: 460 |ParentID: 404)
C:Windowssystem32lsass.exe (ID: 476 |ParentID: 404)
C:Windowssystem32lsm.exe (ID: 484 |ParentID: 404)
C:Windowssystem32svchost.exe (ID: 596 |ParentID: 460)
C:Windowssystem32winlogon.exe (ID: 664 |ParentID: 396)
C:Windowssystem32svchost.exe (ID: 728 |ParentID: 460)
C:WindowsSystem32svchost.exe (ID: 792 |ParentID: 460)
C:WindowsSystem32svchost.exe (ID: 832 |ParentID: 460)
C:Windowssystem32svchost.exe (ID: 868 |ParentID: 460)
C:Windowssystem32svchost.exe (ID: 900 |ParentID: 460)
C:Windowssystem32svchost.exe (ID: 1180 |ParentID: 460)
C:Windowssystem32Dwm.exe (ID: 1400 |ParentID: 832)
C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 1612 |ParentID: 1432)
C:WindowsSystem32spoolsv.exe (ID: 876 |ParentID: 460)
C:Windowssystem32svchost.exe (ID: 1424 |ParentID: 460)
C:Windowssystem32svchost.exe (ID: 1348 |ParentID: 460)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1968 |ParentID: 460)
C:Program FilesGLArab.comProxyhttp_proxy.exe (ID: 1812 |ParentID: 460)
C:Program FilesCDBurnerXPNMSAccessU.exe (ID: 1500 |ParentID: 460)
C:Windowssystem32SearchIndexer.exe (ID: 2228 |ParentID: 460)
C:WindowsSystem32svchost.exe (ID: 2928 |ParentID: 460)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3164 |ParentID: 460)
C:WindowsSystem32svchost.exe (ID: 2108 |ParentID: 460)
C:Windowsexplorer.exe (ID: 4840 |ParentID: 3364)
C:Windowssystem32DllHost.exe (ID: 3636 |ParentID: 596)
C:Program FilesInternet Exploreriexplore.exe (ID: 5836 |ParentID: 4840)
C:Program FilesInternet Exploreriexplore.exe (ID: 5492 |ParentID: 5836)
C:WindowsSystem32WUDFHost.exe (ID: 5752 |ParentID: 832)
C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 2040 |ParentID: 596)
C:Windowssystem32NOTEPAD.EXE (ID: 5652 |ParentID: 4968)
C:Program FilesInternet Exploreriexplore.exe (ID: 1536 |ParentID: 5836)
C:WindowsSystem32WUDFHost.exe (ID: 4236 |ParentID: 832)
C:Windowssystem32SearchProtocolHost.exe (ID: 5328 |ParentID: 2228)
C:Windowssystem32SearchFilterHost.exe (ID: 4460 |ParentID: 2228)
C:Windowssystem32DllHost.exe (ID: 4864 |ParentID: 596)
C:Windowssystem32wbemwmiprvse.exe (ID: 3548 |ParentID: 596)

################## | Recherche générique |

Supprimé! E:iTunesHelper.vbe
Supprimé! E:buda_vfs.lnk
Supprimé! E:arwa.lnk
Supprimé! E:.lnk
Supprimé! E:Word Work File L_1.lnk
Supprimé! E:Présentation1.lnk
Supprimé! E:fivete.lnk
Supprimé! E:Le cris.lnk
Supprimé! E:Fivete ou fécondation in vitro et transfert d’embryon.lnk
Supprimé! E:SecureII.lnk
Supprimé! E:arwa-mido.lnk
Supprimé! E:.Spotlight-V100.lnk
Supprimé! E:Camera.lnk
Supprimé! E:screenshots.lnk
Supprimé! E:.Trashes.lnk
Supprimé! E:vocal.lnk
Supprimé! E:SketchGuru.lnk
Supprimé! E:Sounds.lnk
Supprimé! E:Bluetooth.lnk
Supprimé! E:Cymera.lnk
Supprimé! E:data.lnk
Supprimé! E:Download.lnk
Supprimé! E:Movies.lnk
Supprimé! E:Nouveau dossier.lnk
Supprimé! E:Output.lnk
Supprimé! E:Pictures.lnk
Supprimé! E:Playlists.lnk
Supprimé! E:Podcasts.lnk
Supprimé! E:Ringtones.lnk
Supprimé! E:Samsung.lnk
Supprimé! E:samsungapps.lnk
Supprimé! E:Scoreloop.lnk
Supprimé! E:ShareShot.lnk
Supprimé! E:Skai.lnk
Supprimé! E:viber.lnk
Supprimé! E:WaluuImagesCache.lnk
Supprimé! E:wdh_update.lnk
Supprimé! E:XBound.lnk
Supprimé! E:Saved Email.lnk
Supprimé! E:Android.lnk
Supprimé! E:Application.lnk
Supprimé! E:.TemporaryItems.lnk
Supprimé! E:System Volume Information.lnk
Supprimé! E:Unforgettable.lnk
Supprimé! E:TPE.lnk
Supprimé! E:~$fivete.lnk
Supprimé! E:DATAFILES

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [chromium] C:UsersDellAppDataLocalGoogleChromeApplicationchrome.exe –no-startup-window
04 – HKCU..Run : [Yahoo Messsenger] C:UsersDellAppDataRoamingsupportsvchost.exe
04 – HKLM..Run : [avast5] “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [GrooveMonitor] “C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-384951173-118408949-2198825065-1000..Run : [chromium] C:UsersDellAppDataLocalGoogleChromeApplicationchrome.exe –no-startup-window
04 – HKUS-1-5-21-384951173-118408949-2198825065-1000..Run : [Yahoo Messsenger] C:UsersDellAppDataRoamingsupportsvchost.exe
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[18/04/2013 – 16:14:57 | SHD] – C:$Recycle.Bin
[10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
[10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
[14/07/2009 – 06:53:55 | SHD] – C:Documents and Settings
[19/04/2013 – 02:04:52 | D] – C:Drivers
[11/04/2014 – 00:53:29 | ASH | 2715584 Ko] – C:hiberfil.sys
[19/04/2013 – 02:04:52 | D] – C:Hotfix
[20/05/2013 – 11:10:52 | RHD] – C:MSOCache
[11/04/2014 – 00:53:32 | ASH | 3620780 Ko] – C:pagefile.sys
[14/07/2009 – 04:37:05 | D] – C:PerfLogs
[06/04/2014 – 08:55:30 | D] – C:Program Files
[11/12/2013 – 21:43:43 | HD] – C:ProgramData
[18/04/2013 – 16:14:36 | SHD] – C:Recovery
[08/04/2014 – 18:23:09 | SHD] – C:System Volume Information
[11/04/2014 – 10:08:48 | D] – C:UsbFix
[11/04/2014 – 01:20:15 | N | 6 Ko | 9233949A1DFCF61D27A8100FD42A274D] – C:UsbFix [Clean 10] DELL-PC.txt
[11/04/2014 – 01:22:42 | N | 7 Ko | F65BEBE511013E89C03A59B75E1C3BFD] – C:UsbFix [Clean 12] DELL-PC.txt
[11/04/2014 – 01:27:31 | N | 7 Ko | 17414CC6BC135FC5F219ABCA0816C655] – C:UsbFix [Clean 14] DELL-PC.txt
[11/04/2014 – 01:34:54 | N | 7 Ko | 1CE19D219AE9DDA7951489B82F345CA3] – C:UsbFix [Clean 16] DELL-PC.txt
[11/04/2014 – 09:14:02 | N | 7 Ko | F8B1AD685CC55729B0C5A15F307F3270] – C:UsbFix [Clean 18] DELL-PC.txt
[11/04/2014 – 11:50:27 | A | 8 Ko | 3F24FBB29B801413F8B0F66DE24CFE24] – C:UsbFix [Clean 20] DELL-PC.txt
[11/04/2014 – 00:49:24 | N | 6 Ko | BCD33C0C36B51A933EF7CAFDDAC5CF5C] – C:UsbFix [Clean 2] DELL-PC.txt
[11/04/2014 – 00:52:22 | N | 3 Ko | 35DAC92230BC099DD5CD791583360AC0] – C:UsbFix [Clean 4] DELL-PC.txt
[11/04/2014 – 01:12:57 | N | 7 Ko | 940A358F3B801ECD11BEB2E83E697DDA] – C:UsbFix [Clean 6] DELL-PC.txt
[11/04/2014 – 01:15:51 | N | 6 Ko | 72C859B161B13B444DCD0EFAD5B43EE6] – C:UsbFix [Clean 8] DELL-PC.txt
[11/04/2014 – 10:14:04 | N | 6 Ko | BB494EC9033BA1BACD8891E054FE6CA9] – C:UsbFix [Scan 1] DELL-PC.txt
[18/04/2013 – 16:14:45 | D] – C:Users
[05/03/2014 – 13:31:34 | D] – C:Windows
[22/04/2013 – 13:33:16 | D] – E:SecureII
[22/12/2013 – 13:24:06 | D] – E:arwa-mido
[17/12/2013 – 22:29:02 | SHD] – E:.Spotlight-V100
[22/12/2013 – 12:19:04 | N | 705920 Ko] – E:buda_vfs.img
[04/02/2014 – 20:55:46 | N | 838 Ko] – E:arwa.odp.cpgz
[11/11/2013 – 20:08:06 | D] – E:Photo?
[01/04/2014 – 22:27:04 | N | 4 Ko] – E:._le cri.rtf
[03/04/2014 – 22:40:10 | N | 4 Ko] – E:._arwa..cpgz
[03/04/2014 – 22:39:38 | N | 838 Ko] – E:arwa..cpgz
[03/04/2014 – 22:40:48 | N | 4 Ko] – E:._Présentation1.pptx
[02/04/2014 – 15:43:50 | N | 18 Ko] – E:Word Work File L_1.tmp
[03/04/2014 – 22:40:44 | N | 213 Ko] – E:Présentation1.pptx
[03/04/2014 – 22:47:56 | N | 4 Ko] – E:._Le cris.docx
[10/04/2014 – 23:51:06 | N | 5 Ko] – E:._arwa-mido.lnk
[03/04/2014 – 22:47:56 | N | 22 Ko] – E:Le cris.docx
[08/04/2014 – 21:32:40 | N | 4 Ko] – E:._fivete.pptx
[06/04/2014 – 19:19:40 | N | 137 Ko] – E:Fivete ou fécondation in vitro et transfert d’embryon.docx
[08/04/2014 – 21:32:44 | N | 4 Ko] – E:._Fivete ou fécondation in vitro et transfert d’embryon.docx
[02/10/2013 – 23:13:18 | D] – E:Camera
[14/12/2013 – 11:03:20 | SH | 4 Ko] – E:._.Trashes
[05/10/2013 – 13:44:48 | D] – E:screenshots
[14/12/2013 – 11:03:20 | SHD] – E:.Trashes
[05/10/2013 – 13:49:04 | D] – E:vocal
[14/12/2013 – 11:12:26 | SH | 0 Ko] – E:.apdisk
[05/10/2013 – 14:45:44 | D] – E:SketchGuru
[05/10/2013 – 14:45:44 | D] – E:Sounds
[11/11/2013 – 16:50:32 | D] – E:Bluetooth
[11/11/2013 – 16:50:32 | D] – E:Cymera
[11/11/2013 – 16:50:32 | D] – E:data
[11/11/2013 – 19:08:42 | D] – E:Download
[11/11/2013 – 19:08:48 | D] – E:Movies
[11/11/2013 – 19:08:48 | D] – E:Nouveau dossier
[11/11/2013 – 20:08:06 | D] – E:Output
[11/11/2013 – 20:08:06 | D] – E:Pictures
[11/11/2013 – 20:08:42 | D] – E:Playlists
[11/11/2013 – 20:08:44 | D] – E:Podcasts
[11/11/2013 – 20:08:44 | D] – E:Ringtones
[11/11/2013 – 20:08:44 | D] – E:Samsung
[11/11/2013 – 20:08:44 | D] – E:samsungapps
[11/11/2013 – 20:08:44 | D] – E:Scoreloop
[11/11/2013 – 20:08:44 | D] – E:ShareShot
[11/11/2013 – 20:08:44 | D] – E:Skai
[11/11/2013 – 20:09:48 | D] – E:viber
[11/11/2013 – 20:10:38 | D] – E:WaluuImagesCache
[11/11/2013 – 20:10:38 | D] – E:wdh_update
[11/11/2013 – 20:10:38 | D] – E:XBound
[11/11/2013 – 20:11:32 | D] – E:Saved Email
[11/11/2013 – 20:11:32 | D] – E:Android
[11/11/2013 – 20:21:48 | D] – E:Application
[14/12/2013 – 11:12:22 | SHD] – E:.TemporaryItems
[14/12/2013 – 11:12:24 | SH | 4 Ko] – E:._.TemporaryItems
[14/12/2013 – 11:12:26 | SH | 4 Ko] – E:._.apdisk
[14/12/2013 – 16:36:52 | SHD] – E:System Volume Information
[14/12/2013 – 17:43:52 | D] – E:Unforgettable
[14/12/2013 – 17:53:50 | D] – E:TPE
[25/01/2014 – 23:10:16 | N | 875 Ko] – E:arwa.odp
[26/01/2014 – 10:52:16 | N | 0 Ko] – E:.~lock.arwa.odp#
[09/04/2014 – 10:29:30 | N | 2200 Ko] – E:fivete.pptx

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |