Répondre à : Noms de dossiers et fichiers transformés en raccourcis 2016-09-08T13:34:16+00:00
Greta_1
Participant
Post count: 8

re,

voici le rapport ci-dessous.
Cordialement.
Mohamed

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: PICASSO (Administrateur) # PICASSO13
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 12:05:15 | 14/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: FUJITSU (D3041-A1)
CPU: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
RAM -> [Total : 1920 Mo| Free : 719 Mo]
Bios: FUJITSU // Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521
WB: Mozilla Firefox : 7.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes’ Anti-Malware : 1.75.0001

C: -> Disque fixe # 50 Go (24 Go libre(s) – 48%) [System] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 414 Go (398 Go libre(s) – 96%) [Data] # NTFS
F: -> Disque amovible # 958 Mo (872 Mo libre(s) – 91%) [GESTION] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 432 |ParentID: 352)
C:Windowssystem32wininit.exe (ID: 484 |ParentID: 352)
C:Windowssystem32csrss.exe (ID: 496 |ParentID: 476)
C:Windowssystem32services.exe (ID: 540 |ParentID: 484)
C:Windowssystem32winlogon.exe (ID: 572 |ParentID: 476)
C:Windowssystem32lsass.exe (ID: 600 |ParentID: 484)
C:Windowssystem32lsm.exe (ID: 612 |ParentID: 484)
C:Windowssystem32svchost.exe (ID: 712 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 792 |ParentID: 540)
C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 856 |ParentID: 540)
C:WindowsSystem32svchost.exe (ID: 980 |ParentID: 540)
C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1040 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1072 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1248 |ParentID: 540)
C:WindowsSystem32spoolsv.exe (ID: 1368 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1396 |ParentID: 540)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1504 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1532 |ParentID: 540)
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe (ID: 1604 |ParentID: 540)
C:WindowsSystem32svchost.exe (ID: 1656 |ParentID: 540)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1824 |ParentID: 540)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1900 |ParentID: 1824)
C:Windowssystem32SearchIndexer.exe (ID: 2884 |ParentID: 540)
C:Windowssystem32taskhost.exe (ID: 3576 |ParentID: 540)
C:Windowssystem32Dwm.exe (ID: 3404 |ParentID: 1012)
C:WindowsExplorer.EXE (ID: 3248 |ParentID: 3596)
C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 3872 |ParentID: 3248)
C:FujitsuProgramsDeskupdateDeskUpdateNotifier.exe (ID: 3932 |ParentID: 3248)
C:WindowsSystem32igfxtray.exe (ID: 3924 |ParentID: 3248)
C:WindowsSystem32hkcmd.exe (ID: 3956 |ParentID: 3248)
C:WindowsSystem32igfxpers.exe (ID: 4012 |ParentID: 3248)
C:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 3996 |ParentID: 540)
C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3940 |ParentID: 3248)
C:WindowsSystem32wscript.exe (ID: 888 |ParentID: 3248)
C:Windowssystem32wbemwmiprvse.exe (ID: 252 |ParentID: 712)
C:WindowsSystem32WUDFHost.exe (ID: 204 |ParentID: 1012)
C:Program FilesMozilla Firefoxfirefox.exe (ID: 2364 |ParentID: 3248)
C:Program FilesInternet Exploreriexplore.exe (ID: 1172 |ParentID: 3248)
C:Program FilesInternet Exploreriexplore.exe (ID: 2456 |ParentID: 1172)
C:Windowssystem32svchost.exe (ID: 2052 |ParentID: 540)
C:Windowssystem32MacromedFlashFlashUtil11c_ActiveX.exe (ID: 3500 |ParentID: 712)
C:Program FilesInternet Exploreriexplore.exe (ID: 3320 |ParentID: 1172)
C:Windowsexplorer.exe (ID: 1588 |ParentID: 712)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 1632 |ParentID: 2364)
C:Windowsnotepad.exe (ID: 920 |ParentID: 1240)
C:Windowssystem32NOTEPAD.EXE (ID: 448 |ParentID: 4088)
C:Windowssystem32SearchProtocolHost.exe (ID: 3432 |ParentID: 2884)
C:Windowssystem32SearchFilterHost.exe (ID: 2564 |ParentID: 2884)
C:Windowssystem32DllHost.exe (ID: 924 |ParentID: 712)

################## | Recherche générique |

Supprimé! F:flashmemory.vbe
Non supprimé ! F:kno.lnk
Supprimé! C:Usersgreta01AppDataLocalTempflashmemory.vbe
Supprimé! C:Usersgreta01AppDataRoamingMicrosoftWindowsStart MenuProgramsstartupflashmemory.vbe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3794041088-267600481-4042947410-1001Software….Mountpoints2{0af8990f-74f2-11e2-a116-001999b21d5c}
Supprimé! HKUS-1-5-21-3794041088-267600481-4042947410-1001Software….Mountpoints2{368ae744-e3b3-11e2-9794-001999b21d5c}
Supprimé! HKUS-1-5-21-3794041088-267600481-4042947410-1001Software….Mountpoints2{b840d600-7ff5-11e2-8d02-001999b21d5c}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Google Update] “C:UsersPICASSOAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLM..Run : [DeskUpdateNotifier] “c:FujitsuProgramsDeskUpdateDeskUpdateNotifier.exe”
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [BCSSync] “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLM..Run : [MSC] “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKLM..RunOnce : [Malwarebytes Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
04 – HKLM..RunOnce : []
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3794041088-267600481-4042947410-1000..Run : [Google Update] “C:UsersPICASSOAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3794041088-267600481-4042947410-1001..Run : [Google Update] “C:Usersgreta01AppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3794041088-267600481-4042947410-1001..Run : [flashmemory] wscript.exe //B “C:Usersgreta01AppDataLocalTempflashmemory.vbe”
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[20/10/2011 – 07:26:31 | SHD] – C:$Recycle.Bin
[10/02/2014 – 15:53:06 | D] – C:AdwCleaner
[10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
[11/02/2011 – 15:21:22 | SHD] – C:Boot
[20/11/2010 – 23:29:06 | RASH | 375 Ko] – C:bootmgr
[11/02/2011 – 15:21:23 | RASH | 8 Ko] – C:BOOTSECT.BAK
[28/06/2013 – 13:38:10 | D] – C:CLE
[02/10/2012 – 19:15:30 | D] – C:COACH ADULTES Ecoute
[02/10/2012 – 19:22:46 | D] – C:COACH ADULTES Mots
[02/10/2012 – 19:28:02 | D] – C:COACH ADULTES Pratique
[02/10/2012 – 19:41:21 | D] – C:COACH ADULTES Sens
[02/10/2012 – 19:25:28 | D] – C:COACH ADULTES Textes
[04/04/2014 – 12:35:57 | D] – C:Config.Msi
[10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
[14/07/2009 – 06:53:55 | SHD] – C:Documents and Settings
[21/10/2011 – 08:25:49 | D] – C:Fujitsu
[14/04/2014 – 08:49:23 | ASH | 1474260 Ko] – C:hiberfil.sys
[19/10/2011 – 22:25:06 | D] – C:Intel
[25/09/2012 – 18:50:54 | RASH | 0 Ko] – C:IO.SYS
[14/09/2011 – 19:54:22 | N | 2 Ko | AA92D08E84035930A853F4BBA194D4E2] – C:Lang.txt
[20/10/2011 – 07:48:24 | N | 4 Ko] – C:logo.jpg
[20/10/2011 – 07:38:56 | N | 30 Ko] – C:logogretaouestvaldoise.png
[25/09/2012 – 18:50:54 | RASH | 0 Ko] – C:MSDOS.SYS
[19/10/2011 – 17:13:43 | RHD] – C:MSOCache
[14/04/2014 – 11:46:27 | ASH | 1218560 Ko] – C:pagefile.sys
[27/03/2014 – 15:40:21 | D] – C:Program Files
[10/02/2014 – 16:49:13 | HD] – C:ProgramData
[12/02/2011 – 00:28:46 | SHD] – C:Recovery
[14/04/2014 – 09:44:46 | D] – C:System Volume Information
[14/04/2014 – 12:05:05 | D] – C:UsbFix
[14/04/2014 – 12:07:15 | A | 9 Ko | BA2535DAF6465BF832B923778553870B] – C:UsbFix [Clean 2] PICASSO13.txt
[14/04/2014 – 11:05:13 | N | 6 Ko | 6A419897B9EB37F7E269C1F99C3F8BFE] – C:UsbFix [Listing 1] PICASSO13.txt
[14/04/2014 – 11:03:38 | N | 7 Ko | AAD583619FB33504347FFD6EA248A9DE] – C:UsbFix [Scan 1] PICASSO13.txt
[14/04/2014 – 11:08:36 | N | 7 Ko | 1B9E421E4909BF9BF4C0E1C9EC04E6E4] – C:UsbFix [Scan 2] PICASSO13.txt
[20/10/2011 – 07:26:24 | D] – C:Users
[14/04/2014 – 09:47:02 | D] – C:Windows
[20/10/2011 – 07:39:16 | N | 2 Ko] – C:x.gif
[20/10/2011 – 07:26:31 | SHD] – E:$RECYCLE.BIN
[09/11/2011 – 13:41:57 | D] – E:13
[28/03/2013 – 13:34:20 | D] – E:44352292952f34546aca72f77f
[27/02/2014 – 17:08:37 | D] – E:7e63eedc48321eb9254ab0952809ee
[09/11/2011 – 13:51:26 | N | 7906302 Ko] – E:clonezilla-live-13.iso
[19/10/2011 – 17:15:34 | D] – E:IDE
[09/11/2011 – 13:01:55 | D] – E:PICASSO-13
[19/10/2011 – 14:54:36 | D] – E:PICASSO13
[19/10/2011 – 13:55:00 | SHD] – E:System Volume Information
[26/06/2013 – 09:16:20 | H | 0 Ko] – F:AUTORUN.INF
[14/04/2014 – 12:05:20 | N | 2 Ko] – F:kno.lnk
[26/06/2013 – 09:17:32 | N | 46 Ko] – F:kno.note de service.doc
[14/04/2014 – 12:05:20 | N | 2 Ko] – F:ecrits prof exter.lnk
[14/04/2014 – 12:05:20 | N | 2 Ko] – F:la biscui jabbart.lnk
[14/04/2014 – 12:05:20 | N | 2 Ko] – F:calcul.lnk
[14/04/2014 – 12:05:20 | N | 2 Ko] – F:Transport René Cassin.lnk
[14/04/2014 – 12:05:20 | N | 2 Ko] – F:dossier salaire.lnk
[14/04/2014 – 12:05:22 | N | 2 Ko] – F:CA REPRESENTANTS.lnk
[14/04/2014 – 12:05:22 | N | 2 Ko] – F:Le rapport NORD TRANSPORT STOCKAGE2.lnk
[14/04/2014 – 12:05:22 | N | 2 Ko] – F:Le rapport NORD TRANSPORT STOCKAGE.lnk
[14/04/2014 – 12:05:22 | N | 2 Ko] – F:curriculum vitae.lnk
[14/04/2014 – 12:05:22 | N | 2 Ko] – F:lm geodis.lnk
[14/04/2014 – 12:05:22 | N | 2 Ko] – F:lm heppner.lnk
[14/04/2014 – 12:05:22 | N | 1 Ko] – F:UsbFix(1).lnk
[14/04/2014 – 12:05:22 | N | 1 Ko] – F:Stage.lnk
[26/06/2013 – 14:29:30 | N | 92 Ko] – F:ecrits prof exter.docx
[26/06/2013 – 14:54:24 | N | 13 Ko] – F:la biscui jabbart.docx
[26/06/2013 – 16:16:22 | N | 11 Ko] – F:calcul.xlsx
[26/06/2013 – 16:25:36 | N | 36 Ko] – F:Transport René Cassin.docx
[10/07/2013 – 11:41:48 | N | 10 Ko] – F:dossier salaire.xlsx
[10/07/2013 – 12:17:28 | N | 12 Ko] – F:CA REPRESENTANTS.xlsx
[11/07/2013 – 02:23:58 | N | 16 Ko] – F:Le rapport NORD TRANSPORT STOCKAGE2.docx
[11/07/2013 – 02:24:06 | N | 21 Ko] – F:Le rapport NORD TRANSPORT STOCKAGE.docx
[30/08/2013 – 16:01:32 | N | 28 Ko] – F:curriculum vitae.doc
[05/09/2013 – 00:12:46 | N | 15 Ko] – F:lm geodis.docx
[22/09/2013 – 22:14:02 | N | 15 Ko] – F:lm heppner.docx
[20/01/2014 – 16:16:22 | D] – F:Stage
[14/04/2014 – 09:32:54 | N | 2937 Ko | 3B22B0C4A164F0708FAE55C6706D25E5] – F:UsbFix(1).exe

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |