USB virus that turns folders into shortcuts
Solved
lau_430
-
major -
major -
Good evening,
2-3 weeks ago I printed some documents from my USB stick at a copy center. Since then, the folders on my USB stick have moved to a folder on my computer (I don’t know where) accessible from a shortcut (which I did not create myself) on my USB stick... Basically, I can no longer access these folders on any computer other than mine... After reading some forums, I think it’s a virus, but the answers I found are all over a year old, so I’m not sure if it’s still the same virus...
Also, I borrowed my roommate's USB stick, and now it does the same thing on hers, so I guess the virus is now on my computer :'(
Can someone help me? :D
2-3 weeks ago I printed some documents from my USB stick at a copy center. Since then, the folders on my USB stick have moved to a folder on my computer (I don’t know where) accessible from a shortcut (which I did not create myself) on my USB stick... Basically, I can no longer access these folders on any computer other than mine... After reading some forums, I think it’s a virus, but the answers I found are all over a year old, so I’m not sure if it’s still the same virus...
Also, I borrowed my roommate's USB stick, and now it does the same thing on hers, so I guess the virus is now on my computer :'(
Can someone help me? :D
16 réponses
Hello,
▶ Download USBFIX
▶ Connect all your external data sources to your PC (USB key, external hard drive, etc...) without opening them.
▶ Double-click on UsbFix.exe.
▶ Click on delete
▶ Let the tool work.
▶ At the end of the scan, a report will be displayed, post it in your next reply on the forum.
▶ The report is also saved at the root of the system drive (C:\UsbFix.txt).
See you later
--
.::. Security Contributor .::.
▶ Download USBFIX
▶ Connect all your external data sources to your PC (USB key, external hard drive, etc...) without opening them.
▶ Double-click on UsbFix.exe.
▶ Click on delete
▶ Let the tool work.
▶ At the end of the scan, a report will be displayed, post it in your next reply on the forum.
▶ The report is also saved at the root of the system drive (C:\UsbFix.txt).
See you later
--
.::. Security Contributor .::.
Avast 4?! Is this a joke? We're at version 8 of Avast! Uninstall it!
▶ Download here: AdwCleaner (by Xplode)
▶ Run it
▶ Click on Remove and wait for the cleaning process.
▶ Post the content of the report you will find on your hard drive c:\ADwcleaner[Sx].txt or its content if it opens.
--
.::. Security Contributor .::.
▶ Download here: AdwCleaner (by Xplode)
▶ Run it
▶ Click on Remove and wait for the cleaning process.
▶ Post the content of the report you will find on your hard drive c:\ADwcleaner[Sx].txt or its content if it opens.
--
.::. Security Contributor .::.
Hi
I have the same problem with my key, is it possible to get your help
Thank you in advance :)
I launched AdwCleaner and here is what I got
# AdwCleaner v3.018 - Report created on 04/02/2014 at 23:22:51
# Updated on 28/01/2014 by Xplode
# Operating System: Windows 7 Home Premium Service Pack 1 (64-bit)
# Username: ma - MA-PC
# Executed from: C:\Users\ma\Downloads\adwcleaner (1).exe
# Option: Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted: C:\Users\ma\AppData\Local\Temp\boost_interprocess
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v32.0.1700.107
[ File: C:\Users\ma\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted: homepage
*************************
AdwCleaner[R0].txt - [21974 bytes] - [03/02/2014 20:05:01]
AdwCleaner[R1].txt - [1002 bytes] - [04/02/2014 23:09:09]
AdwCleaner[S0].txt - [21221 bytes] - [03/02/2014 20:20:32]
AdwCleaner[S1].txt - [930 bytes] - [04/02/2014 23:22:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [989 bytes] ##########
I have the same problem with my key, is it possible to get your help
Thank you in advance :)
I launched AdwCleaner and here is what I got
# AdwCleaner v3.018 - Report created on 04/02/2014 at 23:22:51
# Updated on 28/01/2014 by Xplode
# Operating System: Windows 7 Home Premium Service Pack 1 (64-bit)
# Username: ma - MA-PC
# Executed from: C:\Users\ma\Downloads\adwcleaner (1).exe
# Option: Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted: C:\Users\ma\AppData\Local\Temp\boost_interprocess
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v32.0.1700.107
[ File: C:\Users\ma\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted: homepage
*************************
AdwCleaner[R0].txt - [21974 bytes] - [03/02/2014 20:05:01]
AdwCleaner[R1].txt - [1002 bytes] - [04/02/2014 23:09:09]
AdwCleaner[S0].txt - [21221 bytes] - [03/02/2014 20:20:32]
AdwCleaner[S1].txt - [930 bytes] - [04/02/2014 23:22:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [989 bytes] ##########
Hello queen5,
Open a new topic and paste a deletion report with usbfix: https://www.usbfix.net/?wpdmdl=497
Open a new topic and paste a deletion report with usbfix: https://www.usbfix.net/?wpdmdl=497
Ok ... just one question: with all these deletions, am I at risk of deleting files that I've created? So should I back them up somewhere before launching the application?
Désolé, je ne peux pas accéder à des liens externes. Merci de copier le texte que vous souhaitez traduire ici.
I always have a file at the beginning of the drive but it no longer has a name, and I can access the files from another PC, so I guess it's okay :D Does that mean the virus is gone from my computer as well?
And I uninstalled Avast, should I just download the new version or is another antivirus preferable?
Thank you very much anyway!
And I uninstalled Avast, should I just download the new version or is another antivirus preferable?
Thank you very much anyway!
I always have a file at the beginning of the key but it has no name anymore
Didn’t get that
Keep Avast it's good ;)
--
.::. Security Contributor .::.
Didn’t get that
Keep Avast it's good ;)
--
.::. Security Contributor .::.
Well actually I still have the file that was there before the shortcut... except that now it's a normal file, with no name, and inside I have access to my files like before the virus... so I guess it's all good :)
Ah yeah :)
Run Delfix checking all the boxes: https://www.commentcamarche.net/telecharger/securite/7111-delfix/
~~
Install Malwarebytes Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Run regular scans with it, it's effective.
~~
Secure your PC!
A web exploit allows the infection of your computer automatically when visiting a hacked website, taking advantage of the fact that you have outdated software (Java, Adobe Reader, etc.) with vulnerabilities that allow the execution of code (malicious in our case) without your knowledge.
Not having up-to-date software that potentially has vulnerabilities makes it possible to infect your system.
Example with: Java Exploit
It is therefore essential to keep your software updated in order to avoid these entry points into your system.
As long as these programs are not up-to-date, your PC is vulnerable and infections can easily settle in.
IMPORTANT: update your programs, especially Java/Adobe Reader and Flash:
https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
https://forum.malekal.com/viewtopic.php?t=15960&start=
Disable Java in your web browsers: https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web
~~
Be careful about what you install in the future:
Additional software is often offered (toolbars, adware) when installing free software in general or through certain download sites like S0ft0nic.
The publisher earns money for each successful installation of these additional programs (a kind of sponsorship), and your PC ends up with toolbars that slow down the browser or adware that opens advertising pop-ups.
The toolbars are there to affiliate you with a service (Yahoo! or Google search engine), they add functionalities, but generally, browsers have these by default.
In addition, they record the sites you visit to transmit (tracking) for targeted advertising, which is not great for privacy protection.
Multiple toolbars can slow down the PC and may cause web browsers to crash.
In the end, it is not advisable to use them.
Finally, the accumulation of these programs slows down the computer/web browser.
These additional programs are offered during the installation of programs, and very often these additions are pre-checked.
Therefore, when you install a program, read carefully what is offered because you might install toolbars without knowing it.
Read about PUPs/LPIs: https://www.malekal.com/adwares-pup-protection/
Spread the word to your friends!
~~
The rest of security: http://forum.malekal.com/comment-securiser-son-ordinateur.html
Happy reading and don’t forget to indicate that your topic is resolved :)
--
.::. Security Contributor .::.
Run Delfix checking all the boxes: https://www.commentcamarche.net/telecharger/securite/7111-delfix/
~~
Install Malwarebytes Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Run regular scans with it, it's effective.
~~
Secure your PC!
A web exploit allows the infection of your computer automatically when visiting a hacked website, taking advantage of the fact that you have outdated software (Java, Adobe Reader, etc.) with vulnerabilities that allow the execution of code (malicious in our case) without your knowledge.
Not having up-to-date software that potentially has vulnerabilities makes it possible to infect your system.
Example with: Java Exploit
It is therefore essential to keep your software updated in order to avoid these entry points into your system.
As long as these programs are not up-to-date, your PC is vulnerable and infections can easily settle in.
IMPORTANT: update your programs, especially Java/Adobe Reader and Flash:
https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
https://forum.malekal.com/viewtopic.php?t=15960&start=
Disable Java in your web browsers: https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web
~~
Be careful about what you install in the future:
Additional software is often offered (toolbars, adware) when installing free software in general or through certain download sites like S0ft0nic.
The publisher earns money for each successful installation of these additional programs (a kind of sponsorship), and your PC ends up with toolbars that slow down the browser or adware that opens advertising pop-ups.
The toolbars are there to affiliate you with a service (Yahoo! or Google search engine), they add functionalities, but generally, browsers have these by default.
In addition, they record the sites you visit to transmit (tracking) for targeted advertising, which is not great for privacy protection.
Multiple toolbars can slow down the PC and may cause web browsers to crash.
In the end, it is not advisable to use them.
Finally, the accumulation of these programs slows down the computer/web browser.
These additional programs are offered during the installation of programs, and very often these additions are pre-checked.
Therefore, when you install a program, read carefully what is offered because you might install toolbars without knowing it.
Read about PUPs/LPIs: https://www.malekal.com/adwares-pup-protection/
Spread the word to your friends!
~~
The rest of security: http://forum.malekal.com/comment-securiser-son-ordinateur.html
Happy reading and don’t forget to indicate that your topic is resolved :)
--
.::. Security Contributor .::.
Thank you very much, I will be careful in the future with the updates and I will check all that :)
Since I’m at it and because your help is super effective, I have another small issue on another PC, I will post a new message :)
Have a good evening and thanks again!
Since I’m at it and because your help is super effective, I have another small issue on another PC, I will post a new message :)
Have a good evening and thanks again!
Hello everyone,
Attention to all those who may have difficulties following the procedures and who would like personalized help:
/!\ Create your own topic by clicking on this image /!\
All reports posted in this thread will be deleted for readability reasons.
Only thank you messages are accepted and welcome.
Thank you for your understanding.
--
.::. Security Contributor .::.
Attention to all those who may have difficulties following the procedures and who would like personalized help:
/!\ Create your own topic by clicking on this image /!\
All reports posted in this thread will be deleted for readability reasons.
Only thank you messages are accepted and welcome.
Thank you for your understanding.
--
.::. Security Contributor .::.
############################## | UsbFix V 7.164 | [Removal]
User: Sandra (Administrator) # SANDRA-PC
Updated on 02/05/2014 by El Desaparecido - Team SosVirus
Started at 19:05:26 | 02/15/2014
Website: http://www.usbfix.net/
Changelog: http://www.usbfix.net/maj/
Support: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: SAMSUNG ELECTRONICS CO., LTD. (N140 )
CPU: Intel(R) Atom(TM) CPU N280 @ 1.66GHz
RAM -> [Total: 1014 Mo| Free: 375 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot
OS: Microsoft Windows 7 Starter Edition (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer: 10.0.9200.16750
WB: Google Chrome: 32.0.1700.107
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Fixed Drive # 109 GB (73 GB free - 67%) [] # NTFS
D:\ -> Fixed Drive # 109 GB (106 GB free - 97%) [] # NTFS
E:\ -> Removable Drive # 4 GB (3 GB free - 78%) [TITI SANDRA] # FAT32
F:\ -> Removable Drive # 4 GB (4 GB free - 98%) [CLÉ SANDRA] # FAT32
################## | Active Processes |
C:\windows\system32\csrss.exe (ID: 444 |ParentID: 436)
C:\windows\system32\wininit.exe (ID: 508 |ParentID: 436)
C:\windows\system32\csrss.exe (ID: 516 |ParentID: 500)
C:\windows\system32\services.exe (ID: 572 |ParentID: 508)
C:\windows\system32\winlogon.exe (ID: 604 |ParentID: 500)
C:\windows\system32\lsass.exe (ID: 616 |ParentID: 508)
C:\windows\system32\lsm.exe (ID: 624 |ParentID: 508)
C:\windows\system32\svchost.exe (ID: 728 |ParentID: 572)
C:\windows\system32\svchost.exe (ID: 824 |ParentID: 572)
C:\windows\System32\svchost.exe (ID: 908 |ParentID: 572)
C:\windows\System32\svchost.exe (ID: 964 |ParentID: 572)
C:\windows\system32\svchost.exe (ID: 996 |ParentID: 572)
C:\windows\system32\svchost.exe (ID: 1036 |ParentID: 572)
C:\windows\system32\svchost.exe (ID: 1260 |ParentID: 572)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1352 |ParentID: 572)
C:\windows\system32\Dwm.exe (ID: 1480 |ParentID: 964)
C:\windows\Explorer.EXE (ID: 1508 |ParentID: 1464)
C:\windows\system32\runonce.exe (ID: 1632 |ParentID: 1508)
C:\windows\System32\spoolsv.exe (ID: 1652 |ParentID: 572)
C:\windows\system32\taskeng.exe (ID: 1660 |ParentID: 1036)
C:\windows\system32\svchost.exe (ID: 1696 |ParentID: 572)
C:\windows\system32\taskhost.exe (ID: 1712 |ParentID: 572)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1928 |ParentID: 572)
C:\windows\system32\taskeng.exe (ID: 1948 |ParentID: 1036)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1980 |ParentID: 572)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 2028 |ParentID: 572)
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (ID: 332 |ParentID: 1948)
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (ID: 372 |ParentID: 1948)
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (ID: 464 |ParentID: 1948)
C:\windows\system32\svchost.exe (ID: 440 |ParentID: 572)
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (ID: 744 |ParentID: 1948)
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe (ID: 992 |ParentID: 1948)
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe (ID: 1380 |ParentID: 572)
C:\windows\SYSTEM32\Rezip.exe (ID: 2316 |ParentID: 572)
C:\windows\system32\svchost.exe (ID: 2396 |ParentID: 572)
C:\Program Files\Java\jre7\bin\keytool.exe (ID: 2552 |ParentID: 1352)
C:\windows\system32\conhost.exe (ID: 2576 |ParentID: 444)
C:\windows\System32\svchost.exe (ID: 2592 |ParentID: 572)
C:\Program Files\Alwil Software\Avast5\setup\avast.setup (ID: 2668 |ParentID: 1352)
C:\windows\servicing\TrustedInstaller.exe (ID: 2900 |ParentID: 572)
C:\windows\system32\svchost.exe (ID: 2952 |ParentID: 572)
C:\windows\System32\WUDFHost.exe (ID: 3344 |ParentID: 964)
C:\windows\system32\igfxext.exe (ID: 3540 |ParentID: 728)
C:\windows\system32\wbem\wmiprvse.exe (ID: 3644 |ParentID: 728)
C:\windows\system32\igfxsrvc.exe (ID: 3680 |ParentID: 728)
################## | Regedit Run |
04 - HKCU\..\Run: [Facebook Update] "C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run: [iTunesHelper] wscript.exe //B "C:\Users\Sandra\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
04 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
04 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
04 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
04 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run: [iTunesHelper] wscript.exe //B "C:\Users\Sandra\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
04 - HKU\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3514257721-1901164723-3590556789-1000\..\Run: [Facebook Update] "C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3514257721-1901164723-3590556789-1000\..\Run: [iTunesHelper] wscript.exe //B "C:\Users\Sandra\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Generic Search |
Deleted! C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Deleted! C:\Users\Sandra\AppData\Local\Temp\iTunesHelper.vbe
Deleted! E:\iTunesHelper.vbe
Deleted! F:\iTunesHelper.vbe
Deleted! E:\001.lnk
Deleted! E:\PV4.lnk
Deleted! E:\DSE.lnk
Deleted! E:\CARTE LOGEMENTS.lnk
Deleted! E:\PRESENTATION LENS.lnk
Deleted! E:\Louvre-Lens victoria.lnk
Deleted! E:\LEGENDE LOGEMENTS.lnk
Deleted! E:\26 police officers injured parade protests.lnk
Deleted! E:\Tourisme de mémoire - partie 3 victoria.lnk
Deleted! E:\Un exemple de tourisme de mémoire (4)[1].lnk
Deleted! E:\.Spotlight-V100.lnk
(!) Temporary files deleted.
################## | Registry |
Deleted! HKLM\Software\iTunesHelper
Fixed! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Fixed! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Deleted! HKU\S-1-5-21-3514257721-1901164723-3590556789-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Deleted! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Listing |
[05/07/2010 - 14:31:01 | SHD] - C:\$Recycle.Bin
[10/06/2009 - 22:42:20 | A | 0 Ko] - C:\autoexec.bat
[12/02/2014 - 19:45:35 | D] - C:\Config.Msi
[10/06/2009 - 22:42:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 05:53:55 | SHD] - C:\Documents and Settings
[15/02/2014 - 19:02:23 | ASH | 779032 Ko] - C:\hiberfil.sys
[27/08/2009 - 08:35:50 | D] - C:\Intel
[05/07/2010 - 14:21:21 | RHD] - C:\MSOCache
[15/02/2014 - 19:02:24 | ASH | 1048576 Ko] - C:\pagefile.sys
[14/07/2009 - 03:37:05 | D] - C:\PerfLogs
[01/02/2014 - 15:49:44 | D] - C:\Program Files
[01/02/2014 - 15:32:23 | HD] - C:\ProgramData
[03/07/2010 - 23:10:26 | SHD] - C:\Recovery
[27/08/2009 - 08:37:22 | N | 2 Ko] - C:\RHDSetup.log
[27/08/2009 - 09:16:26 | N | 0 Ko] - C:\setup.log
[15/02/2014 - 18:36:51 | SHD] - C:\System Volume Information
[13/02/2014 - 22:35:39 | D] - C:\UsbFix
[13/02/2014 - 22:28:42 | N | 11 Ko | 63E9350B619AD9019EFE0B4AD789245D] - C:\UsbFix [Clean 2] SANDRA-PC.txt
[15/02/2014 - 19:20:01 | A | 8 Ko | 633F1B5DF9442B8AD8F275C62872CB5A] - C:\UsbFix [Clean 4] SANDRA-PC.txt
[13/02/2014 - 22:09:22 | N | 8 Ko | 046B8B9A7ABB9361E26C0972E7855F3C] - C:\UsbFix [Scan 1] SANDRA-PC.txt
[03/07/2010 - 23:12:00 | D] - C:\Users
[31/01/2014 - 20:03:56 | D] - C:\Windows
[05/07/2010 - 15:03:55 | SHD] - D:\$RECYCLE.BIN
[20/09/2013 - 13:25:32 | D] - D:\63258749e20bb075e800974d
[13/10/2013 - 21:02:30 | SHD] - D:\System Volume Information
[22/12/2013 - 12:43:16 | SHD] - E:\System Volume Information
[16/01/2014 - 12:13:00 | N | 383 Ko] - E:\001.jpg
[16/01/2014 - 12:14:30 | N | 397 Ko] - E:\001 (2).jpg
[26/08/2013 - 17:06:22 | D] - E:\Justin_Timberlake The2020
[09/01/2014 - 13:57:38 | N | 0 Ko] - E:\.~lock.Eleccion del zoo de Beauval.odp#
[26/08/2013 - 16:54:10 | D] - E:\Daft_Punk_Discography
[05/01/2014 - 14:59:26 | N | 119 Ko] - E:\PV4.docx
[26/08/2013 - 16:53:46 | D] - E:\Daft Punk - Random Access Memories (2013)
[21/01/2014 - 15:25:06 | N | 166 Ko] - E:\CARTE LOGEMENTS.bmp
[21/01/2014 - 16:10:54 | N | 15 Ko] - E:\PRESENTATION LENS.odt
[21/01/2014 - 16:14:44 | N | 73 Ko] - E:\Louvre-Lens victoria.odt
[09/01/2014 - 15:18:18 | SH | 4 Ko] - E:\._.Trashes
[28/01/2014 - 18:32:52 | N | 16 Ko] - E:\DSE.pdf
[09/01/2014 - 15:18:18 | SHD] - E:\.Trashes
[09/01/2014 - 15:18:22 | SHD] - E:\.Spotlight-V100
[21/01/2014 - 19:47:08 | N | 6527 Ko] - E:\Louvre Lens total partie 1.odt
[21/01/2014 - 15:24:38 | N | 211 Ko] - E:\LEGENDE LOGEMENTS.bmp
[13/01/2014 - 18:58:28 | N | 3426 Ko] - E:\26 police officers injured parade protests.mpeg
[21/01/2014 - 16:20:02 | N | 4 Ko] - E:\._SOFIANE-SOUM.docx
[22/01/2014 - 13:34:36 | N | 4 Ko] - E:\th46N4E692.jpg
[21/01/2014 - 16:20:02 | N | 120 Ko] - E:\SOFIANE-SOUM.docx
[21/01/2014 - 19:36:36 | N | 5396 Ko] - E:\Louvre-Lens version finale1.pdf
[04/02/2014 - 13:09:14 | N | 9 Ko] - E:\Partie Sandra Centenaire.odt
[04/02/2014 - 12:52:16 | N | 315 Ko] - E:\Tourisme de mémoire - partie 3 victoria.odt
[04/02/2014 - 13:15:36 | D] - E:\Tourisme de Mémoire Victoria
[05/02/2014 - 10:29:16 | N | 1424 Ko] - E:\Un exemple de tourisme de mémoire.pdf
[05/02/2014 - 10:24:20 | N | 2712 Ko] - E:\Un exemple de tourisme de mémoire (4)[1].pptx
[06/02/2014 - 12:37:26 | N | 277 Ko] - E:\001 (3).jpg
[28/01/2014 - 18:32:56 | N | 40 Ko] - E:\fiche_famille.pdf
[22/12/2013 - 14:35:28 | SHD] - F:\System Volume Information
################## | Vaccine |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
What's the next step?? Because when I reconnect my USB drives the antivirus still detects the threat and it's a mess...
############################## | UsbFix V 7.164 | [Removal]
User: fanny (Administrator) # FANNY-PC
Updated on 05/02/2014 by El Desaparecido - Team SosVirus
Run at 08:57:44 | 17/02/2014
Website: http://www.usbfix.net/
Changelog: http://www.usbfix.net/maj/
Support: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: Hewlett-Packard (3659)
CPU: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
RAM -> [Total: 3063 Mo | Free: 1999 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate Edition (6.1.7600 32-Bit)
WB: Windows Internet Explorer: 8.0.7600.16385
WB: Mozilla Firefox: 27.0.1
SC: Security Center [(!) Disabled]
WU: Windows Update [(!) Disabled]
AV: Microsoft Security Essentials [Enabled | (!) Outdated]
AS: Microsoft Security Essentials [Enabled | (!) Outdated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows Firewall [Enabled]
AS: Malwarebytes' Anti-Malware: 1.60.0061
C:\ (%systemdrive%) -> Hard drive # 596 Go (73 Go free - 12%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Hard drive # 596 Go (41 Go free - 7%) [Dde Fanny] # NTFS
F:\ -> Removable drive # 15 Go (15 Go free - 100%) [KINGSTON] # FAT32
G:\ -> Removable drive # 4 Go (3 Go free - 88%) [] # FAT32
H:\ -> Removable drive # 7 Go (7 Go free - 99%) [] # FAT32
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 448 | ParentID: 412)
C:\Windows\system32\wininit.exe (ID: 516 | ParentID: 412)
C:\Windows\system32\csrss.exe (ID: 524 | ParentID: 508)
C:\Windows\system32\services.exe (ID: 580 | ParentID: 516)
C:\Windows\system32\lsass.exe (ID: 596 | ParentID: 516)
C:\Windows\system32\lsm.exe (ID: 604 | ParentID: 516)
C:\Windows\system32\svchost.exe (ID: 712 | ParentID: 580)
C:\Windows\system32\nvvsvc.exe (ID: 772 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 812 | ParentID: 580)
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (ID: 872 | ParentID: 580)
C:\Windows\System32\svchost.exe (ID: 916 | ParentID: 580)
C:\Windows\System32\svchost.exe (ID: 960 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 1016 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 1148 | ParentID: 580)
C:\Windows\system32\winlogon.exe (ID: 1272 | ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1360 | ParentID: 580)
C:\Program Files\WinZipper\winzipersvc.exe (ID: 1472 | ParentID: 580)
C:\Windows\System32\spoolsv.exe (ID: 1596 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 1624 | ParentID: 580)
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (ID: 1652 | ParentID: 772)
C:\Windows\system32\nvvsvc.exe (ID: 1664 | ParentID: 772)
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (ID: 2020 | ParentID: 580)
C:\Windows\system32\taskhost.exe (ID: 296 | ParentID: 580)
C:\Windows\system32\Dwm.exe (ID: 1032 | ParentID: 960)
C:\Windows\Explorer.EXE (ID: 1380 | ParentID: 888)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1916 | ParentID: 580)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2068 | ParentID: 580)
C:\Windows\system32\taskeng.exe (ID: 2132 | ParentID: 1016)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2196 | ParentID: 580)
C:\Windows\system32\EscSvc.exe (ID: 2244 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 2308 | ParentID: 580)
C:\Windows\system32\runonce.exe (ID: 2388 | ParentID: 1380)
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (ID: 2396 | ParentID: 580)
C:\Windows\System32\svchost.exe (ID: 2504 | ParentID: 580)
C:\Windows\System32\svchost.exe (ID: 2536 | ParentID: 580)
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (ID: 2616 | ParentID: 2396)
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (ID: 2764 | ParentID: 580)
C:\Program Files\Skype\Updater\Updater.exe (ID: 2848 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 2872 | ParentID: 580)
C:\Program Files\Wajam\Updater\WajamUpdater.exe (ID: 2948 | ParentID: 580)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3088 | ParentID: 580)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3208 | ParentID: 3088)
C:\Windows\system32\svchost.exe (ID: 3304 | ParentID: 580)
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (ID: 3392 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 3484 | ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 3512 | ParentID: 580)
C:\Windows\system32\WUDFHost.exe (ID: 3592 | ParentID: 960)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3804 | ParentID: 712)
C:\Windows\System32\rundll32.exe (ID: 3932 | ParentID: 712)
C:\Windows\system32\msiexec.exe (ID: 3984 | ParentID: 580)
################## | Regedit Run |
04 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
04 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run: [Boxore Client] C:\Program Files\Boxore\BoxoreClient\boxore.exe
04 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKU\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3535091264-3545093153-3740825785-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Generic Search |
Deleted! G:\SURVIVAL.vbe
Deleted! G:\.lnk
Deleted! G:\plan noailles 5000eme.lnk
Deleted! G:\Quartier NDM 1-1000.lnk
Deleted! G:\Prérendu.lnk
Deleted! G:\Plan au 1000.lnk
Deleted! G:\Argumentation pré-rendu.lnk
Deleted! G:\13-09-27 Fanny.lnk
Deleted! G:\System Volume Information.lnk
Deleted! G:\.Trashes.lnk
Deleted! G:\.Spotlight-V100.lnk
Deleted! G:\Carnet technique.lnk
Deleted! G:\Girard.lnk
(!) Temporary files deleted.
################## | Registry |
Fixed! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Fixed! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
################## | Listing |
[27/12/2011 - 19:02:20 | SHD] - C:\$Recycle.Bin
[08/02/2014 - 19:35:46 | N | 252 Ko] - C:\acadminidump.dmp
[20/09/2011 - 12:57:20 | D] - C:\Autodesk
[10/06/2009 - 22:42:20 | A | 0 Ko] - C:\autoexec.bat
[30/08/2012 - 11:36:44 | N | 0 Ko | 2F4D7974715C11BBB15EC0BEAC450AB4] - C:\ChromeHPLog.txt
[09/02/2014 - 16:07:54 | D] - C:\Config.Msi
[10/06/2009 - 22:42:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 05:53:55 | SHD] - C:\Documents and Settings
[25/08/2013 - 21:18:08 | N | 0 Ko] - C:\END
[17/02/2014 - 08:56:35 | ASH | 2352280 Ko] - C:\hiberfil.sys
[04/11/2010 - 11:29:45 | D] - C:\Intel
[14/03/2013 - 02:27:34 | RASH | 0 Ko] - C:\IO.SYS
[14/03/2013 - 02:27:34 | RASH | 0 Ko] - C:\MSDOS.SYS
[04/11/2010 - 11:47:58 | RHD] - C:\MSOCache
[04/11/2010 - 11:23:24 | D] - C:\NVIDIA
[17/02/2014 - 08:56:38 | ASH | 3136376 Ko] - C:\pagefile.sys
[14/07/2009 - 03:37:05 | D] - C:\PerfLogs
[15/02/2014 - 14:25:55 | D] - C:\Program Files
[15/02/2014 - 14:15:12 | HD] - C:\ProgramData
[04/11/2010 - 10:43:14 | SHD] - C:\Recovery
[13/02/2014 - 16:59:16 | SHD] - C:\System Volume Information
[17/02/2014 - 08:56:52 | D] - C:\Temp
[17/02/2014 - 08:55:40 | D] - C:\UsbFix
[15/02/2014 - 18:23:36 | N | 10 Ko | AECE45580E5D50926A360244323B7DE3] - C:\UsbFix [Clean 2] FANNY-PC.txt
[17/02/2014 - 09:15:37 | A | 8 Ko | 039291C41E8814C0FE4D4998FDE603A2] - C:\UsbFix [Clean 4] FANNY-PC.txt
[25/08/2013 - 21:18:21 | D] - C:\User Data
[04/11/2010 - 10:43:24 | D] - C:\Users
[17/02/2014 - 08:48:18 | D] - C:\Windows
[17/08/2013 - 21:09:59 | SHD] - E:\$RECYCLE.BIN
[24/09/2013 - 19:10:48 | D] - E:\13-06-29 Anniv' Bat et Fanny
[24/09/2013 - 19:10:56 | D] - E:\13-06-30 Fête des Parents
[24/09/2013 - 19:12:03 | D] - E:\13-07 Prapic
[24/09/2013 - 19:12:12 | D] - E:\13-07-04 Soirée golf Cabries
[24/09/2013 - 19:12:41 | D] - E:\13-07-10 Anniv' Popo
[24/09/2013 - 19:12:57 | D] - E:\13-07-10 Sainte-Baume Parrain
[24/09/2013 - 19:13:18 | D] - E:\13-07-13 Le Caramy avec Juju
[24/09/2013 - 19:13:36 | D] - E:\13-07-15 Festival d'Avignon
[24/09/2013 - 19:13:39 | D] - E:\13-07-20 Anniv' Pauline
[24/09/2013 - 19:13:54 | D] - E:\13-07-27 Maison location
[24/09/2013 - 19:14:12 | D] - E:\13-08-19 Jardin du Sambuc
[24/09/2013 - 19:14:33 | D] - E:\13-08-25 Grenoble rando
[24/09/2013 - 19:14:48 | D] - E:\13-08-31 Calanques port pin
[24/09/2013 - 19:14:49 | D] - E:\13-09-01 Cuisine avec Pauline
[24/09/2013 - 19:09:36 | D] - E:\13-09-05 au 11 Paris!
[23/06/2013 - 11:59:07 | D] - E:\BTS
[23/06/2013 - 11:48:21 | D] - E:\Documents
[03/06/2013 - 14:46:07 | D] - E:\Professional Folder
[28/09/2013 - 12:15:18 | D] - E:\ENSP
[04/01/2014 - 17:42:12 | D] - E:\Films dde
[23/06/2013 - 12:11:19 | D] - E:\Software
[23/06/2013 - 11:46:10 | D] - E:\Preparation
[04/04/2013 - 19:20:31 | SHD] - E:\RECYCLER
[16/10/2011 - 18:29:01 | SHD] - E:\System Volume Information
[21/01/2014 - 17:28:02 | N | 10442 Ko] - G:\plan noailles 5000eme.jpg
[30/01/2014 - 00:34:56 | SHD] - G:\System Volume Information
[30/01/2014 - 12:09:42 | N | 64586 Ko] - G:\Quartier NDM 1-1000.pdf
[30/01/2014 - 12:13:52 | SH | 4 Ko] - G:\._.Trashes
[30/01/2014 - 12:13:52 | SHD] - G:\.Trashes
[12/02/2014 - 00:04:56 | N | 4673 Ko] - G:\Prérendu.pdf
[30/01/2014 - 12:13:52 | SHD] - G:\.Spotlight-V100
[30/01/2014 - 12:13:52 | SH | 0 Ko] - G:\.apdisk
[30/01/2014 - 13:09:26 | N | 59058 Ko] - G:\Plan au 1000.pdf
[12/02/2014 - 00:07:20 | N | 5 Ko | 893CE2CC442591108CB836B2CF2C9C93] - G:\Argumentation pré-rendu.txt
[12/02/2014 - 08:40:40 | N | 304 Ko] - G:\Plan-Présentation2.pdf
[12/02/2014 - 09:04:50 | N | 14 Ko] - G:\Plan-Présentation SANS.pdf
[12/02/2014 - 09:17:12 | N | 14 Ko] - G:\PlanA2.pdf
[12/02/2014 - 10:09:36 | N | 1022 Ko] - G:\ombres.pdf
[12/02/2014 - 09:53:36 | N | 2672 Ko] - G:\Skyline.pdf
[12/02/2014 - 09:48:30 | N | 2772 Ko] - G:\Document Microsoft Office Publisher (3).pdf
[12/12/2013 - 17:52:56 | D] - G:\Technical Notebook
[27/09/2013 - 09:08:44 | N | 26853 Ko] - G:\13-09-27 Fanny.mp4
[20/01/2014 - 22:24:04 | D] - G:\Girard
[13/02/2014 - 14:46:10 | D] - H:\DCIM
[13/02/2014 - 14:46:10 | D] - H:\MISC
[13/02/2014 - 14:46:10 | D] - H:\PRIVATE
[01/01/2012 - 00:00:00 | D] - H:\EPSCAN
################## | Vaccine |
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
User: Drawing (Administrator) # PCX-DRAWING
Updated on 23/06/2014 by El Desaparecido - SosVirus
Launched at 08:43:39 | 01/07/2014
Website: [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog: [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Support: [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Upload Malware: [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact: [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: Intel Corporation (DP45SG)
CPU: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
GC: NVIDIA GeForce 9800 GT
RAM -> [Total: 3573 MB | Free: 1643 MB]
Bios: Intel Corp.
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Professional (6.1.7601 32-Bit) Service Pack 1
WB: Internet Explorer: 11.00.9600.16428
WB: Google Chrome: 0.0.0.0
WB: Mozilla Firefox: 2.0
[b]################## | Security Information |[/b]
AV: AVG Internet Security 2012 [Active | Up to date]
AS: AVG Internet Security 2012 [Active | Up to date]
AS: Windows Defender [[b](!) Disabled[/b] | Up to date]
AS: Malwarebytes Anti-Malware: 1.44
FW: Windows Firewall [[b](!) Disabled[/b]]
SC: Security Center [Active]
WU: Windows Update [Active]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Fixed disk # 98 GB (51 GB free - 52%) [] # NTFS
D:\ -> Fixed disk # 200 GB (186 GB free - 93%) [] # NTFS
F:\ -> Removable disk # 7 GB (1 GB free - 19%) [ROBERTOS II] # FAT32
[b]################## | Autorun |[/b]
[b]################## | C:\ %SystemDrive% - Fixed Disk (NTFS) |[/b]
[10/06/2009 - 23:42:20 | A | 0 KB] - C:\config.sys
[02/03/2010 - 16:09:07 | RASH | 0 KB] - C:\MSDOS.SYS
[02/03/2010 - 16:09:07 | RASH | 0 KB] - C:\IO.SYS
[01/07/2014 - 08:10:17 | ASH | 3658468 KB] - C:\pagefile.sys
[01/07/2014 - 08:10:18 | ASH | 2743848 KB] - C:\hiberfil.sys
[24/04/2014 - 10:32:58 | A | 1 KB] - C:\.rnd
[01/03/2010 - 15:10:53 | SHD] - C:\$Recycle.Bin
[10/06/2009 - 23:42:20 | A | 0 KB] - C:\autoexec.bat
[14/07/2009 - 04:37:05 | D] - C:\PerfLogs
[14/07/2009 - 06:53:55 | SHD] - C:\Documents and Settings
[01/03/2010 - 15:10:27 | SHD] - C:\Recovery
[01/03/2010 - 15:17:25 | RHD] - C:\MSOCache
[02/03/2010 - 11:43:57 | D] - C:\NVIDIA
[02/03/2010 - 16:09:04 | D] - C:\EPSON
[19/04/2010 - 07:48:03 | HD] - C:\$AVG
[16/04/2012 - 14:26:57 | D] - C:\Drawing1
[14/02/2014 - 13:39:23 | RD] - C:\Users
[05/05/2014 - 08:02:33 | HD] - C:\ProgramData
[03/06/2014 - 07:43:01 | RD] - C:\Program Files
[01/07/2014 - 08:10:17 | D] - C:\Windows
[01/07/2014 - 08:25:42 | SHD] - C:\System Volume Information
[01/07/2014 - 08:43:15 | D] - C:\UsbFix
[b]################## | D:\ - Fixed Disk (NTFS) |[/b]
[06/01/2012 - 11:30:14 | A | 0 KB] - D:\avgKey-abc.txt
[12/12/2006 - 08:59:02 | A | 1462 KB | [url=https://www.virustotal.com/file/12c914d6c87c538790a7b2105fcc619613c207ae6097e594516a1744cad6d736/analysis/1394689616/]VirusTotal[/url] - (0/49)] - D:\ccsetup135.exe
[08/11/2008 - 23:06:48 | A | 697 KB | [url=https://www.virustotal.com/file/902c24fa4f35bea83675a4bfeca5296498b89ba7708df25694f02704bfd148a6/analysis/1401406610/]VirusTotal[/url] - (0/52)] - D:\SaveAsPDFandXPS.exe
[16/02/2009 - 16:29:52 | A | 2809 KB | [url=https://www.virustotal.com/file/c702a2fe0e8d21b282b766b1282a4618955007032c5ab1d8e21ba151d64c80e1/analysis/1394991805/]VirusTotal[/url] - (0/47)] - D:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.34_french_215092.exe
[03/09/2009 - 15:34:22 | A | 16025 KB | [url=https://www.virustotal.com/file/c5ba7b1abe20916b5fade39fc951c885caa750282b7d254f54c488da4fb99239/analysis/1404171721/]VirusTotal[/url] - ([color=#FF0000]1[/color]/[color=#FF0000]54[/color])] - D:\setup-spybotsd162.exe
[27/11/2009 - 12:28:30 | A | 95750 KB | SHA1: 4F7F563B8C2C2D444F6F7C633E8B18BFF000A3C2] - D:\avg antivirus eval.exe
[15/01/2010 - 12:30:30 | A | 1183 KB | [url=https://www.virustotal.com/file/161ea512485c95746d670e6771743fb78e729f72dd6f3273adb7a7ced7fd41ac/analysis/1395762484/]VirusTotal[/url] - ([color=#FF0000]1[/color]/[color=#FF0000]51[/color])] - D:\fcleaner.exe
[12/03/2010 - 12:42:18 | SHD] - D:\$RECYCLE.BIN
[01/03/2010 - 13:23:58 | SHD] - D:\System Volume Information
[02/03/2010 - 10:52:55 | D] - D:\AutoCAD LT 2000
[02/03/2010 - 10:52:56 | D] - D:\AutoCAD LT 2000i Fra
[02/03/2010 - 10:53:29 | D] - D:\AutoCAD LT 2005
[02/03/2010 - 10:53:35 | D] - D:\542ffcb6de609fe8ef5ba4f5e6
[02/03/2010 - 11:40:44 | D] - D:\drawing share
[02/03/2010 - 15:14:41 | D] - D:\Drawing
[30/08/2010 - 08:06:37 | HD] - D:\$AVG
[15/09/2010 - 13:03:14 | D] - D:\25cbbbe4b211939b988c599a6bcd
[13/10/2010 - 13:01:27 | D] - D:\c23ac61ac1336e601310bd
[15/12/2010 - 14:01:29 | D] - D:\3496d87053b7824afd21e06526
[13/01/2011 - 14:01:35 | D] - D:\f9a2b63f52d078468437
[10/02/2011 - 14:01:46 | D] - D:\2e35e6983ec5dde90be32cec898fad
[09/03/2011 - 14:01:51 | D] - D:\a650f5e731e3871fd2dc99a9a97368
[18/04/2011 - 17:28:52 | D] - D:\d826a5438e0885544f
[24/05/2011 - 09:10:10 | D] - D:\1dc762016cbd99e5be3631670130
[22/06/2011 - 18:00:11 | D] - D:\2b316fba66a5cc183cdd35a1
[19/07/2011 - 11:26:12 | D] - D:\c9c6826e0850284815ca
[29/08/2011 - 13:02:21 | D] - D:\2fac0a43d50255aaf21de5b1582a8138
[15/09/2011 - 13:03:48 | D] - D:\a9b9794a9f5aeb72404a
[12/10/2011 - 13:03:28 | D] - D:\c8b6f346c733c812ec
[10/11/2011 - 16:47:35 | D] - D:\374cc8f58c1d25e9db05b9ea90262e47
[26/12/2011 - 18:45:11 | D] - D:\6a0002064c6f4a99b296f7
[b]################## | F:\ - USB Drive (FAT32) |[/b]
[20/01/2014 - 11:59:06 | A | 193 KB] - F:\final assembly.SLDASM
[13/02/2014 - 11:03:58 | A | 0 KB] - F:\e.nc
[19/08/2011 - 21:03:10 | A | 68162 KB | SHA1: 29D2FFF9A3220483D05B14CFB95BA9710C027E13] - F:\DraftSight.exe
[09/04/2014 - 15:07:58 | A | 110 KB] - F:\PRESS DRAWING.docx
[04/01/2014 - 13:02:32 | D] - F:\Personal
[15/01/2014 - 15:09:02 | SHD] - F:\System Volume Information
[24/01/2014 - 16:21:28 | D] - F:\ROBERT
[04/04/2014 - 14:04:00 | D] - F:\SDK2012_64
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]
Utilisateur : SERVER-SAM (Administrateur) # INFO
Mise à jour le 09/06/2014 par El Desaparecido - SosVirus
Démarré à 14:50:16 | 30/10/2014
Site web : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Journal des modifications : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://en.kioskea.net/forum/viruses-security-7]http://en.kioskea.net/forum/viruses-security-7[/url]
Télécharger Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]
PC : Wistron Corporation (ProLiant ML110 G6)
CPU : Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
RAM -> [Total : 2039 Mo | Libre : 292 Mo]
Bios : HP
Démarrage : Démarrage normal
OS : Microsoft Windows 7 Ultimate (6.1.7600 64-Bit)
WB : Windows Internet Explorer : 8.0.7600.16385
WB : Google Chrome : 38.0.2125.111
WB : Mozilla Firefox : 30.0
SC : Centre de sécurité [Activé]
WU : Mise à jour Windows [Activé]
AV : ESET Smart Security 4.2 [Activé | (!) Obsolète]
AS : ESET Smart Security 4.2 [Activé | (!) Obsolète]
AS : Windows Defender [Activé | (!) Obsolète]
FW : Pare-feu personnel ESET [Activé]
FW : Pare-feu Windows [(!) Désactivé]
C:\ (%SystemDrive%) -> Disque fixe # 100 Go (41 Mo libre - 41%) [gsw] # NTFS
D:\ -> Disque fixe # 133 Go (35 Mo libre - 26%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 972 Mo (123 Mo libre - 13%) [BOUCHRA] # FAT32
H:\ -> Disque fixe # 233 Go (167 Mo libre - 72%) [DATA 2] # NTFS
[b]################## | Processus actifs |[/b]
C:\Windows\System32\smss.exe (ID : 384|ID parent : 4|SYSTEM)
C:\Windows\System32\wininit.exe (ID : 516|ID parent : 456)
C:\Windows\System32\services.exe (ID : 568|ID parent : 516)
C:\Windows\System32\lsass.exe (ID : 596|ID parent : 516)
C:\Windows\System32\lsm.exe (ID : 604|ID parent : 516)
C:\Windows\System32\winlogon.exe (ID : 696|ID parent : 508)
C:\Windows\System32\svchost.exe (ID : 744|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 828|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 928|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 960|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 988|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 536|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 1044|ID parent : 568)
C:\Windows\System32\spoolsv.exe (ID : 1208|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 1236|ID parent : 568)
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ID : 1336|ID parent : 568)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID : 1368|ID parent : 568)
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (ID : 1396|ID parent : 568)
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ID : 1440|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 1472|ID parent : 568)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID : 1564|ID parent : 568)
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (ID : 1696|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 2284|ID parent : 568)
C:\Windows\System32\svchost.exe (ID : 2996|ID parent : 568)
C:\Windows\System32\SearchIndexer.exe (ID : 2444|ID parent : 568)
C:\Windows\System32\taskhost.exe (ID : 1408|ID parent : 568|SERVER-SAM)
C:\Windows\System32\dwm.exe (ID : 2800|ID parent : 960|SERVER-SAM)
C:\Windows\explorer.exe (ID : 2616|ID parent : 728|SERVER-SAM)
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (ID : 2760|ID parent : 1696|SERVER-SAM)
C:\Windows\System32\taskeng.exe (ID : 540|ID parent : 988|SERVER-SAM)
C:\ProgramData\rvlkl\rvlkl.exe (ID : 2620|ID parent : 540|SERVER-SAM)
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (ID : 1324|ID parent : 1696)
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (ID : 1432|ID parent : 1696)
C:\Users\SERVER-SAM\AppData\Roaming\uTorrent\uTorrent.exe (ID : 2776|ID parent : 2616|SERVER-SAM)
C:\Program Files (x86)\ManyCam\ManyCam.exe (ID : 460|ID parent : 2616|SERVER-SAM)
C:\Program Files (x86)\PrtScr\PrtScr.exe (ID : 3256|ID parent : 2616|SERVER-SAM)
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (ID : 3332|ID parent : 2616|SERVER-SAM)
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (ID : 3352|ID parent : 3264|SERVER-SAM)
C:\Program Files (x86)\Internet Haut Débit Mobile\AutoDect.exe (ID : 3372|ID parent : 3264|SERVER-SAM)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID : 3384|ID parent : 3264|SERVER-SAM)
C:\Windows\System32\wscript.exe (ID : 3452|ID parent : 3312|SERVER-SAM)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID : 3932|ID parent : 568)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 3316|ID parent : 2616|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 3704|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 3944|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 4444|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 4760|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 2052|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 4288|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 5028|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 3716|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 4612|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Internet Download Manager\IDMan.exe (ID : 3360|ID parent : 744|SERVER-SAM)
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (ID : 4256|ID parent : 3360|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 3292|ID parent : 3316|SERVER-SAM)
C:\Windows\System32\taskhost.exe (ID : 4148|ID parent : 568|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 4184|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 2988|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID : 1916|ID parent : 2616|SERVER-SAM)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID : 4756|ID parent : 1916|SERVER-SAM)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (ID : 3940|ID parent : 4756|SERVER-SAM)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (ID : 4268|ID parent : 3940|SERVER-SAM)
C:\Program Files (x86)\Internet Explorer\ielowutil.exe (ID : 2848|ID parent : 3360|SERVER-SAM)
C:\Windows\System32\taskeng.exe (ID : 3600|ID parent : 988)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 2224|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 4116|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 3576|ID parent : 3316|SERVER-SAM)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID : 5048|ID parent : 3316|SERVER-SAM)
C:\Windows\System32\SearchProtocolHost.exe (ID : 4640|ID parent : 2444)
C:\Windows\System32\SearchFilterHost.exe (ID : 2672|ID parent : 2444|SYSTEM)
C:\UsbFix\UsbFix.exe (ID : 5420|ID parent : 2616|SERVER-SAM)
[b]################## | Autorun |[/b]
G:\Documents.lnk -> G:\
G:\Passwords.lnk -> G:\
G:\Video.lnk -> G:\
G:\Pictures.lnk -> G:\
G:\New Folder.lnk -> G:\
[b]################## | Regedit Run |[/b]
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [uTorrent] "C:\Users\SERVER-SAM\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [ManyCam] "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent
04 - HKCU\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
04 - HKLM\..\Run : [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\..\Run : [autodetect] C:\Program Files (x86)\Internet Haut Débit Mobile\AutoDect.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
04 - [x64] HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3546591137-510465623-319382024-1000\..\Run : [uTorrent] "C:\Users\SERVER-SAM\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3546591137-510465623-319382024-1000\..\Run : [ManyCam] "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent
04 - HKU\S-1-5-21-3546591137-510465623-319382024-1000\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-3546591137-510465623-319382024-1000\..\Run : [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
[b]################## | Recherche générique |[/b]
Trouvé ! D:\Nouveau Dossier.lnk
Trouvé ! G:\New Folder.lnk
Trouvé ! G:\Passwords.lnk
Trouvé ! G:\Documents.lnk
Trouvé ! G:\Pictures.lnk
Trouvé ! G:\Music.lnk
Trouvé ! G:\Video.lnk
Trouvé ! G:\otok.lnk
Trouvé ! G:\OUmaima.lnk
Trouvé ! G:\RECYCLER.lnk
Trouvé ! G:\philo.lnk
Trouvé ! G:\korean.lnk
Trouvé ! G:\Evaluations.lnk
Trouvé ! G:\annivai.lnk
Trouvé ! G:\Nouveau dossier.lnk
Trouvé ! G:\CHAWAN2.lnk
Trouvé ! H:\Nouveau Dossier.lnk
Trouvé ! H:\SERVER-SAM.lnk
Trouvé ! C:\Users\SERVER-SAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk
Trouvé ! D:\bin.doc
Trouvé ! D:\img.jpg
Trouvé ! G:\bin.doc
Trouvé ! G:\img.jpg
Trouvé ! H:\bin.doc
Trouvé ! H:\img.jpg
[b]################## | Registre |[/b]
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]