Shortcut folder virus

Fermé
Michel - Modifié par Michel le 3/01/2014 à 12:17
kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 - 3 janv. 2014 à 12:25
Bonjour, need help for shortcut folder!!!

############################## | UsbFix V 7.158 | [Research]

User: RABARY (Administrator) # RABARY-PC
Updated 02/01/2014 by El Desaparecido - Team SosVirus
Started at 13:18:50 | 03/01/2014

Website : http://www.en.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Intel Corp. (Base Board Product Name)
CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
RAM -> [Total : 4022 Mo| Free : 1831 Mo]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Safari : 534.57.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 78 Gb (4 Mb free - 5%) [] # NTFS
D:\ -> Fixed drive # 466 Gb (35 Mb free - 7%) [INTENSO] # FAT32
E:\ -> CD-ROM
F:\ -> Fixed drive # 98 Gb (7 Mb free - 7%) [New Volume] # NTFS
G:\ -> Fixed drive # 122 Gb (12 Mb free - 10%) [New Volume] # NTFS
H:\ -> CD-ROM
K:\ -> Removable drive # 7 Gb (7 Mb free - 99%) [NIKOND3200] # FAT32

################## | Active Processes |

C:\WINDOWS\system32\wininit.exe (ID: 756 |ParentID: 608)
C:\WINDOWS\system32\lsass.exe (ID: 824 |ParentID: 756)
C:\WINDOWS\system32\svchost.exe (ID: 960 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 1008 |ParentID: 816)
C:\WINDOWS\system32\nvvsvc.exe (ID: 688 |ParentID: 816)
C:\WINDOWS\System32\svchost.exe (ID: 1068 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 1116 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 1192 |ParentID: 816)
C:\WINDOWS\System32\svchost.exe (ID: 1284 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 1400 |ParentID: 816)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1520 |ParentID: 816)
C:\WINDOWS\System32\spoolsv.exe (ID: 1792 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 1820 |ParentID: 816)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1388 |ParentID: 816)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2980 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 2216 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 2212 |ParentID: 816)
C:\WINDOWS\SysWOW64\vmnat.exe (ID: 1200 |ParentID: 816)
C:\WINDOWS\SysWOW64\vmnetdhcp.exe (ID: 3004 |ParentID: 816)
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (ID: 2152 |ParentID: 816)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (ID: 3092 |ParentID: 816)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 3212 |ParentID: 960)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (ID: 3280 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 3556 |ParentID: 816)
C:\WINDOWS\system32\svchost.exe (ID: 3664 |ParentID: 816)
C:\WINDOWS\system32\dashost.exe (ID: 5776 |ParentID: 1284)
C:\WINDOWS\System32\WinLogon.exe (ID: 6036 |ParentID: 5544)
C:\WINDOWS\System32\dwm.exe (ID: 5208 |ParentID: 6036)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 4676 |ParentID: 688)
C:\WINDOWS\system32\nvvsvc.exe (ID: 4332 |ParentID: 688)
C:\WINDOWS\system32\taskhostex.exe (ID: 5908 |ParentID: 1116)
C:\WINDOWS\Explorer.EXE (ID: 4308 |ParentID: 5128)
C:\Windows\System32\skydrive.exe (ID: 3948 |ParentID: 960)
C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe (ID: 2992 |ParentID: 1116)
C:\Windows\System32\RuntimeBroker.exe (ID: 2304 |ParentID: 960)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2480 |ParentID: 4308)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 2824 |ParentID: 4308)
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (ID: 2704 |ParentID: 4308)
C:\Program Files (x86)\Free Download Manager\fdm.exe (ID: 5176 |ParentID: 4308)
C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe (ID: 1132 |ParentID: 4308)
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (ID: 4484 |ParentID: 4308)
C:\Users\RABARY\AppData\Roaming\uTorrent\uTorrent.exe (ID: 5184 |ParentID: 4308)
C:\Program Files (x86)\Internet Download Manager\IDMan.exe (ID: 2960 |ParentID: 4308)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 5044 |ParentID: 2996)
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (ID: 5416 |ParentID: 2960)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3196 |ParentID: 5544)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2604 |ParentID: 3196)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5188 |ParentID: 3196)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5224 |ParentID: 3196)
C:\Windows\System32\SettingSyncHost.exe (ID: 3508 |ParentID: 960)
C:\Windows\System32\WWAHost.exe (ID: 1136 |ParentID: 960)
C:\WINDOWS\WinStore\WSHost.exe (ID: 2552 |ParentID: 960)
C:\Program Files\WindowsApps\Microsoft.BingMaps_2.0.2210.2401_x64__8wekyb3d8bbwe\Map.exe (ID: 5384 |ParentID: 960)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 336 |ParentID: 3196)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3592 |ParentID: 3196)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 6292 |ParentID: 816)
C:\Windows\System32\WUDFHost.exe (ID: 2896 |ParentID: 1284)
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe (ID: 1128 |ParentID: 960)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6712 |ParentID: 3196)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2120 |ParentID: 3196)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5472 |ParentID: 3196)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5800 |ParentID: 3196)
C:\Program Files (x86)\Safari\Safari.exe (ID: 5548 |ParentID: 4308)
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe (ID: 532 |ParentID: 5548)
C:\UsbFix\Go.exe (ID: 5336 |ParentID: 7068)

################## | Regedit Run |

04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
04 - HKLM64\..\Run : [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
04 - HKLM64\..\Run : [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
04 - HKU\S-1-5-21-3598218730-4213288928-961693062-1000\..\Run : [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
04 - HKU\S-1-5-21-3598218730-4213288928-961693062-1000\..\Run : [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe
04 - HKU\S-1-5-21-3598218730-4213288928-961693062-1000\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-3598218730-4213288928-961693062-1000\..\Run : [uTorrent] "C:\Users\RABARY\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3598218730-4213288928-961693062-1000\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-18\..\Run : [Gestionnaire Antidote.exe] C:\PROGRA~2\Druide\Antidote\Gestionnaire Antidote.exe

################## | Generic Research |

Found ! D:\sp36683_2.exe
Found ! D:\NANSIS.lnk
Found ! D:\OTA.lnk
Found ! D:\poitiers.lnk
Found ! D:\PRU.lnk
Found ! D:\ange.lnk
Found ! D:\temp.lnk
Found ! D:\System Volume Information.lnk
Found ! D:\famari.lnk
Found ! D:\publication marphysa.lnk
Found ! D:\reef_AOI_mada.lnk
Found ! D:\12 Dico.lnk
Found ! D:\BIBLIO CNDO JHSM.lnk
Found ! D:\Recycled.lnk
Found ! D:\cartography.lnk
Found ! D:\DIN.lnk
Found ! D:\from card.lnk
Found ! D:\$RECYCLE.BIN.lnk
Found ! D:\Documents.lnk
Found ! D:\Videos.lnk
Found ! D:\Pictures.lnk
Found ! D:\downloads.lnk
Found ! D:\OpenElement.lnk
Found ! D:\Music.lnk
Found ! D:\ABC phytorestore.lnk
Found ! D:\sites.lnk
Found ! D:\Boky Ange.lnk
Found ! D:\Formation Complète.lnk
Found ! D:\sauvegarde.lnk
Found ! D:\Doctorat RASOANANDRASANA Rafalimanana (IHSM-Univ. Toliara et UiS, Univ. Stavanger NORVEGE).lnk
Found ! D:\Posters ramamps.lnk
Found ! D:\Mini-reportage_FAMARI.lnk
Found ! D:\OBJET 3D.lnk
Found ! D:\DOC EIE.lnk
Found ! D:\CLE POISSON.lnk
Found ! D:\scolarship.lnk
Found ! D:\ihsm.lnk
Found ! D:\hp.lnk
Found ! D:\biblio IHSM.lnk
Found ! D:\carbone.lnk
Found ! D:\Desktop.lnk
Found ! D:\Pasteur TOVONY.lnk
Found ! D:\.Trashes\Desktop.ini
Found ! D:\Documents\Programs\sp36683_2.exe
Found ! D:\Documents\Programs\sp36683.exe

################## | Registry |


################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
K:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

A voir également:

1 réponse

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
3 janv. 2014 à 12:25
Bonjour,


==> Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir. Double-cliquez sur "UsbFix.exe".

Cliquez sur [Suppression].

Laissez travailler l'outil.
L'analyse va alors commencer puis un rapport s'affichera à la fin du scan.
Poste son rapport / stp

Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).
0