Zeb Help Process | Analyseur de rapports de sécurité 
| ACCUEIL | PRESENTATION | TUTORIEL | INSTALL | HELPERS | ZHPDiag | ZHPFix | LIENS | MENACES | ACTUALITES | FEEDBACK | CHANGELOG |
| Général | BTFix | ComboFix | DiversFix | HaxFix | LopFix | NaviFix | SDFix | SmitFraudFix | USBFix | VundoFix | WareOutFix | DriverFix |
PAGES : 1
ChangeLog USBFix (Depuis le 09/11/2008) |
NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.
UsbFix est un outil développé par Chiquitine29. Il permet de détecter et de supprimer les infections provenant des ports USB.
UsbStore est un outil développé par Nicolas Coolman qui permet d' Interdire l'installation de nouveaux périphériques amovibles USB.
téléchargements
February,2010
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6d51c57-6e10-11de-9299-001b24c6ca09}]
shell\AutoRun\command - E:\pbudsara.exe
shell\open\command - E:\pbudsara.exe
January,2010
O51 - MPSK:{6267df3d-d688-11de-9deb-001d72fb7d51}\Shell\AutoRun\command - nj.exe
O51 - MPSK:{4d4dd044-107e-11de-8ff6-000000000000}\Shell\AutoRun\command - G:\SSCVIIHOST.exe
O51 - MPSK:{4d4dd044-107e-11de-8ff6-000000000000}\Shell\open\command - G:\SSCVIIHOST.exe
Décember,2009
O51 - MPSK:{dd7f0d75-ac2f-11dd-9941-001560bb4154}\Shell\AutoRun\command - dynrn6e.cmd
O51 - MPSK:{dd7f0d75-ac2f-11dd-9941-001560bb4154}\Shell\explore\command - dynrn6e.cmd
O51 - MPSK:{dd7f0d75-ac2f-11dd-9941-001560bb4154}\Shell\open\command - dynrn6e.cmd
O51 - MPSK:{634aa142-9e80-11dd-8d9b-001e4cdc8df7}\Shell\AutoRun\command - e8kj.exe
O51 - MPSK:{634aa142-9e80-11dd-8d9b-001e4cdc8df7}\Shell\explore\command - e8kj.exe
O51 - MPSK:{634aa142-9e80-11dd-8d9b-001e4cdc8df7}\Shell\open\command - e8kj.exe
O51 - MPSK:{be672233-bbc8-11de-beba-0015c585162e}\Shell\AutoRun\command - 28b6ry9r.exe
O51 - MPSK:{be672233-bbc8-11de-beba-0015c585162e}\Shell\open\command - 28b6ry9r.exe
O51 - MPSK:{99f932b0-9475-11de-95eb-001377f4b5b4}\Shell\AutoRun\command - xerp8nj.exe
O51 - MPSK:{99f932b0-9475-11de-95eb-001377f4b5b4}\Shell\open\command - xerp8nj.exe
O51 - MPSK:{0fd94f68-e843-11dc-8577-001e4c5103a6}\Shell\AutoRun\command - F:\pbudsara.exe
O51 - MPSK:{0fd94f68-e843-11dc-8577-001e4c5103a6}\Shell\open\command - F:\pbudsara.exe
O51 - MPSK:{5d9c51c8-e884-11dc-8578-001e4c5103a6}\Shell\AutoRun\command - hjvjte.exe
O51 - MPSK:{5d9c51c8-e884-11dc-8578-001e4c5103a6}\Shell\open\command - hjvjte.exe
O51 - MPSK:{8d13580e-1cf3-11dd-860f-001e4c5103a6}\Shell\AutoRun\command - pbudsara.exe
O51 - MPSK:{8d13580e-1cf3-11dd-860f-001e4c5103a6}\Shell\open\command - pbudsara.exe
O51 - MPSK:{b5d4dd6c-bf0a-11dd-87d9-001e4c5103a6}\Shell\AutoRun\command - F:\wbj.exe
O51 - MPSK:{b5d4dd6c-bf0a-11dd-87d9-001e4c5103a6}\Shell\open\command - F:\wbj.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{637c4a78-d8c7-11de-8f6a-0015589a70e2}]
shell\AutoRun\command - 2id9.exe
shell\open\command - 2id9.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{728e59b2-33f8-11de-8ea9-0015589a70e2}]
shell\AutoRun\command - D:\2nuk.com
shell\open\command - D:\2nuk.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba0a3d78-2e3b-11de-8e92-d366303ad771}]
shell\AutoRun\command - D:\lcw.exe
shell\open\command - D:\lcw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba0a3d7a-2e3b-11de-8e92-d366303ad771}]
shell\AutoRun\command - E:\2nuk.com
shell\open\command - E:\2nuk.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9eae1ec-33c5-11de-8ea4-0015589a70e2}]
shell\AutoRun\command - D:\w9hw8.exe
shell\open\command - D:\w9hw8.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14d41815-5b4b-11de-8f00-0015589a70e2}]
shell\AutoRun\command - D:\sm.exe
shell\open\command - D:\sm.exe
April,2009
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8c971be-4b69-11dc-8a14-0018f3452137}]
shell\AutoRun-open\command - 1ogf.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fdc22c-3374-11de-a17d-00215d17cb8a}]
shell\AutoRun\command - F:\eyt.exe
shell\open\command - F:\eyt.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b545cf0-fd2e-11dd-a0e2-00215d17cb8a}]
shell\AutoRun\command - ej10fkdo.bat
shell\open\command - ej10fkdo.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{643430bc-2a8b-11de-a160-00215d17cb8a}]
shell\AutoRun\command - F:\g1ljsm.com
shell\open\command - F:\g1ljsm.com
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{66abf4f8-30d5-11de-a177-00215d17cb8a}]
shell\AutoRun\command - F:\vwewav8.com
shell\open\command - F:\vwewav8.com
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4fdc22c-3374-11de-a17d-00215d17cb8a}]
shell\AutoRun\command - F:\eyt.exe
shell\open\command - F:\eyt.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad5cb43-e910-11dc-b482-8c690ced4103}]
shell\AutoRun\command - yo2mq6.exe
shell\explore\command - yo2mq6.exe
shell\open\command - yo2mq6.exe
February,2009
Packed.Win32.Krap.b 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7b20f3f-5577-11dd-bfb3-0007cb0000ff}]
shell\AutoRun-explore-open\command - E:\v.exe
Trojan DNSChanger
%SYSTEM32%\gaopdxqvhlixbg.dll
Cloaked Malware
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b3904a3-a8de-11dd-8d8f-806d6172696f}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b3904a4-a8de-11dd-8d8f-806d6172696f}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd56fcd1-a8f5-11dd-af7a-00039d7884b6}]
shell\AutoRun - explore - open\command - C:\xfl3hx.exe
USB.Troj
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb3f60a5-a8db-11dd-af76-fd74fa043815}]
shell\AutoRun - explore - open\command - E:\e.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a59960d1-edd4-11dd-8449-001c23a2bf83}]
shell\AutoRun-explore-command\command - F:\fooool.exe
January,2009
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2f7cfb1-fcfe-11dc-a6c3-0019d1edc862}]
shell\AutoRun\command - F:\rqq2v.bat
shell\explore\command - F:\rqq2v.bat
shell\open\command - F:\rqq2v.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce10ee0-73d8-11da-870f-00c09f638d0a}]
shell\AutoRun\command - J:\loader.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{59497556-80b0-11dd-aad0-001d92a5d8f7}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9aded8-3fb4-11dd-aa52-001d92a5d8f7}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore-Open\command - system.exe
Virus.Win32.Virut.av
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{af6f4fe0-fd84-11dc-9846-00030d1e7024}]
shell\Auto\command - sal.xls.exe
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
O4 - HKCU\..\Run: [tava] %SYSTEM32%\tavo.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{1458b628-b3c3-11dc-a32f-0016d45f675c}]
shell\AutoRun-explore-open\command - m9ma.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3af7d6-729d-11dd-bc6d-0019dbdf9682}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{90f28fe9-047f-11dd-bc21-0019dbdf9682}]
shell\AutoRun-explore-open\command - %ROOT%\ino6.com
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{416afd77-dcc1-11dd-bcbc-0019dbdf9682}]
shell\Auto\command - AdobeR.exe e
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{c32257dd-7a59-11dd-bc6e-0019dbdf9682}]
shell\AutoRun-explore-open\command - ntdelect.com
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{a208a08a-d40a-11dd-8311-0011097648b1}]
shell\AutoRun-explore-open\command - %ROOT%\f.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{5517e816-ca8d-11dd-ad0e-001e2ae1cd4b}]
shell\AutoRun-explore-open\command - G:\RavMon.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{078d8470-9791-11dd-bfc6-aa346ba05755}]
shell\AutoRun-explore-open\command - G:\zPharaoh.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{14dd842c-b307-11dd-803c-0040d081a7ae}]
shell\AutoRun-explore-open\command - abk.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b62e2d55-b884-11dd-8051-0040d081a7ae}]
shell\Auto-AutoRun\command - G:\auto.exe
Win32:OnLineGames-DQH
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d66b88-e6b9-11dc-9a4c-001b2456fae1}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0726190-48c6-11dd-812b-001b2456fae1}]
shell\AutoRun\command - jfvkcsy.bat
shell\explore\command - jfvkcsy.bat
shell\open\command - jfvkcsy.bat
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d2a91-f64b-11dc-b039-001b2456fae1}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
December,2008
O4 - HKLM\..\Run: [GMOGLFEO] %systemroot%\GMOGLFEO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{310cc069-926f-11dd-958b-001060d0081e}]
shell\AutoRun\command - %ROOT%\tmf3w3g0.com
shell\explore\command - %ROOT%\tmf3w3g0.com
shell\open\command - %ROOT%\tmf3w3g0.com
Trojan-PSW.Win32.OnLineGames.rpy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af8172c2-a27b-11dd-9c20-001d6086c8d0}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e49e7668-88e0-11dd-9bc7-001d6086c8d0}]
shell\AutoRun\command - G:\oufddh.exe
shell\explore\command - G:\oufddh.exe
shell\open\command - G:\oufddh.exe
Virus.Win32.Parite.b
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{606aa22d-779c-11dd-976f-000c76fa3a9f}]
\Shell\AutoRun\command - ranvrgn.exe
\Shell\explore\Command - ranvrgn.exe
\Shell\open\Command - ranvrgn.exe
Worm.MyMP3
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3131e7ba-5242-11dd-933c-001636152394}]
Shell\AutoRun\command %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MyMP3.vbs
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60187b12-9c9c-11dd-93a3-0013cea44331}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MyMP3.vbs
VBS/Solow-B 
O4 - HKLM\..\Run: [FS6519] %WINDOWS%\FS6519.dll.vbs
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{bedad11e-7662-11dc-8608-806d6172696f}]
shell\AutoRun\command - udnnnvq.exe
shell\explore\command - udnnnvq.exe
shell\open\command - udnnnvq.exe
VBS/Autorun.worm.k
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{0011f010-93bf-11dd-9232-000e356b5244}]
shell\Auto\command - wscript "esta ig.vbs"
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"
Worm/AutoRun Y
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ef2700-9f3e-11 dc-9aef-0016ec95a3ce}]
shell\AutoRun\command - xn1i9x.com
shell\explore\command - xn1i9x.com
shell\open\command - xn1i9x.com
Adware Sality.z
O4 - HKCU\..\Run: [vamsoft] %SYSTEM32%\vamsoft.exe
Cloaked Malware
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61f273f0-acd7-11dd-8879-0012f04886d3}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61f273f4-acd7-11dd-8879-0012f04886d3}]
\Shell\AutoRun\command - %ROOT%\sq.com
\Shell\explore\Command - %ROOT%\sq.com
\Shell\open\Command - %ROOT%\sq.com
Cloaked Malware
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f747150-ae65-11dd-887c-0012f04886d3}]
\Shell\AutoRun\command - %ROOT%\6fnlpetp.exe
\Shell\explore\Command - %ROOT%\6fnlpetp.exe
\Shell\open\Command - %ROOT%\6fnlpetp.exe
Trojan.Agent
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fe8c000-977f-11dd-884c-0012f04886d3}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fe8c001-977f-11dd-884c-0012f04886d3}]
\Shell\AutoRun\command - %ROOT%\xih9.cmd
\Shell\explore\Command - %ROOT%\xih9.cmd
\Shell\open\Command - %ROOT%\xih9.cmd
Cloaked Malware
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{18889593-daf1-11dc-8247-0018de7d74ce}]
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8de6833-6ecf-11dd-838b-0018de7d74ce}]
\Shell\AutoRun\command - %ROOT%\hgu.bat
\Shell\explore\Command - %ROOT%\hgu.bat
\Shell\open\Command - %ROOT%\hgu.bat
Trojan Inject.Ldi
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6f2734-4c54-11dd-834d-0018de7d74ce}]
\Shell\AutoRun\command - %ROOT%\3rl3lqbq.bat
\Shell\explore\Command - %ROOT%\3rl3lqbq.bat
\Shell\open\Command - %ROOT%\3rl3lqbq.bat
Trojan VB.BP
%SYSTEM32%\killVBS.vbs
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscript.exe %SYSTEM32%\killVBS.vbs
Trojan Mal/Frethog-B
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd0dac1-7336-11db-bbd0-00038a000015}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b083df71-f8c9-11db-bed2-00038a000015}]
shell\AutoRun\command - ie.exe
shell\explore\command - ie.exe
shell\open\command - ie.exe
Trojan Mal/Frethog-B
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df92b51-9c7a-11dd-806d-00038a000015}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea3ffa1-c054-11dd-80a8-00038a000015}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{788cebc0-c15e-11dd-80ae-00038a000015}]
shell\AutoRun\command - %ROOT%\abk.bat
shell\explore\command - %ROOT%\abk.bat
shell\open\command - %ROOT%\abk.bat
%ROOT%\2u.com
Trojan Virtum-Gen
C:\WINDOWS\system32\gasretyw1.dll
November,2008
Trojan Virtum-Gen
[HKCU\...\CurrentVersion\Explorer\Mountpoints2\{166dbd54-a3f7-11dc-947b-806d6172696f}]
shell\AutoRun\command - C:\ncyrf.bat
shell\explore\command - C:\ncyrf.bat
shell\open\command - C:\ncyrf.bat
%SYSTEM32%\gasretyw0.dll
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscript.exe %SYSTEM32%\antinul.vbe
%SYSTEM32%\antinul.vbe
F2 - REG:system.ini: UserInit=%SYSTEM32%\userinit.exe,%SYSTEM32%\wscrïpt.exe %SYSTEM32%\antinul.vbe
G:\antinul.vbe
G:\bicsxk03.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc3ce56-8601-11db-af78-000c76b1c763}]
shell\AutoRun\command - G:\bicsxk03.com
shell\explore\command - G:\bicsxk03.com
shell\open\command - G:\bicsxk03.com
%WINDOWS%\DelAutorun.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5435c295-9c45-11dd-be26-000c76b1c763}]
shell\AutoRun\command - %SYSTEM32%\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
shell\AutoRun\command - delautorun.bat
%SYSTEM%\Rundll32.exe shell32.dll,shellexec_rundll wscrïpt.exe wa6.vbs
%SYSTEM%\Rundll32.exe shell32.dll,shellexec_rundll wscript.exe ms32dll.dll.vbs
%SYSTEM%\Rundll32.exe shell32.dll,shellexec_rundll wscript.exe cradle_of_filth.vbe
PAGES : 1