Rem-VBSworm v8.0 =========== - General info: Running under: jean- on profile: C:\Users\jean- Computer name: DESKTOP-37KC94K Operating System: Microsoft Windows 10 Famille Boot Mode: Fail-safe with network boot Antivirus software installed: SecureAPlus Antivirus Windows Defender AVG Antivirus Executed on: 17/06/2018 @ 16:44:50,09 =========== - Drive info: Listing currently attached drives: Caption Description VolumeName C: Disque mont‚ local OS D: Disque CD-ROM E: Disque mont‚ local eassos sr image & makupdiector 3 F: Disque CD-ROM MY_DATA_101017 G: Disque amovible SFCE XFCE H: Disque amovible samsung fit power2go 12 I: Disque mont‚ local Seagate Backup Plus Drive J: Disque mont‚ local Seagate Backup Plus Drive K: Disque mont‚ local Seagate Backup Plus Drive L: Disque CD-ROM M: Disque mont‚ local ZALMAN N: Disque amovible windows to go 1 O: Disque mont‚ local wd MY passport 3TO P: Disque CD-ROM Sans titre Q: Disque amovible R: Disque amovible CUBUNTU V: Disque amovible Y: Disque amovible FOLD-ISARDU Z: Disque mont‚ local SYSTEM Physical drives information: C: \Device\HarddiskVolume3 NTFS O: \Device\HarddiskVolume8 NTFS E: \Device\HarddiskVolume4 NTFS Z: \Device\HarddiskVolume1 FAT Q: \Device\HarddiskVolume9 FAT G: \Device\HarddiskVolume11 FAT R: \Device\HarddiskVolume19 FAT H: \Device\HarddiskVolume16 NTFS I: \Device\HarddiskVolume18 NTFS M: \Device\HarddiskVolume13 NTFS J: \Device\HarddiskVolume15 NTFS K: \Device\HarddiskVolume7 NTFS Y: \Device\HarddiskVolume12 FAT N: \Device\HarddiskVolume10 NTFS F: \Device\CdRom0 UDFS P: \Device\CdRom2 UDFS =========== - Disinfection info: Informationÿ: aucune tƒche en service ne correspond aux critŠres sp‚cifi‚s. Informationÿ: aucune tƒche en service ne correspond aux critŠres sp‚cifi‚s. Fichier supprim‚ - C:\Users\jean-\AppData\Roaming\Warface\osutils.vbs Fichier supprim‚ - C:\Users\jean-\AppData\Roaming\WarThunder\osutils.vbs =========== - Shortcut info: Shortcut: "C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" ---------------------------------------------------------------- =========== - Scheduled tasks info: =========== - USB drive info: g: selected USB Device ID: SCSI\DISK&VEN_SEAGATE&PROD_BUP_BL\000000 USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1.00\05077900000000F6&0 USBSTOR\DISK&VEN_SMI&PROD_USB_DISK&REV_1100\00000347&0 USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0 USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE_FIT&REV_1100\0363316010027335&0 SCSI\DISK&VEN_SEAGATE&PROD_BUP_RD\8&1811B4DF&0&000000 SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60ZF5A0\4&32E8E4A0&0&000000 USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA_FIT&REV_1.00\4C530001050902110312&0 USBSTOR\DISK&VEN_REALSIL&PROD_RTSUERLUN0&REV_1.00\0000 USBSTOR\DISK&VEN_TOSHIBA&PROD_TRANSMEMORY&REV_1.00\0022CFF6BDF8C080958BAE56&0 USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\07014791E2C22032&0 USBSTOR\DISK&VEN_ZALMAN&PROD_ZM-VE350&REV_1060\WXF1A952S610&1 SCSI\DISK&VEN_SEAGATE&PROD_BUP_RD\000000 WARNING... Possible Andromeda/Gamarue infection... Listing root contents of g: Le volume dans le lecteur G s'appelle SFCE XFCE Le num‚ro de s‚rie du volume est 17F7-1314 R‚pertoire de G:\ 25/11/2017 18:02 NMSDCID 30/11/2017 08:49 Optimizer Pro 3.07 30/11/2017 18:04 OneSafe Driver Manager 08/12/2017 10:33 Anvi Browser Repair Tool 08/12/2017 10:36 Anvi Smart Defender 09/12/2017 13:44 Slim Toolbar 10/12/2017 08:07 PHOTO FAMILY 11/12/2017 17:50 PC Optimizer Pro 14/12/2017 16:22 69ÿ623 ldlinux.sys 14/12/2017 16:22 .disk 14/12/2017 16:22 EFI 14/12/2017 16:22 1ÿ526 DRBL-Live-Version 14/12/2017 16:22 live 14/12/2017 16:22 18ÿ092 GPL 14/12/2017 16:22 boot 14/12/2017 16:23 syslinux 14/12/2017 16:23 utils 14/12/2017 16:23 94 syslinux.cfg 22/12/2017 09:53 Avanquest.PC.Speed.Maximizer.4.3.3 22/12/2017 21:52 WinSweeper 27/12/2017 13:52 SupersonicPC 31/12/2017 18:51 RegistryCleanerKit 13/01/2018 06:36 LOST.DIR 16/01/2018 13:20 PCTransImage 19/01/2018 10:52 FixMeStick Quarantine 19/01/2018 10:57 OneSafe PC Cleaner 02/02/2018 19:00 2ÿ147ÿ483ÿ648 pcsu.cache0 01/03/2018 14:54 76 nmdsdcid 15/03/2018 17:47 SpeedUpMyPC 15/03/2018 18:00 Solvusoft 04/05/2018 20:51 0 adwcleaner_7.1.1.exe.opdownload 05/05/2018 07:08 1ÿ727ÿ204 ShouldIRemoveIt_Setup.exe.opdownload 05/05/2018 07:35 679 ShouldIRemoveIt_Setup.exe 05/05/2018 07:37 0 should-i-remove-it-1-0-4-en-win.exe.opdownload 06/05/2018 10:19 1ÿ678 BOOTEX.LOG 13/05/2018 10:48 68 pmp_usb.ini 13/05/2018 11:48 52 winamp_metadata.idx 13/05/2018 11:48 425 winamp_metadata.dat 14 fichier(s) 2ÿ149ÿ303ÿ165 octets 25 R‚p(s) 121ÿ057ÿ148ÿ928 octets libres USB drive disinfected and files unhidden Windows Script Host was disabled by the user ===================================================== Scan finished at: 16:47:21,89 Send this log only if requested by a helper. ===================================================== Made by @bartblaze Tool to delete VBS autorun worm and unhide files Quarantine folder on: C:\Rem-VBSqt Info: https://bartblaze.blogspot.com/2014/02/remediate-vbs-malware.html