Répondre à : Transformation de fichiers en raccourcis ! 2016-09-08T13:08:31+00:00
bennmanga
Participant
Post count: 18

Voilà !

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Ben (Administrateur) # BENMANGA
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 19:07:49 | 09/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (M5A78L)
CPU: AMD Phenom(tm) II X4 955 Processor
RAM -> [Total : 4094 | Free : 949]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus 2014 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 931 Go (154 Go libre(s) – 17%) [] # NTFS
D: -> Disque fixe # 60 Go (40 Go libre(s) – 66%) [ACER] # FAT32
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 8 Go (2 Go libre(s) – 23%) [Intenso] # FAT32
H: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Turbo Key] – “C:Program FilesASUSTurbo KeyTurboKey.exe”
HKLMSOFTWARE | Run : [AdobeCS4ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [WTClient] – WTClient.exe
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [LogMeIn Hamachi Ui] – “C:Jeuxhamachi-2-ui.exe” –auto-start
HKLMSOFTWARE | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Turbo Key] – “C:Program FilesASUSTurbo KeyTurboKey.exe”
HKLMSOFTWAREwow6432Node | Run : [AdobeCS4ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [WTClient] – WTClient.exe
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [LogMeIn Hamachi Ui] – “C:Jeuxhamachi-2-ui.exe” –auto-start
HKLMSOFTWAREwow6432Node | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [uTorrent] – “C:Program Files (x86)uTorrentuTorrent.exe” /MINIMIZED
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Pando Media Booster] – C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersBenAppDataLocalAkamainetsession_win.exe”
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Steam] – “C:Program Files (x86)SteamSteam.exe” -silent
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Facebook Update] – “C:UsersBenAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Clownfish] – “C:Program Files (x86)ClownfishClownfish.exe”
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [HydraVisionDesktopManager] – “C:Program Files (x86)ATI TechnologiesHydraVisionHydraDM.exe”
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Activator] – wscript.exe //B “C:UsersBenAppDataLocalTempActivator.vbs”
HKUS-1-5-21-1097147635-3363988166-1689558142-1007SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-1097147635-3363988166-1689558142-1007SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID 916 |ParentID 568)
Stoppé! C:Program FilesTabletPenWTabletServiceCon.exe (ID 1068 |ParentID 568)
Stoppé! C:Windowssystem32atieclxx.exe (ID 1272 |ParentID 916)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1436 |ParentID 568)
Stoppé! C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID 1592 |ParentID 568)
Stoppé! C:Program Files (x86)ASUSAsSysCtrlService1.00.02AsSysCtrlService.exe (ID 1680 |ParentID 568)
Stoppé! C:Program Files (x86)Freenetbinwrapper-windows-x86-32.exe (ID 1856 |ParentID 568)
Stoppé! C:Windowssystem32conhost.exe (ID 1884 |ParentID 436)
Stoppé! C:WindowsSysWOW64PnkBstrA.exe (ID 1988 |ParentID 568)
Stoppé! C:Windowssystem32taskhost.exe (ID 1056 |ParentID 568)
Stoppé! C:Windowssystem32taskeng.exe (ID 1364 |ParentID 304)
Stoppé! C:Program Files (x86)ASUSEPU-4 EngineFourEngine.exe (ID 2016 |ParentID 1364)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 2292 |ParentID 1848)
Stoppé! C:Windowsvsnp2std.exe (ID 2304 |ParentID 1848)
Stoppé! C:Program FilesMicrosoft Xbox 360 AccessoriesXBoxStat.exe (ID 2560 |ParentID 1848)
Stoppé! C:WindowsSystem32DriversWTSRV.EXE (ID 2620 |ParentID 568)
Stoppé! C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe (ID 2732 |ParentID 1848)
Stoppé! C:UsersBenAppDataLocalAkamainetsession_win.exe (ID 2752 |ParentID 1848)
Stoppé! C:UsersBenAppDataLocalAkamainetsession_win.exe (ID 2800 |ParentID 2752)
Stoppé! C:WindowsSystem32wscript.exe (ID 2920 |ParentID 1848)
Stoppé! C:Program FilesASUSTurbo KeyTurboKey.exe (ID 3008 |ParentID 2928)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 2840 |ParentID 2928)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2968 |ParentID 2316)
Stoppé! C:Jeuxhamachi-2.exe (ID 3288 |ParentID 568)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 3696 |ParentID 2968)
Stoppé! C:JeuxLMIGuardianSvc.exe (ID 4008 |ParentID 3288)
Stoppé! C:WindowsSysWOW64java.exe (ID 4544 |ParentID 1856)
Stoppé! C:Program Files (x86)ATI TechnologiesHydraVisionHydraDM.exe (ID 3128 |ParentID 3696)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 4676 |ParentID 568)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 1796 |ParentID 568)
Stoppé! C:Program FilesTabletPenPen_TabletUser.exe (ID 5316 |ParentID 1068)
Stoppé! C:Program FilesTabletPenWacomHost.exe (ID 5332 |ParentID 1068)
Stoppé! C:Program FilesTabletPenPen_TouchUser.exe (ID 5536 |ParentID 1068)
Stoppé! C:Program FilesTabletPenPen_Tablet.exe (ID 5660 |ParentID 5332)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 1628 |ParentID 568)
Stoppé! C:Windowssystem32DllHost.exe (ID 5808 |ParentID 748)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 216 |ParentID 1848)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6108 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3896 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2984 |ParentID 216)
Stoppé! C:Program Files (x86)Common FilesAdobeUpdater6Adobe_Updater.exe (ID 1396 |ParentID 1160)
Stoppé! C:Program Files (x86)AVGAVG2014avgwdsvc.exe (ID 1832 |ParentID 568)
Stoppé! C:Program Files (x86)AVGAVG2014avgui.exe (ID 5388 |ParentID 6292)
Stoppé! C:Program Files (x86)AVGAVG2014avgcfgex.exe (ID 408 |ParentID 5388)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3140 |ParentID 568)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 4088 |ParentID 3140)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6016 |ParentID 216)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 1956 |ParentID 992)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 812 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6284 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6200 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5996 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3448 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6708 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6152 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4420 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 128 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4636 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6476 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2372 |ParentID 216)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2508 |ParentID 216)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 4924 |ParentID 4676)
Stoppé! C:Program Files (x86)uTorrentuTorrent.exe (ID 4872 |ParentID 216)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 7360 |ParentID 4676)
Stoppé! C:Windowssystem32DllHost.exe (ID 8160 |ParentID 748)
Stoppé! C:Windowssystem32taskeng.exe (ID 8080 |ParentID 304)

################## | Éléments infectieux |

Non supprimé ! H:Activator.vbs
Supprimé! G:$AVG.lnk
Supprimé! G:Liste SH1.lnk
Supprimé! G:Book1.lnk
Supprimé! G:Liste SH1 XL.lnk
Supprimé! G:6323130983.lnk
Supprimé! G:6391226688.lnk
Supprimé! G:6319616950.lnk
Supprimé! G:111 V3.lnk
Supprimé! G:111 Sceau.lnk
Supprimé! G:2013-04-07 Photos Tunisie G.lnk
Supprimé! G:Autres.lnk
Supprimé! G:Eur.lnk
Supprimé! G:Belgocontrol.lnk
Supprimé! G:Photos Nokia C5.lnk
Supprimé! G:Cours.lnk
Supprimé! C:UsersBenAppDataLocalTemputtB08F.tmp.exe
Supprimé! C:UsersBenAppDataLocalTemputtD624.tmp.exe
Supprimé! C:UsersBenAppDataLocalTemputtF318.tmp.exe
Supprimé! C:UsersBenAppDataLocalTemputtF8E.tmp.exe
Supprimé! C:UsersBenAppDataLocalTemp7za.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1097147635-3363988166-1689558142-1000SoftwareMicrosoftWindowsCurrentVersionRun|Activator
Supprimé! HKCU….ExplorerMountPoints2{764f4e02-c034-11e0-963f-f46d044776c5}

################## | Listing |

[09/10/2013 – 17:45:24 | D ] C:$AVG
[06/01/2013 – 17:45:35 | SHD ] C:$Recycle.Bin
[22/08/2012 – 00:52:44 | D ] C:AeriaGames
[15/08/2013 – 15:00:52 | D ] C:AMD
[09/10/2013 – 17:47:55 | HD ] C:Config.Msi
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[30/03/2012 – 20:53:40 | D ] C:download
[09/10/2013 – 16:11:09 | ASH | 3219791872] C:hiberfil.sys
[03/10/2013 – 18:21:11 | D ] C:Jeux
[31/10/2011 – 10:35:42 | D ] C:Manga
[09/10/2013 – 16:11:11 | ASH | 4293058560] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[05/07/2013 – 23:03:43 | D ] C:Program Files
[26/08/2013 – 20:13:09 | D ] C:Program Files (x86)
[09/10/2013 – 17:45:23 | HD ] C:ProgramData
[01/08/2011 – 21:55:11 | SHD ] C:Recovery
[09/10/2013 – 17:44:50 | SHD ] C:System Volume Information
[09/10/2013 – 19:18:49 | A | 14057] C:UsbFix [Clean 3] BENMANGA.txt
[09/10/2013 – 18:01:33 | N | 12565] C:UsbFix [Scan 1] BENMANGA.txt
[09/10/2013 – 18:45:58 | N | 13943] C:UsbFix [Scan 2] BENMANGA.txt
[26/08/2013 – 20:13:25 | RD ] C:Users
[01/09/2013 – 02:28:46 | D ] C:Windows
[05/08/2004 – 05:00:00 | D ] D:i386
[05/08/2004 – 05:00:00 | D ] D:VALUEADD
[05/08/2004 – 05:00:00 | D ] D:dotnetfx
[21/03/2005 – 18:44:46 | N | 75] D:PRELOAD.AAA
[01/03/2010 – 22:00:56 | D ] D:FOUND.000
[01/03/2010 – 23:16:10 | D ] D:FOUND.001
[21/03/2005 – 09:41:52 | D ] D:SYSINFO
[21/03/2005 – 09:41:52 | D ] D:GUIDE
[21/03/2005 – 09:41:54 | D ] D:DRV
[21/03/2005 – 09:42:44 | N | 512] D:BOOTSECT.DOS
[05/05/2003 – 10:31:58 | D ] D:WINDOWS
[05/08/2004 – 05:00:00 | N | 4952] D:Bootfont.bin
[05/08/2004 – 05:00:00 | N | 251712] D:ntldr
[05/08/2004 – 05:00:00 | N | 47564] D:NTDETECT.COM
[01/03/2010 – 14:18:08 | N | 216] D:boot.ini
[21/03/2005 – 09:53:06 | D ] D:Documents and Settings
[21/03/2005 – 09:56:18 | D ] D:Program Files
[21/03/2005 – 09:56:54 | N | 0] D:CONFIG.SYS
[21/03/2005 – 09:56:54 | N | 0] D:AUTOEXEC.BAT
[21/03/2005 – 09:56:54 | N | 0] D:IO.SYS
[21/03/2005 – 09:56:54 | N | 0] D:MSDOS.SYS
[21/03/2005 – 09:59:48 | SHD ] D:System Volume Information
[21/05/2003 – 17:20:16 | D ] D:Acer
[21/03/2005 – 18:30:36 | N | 6] D:ISACER.ID
[21/03/2005 – 18:38:02 | D ] D:Recycled
[01/03/2010 – 23:25:58 | D ] D:FOUND.002
[01/03/2010 – 23:38:12 | D ] D:FOUND.003
[02/03/2010 – 09:40:24 | D ] D:FOUND.004
[03/03/2010 – 22:26:02 | D ] D:FOUND.005
[03/08/2011 – 18:00:50 | D ] D:FOUND.006
[03/03/2010 – 22:26:06 | ASH | 1073270784] D:hiberfil.sys
[01/03/2010 – 21:01:32 | SHD ] D:Config.Msi
[01/03/2010 – 21:28:16 | RSHD ] D:RECYCLER
[03/03/2010 – 22:26:04 | N | 1610612736] D:pagefile.sys
[01/08/2011 – 21:55:22 | SHD ] D:$RECYCLE.BIN
[22/12/2011 – 14:38:08 | D ] D:$AVG
[28/07/2013 – 20:35:36 | N | 13731] G:Liste SH1.ods
[08/04/2013 – 16:26:16 | D ] G:2013-04-07 Photos Tunisie G
[06/12/2011 – 12:12:54 | D ] G:Autres
[21/06/2013 – 15:39:28 | D ] G:Eur
[20/02/2013 – 19:17:26 | N | 16814] G:Book1.ods
[16/11/2011 – 16:07:28 | D ] G:Belgocontrol
[29/07/2013 – 15:51:10 | N | 34304] G:Liste SH1 XL.xls
[19/09/2012 – 10:49:50 | D ] G:Photos Nokia C5
[20/08/2013 – 17:39:12 | N | 27845] G:6323130983.pdf
[20/08/2013 – 17:39:20 | N | 22445] G:6391226688.pdf
[18/06/2013 – 17:15:26 | N | 26722] G:6319616950.pdf
[25/08/2013 – 20:44:36 | N | 258606] G:111 V3.docx
[22/09/2013 – 17:20:12 | N | 264930] G:111 Sceau.docx
[06/09/2013 – 14:14:08 | D ] G:Cours
[09/10/2013 – 18:03:52 | D ] G:$AVG
[03/08/2013 – 19:45:26 | N | 73383] H:Activator.vbs

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |