Répondre à : Fichiers transformés en raccourci 2016-09-08T13:10:16+00:00
Photo du profil de OKBOKB
Participant
Post count: 4

Dernier rapport USBfix

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Ber (Administrateur) # BERNARD-OKB-PC
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 15:58:15 | 20/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Intel Corporation (CAPELL VALLEY(NAPA) CRB)
CPU: Genuine Intel(R) CPU T2250 @ 1.73GHz
RAM -> [Total : 1022 | Free : 179]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 92 Go (21 Go libre(s) – 23%) [Vista] # NTFS
D: -> Disque fixe # 1 Go (1 Go libre(s) – 84%) [WinRE] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (20 Mo libre(s) – 0%) [OKBPHONE] # FAT32
H: -> Disque amovible # 4 Go (584 Mo libre(s) – 15%) [OKB] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [vProt] – “C:Program FilesAVG Secure Searchvprot.exe”
HKLMSOFTWARE | Run : [AVG_TRAY] – “C:Program FilesAVGAVG2012avgtray.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersBerAppDataLocalTempiTunesHelper.vbe”
HKLMSOFTWARE | Run : [E6fS5sMA] – wscript.exe //B “C:UsersBerAppDataLocalTempE6fS5sMA.vbs”
HKLMSOFTWARE | Run : [Intel(R)TCP] – C:UsersBerAppDataRoamingPublicIntel(R)TCP.exe
HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWARE | PoliciesExplorerrun : [Intel(R)LSM] – C:UsersBerAppDataRoamingPublicIntel(R)TCP.exe
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-653038974-2787925673-1712095740-1000SOFTWARE | Run : [Facebook Update] – “C:UsersBerAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-653038974-2787925673-1712095740-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-653038974-2787925673-1712095740-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersBerAppDataLocalTempiTunesHelper.vbe”
HKUS-1-5-21-653038974-2787925673-1712095740-1000SOFTWARE | Run : [E6fS5sMA] – wscript.exe //B “C:UsersBerAppDataLocalTempE6fS5sMA.vbs”
HKUS-1-5-21-653038974-2787925673-1712095740-1000SOFTWARE | Run : [Intel(R)TCP] – C:UsersBerAppDataRoamingPublicIntel(R)TCP.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID 728 |ParentID 500)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1316 |ParentID 500)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1440 |ParentID 500)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID 1564 |ParentID 500)
Stoppé! C:Program FilesMusic ToolbarDatamngrDatamngrCoordinator.exe (ID 1612 |ParentID 500)
Stoppé! C:Program FilesMusic ToolbarDatamngrDatamngrCoordinator.exe (ID 1744 |ParentID 1612)
Stoppé! C:Windowssystem32rundll32.exe (ID 1888 |ParentID 728)
Stoppé! C:Windowssystem32taskhost.exe (ID 372 |ParentID 500)
Stoppé! C:Windowssystem32taskeng.exe (ID 748 |ParentID 1004)
Stoppé! C:WindowsExplorer.EXE (ID 1256 |ParentID 840)
Stoppé! C:Program FilesMicrosoft Office 15ClientX86integratedoffice.exe (ID 2032 |ParentID 500)
Stoppé! c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (ID 2332 |ParentID 500)
Stoppé! C:Program FilesTeamViewerVersion8TeamViewer_Service.exe (ID 2664 |ParentID 500)
Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12ToolbarUpdater.exe (ID 2704 |ParentID 500)
Stoppé! C:Program FilesWeb AssistantExtensionUpdaterService.exe (ID 2732 |ParentID 500)
Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12loggingserver.exe (ID 2876 |ParentID 2704)
Stoppé! C:Windowssystem32conhost.exe (ID 2884 |ParentID 396)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 3676 |ParentID 924)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3936 |ParentID 500)
Stoppé! C:Program FilesMusic ToolbarDatamngrDatamngrUI.exe (ID 4084 |ParentID 1612)
Stoppé! C:Program FilesAVG Secure Searchvprot.exe (ID 2300 |ParentID 1256)
Stoppé! C:Program FilesAVAST SoftwareAvastavastui.exe (ID 3252 |ParentID 1256)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID 3416 |ParentID 1256)
Stoppé! C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe (ID 1040 |ParentID 1256)
Stoppé! C:UsersBerAppDataRoamingDropboxbinDropbox.exe (ID 3812 |ParentID 1256)
Stoppé! C:Windowssystem32sppsvc.exe (ID 3224 |ParentID 500)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 540 |ParentID 1256)
Stoppé! C:WindowsSystem32wscript.exe (ID 544 |ParentID 3884)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 1908 |ParentID 540)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 1024 |ParentID 500)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 920 |ParentID 540)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 4840 |ParentID 540)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 4868 |ParentID 540)
Stoppé! C:Windowssystem32taskhost.exe (ID 5468 |ParentID 500)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 2056 |ParentID 540)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 3172 |ParentID 3936)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 4688 |ParentID 3936)

################## | Éléments infectieux |

Supprimé! F:iTunesHelper.vbe
Supprimé! H:iTunesHelper.vbe
Supprimé! C:UsersBerAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersBerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersBerAppDataRoamingF2DFC694ak.tmp
Supprimé! C:UsersBerAppDataRoamingF2DFC694
Supprimé! F:cities.lnk
Supprimé! F:Analyse Puissance_Bilan.lnk
Supprimé! F:ATTESTATION DE PRISE EN CHARGE.lnk
Supprimé! F:Analyse Puissance Fct actuel.lnk
Supprimé! F:courbes nouvelles pompes.lnk
Supprimé! F:SIRENE 1 ( Liste des numéros ).lnk
Supprimé! F:Liste des numéros_schéma sirene.lnk
Supprimé! F:Analyseur de puissance.lnk
Supprimé! F:Conso_débitpompe .lnk
Supprimé! F:Calendrier universitaire 2013-2014 -UFR sciences- L et M- complet.lnk
Supprimé! F:Armoire_sirene.lnk
Supprimé! F:Configuration de la SIRENE.lnk
Supprimé! F:Lettre prefecture _Titre de séjour.lnk
Supprimé! F:Lettre relance pref.lnk
Supprimé! F:COFFRET SIRENE PERIGUEUX VERSION B 17 07 2012.lnk
Supprimé! F:Types Communications SC1000.lnk
Supprimé! F:Classeur sirènesV1.lnk
Supprimé! F:SIRENE___INSTRUMENTATION.lnk
Supprimé! F:DOSSIER TECHNIQUE SIRENE_supp.lnk
Supprimé! F:Découpage prestations.lnk
Supprimé! F:Caracteristiques SIRENE.lnk
Supprimé! F:Sirene.lnk
Supprimé! F:Classeur1.lnk
Supprimé! F:PR Villeneuve.lnk
Supprimé! F:Bilan Puissance PR VILLENEUVE.lnk
Supprimé! F:Private.lnk
Supprimé! F:WALogs.lnk
Supprimé! F:Images.lnk
Supprimé! F:Nokia.lnk
Supprimé! F:system.lnk
Supprimé! F:Sounds.lnk
Supprimé! F:Videos.lnk
Supprimé! F:Data.lnk
Supprimé! F:Installs.lnk
Supprimé! F:sys.lnk
Supprimé! F:resource.lnk
Supprimé! F:Activenotes.lnk
Supprimé! F:FOUND.000.lnk
Supprimé! F:LOST.DIR.lnk
Supprimé! F:download.lnk
Supprimé! F:My Videos.lnk
Supprimé! F:Rapport CNS.lnk
Supprimé! F:DCIM.lnk
Supprimé! F:E6fS5sMA.lnk
Supprimé! H:E6fS5sMA.lnk
Supprimé! H:21.lnk
Supprimé! H:Les.lnk
Supprimé! H:iTunesHelper.lnk
Supprimé! H:schulmberger.lnk
Supprimé! H:Cours et Documents joints au cours_2011 v2.lnk
Supprimé! H:cours et documents joints au cours gest prog.lnk
Supprimé! C:UsersBerAppDataLocaldt.dat
Supprimé! C:UsersPublic4zz.VBE
Supprimé! C:UsersPublic7zz.VBE
Supprimé! C:UsersPublic9eimmD.vbe
Supprimé! C:UsersPublic9eizmmD.vbe
Supprimé! C:UsersPublic9stiemD.VBE
Supprimé! C:UsersPublic9stziemD.VBE
Supprimé! C:UsersBerAppDataRoamingBerv3.4.2.2.vbs
Supprimé! C:UsersBerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupi7i9VclD.lnk
Supprimé! C:UsersBerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiz710bclD.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-653038974-2787925673-1712095740-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Intel(R)LSM
Supprimé! HKUS-1-5-21-653038974-2787925673-1712095740-1000SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP

################## | Listing |

[11/07/2012 – 08:17:29 | SHD ] C:$Recycle.Bin
[28/06/2012 – 15:46:59 | N | 1024] C:.rnd
[11/06/2012 – 11:50:11 | C | 88] C:22.log
[04/10/2011 – 17:52:21 | D ] C:35bbe11cbffafd91f61a87f51912
[26/06/2010 – 02:11:58 | D ] C:4ca4db5ebf8500606e507a7727
[13/10/2010 – 03:04:42 | D ] C:670ebfd3fc53135708a0fb048dcf9133
[19/12/2010 – 04:47:20 | D ] C:9344ea76080d57383bc1da63
[18/12/2010 – 07:46:05 | D ] C:967c5dcb9a6d11e607601cb99725e3
[19/12/2010 – 17:36:12 | D ] C:a45def6d29e253152f9f8ffb67
[08/09/2010 – 02:51:12 | D ] C:ac0bd618c67abd6ccf8ac964e7
[27/04/2013 – 15:05:31 | D ] C:Autodesk
[10/06/2009 – 23:42:20 | N | 24] C:autoexec.bat
[15/06/2012 – 00:45:08 | SHD ] C:Boot
[20/11/2010 – 23:29:06 | RASH | 383786] C:bootmgr
[15/06/2012 – 00:45:11 | RASHC | 8192] C:BOOTSECT.BAK
[17/02/2009 – 17:47:35 | D ] C:Brother
[10/06/2009 – 23:42:20 | N | 10] C:config.sys
[14/07/2009 – 06:53:55 | SHD ] C:Documents and Settings
[22/11/2012 – 13:21:11 | D ] C:Firefox
[20/10/2013 – 15:36:26 | ASH | 803774464] C:hiberfil.sys
[15/06/2012 – 02:37:37 | D ] C:inetpub
[08/01/2011 – 07:02:14 | C | 0] C:IO.SYS
[23/03/2013 – 16:39:13 | D ] C:Kreapixel
[06/01/2012 – 00:05:01 | D ] C:Live! Cam
[08/01/2011 – 07:02:14 | C | 0] C:MSDOS.SYS
[16/12/2009 – 18:40:55 | RHD ] C:MSOCache
[20/10/2013 – 15:58:56 | ASH | 1327497216] C:pagefile.sys
[14/07/2009 – 04:37:05 | D ] C:PerfLogs
[13/10/2013 – 23:26:57 | N | 512] C:PhysicalMBR.bin
[16/10/2013 – 13:43:19 | D ] C:Program Files
[16/10/2013 – 13:41:01 | HD ] C:ProgramData
[15/06/2012 – 02:17:36 | SHD ] C:Recovery
[21/12/2006 – 10:52:52 | C | 123] C:SWSTAMP.TXT
[19/10/2013 – 00:11:16 | SHD ] C:System Volume Information
[21/12/2006 – 10:45:25 | D ] C:Toshiba
[07/06/2009 – 16:02:38 | C | 989] C:updatedatfix.log
[20/10/2013 – 16:04:38 | D ] C:UsbFix
[20/10/2013 – 16:10:09 | A | 11400] C:UsbFix [Clean 1] BERNARD-OKB-PC.txt
[20/10/2013 – 14:38:52 | N | 11541] C:UsbFix [Scan 2] BERNARD-OKB-PC.txt
[11/07/2012 – 10:08:49 | C | 8541] C:user.js
[15/06/2012 – 02:18:01 | RD ] C:Users
[18/12/2006 – 11:30:41 | C | 475536] C:vcredist_x86.log
[02/03/2013 – 15:16:31 | D ] C:wamp
[16/10/2013 – 15:26:45 | D ] C:Windows
[11/07/2012 – 17:39:03 | DC ] C:Windows.old
[20/10/2013 – 15:31:25 | D ] C:_OTM
[21/12/2006 – 10:37:12 | CT | 21312] C:_wdsuef.dmp
[15/06/2012 – 02:18:27 | SHD ] D:$RECYCLE.BIN
[18/09/2006 – 14:45:22 | N | 3170304] D:boot.sdi
[06/06/2012 – 11:09:58 | D ] D:PARTAGE
[18/12/2006 – 08:50:47 | AD ] D:sources
[24/06/2012 – 21:35:34 | SHD ] D:System Volume Information
[02/10/2012 – 14:39:02 | D ] F:Private
[02/10/2012 – 14:40:36 | D ] F:WALogs
[30/09/2013 – 13:52:12 | D ] F:Images
[02/10/2012 – 18:38:06 | D ] F:cities
[18/07/2013 – 16:39:00 | N | 238] F:qf
[03/10/2012 – 10:16:16 | D ] F:Nokia
[04/10/2012 – 13:13:16 | SHD ] F:system
[07/10/2012 – 23:05:12 | D ] F:Sounds
[07/10/2012 – 23:11:16 | D ] F:Videos
[15/10/2012 – 16:35:38 | D ] F:Data
[15/10/2012 – 16:36:42 | D ] F:Installs
[15/10/2012 – 16:37:26 | D ] F:sys
[15/10/2012 – 16:37:32 | D ] F:resource
[08/01/2013 – 16:41:14 | D ] F:Activenotes
[26/08/2013 – 08:10:12 | D ] F:FOUND.000
[22/09/2013 – 23:51:24 | D ] F:LOST.DIR
[18/11/2012 – 17:37:08 | D ] F:download
[08/12/2012 – 12:47:16 | D ] F:My Videos
[29/07/2013 – 19:55:20 | N | 35509] F:Analyse Puissance_Bilan.xlsx
[18/08/2013 – 15:47:48 | N | 278594] F:ATTESTATION DE PRISE EN CHARGE.pdf
[01/08/2013 – 17:22:24 | N | 48909] F:Analyse Puissance Fct actuel.xlsx
[01/08/2013 – 14:32:16 | N | 90306] F:courbes nouvelles pompes.xlsx
[13/08/2013 – 12:13:42 | N | 14698] F:SIRENE 1 ( Liste des numéros ).xlsx
[19/08/2013 – 16:22:34 | N | 22440] F:Liste des numéros_schéma sirene.xlsx
[04/09/2013 – 18:00:32 | N | 1127424] F:Analyseur de puissance.doc
[20/08/2013 – 11:17:46 | N | 41472] F:Conso_débitpompe .xls
[06/09/2013 – 13:15:26 | N | 90738] F:Calendrier universitaire 2013-2014 -UFR sciences- L et M- complet.pdf
[30/09/2013 – 13:48:26 | D ] F:DCIM
[27/05/2013 – 15:10:24 | N | 33792] F:Armoire_sirene.doc
[18/08/2013 – 21:45:02 | N | 1404928] F:Configuration de la SIRENE.accdb
[27/02/2013 – 16:06:24 | N | 13103] F:Lettre prefecture _Titre de séjour.docx
[19/06/2013 – 17:59:14 | N | 26112] F:Lettre relance pref.doc
[26/06/2013 – 16:46:10 | N | 76346] F:COFFRET SIRENE PERIGUEUX VERSION B 17 07 2012.pdf
[26/06/2013 – 16:46:30 | N | 1586298] F:Types Communications SC1000.pdf
[26/06/2013 – 16:59:54 | N | 4040121] F:Classeur sirènesV1.pdf
[26/06/2013 – 17:02:54 | N | 207610] F:SIRENE___INSTRUMENTATION.pdf
[29/06/2013 – 13:12:54 | N | 35895] F:DOSSIER TECHNIQUE SIRENE_supp.docx
[19/07/2013 – 13:25:20 | N | 20913] F:Découpage prestations.xlsx
[20/07/2013 – 15:03:22 | N | 36352] F:Caracteristiques SIRENE.xls
[22/07/2013 – 02:04:30 | N | 29696] F:Sirene.xls
[25/07/2013 – 17:17:22 | N | 17408] F:Classeur1.xls
[28/07/2013 – 13:03:06 | D ] F:Rapport CNS
[29/07/2013 – 10:05:54 | N | 50688] F:PR Villeneuve.xls
[29/07/2013 – 15:30:40 | N | 619008] F:Bilan Puissance PR VILLENEUVE.xls
[25/09/2013 – 21:10:34 | N | 1270996992] H:21.And.Over.avi
[25/09/2013 – 21:29:52 | N | 1466589184] H:Les.Gamins.avi
[15/10/2013 – 03:10:34 | D ] H:schulmberger
[18/10/2013 – 10:27:06 | D ] H:Cours et Documents joints au cours_2011 v2
[18/10/2013 – 10:28:32 | D ] H:cours et documents joints au cours gest prog

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |