Yoh
Nombre d'articles : 0

J’ai du le réinstaller, il avait disparu inopinément ._.
Voilà:

############################## | UsbFix V 7.147 | [Suppression]

Utilisateur: Yoh # Sark (Administrateur) # YOHRIE
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 13:22:22 | 31/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (18D4)
CPU: AMD E2-1800 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3674 | Free : 2580]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16688
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 278 Go (225 Go libre(s) – 81%) [] # NTFS
D: -> Disque fixe # 19 Go (2 Go libre(s) – 12%) [RECOVERY] # NTFS
E: -> Disque amovible # 31 Go (28 Go libre(s) – 91%) [MACHINNOIR] # FAT32
F: -> Disque amovible # 7 Go (2 Go libre(s) – 21%) [] # FAT32
G: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [] # NTFS

################## | Référence de comparaison MD5 |

Md5 : 01c034d0effbf218689f6f4678af63cc -> C:Userssarkl_000AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupupdat.vbs
Md5 : DENIED -> C:UsersSARKL_~1AppDataLocalTempupdat.vbs
Md5 : 01c034d0effbf218689f6f4678af63cc -> E:updat.vbs
Md5 : 01c034d0effbf218689f6f4678af63cc -> F:updat.vbs
Md5 : 01c034d0effbf218689f6f4678af63cc -> G:updat.vbs

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID: 940 |ParentID: 688)
Stoppé! C:Windowssystem32atieclxx.exe (ID: 1072 |ParentID: 940)
Stoppé! C:Program FilesIDTWDMSTacSV64.exe (ID: 1180 |ParentID: 688)
Stoppé! C:Windowssystem32Hpservice.exe (ID: 1308 |ParentID: 688)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1524 |ParentID: 688)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1740 |ParentID: 688)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1936 |ParentID: 688)
Stoppé! C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1996 |ParentID: 688)
Stoppé! C:Program Files (x86)Ralink CorporationRalink Bluetooth StackBlueSoleilCS.exe (ID: 1156 |ParentID: 688)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1456 |ParentID: 688)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1860 |ParentID: 688)
Stoppé! C:Windowssystem32dashost.exe (ID: 1856 |ParentID: 1104)
Stoppé! C:Windowssystem32taskhostex.exe (ID: 2508 |ParentID: 688)
Stoppé! C:WindowsExplorer.EXE (ID: 2612 |ParentID: 2568)
Stoppé! C:Program Files (x86)Ralink CorporationRalink Bluetooth StackBsHelpCS.exe (ID: 2124 |ParentID: 688)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3488 |ParentID: 688)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 3676 |ParentID: 3512)
Stoppé! C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (ID: 3724 |ParentID: 688)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3964 |ParentID: 688)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweLiveComm.exe (ID: 4012 |ParentID: 800)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3208 |ParentID: 1104)
Stoppé! C:Program FilesIDTWDMsttray64.exe (ID: 4092 |ParentID: 2612)
Stoppé! C:WindowsSystem32wscript.exe (ID: 4028 |ParentID: 2612)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID: 2416 |ParentID: 3716)
Stoppé! C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe (ID: 504 |ParentID: 3716)
Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4176 |ParentID: 688)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4184 |ParentID: 3716)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 4336 |ParentID: 800)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 4876 |ParentID: 3880)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 4248 |ParentID: 4876)
Stoppé! C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe (ID: 4724 |ParentID: 688)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 3252 |ParentID: 688)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4964 |ParentID: 688)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 3108 |ParentID: 2612)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 3528 |ParentID: 3108)
Stoppé! C:WindowsSystem32MacromedFlashFlashUtil_ActiveX.exe (ID: 2544 |ParentID: 800)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3152 |ParentID: 268)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 3024 |ParentID: 3964)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 4060 |ParentID: 3964)

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [BtTray] – “C:Program Files (x86)Ralink CorporationRalink Bluetooth StackBtTray.exe”
HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWARE | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [BtTray] – “C:Program Files (x86)Ralink CorporationRalink Bluetooth StackBtTray.exe”
HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWAREwow6432Node | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-396851991-46305949-3940267121-1002SOFTWARE | Run : [updat] – wscript.exe //B “C:UsersSARKL_~1AppDataLocalTempupdat.vbs”

################## | Recherche générique |

Supprimé! E:updat.vbs
Supprimé! F:updat.vbs
Supprimé! G:updat.vbs
Supprimé! C:UsersSARKL_~1AppDataLocalTempupdat.vbs
Supprimé! C:Userssarkl_000AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupupdat.vbs
Supprimé! E:Imeji.lnk
Supprimé! E:Chose -.lnk
Supprimé! E:Chose~.lnk
Supprimé! E:CV.lnk
Supprimé! E:Kaka reta.lnk
Supprimé! E:Seimei e no watashi no tegami.lnk
Supprimé! E:Kontesuto ya sonohoka no essei.lnk
Supprimé! E:Bideo.lnk
Supprimé! E:Zumen.lnk
Supprimé! E:Wanpîsu.lnk
Supprimé! E:Ongaku.lnk
Supprimé! F:20131015094234.lnk
Supprimé! F:DSC04899.lnk
Supprimé! F:20131015092331.lnk
Supprimé! F:20131015093008.lnk
Supprimé! F:Saison 4 VOST.lnk
Supprimé! F:Breaking Bad [Saison 2 COMPLETE FRENCH].lnk
Supprimé! G:Slender – The Arrival.lnk

(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
Supprimé! HKUS-1-5-21-396851991-46305949-3940267121-1002SoftwareMicrosoftWindowsCurrentVersionRun|updat

################## | Listing |

[25/12/2012 – 09:30:12 | SHD ] C:$Recycle.Bin
[04/08/2012 – 00:21:36 | SHD ] C:Boot
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
[04/08/2012 – 00:21:37 | RASH | 8192] C:BOOTSECT.BAK
[26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
[31/10/2013 – 13:13:03 | ASH | 3082186752] C:hiberfil.sys
[25/12/2012 – 09:36:52 | D ] C:HP
[03/08/2012 – 23:39:51 | D ] C:inetpub
[25/12/2012 – 09:48:37 | RHD ] C:MSOCache
[31/10/2013 – 13:13:05 | ASH | 3892314112] C:pagefile.sys
[26/07/2012 – 08:33:46 | D ] C:PerfLogs
[17/03/2013 – 15:18:19 | D ] C:Program Files
[30/10/2013 – 22:09:02 | D ] C:Program Files (x86)
[30/10/2013 – 17:09:21 | HD ] C:ProgramData
[04/01/2013 – 13:27:36 | D ] C:sources
[31/10/2013 – 13:13:05 | ASH | 268435456] C:swapfile.sys
[27/02/2013 – 16:52:32 | D ] C:SWSetup
[30/10/2013 – 14:56:49 | SHD ] C:System Volume Information
[25/12/2012 – 09:28:34 | D ] C:SYSTEM.SAV
[31/10/2013 – 13:27:46 | D ] C:UsbFix
[31/10/2013 – 13:32:01 | A | 9044] C:UsbFix [Clean 1] YOHRIE.txt
[25/12/2012 – 09:23:57 | RD ] C:Users
[31/10/2013 – 13:12:08 | D ] C:Windows
[25/12/2012 – 09:35:03 | SHD ] D:$RECYCLE.BIN
[31/08/2012 – 16:28:16 | RSHD ] D:boot
[26/07/2012 – 04:44:32 | RASH | 398156] D:bootmgr
[26/07/2012 – 05:57:10 | N | 1350896] D:bootmgr.efi
[31/08/2012 – 16:28:16 | D ] D:EFI
[31/08/2012 – 16:28:16 | D ] D:FactoryUpdate
[31/08/2012 – 16:28:16 | D ] D:hp
[31/08/2012 – 16:28:20 | RSHD ] D:preload
[31/08/2012 – 16:28:16 | RSD ] D:recovery
[31/08/2012 – 16:28:16 | D ] D:RM_Reserve
[31/03/2013 – 08:41:22 | SHD ] D:System Volume Information
[30/10/2013 – 23:14:00 | D ] E:Wanpîsu
[30/10/2013 – 22:40:06 | D ] E:Imeji
[30/10/2013 – 22:37:54 | N | 394011] E:Chose -.-.docx
[30/10/2013 – 22:22:54 | N | 380039] E:Chose~.jpg
[30/10/2013 – 22:36:34 | N | 17126] E:CV.docx
[30/10/2013 – 23:15:18 | D ] E:Kaka reta
[30/10/2013 – 23:17:50 | D ] E:Seimei e no watashi no tegami
[30/10/2013 – 23:17:28 | D ] E:Kontesuto ya sonohoka no essei
[30/10/2013 – 17:04:26 | D ] E:Bideo
[30/10/2013 – 22:16:34 | D ] E:Zumen
[30/10/2013 – 22:30:04 | D ] E:Ongaku
[14/12/2011 – 16:31:12 | D ] F:Saison 4 VOST
[23/10/2013 – 14:04:44 | N | 575668224] F:20131015094234.m2ts
[15/10/2013 – 08:22:44 | N | 2033004] F:DSC04899.JPG
[23/10/2013 – 14:01:00 | N | 83951616] F:20131015092331.m2ts
[23/10/2013 – 14:03:08 | N | 776011776] F:20131015093008.m2ts
[13/10/2013 – 13:27:12 | D ] F:Breaking Bad [Saison 2 COMPLETE FRENCH]
[26/03/2013 – 10:37:44 | N | 9949184] G:Slender – The Arrival.exe

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |