chrispat.beauchamps
Participant
Nombre d'articles : 62

3eme ordinateur

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Jessica (Administrateur) # JESSICA-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 12:39:21 | 09/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Mimic )
CPU: Intel(R) Celeron(R) CPU 877 @ 1.40GHz
RAM -> [Total : 3932 | Free : 2805]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 450 Go (382 Go libre(s) – 85%) [Acer] # NTFS
D: -> Disque amovible # 30 Go (26 Go libre(s) – 88%) [CLÉ JESSICA] # FAT32
E: -> CD-ROM
F: -> Disque amovible # 30 Go (22 Go libre(s) – 73%) [CLÉ MAMAN] # FAT32

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 876 |ParentID: 572)
Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 3332 |ParentID: 572)
Stoppé! C:Windowsexplorer.exe (ID: 4972 |ParentID: 732)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4476 |ParentID: 336)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 4376 |ParentID: 708)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 4504 |ParentID: 572)
Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 3376 |ParentID: 572)
Stoppé! C:Program Files (x86)Launch ManagerLMworker.exe (ID: 664 |ParentID: 3376)
Stoppé! C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 3528 |ParentID: 3376)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 1712 |ParentID: 572)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1700 |ParentID: 572)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3172 |ParentID: 572)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 2748 |ParentID: 572)
Stoppé! C:Windowssystem32taskeng.exe (ID: 4208 |ParentID: 564)
Stoppé! C:Program FilesEgisTec IPSPMMUpdate.exe (ID: 2744 |ParentID: 4208)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 1096 |ParentID: 572)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3035427628-744425887-619855534-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-3035427628-744425887-619855534-1000SOFTWARE | Run : [HP Deskjet 3070 B611 series (NET)] – “C:Program FilesHPHP Deskjet 3070 B611 seriesBinScanToPCActivationApp.exe” -deviceID “CN18S376ZV05MQ:NW” -scfn “HP Deskjet 3070 B611 series (NET)” -AutoStart 1
04 – HKUS-1-5-21-3035427628-744425887-619855534-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-3035427628-744425887-619855534-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersJessicaAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-18SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}

################## | Recherche générique |

Supprimé! C:UsersJessicaAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersJessicaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! D:iTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! D:.lnk
Supprimé! D:neuropsychologie (2010-2011) (1).lnk
Supprimé! D:cours 1 neuro.lnk
Supprimé! D:.Trashes.lnk
Supprimé! D:.fseventsd.lnk
Supprimé! D:.Spotlight-V100.lnk
Supprimé! D:cours.lnk
Supprimé! D:jessica.lnk
Supprimé! D:films.lnk
Supprimé! D:photos.lnk
Supprimé! D:slides.lnk
Supprimé! F:.lnk
Supprimé! F:Jessica.lnk
Supprimé! F:1L8prJDN.lnk
Supprimé! F:Neuro Slide 2013.lnk
Supprimé! F:Cours linguistique-1.lnk
Supprimé! F:neuropsychologie (2010-2011).lnk
Supprimé! F:DVR.lnk
Supprimé! F:.Trashes.lnk
Supprimé! F:.Spotlight-V100.lnk
Supprimé! F:films.lnk
Supprimé! F:Erreur de descartes.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersJessicaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersJessicaAppDataLocalTempiTunesHelper.vbe
Md5 : 2051F45C2C97600D3B5253B8DE11F9D3 -> D:iTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> F:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-3035427628-744425887-619855534-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[17/06/2013 – 17:31:01 | SHD ] C:$Recycle.Bin
[20/08/2013 – 17:50:18 | D ] C:0ab2bb337d30c4962
[08/06/2012 – 11:51:04 | D ] C:book
[20/04/2012 – 09:55:27 | RASH | 8192] C:BOOTSECT.BAK
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[09/11/2013 – 12:14:59 | ASH | 3092533248] C:hiberfil.sys
[08/06/2012 – 11:56:44 | D ] C:Intel
[20/11/2012 – 20:57:45 | N | 80] C:log.txt
[28/09/2012 – 18:34:49 | RHD ] C:MSOCache
[28/09/2012 – 14:15:00 | D ] C:OEM
[09/11/2013 – 12:15:02 | ASH | 4123377664] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[04/11/2013 – 15:47:04 | D ] C:Program Files
[06/11/2013 – 11:40:17 | D ] C:Program Files (x86)
[06/11/2013 – 11:40:20 | HD ] C:ProgramData
[28/09/2012 – 14:11:39 | SHD ] C:Recovery
[08/11/2013 – 14:08:19 | SHD ] C:System Volume Information
[09/11/2013 – 12:42:41 | D ] C:UsbFix
[09/11/2013 – 12:42:48 | A | 7266] C:UsbFix [Clean 1] JESSICA-PC.txt
[09/11/2013 – 12:38:22 | N | 10847] C:UsbFix [Scan 1] JESSICA-PC.txt
[28/09/2012 – 14:11:45 | RD ] C:Users
[16/10/2013 – 07:17:49 | D ] C:Windows
[02/05/2013 – 13:18:24 | SH | 4096] D:._.Trashes
[02/05/2013 – 13:18:24 | SHD ] D:.Trashes
[16/05/2013 – 14:28:00 | D ] D:.fseventsd
[02/05/2013 – 13:18:26 | SHD ] D:.Spotlight-V100
[25/09/2012 – 16:45:16 | D ] D:cours
[30/09/2012 – 15:30:22 | D ] D:jessica
[17/06/2013 – 19:42:58 | D ] D:films
[19/08/2013 – 14:56:42 | D ] D:photos
[17/10/2013 – 09:42:08 | N | 11062693] D:neuropsychologie (2010-2011) (1).pdf
[31/10/2013 – 11:48:28 | N | 223771] D:cours 1 neuro.docx
[10/10/2013 – 09:18:02 | D ] D:slides
[11/01/2013 – 09:59:30 | SH | 4096] F:._.Trashes
[01/01/1980 – 00:00:00 | D ] F:DVR
[11/01/2013 – 09:59:30 | SHD ] F:.Trashes
[11/01/2013 – 09:59:30 | SHD ] F:.Spotlight-V100
[11/01/2013 – 10:00:10 | N | 4096] F:._TP fascicule.pdf
[11/01/2013 – 09:52:46 | D ] F:films
[29/12/2012 – 22:01:12 | N | 3567043652] F:Jessica.avi
[05/10/2013 – 04:55:00 | N | 637858145] F:Neuro Slide 2013.zip
[08/10/2013 – 17:58:18 | N | 448512] F:Cours linguistique-1.doc
[10/10/2013 – 10:42:08 | N | 11062693] F:neuropsychologie (2010-2011).pdf
[14/07/2013 – 22:26:16 | N | 35519] F:Erreur de descartes.docx
[24/10/2013 – 18:10:38 | N | 19346157] F:neuropsychologie (2010-2011).doc

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |