Répondre à : rapport usbfix 2016-09-08T13:16:14+00:00
Florian
Nombre d'articles : 0

############################## | UsbFix V 7.150 | [Suppression]
Utilisateur: Charly (Administrateur) # CHARLY-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 16:44:18 | 10/11/2013
Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;
PC: ASUSTeK COMPUTER INC. (UX32VD)
CPU: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
RAM -> [Total : 3982 | Free : 1814]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C: (%systemdrive%) -> Disque fixe # 186 Go (89 Go libre(s) – 48%) [OS] # NTFS
D: -> Disque fixe # 254 Go (83 Go libre(s) – 33%) [DATA] # NTFS
E: -> Disque amovible # 2 Go (361 Mo libre(s) – 19%) [] # FAT
F: -> Disque amovible # 2 Go (2 Go libre(s) – 97%) [] # FAT
################## | Processus Stoppés |
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1704 |ParentID: 1000)
Stoppé! C:Program Files (x86)IntelBluetoothdevmonsrv.exe (ID: 2124 |ParentID: 1000)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 472 |ParentID: 3200)
Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID: 6788 |ParentID: 1220)
Stoppé! C:Windowsexplorer.exe (ID: 4972 |ParentID: 940)
Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID: 6596 |ParentID: 1220)
Stoppé! C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID: 3452 |ParentID: 1220)
Stoppé! C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe (ID: 10372 |ParentID: 3452)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 10384 |ParentID: 1000)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 10468 |ParentID: 1220)
Stoppé! C:Program FilesIntelBluetoothHSBTHSSecurityMgr.exe (ID: 6700 |ParentID: 1000)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 10672 |ParentID: 1000)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 9900 |ParentID: 1000)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4756 |ParentID: 1000)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 10048 |ParentID: 9900)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 8004 |ParentID: 1000)
Stoppé! C:ProgramDataBitGuard2.7.1769.27{16cdff19-861d-48e3-a751-d99a27784753}BitGuard.exe (ID: 2516 |ParentID: 1000)
Stoppé! C:ProgramDataBitGuard2.7.1769.27{16cdff19-861d-48e3-a751-d99a27784753}BitGuard.exe (ID: 8348 |ParentID: 2516)
Stoppé! C:Windowssystem32taskeng.exe (ID: 10976 |ParentID: 1268)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 10284 |ParentID: 1000)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 2824 |ParentID: 1000)
Stoppé! C:Program FilesIntelBluetoothHSBTHSAmpPalService.exe (ID: 7508 |ParentID: 1000)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 9152 |ParentID: 5272)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 3840 |ParentID: 4972)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 6888 |ParentID: 3840)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 6820 |ParentID: 3840)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 6848 |ParentID: 6820)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 2840 |ParentID: 6848)
################## | Regedit Run |
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWARE | Run : [ACMON] – C:Program Files (x86)ASUSSplendidACMON.exe
04 – HKLMSOFTWARE | Run : [ASUS Screen Saver Protector] – C:WindowsAsScrPro.exe
04 – HKLMSOFTWARE | Run : [CLMLServer] – “C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe”
04 – HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ACMON] – C:Program Files (x86)ASUSSplendidACMON.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ASUS Screen Saver Protector] – C:WindowsAsScrPro.exe
04 – HKLMSOFTWAREwow6432Node | Run : [CLMLServer] – “C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3958955414-845279768-1248699977-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-3958955414-845279768-1248699977-1001SOFTWARE | Run : [Xvid] – C:Program Files (x86)XvidCheckUpdate.exe
04 – HKUS-1-5-21-3958955414-845279768-1248699977-1001SOFTWARE | Run : [SkyDrive] – “C:UsersCharlyAppDataLocalMicrosoftSkyDriveSkyDrive.exe” /background
04 – HKUS-1-5-21-3958955414-845279768-1248699977-1001SOFTWARE | Run : [ituneshelper] – wscript.exe //B “C:UsersCharlyAppDataLocalTempituneshelper.vbe”
04 – HKUS-1-5-21-3958955414-845279768-1248699977-1001SOFTWARE | Run : [Viber] – “C:UsersCharlyAppDataLocalViberViber.exe” StartMinimized
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
################## | Recherche générique |
Supprimé! C:UsersCharlyAppDataLocalTempituneshelper.vbe
Supprimé! C:UsersCharlyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupituneshelper.vbe
Supprimé! F:ituneshelper.vbe
Supprimé! F:armenia_gyumri_2-wallpaper-1366×768.lnk
Supprimé! E:ix8bmwx.bat
(!) Fichiers temporaires supprimés.
################## | Référence de comparaison MD5 |
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersCharlyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupituneshelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersCharlyAppDataLocalTempituneshelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> F:ituneshelper.vbe
################## | Comparaison MD5 |
################## | Registre |
Supprimé! HKUS-1-5-21-3958955414-845279768-1248699977-1001SoftwareMicrosoftWindowsCurrentVersionRun|ituneshelper
################## | Listing |
[05/12/2012 – 22:27:13 | SHD ] C:$RECYCLE.BIN
[02/12/2012 – 21:16:32 | D ] C:AsusVibeData
[28/10/2013 – 22:50:13 | N | 192055] C:bdlog.txt
[29/07/2009 – 07:03:34 | SHD ] C:Boot
[14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
[29/07/2009 – 07:03:37 | RASH | 8192] C:BOOTSECT.BAK
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[19/06/2012 – 14:17:19 | D ] C:eSupport
[07/11/2013 – 17:48:00 | ASH | 3131482112] C:hiberfil.sys
[19/06/2012 – 14:00:46 | D ] C:Intel
[25/12/2012 – 02:20:20 | RHD ] C:MSOCache
[07/11/2013 – 17:48:03 | ASH | 4175310848] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[28/10/2013 – 23:02:34 | D ] C:Program Files
[02/11/2013 – 00:14:45 | D ] C:Program Files (x86)
[02/11/2013 – 00:14:46 | HD ] C:ProgramData
[29/07/2009 – 06:22:15 | D ] C:Recovery
[09/11/2013 – 12:29:45 | D ] C:System Volume Information
[02/12/2012 – 21:16:39 | N | 20087] C:TMPatch.log
[10/11/2013 – 16:47:11 | D ] C:UsbFix
[10/11/2013 – 16:47:14 | A | 10172] C:UsbFix [Clean 2] CHARLY-PC.txt
[29/10/2013 – 18:37:01 | N | 16239] C:UsbFix [Scan 1] CHARLY-PC.txt
[10/11/2013 – 16:02:11 | N | 17053] C:UsbFix [Scan 2] CHARLY-PC.txt
[06/09/2012 – 20:45:55 | N | 304] C:user.js
[05/09/2012 – 17:45:49 | RD ] C:Users
[19/04/2012 – 09:12:12 | N | 6293504] C:UX32A.BIN
[19/04/2012 – 08:09:04 | N | 6293504] C:UX32VD.BIN
[03/11/2013 – 11:10:54 | D ] C:Windows
[19/09/2012 – 21:07:42 | SHD ] D:$RECYCLE.BIN
[03/11/2013 – 19:06:11 | D ] D:CHARLY-PC
[02/11/2013 – 11:22:40 | D ] D:Ecole iesp
[22/03/2013 – 18:46:08 | D ] D:film
[16/12/2012 – 10:06:02 | D ] D:images
[01/10/2012 – 18:03:53 | N | 528] D:MediaID.bin
[23/02/2013 – 17:41:06 | D ] D:musique
[02/11/2013 – 11:38:22 | D ] D:Sport
[03/02/2013 – 19:17:50 | SHD ] D:System Volume Information
[01/10/2012 – 18:10:49 | D ] D:WindowsImageBackup
[01/07/2011 – 15:21:54 | D ] E:Nouveau dossier
[02/07/2011 – 01:53:20 | N | 188909592] E:Blue.Mountain.State.S01E07.avi
[02/07/2011 – 01:50:00 | N | 187946766] E:epz-blue.mountain.state.108.avi
[14/02/2012 – 23:05:26 | N | 17334] E:Avant de parler de Cour d.docx
[15/02/2012 – 09:46:14 | N | 408403] E:Doc1.docx
[07/04/2012 – 03:50:52 | N | 14140] E:CV Ornella.docx
[02/07/2011 – 01:06:08 | D ] E:Nouveau dossier (2)
[13/02/2012 – 21:39:30 | N | 71973] E:406571_3177715327370_1400238473_33268331_638274574_n.jpg
[13/02/2012 – 21:40:22 | N | 38567] E:309074_2458513067763_1400238473_32884162_1294304443_n.jpg
[13/02/2012 – 21:40:40 | N | 6583] E:373957_3059643015636_1400238473_33220830_892031632_a.jpg
[13/02/2012 – 21:41:30 | N | 32755] E:404944_3130705872163_1400238473_33249493_715111744_n.jpg
[19/09/2012 – 21:01:10 | N | 615872] F:armenia_gyumri_2-wallpaper-1366×768.jpg
################## | Vaccin |
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |