Antoine95
Participant
Nombre d'articles : 7

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Alessia (Administrateur) # ALESSIA-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 23:21:21 | 17/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer ( )
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
RAM -> [Total : 1012 | Free : 294]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Internet Security [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 221 Go (194 Go libre(s) – 88%) [Acer] # NTFS
D: -> Disque amovible # 246 Mo (84 Mo libre(s) – 34%) [UDISK 26X] # FAT

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1408 |ParentID: 596)
Stoppé! C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1476 |ParentID: 596)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3904 |ParentID: 3072)
Stoppé! C:Windowsexplorer.exe (ID: 4324 |ParentID: 620)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3544 |ParentID: 980)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 2684 |ParentID: 748)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1976 |ParentID: 596)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3648 |ParentID: 1976)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 1324 |ParentID: 596)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 4700 |ParentID: 1024)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4736 |ParentID: 596)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 5464 |ParentID: 596)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 5444 |ParentID: 596)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 1424 |ParentID: 4324)
Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 5452 |ParentID: 1424)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5436 |ParentID: 5452)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5812 |ParentID: 5436)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IAAnotif] – C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLMSOFTWARE | Run : [Acer ePower Management] – C:Program FilesAcerAcer ePower ManagementePowerTray.exe
04 – HKLMSOFTWARE | Run : [EgisTecLiveUpdate] – “C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe”
04 – HKLMSOFTWARE | Run : [mwlDaemon] – C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [LManager] – C:Program FilesLaunch ManagerLManager.exe
04 – HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [PLFSetI] – C:WindowsPLFSetI.exe
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-626742605-336239426-579974502-1000SOFTWARE | Run : [msnmsgr] – “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-626742605-336239426-579974502-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersAlessiaAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersAlessiaAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersAlessiaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! D:iTunesHelper.vbe
Supprimé! D:PLANNING VACANCES NOEL.lnk
Supprimé! D:plan IPC 5.lnk
Supprimé! D:VOIES D’EXECUTION 2013-2014.lnk
Supprimé! D:LIVRETS.lnk
Supprimé! D:COURS LICENCE DROIT.lnk
Supprimé! D:COURS M1 DROIT PATRIMONIAL ET IMMOBILIER.lnk
Supprimé! D:LES CODES.lnk
Supprimé! D:COURS 2013 – 2014.lnk
Supprimé! D:TD DDS.lnk
Supprimé! D:DDS.lnk
Supprimé! D:VOIES D’EXECUTION EVE.lnk
Supprimé! D:.lnk
Supprimé! D:INSTRUMENTS DE PAIEMENT ET DE CREDIT M.lnk
Supprimé! D:INSTRUMENTS DE PAIEMENT ET DE CREDIT – ANTOINE.lnk
Supprimé! D:Antoine Di Betta – Lettre de motivation.lnk
Supprimé! D:Antoine Di Betta C.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersAlessiaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersAlessiaAppDataLocalTempiTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> D:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-626742605-336239426-579974502-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-626742605-336239426-579974502-1000Software….Mountpoints2D
Supprimé! HKUS-1-5-21-626742605-336239426-579974502-1000Software….Mountpoints2{2c390ff7-46c8-11e3-8a83-00269e38be4c}

################## | Listing |

[05/11/2013 – 22:59:52 | SHD ] C:$Recycle.Bin
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[05/11/2013 – 23:01:16 | D ] C:book
[21/08/2009 – 03:04:47 | RASH | 8192] C:BOOTSECT.BAK
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[17/11/2013 – 22:48:17 | ASH | 795832320] C:hiberfil.sys
[21/08/2009 – 02:13:53 | D ] C:Intel
[21/08/2009 – 02:43:09 | RHD ] C:MSOCache
[06/11/2013 – 09:15:44 | D ] C:OEM
[17/11/2013 – 22:48:21 | ASH | 1073741824] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[17/11/2013 – 17:34:57 | D ] C:Program Files
[06/11/2013 – 10:38:17 | HD ] C:ProgramData
[05/11/2013 – 22:57:03 | SHD ] C:Recovery
[21/08/2009 – 02:33:40 | N | 1930] C:RHDSetup.log
[17/11/2013 – 17:42:31 | SHD ] C:System Volume Information
[17/11/2013 – 23:26:48 | D ] C:UsbFix
[17/11/2013 – 23:26:58 | A | 7123] C:UsbFix [Clean 3] ALESSIA-PC.txt
[17/11/2013 – 21:13:43 | N | 9624] C:UsbFix [Scan 1] ALESSIA-PC.txt
[17/11/2013 – 22:05:05 | N | 6700] C:UsbFix [Scan 2] ALESSIA-PC.txt
[17/11/2013 – 23:03:14 | N | 9391] C:UsbFix [Scan 3] ALESSIA-PC.txt
[05/11/2013 – 22:57:14 | RD ] C:Users
[12/11/2013 – 20:23:15 | D ] C:Windows
[29/10/2013 – 14:51:58 | D ] D:LIVRETS
[29/10/2013 – 14:51:18 | D ] D:COURS LICENCE DROIT
[29/10/2013 – 14:51:56 | D ] D:COURS M1 DROIT PATRIMONIAL ET IMMOBILIER
[29/10/2013 – 14:51:56 | D ] D:LES CODES
[29/10/2013 – 20:48:44 | N | 27102] D:Antoine Di Betta – Lettre de motivation.pdf
[11/10/2013 – 17:40:54 | N | 57203] D:Antoine Di Betta C.V PDF.pdf
[04/11/2013 – 17:02:56 | N | 75501] D:INSTRUMENTS DE PAIEMENT ET DE CREDIT M. Gouezel.odt
[04/11/2013 – 11:40:04 | D ] D:COURS 2013 – 2014
[30/10/2013 – 18:46:14 | N | 10667] D:PLANNING VACANCES NOEL.ods
[05/11/2013 – 13:47:34 | N | 34423] D:plan IPC 5.pdf
[13/11/2013 – 13:58:00 | N | 67477] D:VOIES D’EXECUTION 2013-2014.odt
[13/11/2013 – 19:02:30 | N | 85448] D:VOIES D’EXECUTION EVE.docx
[13/11/2013 – 11:46:36 | N | 39860] D:TD DDS.odt
[13/11/2013 – 13:37:00 | N | 63840] D:DDS.odt
[17/11/2013 – 16:09:48 | N | 78310] D:INSTRUMENTS DE PAIEMENT ET DE CREDIT – ANTOINE.odt

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |