sleclerc
Participant
Nombre d'articles : 11

Bonjour,

Voici le rapport de USBFIX.

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Patrick (Administrateur) # PATRICK-PORT
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 16:34:52 | 25/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (F7L )
CPU: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
RAM -> [Total : 2039 | Free : 1421]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 11.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 75 Go (16 Go libre(s) – 21%) [VistaOS] # NTFS
D: -> Disque fixe # 67 Go (24 Go libre(s) – 36%) [DATA] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 2 Go (1 Go libre(s) – 64%) [USB DISK] # FAT

################## | Processus Stoppés |

Stoppé! C:WindowsExplorer.EXE (ID: 1424 |ParentID: 1416)
Stoppé! C:Windowssystem32ctfmon.exe (ID: 1480 |ParentID: 1424)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1800 |ParentID: 608)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [Adobe Acrobat Speed Launcher] – “C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe”
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Acrobat Assistant 8.0] – “C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe”
04 – HKLMSOFTWARE | Run : [AdobeCS4ServiceManager] – “C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [hpqSRMon] – C:Program FilesHPDigital ImagingbinhpqSRMon.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3648408357-181676910-2218314142-1000SOFTWARE | Run : [msnmsgr] – “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-3648408357-181676910-2218314142-1000SOFTWARE | Run : [GoogleDriveSync] – “C:Program FilesGoogleDrivegoogledrivesync.exe” /autostart
04 – HKUS-1-5-21-3648408357-181676910-2218314142-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! G:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> G:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

################## | Listing |

[13/06/2010 – 18:45:03 | SHD ] C:$Recycle.Bin
[19/01/2008 – 07:17:25 | D ] C:ADOBE
[19/01/2008 – 08:37:55 | D ] C:ADSM_PData_0150
[22/11/2013 – 17:12:39 | D ] C:AdwCleaner
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[18/09/2011 – 15:20:01 | SHD ] C:Boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[22/04/2010 – 11:17:14 | RASH | 8192] C:BOOTSECT.BAK
[04/04/2007 – 05:01:54 | N | 19] C:CA13.txt
[06/05/2009 – 12:48:27 | N | 480792] C:caisslog.txt
[25/11/2013 – 11:10:15 | HD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[19/01/2008 – 09:14:42 | N | 19555] C:devlist.txt
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[13/11/2007 – 18:54:11 | N | 17] C:F7E_F7L_VISTA.10
[26/02/2008 – 07:46:10 | N | 1048576] C:F7L.BIN
[19/01/2008 – 09:11:21 | N | 9] C:Finish.log
[25/11/2013 – 16:32:22 | ASH | 1603723264] C:hiberfil.sys
[19/01/2008 – 08:11:47 | D ] C:Intel
[08/04/2010 – 11:23:20 | D ] C:Lexmark
[05/10/2013 – 08:06:13 | D ] C:logs
[19/01/2008 – 06:33:56 | RHD ] C:MSOCache
[07/08/2007 – 22:43:02 | N | 15] C:NERO.LOG
[19/01/2008 – 07:13:11 | D ] C:NIS
[17/05/2007 – 04:35:24 | N | 15] C:NIS2007_A.TXT
[16/03/2007 – 00:18:45 | N | 25] C:OFFICE2007_A.TXT
[25/11/2013 – 16:32:26 | ASH | 2138300416] C:pagefile.sys
[18/01/2008 – 17:56:54 | N | 105] C:Pass.txt
[28/09/2007 – 00:56:05 | N | 947] C:Patch.LOG
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[22/11/2013 – 17:34:48 | N | 512] C:PhysicalDisk0_MBR.bin
[18/01/2008 – 17:17:05 | D ] C:Preload
[25/11/2013 – 11:21:56 | D ] C:Program Files
[22/11/2013 – 14:32:06 | HD ] C:ProgramData
[23/05/2007 – 23:43:40 | N | 17] C:READER_A.TXT
[22/04/2010 – 12:49:01 | SHD ] C:Recovery
[19/01/2008 – 08:29:26 | N | 426] C:RHDSetup.log
[23/04/2008 – 20:58:58 | N | 159] C:Setup.log
[17/10/2009 – 06:25:28 | D ] C:SPDISK
[16/05/2006 – 01:22:24 | N | 5] C:Store.LOG
[24/11/2013 – 21:33:32 | SHD ] C:System Volume Information
[25/11/2013 – 16:41:30 | D ] C:UsbFix
[25/11/2013 – 15:05:33 | N | 8114] C:UsbFix [Clean 1] PATRICK-PORT.txt
[25/11/2013 – 15:21:54 | N | 7961] C:UsbFix [Clean 2] PATRICK-PORT.txt
[25/11/2013 – 16:29:15 | N | 7428] C:UsbFix [Clean 3] PATRICK-PORT.txt
[25/11/2013 – 16:41:39 | A | 6403] C:UsbFix [Clean 4] PATRICK-PORT.txt
[22/04/2010 – 12:49:09 | RD ] C:Users
[14/09/2007 – 00:06:04 | N | 23] C:V53.TXT
[25/11/2013 – 16:32:23 | D ] C:Windows
[22/04/2010 – 12:49:21 | SHD ] D:$RECYCLE.BIN
[19/12/2010 – 17:40:33 | D ] D:5488786750b55a0ffb9a2d7ef8
[29/03/2013 – 11:35:33 | D ] D:Bourse
[21/11/2013 – 18:04:27 | D ] D:Bureau
[07/09/2012 – 07:54:35 | N | 21504] D:Energy’s stones 2.doc
[07/09/2012 – 07:59:26 | N | 10948] D:Energy’s stones 2.pdf
[25/04/2012 – 19:32:33 | N | 10760] D:Energy’s stones.pdf
[04/10/2013 – 07:08:34 | D ] D:Fichier _musique
[11/10/2011 – 10:59:36 | D ] D:Firefox
[20/08/2013 – 17:45:02 | N | 49719202] D:Grosses tetes Dodo la Saumure.mp3
[20/08/2013 – 13:41:13 | N | 42166073] D:Grosses tetes Sabrina.mp3
[30/05/2013 – 07:37:36 | N | 22017671] D:L-INTEGRALE-La-grande-aventure-du-Canal-du-Midi-124203333.mp3
[02/10/2013 – 22:06:10 | D ] D:Lahaie
[30/05/2013 – 07:39:14 | N | 4982700] D:LE-RECIT-La-grande-aventure-du-Canal-du-Midi-124203647.mp3
[02/10/2013 – 22:09:12 | D ] D:Matis et Virée dans les Alpes
[21/11/2013 – 18:02:08 | D ] D:Patrick
[25/10/2013 – 14:18:14 | D ] D:Photos Porte de Montchat
[20/06/2013 – 16:08:18 | D ] D:Pictures
[19/01/2008 – 06:23:23 | SHD ] D:System Volume Information
[20/06/2013 – 15:04:24 | D ] D:ZPhotos diverses
[27/08/2011 – 17:26:18 | D ] G:randonnée 2011
[21/11/2013 – 14:23:44 | D ] G:Scan Folder
[09/08/2012 – 14:11:48 | D ] G:SCAN_00
[24/02/2012 – 10:34:04 | D ] G:Meubles
[09/05/2012 – 20:00:16 | D ] G:Photos Appt 2
[22/05/2012 – 14:00:40 | D ] G:Photos Appt 1
[18/11/2013 – 14:56:22 | N | 3102] G:Facture_16112013F3R182.pdf
[18/11/2013 – 14:53:54 | N | 3116] G:Facture_18112013F2R247.pdf
[15/12/2012 – 11:33:16 | N | 7671882] G:Chambre.jpg
[06/11/2012 – 18:31:22 | N | 2087865] G:Vue d’ensemble 1.JPG
[15/12/2012 – 11:34:10 | N | 7456323] G:Coin-Cuisine.jpg
[18/11/2013 – 12:24:30 | N | 27648] G:Gde Mezzanine le Bon Coin.doc
[18/06/2012 – 12:25:14 | D ] G:contactplus
[07/05/2012 – 10:12:48 | D ] G:Les filles

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |