Répondre à : Clé infecté 2016-09-08T13:22:13+00:00
Emmanuelle
Participant
Post count: 7

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Emmaàa (Administrateur) # MANUE
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 15:29:38 | 30/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Packard Bell (EG50_HC_HR)
CPU: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
RAM -> [Total : 3909 | Free : 2340]
Bios: Packard Bell
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 446 Go (364 Go libre(s) – 82%) [Packard Bell] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [USB COURS] # FAT32
F: -> Disque fixe # 296 Mo (247 Mo libre(s) – 84%) [ESP] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1212 |ParentID: 660)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4780 |ParentID: 4916)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 7516 |ParentID: 660)
Stoppé! C:Windowsexplorer.exe (ID: 7156 |ParentID: 676)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3952 |ParentID: 656)
Stoppé! C:Windowssystem32DllHost.exe (ID: 5352 |ParentID: 808)
Stoppé! C:Windowssystem32dllhost.exe (ID: 5216 |ParentID: 660)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4288 |ParentID: 660)
Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 5188 |ParentID: 660)
Stoppé! C:WindowsRfBtnSvc64.exe (ID: 6868 |ParentID: 660)
Stoppé! C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 2360 |ParentID: 5188)
Stoppé! C:Program Files (x86)Launch ManagerLManager.exe (ID: 4700 |ParentID: 5244)
Stoppé! C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID: 5612 |ParentID: 4700)
Stoppé! C:Windowssystem32igfxext.exe (ID: 2960 |ParentID: 808)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3756 |ParentID: 660)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 8144 |ParentID: 660)
Stoppé! C:WindowsSystem32msdtc.exe (ID: 4388 |ParentID: 660)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5936 |ParentID: 660)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 4560 |ParentID: 660)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 1976 |ParentID: 2556)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 4336 |ParentID: 7156)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 3808 |ParentID: 4336)
Stoppé! C:WindowsSystem32MacromedFlashFlashUtil_ActiveX.exe (ID: 4892 |ParentID: 808)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 8036 |ParentID: 4336)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweLiveComm.exe (ID: 6168 |ParentID: 808)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 4620 |ParentID: 808)
Stoppé! C:Windowssyswow64wwahost.exe (ID: 5760 |ParentID: 808)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [LManager] –
04 – HKLMSOFTWARE | Run : [RadioController] – “C:Program Files (x86)RadioControllerRfBtnHelper.exe” Start_Run
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate92bc2ff5-e54c-444c-87c7-8f47c99f3dfe.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] –
04 – HKLMSOFTWAREwow6432Node | Run : [RadioController] – “C:Program Files (x86)RadioControllerRfBtnHelper.exe” Start_Run
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate92bc2ff5-e54c-444c-87c7-8f47c99f3dfe.exe /check
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-987235696-3650151115-1304815827-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-987235696-3650151115-1304815827-1001SOFTWARE | Run : [Spotify Web Helper] – “C:UsersEmmaàaAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-987235696-3650151115-1304815827-1001SOFTWARE | Run : [EA Core] – “C:Program Files (x86)Electronic ArtsEADMCore.exe” -silent
04 – HKUS-1-5-21-987235696-3650151115-1304815827-1001SOFTWARE | Run : [cacaoweb] – “C:UsersEmmaàaAppDataRoamingcacaowebcacaoweb.exe” -noplayer

################## | Recherche générique |

Supprimé! E:ATTESTATION Mairie.odt.lnk
Supprimé! E:Diaporama.lnk
Supprimé! E:etat civil.doc.lnk
Supprimé! E:ETUDE A CARACTERE PROFESSIONNEL PBC MAI JUIN 2013.doc.lnk
Supprimé! E:Fiche oral de stage.lnk
Supprimé! E:fiche présentation OE Remplie.docx.lnk
Supprimé! E:fiche présentation OE.docx.lnk
Supprimé! E:Premiére.lnk
Supprimé! E:qualiville.odt.lnk
Supprimé! E:Rapport de stage correc.odt.lnk
Supprimé! E:Rapport de stage.odt.lnk
Supprimé! E:Seconde.lnk
Supprimé! E:SOMMAIRE.docx.lnk
Supprimé! E:Terminale.lnk
Supprimé! E:Titre.docx.lnk
Supprimé! E:ATTESTATION DE STAGE.doc.lnk
Supprimé! C:UsersEmmaàaAppDataLocaljv16PT_temp.tmp

(!) Fichiers temporaires supprimés.

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0

################## | Listing |

[23/02/2013 – 17:21:02 | SHD ] C:$Recycle.Bin
[30/11/2013 – 14:53:08 | D ] C:$Windows.~BT
[01/11/2013 – 20:53:03 | D ] C:AdwCleaner
[05/03/2013 – 14:11:30 | N | 30761] C:AdwCleaner[R1].txt
[05/03/2013 – 14:12:43 | N | 30634] C:AdwCleaner[S1].txt
[17/07/2013 – 11:34:09 | N | 16182] C:AdwCleaner[S2].txt
[02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
[26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
[30/11/2013 – 14:17:18 | ASH | 3279335424] C:hiberfil.sys
[05/09/2012 – 10:50:16 | D ] C:Intel
[23/02/2013 – 18:58:51 | RHD ] C:MSOCache
[23/02/2013 – 17:21:06 | D ] C:OEM
[30/11/2013 – 14:17:29 | ASH | 738197504] C:pagefile.sys
[26/07/2012 – 08:33:46 | D ] C:PerfLogs
[19/09/2013 – 17:52:24 | D ] C:Program Files
[09/11/2013 – 22:13:56 | D ] C:Program Files (x86)
[01/11/2013 – 19:40:23 | HD ] C:ProgramData
[07/12/2012 – 18:56:00 | D ] C:sources
[30/11/2013 – 14:17:30 | ASH | 268435456] C:swapfile.sys
[30/11/2013 – 14:19:44 | SHD ] C:System Volume Information
[30/11/2013 – 15:30:27 | D ] C:UsbFix
[30/11/2013 – 15:30:31 | A | 7510] C:UsbFix [Clean 1] MANUE.txt
[30/11/2013 – 15:02:35 | N | 8986] C:UsbFix [Scan 1] MANUE.txt
[30/11/2013 – 15:08:08 | N | 7849] C:UsbFix [Scan 2] MANUE.txt
[20/05/2013 – 12:45:56 | RD ] C:Users
[30/11/2013 – 14:56:53 | D ] C:Windows
[24/11/2013 – 19:06:04 | D ] E:sauvegarde mannue
[30/11/2013 – 14:54:46 | RASHD ] E:Autorun.inf
[07/12/2012 – 11:05:10 | D ] F:EFI
[30/11/2013 – 15:02:18 | RASH | 512] F:BOOTSECT.BAK

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |