Répondre à : Dois-je effectuer la suppression ? 2016-09-08T13:25:55+00:00
Ismaël M.
Nombre d'articles : 0

Voilà le rappport

############################## | UsbFix V 7.155 | [Suppression]

Utilisateur: Ismo (Administrateur) # MAY-TOSH
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 21:37:59 | 17/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 3986 | Free : 1775]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Protection antivirus et antispyware McAfee [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 449 Go (314 Go libre(s) – 70%) [TI30881100A] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (4 Go libre(s) – 50%) [] # FAT32
F: -> Disque amovible # 8 Go (8 Go libre(s) – 100%) [ISMAËL USB] # FAT32

################## | Processus Stoppés |

Stoppé! C:Windowssystem32mfevtps.exe (ID: 2144 |ParentID: 1012)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 2924 |ParentID: 1012)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 2992 |ParentID: 1012)
Stoppé! C:windowssystem32dmwu.exe (ID: 7668 |ParentID: 1012)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 6832 |ParentID: 1012)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 20832 |ParentID: 1012)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 13916 |ParentID: 1012)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 8696 |ParentID: 1012)
Stoppé! C:windowsSysWOW64configsystemprofileAppDataLocalWindows Internet Name Servicewins.exe (ID: 20376 |ParentID: 1012)
Stoppé! C:Program FilesCommon FilesMcAfeeMcSvcHostMcSvHost.exe (ID: 14324 |ParentID: 1012)
Stoppé! c:PROGRA~1mcafee.comagentmcagent.exe (ID: 18484 |ParentID: 540)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 20332 |ParentID: 1012)
Stoppé! C:windowssystem32DllHost.exe (ID: 20152 |ParentID: 540)
Stoppé! C:WindowsSysWOW64jmdpstij.exe (ID: 14048 |ParentID: 7668)
Stoppé! C:WindowsSystem32ljkbstij.exe (ID: 10676 |ParentID: 7668)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6376 |ParentID: 13292)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4420 |ParentID: 6376)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7088 |ParentID: 6376)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 14524 |ParentID: 6376)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 14400 |ParentID: 6376)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6756 |ParentID: 6376)
Stoppé! C:windowsSystem32WUDFHost.exe (ID: 14844 |ParentID: 1200)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWARE | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
04 – HKLMSOFTWARE | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
04 – HKLMSOFTWARE | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLMSOFTWARE | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [Startertv] –
04 – HKLMSOFTWARE | Run : [tuto4pc_fr_42] –
04 – HKLMSOFTWARE | Run : [Adobe Creative Cloud] – “C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe” –showwindow=false –onOSstartup=true
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [Wondershare Helper Compact.exe] – C:Program Files (x86)Common FilesWondershareWondershare Helper CompactWSHelper.exe
04 – HKLMSOFTWARE | Run : [PressePapier] –
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
04 – HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWAREwow6432Node | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
04 – HKLMSOFTWAREwow6432Node | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLMSOFTWAREwow6432Node | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [Startertv] –
04 – HKLMSOFTWAREwow6432Node | Run : [tuto4pc_fr_42] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Creative Cloud] – “C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe” –showwindow=false –onOSstartup=true
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Wondershare Helper Compact.exe] – C:Program Files (x86)Common FilesWondershareWondershare Helper CompactWSHelper.exe
04 – HKLMSOFTWAREwow6432Node | Run : [PressePapier] –
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1001SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1001SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1001SOFTWARE | Run : [Facebook Update] – “C:UsersHanaAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1001SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product InformationTOPI.exe /STARTUP
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [Spotify] – “C:UsersIsmoAppDataRoamingSpotifySpotify.exe” /uri spotify:autostart
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [Spotify Web Helper] – “C:UsersIsmoAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [146469] – C:UsersIsmo146469svhost.exe
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [E96EAEC87BB2B44BF0984556FEE784F7C3139B73._service_run] – “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –type=service
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [Allmyapps] – “C:UsersIsmoAppDataRoamingAllmyappsAllmyapps.exe” startup
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [Allmyapps Update] – “C:UsersIsmoAppDataRoamingAllmyappsAllmyappsUpdater.exe” check startup
04 – HKUS-1-5-21-2756970338-220828873-2051624850-1002SOFTWARE | Run : [cacaoweb] – “C:UsersIsmoAppDataRoamingcacaowebcacaoweb.exe” -noplayer
04 – HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersIsmosvhost.exe
Supprimé! E:driverUsb

(!) Fichiers temporaires supprimés. (6 Ko)

################## | Registre |

Supprimé! HKCUSoftwareDC3_FEXEC
Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 1

################## | Listing |

[17/12/2013 – 20:56:25 | N | 21 Ko] – C:UsbFix [Scan 1] MAY-TOSH.txt
[17/12/2013 – 21:16:01 | N | 13 Ko] – C:UsbFix [Scan 2] MAY-TOSH.txt
[17/12/2013 – 21:39:50 | A | 11 Ko] – C:UsbFix [Clean 2] MAY-TOSH.txt
[14/12/2013 – 08:23:29 | ASH | 3061096 Ko] – C:hiberfil.sys
[14/12/2013 – 08:24:11 | ASH | 4081464 Ko] – C:pagefile.sys
[02/09/2013 – 10:47:41 | N | 1 Ko] – C:server_met.old
[14/12/2013 – 08:23:26 | D] – C:Config.Msi
[14/12/2013 – 08:22:59 | N | 1 Ko] – C:known.met
[14/12/2013 – 08:22:59 | N | 1 Ko] – C:server.met
[14/12/2013 – 08:22:59 | N | 0 Ko] – C:queries-07.cache
[14/12/2013 – 08:22:59 | N | 1 Ko] – C:queries-00.cache
[20/01/2013 – 19:28:33 | SHD] – C:$Recycle.Bin
[02/03/2012 – 05:24:33 | N | 8 Ko] – C:BOOTSECT.BAK
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[21/11/2010 – 04:23:51 | RASH | 375 Ko] – C:bootmgr
[02/03/2012 – 05:24:30 | SHD] – C:Boot
[18/03/2012 – 14:13:43 | D] – C:Intel
[03/08/2012 – 12:23:53 | D] – C:Toshiba
[03/08/2012 – 12:25:43 | RHD] – C:MSOCache
[08/10/2012 – 19:31:08 | D] – C:a30b68e25423ca2027a2ce16
[20/01/2013 – 19:28:28 | D] – C:Users
[26/01/2013 – 23:14:47 | D] – C:dell
[09/02/2013 – 12:16:55 | D] – C:Firefox
[09/06/2013 – 16:09:01 | D] – C:Fraps
[21/09/2013 – 12:07:52 | D] – C:Program Files
[23/10/2013 – 00:00:05 | HD] – C:ProgramData
[13/11/2013 – 20:34:42 | N | 0 Ko] – C:end
[08/12/2013 – 15:01:30 | D] – C:Windows
[10/12/2013 – 18:57:53 | D] – C:Program Files (x86)
[11/12/2013 – 13:37:30 | SHD] – C:System Volume Information
[17/12/2013 – 21:38:51 | D] – C:UsbFix
[26/08/2013 – 14:41:58 | N | 0 Ko] – E:SD Card (E) – Raccourci.lnk
[17/12/2013 – 21:16:02 | RASHD] – E:Autorun.inf
[21/06/2010 – 17:31:58 | N | 1 Ko] – E:NIKON001.DSC
[12/06/2010 – 00:21:16 | D] – E:PRIVATE
[21/06/2010 – 17:31:58 | D] – E:DCIM
[28/05/2011 – 12:46:30 | D] – E:driver
[13/09/2011 – 18:49:44 | AH | 4 Ko] – F:._.Trashes
[13/09/2011 – 18:49:44 | HD] – F:.Trashes
[14/12/2013 – 16:09:46 | N | 2028 Ko] – F:Musique slam allemand.mp3
[17/12/2013 – 21:16:02 | RASHD] – F:Autorun.inf
[13/09/2011 – 18:49:44 | HD] – F:.fseventsd

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |