Répondre à : cle sub infectee 2016-09-08T13:26:39+00:00
guig
Participant
Nombre d'articles : 6

voila le rapport apres l onglet suppression du logiciel :

############################## | UsbFix V 7.155 | [Suppression]

Utilisateur: crp (Administrateur) # CRP-TOSH
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 17:05:23 | 22/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 3999 | Free : 2689]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 258 Go (143 Go libre(s) – 55%) [TI30814000A] # NTFS
D: -> CD-ROM
F: -> Disque fixe # 932 Go (815 Go libre(s) – 87%) [MEMUP] # NTFS
G: -> Disque amovible # 4 Go (2 Go libre(s) – 63%) [ROUGER G] # FAT32
L: -> Disque fixe # 202 Go (40 Go libre(s) – 20%) [DONNEES] # NTFS

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1596 |ParentID: 368)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 3664 |ParentID: 2656)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 5556 |ParentID: 5088)
Stoppé! C:windowsSystem32rundll32.exe (ID: 1988 |ParentID: 712)
Stoppé! C:windowsSystem32WUDFHost.exe (ID: 5832 |ParentID: 464)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 7216 |ParentID: 368)
Stoppé! C:windowsSystem32rundll32.exe (ID: 4572 |ParentID: 712)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 4896 |ParentID: 368)
Stoppé! C:windowssystem32SearchProtocolHost.exe (ID: 4328 |ParentID: 4896)
Stoppé! C:windowssystem32DllHost.exe (ID: 7384 |ParentID: 712)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 3028 |ParentID: 368)
Stoppé! C:windowsSysWOW64NOTEPAD.EXE (ID: 4552 |ParentID: 5140)
Stoppé! C:windowssystem32SearchFilterHost.exe (ID: 8108 |ParentID: 4896)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWARE | Run : [TOSDCR] – %ProgramFiles%TOSHIBAPasswordUtilityTOSDCR.exe
04 – HKLMSOFTWARE | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
04 – HKLMSOFTWARE | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
04 – HKLMSOFTWARE | Run : [TRCMan] – C:Program Files (x86)TOSHIBATRCManTRCMan.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9448cd95-67a9-4036-b9b7-cb6e17a66a41.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWAREwow6432Node | Run : [TOSDCR] – %ProgramFiles%TOSHIBAPasswordUtilityTOSDCR.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
04 – HKLMSOFTWAREwow6432Node | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
04 – HKLMSOFTWAREwow6432Node | Run : [TRCMan] – C:Program Files (x86)TOSHIBATRCManTRCMan.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9448cd95-67a9-4036-b9b7-cb6e17a66a41.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [gStart] – C:Program Files (x86)GarminTraining CentergStart.exe
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [DVDFab Passkey] – “C:Program Files (x86)DVDFab PasskeyDVDFabPasskey.exe”
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [ANT Agent] – C:Program Files (x86)GarminANT AgentANT Agent.exe
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [ISUSPM] – C:ProgramDataFLEXnetConnect11ISUSPM.exe -scheduler
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [Pando Media Booster] – C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
04 – HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

(!) Fichiers temporaires supprimés. (128 Ko)

################## | Registre |

################## | Listing |

[11/04/2008 – 09:07:18 | N | 14 Ko] – C:eula.1040.txt
[11/04/2008 – 09:07:18 | N | 13 Ko] – C:eula.3082.txt
[11/04/2008 – 09:07:18 | N | 4 Ko] – C:eula.2052.txt
[11/04/2008 – 09:07:18 | N | 10 Ko] – C:eula.1049.txt
[11/04/2008 – 09:07:18 | N | 6 Ko] – C:eula.1042.txt
[11/04/2008 – 09:07:18 | N | 6 Ko] – C:eula.1041.txt
[11/04/2008 – 09:07:18 | N | 4 Ko] – C:eula.1028.txt
[11/04/2008 – 09:07:18 | N | 15 Ko] – C:eula.1031.txt
[11/04/2008 – 09:07:18 | N | 10 Ko] – C:eula.1033.txt
[11/04/2008 – 09:07:18 | N | 12 Ko] – C:eula.1036.txt
[22/12/2013 – 16:11:14 | N | 16 Ko] – C:UsbFix [Scan 1] CRP-TOSH.txt
[22/12/2013 – 16:24:56 | N | 11 Ko] – C:UsbFix [Scan 2] CRP-TOSH.txt
[22/12/2013 – 16:28:20 | N | 9 Ko] – C:UsbFix [Scan 3] CRP-TOSH.txt
[22/12/2013 – 17:02:54 | N | 16 Ko] – C:UsbFix [Clean 3] CRP-TOSH.txt
[22/12/2013 – 17:06:15 | A | 8 Ko] – C:UsbFix [Clean 4] CRP-TOSH.txt
[22/12/2013 – 15:13:33 | ASH | 3071556 Ko] – C:hiberfil.sys
[22/12/2013 – 15:13:35 | ASH | 4095412 Ko] – C:pagefile.sys
[11/04/2008 – 09:11:40 | N | 228 Ko] – C:VC_RED.MSI
[22/12/2013 – 15:59:29 | D] – C:Config.Msi
[11/04/2008 – 09:07:18 | N | 1 Ko] – C:install.ini
[11/04/2008 – 09:07:18 | N | 1 Ko] – C:globdata.ini
[11/04/2008 – 07:03:48 | N | 94 Ko] – C:install.res.1031.dll
[11/04/2008 – 07:03:48 | N | 89 Ko] – C:install.res.1033.dll
[11/04/2008 – 07:03:48 | N | 95 Ko] – C:install.res.1036.dll
[11/04/2008 – 07:03:48 | N | 75 Ko] – C:install.res.1028.dll
[11/04/2008 – 07:03:48 | N | 80 Ko] – C:install.res.1041.dll
[11/04/2008 – 07:03:48 | N | 78 Ko] – C:install.res.1042.dll
[11/04/2008 – 07:03:48 | N | 93 Ko] – C:install.res.1040.dll
[11/04/2008 – 07:03:48 | N | 74 Ko] – C:install.res.2052.dll
[11/04/2008 – 07:03:48 | N | 94 Ko] – C:install.res.3082.dll
[11/04/2008 – 09:09:24 | N | 91 Ko] – C:install.res.1049.dll
[11/04/2008 – 09:09:38 | N | 3708 Ko] – C:VC_RED.cab
[11/04/2008 – 09:07:18 | N | 6 Ko] – C:vcredist.bmp
[11/09/2012 – 18:12:20 | SHD] – C:$Recycle.Bin
[06/09/2011 – 06:36:50 | N | 8 Ko] – C:BOOTSECT.BAK
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[21/11/2010 – 04:23:51 | RASH | 375 Ko] – C:bootmgr
[06/09/2011 – 06:36:47 | SHD] – C:Boot
[11/09/2012 – 18:09:46 | D] – C:Users
[11/09/2012 – 18:11:42 | D] – C:Toshiba
[08/11/2012 – 13:44:30 | SHD] – C:System Volume Information
[09/11/2012 – 18:47:43 | D] – C:OziExplorer
[14/03/2013 – 03:01:21 | D] – C:Program Files
[03/05/2013 – 19:58:56 | D] – C:Garmin
[10/12/2013 – 19:28:23 | D] – C:Program Files (x86)
[10/12/2013 – 22:49:13 | D] – C:Windows
[15/12/2013 – 19:20:35 | HD] – C:ProgramData
[22/12/2013 – 17:05:24 | D] – C:UsbFix
[01/07/2013 – 14:15:09 | | 0 Ko] – F:~$tzr melun temps de transport.xlsx
[01/07/2013 – 14:15:09 | N | 10 Ko] – F:tzr melun temps de transport.xlsx
[03/10/2013 – 19:30:33 | N | 56262 Ko] – F:Fire Within – Birdy Full Album (Deluxe Edition).mp3
[02/07/2013 – 08:45:28 | N | 35 Ko] – F:Festif-fun-et-forestier_image_article_large.jpg
[22/12/2013 – 17:02:54 | RASHD] – F:Autorun.inf
[27/10/2011 – 16:46:54 | N | 1 Ko] – F:START.htm
[01/07/2013 – 14:15:49 | N | 3100 Ko] – F:tzr melun carte.doc
[05/09/2001 – 21:00:58 | N | 1661 Ko] – F:gdiplus.dll
[01/12/2006 – 23:37:14 | N | 884 Ko] – F:msdia80.dll
[03/10/2013 – 11:16:46 | SHD] – F:$RECYCLE.BIN
[27/10/2011 – 16:53:14 | D] – F:cloud
[27/10/2011 – 16:57:00 | D] – F:img
[18/06/2013 – 18:08:15 | SHD] – F:System Volume Information
[18/06/2013 – 20:04:29 | D] – F:unss france tt 2013 travail
[18/06/2013 – 21:51:23 | D] – F:projets
[20/06/2013 – 22:20:38 | D] – F:France unss tt 2013
[02/07/2013 – 07:58:09 | D] – F:dvd mme lepere
[14/07/2013 – 09:29:17 | D] – F:guig location
[22/07/2013 – 20:02:17 | D] – F:photos mariage cham tour
[08/09/2013 – 13:40:58 | D] – F:été 2013
[20/09/2013 – 17:21:51 | D] – F:ete 2013 moi
[03/10/2013 – 19:00:13 | D] – F:guigui
[09/10/2013 – 14:11:01 | D] – F:appn magny
[10/10/2013 – 21:16:09 | D] – F:handball finale Paris mai 2013
[14/10/2013 – 17:05:50 | D] – F:Nouveau dossier (2)
[01/11/2013 – 20:02:33 | D] – F:octobre 2013
[01/11/2013 – 20:02:48 | D] – F:sept 2013
[05/11/2013 – 16:40:11 | D] – F:50 ans candy demeyere nov 2013
[07/11/2013 – 21:49:46 | D] – F:gopro mylene
[24/11/2013 – 10:48:38 | D] – F:75e1e381bde6e8e5df975803cd54
[04/12/2013 – 20:06:58 | D] – F:calendrier
[07/12/2013 – 18:21:47 | D] – F:FILMS
[07/12/2013 – 18:29:05 | D] – F:FILMS FPS
[07/12/2013 – 18:57:26 | D] – F:FILMS KEVIN
[07/12/2013 – 22:26:48 | D] – F:photos a developper 2013
[08/12/2013 – 18:47:51 | D] – F:gopro
[10/12/2013 – 22:44:33 | D] – F:55f9e56fe4d37c8db2fe98159a55
[15/12/2013 – 09:37:53 | D] – F:47eec18f6fef9da81e26838e2d20979f
[18/12/2013 – 10:48:29 | D] – F:SPONSOR
[22/12/2013 – 15:49:45 | D] – F:sauvegarde CLE 25 12
[25/11/2013 – 22:58:46 | N | 7 Ko] – G:essai.xls
[04/12/2013 – 18:56:16 | N | 12 Ko] – G:Notes_6 C_EPS_ROUGER_Guillaume_T1.xls
[05/12/2013 – 09:44:46 | N | 14 Ko] – G:Notes_6 H_EPS_ROUGER_Guillaume_T1 (1).xls
[09/12/2013 – 11:11:12 | N | 399 Ko] – G:BAREME JAVELOT.xls
[09/12/2013 – 11:15:58 | N | 8 Ko] – G:BAREME JAVELOT INDICE.xls
[10/12/2013 – 11:27:18 | N | 757 Ko] – G:Copie de Inscription AS 2013 2014-v2-1.xls
[16/12/2013 – 11:22:04 | N | 9 Ko] – G:plan d ‘entrainement 2014.xls
[17/12/2013 – 10:58:10 | N | 28 Ko] – G:6h appreciations à coller.xls
[22/12/2013 – 15:47:46 | N | 2 Ko] – G:creation_baremes-bruchon.xls
[18/12/2013 – 21:41:10 | AH | 4 Ko] – G:._.Trashes
[18/12/2013 – 21:41:10 | HD] – G:.Trashes
[18/12/2013 – 21:41:12 | HD] – G:.Spotlight-V100
[04/12/2013 – 21:53:22 | N | 102 Ko] – G:convoc tt 11 12.pdf
[15/12/2013 – 19:12:28 | N | 330683 Ko] – G:Cross court 77 2014.mp4
[22/12/2013 – 17:02:56 | RASHD] – G:Autorun.inf
[18/12/2013 – 21:41:10 | HD] – G:.fseventsd
[10/12/2013 – 11:11:10 | N | 30 Ko] – G:MAGASINS.doc
[16/12/2013 – 11:31:54 | N | 19 Ko] – G:Formation HANDBALL SNEP.doc
[17/12/2013 – 10:16:06 | N | 601 Ko] – G:photos tt unss.doc
[17/12/2013 – 10:43:10 | N | 67 Ko] – G:evenements sportifs monde 2014.doc
[24/11/2013 – 18:48:38 | D] – G:PAFac creteil BFS 2011
[24/11/2013 – 18:48:56 | D] – G:CROSS collège 2013
[24/11/2013 – 18:51:44 | D] – G:2012 2013
[24/11/2013 – 18:53:20 | D] – G:2011 2012
[24/11/2013 – 18:53:52 | D] – G:2013 2014
[24/11/2013 – 18:53:54 | D] – G:vertical
[22/12/2013 – 17:02:54 | RASHD] – L:Autorun.inf
[09/12/2013 – 20:00:56 | N | 1919476 Ko | 2F88A13BE12289C5A6BB37F2579E9084] – L:pinnacle-studio_pinnacle_studio_16_francais_208574 (1).exe
[14/09/2012 – 17:41:19 | SHD] – L:$RECYCLE.BIN
[04/11/2012 – 15:57:05 | D] – L:logiciels
[08/11/2012 – 12:24:41 | D] – L:WindowsImageBackup
[04/07/2013 – 14:08:06 | SHD] – L:System Volume Information
[29/08/2013 – 10:03:23 | D] – L:photos de l’iphone
[09/12/2013 – 20:49:35 | D] – L:PinnacleStudio
[14/12/2013 – 18:13:06 | D] – L:ma musique
[16/12/2013 – 20:06:30 | D] – L:mes images
[22/12/2013 – 16:35:23 | D] – L:mes videos

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
L:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |