Répondre à : cle sub infectee 2016-09-08T13:26:39+00:00
guig
Participant
Post count: 6

voici le clean 3 :

############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: crp (Administrateur) # CRP-TOSH
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 16:26:45 | 22/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 3999 | Free : 2700]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 258 Go (138 Go libre(s) – 53%) [TI30814000A] # NTFS
D: -> CD-ROM
F: -> Disque fixe # 932 Go (814 Go libre(s) – 87%) [MEMUP] # NTFS
G: -> Disque amovible # 4 Go (2 Go libre(s) – 62%) [ROUGER G] # FAT32
L: -> Disque fixe # 202 Go (40 Go libre(s) – 20%) [DONNEES] # NTFS

################## | Processus Actif |

C:windowssystem32csrss.exe (ID: 680 |ParentID: 672)
C:windowssystem32wininit.exe (ID: 956 |ParentID: 672)
C:windowssystem32csrss.exe (ID: 980 |ParentID: 968)
C:windowssystem32winlogon.exe (ID: 156 |ParentID: 968)
C:windowssystem32services.exe (ID: 368 |ParentID: 956)
C:windowssystem32lsass.exe (ID: 412 |ParentID: 956)
C:windowssystem32lsm.exe (ID: 408 |ParentID: 956)
C:windowssystem32svchost.exe (ID: 712 |ParentID: 368)
C:windowssystem32svchost.exe (ID: 820 |ParentID: 368)
C:windowsSystem32svchost.exe (ID: 684 |ParentID: 368)
C:windowsSystem32svchost.exe (ID: 464 |ParentID: 368)
C:windowssystem32svchost.exe (ID: 1132 |ParentID: 368)
C:windowssystem32svchost.exe (ID: 1156 |ParentID: 368)
C:windowssystem32svchost.exe (ID: 1420 |ParentID: 368)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1596 |ParentID: 368)
C:windowssystem32svchost.exe (ID: 1920 |ParentID: 368)
C:windowssystem32svchost.exe (ID: 2564 |ParentID: 368)
C:windowssystem32Dwm.exe (ID: 2672 |ParentID: 464)
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 3664 |ParentID: 2656)
C:windowssystem32svchost.exe (ID: 4272 |ParentID: 368)
C:windowssystem32svchost.exe (ID: 4388 |ParentID: 368)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 5556 |ParentID: 5088)
C:windowsSystem32svchost.exe (ID: 7232 |ParentID: 368)
C:windowsSystem32rundll32.exe (ID: 5792 |ParentID: 712)
C:windowsSystem32WUDFHost.exe (ID: 5032 |ParentID: 464)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 4160 |ParentID: 368)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 4324 |ParentID: 368)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2660 |ParentID: 4160)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4340 |ParentID: 368)
C:windowssystem32SearchIndexer.exe (ID: 5440 |ParentID: 368)
C:windowssystem32DllHost.exe (ID: 1628 |ParentID: 712)
C:windowsExplorer.exe (ID: 3300 |ParentID: 6600)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 8020 |ParentID: 368)
C:windowsSystem32spoolsv.exe (ID: 3088 |ParentID: 368)
C:windowssystem32nvvsvc.exe (ID: 3956 |ParentID: 368)
C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1940 |ParentID: 3956)
C:windowssystem32nvvsvc.exe (ID: 5260 |ParentID: 3956)
C:UsbFixGo.exe (ID: 5864 |ParentID: 6692)
C:windowssystem32wbemwmiprvse.exe (ID: 2548 |ParentID: 712)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWARE | Run : [TOSDCR] – %ProgramFiles%TOSHIBAPasswordUtilityTOSDCR.exe
04 – HKLMSOFTWARE | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
04 – HKLMSOFTWARE | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
04 – HKLMSOFTWARE | Run : [TRCMan] – C:Program Files (x86)TOSHIBATRCManTRCMan.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9448cd95-67a9-4036-b9b7-cb6e17a66a41.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
04 – HKLMSOFTWAREwow6432Node | Run : [TOSDCR] – %ProgramFiles%TOSHIBAPasswordUtilityTOSDCR.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
04 – HKLMSOFTWAREwow6432Node | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
04 – HKLMSOFTWAREwow6432Node | Run : [TRCMan] – C:Program Files (x86)TOSHIBATRCManTRCMan.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9448cd95-67a9-4036-b9b7-cb6e17a66a41.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [gStart] – C:Program Files (x86)GarminTraining CentergStart.exe
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [DVDFab Passkey] – “C:Program Files (x86)DVDFab PasskeyDVDFabPasskey.exe”
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [ANT Agent] – C:Program Files (x86)GarminANT AgentANT Agent.exe
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [ISUSPM] – C:ProgramDataFLEXnetConnect11ISUSPM.exe -scheduler
04 – HKUS-1-5-21-2782936733-1161488020-3635767805-1001SOFTWARE | Run : [Pando Media Booster] – C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
04 – HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! C:install.exe
Présent! G:convoc tt 11 12.pdf.lnk
Présent! G:2013 2014.lnk
Présent! G:2012 2013.lnk
Présent! G:2011 2012.lnk
Présent! G:Cross court 77 2014.mp4.lnk
Présent! G:vertical.lnk
Présent! G:CROSS collège 2013.lnk
Présent! G:guillaume rouger le sport.lnk
Présent! G:PAFac creteil BFS 2011.lnk
Présent! C:UsersPublicsdelevURL.tmp

################## | Registre |

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
L:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |