Répondre à : Infectée par SergeLeLama 2016-09-08T13:27:45+00:00
Thildou23
Participant
Nombre d'articles : 14

J’ai oublié que j’avais encore un disque dur externe… excusez moi voici le dernier rapport

############################## | UsbFix V 7.157 | [Suppression]

Utilisateur: Mathilde (Administrateur) # MATHILDE-TOSH
Mis à jour le 30/12/2013 par El Desaparecido – Team SosVirus
Lancé à 18:43:42 | 02/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: PEGATRON CORPORATION (TKBSB)
CPU: AMD E-240 Processor
RAM -> [Total : 2669 Mo| Free : 1245 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 181 Go (86 Go libre(s) – 48%) [WINDOWS] # NTFS
D: -> Disque fixe # 116 Go (103 Go libre(s) – 89%) [Data] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque fixe # 466 Go (222 Go libre(s) – 48%) [Mathilde 465 Go] # NTFS

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1376 |ParentID: 584)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2180 |ParentID: 1240)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 6052 |ParentID: 752)
Stoppé! C:Program Files (x86)Jump FlipupdateJumpFlip.exe (ID: 5472 |ParentID: 584)
Stoppé! C:Program Files (x86)Jump FlipbinutilJumpFlip.exe (ID: 5492 |ParentID: 584)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3872 |ParentID: 584)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3152 |ParentID: 584)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2672 |ParentID: 584)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 5256 |ParentID: 1512)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 2116 |ParentID: 4932)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 3816 |ParentID: 2116)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 3820 |ParentID: 3816)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 4824 |ParentID: 3820)

################## | Regedit Run |

04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLM..Run : [ToshibaServiceStation] “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
04 – HKLM..Run : [hpqSRMon] C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
04 – HKLM..Run : [tuto4pc_fr_53]
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..RunOnce : []
04 – HKLM64..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
04 – HKLM64..Run : [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
04 – HKLM64..Run : [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe
04 – HKLM64..Run : [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe
04 – HKLM64..Run : [TosReelTimeMonitor] %ProgramFiles%TOSHIBAReelTimeTosReelTimeMonitor.exe
04 – HKLM64..Run : [Toshiba TEMPRO] C:Program Files (x86)Toshiba TEMPROTemproTray.exe
04 – HKLM64..Run : [Toshiba Registration] C:Program FilesTOSHIBARegistrationToshibaReminder.exe
04 – HKLM64..Run : [TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
04 – HKLM64..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /FORPCEE3
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [Spotify Web Helper] “C:UsersMathildeAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [9Giga Synchro] “G:SFR9Giga Synchro9Giga_Synchro.exe” /delayed
04 – HKUS-1-5-18..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[24/06/2013 – 17:56:56 | SHD] – C:$RECYCLE.BIN
[27/12/2013 – 19:31:19 | D] – C:Config.Msi
[02/12/2013 – 23:50:27 | D] – C:CYRILLE
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[02/01/2014 – 12:32:57 | ASH | 2050116 Ko] – C:hiberfil.sys
[05/07/2013 – 15:17:44 | RHD] – C:MSOCache
[02/01/2014 – 12:32:59 | ASH | 2733488 Ko] – C:pagefile.sys
[14/07/2009 – 04:20:08 | D] – C:PerfLogs
[06/08/2013 – 18:43:19 | D] – C:Program Files
[27/12/2013 – 19:31:12 | D] – C:Program Files (x86)
[27/12/2013 – 19:31:11 | HD] – C:ProgramData
[24/06/2013 – 13:43:28 | N | 2 Ko] – C:RHDSetup.log
[04/03/2011 – 08:17:25 | N | 0 Ko | B318B301F3A840C968F8C5B8F947615F] – C:SWSTAMP.TXT
[29/12/2013 – 15:17:21 | SHD] – C:System Volume Information
[24/06/2013 – 18:00:47 | D] – C:Toshiba
[02/01/2014 – 18:43:44 | D] – C:UsbFix
[02/01/2014 – 17:37:00 | N | 8 Ko | 218CBE5C58899916F3911836BCE3FA95] – C:UsbFix [Clean 1] MATHILDE-TOSH.txt
[02/01/2014 – 18:21:16 | N | 8 Ko | D224FAD1C0A118DDB32C5CBEAF30588A] – C:UsbFix [Clean 2] MATHILDE-TOSH.txt
[02/01/2014 – 18:44:14 | A | 7 Ko | 79117EE355FCCAB64E004D21F5FCC9C9] – C:UsbFix [Clean 3] MATHILDE-TOSH.txt
[02/01/2014 – 17:08:44 | N | 11 Ko | 4663200356F3C5BA44309C0FEE086571] – C:UsbFix [Scan 1] MATHILDE-TOSH.txt
[24/06/2013 – 15:27:58 | D] – C:Users
[29/12/2013 – 15:19:35 | D] – C:Windows
[24/06/2013 – 17:56:56 | SHD] – D:$RECYCLE.BIN
[02/01/2014 – 18:21:14 | RASHD] – D:Autorun.inf
[05/03/2011 – 22:50:00 | D] – D:HDDRecovery
[15/05/2011 – 11:12:19 | SHD] – D:System Volume Information
[24/06/2013 – 23:07:08 | SHD] – G:$RECYCLE.BIN
[03/09/2008 – 04:40:00 | N | 70 Ko] – G:Maxtor_Desktop.ico
[29/02/2012 – 19:06:17 | D] – G:Mes Documents
[04/12/2011 – 11:44:56 | SHD] – G:RECYCLER
[20/12/2013 – 15:07:20 | SHD] – G:System Volume Information
[05/07/2013 – 20:00:52 | D] – G:wbfs

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |