Répondre à : Infection Agent-AXN[Trj] Clés USB folles. 2016-09-08T13:27:54+00:00
Photo du profil de Nat2014Nat2014
Participant
Nombre d'articles : 6

en fait je l’avais bien fait mais j’ai juste envoyé l’ancien fichier de logs. Voila le nouveau
http://cjoint.com/?DAeqraX8LmB
usbfix
[spoiler:3nq3hz0e]############################## | UsbFix V 7.158 | [Suppression]

Utilisateur: PhenixDeLumiere (Administrateur) # PDL
Mis à jour le 02/01/2014 par El Desaparecido – Team SosVirus
Lancé à 16:19:47 | 04/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (163C)
CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
RAM -> [Total : 3894 Mo| Free : 2442 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 50 Go (8 Go libre(s) – 16%) [] # NTFS
D: -> Disque fixe # 324 Go (196 Go libre(s) – 60%) [] # NTFS
E: -> Disque fixe # 324 Go (324 Go libre(s) – 100%) [] # NTFS
F: -> CD-ROM
G: -> Disque amovible # 2 Go (2 Go libre(s) – 100%) [] # FAT
H: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1620 |ParentID: 748)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3944 |ParentID: 3680)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 900 |ParentID: 920)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5032 |ParentID: 748)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3112 |ParentID: 748)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1296 |ParentID: 920)
Stoppé! C:Program Files (x86)IObitGame Booster 3gbtray.exe (ID: 3036 |ParentID: 5316)
Stoppé! C:Program Files (x86)IObitGame Booster 3GameBooster.exe (ID: 1700 |ParentID: 5180)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 4064 |ParentID: 748)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1388 |ParentID: 748)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5064 |ParentID: 748)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 2184 |ParentID: 748)
Stoppé! C:UsersPhenixDeLumiereAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2808 |ParentID: 6028)
Stoppé! C:UsersPhenixDeLumiereAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2332 |ParentID: 2808)
Stoppé! C:UsersPhenixDeLumiereAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3772 |ParentID: 2808)
Stoppé! C:UsersPhenixDeLumiereAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3544 |ParentID: 2808)
Stoppé! C:WindowsSystem32dinotify.exe (ID: 1268 |ParentID: 4764)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4084 |ParentID: 612)

################## | Regedit Run |

04 – HKLM..Run : [IAStorIcon] C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLM..Run : [StartCCC] “c:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..Run : [USB Security] C:Program Files (x86)USB Disk SecurityUSBGuard.exe
04 – HKLM64..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM64..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM64..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM64..Run : [SysTrayApp] C:Program FilesIDTWDMsttray64.exe
04 – HKLM64..Run : [SmartMenu] C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe /background
04 – HKLM64..RunOnce : [NCPluginUpdater] “C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe” Update
04 – HKLM64..RunOnce : [NCInstallQueue] rundll32 netman.dll,ProcessQueue
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-661152722-366922968-3836358373-1000..Run : [Google Update] “C:UsersPhenixDeLumiereAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-661152722-366922968-3836358373-1000..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-661152722-366922968-3836358373-1000..Run : [HP Photosmart 6520 series (NET)] “C:Program FilesHPHP Photosmart 6520 seriesBinScanToPCActivationApp.exe” -deviceID “TH38S160TN05XP:NW” -scfn “HP Photosmart 6520 series (NET)” -AutoStart 1
04 – HKUS-1-5-21-661152722-366922968-3836358373-1000..Run : [iTunesHelper] wscript.exe //B “C:UsersPHENIX~1AppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersPhenixDeLumiereAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersPHENIX~1AppDataLocalTempiTunesHelper.vbe
Supprimé! H:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-661152722-366922968-3836358373-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[13/04/2013 – 12:24:07 | SHD] – C:$Recycle.Bin
[14/12/2012 – 23:02:56 | D] – C:6ec6d879733d0847321d0ea5ba814b
[04/01/2014 – 11:09:00 | D] – C:AdwCleaner
[15/12/2012 – 19:56:25 | SHD] – C:Boot
[20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
[14/12/2012 – 18:24:25 | N | 8 Ko] – C:BOOTSECT.BAK
[12/11/2013 – 20:18:25 | N | 0 Ko] – C:Disque local (D) – Raccourci.lnk
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[04/01/2014 – 11:09:36 | ASH | 2990484 Ko] – C:hiberfil.sys
[15/12/2012 – 12:49:09 | D] – C:HP
[14/12/2012 – 21:27:04 | D] – C:Intel
[10/04/2013 – 09:54:09 | D] – C:nhce
[04/01/2014 – 11:09:39 | ASH | 3987312 Ko] – C:pagefile.sys
[14/07/2009 – 04:20:08 | D] – C:PerfLogs
[03/01/2014 – 19:18:27 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[22/12/2013 – 15:05:17 | D] – C:Program Files
[03/01/2014 – 14:43:54 | D] – C:Program Files (x86)
[03/01/2014 – 01:08:30 | HD] – C:ProgramData
[14/12/2012 – 18:31:04 | SHD] – C:Recovery
[28/01/2013 – 09:26:49 | D] – C:swsetup
[03/01/2014 – 14:27:30 | SHD] – C:System Volume Information
[14/12/2012 – 22:42:06 | D] – C:system.sav
[04/01/2014 – 16:19:49 | D] – C:UsbFix
[04/01/2014 – 16:21:34 | A | 7 Ko | BAB64FC99ACA90B9EE3E75235E406A34] – C:UsbFix [Clean 1] PDL.txt
[03/01/2014 – 00:56:16 | N | 9 Ko | 3D4AD783E7B7F840CF1CAA779FA63274] – C:UsbFix [Scan 1] PDL.txt
[04/01/2014 – 11:19:35 | N | 9 Ko | E03D68763B087DB053968AED6D8388D9] – C:UsbFix [Scan 3] PDL.txt
[14/12/2012 – 18:31:11 | D] – C:Users
[03/01/2014 – 15:09:21 | D] – C:Windows
[14/12/2012 – 21:35:39 | SHD] – D:$RECYCLE.BIN
[04/01/2014 – 11:19:35 | RASHD] – D:Autorun.inf
[27/12/2013 – 19:49:49 | D] – D:Banque
[25/10/2013 – 11:15:30 | D] – D:dl
[03/01/2014 – 17:34:48 | D] – D:Documents
[28/10/2013 – 20:17:40 | D] – D:Dramas
[04/09/2013 – 15:02:25 | D] – D:FF7 FR + emul
[05/12/2012 – 08:28:44 | N | 28 Ko] – D:FR _ Water sustainability Meeting the challenge_Test_EN-FR.doc
[15/12/2012 – 16:27:51 | D] – D:Musique
[17/01/2013 – 14:59:37 | D] – D:Nouveau dossier (2)
[05/12/2012 – 08:28:36 | N | 12 Ko] – D:NY Ready for Las VegasVERSION ETUDIANTS.docx
[07/07/2013 – 03:14:52 | D] – D:Photos
[01/11/2013 – 21:17:33 | D] – D:shojo
[14/12/2012 – 21:33:00 | SHD] – D:System Volume Information
[11/01/2013 – 23:29:09 | D] – D:vrac
[04/10/2013 – 16:39:12 | D] – D:yaoi
[14/12/2012 – 21:35:40 | SHD] – E:$RECYCLE.BIN
[04/01/2014 – 11:19:35 | RASHD] – E:Autorun.inf
[13/07/2013 – 03:52:45 | D] – E:d3de81cb5fa774532065d896
[26/10/2013 – 14:56:43 | N | 0 Ko] – E:Disque local (C) – Raccourci.lnk
[14/12/2012 – 21:33:01 | SHD] – E:System Volume Information
[07/12/2007 – 16:09:52 | N | 1 Ko] – G:NIKON001.DSC
[21/05/2013 – 22:53:44 | D] – G:DCIM
[02/01/2014 – 19:15:16 | D] – G:AUTORUN.INF
[02/01/2014 – 00:34:16 | SHD] – G:System Volume Information
[04/01/2014 – 11:19:36 | RASHD] – H:Autorun.inf

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:3nq3hz0e]