Martin94
Nombre d'articles : 0

J’ai retrouvé usbfix en faisant une recherche sur l’ordinateur , je n’ai pas pu le mettre sur le bureau, je l’ai donc lancé directement de là ou il etait situé. Voila le rapport

############################## | UsbFix V 7.158 | [Suppression]

Utilisateur: Delphine (Administrateur) # DELPHINE-PC
Mis à jour le 02/01/2014 par El Desaparecido – Team SosVirus
Lancé à 21:55:22 | 04/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (UX21E)
CPU: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
RAM -> [Total : 3999 Mo| Free : 2236 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 104 Go (53 Go libre(s) – 51%) [OS] # NTFS
D: -> Disque amovible # 4 Go (2 Go libre(s) – 54%) [KINGSTON] # FAT32

################## | Processus Stoppés |

Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID: 6404 |ParentID: 412)
Stoppé! C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID: 3200 |ParentID: 412)
Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID: 8588 |ParentID: 412)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 9888 |ParentID: 692)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 8060 |ParentID: 412)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 9176 |ParentID: 848)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 8692 |ParentID: 692)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 8860 |ParentID: 692)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 8084 |ParentID: 8860)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 10048 |ParentID: 692)
Stoppé! C:Windowssystem32taskeng.exe (ID: 6064 |ParentID: 588)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 1428 |ParentID: 692)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1324 |ParentID: 692)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 2116 |ParentID: 692)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 6016 |ParentID: 692)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3048 |ParentID: 588)
Stoppé! C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID: 5152 |ParentID: 3048)
Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 2736 |ParentID: 692)
Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID: 6568 |ParentID: 692)
Stoppé! C:Windowssystem32DllHost.exe (ID: 4196 |ParentID: 848)
Stoppé! C:WindowsSysWOW64rundll32.exe (ID: 4536 |ParentID: 7808)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 1360 |ParentID: 10184)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 4472 |ParentID: 1360)

################## | Regedit Run |

04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLM..Run : [FLxHCIm64] “C:Program FilesFresco LogicFresco Logic USB3.0 Host Controlleramd64_hostFLxHCIm.exe”
04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLM..Run : [ASUS Screen Saver Protector] C:WindowsAsScrPro.exe
04 – HKLM..Run : [avast] “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLM..Run : [CanonSolutionMenuEx] C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLM..Run : [IJNetworkScannerSelectorEX] C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
04 – HKLM..Run : [mobilegeni daemon] C:Program Files (x86)MobogenieDaemonProcess.exe
04 – HKLM..RunOnce : [20131224] C:Program FilesAVAST SoftwareAvastsetupemupdatee107e502-3509-49b9-8888-35e8e365cea6.exe /check
04 – HKLM..RunOnce : [Del2067091] cmd.exe /Q /D /c del “C:UsersDelphineAppDataLocalTemp.del”
04 – HKLM..RunOnce : []
04 – HKLM64..Run : [VizorHtmlDialog.exe] “C:Program FilesTrend MicroTitaniumUIFrameworkVizorHtmlDialog.exe” “DEF” “EULA” “C:Program FilesTrend MicroTitaniumUIInstaller.cmptresourcespreinstall_01_welcome_trial.html” “DEF” “DEF” “DEF”
04 – HKLM64..Run : [Trend Micro Client Framework] “C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe”
04 – HKLM64..Run : [Trend Micro Titanium] C:Program FilesTrend MicroTitaniumVizorShortCut.exe -ReFlush “none” “none”
04 – HKLM64..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM64..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM64..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM64..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
04 – HKLM64..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
04 – HKLM64..Run : [AtherosBtStack] “C:Program Files (x86)Bluetooth SuiteBtvStack.exe”
04 – HKLM64..Run : [AthBtTray] “C:Program Files (x86)Bluetooth SuiteAthBtTray.exe”
04 – HKLM64..Run : [IntelTBRunOnce] wscript.exe //b //nologo “C:Program FilesIntelTurboBoostRunTBGadgetOnce.vbs”
04 – HKLM64..Run : [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..Run : [Google Update] “C:UsersDelphineAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..Run : [Yontoo Desktop] “C:UsersDelphineAppDataRoamingYontooYontooDesktop.exe”
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..Run : [SergeLeLama] wscript.exe //B “C:UsersDelphineAppDataLocalTempSergeLeLama.vbs”
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..Run : [Bubble Dock] “C:UsersDelphineAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..Run : [NextLive] C:WindowsSysWOW64rundll32.exe “C:UsersDelphineAppDataRoamingnewnext.menengine.dll”,EntryPoint -m l
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-21-3879006632-219848930-2742434204-1001..RunOnce : [FlashPlayerUpdate] C:WindowsSysWOW64MacromedFlashFlashUtil10k_ActiveX.exe -update activex

################## | Recherche générique |

Supprimé! C:UsersDelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Supprimé! D:SergeLeLama.vbs
Supprimé! C:UsersDelphineAppDataLocalTempSergeLeLama.vbs
Supprimé! D:epicerie.lnk
Supprimé! D:MVI_4093.lnk
Supprimé! D:IMG_4593.lnk
Supprimé! D:IMG_1248.lnk
Supprimé! D:Thumbs.lnk
Supprimé! D:IMG_1249.lnk
Supprimé! D:Cahier de vie P1 jeudi.lnk
Supprimé! D:5 sens la vue.lnk
Supprimé! D:Je fais mes courses JEU RETZ.lnk
Supprimé! D:IMG_1250.lnk
Supprimé! D:IMG_1246.lnk
Supprimé! D:IMG_1247.lnk
Supprimé! D:Trombinoscopecl5.lnk
Supprimé! D:IMG_4596.lnk
Supprimé! D:histogramme (1).lnk
Supprimé! D:facture6433047.lnk
Supprimé! D:Sans nom 1.lnk
Supprimé! D:histogramme TPS.lnk
Supprimé! D:Fichier+Sudoku+niv1+et+2.lnk
Supprimé! D:coordonées.lnk
Supprimé! D:Grimm.lnk
Supprimé! D:_Affichages.lnk
Supprimé! D:Autorun.inf.lnk
Supprimé! D:Photos eleves.lnk
Supprimé! D:T1 Villejuif (TPS-PS).lnk
Supprimé! C:UsersDelphineAppDataRoamingnewnext.me

(!) Fichiers temporaires supprimés.

################## | Registre |

Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 1
Supprimé! HKUS-1-5-21-3879006632-219848930-2742434204-1001SoftwareMicrosoftWindowsCurrentVersionRun|NextLive
Supprimé! HKUS-1-5-21-3879006632-219848930-2742434204-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama

################## | Listing |

[12/09/2012 – 14:13:27 | SHD] – C:$Recycle.Bin
[11/10/2011 – 12:18:45 | N | 0 Ko] – C:ASUS.md5
[18/10/2011 – 01:34:57 | D] – C:AsusVibeData
[29/07/2009 – 07:51:52 | SHD] – C:Boot
[14/07/2009 – 02:38:58 | RASH | 375 Ko] – C:bootmgr
[29/07/2009 – 07:51:54 | N | 8 Ko] – C:BOOTSECT.BAK
[14/01/2012 – 00:42:13 | N | 15 Ko | 137F805073428041909BCE4A30B92C4C] – C:devlist.txt
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[14/01/2012 – 00:33:35 | D] – C:eSupport
[14/01/2012 – 00:42:13 | N | 0 Ko] – C:Finish.log
[04/01/2014 – 20:21:21 | ASH | 3071000 Ko] – C:hiberfil.sys
[14/01/2012 – 00:28:45 | D] – C:Intel
[12/09/2012 – 20:59:31 | RHD] – C:MSOCache
[04/01/2014 – 20:21:23 | ASH | 4094668 Ko] – C:pagefile.sys
[14/01/2012 – 00:43:10 | N | 0 Ko | A93A823CD4168251E78D860AFB99F252] – C:Pass.txt
[14/07/2009 – 04:20:08 | D] – C:PerfLogs
[21/03/2013 – 09:40:59 | D] – C:Program Files
[04/01/2014 – 21:47:58 | D] – C:Program Files (x86)
[04/01/2014 – 20:54:55 | HD] – C:ProgramData
[12/09/2012 – 14:12:50 | SHD] – C:Recovery
[21/12/2011 – 12:45:56 | N | 0 Ko] – C:RECOVERY.DAT
[14/01/2012 – 00:29:39 | N | 2 Ko] – C:RHDSetup.log
[30/08/2011 – 06:00:22 | N | 1 Ko] – C:setup.iss
[14/01/2012 – 00:28:44 | N | 0 Ko] – C:setup.log
[07/09/2013 – 18:39:22 | SHD] – C:System Volume Information
[04/01/2014 – 21:55:27 | D] – C:UsbFix
[04/01/2014 – 22:02:34 | A | 10 Ko | B9B9216B9A58C325C2D2019C8BB69721] – C:UsbFix [Clean 1] DELPHINE-PC.txt
[04/01/2014 – 21:35:52 | N | 17 Ko | ED5A33C7A49057470769F1071865B972] – C:UsbFix [Scan 1] DELPHINE-PC.txt
[12/09/2012 – 14:13:20 | D] – C:Users
[29/11/2011 – 16:30:14 | N | 2560 Ko] – C:UX21E.BIN
[21/12/2011 – 12:45:56 | N | 0 Ko] – C:UX21E_WIN7.60
[07/09/2013 – 19:12:03 | D] – C:Windows
[16/09/2012 – 18:28:14 | D] – C:_DATAS
[31/01/2013 – 18:03:40 | N | 102 Ko] – D:epicerie.docx
[05/02/2013 – 13:59:44 | N | 109 Ko] – D:epicerie.doc
[14/06/2013 – 17:54:44 | N | 171256 Ko] – D:MVI_4093.MOV
[12/09/2013 – 22:04:20 | D] – D:_Affichages
[04/01/2014 – 21:35:54 | RASHD] – D:Autorun.inf
[19/04/2000 – 07:18:18 | N | 11150 Ko] – D:Cahier de vie P1 jeudi.doc
[20/04/2000 – 06:55:30 | N | 22 Ko] – D:5 sens la vue.doc
[19/11/2013 – 12:15:02 | SH | 45 Ko] – D:Thumbs.db
[31/01/2013 – 18:03:48 | N | 1018 Ko] – D:Je fais mes courses JEU RETZ.docx
[04/11/2013 – 12:11:54 | N | 2908 Ko] – D:IMG_4593.JPG
[07/10/2012 – 15:24:38 | N | 1093 Ko] – D:IMG_1248.JPG
[07/10/2012 – 15:24:42 | N | 1225 Ko] – D:IMG_1249.JPG
[07/10/2012 – 15:24:44 | N | 1004 Ko] – D:IMG_1250.JPG
[07/10/2012 – 15:24:46 | N | 1013 Ko] – D:IMG_1246.JPG
[07/10/2012 – 15:24:36 | N | 1036 Ko] – D:IMG_1247.JPG
[15/10/2013 – 14:15:34 | N | 85567 Ko] – D:Trombinoscopecl5.odt
[04/11/2013 – 17:04:52 | N | 2417 Ko] – D:IMG_4596.JPG
[17/11/2013 – 16:54:38 | N | 148 Ko] – D:histogramme (1).xls
[16/01/2013 – 16:12:06 | N | 56 Ko] – D:facture6433047.pdf
[05/11/2013 – 13:12:52 | N | 21399 Ko] – D:Sans nom 1.odt
[18/11/2013 – 13:51:22 | N | 155 Ko] – D:histogramme TPS.xls
[06/09/2013 – 07:04:44 | D] – D:Photos eleves
[08/04/2013 – 21:56:32 | N | 9812 Ko] – D:Fichier+Sudoku+niv1+et+2.pdf
[15/03/2000 – 02:28:42 | N | 29 Ko] – D:coordonées.doc
[05/09/2013 – 14:17:12 | D] – D:T1 Villejuif (TPS-PS)
[02/11/2013 – 14:37:54 | N | 357483 Ko] – D:Grimm.S02E08.PROPER.VOSTFR.HDTV.XviD-ATeam.avi

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |