TIPHAINE
Participant
Nombre d'articles : 17

Coucou !

J’ai redémarré mon ordi en mode sans echec et j’ai fait “suppression” sur USB fix

Voici le rapport :

############################## | UsbFix V 7.159 | [Suppression]

Utilisateur: asus (Administrateur) # ADMIN-PC
Mis à jour le 06/01/2014 par El Desaparecido – Team SosVirus
Lancé à 14:38:02 | 06/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (1015BXO)
CPU: AMD C-50 Processor
RAM -> [Total : 749 Mo| Free : 255 Mo]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16750

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 100 Go (66 Go libre(s) – 66%) [] # NTFS
D: -> Disque fixe # 183 Go (165 Go libre(s) – 90%) [] # NTFS
E: -> Disque amovible # 984 Mo (917 Mo libre(s) – 93%) [USB] # FAT

################## | Processus Stoppés |

Stoppé! C:windowsExplorer.EXE (ID: 1388 |ParentID: 1380)
Stoppé! C:windowssystem32ctfmon.exe (ID: 1448 |ParentID: 1388)
Stoppé! C:windowssystem32DllHost.exe (ID: 1672 |ParentID: 592)
Stoppé! C:UsersasusAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1832 |ParentID: 1388)
Stoppé! C:UsersasusAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1100 |ParentID: 1832)
Stoppé! C:UsersasusAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2044 |ParentID: 1832)

################## | Regedit Run |

04 – HKLM..Run : [Trend Micro Client Framework] “C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..RunOnce : []
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-219032517-490203943-621970992-1002..Run : [iTunesHelper] wscript.exe //B “C:UsersasusAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersasusAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! C:UsersasusAppDataLocalTempiTunesHelper.vbe
Supprimé! E:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-219032517-490203943-621970992-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[05/04/2012 – 19:47:12 | SHD] – C:$RECYCLE.BIN
[23/08/2011 – 03:21:51 | D] – C:AsusVibeData
[10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
[25/11/2011 – 12:45:20 | SHD] – C:Boot
[20/11/2010 – 13:40:08 | RASH | 375 Ko] – C:bootmgr
[10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
[14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
[23/03/2012 – 02:08:13 | D] – C:ExpressGateUtil
[06/01/2014 – 14:27:48 | ASH | 575580 Ko] – C:hiberfil.sys
[06/01/2014 – 14:27:51 | ASH | 1048576 Ko] – C:pagefile.sys
[14/07/2009 – 03:37:05 | D] – C:PerfLogs
[15/10/2012 – 11:30:47 | N | 1 Ko] – C:preference.xml
[05/01/2014 – 16:45:17 | D] – C:Program Files
[02/07/2013 – 21:31:35 | HD] – C:ProgramData
[23/03/2012 – 01:53:16 | SHD] – C:Recovery
[23/08/2011 – 03:14:26 | N | 2 Ko] – C:RHDSetup.log
[23/03/2012 – 15:46:31 | D] – C:Security Administrator
[05/01/2014 – 16:26:22 | SHD] – C:System Volume Information
[06/01/2014 – 14:38:05 | D] – C:UsbFix
[06/01/2014 – 14:43:53 | A | 4 Ko | 476AE5ADB0638849575466D298BC03D4] – C:UsbFix [Clean 3] ADMIN-PC.txt
[05/01/2014 – 16:50:47 | N | 7 Ko | E2075985E9D5E315601DC133A6E28912] – C:UsbFix [Scan 1] ADMIN-PC.txt
[05/01/2014 – 18:38:31 | N | 8 Ko | A3CA4E31E7F67518FA90514C09EA5E71] – C:UsbFix [Scan 2] ADMIN-PC.txt
[24/09/2012 – 20:08:12 | N | 0 Ko] – C:user.js
[05/04/2012 – 19:51:06 | D] – C:Users
[09/04/2012 – 13:27:36 | D] – C:wamp
[05/01/2014 – 16:39:40 | D] – C:Windows
[05/04/2012 – 19:46:59 | SHD] – D:$RECYCLE.BIN
[09/01/2013 – 22:05:03 | D] – D:c045a3de7d236d434e
[06/09/2013 – 08:09:45 | D] – D:cce60a8d26ef73b9e662d81e90
[15/10/2012 – 19:56:40 | D] – D:Fond d’écran
[28/07/2013 – 17:06:41 | D] – D:Photos
[10/07/2013 – 18:51:56 | D] – D:Programmation
[23/03/2012 – 09:45:36 | SHD] – D:System Volume Information
[20/07/2013 – 17:41:24 | D] – D:Videos
[20/12/2013 – 13:47:56 | SHD] – E:Autorun.inf

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |