Rageremie
Participant
Nombre d'articles : 14

Bonjour El Desaparecido, voici le rapport d’USBfix :

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Jérémie (Administrateur) # JÉRÉMORDI
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 11:16:24 | 25/04/2014

Site Web : http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/ » onclick= »window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Hewlett-Packard (1970)
CPU: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
RAM -> [Total : 3988 Mo| Free : 2318 Mo]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16659
WB: Google Chrome : 31.0.1650.57

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 907 Go (749 Go libre(s) – 83%) [Windows] # NTFS
D: -> Disque fixe # 23 Go (2 Go libre(s) – 10%) [RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (947 Mo libre(s) – 25%) [] # FAT32
G: -> Disque amovible # 125 Mo (116 Mo libre(s) – 93%) [] # FAT

################## | Processus Actif |

C:WINDOWSsystem32wininit.exe (ID: 576 |ParentID: 484)
C:WINDOWSsystem32winlogon.exe (ID: 640 |ParentID: 588)
C:WINDOWSsystem32lsass.exe (ID: 692 |ParentID: 576)
C:WINDOWSsystem32svchost.exe (ID: 764 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 808 |ParentID: 684)
C:WINDOWSsystem32dwm.exe (ID: 904 |ParentID: 640)
C:PROGRA~1ENIGMA~1SPYHUN~1SH4SER~1.EXE (ID: 916 |ParentID: 684)
C:WINDOWSsystem32atiesrxx.exe (ID: 936 |ParentID: 684)
C:WINDOWSSystem32svchost.exe (ID: 960 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 304 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 504 |ParentID: 684)
C:WINDOWSSystem32svchost.exe (ID: 672 |ParentID: 684)
C:WINDOWSsystem32atieclxx.exe (ID: 788 |ParentID: 936)
C:WINDOWSsystem32Hpservice.exe (ID: 728 |ParentID: 684)
C:Program FilesRealtekAudioHDARtkAudioService64.exe (ID: 1072 |ParentID: 684)
C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 1088 |ParentID: 1072)
C:WINDOWSsystem32svchost.exe (ID: 1120 |ParentID: 684)
C:WINDOWSSystem32spoolsv.exe (ID: 1320 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 1344 |ParentID: 684)
C:Program FilesRealtekAudioHDAAERTSr64.EXE (ID: 1484 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 1500 |ParentID: 684)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1516 |ParentID: 684)
C:Program FilesBonjourmDNSResponder.exe (ID: 1716 |ParentID: 684)
C:Program FilesMicrosoft Office 15ClientX64OfficeClickToRun.exe (ID: 1748 |ParentID: 684)
C:WINDOWSsystem32dashost.exe (ID: 1804 |ParentID: 672)
c:Program Files (x86)Hewlett-PackardHP System EventHPWMISVC.exe (ID: 1812 |ParentID: 684)
C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1860 |ParentID: 684)
C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 1884 |ParentID: 684)
C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe (ID: 2064 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 2120 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 2568 |ParentID: 684)
C:WINDOWSsystem32svchost.exe (ID: 2608 |ParentID: 684)
C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 2960 |ParentID: 684)
C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 800 |ParentID: 684)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 1252 |ParentID: 684)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 2532 |ParentID: 684)
C:WINDOWSsystem32wbemwmiprvse.exe (ID: 2952 |ParentID: 764)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1284 |ParentID: 684)
C:WINDOWSsystem32SearchIndexer.exe (ID: 2724 |ParentID: 684)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1032 |ParentID: 684)
C:WINDOWSsystem32taskhost.exe (ID: 308 |ParentID: 304)
C:WINDOWSsystem32wbemwmiprvse.exe (ID: 3116 |ParentID: 764)
C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe (ID: 3700 |ParentID: 2064)
C:WINDOWSExplorer.EXE (ID: 2324 |ParentID: 3948)
C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweLiveComm.exe (ID: 3980 |ParentID: 764)
C:WindowsSystem32skydrive.exe (ID: 3832 |ParentID: 764)
C:WINDOWSsystem32DllHost.exe (ID: 4080 |ParentID: 764)
C:WindowsSystem32RuntimeBroker.exe (ID: 4696 |ParentID: 764)
C:WINDOWSsystem32taskhostex.exe (ID: 4640 |ParentID: 304)
C:WINDOWSsystem32igfxsrvc.exe (ID: 4392 |ParentID: 764)
C:WindowsSystem32hkcmd.exe (ID: 4824 |ParentID: 2324)
C:WindowsSystem32igfxpers.exe (ID: 4412 |ParentID: 2324)
C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe (ID: 5048 |ParentID: 684)
C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID: 4760 |ParentID: 2324)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3228 |ParentID: 2324)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 4516 |ParentID: 4608)
C:Program Files (x86)SteamSteam.exe (ID: 3400 |ParentID: 2324)
C:UsersJérémieAppDataLocalGoogleUpdateGoogleUpdate.exe (ID: 4736 |ParentID: 2324)
C:Program Files (x86)GoogleDrivegoogledrivesync.exe (ID: 4576 |ParentID: 2324)
C:UsersJérémieAppDataRoamingDropboxbinDropbox.exe (ID: 4228 |ParentID: 2324)
C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 4460 |ParentID: 5036)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 4892 |ParentID: 5036)
C:Program Files (x86)Hewlett-PackardHP System EventHPMSGSVC.exe (ID: 5064 |ParentID: 5036)
C:Program Files (x86)Common FilesSteamSteamService.exe (ID: 4960 |ParentID: 684)
C:Program Files (x86)GoogleDrivegoogledrivesync.exe (ID: 5932 |ParentID: 4576)
C:WindowsSystem32SettingSyncHost.exe (ID: 4480 |ParentID: 764)
C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe (ID: 6136 |ParentID: 304)
C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (ID: 5152 |ParentID: 304)
C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe (ID: 5188 |ParentID: 304)
C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 5544 |ParentID: 684)
C:Program FilesWindowsAppsHalfbrickStudiosPtyLtd.JetpackJoyride_1.0.3.68_x86__w77bc8x1h5kyaJetpackJoyride_Win8.exe (ID: 5608 |ParentID: 764)
C:WindowsSystem32CredentialUIBroker.exe (ID: 6444 |ParentID: 764)
C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe (ID: 6164 |ParentID: 4892)
C:WINDOWSsystem32SearchProtocolHost.exe (ID: 4888 |ParentID: 2724)
C:WINDOWSsystem32SearchFilterHost.exe (ID: 6856 |ParentID: 2724)
C:WindowsSystem32WUDFHost.exe (ID: 4456 |ParentID: 672)
\?C:WINDOWSsystem32wbemWMIADAP.EXE (ID: 5456 |ParentID: 304)
C:WINDOWSSystem32svchost.exe (ID: 3664 |ParentID: 684)
C:WINDOWSsystem32DllHost.exe (ID: 300 |ParentID: 764)

################## | Recherche générique |

Supprimé! F:SergeLeLama.vbs
Supprimé! F:.lnk
Supprimé! F:S01E04 – Cripples, Bastards and Broken Things.lnk
Supprimé! F:S01E05 – The Wolf and the Lion.lnk
Supprimé! F:S01E01 – Winter Is Coming.lnk
Supprimé! F:S01E02 – The Kingsroad.lnk
Supprimé! F:S01E03 – Lord Snow.lnk
Supprimé! F:Sujétion et citoyenneté entre la fin du XVIIe siècle et 1914.lnk
Supprimé! F:Philo.lnk
Supprimé! F:DEVOIR DE PHILO SUR LA POLITIQUE.lnk
Supprimé! F:System Volume Information.lnk
Supprimé! F:.Trashes.lnk
Supprimé! F:.fseventsd.lnk
Supprimé! F:.Spotlight-V100.lnk
Supprimé! F:La Grèce au V siècle.lnk
Supprimé! F:Monothéisme.lnk
Supprimé! F:Starbomb.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Steam] « C:Program Files (x86)SteamSteam.exe » -silent
04 – HKCU..Run : [Google Update] « C:UsersJérémieAppDataLocalGoogleUpdateGoogleUpdate.exe » /c
04 – HKCU..Run : [GoogleDriveSync] « C:Program Files (x86)GoogleDrivegoogledrivesync.exe » /autostart
04 – HKLM..Run : [StartCCC] « C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe » MSRun
04 – HKLM..Run : [RemoteControl10] « C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe »
04 – HKLM..Run : [APSDaemon] « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
04 – HKLM..Run : [SunJavaUpdateSched] « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLM..Run : [HPMessageService] C:Program Files (x86)Hewlett-PackardHP System EventHPMSGSVC.exe
04 – HKLM..Run : [QuickTime Task] « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
04 – HKLM..Run : [iTunesHelper] « C:Program Files (x86)iTunesiTunesHelper.exe »
04 – HKLM..RunOnce : []
04 – [x64] HKLM..Run : [IgfxTray] « C:WINDOWSsystem32igfxtray.exe »
04 – [x64] HKLM..Run : [HotKeysCmds] « C:WINDOWSsystem32hkcmd.exe »
04 – [x64] HKLM..Run : [Persistence] « C:WINDOWSsystem32igfxpers.exe »
04 – [x64] HKLM..Run : [RTHDVCPL] « C:Program FilesRealtekAudioHDARtkNGUI64.exe » -s
04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – [x64] HKLM..RunOnce : [NCPluginUpdater] « C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe » Update
04 – HKUS-1-5-21-270148986-3979810591-4228004459-1001..Run : [Steam] « C:Program Files (x86)SteamSteam.exe » -silent
04 – HKUS-1-5-21-270148986-3979810591-4228004459-1001..Run : [Google Update] « C:UsersJérémieAppDataLocalGoogleUpdateGoogleUpdate.exe » /c
04 – HKUS-1-5-21-270148986-3979810591-4228004459-1001..Run : [GoogleDriveSync] « C:Program Files (x86)GoogleDrivegoogledrivesync.exe » /autostart

################## | Listing |

[19/12/2013 – 09:10:52 | SHD] – C:$Recycle.Bin
[25/04/2014 – 09:42:09 | D] – C:AdwCleaner
[12/02/2014 – 22:42:11 | A | 0 Ko] – C:autoexec.bat
[04/08/2012 – 01:21:36 | SHD] – C:Boot
[26/07/2012 – 05:44:30 | RASH | 389 Ko] – C:bootmgr
[18/06/2013 – 14:18:29 | N | 0 Ko] – C:BOOTNXT
[04/08/2012 – 01:21:37 | RASH | 8 Ko] – C:BOOTSECT.BAK
[19/01/2014 – 13:57:41 | N | 1 Ko | 80569502BEB8ADA9A40D7CB0511060B4] – C:DelFix.txt
[22/08/2013 – 16:45:52 | SHD] – C:Documents and Settings
[25/04/2014 – 09:42:54 | ASH | 3267188 Ko] – C:hiberfil.sys
[06/10/2013 – 19:38:34 | D] – C:HP
[25/04/2014 – 08:11:11 | D] – C:inetpub
[09/08/2013 – 19:57:43 | D] – C:Intel
[28/12/2013 – 11:30:52 | RHD] – C:MSOCache
[25/04/2014 – 09:42:55 | ASH | 4194304 Ko] – C:pagefile.sys
[22/08/2013 – 17:22:35 | D] – C:PerfLogs
[25/04/2014 – 11:07:33 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[18/01/2014 – 22:33:27 | N | 1 Ko] – C:PhysicalMBR.bin
[12/03/2014 – 22:34:51 | D] – C:Program Files
[25/04/2014 – 07:53:01 | D] – C:Program Files (x86)
[25/04/2014 – 09:42:02 | HD] – C:ProgramData
[24/11/2013 – 21:07:59 | SHD] – C:Recovery
[12/02/2014 – 22:41:40 | D] – C:sh4ldr
[29/03/2014 – 13:12:21 | N | 3 Ko] – C:sh4_service.log
[06/10/2013 – 21:29:04 | D] – C:sources
[25/04/2014 – 09:42:55 | ASH | 262144 Ko] – C:swapfile.sys
[01/04/2014 – 10:17:10 | D] – C:SWSetup
[22/04/2014 – 16:20:44 | SHD] – C:System Volume Information
[05/10/2013 – 17:14:36 | D] – C:SYSTEM.SAV
[25/04/2014 – 11:15:10 | D] – C:UsbFix
[25/04/2014 – 11:19:09 | A | 12 Ko | 9E028C33C355D9357309E6167516A652] – C:UsbFix [Clean 2] JÉRÉMORDI.txt
[24/11/2013 – 21:17:49 | D] – C:Users
[24/04/2014 – 22:54:40 | D] – C:Windows
[05/10/2013 – 17:27:49 | SHD] – D:$RECYCLE.BIN
[10/08/2013 – 07:39:52 | RSHD] – D:boot
[26/07/2012 – 20:44:32 | RASH | 389 Ko] – D:bootmgr
[26/07/2012 – 21:57:10 | N | 1319 Ko] – D:bootmgr.efi
[10/08/2013 – 07:39:52 | D] – D:EFI
[10/08/2013 – 07:39:52 | D] – D:hp
[10/08/2013 – 07:39:52 | RSHD] – D:preload
[10/08/2013 – 07:39:52 | RSD] – D:recovery
[10/08/2013 – 07:39:52 | D] – D:RM_Reserve
[02/12/2013 – 11:19:44 | SHD] – D:System Volume Information
[19/01/2014 – 20:34:16 | SHD] – F:System Volume Information
[07/03/2014 – 12:32:50 | SH | 4 Ko] – F:._.Trashes
[07/03/2014 – 12:32:50 | SHD] – F:.Trashes
[07/03/2014 – 12:32:50 | SHD] – F:.fseventsd
[07/03/2014 – 12:32:52 | SHD] – F:.Spotlight-V100
[02/05/2013 – 13:16:52 | N | 563500 Ko] – F:S01E04 – Cripples, Bastards and Broken Things.avi
[02/05/2013 – 13:16:50 | N | 563528 Ko] – F:S01E05 – The Wolf and the Lion.avi
[01/05/2013 – 21:18:44 | N | 563414 Ko] – F:S01E01 – Winter Is Coming.avi
[01/05/2013 – 21:04:12 | N | 563540 Ko] – F:S01E02 – The Kingsroad.avi
[02/05/2013 – 13:16:52 | N | 563469 Ko] – F:S01E03 – Lord Snow.avi
[02/02/2014 – 17:05:02 | D] – F:La Grèce au V siècle
[04/03/2014 – 22:32:10 | D] – F:Monothéisme
[11/03/2014 – 19:17:12 | N | 37 Ko] – F:Sujétion et citoyenneté entre la fin du XVIIe siècle et 1914.docx
[12/03/2014 – 23:00:16 | N | 31 Ko] – F:Philo.odt
[13/03/2014 – 09:48:12 | N | 36 Ko] – F:DEVOIR DE PHILO SUR LA POLITIQUE.odt
[17/03/2014 – 10:27:38 | D] – F:Starbomb
[19/01/2014 – 10:39:50 | SHD] – G:System Volume Information
[12/02/2014 – 09:17:34 | AH | 4 Ko] – G:._.Trashes
[12/02/2014 – 09:17:34 | HD] – G:.Trashes
[25/01/2014 – 10:59:00 | N | 23 Ko] – G:CV.odt
[27/01/2014 – 14:11:24 | D] – G:Influence du Soleil
[11/02/2014 – 12:45:10 | N | 33 Ko] – G:Questions.docx
[12/02/2014 – 09:17:34 | HD] – G:.Spotlight-V100
[12/02/2014 – 10:00:24 | N | 4 Ko] – G:Introduction.docx
[12/02/2014 – 09:36:22 | HD] – G:.TemporaryItems
[12/02/2014 – 09:36:22 | AH | 4 Ko] – G:._.TemporaryItems
[12/02/2014 – 10:00:24 | N | 4 Ko] – G:._Introduction.docx

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |