Anonyme
Nombre d'articles : 19

j’a tout fait :p
scan usbfix : [spoiler:1x95sj3a]############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: user (Administrateur) # USER-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 18:16:33 | 02/05/2014

Site Web : http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/ » onclick= »window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (M5A97)
CPU: AMD FX(tm)-6100 Six-Core Processor
RAM -> [Total : 8138 Mo| Free : 6737 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17041
WB: Mozilla Firefox : 28.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Internet Security [(!) Disabled | Updated]
AS: avast! Internet Security [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: avast! Internet Security [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 488 Go (413 Go libre(s) – 85%) [] # NTFS
D: -> CD-ROM
I: -> Disque fixe # 443 Go (163 Go libre(s) – 37%) [Nouveau nom] # NTFS
J: -> Disque fixe # 233 Go (43 Go libre(s) – 19%) [Melusine] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 516 |ParentID: 484)
C:Windowssystem32csrss.exe (ID: 596 |ParentID: 588)
C:Windowssystem32wininit.exe (ID: 604 |ParentID: 484)
C:Windowssystem32winlogon.exe (ID: 652 |ParentID: 588)
C:Windowssystem32services.exe (ID: 704 |ParentID: 604)
C:Windowssystem32lsass.exe (ID: 712 |ParentID: 604)
C:Windowssystem32lsm.exe (ID: 720 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 832 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 936 |ParentID: 704)
C:Windowssystem32atiesrxx.exe (ID: 1016 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 324 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 428 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 524 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 520 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 1128 |ParentID: 704)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1192 |ParentID: 704)
C:Windowssystem32atieclxx.exe (ID: 1244 |ParentID: 1016)
C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1364 |ParentID: 704)
C:Windowssystem32Dwm.exe (ID: 1484 |ParentID: 428)
C:WindowsExplorer.EXE (ID: 1620 |ParentID: 1476)
C:WindowsSystem32spoolsv.exe (ID: 1716 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 1748 |ParentID: 704)
C:Windowssystem32taskhost.exe (ID: 1776 |ParentID: 704)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1916 |ParentID: 704)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1944 |ParentID: 704)
C:Windowssystem32runonce.exe (ID: 1980 |ParentID: 1620)
C:WindowsSysWOW64runonce.exe (ID: 2012 |ParentID: 1980)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2032 |ParentID: 704)
C:Windowssystem32taskeng.exe (ID: 1200 |ParentID: 520)
C:Windowssystem32taskeng.exe (ID: 1324 |ParentID: 520)
C:WindowsDAODx.exe (ID: 1344 |ParentID: 1200)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 1404 |ParentID: 1324)
C:Program FilesBonjourmDNSResponder.exe (ID: 812 |ParentID: 704)
C:Program Files (x86)FileZilla ServerFileZilla Server.exe (ID: 2084 |ParentID: 704)
C:Program Files (x86)GarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe (ID: 2144 |ParentID: 704)
C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 2708 |ParentID: 704)
C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe (ID: 3004 |ParentID: 704)
C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGmdm.exe (ID: 2288 |ParentID: 704)
C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe (ID: 2276 |ParentID: 3004)
C:WindowsSystem32svchost.exe (ID: 2732 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 1224 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 1220 |ParentID: 704)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2956 |ParentID: 704)
C:Windowssystem32wbemwmiprvse.exe (ID: 3080 |ParentID: 832)
C:Program Files (x86)Xerox CorporationXDA Litebinxda.service.exe (ID: 3236 |ParentID: 704)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3304 |ParentID: 2956)
C:Windowssystem32wbemwmiprvse.exe (ID: 3256 |ParentID: 832)

################## | Recherche générique |

Supprimé! J:RecyclerS-1-5-21-1482476501-2077806209-725345543-1003desktop.ini
Supprimé! J:RecyclerS-1-5-21-1482476501-2077806209-725345543-1003INFO2
Supprimé! J:RecyclerS-1-5-21-1482476501-2077806209-725345543-1003

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3207308708-1096619542-1493018149-1000Software….Mountpoints2{4804b727-cb2a-11e1-9a60-5404a648837a}
Supprimé! HKUS-1-5-21-3207308708-1096619542-1493018149-1000Software….Mountpoints2{5f9adcad-5637-11e1-9c36-5404a648837a}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [ANT Agent] C:Program Files (x86)GarminANT AgentANT Agent.exe
04 – HKCU..Run : [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
04 – HKCU..Run : [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
04 – HKCU..Run : [GarminExpressTrayApp] « C:Program Files (x86)GarminExpress TrayExpressTray.exe »
04 – HKLM..Run : [StartCCC] « C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe » MSRun
04 – HKLM..Run : [avast] « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
04 – HKLM..Run : [APSDaemon] « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
04 – HKLM..Run : [FileZilla Server Interface] « C:Program Files (x86)FileZilla ServerFileZilla Server Interface.exe »
04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLM..Run : [SunJavaUpdateSched] « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLM..Run : [DSCRun] « C:Program Files (x86)Xerox CorporationXDA LitebinXda.Shell.exe » hide
04 – HKLM..Run : [QuickTime Task] « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
04 – HKLM..Run : [iTunesHelper] « C:Program Files (x86)iTunesiTunesHelper.exe »
04 – HKLM..Run : [Acrobat Assistant 8.0] « C:Program Files (x86)AdobeAcrobat 8.0AcrobatAcrotray.exe »
04 – HKLM..Run : []
04 – HKLM..Run : [Adobe_ID0EYTHM] C:PROGRA~2COMMON~1AdobeADOBEV~1ServerbinVERSIO~2.EXE
04 – [x64] HKLM..Run : [Logitech Download Assistant] C:Windowssystem32rundll32.exe C:WindowsSystem32LogiLDA.dll,LogiFetch
04 – [x64] HKLM..Run : [XeroxEndeavorBackgroundTask] rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [ANT Agent] C:Program Files (x86)GarminANT AgentANT Agent.exe
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [GarminExpressTrayApp] « C:Program Files (x86)GarminExpress TrayExpressTray.exe »
04 – HKUS-1-5-18..Run : [GarminExpressTrayApp] « C:Program Files (x86)GarminExpress TrayExpressTray.exe »
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[10/03/2014 – 12:48:40 | SHD] – C:$Recycle.Bin
[02/05/2014 – 13:37:23 | D] – C:AdwCleaner
[29/04/2014 – 07:14:08 | D] – C:Config.Msi
[08/07/2013 – 11:35:45 | N | 6 Ko | FF1A659F6812C49FD4C20804560B3264] – C:DIAL Communication Framework Setup Log.txt
[08/07/2013 – 11:35:50 | N | 13 Ko | 7B5142C6A4E3D65413BF34BB4B8FAFAE] – C:DIALux Setup Information.txt
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[19/04/2012 – 18:21:13 | D] – C:Hager
[02/05/2014 – 18:14:47 | ASH | 6250320 Ko] – C:hiberfil.sys
[07/02/2014 – 12:23:24 | D] – C:IDE
[22/05/2012 – 19:33:36 | D] – C:IEPlugin_h264
[18/02/2014 – 19:39:16 | D] – C:LEG
[07/02/2014 – 12:21:25 | RHD] – C:MSOCache
[02/05/2014 – 18:14:51 | ASH | 8333764 Ko] – C:pagefile.sys
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[02/05/2014 – 14:09:23 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[30/04/2014 – 12:08:23 | D] – C:Program Files
[02/05/2014 – 14:06:07 | D] – C:Program Files (x86)
[02/05/2014 – 13:57:47 | D] – C:ProgramData
[02/02/2012 – 18:51:17 | SHD] – C:Recovery
[02/02/2012 – 19:04:59 | N | 2 Ko] – C:RHDSetup.log
[30/04/2014 – 16:29:20 | D] – C:SCAN
[02/05/2014 – 18:13:24 | SHD] – C:System Volume Information
[06/03/2014 – 10:25:05 | D] – C:temp
[19/03/2014 – 11:35:25 | N | 2 Ko] – C:temp.log
[02/05/2014 – 18:11:27 | D] – C:UsbFix
[02/05/2014 – 18:17:25 | A | 10 Ko | 461B32E1427B720CF7E54939E85A50E6] – C:UsbFix [Clean 2] USER-PC.txt
[12/03/2013 – 10:54:20 | D] – C:Users
[02/05/2014 – 18:12:11 | D] – C:Windows
[30/10/2012 – 19:25:20 | SHD] – I:$RECYCLE.BIN
[09/03/2014 – 13:47:27 | D] – I:2011-08-13 002
[09/03/2014 – 13:47:31 | D] – I:2011-08-14 002
[09/03/2014 – 13:48:02 | D] – I:2011-08-15 001
[09/03/2014 – 13:47:01 | D] – I:2011-08-16 001
[09/03/2014 – 13:47:03 | D] – I:2011-08-17 001
[09/03/2014 – 13:47:18 | D] – I:2011-08-19 001
[09/03/2014 – 13:48:38 | D] – I:2011-08-19 002
[09/03/2014 – 13:48:38 | D] – I:2011-08-20 001
[06/05/2012 – 13:51:35 | D] – I:jeux wii
[09/03/2014 – 13:51:49 | D] – I:karao selec
[09/03/2014 – 13:56:09 | D] – I:KARAOKE
[09/03/2014 – 13:49:15 | D] – I:Noel 2013
[09/03/2014 – 13:49:27 | D] – I:soirée raclette
[02/02/2012 – 19:14:27 | SHD] – I:System Volume Information
[09/02/2014 – 15:44:02 | SHD] – J:$RECYCLE.BIN
[27/05/2011 – 12:47:41 | N | 0 Ko | 7CDE7F11CF09A9108C0A3DDF87BC11D4] – J:1010casino.txt
[23/10/2009 – 19:51:21 | N | 149 Ko] – J:5016.pdf
[16/03/2014 – 16:59:31 | D] – J:Album Photo
[26/08/2013 – 07:17:09 | D] – J:Album Video
[09/06/2008 – 18:58:48 | N | 2 Ko | 679F321800839D8650FB0723E3D3A61A] – J:ANNUAIRELILO.txt
[09/06/2008 – 18:45:51 | N | 2 Ko | 7A275102CEF5665908D04EE549D22E86] – J:annuairemelu.txt
[27/04/2008 – 22:44:44 | N | 0 Ko | 11363D2D0CDEECF839BFBC50C90604FB] – J:banniere.txt
[22/05/2011 – 17:21:50 | D] – J:boutiquemelusine
[10/04/2008 – 10:34:21 | N | 0 Ko | 84C0BA6351798C43236C7C86FBDA7241] – J:cdm.txt
[11/03/2012 – 16:58:21 | N | 2677 Ko] – J:christelle2.psd
[02/06/2013 – 09:36:46 | D] – J:CLIENT
[16/09/2012 – 17:03:19 | D] – J:coinmalinzip
[15/06/2011 – 22:10:06 | D] – J:dessinfufulilo
[26/08/2012 – 18:22:55 | D] – J:disquec
[05/05/2012 – 07:40:55 | D] – J:Doc Hervé
[24/02/2013 – 10:29:29 | D] – J:DOSSIERPEGGY
[02/06/2013 – 09:38:18 | D] – J:Downloads
[17/11/2008 – 13:53:37 | N | 2061 Ko] – J:ehthumbs_vista.db
[23/02/2012 – 22:01:58 | N | 89 Ko] – J:Facture lilokado.doc
[22/10/2008 – 23:29:46 | N | 129 Ko] – J:feuille.ai
[02/06/2013 – 15:29:15 | D] – J:Fichier personnel administratif
[02/06/2013 – 09:28:54 | D] – J:film
[02/06/2013 – 09:47:08 | D] – J:Images diverses
[26/08/2013 – 07:17:37 | D] – J:Jeux
[19/03/2014 – 08:37:38 | D] – J:laurent
[31/05/2011 – 14:05:29 | N | 30 Ko] – J:ligne.psd
[19/03/2014 – 12:14:08 | D] – J:Logiciels
[21/10/2008 – 22:17:21 | N | 654 Ko] – J:Media Com Trading présent les Stratégies et Secrets du Poker.pdf
[01/02/2011 – 23:06:09 | D] – J:melusineanglais
[26/08/2012 – 20:29:27 | D] – J:Mes sites Web
[20/08/2012 – 11:58:37 | D] – J:Musique
[17/06/2008 – 08:01:37 | D] – J:My ISO Files
[24/09/2012 – 12:31:14 | D] – J:Mélusine
[04/02/2009 – 12:48:11 | N | 1179 Ko] – J:noticehotte.pdf
[11/03/2012 – 16:23:16 | N | 20687 Ko] – J:orcieres.psd
[22/10/2009 – 18:27:29 | N | 37 Ko] – J:Ordre Insertion lilokado.com (221009).doc
[15/04/2011 – 12:38:58 | N | 38 Ko] – J:Ordre Insertion lilokado.com edarling.doc
[14/05/2010 – 18:33:37 | N | 36 Ko] – J:ordre-insertion-may10-lilokado.doc
[21/10/2008 – 22:56:51 | N | 20327 Ko] – J:poker.rtf
[22/06/2008 – 17:41:03 | D] – J:Recycled
[24/02/2013 – 12:47:42 | SHD] – J:RECYCLER
[11/10/2009 – 14:29:03 | N | 0 Ko | 2B013213CFC88C598AC017DC220F093E] – J:referencement.txt
[02/06/2013 – 15:23:35 | D] – J:relevecompte
[02/06/2013 – 20:36:31 | D] – J:sauvegardejuin2013
[27/10/2012 – 22:17:24 | D] – J:sauvegardescoot
[17/11/2012 – 23:11:07 | D] – J:scoot
[07/07/2008 – 08:02:28 | N | 2 Ko] – J:SCooT.ini
[14/03/2011 – 17:44:28 | D] – J:sitemelusineattente
[04/10/2008 – 10:30:43 | D] – J:Sitepeggy
[15/07/2012 – 17:32:24 | D] – J:sitewebclient
[27/05/2011 – 12:44:51 | N | 0 Ko | 7D3630A34ACE90AD6B253EDECDA3A8A1] – J:Spin Palace.txt
[22/12/2011 – 13:54:19 | N | 388 Ko] – J:sport.docx
[26/12/2010 – 14:16:57 | SHD] – J:System Volume Information
[03/04/2009 – 08:23:34 | N | 1 Ko | 75B0FB36424FDA0C1F2BACE669AD220D] – J:textemelusinecreation.txt
[12/09/2010 – 14:44:09 | ASH | 8 Ko] – J:Thumbs.db
[06/09/2012 – 18:32:14 | D] – J:tubesimages
[05/05/2012 – 08:17:16 | D] – J:Tutophotoshop
[02/12/2012 – 23:06:19 | D] – J:Utilitaires Designer
[05/05/2012 – 08:11:00 | D] – J:Utilitaires divers pour site Web
[12/05/2012 – 16:55:44 | D] – J:wordpress
[23/04/2012 – 19:59:20 | D] – J:workpress

################## | Vaccin |

I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:1x95sj3a]

scan roguekiller http://upload.sosvirus.net/www/?a=d&i=USvcy5k7xW
Pour malwarbytes, je n’avais pas de fichier a mettre en quarantaine.

pour Adwcleaner : [spoiler:1x95sj3a]# AdwCleaner v3.205 – Rapport créé le 02/05/2014 à 21:00:13
# Mis à jour le 28/04/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : user – USER-PC
# Exécuté depuis : C:UsersuserDownloadsadwcleaner.exe
# Option : Scanner

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Présente : [x64] HKLMSOFTWAREClassesCLSID{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Clé Présente : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Valeur Présente : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]

***** [ Navigateurs ] *****

-\ Internet Explorer v11.0.9600.17041

-\ Mozilla Firefox v29.0 (fr)

[ Fichier : C:usersuserAppDataRoamingMozillaFirefoxProfilesbru4iotz.defaultprefs.js ]

Ligne Trouvée : user_pref(« browser.uiCustomization.state », « {« placements »:{« PanelUI-contents »:[« edit-controls », »zoom-controls », »new-window-button », »privatebrowsing-button », »save-page-button », »print-but[…]

*************************

AdwCleaner[R0].txt – [30216 octets] – [02/05/2014 13:35:47]
AdwCleaner[R1].txt – [1283 octets] – [02/05/2014 21:00:13]
AdwCleaner[S0].txt – [27592 octets] – [02/05/2014 13:37:18]

########## EOF – C:AdwCleanerAdwCleaner[R1].txt – [1404 octets] ##########[/spoiler:1x95sj3a]