cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.165 | [Suppression]

Utilisateur: charly (Administrateur) # CHARLY-PC
Mis � jour le 20/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 17:25:22 | 23/02/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (F5SL )
CPU: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
RAM -> [Total : 3071 Mo| Free : 2221 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Google Chrome : 33.0.1750.117

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Disque fixe # 233 Go (116 Go libre(s) - 50%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 2 Go (2 Go libre(s) - 100%) [CARTE SD] # FAT
F:\ -> CD-ROM
G:\ -> Disque amovible # 60 Go (60 Go libre(s) - 100%) [CHA LOM] # exFAT

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 364 |ParentID: 348)
C:\Windows\system32\wininit.exe (ID: 440 |ParentID: 348)
C:\Windows\system32\csrss.exe (ID: 448 |ParentID: 432)
C:\Windows\system32\services.exe (ID: 488 |ParentID: 440)
C:\Windows\system32\lsass.exe (ID: 512 |ParentID: 440)
C:\Windows\system32\lsm.exe (ID: 520 |ParentID: 440)
C:\Windows\system32\svchost.exe (ID: 620 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 684 |ParentID: 488)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 740 |ParentID: 488)
C:\Windows\system32\winlogon.exe (ID: 800 |ParentID: 432)
C:\Windows\system32\atiesrxx.exe (ID: 916 |ParentID: 488)
C:\Windows\System32\svchost.exe (ID: 956 |ParentID: 488)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1040 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1068 |ParentID: 488)
C:\Windows\system32\atieclxx.exe (ID: 1276 |ParentID: 916)
C:\Windows\system32\svchost.exe (ID: 1304 |ParentID: 488)
C:\Windows\System32\spoolsv.exe (ID: 1508 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1536 |ParentID: 488)
C:\Windows\system32\taskhost.exe (ID: 1692 |ParentID: 488)
C:\Windows\system32\Dwm.exe (ID: 1748 |ParentID: 996)
C:\Windows\Explorer.EXE (ID: 1788 |ParentID: 1712)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1872 |ParentID: 488)
C:\Users\charly\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 320 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 1020 |ParentID: 488)
C:\Windows\system32\WUDFHost.exe (ID: 2352 |ParentID: 996)
C:\Users\charly\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 2496 |ParentID: 488)
C:\Windows\System32\rundll32.exe (ID: 2504 |ParentID: 620)
C:\Users\charly\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 2568 |ParentID: 2496)
C:\Windows\system32\SearchIndexer.exe (ID: 2844 |ParentID: 488)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 2980 |ParentID: 1788)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 2988 |ParentID: 1788)
C:\Windows\System32\wscript.exe (ID: 3076 |ParentID: 1788)
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (ID: 2660 |ParentID: 1788)
C:\Users\charly\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe (ID: 3480 |ParentID: 3356)
C:\Windows\system32\svchost.exe (ID: 2608 |ParentID: 488)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3660 |ParentID: 488)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2452 |ParentID: 2844)
c:\Program Files\Microsoft Security Client\MpCmdRun.exe (ID: 1552 |ParentID: 860)
C:\Windows\system32\SearchFilterHost.exe (ID: 1036 |ParentID: 2844)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2920 |ParentID: 620)

################## | Regedit Run |

04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : [uTorrent] "C:\Users\charly\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [lollipop_01161816] lollipop_01161816
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [SysBackUp] wscript.exe //B "C:\Users\charly\AppData\Roaming\SysBackUp.vbs"
04 - HKCU\..\Run : [Wipe Maintance] "C:\Program Files\net1-wipe\net1.exe" windowsStartup
04 - HKCU\..\Run : [Softonic for Windows] "C:\Users\charly\AppData\Local\Softonic\Softonic.exe" -minimize
04 - HKCU\..\Run : [FlashPlayerPlug_11_4_76_983] C:\Users\charly\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [uTorrent] "C:\Users\charly\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [lollipop_01161816] lollipop_01161816
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [SysBackUp] wscript.exe //B "C:\Users\charly\AppData\Roaming\SysBackUp.vbs"
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [Wipe Maintance] "C:\Program Files\net1-wipe\net1.exe" windowsStartup
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [Softonic for Windows] "C:\Users\charly\AppData\Local\Softonic\Softonic.exe" -minimize
04 - HKU\S-1-5-21-584595407-3981894200-3597927370-1000\..\Run : [FlashPlayerPlug_11_4_76_983] C:\Users\charly\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche g�n�rique |

Supprim�! C:\Users\charly\AppData\Roaming\SysBackUp.vbs
Supprim�! C:\Users\charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SysBackUp.vbs
Supprim�! C:\Users\charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug_11_4_76_983.exe
Supprim�! C:\Users\charly\AppData\Local\Temp\FlashPlayerMsj.exe
Supprim�! E:\SysBackUp.vbs
Supprim�! G:\SysBackUp.vbs
Non supprim� ! C:\Users\charly\AppData\Roaming\FlashPlayer Install

(!) Fichiers temporaires supprim�s.

################## | Registre |

Supprim�! HKU\S-1-5-21-584595407-3981894200-3597927370-1000\Software\Microsoft\Windows\CurrentVersion\Run|SysBackUp
Supprim�! HKU\S-1-5-21-584595407-3981894200-3597927370-1000\Software\Microsoft\Windows\CurrentVersion\Run|FlashPlayerPlug_11_4_76_983
Supprim�! HKU\S-1-5-21-584595407-3981894200-3597927370-1000\Software\.\.\.\.\Mountpoints2\{8bbfc106-52df-11e3-8f7a-002215708425}

################## | Listing |

[22/11/2013 - 23:50:39 | D] - C:\$AVG
[11/10/2013 - 10:00:44 | SHD] - C:\$Recycle.Bin
[10/06/2009 - 23:42:20 | A | 0 Ko] - C:\autoexec.bat
[21/02/2014 - 08:07:55 | D] - C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 06:53:55 | SHD] - C:\Documents and Settings
[10/01/2014 - 15:30:40 | N | 0 Ko] - C:\END
[23/02/2014 - 17:15:22 | ASH | 2358736 Ko] - C:\hiberfil.sys
[29/11/2013 - 19:48:56 | RASH | 0 Ko] - C:\IO.SYS
[29/11/2013 - 19:48:56 | RASH | 0 Ko] - C:\MSDOS.SYS
[14/02/2014 - 02:01:18 | RHD] - C:\MSOCache
[23/02/2014 - 17:15:29 | ASH | 3144984 Ko] - C:\pagefile.sys
[14/07/2009 - 04:37:05 | D] - C:\PerfLogs
[23/02/2014 - 17:15:21 | D] - C:\Program Files
[23/02/2014 - 17:09:38 | HD] - C:\ProgramData
[11/10/2013 - 10:00:22 | SHD] - C:\Recovery
[29/11/2013 - 20:25:03 | D] - C:\SIERRA
[20/02/2014 - 22:38:50 | SHD] - C:\System Volume Information
[21/11/2013 - 21:42:42 | D] - C:\UnrealTournament
[23/02/2014 - 17:25:07 | D] - C:\UsbFix
[23/02/2014 - 17:28:57 | A | 9 Ko | 6E86B841491F8EFF80C2F5FD8305F3A8] - C:\UsbFix [Clean 2] CHARLY-PC.txt
[20/01/2014 - 19:39:55 | D] - C:\Users
[20/02/2014 - 22:34:27 | D] - C:\Windows

################## | Vaccin |

E:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité