cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.166 | [Suppression]

Utilisateur: Zineb (Administrateur) # ZINEB-PC
Mis � jour le 26/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 19:54:18 | 13/05/2015

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Quanta (LG4 )
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
RAM -> [Total : 3054 Mo| Free : 1955 Mo]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Google Chrome : 37.0.2062.120
WB: Mozilla Firefox : 37.0.2

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AV: avast! Antivirus [Enabled | Updated]
AS: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 146 Go (44 Go libre(s) - 30%) [] # NTFS
D:\ -> Disque fixe # 146 Go (146 Go libre(s) - 100%) [] # NTFS
E:\ -> Disque fixe # 173 Go (172 Go libre(s) - 100%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [TALBI] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 564 |ParentID: 556)
C:\Windows\system32\wininit.exe (ID: 636 |ParentID: 556)
C:\Windows\system32\csrss.exe (ID: 664 |ParentID: 648)
C:\Windows\system32\services.exe (ID: 704 |ParentID: 636)
C:\Windows\system32\lsass.exe (ID: 724 |ParentID: 636)
C:\Windows\system32\lsm.exe (ID: 732 |ParentID: 636)
C:\Windows\system32\winlogon.exe (ID: 788 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 872 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 972 |ParentID: 704)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 312 |ParentID: 704)
C:\Windows\system32\atiesrxx.exe (ID: 168 |ParentID: 704)
C:\Windows\System32\svchost.exe (ID: 568 |ParentID: 704)
C:\Windows\System32\svchost.exe (ID: 488 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 504 |ParentID: 704)
C:\Windows\system32\AUDIODG.EXE (ID: 1180 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 1232 |ParentID: 704)
C:\Windows\system32\atieclxx.exe (ID: 1368 |ParentID: 168)
C:\Windows\system32\svchost.exe (ID: 1392 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 1640 |ParentID: 704)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1716 |ParentID: 704)
C:\Windows\system32\Dwm.exe (ID: 1804 |ParentID: 488)
C:\Windows\Explorer.EXE (ID: 1828 |ParentID: 1796)
C:\Windows\system32\runonce.exe (ID: 1864 |ParentID: 1828)
C:\Windows\SysWOW64\runonce.exe (ID: 1876 |ParentID: 1864)
C:\Windows\System32\spoolsv.exe (ID: 1956 |ParentID: 704)
C:\Windows\system32\taskhost.exe (ID: 2012 |ParentID: 704)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1708 |ParentID: 704)
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (ID: 1692 |ParentID: 704)
C:\Program Files\Motorola\Bluetooth\audiosrv.exe (ID: 1420 |ParentID: 704)
C:\Program Files\Motorola\Bluetooth\obexsrv.exe (ID: 2064 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 2088 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 2160 |ParentID: 704)
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (ID: 2332 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 2360 |ParentID: 704)
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ID: 2448 |ParentID: 2332)
C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (ID: 2800 |ParentID: 704)
C:\Windows\system32\WUDFHost.exe (ID: 3024 |ParentID: 488)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2116 |ParentID: 872)

################## | Regedit Run |

04 - HKCU\..\Run : [Akamai NetSession Interface] "C:\Users\Zineb\AppData\Local\Akamai\netsession_win.exe"
04 - HKCU\..\Run : [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
04 - HKCU\..\RunOnce : [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
04 - HKLM\..\Run : [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
04 - HKLM\..\Run : [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
04 - HKLM\..\Run : [LG Intelligent Update] "C:\Program Files (x86)\lg_swupdate\giljabistart.exe" Gilautouc
04 - HKLM\..\Run : [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM64\..\Run : [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM64\..\Run : [HotkeyManager] C:\Program Files\LG Software\LG OSD\HotkeyManager.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\..\Run : [Akamai NetSession Interface] "C:\Users\Zineb\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\..\Run : [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\..\RunOnce : [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin

################## | Recherche g�n�rique |

Supprim�! D:\Nouveau Dossier.lnk
Supprim�! D:\Zineb.lnk
Supprim�! E:\Nouveau Dossier.lnk
Supprim�! E:\Zineb.lnk
Supprim�! H:\Nouveau Dossier.lnk
Supprim�! H:\Zineb.lnk

(!) Fichiers temporaires supprim�s.

################## | Registre |

R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aclauncher.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAppMgr.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner64.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connect.service.contentservice.admin.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtagent.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtpro.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\speedmanager.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstalltool.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Supprim�! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\youcam.exe
Supprim�! HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce|FlashPlayerUpdate
Supprim�! HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\Software\.\.\.\.\Mountpoints2\G
Supprim�! HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\Software\.\.\.\.\Mountpoints2\I
Supprim�! HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\Software\.\.\.\.\Mountpoints2\{52b9389f-8547-11e4-80ae-74f06de34721}
Supprim�! HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\Software\.\.\.\.\Mountpoints2\{6cbdb47d-ad44-11e3-8bcd-e89a8fae3487}
Supprim�! HKU\S-1-5-21-2846360427-2888766979-1406914950-1000\Software\.\.\.\.\Mountpoints2\{da6cd161-e7cc-11e3-b233-e89a8fae3487}

################## | Listing |

[25/05/2014 - 19:05:56 | SHD] - C:\$Recycle.Bin
[12/05/2015 - 20:56:06 | D] - C:\Config.Msi
[23/03/2015 - 08:37:22 | D] - C:\creatiel
[25/10/2014 - 10:23:59 | D] - C:\Dev-Cpp
[14/07/2009 - 05:08:56 | SHD] - C:\Documents and Settings
[06/09/2014 - 19:50:35 | D] - C:\mergemodules
[12/02/2014 - 20:12:26 | RHD] - C:\MSOCache
[11/03/2011 - 16:28:00 | N | 1 Ko] - C:\NetworkCfg.xml
[13/05/2015 - 19:53:27 | ASH | 3127136 Ko] - C:\pagefile.sys
[14/07/2009 - 03:20:08 | D] - C:\PerfLogs
[08/03/2015 - 01:33:23 | D] - C:\Program Files
[13/04/2015 - 21:10:47 | D] - C:\Program Files (x86)
[03/02/2015 - 22:35:50 | HD] - C:\ProgramData
[11/02/2014 - 12:57:01 | SHD] - C:\Recovery
[12/05/2015 - 14:09:39 | SHD] - C:\System Volume Information
[12/04/2014 - 17:25:43 | D] - C:\Temp
[09/06/2014 - 21:29:31 | D] - C:\UsbFix
[30/07/2014 - 01:54:25 | N | 12 Ko | F6BCABF94BE6BD3685F5C911995C1CE1] - C:\UsbFix [Clean 2] ZINEB-PC.txt
[13/05/2015 - 19:55:09 | A | 11 Ko | A0F653C50256CB2A7EF6DDB533AE75F5] - C:\UsbFix [Clean 4] ZINEB-PC.txt
[09/06/2014 - 21:30:42 | N | 7 Ko | 23C416EC4CB226F69EB93B0ECA018F53] - C:\UsbFix [Scan 1] ZINEB-PC.txt
[10/06/2014 - 21:27:54 | N | 8 Ko | 3FED677C78A1AE5339725A1D86A25B1D] - C:\UsbFix [Scan 2] ZINEB-PC.txt
[11/06/2014 - 22:48:09 | N | 8 Ko | F3FCACE11DB05500C15BC64FD2A5097F] - C:\UsbFix [Scan 3] ZINEB-PC.txt
[12/06/2014 - 21:46:10 | N | 8 Ko | 999F925AE456C521548263345CF2B702] - C:\UsbFix [Scan 4] ZINEB-PC.txt
[29/07/2014 - 18:07:23 | N | 9 Ko | 5D65DCC6F9305A32098D39B87E60CF12] - C:\UsbFix [Scan 5] ZINEB-PC.txt
[18/12/2014 - 13:13:49 | N | 12 Ko | AEBE80B1085E565B31B9A736F847FFCC] - C:\UsbFix [Scan 6] ZINEB-PC.txt
[22/02/2015 - 16:56:23 | N | 12 Ko | F801E85EB520A334CE1437F5DA7219C7] - C:\UsbFix [Scan 7] ZINEB-PC.txt
[15/03/2014 - 18:23:58 | D] - C:\Users
[26/04/2015 - 17:59:03 | D] - C:\Windows
[11/02/2014 - 12:57:24 | SHD] - D:\$RECYCLE.BIN
[13/10/2013 - 16:25:28 | N | 18 Ko] - D:\AUTOEXE
[13/10/2013 - 16:24:58 | N | 1 Ko] - D:\bin.doc
[13/10/2013 - 16:26:56 | N | 0 Ko] - D:\bizo.doc
[13/10/2013 - 16:26:56 | N | 0 Ko] - D:\bizo.mp3
[25/12/2013 - 09:56:20 | N | 1 Ko] - D:\blocs.html
[19/12/2013 - 11:59:34 | N | 0 Ko | 907D5B0924C44FA52AC45B762460970D] - D:\devoir.txt
[23/12/2013 - 22:40:26 | N | 0 Ko | C20AD4D76FE97759AA27A0C99BFF6710] - D:\fich.txt
[13/10/2013 - 16:25:28 | N | 18 Ko] - D:\img.jpg
[18/10/2013 - 18:11:53 | N | 838 Ko | 13D6E0AEF0F093F30BAB17380C92177D] - D:\slimdrivers-setup.exe
[13/10/2013 - 16:26:56 | N | 0 Ko] - D:\system
[15/10/2013 - 12:00:28 | SHD] - D:\System Volume Information
[16/08/2013 - 19:19:32 | N | 1 Ko] - D:\Zain
[16/03/2015 - 00:02:44 | SHD] - E:\$RECYCLE.BIN
[13/10/2013 - 16:24:58 | N | 1 Ko] - E:\bin.doc
[13/10/2013 - 16:26:56 | N | 0 Ko] - E:\bizo.mp3
[13/10/2013 - 16:25:28 | N | 18 Ko] - E:\img.jpg
[15/03/2015 - 15:56:13 | SHD] - E:\System Volume Information
[16/08/2013 - 19:19:32 | N | 1 Ko] - E:\Zain
[13/10/2013 - 16:25:28 | N | 18 Ko] - H:\img.jpg
[13/10/2013 - 16:26:56 | N | 0 Ko] - H:\bizo.mp3
[13/10/2013 - 16:24:58 | N | 1 Ko] - H:\bin.doc
[16/08/2013 - 19:19:32 | N | 1 Ko] - H:\Zain

################## | Vaccin |

D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité