cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Etienne (Administrateur) # ETIENNE-MSI
Mis � jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 17:53:56 | 14/11/2013

Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Micro-Star International (E7003)
CPU: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
RAM -> [Total : 3886 | Free : 1830]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16618
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 273 Go (38 Go libre(s) - 14%) [OS_Install] # NTFS
D:\ -> Disque fixe # 180 Go (178 Go libre(s) - 99%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Disque amovible # 4 Go (100 Mo libre(s) - 3%) [COURS FAC] # FAT32
W:\ -> Disque fixe # 12 Go (4 Go libre(s) - 30%) [BIOS_RVY] # NTFS

################## | Processus Stopp�s |

Stopp�! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1256 |ParentID: 652)
Stopp�! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4344 |ParentID: 3828)
Stopp�! C:\windows\explorer.exe (ID: 4636 |ParentID: 796)
Stopp�! C:\windows\System32\WUDFHost.exe (ID: 3536 |ParentID: 332)
Stopp�! C:\windows\System32\rundll32.exe (ID: 5708 |ParentID: 816)
Stopp�! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2796 |ParentID: 652)
Stopp�! C:\windows\system32\SearchIndexer.exe (ID: 6056 |ParentID: 652)
Stopp�! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 380 |ParentID: 652)
Stopp�! C:\windows\System32\spoolsv.exe (ID: 2680 |ParentID: 652)
Stopp�! C:\windows\SysWOW64\srvany.exe (ID: 1776 |ParentID: 652)
Stopp�! C:\windows\KMService.exe (ID: 1916 |ParentID: 1776)
Stopp�! C:\windows\system32\conhost.exe (ID: 5188 |ParentID: 552)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3300 |ParentID: 4636)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5984 |ParentID: 3300)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3176 |ParentID: 3300)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4040 |ParentID: 3300)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4456 |ParentID: 3300)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3488 |ParentID: 3300)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 948 |ParentID: 3300)
Stopp�! C:\windows\system32\DllHost.exe (ID: 5652 |ParentID: 816)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6096 |ParentID: 3300)
Stopp�! C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (ID: 5912 |ParentID: 652)
Stopp�! C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (ID: 5892 |ParentID: 652)
Stopp�! C:\windows\system32\taskeng.exe (ID: 1688 |ParentID: 448)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [MGSysCtrl] - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
04 - HKLM\SOFTWARE | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [MGSysCtrl] - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [ShowBatteryBar] - "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [cacaoweb] - "C:\Users\Etienne\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche g�n�rique |

Supprim�! H:\FOUND.000.lnk
Supprim�! H:\.fseventsd.lnk
Supprim�! H:\.Trashes.lnk
Supprim�! H:\Fac.lnk
Supprim�! H:\.Spotlight-V100.lnk
Supprim�! H:\.TemporaryItems.lnk
Supprim�! H:\Master 1 EEI.lnk
Supprim�! H:\Recherche Travail.lnk
Supprim�! H:\Voyage Juin 2011.lnk
Supprim�! H:\Tennis Elbow 2011.lnk
Supprim�! C:\Users\Etienne\AppData\Local\Temp\uttC4DA.tmp.exe
Supprim�! C:\Users\Etienne\AppData\Local\Temp\48871-80099-esf-database-convert.exe
Supprim�! C:\Users\Etienne\AppData\Local\Temp\7z920.exe
Supprim�! C:\Users\Etienne\AppData\Local\Temp\winzip1664_2_wrapped.exe
Non supprim� ! F:\SETUP.EXE
Non supprim� ! F:\autorun.inf
Supprim�! H:\Recycler\desktop.ini
Non supprim� ! F:\Updates

(!) Fichiers temporaires supprim�s.

################## | R�f�rence de comparaison MD5 |

Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:\Users\Etienne\AppData\Local\Temp\7z920.exe
Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> W:\imagex.exe

################## | Comparaison MD5 |

Supprim�! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERY\imagex.exe
Supprim�! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\imagex.exe
Supprim�! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\imagex.exe
Supprim�! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\RE_DRIVE\RECOVERY\imagex.exe
Supprim�! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\RE_DRIVE\RECOVERYCD_ISO\imagex.exe
Supprim�! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\imagex.exe
Supprim�! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> W:\imagex.exe

################## | Registre |

Supprim�! HKU\S-1-5-21-3183035398-3778654731-323455342-1000\Software\.\.\.\.\Mountpoints2\G
Supprim�! HKU\S-1-5-21-3183035398-3778654731-323455342-1000\Software\.\.\.\.\Mountpoints2\{ab327d49-117a-11e2-92eb-4061861f741f}

################## | Listing |

[24/02/2013 - 12:42:04 | SHD ] C:\$Recycle.Bin
[03/02/2010 - 14:52:40 | SHD ] C:\Boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[03/02/2010 - 14:52:41 | RASH | 8192] C:\BOOTSECT.BAK
[13/11/2013 - 23:06:34 | SHD ] C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[27/03/2011 - 13:51:23 | D ] C:\Games
[14/11/2013 - 15:42:35 | ASH | 3055693824] C:\hiberfil.sys
[16/03/2010 - 20:34:30 | D ] C:\Intel
[20/09/2013 - 20:41:25 | RHD ] C:\MSOCache
[14/11/2013 - 15:42:42 | ASH | 4073717760] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[20/09/2013 - 20:42:58 | D ] C:\Program Files
[12/10/2013 - 14:47:58 | D ] C:\Program Files (x86)
[20/09/2013 - 20:16:55 | HD ] C:\ProgramData
[14/11/2013 - 08:43:05 | SHD ] C:\System Volume Information
[20/08/2011 - 17:05:36 | D ] C:\temp
[14/11/2013 - 18:00:16 | D ] C:\UsbFix
[14/11/2013 - 18:00:40 | A | 8643] C:\UsbFix [Clean 2] ETIENNE-MSI.txt
[14/11/2013 - 17:23:36 | N | 11503] C:\UsbFix [Scan 1] ETIENNE-MSI.txt
[30/04/2011 - 18:52:36 | RD ] C:\Users
[10/11/2013 - 16:55:06 | D ] C:\Windows
[13/07/2010 - 17:24:58 | SHD ] D:\$RECYCLE.BIN
[13/02/2013 - 19:00:46 | D ] D:\2561bc63f066961c3283c7669027
[11/01/2012 - 17:42:32 | N | 466] D:\BIOS_RVY (W) - Raccourci.lnk
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 10134] D:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 118] D:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 1110] D:\globdata.ini
[07/11/2007 - 08:03:18 | N | 562688] D:\install.exe
[07/11/2007 - 08:00:40 | N | 843] D:\install.ini
[07/11/2007 - 08:03:18 | N | 76304] D:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 96272] D:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 91152] D:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 97296] D:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 95248] D:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 81424] D:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 79888] D:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 75792] D:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 96272] D:\install.res.3082.dll
[19/12/2010 - 12:02:53 | N | 472] D:\OS_Install (C) - Raccourci.lnk
[11/06/2012 - 22:20:59 | D ] D:\PFiles
[08/09/2010 - 14:04:33 | SHD ] D:\System Volume Information
[13/07/2010 - 17:15:47 | D ] D:\Utility
[07/11/2007 - 08:00:40 | N | 5686] D:\vcredist.bmp
[07/11/2007 - 08:09:22 | N | 1442522] D:\VC_RED.cab
[07/11/2007 - 08:12:28 | N | 232960] D:\VC_RED.MSI
[10/10/2010 - 11:54:44 | RD ] F:\Standard.WW
[10/10/2010 - 11:54:44 | RD ] F:\Updates
[10/10/2010 - 11:54:46 | RD ] F:\Visio.it-it
[10/10/2010 - 11:54:51 | RD ] F:\Visio.WW
[10/10/2010 - 11:54:54 | RD ] F:\Word.it-it
[10/10/2010 - 11:55:02 | RD ] F:\Word.WW
[10/05/2010 - 09:02:52 | R | 176] F:\autorun.inf
[27/03/2010 - 23:44:40 | R | 1997] F:\README.HTM
[12/03/2010 - 03:28:59 | R | 1100664] F:\setup.exe
[10/10/2010 - 11:55:03 | RD ] F:\Access.it-it
[10/10/2010 - 11:55:12 | RD ] F:\Access.WW
[10/10/2010 - 11:55:12 | RD ] F:\Admin
[10/10/2010 - 11:55:12 | RD ] F:\Catalog
[10/10/2010 - 12:06:34 | RD ] F:\Crack
[10/10/2010 - 11:55:14 | RD ] F:\Excel.it-it
[10/10/2010 - 11:55:20 | RD ] F:\Excel.WW
[10/10/2010 - 11:55:21 | RD ] F:\Groove.it-it
[10/10/2010 - 11:55:28 | RD ] F:\Groove.WW
[10/10/2010 - 11:55:30 | RD ] F:\InfoPath.it-it
[10/10/2010 - 11:55:37 | RD ] F:\InfoPath.WW
[10/10/2010 - 11:55:38 | RD ] F:\Office.it-it
[10/10/2010 - 11:55:39 | RD ] F:\Office64.it-it
[10/10/2010 - 11:55:39 | RD ] F:\OneNote.it-it
[10/10/2010 - 11:55:44 | RD ] F:\OneNote.WW
[10/10/2010 - 11:55:45 | RD ] F:\Outlook.it-it
[10/10/2010 - 11:55:52 | RD ] F:\Outlook.WW
[10/10/2010 - 11:55:54 | RD ] F:\PowerPoint.it-it
[10/10/2010 - 11:56:01 | RD ] F:\PowerPoint.WW
[10/10/2010 - 11:56:08 | RD ] F:\PrjPro.WW
[10/10/2010 - 11:56:14 | RD ] F:\PrjStd.WW
[10/10/2010 - 11:56:14 | RD ] F:\Project.it-it
[10/10/2010 - 11:56:17 | RD ] F:\Proofing.it-it
[10/10/2010 - 11:56:31 | RD ] F:\ProPlus.WW
[10/10/2010 - 11:56:32 | RD ] F:\Publisher.it-it
[10/10/2010 - 11:56:40 | RD ] F:\Publisher.WW
[10/10/2010 - 11:54:38 | RD ] F:\Rosebud.it-it
[13/11/2013 - 09:25:14 | N | 821295] H:\Diaporama expos� anglais.pptx
[17/03/2011 - 13:57:02 | AH | 4096] H:\._.Trashes
[29/09/2011 - 13:32:26 | D ] H:\FOUND.000
[02/04/2013 - 14:17:58 | D ] H:\.fseventsd
[13/11/2013 - 15:42:10 | HD ] H:\recycler
[17/03/2011 - 13:57:02 | SHD ] H:\.Trashes
[17/03/2011 - 13:57:02 | SHD ] H:\.Spotlight-V100
[17/03/2011 - 13:57:44 | SHD ] H:\.TemporaryItems
[17/03/2011 - 13:57:44 | AH | 4096] H:\._.TemporaryItems
[12/11/2013 - 11:51:04 | N | 18225] H:\Doc expos� anglais.docx
[06/05/2011 - 17:45:02 | N | 4096] H:\._projet �t� 2011.rtf
[25/09/2013 - 13:38:22 | D ] H:\Fac
[16/10/2012 - 10:34:50 | N | 264] H:\.apdisk
[16/10/2012 - 10:35:06 | N | 4096] H:\._TD m�di�val.docx
[01/11/2013 - 15:10:26 | N | 24064] H:\Lettre de d�mission Sodebo.doc
[09/10/2013 - 14:32:08 | D ] H:\Master 1 EEI
[29/01/2013 - 13:04:02 | N | 4096] H:\._CM Initiation � la recherche contemporaine.docx
[14/08/2009 - 11:48:48 | RASH | 1405440] H:\Thumbs.db
[13/11/2013 - 15:51:56 | N | 127] H:\.~lock.Diaporama expos� anglais.pptx#
[14/11/2013 - 16:49:46 | N | 1636827136] H:\ReadyBoost.sfcache
[14/05/2010 - 13:25:56 | D ] H:\Recherche Travail
[12/03/2011 - 15:24:36 | D ] H:\Voyage Juin 2011
[16/05/2011 - 14:30:52 | D ] H:\Tennis Elbow 2011
[14/07/2010 - 22:10:30 | SHD ] W:\$RECYCLE.BIN
[10/11/2009 - 00:05:55 | AD ] W:\BOOT
[13/07/2009 - 11:39:00 | A | 383562] W:\BOOTMGR
[13/07/2009 - 11:45:48 | N | 667712] W:\BOOTMGR.EFI
[25/09/2009 - 00:03:49 | D ] W:\EFI
[08/09/2009 - 22:56:00 | N | 275968] W:\LaunchReMgr.exe
[22/01/2010 - 02:28:21 | N | 41860] W:\MULTIRM.INI
[13/07/2010 - 17:09:35 | D ] W:\Recovery
[30/10/2009 - 22:31:44 | N | 2544640] W:\RecoveryManager.exe
[25/09/2009 - 00:03:55 | AD ] W:\SOURCES
[10/11/2013 - 19:00:38 | SHD ] W:\System Volume Information

################## | Vaccin |

H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité