Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.152 | [Suppression]
Utilisateur: Mino (Administrateur) # RAHERIMANDIMBY
Mis � jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 23:14:16 | 29/12/2013
Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (1849)
CPU: AMD A4-4300M APU with Radeon(tm) HD Graphics
RAM -> [Total : 3554 | Free : 1397]
Bios: Insyde
Boot: Normal boot
OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: AVG AntiVirus 2014 [Enabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 911 Go (769 Go libre(s) - 84%) [] # NTFS
D:\ -> Disque fixe # 19 Go (2 Go libre(s) - 12%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (88 Mo libre(s) - 1%) [USB DISK] # FAT32
################## | Processus Stopp�s |
Stopp�! C:\PROGRA~2\AVG\AVG2014\avgrsa.exe (ID: 452 |ParentID: 436)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 488 |ParentID: 452)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (ID: 1944 |ParentID: 852)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID: 1976 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (ID: 2080 |ParentID: 852)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (ID: 2396 |ParentID: 1976)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (ID: 2424 |ParentID: 1976)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 5716 |ParentID: 2396)
Stopp�! C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (ID: 6776 |ParentID: 2080)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID: 7828 |ParentID: 9280)
Stopp�! C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID: 8636 |ParentID: 852)
Stopp�! C:\WINDOWS\system32\dashost.exe (ID: 9068 |ParentID: 1148)
Stopp�! C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 10236 |ParentID: 852)
Stopp�! C:\WINDOWS\explorer.exe (ID: 4140 |ParentID: 3344)
Stopp�! C:\Windows\System32\WUDFHost.exe (ID: 4672 |ParentID: 1148)
Stopp�! C:\WINDOWS\system32\DllHost.exe (ID: 6980 |ParentID: 964)
Stopp�! C:\WINDOWS\System32\spoolsv.exe (ID: 8684 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Storimbo\updateStorimbo.exe (ID: 9924 |ParentID: 852)
Stopp�! C:\WINDOWS\system32\SearchIndexer.exe (ID: 5760 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Storimbo\bin\utilStorimbo.exe (ID: 4968 |ParentID: 852)
Stopp�! C:\WINDOWS\system32\dashost.exe (ID: 880 |ParentID: 1148)
Stopp�! C:\Windows\System32\skydrive.exe (ID: 7596 |ParentID: 964)
Stopp�! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 9928 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID: 10112 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 8996 |ParentID: 852)
Stopp�! C:\WINDOWS\splwow64.exe (ID: 4260 |ParentID: 9468)
Stopp�! C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (ID: 3488 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (ID: 10016 |ParentID: 3488)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6032 |ParentID: 4248)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7304 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3176 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2504 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2664 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2680 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2148 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2260 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4876 |ParentID: 6032)
Stopp�! C:\Windows\System32\SettingSyncHost.exe (ID: 9516 |ParentID: 964)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7136 |ParentID: 6032)
Stopp�! C:\WINDOWS\system32\SearchProtocolHost.exe (ID: 7876 |ParentID: 5760)
Stopp�! C:\WINDOWS\system32\SearchFilterHost.exe (ID: 1500 |ParentID: 5760)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_63] -
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_59] -
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\44047ec6-1fe1-42af-a36e-5ad72db27fe6.exe /check
04 - HKLM\SOFTWARE | Run : [InboxToolbar] - "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE | Run : [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
04 - HKLM\SOFTWARE\wow6432Node | Run : [tuto4pc_fr_63] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [tuto4pc_fr_59] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\44047ec6-1fe1-42af-a36e-5ad72db27fe6.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [InboxToolbar] - "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [SearchProtect] - C:\Users\olivi_000\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\olivi_000\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\olivi_000\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [SSync] - "C:\Users\olivi_000\AppData\Roaming\SSync\SSync.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [DataMgr] - "C:\Users\olivi_000\AppData\Roaming\DataMgr\DataMgr.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [OMESupervisor] - C:\Users\olivi_000\AppData\Local\omesuperv.exe
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [cacaoweb] - "C:\Users\olivi_000\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [SCheck] - "C:\Users\olivi_000\AppData\Roaming\SCheck\SCheck.exe" check
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [Snoozer] - "C:\Users\olivi_000\AppData\Roaming\Snz\Snz.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [Intermediate] - "C:\Users\olivi_000\AppData\Roaming\Intermediate\Intermediate.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-501\SOFTWARE | RunOnce : [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade
################## | Recherche g�n�rique |
Supprim�! F:\cube.lnk
Supprim�! F:\cube_-_divx_francais.lnk
Supprim�! F:\Colombiana.lnk
Supprim�! F:\el.lnk
Supprim�! F:\.Spotlight-V100.lnk
Supprim�! F:\Cours olivier.lnk
Supprim�! F:\.lnk
Supprim�! F:\Partie IV et V.lnk
(!) Fichiers temporaires supprim�s.
################## | Registre |
################## | Listing |
[20/12/2013 - 10:18:37 | D ] C:\$AVG
[11/12/2013 - 19:40:42 | SHD ] C:\$Recycle.Bin
[03/12/2013 - 20:22:53 | D ] C:\avast! sandbox
[04/08/2012 - 00:21:36 | SHD ] C:\Boot
[26/07/2012 - 04:44:30 | RASH | 398156] C:\bootmgr
[18/06/2013 - 13:18:29 | N | 1] C:\BOOTNXT
[04/08/2012 - 00:21:37 | RASH | 8192] C:\BOOTSECT.BAK
[22/08/2013 - 15:45:52 | SHD ] C:\Documents and Settings
[14/11/2013 - 16:32:51 | N | 0] C:\end
[01/11/2013 - 13:11:37 | N | 0] C:\extensions.sqlite
[27/12/2013 - 22:32:28 | ASH | 2981527552] C:\hiberfil.sys
[12/09/2013 - 12:33:20 | D ] C:\HP
[30/10/2013 - 01:07:57 | D ] C:\inetpub
[27/12/2013 - 22:32:28 | ASH | 1275068416] C:\pagefile.sys
[22/08/2013 - 16:22:35 | D ] C:\PerfLogs
[24/12/2013 - 17:22:51 | D ] C:\Program Files
[26/12/2013 - 13:50:24 | D ] C:\Program Files (x86)
[26/12/2013 - 13:50:10 | HD ] C:\ProgramData
[30/10/2013 - 01:13:38 | SHD ] C:\Recovery
[09/09/2013 - 13:56:00 | D ] C:\sources
[27/12/2013 - 22:32:28 | ASH | 268435456] C:\swapfile.sys
[23/11/2013 - 21:05:08 | D ] C:\SWSetup
[28/12/2013 - 16:05:24 | SHD ] C:\System Volume Information
[09/09/2013 - 13:33:11 | D ] C:\SYSTEM.SAV
[29/12/2013 - 23:15:16 | D ] C:\UsbFix
[26/11/2013 - 22:39:58 | N | 14533] C:\UsbFix [Clean 2] RAHERIMANDIMBY.txt
[29/12/2013 - 23:15:31 | A | 12055] C:\UsbFix [Clean 4] RAHERIMANDIMBY.txt
[22/11/2013 - 09:37:46 | N | 5144] C:\UsbFix [Listing 1 ] RAHERIMANDIMBY.txt
[26/11/2013 - 21:56:12 | N | 5483] C:\UsbFix [Listing 2 ] RAHERIMANDIMBY.txt
[22/11/2013 - 09:19:11 | N | 10505] C:\UsbFix [Scan 1] RAHERIMANDIMBY.txt
[22/11/2013 - 09:27:07 | N | 8573] C:\UsbFix [Scan 2] RAHERIMANDIMBY.txt
[22/11/2013 - 09:36:48 | N | 10081] C:\UsbFix [Scan 3] RAHERIMANDIMBY.txt
[25/11/2013 - 15:37:07 | N | 14254] C:\UsbFix [Scan 4] RAHERIMANDIMBY.txt
[26/11/2013 - 22:08:47 | N | 14842] C:\UsbFix [Scan 5] RAHERIMANDIMBY.txt
[29/12/2013 - 23:04:04 | N | 13385] C:\UsbFix [Scan 6] RAHERIMANDIMBY.txt
[24/12/2013 - 12:28:57 | RD ] C:\Users
[03/12/2013 - 20:22:56 | D ] C:\Windows
[28/09/2013 - 21:02:07 | N | 3312] C:\{44A8999B-98AE-4463-B5D3-418C8F283258}
[24/09/2013 - 12:16:21 | N | 2624] C:\{DE0C8685-92B4-4E37-93CB-8CE81473BA0F}
[12/09/2013 - 19:22:21 | SHD ] D:\$RECYCLE.BIN
[09/09/2013 - 13:06:37 | RSHD ] D:\boot
[26/07/2012 - 04:44:32 | RASH | 398156] D:\bootmgr
[26/07/2012 - 05:57:10 | N | 1350896] D:\bootmgr.efi
[09/09/2013 - 13:06:37 | D ] D:\EFI
[09/09/2013 - 13:06:37 | D ] D:\FactoryUpdate
[09/09/2013 - 13:06:37 | D ] D:\hp
[09/09/2013 - 13:06:43 | RSHD ] D:\preload
[02/11/2013 - 13:27:18 | RSD ] D:\recovery
[09/09/2013 - 13:06:37 | D ] D:\RM_Reserve
[11/11/2013 - 01:20:22 | SHD ] D:\System Volume Information
[13/12/2013 - 13:36:04 | SH | 4096] F:\._.Trashes
[16/12/2013 - 14:55:10 | D ] F:\alvin
[13/12/2013 - 13:36:04 | SHD ] F:\.Trashes
[20/12/2013 - 15:11:20 | D ] F:\.fseventsd
[13/12/2013 - 13:36:06 | SHD ] F:\.Spotlight-V100
[12/12/2013 - 21:00:08 | N | 49026] F:\Partie IV et V.odt
[20/12/2013 - 15:12:38 | N | 1006838] F:\Rapport de stage prospection.odt
[29/12/2013 - 21:49:44 | D ] F:\$AVG
[20/12/2013 - 17:01:10 | N | 18573] F:\Q5 rapport de stage.odt
[20/11/2012 - 00:53:16 | N | 379266465] F:\Lottery.Ticket.2010.FRENCH.Streaming4iphone.mp4
[10/09/2012 - 23:46:12 | N | 398658601] F:\Mad.Money.2008.FRENCH.streaming4iphone.fr.mp4
[22/08/2012 - 19:42:04 | N | 437732192] F:\Pourquoi.Je.Me.Suis.Marie.By.PsPGunz.mp4
[30/09/2011 - 15:22:14 | N | 734263296] F:\Rio.2011.French.Subforced.Brrip.Xvid-Fwd.[emule-island.ru].avi
[05/01/2010 - 18:20:44 | N | 404921249] F:\Slumdog.Millionaire.FRENCHe psp.mp4
[19/04/2011 - 01:35:10 | N | 732807168] F:\Tangled.FRENCH.DVDRip.XviD-AYMO.MORPH.[emule-island.com].avi
[22/08/2012 - 16:47:36 | N | 467877350] F:\Think.Like.a.Man.2012.FRENCH.BRrip.ByS4i.Mp4
[12/02/2005 - 13:52:36 | N | 734001152] F:\Le.Cercle.avi
[21/11/2007 - 00:20:02 | N | 734093312] F:\28.Weeks.Later.FRENCH.DVDRiP.XviD-iD.avi
[01/03/2013 - 15:59:38 | N | 84247034] F:\90210.S05E15.FASTSUB.VOSTFR.HDTV.ByS4i.mp4
[08/04/2013 - 13:33:20 | D ] F:\SphinxME
[02/11/2013 - 13:28:58 | SHD ] F:\System Volume Information
[02/12/2013 - 15:58:06 | D ] F:\Cours olivier
[28/09/2007 - 19:12:10 | N | 724729508] F:\cube.2.french.dvdrip.avi
[28/09/2007 - 11:07:52 | N | 717373440] F:\cube_-_divx_francais.avi
[22/08/2012 - 21:45:42 | N | 395263990] F:\Colombiana.By.PsPGunz.mp4
[28/11/2013 - 23:17:14 | D ] F:\ccf2 es
[17/12/2012 - 21:14:06 | N | 759900160] F:\el.b.avi
[20/12/2013 - 13:43:32 | N | 33280] F:\Pr�conisation personnelle Word.doc
[20/12/2013 - 13:17:50 | N | 24662] F:\Pr�conisation personnelle.docx
################## | Vaccin |
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: Mino (Administrateur) # RAHERIMANDIMBY
Mis � jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 23:14:16 | 29/12/2013
Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (1849)
CPU: AMD A4-4300M APU with Radeon(tm) HD Graphics
RAM -> [Total : 3554 | Free : 1397]
Bios: Insyde
Boot: Normal boot
OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: AVG AntiVirus 2014 [Enabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 911 Go (769 Go libre(s) - 84%) [] # NTFS
D:\ -> Disque fixe # 19 Go (2 Go libre(s) - 12%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (88 Mo libre(s) - 1%) [USB DISK] # FAT32
################## | Processus Stopp�s |
Stopp�! C:\PROGRA~2\AVG\AVG2014\avgrsa.exe (ID: 452 |ParentID: 436)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 488 |ParentID: 452)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (ID: 1944 |ParentID: 852)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID: 1976 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (ID: 2080 |ParentID: 852)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (ID: 2396 |ParentID: 1976)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (ID: 2424 |ParentID: 1976)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 5716 |ParentID: 2396)
Stopp�! C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe (ID: 6776 |ParentID: 2080)
Stopp�! C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID: 7828 |ParentID: 9280)
Stopp�! C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID: 8636 |ParentID: 852)
Stopp�! C:\WINDOWS\system32\dashost.exe (ID: 9068 |ParentID: 1148)
Stopp�! C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 10236 |ParentID: 852)
Stopp�! C:\WINDOWS\explorer.exe (ID: 4140 |ParentID: 3344)
Stopp�! C:\Windows\System32\WUDFHost.exe (ID: 4672 |ParentID: 1148)
Stopp�! C:\WINDOWS\system32\DllHost.exe (ID: 6980 |ParentID: 964)
Stopp�! C:\WINDOWS\System32\spoolsv.exe (ID: 8684 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Storimbo\updateStorimbo.exe (ID: 9924 |ParentID: 852)
Stopp�! C:\WINDOWS\system32\SearchIndexer.exe (ID: 5760 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Storimbo\bin\utilStorimbo.exe (ID: 4968 |ParentID: 852)
Stopp�! C:\WINDOWS\system32\dashost.exe (ID: 880 |ParentID: 1148)
Stopp�! C:\Windows\System32\skydrive.exe (ID: 7596 |ParentID: 964)
Stopp�! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 9928 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID: 10112 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 8996 |ParentID: 852)
Stopp�! C:\WINDOWS\splwow64.exe (ID: 4260 |ParentID: 9468)
Stopp�! C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (ID: 3488 |ParentID: 852)
Stopp�! C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (ID: 10016 |ParentID: 3488)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6032 |ParentID: 4248)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7304 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3176 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2504 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2664 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2680 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2148 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2260 |ParentID: 6032)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4876 |ParentID: 6032)
Stopp�! C:\Windows\System32\SettingSyncHost.exe (ID: 9516 |ParentID: 964)
Stopp�! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7136 |ParentID: 6032)
Stopp�! C:\WINDOWS\system32\SearchProtocolHost.exe (ID: 7876 |ParentID: 5760)
Stopp�! C:\WINDOWS\system32\SearchFilterHost.exe (ID: 1500 |ParentID: 5760)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_63] -
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_59] -
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\44047ec6-1fe1-42af-a36e-5ad72db27fe6.exe /check
04 - HKLM\SOFTWARE | Run : [InboxToolbar] - "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE | Run : [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
04 - HKLM\SOFTWARE\wow6432Node | Run : [tuto4pc_fr_63] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [tuto4pc_fr_59] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\44047ec6-1fe1-42af-a36e-5ad72db27fe6.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [InboxToolbar] - "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [SearchProtect] - C:\Users\olivi_000\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\olivi_000\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\olivi_000\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [SSync] - "C:\Users\olivi_000\AppData\Roaming\SSync\SSync.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [DataMgr] - "C:\Users\olivi_000\AppData\Roaming\DataMgr\DataMgr.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [OMESupervisor] - C:\Users\olivi_000\AppData\Local\omesuperv.exe
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [cacaoweb] - "C:\Users\olivi_000\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [SCheck] - "C:\Users\olivi_000\AppData\Roaming\SCheck\SCheck.exe" check
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [Snoozer] - "C:\Users\olivi_000\AppData\Roaming\Snz\Snz.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-1004\SOFTWARE | Run : [Intermediate] - "C:\Users\olivi_000\AppData\Roaming\Intermediate\Intermediate.exe"
04 - HKU\S-1-5-21-934516262-1839791399-2721855277-501\SOFTWARE | RunOnce : [WAB Migrate] - %ProgramFiles%\Windows Mail\wab.exe /Upgrade
################## | Recherche g�n�rique |
Supprim�! F:\cube.lnk
Supprim�! F:\cube_-_divx_francais.lnk
Supprim�! F:\Colombiana.lnk
Supprim�! F:\el.lnk
Supprim�! F:\.Spotlight-V100.lnk
Supprim�! F:\Cours olivier.lnk
Supprim�! F:\.lnk
Supprim�! F:\Partie IV et V.lnk
(!) Fichiers temporaires supprim�s.
################## | Registre |
################## | Listing |
[20/12/2013 - 10:18:37 | D ] C:\$AVG
[11/12/2013 - 19:40:42 | SHD ] C:\$Recycle.Bin
[03/12/2013 - 20:22:53 | D ] C:\avast! sandbox
[04/08/2012 - 00:21:36 | SHD ] C:\Boot
[26/07/2012 - 04:44:30 | RASH | 398156] C:\bootmgr
[18/06/2013 - 13:18:29 | N | 1] C:\BOOTNXT
[04/08/2012 - 00:21:37 | RASH | 8192] C:\BOOTSECT.BAK
[22/08/2013 - 15:45:52 | SHD ] C:\Documents and Settings
[14/11/2013 - 16:32:51 | N | 0] C:\end
[01/11/2013 - 13:11:37 | N | 0] C:\extensions.sqlite
[27/12/2013 - 22:32:28 | ASH | 2981527552] C:\hiberfil.sys
[12/09/2013 - 12:33:20 | D ] C:\HP
[30/10/2013 - 01:07:57 | D ] C:\inetpub
[27/12/2013 - 22:32:28 | ASH | 1275068416] C:\pagefile.sys
[22/08/2013 - 16:22:35 | D ] C:\PerfLogs
[24/12/2013 - 17:22:51 | D ] C:\Program Files
[26/12/2013 - 13:50:24 | D ] C:\Program Files (x86)
[26/12/2013 - 13:50:10 | HD ] C:\ProgramData
[30/10/2013 - 01:13:38 | SHD ] C:\Recovery
[09/09/2013 - 13:56:00 | D ] C:\sources
[27/12/2013 - 22:32:28 | ASH | 268435456] C:\swapfile.sys
[23/11/2013 - 21:05:08 | D ] C:\SWSetup
[28/12/2013 - 16:05:24 | SHD ] C:\System Volume Information
[09/09/2013 - 13:33:11 | D ] C:\SYSTEM.SAV
[29/12/2013 - 23:15:16 | D ] C:\UsbFix
[26/11/2013 - 22:39:58 | N | 14533] C:\UsbFix [Clean 2] RAHERIMANDIMBY.txt
[29/12/2013 - 23:15:31 | A | 12055] C:\UsbFix [Clean 4] RAHERIMANDIMBY.txt
[22/11/2013 - 09:37:46 | N | 5144] C:\UsbFix [Listing 1 ] RAHERIMANDIMBY.txt
[26/11/2013 - 21:56:12 | N | 5483] C:\UsbFix [Listing 2 ] RAHERIMANDIMBY.txt
[22/11/2013 - 09:19:11 | N | 10505] C:\UsbFix [Scan 1] RAHERIMANDIMBY.txt
[22/11/2013 - 09:27:07 | N | 8573] C:\UsbFix [Scan 2] RAHERIMANDIMBY.txt
[22/11/2013 - 09:36:48 | N | 10081] C:\UsbFix [Scan 3] RAHERIMANDIMBY.txt
[25/11/2013 - 15:37:07 | N | 14254] C:\UsbFix [Scan 4] RAHERIMANDIMBY.txt
[26/11/2013 - 22:08:47 | N | 14842] C:\UsbFix [Scan 5] RAHERIMANDIMBY.txt
[29/12/2013 - 23:04:04 | N | 13385] C:\UsbFix [Scan 6] RAHERIMANDIMBY.txt
[24/12/2013 - 12:28:57 | RD ] C:\Users
[03/12/2013 - 20:22:56 | D ] C:\Windows
[28/09/2013 - 21:02:07 | N | 3312] C:\{44A8999B-98AE-4463-B5D3-418C8F283258}
[24/09/2013 - 12:16:21 | N | 2624] C:\{DE0C8685-92B4-4E37-93CB-8CE81473BA0F}
[12/09/2013 - 19:22:21 | SHD ] D:\$RECYCLE.BIN
[09/09/2013 - 13:06:37 | RSHD ] D:\boot
[26/07/2012 - 04:44:32 | RASH | 398156] D:\bootmgr
[26/07/2012 - 05:57:10 | N | 1350896] D:\bootmgr.efi
[09/09/2013 - 13:06:37 | D ] D:\EFI
[09/09/2013 - 13:06:37 | D ] D:\FactoryUpdate
[09/09/2013 - 13:06:37 | D ] D:\hp
[09/09/2013 - 13:06:43 | RSHD ] D:\preload
[02/11/2013 - 13:27:18 | RSD ] D:\recovery
[09/09/2013 - 13:06:37 | D ] D:\RM_Reserve
[11/11/2013 - 01:20:22 | SHD ] D:\System Volume Information
[13/12/2013 - 13:36:04 | SH | 4096] F:\._.Trashes
[16/12/2013 - 14:55:10 | D ] F:\alvin
[13/12/2013 - 13:36:04 | SHD ] F:\.Trashes
[20/12/2013 - 15:11:20 | D ] F:\.fseventsd
[13/12/2013 - 13:36:06 | SHD ] F:\.Spotlight-V100
[12/12/2013 - 21:00:08 | N | 49026] F:\Partie IV et V.odt
[20/12/2013 - 15:12:38 | N | 1006838] F:\Rapport de stage prospection.odt
[29/12/2013 - 21:49:44 | D ] F:\$AVG
[20/12/2013 - 17:01:10 | N | 18573] F:\Q5 rapport de stage.odt
[20/11/2012 - 00:53:16 | N | 379266465] F:\Lottery.Ticket.2010.FRENCH.Streaming4iphone.mp4
[10/09/2012 - 23:46:12 | N | 398658601] F:\Mad.Money.2008.FRENCH.streaming4iphone.fr.mp4
[22/08/2012 - 19:42:04 | N | 437732192] F:\Pourquoi.Je.Me.Suis.Marie.By.PsPGunz.mp4
[30/09/2011 - 15:22:14 | N | 734263296] F:\Rio.2011.French.Subforced.Brrip.Xvid-Fwd.[emule-island.ru].avi
[05/01/2010 - 18:20:44 | N | 404921249] F:\Slumdog.Millionaire.FRENCHe psp.mp4
[19/04/2011 - 01:35:10 | N | 732807168] F:\Tangled.FRENCH.DVDRip.XviD-AYMO.MORPH.[emule-island.com].avi
[22/08/2012 - 16:47:36 | N | 467877350] F:\Think.Like.a.Man.2012.FRENCH.BRrip.ByS4i.Mp4
[12/02/2005 - 13:52:36 | N | 734001152] F:\Le.Cercle.avi
[21/11/2007 - 00:20:02 | N | 734093312] F:\28.Weeks.Later.FRENCH.DVDRiP.XviD-iD.avi
[01/03/2013 - 15:59:38 | N | 84247034] F:\90210.S05E15.FASTSUB.VOSTFR.HDTV.ByS4i.mp4
[08/04/2013 - 13:33:20 | D ] F:\SphinxME
[02/11/2013 - 13:28:58 | SHD ] F:\System Volume Information
[02/12/2013 - 15:58:06 | D ] F:\Cours olivier
[28/09/2007 - 19:12:10 | N | 724729508] F:\cube.2.french.dvdrip.avi
[28/09/2007 - 11:07:52 | N | 717373440] F:\cube_-_divx_francais.avi
[22/08/2012 - 21:45:42 | N | 395263990] F:\Colombiana.By.PsPGunz.mp4
[28/11/2013 - 23:17:14 | D ] F:\ccf2 es
[17/12/2012 - 21:14:06 | N | 759900160] F:\el.b.avi
[20/12/2013 - 13:43:32 | N | 33280] F:\Pr�conisation personnelle Word.doc
[20/12/2013 - 13:17:50 | N | 24662] F:\Pr�conisation personnelle.docx
################## | Vaccin |
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |