- lun. 19 mai 2014 05:31#147647
############################## | UsbFix V 7.171 | [Recherche]
Utilisateur: iyed (Administrateur) # TAHAR
Mis à jour le 18/05/2014 par El Desaparecido - SosVirus
Lancé à 04:26:38 | 19/05/2014
Site Web :
Changelog :
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact :
PC: Dell Inc. (0TFXK9)
CPU: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
RAM -> [Total : 3036 Mo| Free : 2172 Mo]
Bios: Dell Inc.
Boot: Normal boot
OS: Microsoft Windows 8 Professionnel (6.2.9200 32-Bit)
WB: Windows Internet Explorer : 10.0.9200.16897
WB: Google Chrome : 34.0.1847.131
WB: Mozilla Firefox : 29.0.1
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Windows Defender [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%SystemDrive%) -> Disque fixe # 98 Go (25 Go libre(s) - 26%) [] # NTFS
D:\ -> Disque fixe # 200 Go (119 Go libre(s) - 59%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (1 Go libre(s) - 58%) [TAHERGRASSI] # FAT32
################## | Processus Actif |
C:\Windows\System32\smss.exe (ID: 288|ParentID: 4|Système)
C:\Windows\System32\wininit.exe (ID: 496|ParentID: 400)
C:\Windows\System32\services.exe (ID: 564|ParentID: 496)
C:\Windows\System32\winlogon.exe (ID: 592|ParentID: 488)
C:\Windows\System32\lsass.exe (ID: 600|ParentID: 496)
C:\Windows\System32\svchost.exe (ID: 704|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 744|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 804|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 928|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 948|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 984|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1216|ParentID: 564)
C:\Windows\System32\spoolsv.exe (ID: 1536|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1564|ParentID: 564)
C:\Windows\System32\AdminService.exe (ID: 1708|ParentID: 564)
C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1756|ParentID: 564)
C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1876|ParentID: 1756)
C:\Program Files\SoftwareUpdater\UpdaterService.exe (ID: 1956|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 2044|ParentID: 564)
C:\Users\iyed\AppData\Local\Torch\Update\TorchCrashHandler.exe (ID: 492|ParentID: 564)
C:\Program Files\Windows Defender\MsMpEng.exe (ID: 760|ParentID: 564)
C:\Windows\System32\taskhostex.exe (ID: 576|ParentID: 564|Aucun)
C:\Windows\explorer.exe (ID: 1740|ParentID: 1456|Aucun)
C:\Windows\System32\svchost.exe (ID: 2928|ParentID: 564)
C:\Windows\System32\SearchIndexer.exe (ID: 2968|ParentID: 564)
C:\Program Files\DivX\DivX Update\DivXUpdate.exe (ID: 3756|ParentID: 1740|Aucun)
C:\Users\iyed\AppData\Local\FilesFrog Update Checker\update_checker.exe (ID: 3980|ParentID: 564|Aucun)
C:\Users\iyed\AppData\Local\Apps\2.0\JBW9VEAD.962\5Q46QRY0.MP7\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (ID: 3988|ParentID: 3864|Aucun)
C:\Program Files\Dell Digital Delivery\DeliveryService.exe (ID: 3716|ParentID: 564)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1332|ParentID: 564)
C:\Windows\System32\taskeng.exe (ID: 3152|ParentID: 948)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 1964|ParentID: 1740|Aucun)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 2772|ParentID: 1964|Aucun)
C:\Windows\System32\audiodg.exe (ID: 2784|ParentID: 804)
C:\UsbFix\UsbFix.exe (ID: 3680|ParentID: 2480|Aucun)
################## | Autorun |
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [Facebook Update] "C:\Users\iyed\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [uTorrent] "C:\Users\iyed\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\iyed\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
04 - HKCU\..\Run : [UpdateChecker] C:\Users\iyed\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
04 - HKCU\..\Run : [DellSystemDetect] C:\Users\iyed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
04 - HKCU\..\Run : [iLivid] "C:\Users\iyed\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKCU\..\Run : [ACEStream] C:\Users\iyed\AppData\Roaming\ACEStream\engine\ace_engine.exe
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKLM\..\Run : [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
04 - HKLM\..\RunOnce : [network_pubdirecte_1] "C:\Users\iyed\AppData\Local\Temp\BI_RunOnce.exe" /initurl :? /affid "-" /id "0" /name " " /uniqid N8NpZ9zWy /uuid 4C4C4544-0053-3810-8032-CAC04F515131 /biosserial JS82QQ1 /biosversion DELL - 27da0b1a /csname Vostro 1015
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [Facebook Update] "C:\Users\iyed\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [uTorrent] "C:\Users\iyed\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\iyed\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [UpdateChecker] C:\Users\iyed\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [DellSystemDetect] C:\Users\iyed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [iLivid] "C:\Users\iyed\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [ACEStream] C:\Users\iyed\AppData\Roaming\ACEStream\engine\ace_engine.exe
################## | Recherche générique |
Présent! D:\avast! Free Antivirus.lnk
Présent! D:\CrystalDiskInfo.lnk
Présent! D:\WinZip.lnk
Présent! F:\TAHERGRASSI (2GB).lnk
Présent! F:\128_Derniere_Danse_-_Indila_(Mashup_R)_(2014)_[_à‚¡_Daniel_Dj_!_]_-_sc_kiwimp3.lnk
################## | Registre |
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
################## | E.O.F | https://www.sosvirus.net/ | |
Utilisateur: iyed (Administrateur) # TAHAR
Mis à jour le 18/05/2014 par El Desaparecido - SosVirus
Lancé à 04:26:38 | 19/05/2014
Site Web :
Changelog :
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact :
PC: Dell Inc. (0TFXK9)
CPU: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
RAM -> [Total : 3036 Mo| Free : 2172 Mo]
Bios: Dell Inc.
Boot: Normal boot
OS: Microsoft Windows 8 Professionnel (6.2.9200 32-Bit)
WB: Windows Internet Explorer : 10.0.9200.16897
WB: Google Chrome : 34.0.1847.131
WB: Mozilla Firefox : 29.0.1
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Windows Defender [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%SystemDrive%) -> Disque fixe # 98 Go (25 Go libre(s) - 26%) [] # NTFS
D:\ -> Disque fixe # 200 Go (119 Go libre(s) - 59%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (1 Go libre(s) - 58%) [TAHERGRASSI] # FAT32
################## | Processus Actif |
C:\Windows\System32\smss.exe (ID: 288|ParentID: 4|Système)
C:\Windows\System32\wininit.exe (ID: 496|ParentID: 400)
C:\Windows\System32\services.exe (ID: 564|ParentID: 496)
C:\Windows\System32\winlogon.exe (ID: 592|ParentID: 488)
C:\Windows\System32\lsass.exe (ID: 600|ParentID: 496)
C:\Windows\System32\svchost.exe (ID: 704|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 744|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 804|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 928|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 948|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 984|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1216|ParentID: 564)
C:\Windows\System32\spoolsv.exe (ID: 1536|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1564|ParentID: 564)
C:\Windows\System32\AdminService.exe (ID: 1708|ParentID: 564)
C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1756|ParentID: 564)
C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1876|ParentID: 1756)
C:\Program Files\SoftwareUpdater\UpdaterService.exe (ID: 1956|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 2044|ParentID: 564)
C:\Users\iyed\AppData\Local\Torch\Update\TorchCrashHandler.exe (ID: 492|ParentID: 564)
C:\Program Files\Windows Defender\MsMpEng.exe (ID: 760|ParentID: 564)
C:\Windows\System32\taskhostex.exe (ID: 576|ParentID: 564|Aucun)
C:\Windows\explorer.exe (ID: 1740|ParentID: 1456|Aucun)
C:\Windows\System32\svchost.exe (ID: 2928|ParentID: 564)
C:\Windows\System32\SearchIndexer.exe (ID: 2968|ParentID: 564)
C:\Program Files\DivX\DivX Update\DivXUpdate.exe (ID: 3756|ParentID: 1740|Aucun)
C:\Users\iyed\AppData\Local\FilesFrog Update Checker\update_checker.exe (ID: 3980|ParentID: 564|Aucun)
C:\Users\iyed\AppData\Local\Apps\2.0\JBW9VEAD.962\5Q46QRY0.MP7\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (ID: 3988|ParentID: 3864|Aucun)
C:\Program Files\Dell Digital Delivery\DeliveryService.exe (ID: 3716|ParentID: 564)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1332|ParentID: 564)
C:\Windows\System32\taskeng.exe (ID: 3152|ParentID: 948)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 1964|ParentID: 1740|Aucun)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 2772|ParentID: 1964|Aucun)
C:\Windows\System32\audiodg.exe (ID: 2784|ParentID: 804)
C:\UsbFix\UsbFix.exe (ID: 3680|ParentID: 2480|Aucun)
################## | Autorun |
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [Facebook Update] "C:\Users\iyed\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [uTorrent] "C:\Users\iyed\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\iyed\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
04 - HKCU\..\Run : [UpdateChecker] C:\Users\iyed\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
04 - HKCU\..\Run : [DellSystemDetect] C:\Users\iyed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
04 - HKCU\..\Run : [iLivid] "C:\Users\iyed\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKCU\..\Run : [ACEStream] C:\Users\iyed\AppData\Roaming\ACEStream\engine\ace_engine.exe
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKLM\..\Run : [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
04 - HKLM\..\RunOnce : [network_pubdirecte_1] "C:\Users\iyed\AppData\Local\Temp\BI_RunOnce.exe" /initurl :? /affid "-" /id "0" /name " " /uniqid N8NpZ9zWy /uuid 4C4C4544-0053-3810-8032-CAC04F515131 /biosserial JS82QQ1 /biosversion DELL - 27da0b1a /csname Vostro 1015
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [Facebook Update] "C:\Users\iyed\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [uTorrent] "C:\Users\iyed\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\iyed\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [UpdateChecker] C:\Users\iyed\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [DellSystemDetect] C:\Users\iyed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [iLivid] "C:\Users\iyed\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKU\S-1-5-21-803005294-362569602-2448286538-1001\..\Run : [ACEStream] C:\Users\iyed\AppData\Roaming\ACEStream\engine\ace_engine.exe
################## | Recherche générique |
Présent! D:\avast! Free Antivirus.lnk
Présent! D:\CrystalDiskInfo.lnk
Présent! D:\WinZip.lnk
Présent! F:\TAHERGRASSI (2GB).lnk
Présent! F:\128_Derniere_Danse_-_Indila_(Mashup_R)_(2014)_[_à‚¡_Daniel_Dj_!_]_-_sc_kiwimp3.lnk
################## | Registre |
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
################## | E.O.F | https://www.sosvirus.net/ | |
, 
