fichier script winUsbdriver.vbs 2013-12-15T20:58:48+00:00
  • Auteur
    Messages
  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    salut :D

    fais suppression avec usbfix tous peripheriques branchés puis poste le rapport en découlant

  • kais9001
    Post count: 0

    ############################## | UsbFix V 7.154 | [Recherche]

    Utilisateur: user (Administrateur) # USER-TOSH
    Mis à jour le 13/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:50:17 | 15/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: TOSHIBA (KTWAA)
    CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
    RAM -> [Total : 3933 | Free : 896]
    Bios: TOSHIBA
    Boot: Normal boot

    OS: Microsoft Windows 7 Edition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16750

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 116 Go (21 Go libre(s) – 18%) [WINDOWS] # NTFS
    D: -> Disque fixe # 116 Go (4 Go libre(s) – 3%) [Data] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> CD-ROM
    H: -> Disque amovible # 7 Go (6 Go libre(s) – 78%) [KAIS] # FAT32
    I: -> CD-ROM

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 576 |ParentID: 564)
    C:Windowssystem32wininit.exe (ID: 616 |ParentID: 564)
    C:Windowssystem32csrss.exe (ID: 624 |ParentID: 608)
    C:Windowssystem32winlogon.exe (ID: 672 |ParentID: 608)
    C:Windowssystem32services.exe (ID: 740 |ParentID: 616)
    C:Windowssystem32lsass.exe (ID: 748 |ParentID: 616)
    C:Windowssystem32lsm.exe (ID: 760 |ParentID: 616)
    C:Windowssystem32svchost.exe (ID: 848 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 928 |ParentID: 740)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 1004 |ParentID: 740)
    C:WindowsSystem32svchost.exe (ID: 536 |ParentID: 740)
    C:WindowsSystem32svchost.exe (ID: 612 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 912 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 1040 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 1220 |ParentID: 740)
    C:WindowsSystem32spoolsv.exe (ID: 1388 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 1460 |ParentID: 740)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1552 |ParentID: 740)
    C:Windowssystem32taskhost.exe (ID: 1636 |ParentID: 740)
    C:Windowssystem32Dwm.exe (ID: 1664 |ParentID: 612)
    C:WindowsExplorer.EXE (ID: 1672 |ParentID: 1656)
    C:Windowssystem32taskeng.exe (ID: 1764 |ParentID: 1040)
    C:Windowssystem32taskeng.exe (ID: 1844 |ParentID: 1040)
    C:Program Files (x86)AVGAVG PC Tuneup 2011BoostSpeed.exe (ID: 1964 |ParentID: 1764)
    C:Program Files (x86)SearchProtectbinCltMngSvc.exe (ID: 2004 |ParentID: 740)
    C:UsersuserAppDataRoamingDefaultTabDefaultTabDTUpdate.exe (ID: 1828 |ParentID: 740)
    C:WindowsSysWOW64nhsrvice.exe (ID: 1500 |ParentID: 740)
    C:Windowssystem32hasplms.exe (ID: 1176 |ParentID: 740)
    C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID: 2092 |ParentID: 1672)
    C:Program FilesTOSHIBABulletinBoardTosNcCore.exe (ID: 2100 |ParentID: 1672)
    C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID: 2116 |ParentID: 1672)
    C:WindowsSystem32igfxtray.exe (ID: 2144 |ParentID: 1672)
    C:WindowsSystem32hkcmd.exe (ID: 2168 |ParentID: 1672)
    C:WindowsSystem32igfxpers.exe (ID: 2176 |ParentID: 1672)
    C:Program FilesTOSHIBASmoothViewSmoothView.exe (ID: 2184 |ParentID: 1672)
    C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID: 2192 |ParentID: 1672)
    C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe (ID: 2276 |ParentID: 740)
    C:Windowssystem32igfxsrvc.exe (ID: 2284 |ParentID: 848)
    C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 2368 |ParentID: 1672)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2416 |ParentID: 1672)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2452 |ParentID: 1672)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 2552 |ParentID: 2452)
    C:Program FilesTOSHIBATECOTEco.exe (ID: 2580 |ParentID: 1672)
    C:Program FilesTOSHIBATPHMTosWaitSrv.exe (ID: 2648 |ParentID: 1672)
    C:Windowssystem32igfxext.exe (ID: 2704 |ParentID: 848)
    C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID: 2796 |ParentID: 1764)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 2804 |ParentID: 1672)
    C:Program FilesCanonMyPrinterBJMYPRT.EXE (ID: 2900 |ParentID: 1672)
    C:Program Files (x86)DAEMON Tools LiteDTLite.exe (ID: 2964 |ParentID: 1672)
    C:Program Files (x86)WWW.HOSTJSC.NETInternet Download ManagerIDMan.exe (ID: 2992 |ParentID: 1672)
    C:ProgramDataBadooBadoo Desktop1.6.58.1220Badoo.Desktop.exe (ID: 3032 |ParentID: 1672)
    C:UsersuserAppDataRoamingSearchProtectbincltmng.exe (ID: 3064 |ParentID: 1672)
    C:Program Files (x86)Business-in-a-BoxBIBLauncher.exe (ID: 448 |ParentID: 1672)
    C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe (ID: 1016 |ParentID: 1672)
    C:Program Files (x86)Microsoft SQL Server80ToolsBinnsqlmangr.exe (ID: 2712 |ParentID: 1672)
    C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe (ID: 2892 |ParentID: 1164)
    C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe (ID: 412 |ParentID: 1164)
    C:Program Files (x86)Yahoo!Search ProtectionSearchProtection.exe (ID: 1404 |ParentID: 1164)
    C:Program Files (x86)AVG Secure Searchvprot.exe (ID: 3152 |ParentID: 1164)
    C:Program Files (x86)POWERISOPWRISOVM.EXE (ID: 3180 |ParentID: 1164)
    C:Program Files (x86)Ligne 100 Edition PiloteeMicrosoft SQL ServerMSSQLBinnsqlservr.exe (ID: 3208 |ParentID: 740)
    C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID: 3412 |ParentID: 1164)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3432 |ParentID: 1164)
    C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE (ID: 3452 |ParentID: 1164)
    C:Program Files (x86)RelevantKnowledgerlservice.exe (ID: 3728 |ParentID: 740)
    C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (ID: 3964 |ParentID: 740)
    C:WindowsSysWOW64configsystemprofileAppDataRoamingokitspaceprotectPluginProtect.exe (ID: 4000 |ParentID: 740)
    C:Program Files (x86)SoftwareUpdaterUpdaterService.exe (ID: 1020 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 3164 |ParentID: 740)
    C:Program Files (x86)Toshiba TEMPROTemproSvc.exe (ID: 1520 |ParentID: 740)
    C:Windowssystem32TODDSrv.exe (ID: 2792 |ParentID: 740)
    C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID: 1416 |ParentID: 740)
    C:Program FilesTOSHIBATECOTecoService.exe (ID: 4184 |ParentID: 740)
    C:Program Files (x86)BatBrowseupdateBatBrowse.exe (ID: 4256 |ParentID: 740)
    C:Program Files (x86)BatBrowsebinutilBatBrowse.exe (ID: 4436 |ParentID: 740)
    C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.2.0ToolbarUpdater.exe (ID: 4524 |ParentID: 740)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 4596 |ParentID: 740)
    C:Windowssplwow64.exe (ID: 4632 |ParentID: 3452)
    C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe (ID: 4696 |ParentID: 740)
    C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.2.0loggingserver.exe (ID: 4724 |ParentID: 4524)
    C:Windowssystem32conhost.exe (ID: 4752 |ParentID: 576)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4820 |ParentID: 4596)
    C:Program Files (x86)RelevantKnowledgerlvknlg.exe (ID: 4576 |ParentID: 3728)
    C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID: 4612 |ParentID: 740)
    C:Windowssystem32SearchIndexer.exe (ID: 924 |ParentID: 740)
    C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID: 4956 |ParentID: 572)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4628 |ParentID: 848)
    C:Program Files (x86)CanonSolution Menu EXCNSEUPDT.EXE (ID: 4976 |ParentID: 3452)
    C:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 5208 |ParentID: 740)
    C:Windowssystem32wbemunsecapp.exe (ID: 5652 |ParentID: 848)
    C:Program Files (x86)WWW.HOSTJSC.NETInternet Download ManagerIEMonitor.exe (ID: 5784 |ParentID: 2992)
    C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID: 6028 |ParentID: 2796)
    C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID: 1084 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 5904 |ParentID: 740)
    C:Program Files (x86)TOSHIBAConfigFreeCFProcSRVC.exe (ID: 3804 |ParentID: 740)
    C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID: 2640 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 5332 |ParentID: 740)
    C:Program Files (x86)InternetEverywhereInternetEverywhere.exe (ID: 3744 |ParentID: 1016)
    C:WindowsSystem32WUDFHost.exe (ID: 5740 |ParentID: 612)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6472 |ParentID: 5852)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6752 |ParentID: 6472)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5564 |ParentID: 6472)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5596 |ParentID: 6472)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5308 |ParentID: 6472)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6328 |ParentID: 6472)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6432 |ParentID: 6472)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6160 |ParentID: 6472)
    C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 7108 |ParentID: 740)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 4760 |ParentID: 6472)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1200 |ParentID: 6472)
    C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID: 2404 |ParentID: 740)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5868 |ParentID: 6472)
    C:Windowssystem32SearchProtocolHost.exe (ID: 1028 |ParentID: 924)
    C:Windowssystem32prevhost.exe (ID: 4560 |ParentID: 848)
    C:PROGRA~2MICROS~2Office12EXCEL.EXE (ID: 3784 |ParentID: 848)
    C:Windowsexplorer.exe (ID: 7424 |ParentID: 848)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6812 |ParentID: 6472)
    C:Windowssystem32SearchFilterHost.exe (ID: 4376 |ParentID: 924)
    C:UsersuserAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5924 |ParentID: 6472)
    C:UsbFixGo.exe (ID: 3504 |ParentID: 3940)
    C:UsersuserAppDataLocalSwvUpdaterUpdater.exe (ID: 7788 |ParentID: 1764)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
    04 – HKLMSOFTWARE | Run : [HWSetup] – “C:Program FilesTOSHIBAUtilitiesHWSetup.exe” hwSetUP
    04 – HKLMSOFTWARE | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
    04 – HKLMSOFTWARE | Run : [TWebCamera] – “%ProgramFiles%TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
    04 – HKLMSOFTWARE | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
    04 – HKLMSOFTWARE | Run : [YSearchProtection] – “C:Program Files (x86)Yahoo!Search ProtectionSearchProtection.exe”
    04 – HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    04 – HKLMSOFTWARE | Run : [WinampAgent] – “C:Program Files (x86)Winampwinampa.exe”
    04 – HKLMSOFTWARE | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWARE | Run : [PWRISOVM.EXE] – C:Program Files (x86)PowerISOPWRISOVM.EXE -startup
    04 – HKLMSOFTWARE | Run : [DATAMNGR] – C:PROGRA~2WIA6EB~1DatamngrDATAMN~1.EXE
    04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWARE | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWARE | Run : [NeroFilterCheck] – C:Windowssystem32NeroCheck.exe
    04 – HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [SearchProtectAll] – C:Program Files (x86)SearchProtectbincltmng.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWAREwow6432Node | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
    04 – HKLMSOFTWAREwow6432Node | Run : [HWSetup] – “C:Program FilesTOSHIBAUtilitiesHWSetup.exe” hwSetUP
    04 – HKLMSOFTWAREwow6432Node | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [TWebCamera] – “%ProgramFiles%TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
    04 – HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
    04 – HKLMSOFTWAREwow6432Node | Run : [YSearchProtection] – “C:Program Files (x86)Yahoo!Search ProtectionSearchProtection.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    04 – HKLMSOFTWAREwow6432Node | Run : [WinampAgent] – “C:Program Files (x86)Winampwinampa.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [PWRISOVM.EXE] – C:Program Files (x86)PowerISOPWRISOVM.EXE -startup
    04 – HKLMSOFTWAREwow6432Node | Run : [DATAMNGR] – C:PROGRA~2WIA6EB~1DatamngrDATAMN~1.EXE
    04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWAREwow6432Node | Run : [NeroFilterCheck] – C:Windowssystem32NeroCheck.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [SearchProtectAll] – C:Program Files (x86)SearchProtectbincltmng.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKLMSOFTWARE | PoliciesExplorerrun : [rescue] – “C:ProgramDatarescue.vbe”
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [IDMan] – C:Program Files (x86)WWW.HOSTJSC.NETInternet Download ManagerIDMan.exe /onboot
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [AdobeBridge] –
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [Facebook Update] – “C:UsersuserAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [Google Update] – “C:UsersuserAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [Badoo Desktop] – C:ProgramDataBadooBadoo Desktop1.6.58.1220Badoo.Desktop.exe
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [SearchProtect] – C:UsersuserAppDataRoamingSearchProtectbincltmng.exe
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [GoogleDriveSync] – “C:Program Files (x86)GoogleDrivegoogledrivesync.exe” /autostart
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [Viber] – “C:UsersuserAppDataLocalViberViber.exe”
    04 – HKUS-1-5-21-1035455305-2029446767-3736822713-1000SOFTWARE | Run : [BIBLauncher] – C:Program Files (x86)Business-in-a-BoxBIBLauncher.exe
    04 – HKUS-1-5-18SOFTWARE | Run : [SearchProtect] – C:Windowssystem32configsystemprofileAppDataRoamingSearchProtectbincltmng.exe
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Service présent! system

    Présent! D:$RECYCLE.BIN.lnk
    Présent! H:STE EXPRO 2013.lnk
    Présent! H:CKM DOCUMENT.lnk
    Présent! H:photo marbres.lnk
    Présent! H:LOGICIEL SAGE 13.01.lnk
    Présent! H:tarek comptable.lnk
    Présent! H:SMCB.lnk
    Présent! C:UsersuserAppDataLocalGLF90B6.tmp
    Présent! C:ProgramDatarescue.vbe
    Présent! C:UsersuserAppDataLocalTempcmdx.exe.tmp
    Présent! C:UsersuserAppDataLocalTempTrojan.exe.tmp
    Présent! C:UsersuserAppDataLocalTempWin32

    ################## | Référence de comparaison MD5 |

    Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:UsersAll Usersrescue.vbe
    Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:ProgramDatarescue.vbe
    Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:ProgramDatarescue.vbe

    ################## | Comparaison MD5 |

    Présent! Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:ProgramDatarescue.vbe
    Présent! Md5 : 0AF9E8059F91BB22ED163C882AB29C73 -> C:UsersAll Usersrescue.vbe

    ################## | Registre |

    Présent! HKLMSYSTEMCurrentControlSetServicessystem
    Présent! HKLMSYSTEMControlSet001Servicessystem
    Présent! HKLMSYSTEMControlSet002Servicessystem
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 0
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 0
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|rescue

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Le sujet ‘fichier script winUsbdriver.vbs’ est fermé à de nouvelles réponses.