leuzhp
Participant
Nombre d'articles : 3

############################## | UsbFix V 7.146 | [Suppression]

Utilisateur: hp (Administrateur) # HP-PC
Mis à jour le 28/10/2013 par El Desaparecido – Team SosVirus
Lancé à 17:04:33 | 30/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (1439)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 2486 | Free : 849]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Anti-Virus Free [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 244 Go (98 Go libre(s) – 40%) [] # NTFS
D: -> Disque fixe # 222 Go (28 Go libre(s) – 13%) [Disque Local] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVGAVG9avgchsvx.exe (ID: 444 |ParentID: 424)
Stoppé! C:Program FilesAVGAVG9avgrsx.exe (ID: 452 |ParentID: 424)
Stoppé! C:Program FilesAVGAVG9avgcsrvx.exe (ID: 664 |ParentID: 452)
Stoppé! C:Windowssystem32WLANExt.exe (ID: 1516 |ParentID: 1144)
Stoppé! C:Windowssystem32conhost.exe (ID: 1524 |ParentID: 380)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1612 |ParentID: 528)
Stoppé! C:Program FilesE-EXPRESSDataCardService.exe (ID: 1784 |ParentID: 528)
Stoppé! C:Program FilesE-EXPRESSBGService.exe (ID: 1816 |ParentID: 1784)
Stoppé! C:Program FilesAVGAVG9avgwdsvc.exe (ID: 1828 |ParentID: 528)
Stoppé! C:WindowsExplorer.EXE (ID: 2612 |ParentID: 2544)
Stoppé! C:Windowssystem32taskhost.exe (ID: 2640 |ParentID: 528)
Stoppé! C:Program FilesAVGAVG9avgnsx.exe (ID: 2864 |ParentID: 1828)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 3172 |ParentID: 2612)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3180 |ParentID: 2612)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 3192 |ParentID: 2612)
Stoppé! C:Program FilesAVGAVG9avgtray.exe (ID: 3272 |ParentID: 2612)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3332 |ParentID: 2612)
Stoppé! C:WindowsSystem32StikyNot.exe (ID: 3372 |ParentID: 2612)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID: 3392 |ParentID: 2612)
Stoppé! C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceMediaDico38.exe (ID: 3488 |ParentID: 3360)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3620 |ParentID: 528)
Stoppé! C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceRAC38.exe (ID: 3844 |ParentID: 3360)
Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12ToolbarUpdater.exe (ID: 3200 |ParentID: 528)
Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12loggingserver.exe (ID: 676 |ParentID: 3200)
Stoppé! C:Windowssystem32conhost.exe (ID: 3684 |ParentID: 380)
Stoppé! C:Program FilesAVG Secure Searchvprot.exe (ID: 3868 |ParentID: 3144)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3148 |ParentID: 528)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 2528 |ParentID: 528)
Stoppé! C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 5532 |ParentID: 2612)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 5428 |ParentID: 628)
Stoppé! C:Program FilesAdobeReader 9.0ReaderAcroRd32.exe (ID: 4932 |ParentID: 2612)
Stoppé! C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 2324 |ParentID: 5532)
Stoppé! C:Program FilesMicrosoft OfficeOffice14POWERPNT.EXE (ID: 3344 |ParentID: 2612)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7788 |ParentID: 2612)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4728 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5592 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 296 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5844 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3316 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2828 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5432 |ParentID: 7788)
Stoppé! C:Program FilesVideoLANVLCvlc.exe (ID: 4568 |ParentID: 2612)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4712 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6412 |ParentID: 7788)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 8008 |ParentID: 528)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2288 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3232 |ParentID: 7788)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6320 |ParentID: 7788)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 1252 |ParentID: 1168)
Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 8172 |ParentID: 5244)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2604 |ParentID: 7788)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7488 |ParentID: 1144)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 1472 |ParentID: 680)

################## | Regedit Run |

HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [AVG9_TRAY] – C:PROGRA~1AVGAVG9avgtray.exe
HKLMSOFTWARE | Run : [vProt] – “C:Program FilesAVG Secure Searchvprot.exe”
HKLMSOFTWARE | Run : [rbuhhdgpds] – wscript.exe //B “C:UsershpAppDataLocalTemprbuhhdgpds..vbs”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [MediaDICO38] – C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceLanceMediaDICO38.exe Lancement
HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [rbuhhdgpds] – wscript.exe //B “C:UsershpAppDataLocalTemprbuhhdgpds..vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Référence de comparaison MD5 |

Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuprbuhhdgpds..vbs
Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> C:UsershpAppDataLocalTemprbuhhdgpds..vbs
Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> F:rbuhhdgpds..vbs

################## | Recherche générique |

Supprimé! C:UsershpAppDataLocalTemprbuhhdgpds..vbs
Supprimé! C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuprbuhhdgpds..vbs

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
Supprimé! HKUS-1-5-21-2449563262-3994739718-1579564867-1000SoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
Supprimé! HKUS-1-5-21-2449563262-3994739718-1579564867-1000Software….Mountpoints2{0b5afbe0-38f2-11e3-bd21-ac81122da0f9}
Supprimé! HKUS-1-5-21-2449563262-3994739718-1579564867-1000Software….Mountpoints2{f8ded1e9-3986-11e3-8de4-ac81122da0f9}

################## | Listing |

[30/10/2013 – 09:41:06 | D ] C:$AVG
[14/10/2013 – 17:50:16 | SHD ] C:$Recycle.Bin
[10/10/2013 – 06:24:50 | D ] C:4df4b6854e1742b0881652eac
[10/06/2009 – 21:42:20 | N | 24] C:autoexec.bat
[22/10/2013 – 11:02:53 | D ] C:c940205bf93d0d267328
[10/06/2009 – 21:42:20 | N | 10] C:config.sys
[11/10/2013 – 13:56:55 | D ] C:df03df2a6b63056efa039d56ede330c0
[14/07/2009 – 04:53:55 | SHD ] C:Documents and Settings
[28/10/2013 – 08:18:25 | ASH | 1954959360] C:hiberfil.sys
[24/09/2013 – 16:51:41 | D ] C:IDE
[25/09/2013 – 21:13:59 | D ] C:Intel
[24/09/2013 – 16:50:58 | RHD ] C:MSOCache
[28/10/2013 – 08:18:29 | ASH | 2606612480] C:pagefile.sys
[14/07/2009 – 02:37:05 | D ] C:PerfLogs
[20/10/2013 – 18:59:37 | D ] C:Program Files
[25/10/2013 – 14:36:32 | HD ] C:ProgramData
[14/10/2013 – 17:49:45 | SHD ] C:Recovery
[25/09/2013 – 21:07:34 | D ] C:SwSetup
[30/10/2013 – 09:20:03 | SHD ] C:System Volume Information
[30/10/2013 – 17:09:33 | D ] C:UsbFix
[30/10/2013 – 17:10:44 | A | 9869] C:UsbFix [Clean 1] HP-PC.txt
[30/10/2013 – 09:56:31 | N | 10944] C:UsbFix [Scan 1] HP-PC.txt
[30/10/2013 – 10:25:33 | N | 11437] C:UsbFix [Scan 2] HP-PC.txt
[14/10/2013 – 17:49:56 | RD ] C:Users
[30/10/2013 – 09:41:07 | D ] C:Windows
[14/10/2013 – 16:27:35 | D ] C:Windows.old
[14/10/2013 – 17:50:16 | SHD ] D:$RECYCLE.BIN
[15/10/2013 – 11:35:06 | D ] D:ancien disk
[26/09/2013 – 09:59:43 | D ] D:document
[07/10/2013 – 17:22:17 | D ] D:f558bbfa7a6f456073cd4f67b5b3
[14/10/2013 – 21:06:03 | D ] D:office 2010
[26/09/2013 – 09:59:59 | D ] D:recrutement
[24/09/2013 – 16:58:56 | SHD ] D:System Volume Information

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |