Répondre à : désinfecter mon ordinateur 2016-09-08T13:12:48+00:00
tsof2008
Participant
Post count: 1

############################## | UsbFix V 7.150 | [Recherche]

Utilisateur: tsofiane (Administrateur) # TSOFIENE-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 18:02:12 | 17/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. ()
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
RAM -> [Total : 8099 | Free : 5740]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Entreprise (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Security Agent [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 195 Go (5 Go libre(s) – 3%) [] # NTFS
D: -> Disque fixe # 270 Go (30 Go libre(s) – 11%) [] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 2 Go (1 Go libre(s) – 59%) [] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 728 |ParentID: 720)
C:Windowssystem32wininit.exe (ID: 836 |ParentID: 720)
C:Windowssystem32csrss.exe (ID: 860 |ParentID: 848)
C:Windowssystem32services.exe (ID: 928 |ParentID: 836)
C:Windowssystem32lsass.exe (ID: 936 |ParentID: 836)
C:Windowssystem32winlogon.exe (ID: 952 |ParentID: 848)
C:Windowssystem32lsm.exe (ID: 984 |ParentID: 836)
C:Windowssystem32svchost.exe (ID: 736 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 1124 |ParentID: 928)
C:WindowsSystem32svchost.exe (ID: 1220 |ParentID: 928)
C:WindowsSystem32svchost.exe (ID: 1264 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 1300 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 1328 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 1764 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 1644 |ParentID: 928)
C:Program Files (x86)Trend MicroSecurity Agentntrtscan.exe (ID: 2508 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 2840 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 2868 |ParentID: 928)
C:Program Files (x86)Trend MicroSecurity Agenttmlisten.exe (ID: 3344 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 3768 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 3884 |ParentID: 928)
C:Program Files (x86)Trend MicroSecurity AgentTmProxy.exe (ID: 4208 |ParentID: 928)
C:Program Files (x86)Trend MicroBMTMBMSRV.exe (ID: 4416 |ParentID: 928)
C:Windowssystem32svchost.exe (ID: 5024 |ParentID: 928)
C:WindowsSystem32svchost.exe (ID: 4360 |ParentID: 928)
C:Windowssystem32Dwm.exe (ID: 5180 |ParentID: 1264)
C:Program Files (x86)Trend MicroSecurity AgentPccNTMon.exe (ID: 3776 |ParentID: 3108)
C:Windowssystem32svchost.exe (ID: 7860 |ParentID: 928)
C:Windowssystem32wbemwmiprvse.exe (ID: 7452 |ParentID: 736)
C:Program FilesDisplayLink Core SoftwareDisplayLinkManager.exe (ID: 3960 |ParentID: 928)
C:WindowsSystem32WUDFHost.exe (ID: 10100 |ParentID: 1264)
C:WindowsSystem32rundll32.exe (ID: 8128 |ParentID: 736)
C:Windowsexplorer.exe (ID: 9784 |ParentID: 952)
C:Program FilesDisplayLink Core SoftwareDisplayLinkUserAgent.exe (ID: 8672 |ParentID: 3960)
C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe (ID: 5284 |ParentID: 928)
C:Program FilesDisplayLink Core SoftwareDisplayLinkUI.exe (ID: 6360 |ParentID: 3960)
C:Windowssystem32SearchIndexer.exe (ID: 10012 |ParentID: 928)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 8856 |ParentID: 928)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8912 |ParentID: 9784)
C:WindowsSystem32spoolsv.exe (ID: 2036 |ParentID: 928)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3524 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2348 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2372 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2984 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8140 |ParentID: 8912)
C:Windowssystem32SearchProtocolHost.exe (ID: 5364 |ParentID: 10012)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7344 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6824 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7196 |ParentID: 8912)
C:Windowssystem32taskmgr.exe (ID: 4848 |ParentID: 952)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4968 |ParentID: 8912)
C:Program FilesInternet Exploreriexplore.exe (ID: 8476 |ParentID: 6576)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 4172 |ParentID: 8476)
C:Windowssystem32DllHost.exe (ID: 6892 |ParentID: 736)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4700 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1292 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1528 |ParentID: 8912)
C:UsbFixGo.exe (ID: 8068 |ParentID: 9564)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3412 |ParentID: 8912)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7340 |ParentID: 8912)
C:Windowssystem32SearchFilterHost.exe (ID: 2764 |ParentID: 10012)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [OfficeScanNT Monitor] – “C:Program Files (x86)Trend MicroSecurity Agentpccntmon.exe” -HideWindow
04 – HKLMSOFTWARE | Run : [hpqSRMon] – C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
04 – HKLMSOFTWARE | Run : [DATAMNGR] – C:PROGRA~2SEARCH~1DatamngrDATAMN~2.EXE
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [vProt] – “C:Program Files (x86)AVG SafeGuard toolbarvprot.exe”
04 – HKLMSOFTWARE | Run : [Bonus.SSR.FR11] – “C:Program Files (x86)ABBYY FineReader 11Bonus.ScreenshotReader.exe” /autorun
04 – HKLMSOFTWAREwow6432Node | Run : [OfficeScanNT Monitor] – “C:Program Files (x86)Trend MicroSecurity Agentpccntmon.exe” -HideWindow
04 – HKLMSOFTWAREwow6432Node | Run : [hpqSRMon] – C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
04 – HKLMSOFTWAREwow6432Node | Run : [DATAMNGR] – C:PROGRA~2SEARCH~1DatamngrDATAMN~2.EXE
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [vProt] – “C:Program Files (x86)AVG SafeGuard toolbarvprot.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Bonus.SSR.FR11] – “C:Program Files (x86)ABBYY FineReader 11Bonus.ScreenshotReader.exe” /autorun
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKLMSOFTWARE | PoliciesExplorerrun : [Policies] – C:systemeexplore.exe
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [uTorrent] – “C:UserstsofianeAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [SDP] – C:UserstsofianeAppDataLocalFilesFrog Update Checkerupdate_checker.exe /auto
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [RGSC] – C:Program Files (x86)Rockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [Facebook Update] – “C:UserstsofianeAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [Viber] – “C:UserstsofianeAppDataLocalViberViber.exe” StartMinimized
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [AppsHat] – C:UserstsofianeAppDataLocalWebPlayerAppsHatWebPlayer.exe
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [Apps Hat] – C:UserstsofianeAppDataLocalWebPlayerAppsHatWebPlayer.exe
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [Pando Media Booster] – C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [winlog] – wscript.exe //B “C:UserstsofianeAppDataRoamingwinlog.vbs”
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [GoogleChromeAutoLaunch_8E93B4E1FD49E630334494054237426B] – “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –no-startup-window
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [Allmyapps] – “C:UserstsofianeAppDataRoamingAllmyappsAllmyapps.exe” startup
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [Allmyapps Update] – “C:UserstsofianeAppDataRoamingAllmyappsAllmyappsUpdater.exe” check startup
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [Software Informer] – “C:Program FilesSoftware Informersoftinfo.exe” -autorun
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | Run : [EPLTargetP0000000000000002] – C:Windowssystem32spoolDRIVERSx643E_YATIJ4E.EXE /EPT “EPLTargetP0000000000000002” /M “M100 Series” /EF “HKCU”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-21-2518751927-1662227888-3529027341-2194SOFTWARE | PoliciesExplorerrun : [Policies] – C:systemeexplore.exe

################## | Recherche générique |

Présent! C:UserstsofianeAppDataRoamingwinlog.vbs
Présent! C:UserstsofianeAppDataRoamingBabMaint.exe
Présent! C:UserstsofianeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwinlog.vbs
Présent! G:winlog.vbs
Présent! D:WPV1010.exe
Présent! G:R154405.EXE
Présent! C:UserstsofianeAppDataRoamingLogs.dat
Présent! C:UserstsofianeAppDataLocalTempnst93B9.tmp.exe
Présent! C:UserstsofianeAppDataLocalTemphds_control.vbs
Présent! C:UserstsofianeAppDataLocalTempwindowsIsLame4691040048656706916.vbs
Présent! C:UserstsofianeAppDataLocalTempwindowsIsLame7451945588437598507.vbs
Présent! C:UserstsofianeAppDataLocalTemp7z920.exe
Présent! C:UserstsofianeAppDataLocalTempAutoRun.exe
Présent! C:UserstsofianeAppDataLocalTempMSN.abc
Présent! C:UserstsofianeAppDataLocalTempUuU.uUu
Présent! C:UserstsofianeAppDataLocalTempXxX.xXx
Présent! C:UserstsofianeAppDataLocalTempxxxyyyzzz.dat

################## | Référence de comparaison MD5 |

Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UserstsofianeAppDataRoamingwinlog.vbs
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UserstsofianeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwinlog.vbs
Md5 : 35E07C5CFBEB1367CE6FE9CDB3E528D3 -> C:UserstsofianeAppDataLocalTemphds_control.vbs
Md5 : AAA5B605649C478AC9629CFA6B003957 -> C:UserstsofianeAppDataLocalTempwindowsIsLame4691040048656706916.vbs
Md5 : AAA5B605649C478AC9629CFA6B003957 -> C:UserstsofianeAppDataLocalTempwindowsIsLame7451945588437598507.vbs
Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:UserstsofianeAppDataLocalTemp7z920.exe
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UserstsofianeAppDataRoamingwinlog.vbs
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UserstsofianeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwinlog.vbs
Md5 : 35E07C5CFBEB1367CE6FE9CDB3E528D3 -> C:UserstsofianeAppDataLocalTemphds_control.vbs
Md5 : AAA5B605649C478AC9629CFA6B003957 -> C:UserstsofianeAppDataLocalTempwindowsIsLame4691040048656706916.vbs
Md5 : AAA5B605649C478AC9629CFA6B003957 -> C:UserstsofianeAppDataLocalTempwindowsIsLame7451945588437598507.vbs
Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:UserstsofianeAppDataLocalTemp7z920.exe
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> G:winlog.vbs

################## | Comparaison MD5 |

Présent! Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:UserstsofianeAppDataLocalTemp7z920.exe
Présent! Md5 : 35E07C5CFBEB1367CE6FE9CDB3E528D3 -> C:UserstsofianeAppDataLocalTemphds_control.vbs
Présent! Md5 : AAA5B605649C478AC9629CFA6B003957 -> C:UserstsofianeAppDataLocalTempwindowsIsLame4691040048656706916.vbs
Présent! Md5 : AAA5B605649C478AC9629CFA6B003957 -> C:UserstsofianeAppDataLocalTempwindowsIsLame7451945588437598507.vbs
Présent! Md5 : 35E07C5CFBEB1367CE6FE9CDB3E528D3 -> C:UserstsofianeAppDataRoamingHard Disk Sentinelhds_control_remove.vbs
Présent! Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UserstsofianeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwinlog.vbs
Présent! Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UserstsofianeAppDataRoamingwinlog.vbs
Présent! Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> D:sofcartemem2gwinlog.vbs
Présent! Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> G:winlog.vbs

################## | Registre |

Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 0
Présent! HKUS-1-5-21-2518751927-1662227888-3529027341-2194SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Policies
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Policies
Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Policies
Présent! HKUS-1-5-21-2518751927-1662227888-3529027341-2194SoftwareMicrosoftWindowsCurrentVersionRun|winlog
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|winlog

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |