Formaldehyyde
Participant
Nombre d'articles : 12

Ici le rapport de la recherche de USBFix en mode sans échecs avec accès au réseau.

[spoiler:1nvi5bbz]############################## | UsbFix V 7.148 | [Research]

User: Audrey (Administrator) # AUDREY-HP
Updated 01/11/2013 by El Desaparecido – Team SosVirus
Started at 16:37:11 | 03/11/2013

Website: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (1611)
CPU: AMD E-350 Processor
RAM -> [Total : 3578 | Free : 2241]
Bios: Hewlett-Packard
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: BitDefender Antivirus [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Fixed drive # 447 Gb (208 Mb free – 47%) [] # NTFS
D: -> Fixed drive # 15 Gb (2 Mb free – 10%) [RECOVERY] # NTFS
E: -> Fixed drive # 4 Gb (1 Mb free – 28%) [HP_TOOLS] # FAT32
F: -> Removable drive # 2 Gb (2 Mb free – 97%) [] # FAT

################## | Reference of comparison MD5 |

Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic8i7asystemmD.vbe
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic97asystemD.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9eimmD.vbe
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9emmD.vbe
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9stemD.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9stiemD.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublicsysfftem7.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublicsystefm34.vbe
Md5 : aed4faf279abf7d7605e81707be3ce64 -> C:UsersAudreyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : bcdef9a6d179f4c587f9b742de82eef0 -> C:UsersAudreyAppDataLocalTempflashmemory.vbe
Md5 : bcdef9a6d179f4c587f9b742de82eef0 -> C:UsersAudreyAppDataLocalTempiTunesHelper.vbe
Md5 : c9b8fa51c889f97dc5c4deb274b1fbf2 -> C:UsersAudreyAppDataLocalTempNj99.vbs
Md5 : DENIED -> F:iTunesHelper.vbe

################## | Active Processes |

C:Windowssystem32csrss.exe (ID: 360 |ParentID: 348)
C:Windowssystem32csrss.exe (ID: 396 |ParentID: 388)
C:Windowssystem32wininit.exe (ID: 416 |ParentID: 348)
C:Windowssystem32services.exe (ID: 472 |ParentID: 416)
C:Windowssystem32winlogon.exe (ID: 488 |ParentID: 388)
C:Windowssystem32lsass.exe (ID: 516 |ParentID: 416)
C:Windowssystem32lsm.exe (ID: 524 |ParentID: 416)
C:Windowssystem32svchost.exe (ID: 624 |ParentID: 472)
C:Windowssystem32svchost.exe (ID: 696 |ParentID: 472)
C:WindowsSystem32svchost.exe (ID: 804 |ParentID: 472)
C:Windowssystem32svchost.exe (ID: 840 |ParentID: 472)
C:Windowssystem32svchost.exe (ID: 920 |ParentID: 472)
C:Windowssystem32svchost.exe (ID: 956 |ParentID: 472)
C:Windowssystem32svchost.exe (ID: 1032 |ParentID: 472)
C:Windowssystem32svchost.exe (ID: 1072 |ParentID: 472)
C:Windowssystem32svchost.exe (ID: 1340 |ParentID: 472)
C:WindowsExplorer.EXE (ID: 1416 |ParentID: 1408)
C:Windowssystem32ctfmon.exe (ID: 1488 |ParentID: 1416)
C:Windowssystem32DllHost.exe (ID: 1724 |ParentID: 624)
C:UsersAudreyAppDataLocalGoogleChromeApplicationchrome.exe (ID: 348 |ParentID: 1416)
C:UsersAudreyAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1632 |ParentID: 348)
C:UsersAudreyAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1892 |ParentID: 348)
C:UsersAudreyAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2432 |ParentID: 348)
C:Windowssystem32wbemwmiprvse.exe (ID: 3012 |ParentID: 624)
C:Windowssystem32wbemwmiprvse.exe (ID: 3160 |ParentID: 624)
C:WindowsSystem32wscript.exe (ID: 2056 |ParentID: 3236)
C:UsbFixGo.exe (ID: 1688 |ParentID: 2244)

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [BTMTrayAgent] – rundll32.exe “C:Program FilesMotorolaBluetoothbtmshell.dll”,TrayApp
HKLMSOFTWARE | Run : [HPQuickWebProxy] – “C:Program FilesHewlett-PackardHP QuickWebhpqwutils.exe”
HKLMSOFTWARE | Run : [HPConnectionManager] – C:Program FilesHewlett-PackardHP Connection ManagerHPCMDelayStart.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program FilesHewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program FilesEasyBits For KidsezRecover.exe
HKLMSOFTWARE | Run : [HPOSD] – C:Program FilesHewlett-PackardHP On Screen DisplayHPOSD.exe
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersAudreyAppDataLocalTempiTunesHelper.vbe”
HKLMSOFTWARE | Run : [Genie TimeLine Tray] – C:Program FilesGenie-SoftGenie TimelineGSTimeLineAgent.exe -auto
HKLMSOFTWARE | Run : [GrooveMonitor] – “C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
HKLMSOFTWARE | Run : [bdruninstaller] – “C:Program FilesCommon FilesBitdefenderSetupInformationdownloadersetuplauncher.exe” /run:”C:Program FilesCommon FilesBitdefenderSetupInformationdownloadersetupdownloader.exe” /args:”/after_restart”
HKLMSOFTWARE | Run : [BitDefender Antiphishing Helper] – “C:Program FilesBitDefenderBitDefender 2011ieshow.exe”
HKLMSOFTWARE | Run : [BDAgent] – “C:Program FilesBitDefenderBitDefender 2011bdagent.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [Google Update] – “C:UsersAudreyAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [Facebook Update] – “C:UsersAudreyAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [LaCie Desktop Manager Startup] – “C:Program FilesLaCieDesktop ManagerLaCieDesktopManagerStatusItem.exe”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [MSa2emHR] – wscript.exe //B “C:UsersAudreyAppDataLocalTempMSa2emHR.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [qAuPnVQM] – wscript.exe //B “C:UsersAudreyAppDataLocalTempqAuPnVQM.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [LU86st0c] – wscript.exe //B “C:UsersAudreyAppDataLocalTempLU86st0c.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [G9zxsaPJ] – wscript.exe //B “C:UsersAudreyAppDataLocalTempG9zxsaPJ.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersAudreyAppDataLocalTempiTunesHelper.vbe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Generic Research |

Found ! F:iTunesHelper.vbe
Found ! C:UsersAudreyAppDataLocalTempiTunesHelper.vbe
Found ! C:UsersAudreyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Found ! F:Autorun.inf.lnk
Found ! F:BitDefender.lnk
Found ! F:Usbfix.lnk
Found ! C:UsersPublic8i7asystemmD.vbe
Found ! C:UsersPublic97asystemD.VBE
Found ! C:UsersPublic9eimmD.vbe
Found ! C:UsersPublic9emmD.vbe
Found ! C:UsersPublic9stemD.VBE
Found ! C:UsersPublic9stiemD.VBE
Found ! C:UsersPublicsysfftem7.VBE
Found ! C:UsersPublicsystefm34.vbe
Found ! C:UsersPublic9iaD12_Loading.zip
Found ! C:UsersPublicD7_Loading.zip
Found ! C:UsersAudreyAppDataLocalTempIntel(R)s7.exe.tmp
Found ! C:UsersAudreyAppDataLocalTempMusiques.pif
Found ! C:UsersAudreyAppDataLocalTemputt19CA.tmp.exe
Found ! C:UsersAudreyAppDataLocalTemputtA558.tmp.exe
Found ! C:UsersAudreyAppDataLocalTemputtEDD3.tmp.exe
Found ! C:UsersAudreyAppDataLocalTempflashmemory.vbe
Found ! C:UsersAudreyAppDataLocalTempNj99.vbs
Found ! C:UsersAudreyAppDataLocalTemp1477.hta
Found ! C:UsersAudreyAppDataLocalTemp7777i.hta
Found ! C:UsersAudreyAppDataLocalTemp77u.hta
Found ! C:UsersAudreyAppDataLocalTemp97.hta
Found ! C:UsersAudreyAppDataLocalTempDC7.hta
Found ! C:UsersAudreyAppDataLocalTempdcyyt.hta
Found ! C:UsersAudreyAppDataLocalTempddddddddddd.hta
Found ! C:UsersAudreyAppDataLocalTempHY.hta
Found ! C:UsersAudreyAppDataLocalTempiiiii9.hta
Found ! C:UsersAudreyAppDataLocalTempiiiiiiiiiiiiz7.hta
Found ! C:UsersAudreyAppDataLocalTempsssssssssi.hta
Found ! C:UsersAudreyAppDataLocalTempzzzz7.hta
Found ! C:UsersAudreyAppDataLocalTempzzzzzzzzzzzz5.hta
Found ! D:desktop.ini

################## | Comparison MD5 |

Found ! Md5 : C9B8FA51C889F97DC5C4DEB274B1FBF2 -> C:UsersAudreyAppDataLocalTempNj99.vbs
Found ! Md5 : B7019418D79D26CEF0D0EA8C04A39337 -> C:UsersPublic8i7asystemmD.vbe
Found ! Md5 : B7019418D79D26CEF0D0EA8C04A39337 -> C:UsersPublic97asystemD.VBE

################## | Registry |

Found ! HKUS-1-5-21-1190468337-140412576-3729368624-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKUS-1-5-21-1190468337-140412576-3729368624-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKUS-1-5-21-1190468337-140412576-3729368624-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Vaccin |

F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1nvi5bbz]