Jeffmehdi
Participant
Nombre d'articles : 4

Merci Beaucoup pour la bienvenue :D .
Voici le rapport de suppression

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Mehdi (Administrateur) # MEHDI-99B6B5F06
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 15:06:01 | 10/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (085Ch)
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
RAM -> [Total : 1015 | Free : 214]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 37 Go (5 Go libre(s) – 14%) [] # NTFS
D: -> Disque fixe # 75 Go (64 Go libre(s) – 86%) [Disque ] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 2 Go (2 Go libre(s) – 84%) [] # FAT
H: -> Disque amovible # 2 Go (2 Go libre(s) – 100%) [KINGSTON] # FAT

################## | Processus Stoppés |

Stoppé! C:WINDOWSsystem32spoolsv.exe (ID: 1728 |ParentID: 380)
Stoppé! C:WINDOWSsystem32acs.exe (ID: 1768 |ParentID: 380)
Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1876 |ParentID: 380)
Stoppé! C:WINDOWSExplorer.EXE (ID: 1968 |ParentID: 1652)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 1072 |ParentID: 1968)
Stoppé! C:WINDOWSsystem32igfxtray.exe (ID: 1132 |ParentID: 1968)
Stoppé! C:WINDOWSsystem32hkcmd.exe (ID: 1176 |ParentID: 1968)
Stoppé! C:WINDOWSsystem32igfxpers.exe (ID: 1208 |ParentID: 1968)
Stoppé! C:Program FilesAnalog DevicesSoundMAXSMTray.exe (ID: 1236 |ParentID: 1968)
Stoppé! C:Program FilesAnalog DevicesSoundMAXDrvLsnr.exe (ID: 1248 |ParentID: 1968)
Stoppé! C:Program FilesQualcomm AtherosACU.exe (ID: 1456 |ParentID: 1968)
Stoppé! C:Program FilesAviraAntiVir Desktopavfwsvc.exe (ID: 424 |ParentID: 380)
Stoppé! C:Program FilesHPHP UTbinhppusg.exe (ID: 1500 |ParentID: 1968)
Stoppé! C:WINDOWSsystem32wscript.exe (ID: 1632 |ParentID: 1968)
Stoppé! C:WINDOWSSystem32spoolDRIVERSW32X863CNAP2LAK.EXE (ID: 1612 |ParentID: 1968)
Stoppé! C:WINDOWSsystem32ctfmon.exe (ID: 2008 |ParentID: 1968)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 2040 |ParentID: 380)
Stoppé! C:Documents and SettingsAll Users.WINDOWSApplication DataDatacardServiceHWDeviceService.exe (ID: 1576 |ParentID: 380)
Stoppé! C:Program Filesma-config.comMaConfigAgent.exe (ID: 976 |ParentID: 380)
Stoppé! C:WINDOWSSystem32spoolDRIVERSW32X863CNAP2RPK.EXE (ID: 1560 |ParentID: 1612)
Stoppé! C:WINDOWSSystem32spoolDRIVERSW32X863CNABFSWK.EXE (ID: 1608 |ParentID: 1612)
Stoppé! C:Documents and SettingsAll Users.WINDOWSApplication DataModem HDM EC156OnlineUpdateouc.exe (ID: 2624 |ParentID: 728)
Stoppé! C:Program FilesAnalog DevicesSoundMAXSMAgent.exe (ID: 2776 |ParentID: 380)
Stoppé! C:Program FilesTuneUp Utilities 2014TuneUpUtilitiesService32.exe (ID: 3764 |ParentID: 380)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 3544 |ParentID: 2040)
Stoppé! C:Program FilesAviraAntiVir Desktopavmailc.exe (ID: 3612 |ParentID: 380)
Stoppé! C:Program FilesAviraAntiVir DesktopAVWEBGRD.EXE (ID: 1752 |ParentID: 380)
Stoppé! C:Program FilesTuneUp Utilities 2014TuneUpUtilitiesApp32.exe (ID: 2840 |ParentID: 3764)
Stoppé! C:WINDOWSsystem32wscntfy.exe (ID: 3844 |ParentID: 864)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 2224 |ParentID: 1968)
Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 2128 |ParentID: 2224)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IMJPMIG8.1] – “C:WINDOWSIMEimjp8_1IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
04 – HKLMSOFTWARE | Run : [PHIME2002ASync] – C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
04 – HKLMSOFTWARE | Run : [PHIME2002A] – C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [igfxtray] – C:WINDOWSsystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [igfxhkcmd] – C:WINDOWSsystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [igfxpers] – C:WINDOWSsystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Smapp] – C:Program FilesAnalog DevicesSoundMAXSMTray.exe
04 – HKLMSOFTWARE | Run : [DrvLsnr] – C:Program FilesAnalog DevicesSoundMAXDrvLsnr.exe
04 – HKLMSOFTWARE | Run : [ACU] – “C:Program FilesQualcomm AtherosACU.exe” -nogui
04 – HKLMSOFTWARE | Run : [HPUsageTracking] – C:Program FilesHPHP UTbinhppusg.exe “C:Program FilesHPHP UT”
04 – HKLMSOFTWARE | Run : [ymgvldrarx] – wscript.exe //B “C:DOCUME~1MehdiLOCALS~1Tempymgvldrarx.vbs”
04 – HKLMSOFTWARE | Run : [CNAP2 Launcher] – C:WINDOWSSystem32spoolDRIVERSW32X863CNAP2LAK.EXE
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-21-839522115-1364589140-1606980848-1003SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-21-839522115-1364589140-1606980848-1003SOFTWARE | Run : [ymgvldrarx] – wscript.exe //B “C:DOCUME~1MehdiLOCALS~1Tempymgvldrarx.vbs”
04 – HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Recherche générique |

Supprimé! C:Documents and SettingsMehdiApplication Datainst.exe
Supprimé! C:DOCUME~1MehdiLOCALS~1Tempymgvldrarx.vbs
Supprimé! C:Documents and SettingsMehdiMenu DémarrerProgrammesDémarrageymgvldrarx.vbs
Supprimé! G:ymgvldrarx.vbs
Supprimé! H:ymgvldrarx.vbs
Supprimé! G:WMPInfo.lnk
Supprimé! H:L’ignorance.lnk
Supprimé! C:WINDOWSsystem32install

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : B749E5001A51AA39309F59845FBCBFDA -> C:Documents and SettingsMehdiMenu DémarrerProgrammesDémarrageymgvldrarx.vbs
Md5 : B749E5001A51AA39309F59845FBCBFDA -> C:DOCUME~1MehdiLOCALS~1Tempymgvldrarx.vbs
Md5 : B749E5001A51AA39309F59845FBCBFDA -> G:ymgvldrarx.vbs
Md5 : B749E5001A51AA39309F59845FBCBFDA -> H:ymgvldrarx.vbs

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowRecentDocs -> 1
Supprimé! HKLMSoftwareymgvldrarx
Supprimé! HKUS-1-5-21-839522115-1364589140-1606980848-1003SoftwareMicrosoftWindowsCurrentVersionRun|ymgvldrarx
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|ymgvldrarx
Supprimé! HKUS-1-5-21-839522115-1364589140-1606980848-1003Software….Mountpoints2{25bd602e-a265-11df-a6d6-000e7f2c4b6a}
Supprimé! HKUS-1-5-21-839522115-1364589140-1606980848-1003Software….Mountpoints2{69de42d5-e888-11e2-9fb5-a4f4f6619d57}
Supprimé! HKUS-1-5-21-839522115-1364589140-1606980848-1003Software….Mountpoints2{b0b0fa40-dd70-11e2-8f80-000e7f2c4b6a}
Supprimé! HKUS-1-5-21-839522115-1364589140-1606980848-1003Software….Mountpoints2{efac6aea-eafb-11e2-9fca-000e7f2c4b6a}

################## | Listing |

[13/03/2011 – 21:12:58 | D ] C:3179b214e3bd51ff58eb
[10/11/2013 – 14:55:21 | D ] C:AdwCleaner
[07/08/2010 – 16:40:33 | N | 0] C:AUTOEXEC.BAT
[12/06/2012 – 07:16:23 | D ] C:Backup
[09/07/2013 – 11:01:09 | N | 212] C:boot.ini
[14/04/2008 – 12:00:00 | N | 4952] C:Bootfont.bin
[07/11/2013 – 14:59:37 | D ] C:Config.Msi
[07/08/2010 – 16:40:33 | N | 0] C:CONFIG.SYS
[28/07/2013 – 14:05:08 | D ] C:Documents and Settings
[08/08/2012 – 23:35:58 | D ] C:Documents+and+Settings
[31/08/2011 – 17:33:54 | D ] C:found.000
[15/05/2012 – 18:05:27 | D ] C:found.001
[07/08/2010 – 16:40:33 | N | 0] C:IO.SYS
[05/12/2010 – 18:55:34 | D ] C:language
[07/08/2010 – 16:40:33 | N | 0] C:MSDOS.SYS
[13/10/2011 – 11:33:39 | RHD ] C:MSOCache
[14/04/2008 – 12:00:00 | N | 47564] C:NTDETECT.COM
[14/04/2008 – 12:00:00 | N | 252240] C:ntldr
[10/11/2013 – 14:56:38 | ASH | 1598029824] C:pagefile.sys
[10/11/2013 – 14:55:19 | D ] C:Program Files
[28/08/2010 – 16:27:18 | D ] C:RDesc
[09/07/2013 – 11:19:13 | SHD ] C:RECYCLER
[05/12/2010 – 22:30:48 | D ] C:spoolerlogs
[07/05/2012 – 22:14:58 | D ] C:swsetup
[09/07/2013 – 11:10:51 | SHD ] C:System Volume Information
[09/11/2011 – 18:35:06 | D ] C:Temp
[10/11/2013 – 15:09:59 | D ] C:UsbFix
[10/11/2013 – 15:10:04 | A | 8853] C:UsbFix [Clean 2] MEHDI-99B6B5F06.txt
[10/11/2013 – 14:20:14 | N | 4018] C:UsbFix [Listing 1 ] MEHDI-99B6B5F06.txt
[10/11/2013 – 13:31:27 | N | 8267] C:UsbFix [Scan 1] MEHDI-99B6B5F06.txt
[10/11/2013 – 14:06:32 | N | 3848] C:UsbFix [Scan 2] MEHDI-99B6B5F06.txt
[10/11/2013 – 14:13:55 | N | 6595] C:UsbFix [Scan 3] MEHDI-99B6B5F06.txt
[10/11/2013 – 14:38:27 | N | 6192] C:UsbFix [Scan 4] MEHDI-99B6B5F06.txt
[10/11/2013 – 13:55:13 | D ] C:WINDOWS
[28/07/2011 – 18:55:33 | D ] C:WindowsSetting
[16/05/2011 – 16:36:53 | D ] C:WindowsUpdate
[19/07/2013 – 02:00:25 | D ] D:ac67e45ea7b9a5995e39d
[29/10/2013 – 22:31:01 | D ] D:Documents
[31/10/2013 – 19:28:23 | D ] D:found.000
[25/10/2013 – 23:50:28 | N | 270808] D:L’ignorance.ppsx
[25/10/2013 – 23:41:22 | N | 270975] D:L’ignorance.pptx
[05/11/2013 – 22:25:31 | D ] D:Ma musique
[10/11/2013 – 00:01:34 | D ] D:Mes videos
[09/07/2013 – 11:19:30 | SHD ] D:RECYCLER
[05/08/2013 – 15:11:47 | SHD ] D:System Volume Information
[25/10/2013 – 23:34:10 | RASH | 60416] D:Thumbs.db
[26/10/2013 – 20:57:16 | D ] G:Images
[26/10/2013 – 20:57:18 | D ] G:Videos
[26/10/2013 – 20:57:18 | D ] G:Sounds
[26/10/2013 – 20:57:18 | D ] G:Others
[07/11/2013 – 18:54:54 | N | 296] G:WMPInfo.xml
[26/10/2013 – 00:41:22 | N | 270975] H:L’ignorance.pptx
[26/10/2013 – 00:50:28 | N | 270808] H:L’ignorance.ppsx

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |