Répondre à : raccourcis sur dossiers et fichiers 2016-09-08T13:19:24+00:00
Photo du profil de dickodicko
Participant
Post count: 2

############################## | UsbFix V 7.147 | [Research]

User: Mr Dicko (Administrator) # FINBOG
Updated 30/10/2013 by El Desaparecido – Team SosVirus
Started at 16:51:18 | 19/11/2013

Website: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0U695R)
CPU: Intel Pentium III Xeon processor
RAM -> [Total : 3572 | Free : 1570]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Fixed drive # 88 Gb (30 Mb free – 34%) [] # NTFS
D: -> Fixed drive # 145 Gb (36 Mb free – 25%) [DATA] # NTFS
E: -> CD-ROM
F: -> Removable drive # 2 Gb (2 Mb free – 88%) [BACK DICKO] # FAT

################## | Reference of comparison MD5 |

Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
Md5 : DENIED -> C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe
Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> F:provide.vbe

################## | Active Processes |

C:WINDOWSSystem32smss.exe (ID: 888 |ParentID: 4)
C:WINDOWSsystem32winlogon.exe (ID: 992 |ParentID: 888)
C:WINDOWSsystem32services.exe (ID: 1036 |ParentID: 992)
C:WINDOWSsystem32lsass.exe (ID: 1048 |ParentID: 992)
C:WINDOWSsystem32svchost.exe (ID: 1200 |ParentID: 1036)
C:WINDOWSSystem32svchost.exe (ID: 1344 |ParentID: 1036)
C:WINDOWSSystem32WLTRYSVC.EXE (ID: 1772 |ParentID: 1036)
C:WINDOWSSystem32bcmwltry.exe (ID: 1784 |ParentID: 1772)
C:WINDOWSsystem32spoolsv.exe (ID: 1872 |ParentID: 1036)
c:program filesidtdellxpm09b_6159v043wdmstacsv.exe (ID: 1912 |ParentID: 1036)
C:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe (ID: 304 |ParentID: 1036)
C:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe (ID: 320 |ParentID: 1036)
C:SunSystems4UTILSsrvany.exe (ID: 680 |ParentID: 1036)
C:SunSystems4ServerCCITCP2.exe (ID: 700 |ParentID: 680)
d:LotusNotesSUService.exe (ID: 820 |ParentID: 1036)
d:LotusNotesnsd.exe (ID: 928 |ParentID: 1036)
C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe (ID: 1232 |ParentID: 1036)
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE (ID: 1364 |ParentID: 1036)
C:WINDOWSsystem32mfevtps.exe (ID: 1452 |ParentID: 1036)
c:mssql7binnsqlservr.exe (ID: 1540 |ParentID: 1036)
d:LotusNotesntmulti.exe (ID: 1596 |ParentID: 1036)
C:WINDOWSsystem32nvsvc32.exe (ID: 1656 |ParentID: 1036)
C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 1816 |ParentID: 1036)
C:SunSystems4UTILSsrvany.exe (ID: 2056 |ParentID: 1036)
C:WINDOWSsystem32svchost.exe (ID: 2076 |ParentID: 1036)
C:SunSystems4ServerSSMASTER.exe (ID: 2084 |ParentID: 2056)
C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 2152 |ParentID: 1036)
C:WINDOWSExplorer.EXE (ID: 2588 |ParentID: 2484)
C:WINDOWSsystem32WLTRAY.exe (ID: 3240 |ParentID: 2588)
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe (ID: 3268 |ParentID: 1036)
C:WINDOWSsystem32rundll32.exe (ID: 3272 |ParentID: 2588)
C:WINDOWSsystem32RUNDLL32.EXE (ID: 3280 |ParentID: 2588)
C:Program FilesIDTWDMsttray.exe (ID: 3308 |ParentID: 2588)
C:WINDOWSsystem32AESTFltr.exe (ID: 3376 |ParentID: 2588)
C:WINDOWSOA001Mon.exe (ID: 3396 |ParentID: 2588)
C:Program FilesMcAfeeCommon Frameworkudaterui.exe (ID: 3404 |ParentID: 2588)
C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe (ID: 3816 |ParentID: 2588)
C:Program FilesInternet Haut Débit MobileAutoDect.exe (ID: 3920 |ParentID: 2588)
C:Program FilesMcAfeeCommon FrameworkMcTray.exe (ID: 4032 |ParentID: 3404)
C:WINDOWSsystem32wscript.exe (ID: 2008 |ParentID: 2588)
C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe (ID: 228 |ParentID: 2588)
C:WINDOWSsystem32ctfmon.exe (ID: 264 |ParentID: 2588)
C:Program FilesSuperCopier2SuperCopier2.exe (ID: 288 |ParentID: 2588)
C:Program FilesSkypePhoneSkype.exe (ID: 364 |ParentID: 2588)
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 840 |ParentID: 2588)
C:mssql7Binnsqlmangr.exe (ID: 1744 |ParentID: 2588)
C:Program FilesWinZipWZQKPICK.EXE (ID: 2248 |ParentID: 2588)
C:Documents and SettingsMr DickoLocal SettingsApplication DataFacebookMessenger2.1.4814.0FacebookMessenger.exe (ID: 2468 |ParentID: 2588)
C:WINDOWSSystem32svchost.exe (ID: 1592 |ParentID: 1036)
D:lotusnotesNLNOTES.EXE (ID: 3188 |ParentID: 3012)
D:lotusnotesframeworkrcpeclipsepluginscom.ibm.rcp.base_6.2.3.20110915-1350win32x86notes2.exe (ID: 3084 |ParentID: 3992)
D:lotusnotesntaskldr.EXE (ID: 2988 |ParentID: 3188)
C:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (ID: 152 |ParentID: 2588)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 2044 |ParentID: 2588)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3388 |ParentID: 2044)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3304 |ParentID: 2044)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5472 |ParentID: 2044)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5548 |ParentID: 2044)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4300 |ParentID: 2044)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4748 |ParentID: 2044)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5092 |ParentID: 2044)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5352 |ParentID: 2044)
C:Program FilesInternet Exploreriexplore.exe (ID: 5628 |ParentID: 2588)
C:Program FilesInternet Exploreriexplore.exe (ID: 5764 |ParentID: 5628)
C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4936 |ParentID: 2044)
D:lotusnotesframeworkrcpeclipsepluginscom.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350oswin32x86IEOOP.exe (ID: 5620 |ParentID: 1200)
C:UsbFixGo.exe (ID: 6512 |ParentID: 3512)

################## | Regedit Run |

HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:WINDOWSsystem32WLTRAY.exe
HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
HKLMSOFTWARE | Run : [nwiz] – nwiz.exe /installquiet
HKLMSOFTWARE | Run : [NVHotkey] – rundll32.exe nvHotkey.dll,Start
HKLMSOFTWARE | Run : [NvMediaCenter] – RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
HKLMSOFTWARE | Run : [AESTFltr] – %SystemRoot%system32AESTFltr.exe /NoDlg
HKLMSOFTWARE | Run : [OA001Mon] – C:WINDOWSOA001Mon.exe
HKLMSOFTWARE | Run : [McAfeeUpdaterUI] – “C:Program FilesMcAfeeCommon Frameworkudaterui.exe” /StartedFromRunKey
HKLMSOFTWARE | Run : [ShStatEXE] – “C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE” /STANDALONE
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [My Web Search Bar Search Scope Monitor] – “C:PROGRA~1MYWEBS~1bar1.binm3SrchMn.exe” /m=2 /w /h
HKLMSOFTWARE | Run : [MyWebSearch Email Plugin] – C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
HKLMSOFTWARE | Run : [autodetect] – C:Program FilesInternet Haut Débit MobileAutoDect.exe
HKLMSOFTWARE | Run : [provide] – wscript.exe //B “C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [SRS Premium Sound] – “C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe” /hideme
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [ctfmon.exe] – C:WINDOWSsystem32ctfmon.exe
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [SuperCopier2.exe] – C:Program FilesSuperCopier2SuperCopier2.exe
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [MyWebSearch Email Plugin] – C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Facebook Update] – “C:Documents and SettingsMr DickoLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Badoo Desktop] – C:Documents and SettingsAll UsersApplication DataBadooBadoo Desktop1.6.55.1183Badoo.Desktop.exe
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Google Update] – “C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [provide] – wscript.exe //B “C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe”

################## | Generic Research |

Found ! F:provide.vbe
Found ! C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe
Found ! C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
Found ! F:~$JV JUILET 623-633.lnk
Found ! F:~$PC14.lnk
Found ! F:BMW.lnk
Found ! F:SVJETLA.lnk
Found ! F:~$CV SEPTEMBRE (51-104).lnk
Found ! F:CV SEPTEMBRE (51-104).lnk
Found ! F:~$PC 13.lnk
Found ! F:~$PC 24.lnk
Found ! F:~$JV 319-320 MARS.lnk
Found ! F:PC 24.lnk
Found ! F:~$PC ALEG.lnk
Found ! F:~$COMPLEMENT JV MARS.lnk
Found ! F:~$JV 321 MARS.lnk
Found ! F:~$Bank Reconciliation Base Boghe JUIN 13.lnk
Found ! F:PC ALEG.lnk
Found ! F:~$CPLT JV MARS BASE.lnk
Found ! F:CV 175.lnk
Found ! F:~$M197680 LEAP Budget Food Securite Resilience FY’13 New .lnk
Found ! F:~$DV SEPT BASE.lnk
Found ! F:PC 06 ALEG.lnk
Found ! F:JV SEPT 13 BASE.lnk
Found ! F:~$CV 175.lnk
Found ! F:~$M184139 Combined Core & Logframe Rep SEPT 12.lnk
Found ! F:CV SEPTEMBRE 180-196.lnk
Found ! F:~$PC 20 BASE ET PC 04 ALEG.lnk
Found ! F:CV SEMPTEMBRE FY 13 (1-50).lnk
Found ! F:~$FY14 Budget for Strategy Management Advisor.lnk
Found ! F:~$cv septembre (105-151).lnk
Found ! F:~$COMPLET CV JUILLET FY13.lnk
Found ! F:cv septembre (105-151).lnk
Found ! F:~$cv septembre (154-179).lnk
Found ! F:cv septembre (154-179).lnk
Found ! F:~$COMPLT JV SEPT BASE.lnk
Found ! F:~$CV SALAIRE SEPT FY13.lnk
Found ! F:~$JV APRIL 2013.lnk
Found ! F:~$CPLT JV BASE.lnk
Found ! F:CV SALAIRE SEPT FY13.lnk
Found ! F:~$Bank Reconciliation Base Boghe AOUT 13.lnk
Found ! F:Bank Reconciliation Base Boghe AOUT 13.lnk
Found ! F:~$DV SEPT 13.lnk
Found ! F:DV SEPT 13.lnk
Found ! F:~$Consolidated Aging Analysis SEPT 13 (1).lnk
Found ! F:Consolidated Aging Analysis SEPT 13 (1).lnk
Found ! F:~$CPLT JV CLOTURE.lnk
Found ! F:CASH TRANSF.lnk
Found ! F:~$JV CLOTUR.lnk
Found ! F:JV SAL AOUT-SEPT 13.lnk
Found ! F:Scan_Pic0026.lnk
Found ! F:JV CLOTURE.lnk
Found ! F:JVB A FAIRE SEPT 13.lnk
Found ! F:VIREMENT BOGHE SEPT.lnk
Found ! F:VIREMENT BOGHE SEPT 2013 BNM NKTT FY13 – Copie – Copie.lnk
Found ! F:~$Bank Reconciliation Base Boghe SEPT 13.lnk
Found ! F:Bank Reconciliation Base Boghe SEPT 13 Draft.lnk
Found ! F:Perf Eval Dicko Seidine FY’13.lnk
Found ! F:FORM Fixed Asset Compte 811 Dar El Barka FY.lnk
Found ! F:ACPT LISTING FIXED ASSETS OCT- SEPT 13.lnk
Found ! F:~$FORM Fixed Asset Compte 811.lnk
Found ! F:FORM Fixed Asset Compte 811.lnk
Found ! F:FORM Fixed Asset Compte 812 .lnk
Found ! F:FORM Fixed Asset Compte 811 BABABE FY.lnk
Found ! F:DOC FINANCE FY’13.lnk
Found ! F:FOUND.001.lnk
Found ! F:FOUND.002.lnk
Found ! F:FOUND.000.lnk
Found ! F:Villa ousmane.lnk
Found ! F:Fixed Asset.lnk
Found ! F:DOC STAGIAIRE FIANCE.lnk
Found ! F:LDR BRAHIM NDAO.lnk
Found ! F:LDR Send by IDY.lnk
Found ! F:DIK DOC.lnk
Found ! F:Autorun.inf.lnk
Found ! C:DOCUME~1MRDICK~1LOCALS~1TempNEW25.tmp.exe

################## | Comparison MD5 |

Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:Documents and SettingsMr DickoLocal SettingsTempprovide.vbe
Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> F:provide.vbe

################## | Registry |

Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide

################## | Vaccin |

F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |