yannick
Nombre d'articles : 0

############################## | UsbFix V 7.155 | [Deletion]

User: hp (Administrator) # PC-HP
Updated 16/12/2013 by El Desaparecido – Team SosVirus
Started at 13:13:26 | 31/12/2013

Website : http://www.en.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.en.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Flextronics (3054)
CPU: AMD Athlon(tm) Neo Processor MV-40
RAM -> [Total : 1917 | Free : 721]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Fixed drive # 139 Gb (10 Mb free – 7%) [] # NTFS
D: -> Fixed drive # 10 Gb (2 Mb free – 17%) [RECOVERY] # NTFS
F: -> Removable drive # 2 Gb (2 Mb free – 89%) [TALITSKY] # FAT

################## | Stopped processes |

Stopped! C:Windowssystem32Ati2evxx.exe (ID: 1104 |ParentID: 672)
Stopped! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_827e372dSTacSV.exe (ID: 1204 |ParentID: 672)
Stopped! C:Windowssystem32SLsvc.exe (ID: 1360 |ParentID: 672)
Stopped! C:Windowssystem32Hpservice.exe (ID: 1516 |ParentID: 672)
Stopped! C:Windowssystem32WLANExt.exe (ID: 1764 |ParentID: 1156)
Stopped! C:Windowssystem32Ati2evxx.exe (ID: 1788 |ParentID: 1104)
Stopped! C:WindowsExplorer.EXE (ID: 1920 |ParentID: 1852)
Stopped! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1960 |ParentID: 672)
Stopped! C:WindowsSystem32spoolsv.exe (ID: 496 |ParentID: 672)
Stopped! C:Windowssystem32taskeng.exe (ID: 600 |ParentID: 1172)
Stopped! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 2296 |ParentID: 672)
Stopped! C:Program FilesRealNetworksRealDownloaderrndlresolversvc.exe (ID: 2492 |ParentID: 672)
Stopped! C:Program FilesSMINSTBLService.exe (ID: 2584 |ParentID: 672)
Stopped! C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 2624 |ParentID: 672)
Stopped! C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe (ID: 2728 |ParentID: 672)
Stopped! C:Program FilesHewlett-PackardMediaTVKernelTVTVSched.exe (ID: 2764 |ParentID: 672)
Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2836 |ParentID: 672)
Stopped! C:Windowssystem32SearchIndexer.exe (ID: 2892 |ParentID: 672)
Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3000 |ParentID: 2836)
Stopped! C:Program FilesApoint2KApoint.exe (ID: 3324 |ParentID: 1920)
Stopped! C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe (ID: 3356 |ParentID: 1920)
Stopped! C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe (ID: 3388 |ParentID: 1920)
Stopped! C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe (ID: 3396 |ParentID: 1920)
Stopped! C:Program FilesWindows DefenderMSASCui.exe (ID: 3424 |ParentID: 1920)
Stopped! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3432 |ParentID: 1920)
Stopped! C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 3484 |ParentID: 1920)
Stopped! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3492 |ParentID: 1920)
Stopped! C:Program FilesHewlett-PackardMediaTVTVAgent.exe (ID: 3504 |ParentID: 1920)
Stopped! C:Program FilesRealRealPlayerUpdaterealsched.exe (ID: 3556 |ParentID: 1920)
Stopped! C:Program FilesIDTWDMsttray.exe (ID: 3576 |ParentID: 1920)
Stopped! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3584 |ParentID: 1920)
Stopped! C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 3616 |ParentID: 1920)
Stopped! C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe (ID: 3636 |ParentID: 1920)
Stopped! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3660 |ParentID: 1920)
Stopped! C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3876 |ParentID: 3292)
Stopped! C:Program FilesApoint2KApntex.exe (ID: 2376 |ParentID: 1112)
Stopped! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 3316 |ParentID: 672)
Stopped! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 3224 |ParentID: 672)
Stopped! C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3904 |ParentID: 3876)
Stopped! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 2996 |ParentID: 672)
Stopped! C:Windowssystem32taskeng.exe (ID: 3712 |ParentID: 1172)
Stopped! C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 2920 |ParentID: 856)
Stopped! C:Program FilesMozilla Firefoxfirefox.exe (ID: 4840 |ParentID: 1920)
Stopped! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4892 |ParentID: 672)
Stopped! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 4780 |ParentID: 4840)
Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 4680 |ParentID: 4780)
Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 4080 |ParentID: 4680)
Stopped! C:WindowsSystem32WUDFHost.exe (ID: 6064 |ParentID: 1156)
Stopped! C:WindowsSystem32mobsync.exe (ID: 2372 |ParentID: 856)
Stopped! C:Program FilesWindows Media Playerwmplayer.exe (ID: 1976 |ParentID: 2372)
Stopped! C:WindowsSystem32WUDFHost.exe (ID: 3748 |ParentID: 1156)
Stopped! C:Windowssystem32conime.exe (ID: 4112 |ParentID: 4184)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
04 – HKLMSOFTWARE | Run : [TSMAgent] – “C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe”
04 – HKLMSOFTWARE | Run : [CLMLServer for HP TouchSmart] – “C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe”
04 – HKLMSOFTWARE | Run : [SmartMenu] – %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [TVAgent] – “C:Program FilesHewlett-PackardMediaTVTVAgent.exe”
04 – HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program filesrealrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Rainlendar2] – C:Program FilesRainlendar2Rainlendar2.exe
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Power2GoExpress] –
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Google Update] – “C:UsershpAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [SergeLeLama] – wscript.exe //B “C:UsershpAppDataLocalTempSergeLeLama.vbs”
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [RoboForm] – “C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe”

################## | Generic Research |

Deleted ! C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Deleted ! C:UsershpAppDataLocalTempSergeLeLama.vbs
Deleted ! F:SergeLeLama.vbs
Deleted ! D:New Folder.lnk
Deleted ! D:Passwords.lnk
Deleted ! D:Documents.lnk
Deleted ! D:Pictures.lnk
Deleted ! D:Music.lnk
Deleted ! D:Video.lnk
Deleted ! F:Licence.lnk
Deleted ! F:Licence-4.lnk
Deleted ! F:Expression.lnk
Deleted ! F:Licence-1.lnk
Deleted ! F:Licence-2.lnk
Deleted ! F:Licence-3.lnk
Deleted ! F:Sujet 5.lnk
Deleted ! F:Mapa espana 1400.lnk
Deleted ! F:.Trash-1001.lnk
Deleted ! F:Sequia en Lorca.lnk
Deleted ! F:formulaire_prelevementsoppositionrevocation.lnk
Deleted ! F:autorun.inf.lnk
Deleted ! D:qlvois.exe

################## | Reference of comparison MD5 |

Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataLocalTempSergeLeLama.vbs
Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> F:SergeLeLama.vbs

################## | Comparison MD5 |

Deleted ! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> F:.Trash-1001filesSergeLeLama.vbs

################## | Registry |

Deleted ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
Deleted ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000Software….Mountpoints2{37f7e0a8-5cb6-11de-8764-0021cc37bac4}
Deleted ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000Software….Mountpoints2{561b3af1-a03c-11de-8a7c-0021cc37bac4}

################## | Listing |

[09/05/2013 – 22:27:14 | N | 1 Ko] – C:DelFix.txt
[23/12/2013 – 18:21:52 | N | 13 Ko] – C:UsbFix [Scan 1] PC-HP.txt
[31/12/2013 – 13:21:06 | A | 11 Ko] – C:UsbFix [Clean 1] PC-HP.txt
[31/12/2013 – 12:26:07 | ASH | 2270464 Ko] – C:pagefile.sys
[13/05/2009 – 11:55:28 | D] – C:System.sav
[13/05/2009 – 15:55:43 | SD] – C:$RECYCLE.BIN
[09/05/2013 – 20:48:48 | A | 0 Ko] – C:autoexec.bat
[02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
[21/01/2008 – 03:43:50 | D] – C:PerfLogs
[11/04/2009 – 07:36:36 | RAS | 325 Ko] – C:bootmgr
[13/05/2009 – 11:52:43 | D] – C:Programmi
[13/05/2009 – 11:53:06 | D] – C:Users
[20/08/2009 – 19:19:05 | SHD] – C:boot
[23/11/2009 – 07:47:02 | D] – C:HP
[10/01/2010 – 01:35:36 | D] – C:My Music
[29/12/2011 – 23:21:48 | D] – C:Manual-PCProgram
[27/06/2013 – 12:49:45 | N | 0 Ko] – C:END
[05/10/2013 – 08:33:46 | D] – C:SwSetup
[21/12/2013 – 23:20:15 | D] – C:Program Files
[23/12/2013 – 11:20:47 | D] – C:Windows
[25/12/2013 – 11:32:01 | SD] – C:System Volume Information
[31/12/2013 – 12:27:19 | HD] – C:ProgramData
[31/12/2013 – 13:04:23 | D] – C:Temp
[31/12/2013 – 13:20:55 | D] – C:UsbFix
[12/08/2003 – 09:37:30 | S | 178 Ko] – D:protect.turkish
[10/09/2002 – 13:15:06 | S | 177 Ko] – D:protect.swedish
[03/11/2005 – 14:11:46 | S | 177 Ko] – D:protect.spanish
[04/07/2007 – 10:46:44 | S | 178 Ko] – D:protect.slovak
[28/06/2004 – 07:52:46 | S | 207 Ko] – D:protect.russian
[15/09/2008 – 14:57:54 | S | 177 Ko] – D:protect.romanian
[13/05/2009 – 11:54:07 | N | 0 Ko] – D:BLOCK.RIN
[27/10/2005 – 18:24:10 | S | 178 Ko] – D:protect.portuguese brazilian
[03/11/2005 – 14:13:12 | S | 177 Ko] – D:protect.portuguese
[25/04/2006 – 13:44:10 | S | 178 Ko] – D:protect.polish
[03/11/2005 – 14:15:12 | S | 177 Ko] – D:protect.norwegian
[31/12/2013 – 12:26:51 | N | 0 Ko] – D:MASTER.LOG
[24/11/2005 – 10:24:44 | S | 213 Ko] – D:protect.korean
[19/06/2007 – 14:22:10 | S | 178 Ko] – D:protect.japanese
[03/11/2005 – 14:17:00 | S | 177 Ko] – D:protect.italian
[04/11/2008 – 16:37:42 | SH | 1 Ko] – D:Desktop.ini
[23/12/2013 – 18:21:52 | RASHD] – D:Autorun.inf
[28/08/2007 – 13:58:08 | N | 177 Ko] – D:protect.hungarian
[10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
[23/01/2006 – 08:18:00 | S | 178 Ko] – D:protect.hebrew
[23/11/2005 – 14:56:46 | S | 178 Ko] – D:protect.greek
[03/11/2005 – 14:18:10 | S | 177 Ko] – D:protect.german
[03/11/2005 – 14:19:52 | S | 177 Ko] – D:protect.french
[03/11/2005 – 14:20:20 | S | 177 Ko] – D:protect.finnish
[22/11/2004 – 14:28:30 | S | 177 Ko] – D:protect.english
[10/09/2002 – 12:50:18 | S | 177 Ko] – D:protect.ed
[10/09/2002 – 12:56:12 | S | 177 Ko] – D:protect.dutch
[03/11/2005 – 14:21:26 | S | 177 Ko] – D:protect.danish
[27/04/2006 – 15:19:40 | S | 178 Ko] – D:protect.czech
[16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese traditional
[16/09/2002 – 13:37:40 | S | 178 Ko] – D:protect.chinese simplified
[16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese hong kong
[15/09/2008 – 14:57:58 | S | 178 Ko] – D:protect.bulgarian
[13/05/2009 – 15:55:43 | SD] – D:$RECYCLE.BIN
[12/09/2008 – 16:17:38 | S | 373 Ko] – D:protect.arabic
[03/10/2006 – 22:02:44 | S | 428 Ko] – D:bootmgr
[29/03/2009 – 20:49:13 | RD] – D:RECOVERY
[29/03/2009 – 20:49:14 | RSHD] – D:boot
[29/03/2009 – 20:49:22 | D] – D:WINDOWS
[29/03/2009 – 20:49:22 | RSHD] – D:SOURCES
[29/03/2009 – 20:49:23 | RSHD] – D:PRELOAD
[29/03/2009 – 20:49:37 | D] – D:Tools
[29/03/2009 – 20:49:38 | D] – D:HP
[15/06/2009 – 17:22:27 | SD] – D:System Volume Information
[18/11/2013 – 17:23:16 | N | 69718 Ko] – F:Sujet 5.VOB
[17/12/2013 – 09:19:56 | D] – F:.Trash-1001
[14/12/2013 – 22:16:26 | N | 1262 Ko] – F:Mapa espana 1400.pdf
[16/12/2013 – 09:10:54 | N | 74 Ko] – F:Licence-4.pdf
[16/12/2013 – 09:11:56 | N | 84 Ko] – F:Licence.pdf
[16/12/2013 – 09:12:40 | N | 86 Ko] – F:Expression.pdf
[16/12/2013 – 09:13:10 | N | 71 Ko] – F:Licence-1.pdf
[16/12/2013 – 09:13:42 | N | 91 Ko] – F:Licence-2.pdf
[16/12/2013 – 09:14:06 | N | 84 Ko] – F:Licence-3.pdf
[17/12/2013 – 21:01:08 | N | 40 Ko] – F:formulaire_prelevementsoppositionrevocation.pdf
[17/12/2013 – 12:23:52 | N | 21 Ko] – F:Sequia en Lorca.odt
[23/12/2013 – 18:33:48 | SHD] – F:autorun.inf

################## | Vaccin |

D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |