yannick
Nombre d'articles : 0

############################## | UsbFix V 7.155 | [Deletion]

User: hp (Administrator) # PC-HP
Updated 16/12/2013 by El Desaparecido – Team SosVirus
Started at 15:35:41 | 31/12/2013

Website : http://www.en.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.en.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Flextronics (3054)
CPU: AMD Athlon(tm) Neo Processor MV-40
RAM -> [Total : 1917 | Free : 770]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Fixed drive # 139 Gb (10 Mb free – 7%) [] # NTFS
D: -> Fixed drive # 10 Gb (2 Mb free – 17%) [RECOVERY] # NTFS
G: -> Fixed drive # 466 Gb (115 Mb free – 25%) [MEMORIA] # NTFS

################## | Stopped processes |

Stopped! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1960 |ParentID: 672)
Stopped! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3584 |ParentID: 1920)
Stopped! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 5532 |ParentID: 672)
Stopped! C:WindowsSystem32WUDFHost.exe (ID: 5604 |ParentID: 1156)
Stopped! C:WindowsSystem32rundll32.exe (ID: 1564 |ParentID: 856)
Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 5684 |ParentID: 672)
Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2988 |ParentID: 5684)
Stopped! C:Windowssystem32SearchIndexer.exe (ID: 4772 |ParentID: 672)
Stopped! C:Windowssystem32taskeng.exe (ID: 5600 |ParentID: 1172)
Stopped! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4336 |ParentID: 672)
Stopped! C:Windowssystem32taskeng.exe (ID: 1020 |ParentID: 1172)
Stopped! C:WindowsSystem32spoolsv.exe (ID: 2024 |ParentID: 672)
Stopped! C:Windowssystem32SLsvc.exe (ID: 1972 |ParentID: 672)
Stopped! C:WindowsSystem32rundll32.exe (ID: 4152 |ParentID: 856)
Stopped! C:WindowsExplorer.exe (ID: 5968 |ParentID: 4508)
Stopped! C:Program FilesMozilla Firefoxfirefox.exe (ID: 1804 |ParentID: 5968)
Stopped! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 4916 |ParentID: 1804)
Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 152 |ParentID: 4916)
Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 3240 |ParentID: 152)
Stopped! C:Program FilesAresAres.exe (ID: 4648 |ParentID: 5968)
Stopped! C:WindowsSystem32mobsync.exe (ID: 4368 |ParentID: 856)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
04 – HKLMSOFTWARE | Run : [TSMAgent] – “C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe”
04 – HKLMSOFTWARE | Run : [CLMLServer for HP TouchSmart] – “C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe”
04 – HKLMSOFTWARE | Run : [SmartMenu] – %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [TVAgent] – “C:Program FilesHewlett-PackardMediaTVTVAgent.exe”
04 – HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program filesrealrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Rainlendar2] – C:Program FilesRainlendar2Rainlendar2.exe
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Power2GoExpress] –
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Google Update] – “C:UsershpAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [RoboForm] – “C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe”

################## | Generic Research |

Deleted ! E:setup.exe
Deleted ! E:qlvois.exe

################## | Registry |

################## | Listing |

[09/05/2013 – 22:27:14 | N | 1 Ko] – C:DelFix.txt
[23/12/2013 – 18:21:52 | N | 13 Ko] – C:UsbFix [Scan 1] PC-HP.txt
[31/12/2013 – 13:21:07 | N | 15 Ko] – C:UsbFix [Clean 1] PC-HP.txt
[31/12/2013 – 15:37:18 | A | 6 Ko] – C:UsbFix [Clean 2] PC-HP.txt
[31/12/2013 – 12:26:07 | ASH | 2270464 Ko] – C:pagefile.sys
[13/05/2009 – 11:55:28 | D] – C:System.sav
[13/05/2009 – 15:55:43 | SD] – C:$RECYCLE.BIN
[09/05/2013 – 20:48:48 | A | 0 Ko] – C:autoexec.bat
[02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
[21/01/2008 – 03:43:50 | D] – C:PerfLogs
[11/04/2009 – 07:36:36 | RAS | 325 Ko] – C:bootmgr
[13/05/2009 – 11:52:43 | D] – C:Programmi
[13/05/2009 – 11:53:06 | D] – C:Users
[20/08/2009 – 19:19:05 | SHD] – C:boot
[23/11/2009 – 07:47:02 | D] – C:HP
[10/01/2010 – 01:35:36 | D] – C:My Music
[29/12/2011 – 23:21:48 | D] – C:Manual-PCProgram
[27/06/2013 – 12:49:45 | N | 0 Ko] – C:END
[05/10/2013 – 08:33:46 | D] – C:SwSetup
[21/12/2013 – 23:20:15 | D] – C:Program Files
[23/12/2013 – 11:20:47 | D] – C:Windows
[25/12/2013 – 11:32:01 | SD] – C:System Volume Information
[31/12/2013 – 12:27:19 | HD] – C:ProgramData
[31/12/2013 – 13:04:23 | D] – C:Temp
[31/12/2013 – 15:35:45 | D] – C:UsbFix
[12/08/2003 – 09:37:30 | S | 178 Ko] – D:protect.turkish
[10/09/2002 – 13:15:06 | S | 177 Ko] – D:protect.swedish
[03/11/2005 – 14:11:46 | S | 177 Ko] – D:protect.spanish
[04/07/2007 – 10:46:44 | S | 178 Ko] – D:protect.slovak
[28/06/2004 – 07:52:46 | S | 207 Ko] – D:protect.russian
[15/09/2008 – 14:57:54 | S | 177 Ko] – D:protect.romanian
[13/05/2009 – 11:54:07 | N | 0 Ko] – D:BLOCK.RIN
[27/10/2005 – 18:24:10 | S | 178 Ko] – D:protect.portuguese brazilian
[03/11/2005 – 14:13:12 | S | 177 Ko] – D:protect.portuguese
[25/04/2006 – 13:44:10 | S | 178 Ko] – D:protect.polish
[03/11/2005 – 14:15:12 | S | 177 Ko] – D:protect.norwegian
[31/12/2013 – 12:26:51 | N | 0 Ko] – D:MASTER.LOG
[24/11/2005 – 10:24:44 | S | 213 Ko] – D:protect.korean
[19/06/2007 – 14:22:10 | S | 178 Ko] – D:protect.japanese
[03/11/2005 – 14:17:00 | S | 177 Ko] – D:protect.italian
[04/11/2008 – 16:37:42 | SH | 1 Ko] – D:Desktop.ini
[31/12/2013 – 13:21:06 | RASHD] – D:Autorun.inf
[28/08/2007 – 13:58:08 | N | 177 Ko] – D:protect.hungarian
[10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
[23/01/2006 – 08:18:00 | S | 178 Ko] – D:protect.hebrew
[23/11/2005 – 14:56:46 | S | 178 Ko] – D:protect.greek
[03/11/2005 – 14:18:10 | S | 177 Ko] – D:protect.german
[03/11/2005 – 14:19:52 | S | 177 Ko] – D:protect.french
[03/11/2005 – 14:20:20 | S | 177 Ko] – D:protect.finnish
[22/11/2004 – 14:28:30 | S | 177 Ko] – D:protect.english
[10/09/2002 – 12:50:18 | S | 177 Ko] – D:protect.ed
[10/09/2002 – 12:56:12 | S | 177 Ko] – D:protect.dutch
[03/11/2005 – 14:21:26 | S | 177 Ko] – D:protect.danish
[27/04/2006 – 15:19:40 | S | 178 Ko] – D:protect.czech
[16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese traditional
[16/09/2002 – 13:37:40 | S | 178 Ko] – D:protect.chinese simplified
[16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese hong kong
[15/09/2008 – 14:57:58 | S | 178 Ko] – D:protect.bulgarian
[13/05/2009 – 15:55:43 | SD] – D:$RECYCLE.BIN
[12/09/2008 – 16:17:38 | S | 373 Ko] – D:protect.arabic
[03/10/2006 – 22:02:44 | S | 428 Ko] – D:bootmgr
[29/03/2009 – 20:49:13 | RD] – D:RECOVERY
[29/03/2009 – 20:49:14 | RSHD] – D:boot
[29/03/2009 – 20:49:22 | D] – D:WINDOWS
[29/03/2009 – 20:49:22 | RSHD] – D:SOURCES
[29/03/2009 – 20:49:23 | RSHD] – D:PRELOAD
[29/03/2009 – 20:49:37 | D] – D:Tools
[29/03/2009 – 20:49:38 | D] – D:HP
[15/06/2009 – 17:22:27 | SD] – D:System Volume Information
[07/11/2008 – 14:56:34 | N | 42 Ko] – E:wdinstaller.xml
[06/11/2008 – 15:49:04 | N | 0 Ko] – E:Install.ini
[23/12/2013 – 18:21:54 | RASHD] – E:Autorun.inf
[24/04/2004 – 11:38:56 | N | 37 Ko | D7AA80A5EF4FB2B7AD6EFC3CDAD677F3] – E:JSTART.exe
[08/02/2008 – 12:44:38 | N | 4467 Ko | BE2C2100D62C8AF2EF7FFE02A3E29E79] – E:WDSync.exe
[25/11/2008 – 11:03:44 | N | 2271 Ko | 4668661CDA9B43334BE7E171833E323D] – E:WDSetup.exe
[06/09/2009 – 11:41:42 | SHD] – E:$RECYCLE.BIN
[08/12/2008 – 10:18:56 | D] – E:WD_Windows_Tools
[08/12/2008 – 10:19:32 | D] – E:Documentation
[08/12/2008 – 10:19:36 | D] – E:autorun
[08/05/2009 – 20:33:26 | D] – E:Teat la cour
[24/07/2009 – 13:41:50 | D] – E:Film
[25/08/2009 – 19:16:34 | D] – E:Anime
[04/09/2009 – 08:43:38 | SHD] – E:System Volume Information
[24/01/2010 – 13:50:18 | D] – E:Musik
[03/03/2011 – 12:23:00 | D] – E:RENZO
[03/03/2011 – 15:02:46 | D] – E:Recycled
[23/03/2011 – 00:17:32 | D] – E:Music
[23/12/2013 – 18:21:52 | RASHD] – G:Autorun.inf
[21/03/2008 – 08:41:00 | N | 70 Ko] – G:Maxtor_Desktop.ico
[26/08/2008 – 17:14:53 | N | 52 Ko] – G:DIPLOMES_FRANCAIS.doc
[29/10/2008 – 15:58:49 | N | 72 Ko] – G:curriculum.doc
[29/05/2008 – 18:52:08 | N | 1 Ko] – G:MediaID.bin
[03/01/2012 – 20:11:24 | SHD] – G:$RECYCLE.BIN
[29/05/2008 – 18:57:12 | D] – G:PC-DE-YAYA
[14/03/2009 – 20:18:43 | D] – G:288ff452cfd6c937eb
[14/03/2009 – 20:18:46 | D] – G:22fd487b6db0e4b46b208e
[14/03/2009 – 20:37:22 | D] – G:2a34052de12fc87a507279
[15/03/2009 – 13:52:42 | D] – G:ed49e0da6139981615a5f5612e12
[15/03/2009 – 13:53:43 | D] – G:bf35e38fbce6f8cd9ccebf3bdb2a478a
[15/03/2009 – 13:54:40 | D] – G:8230c3a40b4c1a0f532694
[25/08/2009 – 04:51:38 | SHD] – G:System Volume Information
[26/08/2009 – 09:54:10 | SHD] – G:RECYCLER
[11/09/2009 – 12:43:03 | D] – G:Fotitos
[28/03/2011 – 20:21:12 | D] – G:Document
[28/03/2011 – 20:22:24 | D] – G:Nueva carpeta
[30/03/2011 – 07:40:01 | D] – G:JAZZ-SOUL-FUNK08
[30/03/2011 – 07:40:08 | D] – G:musica
[30/03/2011 – 07:44:31 | D] – G:JAZZ-SOUL-FUNK 07
[19/06/2011 – 02:01:43 | D] – G:6bbd16f0c5d17c516c84f367
[19/06/2011 – 02:45:02 | D] – G:4c98817715a0b192f6297a2212
[03/01/2012 – 22:37:57 | D] – G:Immagini Pauline
[03/01/2012 – 23:51:33 | D] – G:Documents
[15/01/2012 – 12:31:06 | D] – G:Videos
[08/09/2012 – 23:55:23 | D] – G:Music

################## | Vaccin |

D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |