Répondre à : virus/ securité 2016-09-08T13:27:22+00:00
djomlo
Participant
Post count: 1

############################## | UsbFix V 7.156 | [Recherche]

Utilisateur: FONDATION MTNCI (Administrateur) # PC-CMAT-4
Mis à jour le 27/12/2013 par El Desaparecido – Team SosVirus
Lancé à 16:58:11 | 30/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Foxconn (2ABF)
CPU: Intel(R) Pentium(R) CPU G640 @ 2.80GHz
RAM -> [Total : 1920 | Free : 1018]
Bios: AMI
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 466 Go (434 Go libre(s) – 93%) [] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 4 Go (4 Go libre(s) – 99%) [VKONAN] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 348 |ParentID: 328)
C:Windowssystem32wininit.exe (ID: 400 |ParentID: 328)
C:Windowssystem32csrss.exe (ID: 408 |ParentID: 392)
C:Windowssystem32services.exe (ID: 456 |ParentID: 400)
C:Windowssystem32lsass.exe (ID: 472 |ParentID: 400)
C:Windowssystem32lsm.exe (ID: 480 |ParentID: 400)
C:Windowssystem32winlogon.exe (ID: 536 |ParentID: 392)
C:Windowssystem32svchost.exe (ID: 624 |ParentID: 456)
C:Windowssystem32svchost.exe (ID: 700 |ParentID: 456)
C:WindowsSystem32svchost.exe (ID: 748 |ParentID: 456)
C:WindowsSystem32svchost.exe (ID: 828 |ParentID: 456)
C:Windowssystem32svchost.exe (ID: 872 |ParentID: 456)
C:Windowssystem32svchost.exe (ID: 896 |ParentID: 456)
C:Windowssystem32svchost.exe (ID: 1124 |ParentID: 456)
C:WindowsSystem32spoolsv.exe (ID: 1264 |ParentID: 456)
C:Windowssystem32svchost.exe (ID: 1296 |ParentID: 456)
C:PROGRA~1GAMING~2bar1.bingtbarsvc.exe (ID: 1424 |ParentID: 456)
C:Windowssystem32taskhost.exe (ID: 1480 |ParentID: 456)
C:Program FilesHewlett-PackardSharedHPDrvMntSvc.exe (ID: 1548 |ParentID: 456)
C:Program FilesLanSchoolStudent.exe (ID: 1572 |ParentID: 456)
C:Windowssystem32Dwm.exe (ID: 1608 |ParentID: 828)
C:PROGRA~1RADIOR~2bar1.bin4jbarsvc.exe (ID: 1644 |ParentID: 456)
C:Windowssystem32svchost.exe (ID: 1672 |ParentID: 456)
C:WindowsExplorer.EXE (ID: 1704 |ParentID: 1588)
C:WindowsSystem32WUDFHost.exe (ID: 1112 |ParentID: 828)
C:Program FilesLanSchoolStudent.exe (ID: 1696 |ParentID: 1572)
C:WindowsSystem32hkcmd.exe (ID: 2080 |ParentID: 1704)
C:WindowsSystem32igfxpers.exe (ID: 2088 |ParentID: 1704)
C:Program FilesGamingWonderlandbar1.bingtSrchMn.exe (ID: 2112 |ParentID: 1704)
C:Program FilesGamingWonderlandbar1.bingtbrmon.exe (ID: 2124 |ParentID: 1704)
C:Program FilesRadioRage_4jbar1.bin4jbrmon.exe (ID: 2160 |ParentID: 1704)
C:Program FilesHandyCafeClienthndclient.exe (ID: 2188 |ParentID: 1704)
C:Program FilesSoMudsomud.exe (ID: 2472 |ParentID: 1704)
C:Program FilesHandyCafeClient_hndguard.exe (ID: 2696 |ParentID: 2188)
C:Windowssystem32SearchIndexer.exe (ID: 2732 |ParentID: 456)
C:Windowssystem32taskeng.exe (ID: 3584 |ParentID: 896)
C:UsersFONDATION MTNCIAppDataLocalFilesFrog Update Checkerupdate_checker.exe (ID: 3620 |ParentID: 3584)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2364 |ParentID: 2188)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2220 |ParentID: 2364)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 792 |ParentID: 2364)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2536 |ParentID: 2364)
C:Windowssystem32svchost.exe (ID: 3156 |ParentID: 456)
C:Program FilesHewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 3352 |ParentID: 456)
C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3124 |ParentID: 456)
C:WindowsSystem32svchost.exe (ID: 3732 |ParentID: 456)
C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 2036 |ParentID: 456)
C:Windowssystem32wbemwmiprvse.exe (ID: 3020 |ParentID: 624)
C:Windowssystem32wuauclt.exe (ID: 2916 |ParentID: 896)
C:Windowssystem32NOTEPAD.EXE (ID: 3916 |ParentID: 3544)
C:UsbFixGo.exe (ID: 2284 |ParentID: 2292)
C:Windowssystem32wbemwmiprvse.exe (ID: 3516 |ParentID: 624)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [GamingWonderland Search Scope Monitor] – “C:PROGRA~1GAMING~2bar1.bingtsrchmn.exe” /m=2 /w /h
04 – HKLMSOFTWARE | Run : [GamingWonderland Browser Plugin Loader] – C:PROGRA~1GAMING~2bar1.bingtbrmon.exe
04 – HKLMSOFTWARE | Run : [RadioRage Search Scope Monitor] – “C:PROGRA~1RADIOR~2bar1.bin4jsrchmn.exe” /m=2 /w /h
04 – HKLMSOFTWARE | Run : [RadioRage_4j Browser Plugin Loader] – C:PROGRA~1RADIOR~2bar1.bin4jbrmon.exe
04 – HKLMSOFTWARE | Run : [hndclient] – C:Program FileshandyCafeClienthndclient.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2477089822-1327046954-1520462947-1003SOFTWARE | Run : [SoMud] – “C:Program FilesSoMudsomud.exe” /bg
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Recherche générique |

Présent! G:3yb5KAsj.vbs
Présent! G:REPARTITION DES CLASSES PAR CENSEUR.lnk

################## | Référence de comparaison MD5 |

Md5 : D41D8CD98F00B204E9800998ECF8427E -> G:3yb5KAsj.vbs

################## | Comparaison MD5 |

Présent! Md5 : D41D8CD98F00B204E9800998ECF8427E -> G:3yb5KAsj.vbs

################## | Registre |

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |