Répondre à : Infectée par SergeLeLama 2016-09-08T13:27:44+00:00
Photo du profil de Thildou23Thildou23
Participant
Post count: 14

############################## | UsbFix V 7.157 | [Recherche]

Utilisateur: Mathilde (Administrateur) # MATHILDE-TOSH
Mis à jour le 30/12/2013 par El Desaparecido – Team SosVirus
Lancé à 17:04:19 | 02/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: PEGATRON CORPORATION (TKBSB)
CPU: AMD E-240 Processor
RAM -> [Total : 2669 Mo| Free : 1139 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 181 Go (86 Go libre(s) – 47%) [WINDOWS] # NTFS
D: -> Disque fixe # 116 Go (103 Go libre(s) – 89%) [Data] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 974 Mo (974 Mo libre(s) – 100%) [] # FAT
H: -> Disque amovible # 955 Mo (955 Mo libre(s) – 100%) [MATHILDE1GO] # FAT32
I: -> Disque amovible # 2 Go (2 Go libre(s) – 100%) [] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 456 |ParentID: 420)
C:Windowssystem32wininit.exe (ID: 528 |ParentID: 420)
C:Windowssystem32csrss.exe (ID: 536 |ParentID: 520)
C:Windowssystem32services.exe (ID: 584 |ParentID: 528)
C:Windowssystem32winlogon.exe (ID: 616 |ParentID: 520)
C:Windowssystem32lsass.exe (ID: 640 |ParentID: 528)
C:Windowssystem32lsm.exe (ID: 648 |ParentID: 528)
C:Windowssystem32svchost.exe (ID: 752 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 836 |ParentID: 584)
C:Windowssystem32atiesrxx.exe (ID: 884 |ParentID: 584)
C:WindowsSystem32svchost.exe (ID: 100 |ParentID: 584)
C:WindowsSystem32svchost.exe (ID: 360 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 476 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 352 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 1044 |ParentID: 584)
C:Windowssystem32atieclxx.exe (ID: 1108 |ParentID: 884)
C:Windowssystem32svchost.exe (ID: 1264 |ParentID: 584)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1376 |ParentID: 584)
C:WindowsSystem32GFNEXSrv.exe (ID: 1452 |ParentID: 584)
C:WindowsSystem32spoolsv.exe (ID: 1620 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 1664 |ParentID: 584)
C:Windowssystem32taskhost.exe (ID: 1712 |ParentID: 584)
C:Windowssystem32Dwm.exe (ID: 1840 |ParentID: 360)
C:WindowsExplorer.EXE (ID: 1852 |ParentID: 1828)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2000 |ParentID: 1852)
C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID: 2024 |ParentID: 1852)
C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 1116 |ParentID: 1852)
C:UsersMathildeAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 1128 |ParentID: 1852)
C:Program FilesWindows Sidebarsidebar.exe (ID: 1184 |ParentID: 1852)
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe (ID: 1236 |ParentID: 1852)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1300 |ParentID: 584)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1592 |ParentID: 584)
C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe (ID: 2092 |ParentID: 1240)
C:Program FilesBonjourmDNSResponder.exe (ID: 2140 |ParentID: 584)
C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe (ID: 2164 |ParentID: 1240)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2180 |ParentID: 1240)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 2188 |ParentID: 1240)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 2368 |ParentID: 2156)
C:Windowssystem32svchost.exe (ID: 2432 |ParentID: 584)
C:Windowssystem32DllHost.exe (ID: 2464 |ParentID: 752)
C:WindowsSysWOW64svchost.exe (ID: 2576 |ParentID: 584)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 2088 |ParentID: 584)
C:Windowssystem32taskeng.exe (ID: 980 |ParentID: 352)
C:Windowssystem32svchost.exe (ID: 2284 |ParentID: 584)
C:Program Files (x86)Jump FlipupdateJumpFlip.exe (ID: 2340 |ParentID: 584)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3180 |ParentID: 2368)
C:Program Files (x86)Jump FlipbinutilJumpFlip.exe (ID: 3284 |ParentID: 584)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3404 |ParentID: 584)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 3444 |ParentID: 584)
C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID: 3596 |ParentID: 980)
C:Windowssystem32wbemwmiprvse.exe (ID: 3632 |ParentID: 752)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3656 |ParentID: 3404)
C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler.exe (ID: 3700 |ParentID: 3204)
C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler64.exe (ID: 3708 |ParentID: 3204)
C:Windowssystem32wbemunsecapp.exe (ID: 3952 |ParentID: 752)
C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 4292 |ParentID: 584)
C:Windowssystem32SearchIndexer.exe (ID: 4380 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 4424 |ParentID: 584)
C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe (ID: 4892 |ParentID: 584)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 412 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 4168 |ParentID: 584)
C:WindowsSystem32svchost.exe (ID: 1688 |ParentID: 584)
C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID: 3192 |ParentID: 3596)
C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe (ID: 2556 |ParentID: 1236)
C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe (ID: 5156 |ParentID: 752)
C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe (ID: 5272 |ParentID: 752)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5416 |ParentID: 584)
C:Windowssystem32DllHost.exe (ID: 5424 |ParentID: 752)
c:Program Files (x86)NeroUpdateNASvc.exe (ID: 4936 |ParentID: 584)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 2976 |ParentID: 1852)
C:Windowssystem32taskeng.exe (ID: 5024 |ParentID: 352)
C:WindowsSystem32WUDFHost.exe (ID: 5016 |ParentID: 360)
C:UsbFixGo.exe (ID: 5336 |ParentID: 2716)
C:Windowssystem32wbemwmiprvse.exe (ID: 5604 |ParentID: 752)

################## | Regedit Run |

04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLM..Run : [ToshibaServiceStation] “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
04 – HKLM..Run : [hpqSRMon] C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
04 – HKLM..Run : [tuto4pc_fr_53]
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..RunOnce : []
04 – HKLM64..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
04 – HKLM64..Run : [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
04 – HKLM64..Run : [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe
04 – HKLM64..Run : [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe
04 – HKLM64..Run : [TosReelTimeMonitor] %ProgramFiles%TOSHIBAReelTimeTosReelTimeMonitor.exe
04 – HKLM64..Run : [Toshiba TEMPRO] C:Program Files (x86)Toshiba TEMPROTemproTray.exe
04 – HKLM64..Run : [Toshiba Registration] C:Program FilesTOSHIBARegistrationToshibaReminder.exe
04 – HKLM64..Run : [TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
04 – HKLM64..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /FORPCEE3
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [Spotify Web Helper] “C:UsersMathildeAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [9Giga Synchro] “G:SFR9Giga Synchro9Giga_Synchro.exe” /delayed
04 – HKUS-1-5-21-2132920200-1220953195-776652134-1001..Run : [SergeLeLama] wscript.exe //B “C:UsersMathildeAppDataLocalTempSergeLeLama.vbs”
04 – HKUS-1-5-18..Run : [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! C:UsersMathildeAppDataLocalTempSergeLeLama.vbs

################## | Registre |

Présent! HKUS-1-5-21-2132920200-1220953195-776652134-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
Présent! HKUS-1-5-21-2132920200-1220953195-776652134-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |