Répondre à : Virus survival.vbe 2016-09-08T13:39:45+00:00
Photo du profil de jordan44jordan44
Participant
Nombre d'articles : 2

[spoiler:2gm0mp94]############################## | UsbFix V 7.170 | [Recherche]

Utilisateur: yvon dalibert (Administrateur) # NINI
Mis à jour le 07/05/2014 par El Desaparecido – SosVirus
Lancé à 09:32:48 | 09/05/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Dell Inc. (CN0Y53)
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
RAM -> [Total : 1014 Mo| Free : 370 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Google Chrome : 34.0.1847.131

SC: Security Center [Enabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]

C: (%SystemDrive%) -> Disque fixe # 149 Go (106 Go libre(s) – 71%) [OS] # NTFS

################## | Processus Actif |

C:WINDOWSsystem32smss.exe (ID: 884|ParentID: 4|SYSTEM)
C:WINDOWSsystem32csrss.exe (ID: 932|ParentID: 884|SYSTEM)
C:WINDOWSsystem32winlogon.exe (ID: 956|ParentID: 884|SYSTEM)
C:WINDOWSsystem32services.exe (ID: 1000|ParentID: 956|SYSTEM)
C:WINDOWSsystem32lsass.exe (ID: 1012|ParentID: 956|SYSTEM)
C:WINDOWSsystem32svchost.exe (ID: 1164|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32svchost.exe (ID: 1252|ParentID: 1000|SERVICE RÉSEAU)
C:WINDOWSsystem32svchost.exe (ID: 1292|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32svchost.exe (ID: 1416|ParentID: 1000|SERVICE RÉSEAU)
C:WINDOWSsystem32svchost.exe (ID: 1440|ParentID: 1000|SERVICE LOCAL)
C:WINDOWSsystem32WLTRYSVC.EXE (ID: 1648|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32BCMWLTRY.EXE (ID: 1680|ParentID: 1648|SYSTEM)
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1692|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32spoolsv.exe (ID: 1928|ParentID: 1000|SYSTEM)
C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2004|ParentID: 1000|SYSTEM)
C:Program FilesBonjourmDNSResponder.exe (ID: 2036|ParentID: 1000|SYSTEM)
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (ID: 224|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32svchost.exe (ID: 308|ParentID: 1000|SYSTEM)
C:Program FilesJavajre6binjqs.exe (ID: 464|ParentID: 1000|SYSTEM)
C:Program FilesIObitLiveUpdateLiveUpdate.exe (ID: 544|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32svchost.exe (ID: 736|ParentID: 1000|SERVICE LOCAL)
C:WINDOWSsystem32svchost.exe (ID: 844|ParentID: 1000|SERVICE LOCAL)
C:Program FilesDell Support Centerbinsprtsvc.exe (ID: 924|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32svchost.exe (ID: 1196|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32wdfmgr.exe (ID: 1376|ParentID: 1000|SERVICE LOCAL)
C:WINDOWSsystem32searchindexer.exe (ID: 1480|ParentID: 1000|SYSTEM)
C:WINDOWSexplorer.exe (ID: 2480|ParentID: 2116|yvon dalibert)
C:WINDOWSsystem32alg.exe (ID: 2720|ParentID: 1000|SERVICE LOCAL)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 1884|ParentID: 2480|yvon dalibert)
C:WINDOWSsystem32wbemwmiapsrv.exe (ID: 2848|ParentID: 1000|SYSTEM)
C:WINDOWSsystem32wbemwmiprvse.exe (ID: 2916|ParentID: 1164|SYSTEM)
C:WINDOWSRTHDCPL.EXE (ID: 3548|ParentID: 2480|yvon dalibert)
C:WINDOWSsystem32igfxtray.exe (ID: 3592|ParentID: 2480|yvon dalibert)
C:WINDOWSsystem32hkcmd.exe (ID: 3600|ParentID: 2480|yvon dalibert)
C:WINDOWSsystem32igfxpers.exe (ID: 3624|ParentID: 2480|yvon dalibert)
C:WINDOWSsystem32igfxsrvc.exe (ID: 3768|ParentID: 1164|yvon dalibert)
C:WINDOWSOA012Mon.exe (ID: 3904|ParentID: 2480|yvon dalibert)
C:Program FilesJavajre6binjusched.exe (ID: 3944|ParentID: 2480|yvon dalibert)
C:WINDOWSsystem32WLTRAY.EXE (ID: 4032|ParentID: 2480|yvon dalibert)
C:Program FilesWSEDWSED.exe (ID: 228|ParentID: 2480|yvon dalibert)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 756|ParentID: 2480|yvon dalibert)
C:Program FilesBattery MeterBTMeter.exe (ID: 1368|ParentID: 2480|yvon dalibert)
C:Program FilesCapsLKNotifyCapsLKNotify.exe (ID: 1600|ParentID: 2480|yvon dalibert)
C:Program FilesDell Support Centerbinsprtcmd.exe (ID: 1748|ParentID: 2480|yvon dalibert)
C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe (ID: 2096|ParentID: 2480|yvon dalibert)
C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2244|ParentID: 2480|yvon dalibert)
C:Program FilesiTunesiTunesHelper.exe (ID: 2388|ParentID: 2480|yvon dalibert)
C:WINDOWSsystem32ctfmon.exe (ID: 2404|ParentID: 2480|yvon dalibert)
C:Program FilesWindows Desktop SearchWindowsSearch.exe (ID: 3368|ParentID: 2480|yvon dalibert)
C:Program FilesiPodbiniPodService.exe (ID: 1396|ParentID: 1000|SYSTEM)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2156|ParentID: 756|yvon dalibert)
C:WINDOWSsystem32searchprotocolhost.exe (ID: 3992|ParentID: 1480|SYSTEM)
C:UsbFixUsbFix.exe (ID: 780|ParentID: 3456|yvon dalibert)
C:WINDOWSsystem32wscntfy.exe (ID: 2700|ParentID: 1292|yvon dalibert)
C:WINDOWSsystem32wbemwmiprvse.exe (ID: 2776|ParentID: 1164|SERVICE RÉSEAU)

################## | Autorun |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] Explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:WINDOWSsystem32userinit.exe,
04 – HKCU..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
04 – HKCU..Run : [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLM..Run : [RTHDCPL] RTHDCPL.EXE
04 – HKLM..Run : [Alcmtr] ALCMTR.EXE
04 – HKLM..Run : [IgfxTray] C:WINDOWSsystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:WINDOWSsystem32igfxpers.exe
04 – HKLM..Run : [OA012Mon] C:WINDOWSOA012Mon.exe
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesJavajre6binjusched.exe”
04 – HKLM..Run : [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
04 – HKLM..Run : [WSED] C:Program FilesWSEDWSED.exe
04 – HKLM..Run : [BTMeter] C:Program FilesBattery MeterBTMeter.exe
04 – HKLM..Run : [CapsLKNotify] C:Program FilesCapsLKNotifyCapsLKNotify.exe
04 – HKLM..Run : [Adobe Reader Speed Launcher] “c:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [dellsupportcenter] “C:Program FilesDell Support Centerbinsprtcmd.exe” /P dellsupportcenter
04 – HKLM..Run : [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
04 – HKLM..Run : [PDVDDXSrv] “C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe”
04 – HKLM..Run : [APSDaemon] “C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
04 – HKUS-1-5-19..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-20..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-21-2864729764-1779981083-3612934209-1007..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-21-2864729764-1779981083-3612934209-1007..Run : [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
04 – HKUS-1-5-18..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE

################## | Recherche générique |

################## | Registre |

################## | C: %SystemDrive% – Disque Fixe (NTFS) |

[04/05/2014 – 20:47:15 | N | 29 Ko] – C:Shortcut_Module_04_05_2014_20_47_15.txt
[04/05/2014 – 23:14:11 | N | 14 Ko] – C:Shortcut_Module_04_05_2014_23_14_11.txt
[05/05/2014 – 20:03:41 | N | 14 Ko] – C:Shortcut_Module_05_05_2014_20_03_41.txt
[30/04/2008 – 01:03:11 | N | 0 Ko] – C:CONFIG.SYS
[30/04/2008 – 01:03:11 | AH | 0 Ko] – C:IO.SYS
[30/04/2008 – 01:03:11 | AH | 0 Ko] – C:MSDOS.SYS
[09/05/2014 – 09:24:20 | ASH | 1558052 Ko] – C:pagefile.sys
[09/05/2014 – 09:24:22 | ASH | 1038772 Ko] – C:hiberfil.sys
[30/10/2009 – 18:02:07 | N | 4 Ko] – C:dell.sdr
[05/05/2014 – 22:27:44 | D] – C:Config.Msi
[22/04/2014 – 21:51:45 | RASH | 0 Ko] – C:boot.ini
[14/04/2008 – 14:00:00 | N | 46 Ko | VirusTotal – (0/51)] – C:NTDETECT.COM
[14/04/2008 – 14:00:00 | N | 5 Ko] – C:Bootfont.bin
[09/05/2014 – 00:35:08 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[30/04/2008 – 01:03:11 | A | 0 Ko] – C:AUTOEXEC.BAT
[14/04/2008 – 14:00:00 | RASH | 246 Ko] – C:ntldr
[30/10/2009 – 16:25:09 | D] – C:I386
[30/10/2009 – 22:04:34 | D] – C:drivers
[06/11/2009 – 17:13:05 | SHD] – C:System Volume Information
[09/11/2009 – 20:37:07 | D] – C:DELL
[09/11/2009 – 22:41:06 | RHD] – C:MSOCache
[17/12/2010 – 10:13:52 | SHD] – C:RECYCLER
[14/01/2014 – 05:13:54 | D] – C:Users
[14/04/2014 – 19:20:09 | D] – C:Documents and Settings
[26/04/2014 – 13:42:42 | D] – C:Program Files
[04/05/2014 – 14:48:00 | D] – C:b5cbf94b39035d5416217e52e780
[04/05/2014 – 14:48:09 | D] – C:3514e1179b3e21839ba5c4351465
[04/05/2014 – 15:29:52 | D] – C:ee2973541b4b65b6db96d525c8a9e7
[05/05/2014 – 20:03:41 | D] – C:Shortcut_Module
[09/05/2014 – 00:31:23 | D] – C:AdwCleaner
[09/05/2014 – 00:33:18 | N | 0 Ko] – C:Documents
[09/05/2014 – 09:24:45 | D] – C:WINDOWS
[09/05/2014 – 09:31:54 | D] – C:UsbFix

################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:2gm0mp94]