Répondre à : fishiers de mon disque dur transforme en raccourci 2016-09-08T13:50:45+00:00
Anonyme
Nombre d'articles : 1400

:hello: Soul,

je joins ton rapport dans ton topic 🙂

@soul wrote:

Bonjour j ai eu le mem problem mais moi c est avec un disque dur et j ai efface les raccorcis.
j ai suivi les directives et voila les resl;

############################## | UsbFix V 7.173 | [Research]

User: Administrator (Administrator) # BMOM-PC
Updated 04/07/2014 by El Desaparecido – SosVirus
Started at 05:20:21 | 07/07/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://en.kioskea.net/forum/viruses-security-7
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

################## | System information |

MB: OEM_MB (IVY8)
CPU: AMD Sempron(tm) Dual Core Processor 2200
GC: NVIDIA GeForce 6150SE nForce 430
RAM -> [Total : 1918 Mo | Free : 345 Mo]
Bios: Phoenix Technologies, LTD
Boot: Normal boot

OS: Microsoft™ Windows Vista (TM) Home Basic (6.0.6002 32-Bit) Service Pack 2
WB: Internet Explorer : 9.00.8112.16421
WB: Google Chrome : 35.0.1916.153

################## | Security Information |

AV: AVG AntiVirus Free Edition 2014 [(!) Disabled |Updated]
AV: avast! Antivirus [Enabled |Updated]
AS: avast! Antivirus [Enabled |Updated]
AS: Windows Defender [(!) Disabled |Updated]
AS: AVG AntiVirus Free Edition 2014 [(!) Disabled |Updated]
FW: avast! Internet Security [(!) Disabled]
FW: Windows Firewall [(!) Disabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C: (%SystemDrive%) -> Fixed disk # 138 Gb (95 Mb free – 69%) [HP] # NTFS
D: -> Fixed disk # 11 Gb (2 Mb free – 18%) [FACTORY_IMAGE] # NTFS
G: -> Fixed disk # 466 Gb (245 Mb free – 53%) [TOSHIBA EXT] # NTFS

################## | Active Processes |

C:WindowsSystem32smss.exe (ID: 508|ParentID: 4|SYSTEM)
C:WindowsSystem32wininit.exe (ID: 696|ParentID: 632)
C:WindowsSystem32services.exe (ID: 744|ParentID: 696)
C:WindowsSystem32winlogon.exe (ID: 772|ParentID: 688)
C:WindowsSystem32lsass.exe (ID: 788|ParentID: 696)
C:WindowsSystem32lsm.exe (ID: 796|ParentID: 696)
C:WindowsSystem32svchost.exe (ID: 964|ParentID: 744)
C:WindowsSystem32nvvsvc.exe (ID: 1028|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 1060|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 1228|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 1292|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 1316|ParentID: 744)
C:WindowsSystem32audiodg.exe (ID: 1396|ParentID: 1228)
C:WindowsSystem32svchost.exe (ID: 1420|ParentID: 744)
C:WindowsSystem32SLsvc.exe (ID: 1452|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 1492|ParentID: 744)
C:WindowsSystem32rundll32.exe (ID: 1604|ParentID: 1028)
C:WindowsSystem32svchost.exe (ID: 1700|ParentID: 744)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1844|ParentID: 744)
C:ProgramDataIePluginServicesPluginService.exe (ID: 1908|ParentID: 744)
C:WindowsSystem32spoolsv.exe (ID: 2028|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 192|ParentID: 744)
C:WindowsSystem32dwm.exe (ID: 1804|ParentID: 1292|Administrator)
C:WindowsSystem32taskeng.exe (ID: 1808|ParentID: 1316)
C:Windowsexplorer.exe (ID: 1864|ParentID: 1640|Administrator)
C:WindowsSystem32taskeng.exe (ID: 1560|ParentID: 1316|Administrator)
C:Program FilesAskPartnerNetworkToolbarapnmcp.exe (ID: 2548|ParentID: 744)
C:PROGRA~1BRINGM~2bar1.bin1cbarsvc.exe (ID: 2668|ParentID: 744)
C:WindowsSystem32dldfcoms.exe (ID: 2704|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 2760|ParentID: 744)
C:Program FilesCommon FilesMotiveMcciCMService.exe (ID: 2820|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 2892|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 2968|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 2980|ParentID: 744)
C:Program FilesRealNetworksRealDownloaderrndlresolversvc.exe (ID: 2992|ParentID: 744)
C:Program FilesSearchSnacksServicesssvc.exe (ID: 3112|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 3156|ParentID: 744)
C:Program FilesTbccintToolbarServiceToolbarService.exe (ID: 3180|ParentID: 744)
C:Program FilesAmazon Browser BarToolbarUpdaterService.exe (ID: 3224|ParentID: 744)
C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater18.1.7ToolbarUpdater.exe (ID: 3336|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 3380|ParentID: 744)
C:WindowsSystem32SearchIndexer.exe (ID: 3400|ParentID: 744)
C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater18.1.7loggingserver.exe (ID: 3436|ParentID: 3336)
C:WindowsSystem32driversXAudio.exe (ID: 3576|ParentID: 744)
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (ID: 3596|ParentID: 744)
C:WindowsSystem32svchost.exe (ID: 3852|ParentID: 744)
C:hpsupporthpsysdrv.exe (ID: 540|ParentID: 1864|Administrator)
C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 1852|ParentID: 1864|Administrator)
C:WindowsSystem32rundll32.exe (ID: 2524|ParentID: 1864|Administrator)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1276|ParentID: 744)
C:Program FilesHPDigital ImagingbinHpqSRmon.exe (ID: 2368|ParentID: 1864|Administrator)
C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 4104|ParentID: 1864|Administrator)
C:Program FilesDell AIO Printer 948dldfmon.exe (ID: 4144|ParentID: 1864|Administrator)
C:Program FilesDell AIO Printer 948memcard.exe (ID: 4200|ParentID: 1864|Administrator)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4404|ParentID: 1864|Administrator)
C:Program FilesrealrealplayerUpdaterealsched.exe (ID: 4532|ParentID: 1864|Administrator)
C:Program FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe (ID: 4848|ParentID: 1864|Administrator)
C:Program FilesBringMeSports_1cbar1.bin1cbrmon.exe (ID: 5008|ParentID: 1864|Administrator)
C:Program FilesAVG SafeGuard toolbarvprot.exe (ID: 5032|ParentID: 1864|Administrator)
C:UsersAdministratorAppDataLocalAkamainetsession_win.exe (ID: 5080|ParentID: 1864|Administrator)
C:UsersAdministratorAppDataLocaliLividiLivid.exe (ID: 5132|ParentID: 1864|Administrator)
C:UsersAdministratorAppDataLocalWeatherAlertsWeatherAlerts.exe (ID: 5180|ParentID: 1864|Administrator)
C:WindowsSystem32svchost.exe (ID: 5272|ParentID: 744)
C:hpKBDkbd.exe (ID: 6040|ParentID: 2932|Administrator)
C:Program FilesHewlett-PackardHP Health CheckHPHC_Service.exe (ID: 2224|ParentID: 744)
C:UsersAdministratorAppDataLocalAkamainetsession_win.exe (ID: 3532|ParentID: 5080|Administrator)
C:Program FilesCommon FilesJavaJava Updatejucheck.exe (ID: 1836|ParentID: 4820|Administrator)
C:UsersAdministratorAppDataLocalWeatherAlertsDesktopWeatherAlertsApp.exe (ID: 5260|ParentID: 5160|Administrator)
C:Program FilesPureLeadsPureLeads.Service.exe (ID: 5668|ParentID: 744)
C:WindowsSystem32mshta.exe (ID: 4052|ParentID: 1808)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4696|ParentID: 1864|Administrator)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4756|ParentID: 4696|Administrator)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4668|ParentID: 4696|Administrator)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5820|ParentID: 4696|Administrator)
C:WindowsSystem32mshta.exe (ID: 5140|ParentID: 1808)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1000|ParentID: 4696|Administrator)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5896|ParentID: 4696|Administrator)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5024|ParentID: 4696|Administrator)
C:WindowsSystem32mshta.exe (ID: 572|ParentID: 1808)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4620|ParentID: 4696|Administrator)
C:WindowsSystem32mobsync.exe (ID: 5884|ParentID: 964|Administrator)
C:WindowsSystem32mshta.exe (ID: 5636|ParentID: 1808)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4924|ParentID: 4696|Administrator)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 588|ParentID: 4696|Administrator)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 608|ParentID: 4696|Administrator)
C:WindowsSystem32SearchProtocolHost.exe (ID: 4112|ParentID: 3400)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 568|ParentID: 4696|Administrator)
C:WindowsSystem32SearchFilterHost.exe (ID: 832|ParentID: 3400|SYSTEM)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5224|ParentID: 4696|Administrator)
C:UsbFixUsbFix.exe (ID: 4596|ParentID: 1864|Administrator)

################## | Autorun |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [HPADVISOR] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
04 – HKCU..Run : [Akamai NetSession Interface] “C:UsersAdministratorAppDataLocalAkamainetsession_win.exe”
04 – HKCU..Run : [Exetender] “C:Program FilesFree Ride GamesGPlayer.exe” /schedule 300000
04 – HKCU..Run : [Facebook Update] “C:UsersAdministratorAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKCU..Run : [iLivid] “C:UsersAdministratorAppDataLocaliLividiLivid.exe” -autorun
04 – HKCU..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKCU..Run : [AVG-Secure-Search-Update_0214c] C:UsersAdministratorAppDataRoamingAVG 0214c CampaignAVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e66cf538831547d398bfd16b5311415c-ba71993f82b9db46279b0a3e8de45cfabba395a7 /CMPID=0214c
04 – HKLM..Run : [hpsysdrv] c:hpsupporthpsysdrv.exe
04 – HKLM..Run : [KBD] C:HPKBDKbdStub.EXE
04 – HKLM..Run : [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
04 – HKLM..Run : [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
04 – HKLM..Run : [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLM..Run : [DPService] “C:Program FilesHPDVDPlayDPService.exe”
04 – HKLM..Run : [ATT-SST_McciTrayApp] “C:Program FilesATT-SSTMcciTrayApp.exe”
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
04 – HKLM..Run : [hpqSRMon] C:Program FilesHPDigital ImagingbinhpqSRMon.exe
04 – HKLM..Run : [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
04 – HKLM..Run : [SearchProtection] C:ProgramDataSearch Protection_run.bat
04 – HKLM..Run : [dldfmon.exe] “C:Program FilesDell AIO Printer 948dldfmon.exe”
04 – HKLM..Run : [MemoryCardManager] “C:Program FilesDell AIO Printer 948memcard.exe”
04 – HKLM..Run : [Dell AIO Printer 948 Fax Server] “C:Program FilesDell AIO Printer 948fm3032.exe” /s
04 – HKLM..Run : [SBRegRebootCleaner] “C:Program FilesAd-Aware AntivirusSBRC.exe”
04 – HKLM..Run : [avast] “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLM..Run : [TkBellExe] “C:Program Filesrealrealplayerupdaterealsched.exe” -osboot
04 – HKLM..Run : [VideoDownloadConverter Search Scope Monitor] “C:PROGRA~1VIDEOD~2bar1.bin4zsrchmn.exe” /m=2 /w /h
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [ApnTBMon] “C:Program FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe”
04 – HKLM..Run : [AVG_UI] “C:Program FilesAVGAVG2014avgui.exe” /TRAYONLY
04 – HKLM..Run : [BringMeSports EPM Support] “C:PROGRA~1BRINGM~2bar1.bin1cmedint.exe” T8EPMSUP.DLL,S
04 – HKLM..Run : [BringMeSports Home Page Guard 32 bit] “C:PROGRA~1BRINGM~2bar1.binAppIntegrator.exe”
04 – HKLM..Run : [BringMeSports Search Scope Monitor] “C:PROGRA~1BRINGM~2bar1.bin1csrchmn.exe” /m=2 /w /h
04 – HKLM..Run : [BringMeSports_1c Browser Plugin Loader] C:Program FilesBringMeSports_1cbar1.bin1cbrmon.exe
04 – HKLM..Run : [vProt] “C:Program FilesAVG SafeGuard toolbarvprot.exe”
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-19..Run : [Exetender] “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20..Run : [Exetender] “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500..Run : [HPADVISOR] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500..Run : [Akamai NetSession Interface] “C:UsersAdministratorAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500..Run : [Exetender] “C:Program FilesFree Ride GamesGPlayer.exe” /schedule 300000
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500..Run : [Facebook Update] “C:UsersAdministratorAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500..Run : [iLivid] “C:UsersAdministratorAppDataLocaliLividiLivid.exe” -autorun
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500..Run : [AVG-Secure-Search-Update_0214c] C:UsersAdministratorAppDataRoamingAVG 0214c CampaignAVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e66cf538831547d398bfd16b5311415c-ba71993f82b9db46279b0a3e8de45cfabba395a7 /CMPID=0214c
04 – HKUS-1-5-21-3510558047-3091042105-3384621871-500_Classes..Run : [Exetender] “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup
04 – HKUS-1-5-18..Run : [Exetender] “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup
04 – HKUS-1-5-18..RunOnce : [FlashPlayerUpdate] C:Windowssystem32MacromedFlashFlashUtil10b.exe

################## | Generic Research |

Found ! G:qocef.scr
Found ! G:x.exe
Found ! G:ert.dll
Found ! G:qocefx.exe

################## | Registry |

################## | E.O.F | https://www.sosvirus.net/ | http://www.en.usbfix.net/ |

@+