cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.164 | [Suppression]

Utilisateur: ZAHOUI (Administrateur) # ZAHOUI-PC
Mis � jour le05/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 15:22:30 | 16/02/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: TOSHIBA (Portable PC)
CPU: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
RAM -> [Total : 2766 Mo| Free : 1985 Mo]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows�7 �dition Int�grale (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Mozilla Firefox : 27.0.1

SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
FW: FireWall [(!) Disabled]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 140 Go (51 Go libre(s) - 36%) [] # NTFS
D:\ -> CD-ROM
I:\ -> Disque amovible # 4 Go (2 Go libre(s) - 45%) [ DR ZAHOUI] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 380 |ParentID: 368)
C:\Windows\system32\wininit.exe (ID: 452 |ParentID: 368)
C:\Windows\system32\csrss.exe (ID: 460 |ParentID: 444)
C:\Windows\system32\services.exe (ID: 508 |ParentID: 452)
C:\Windows\system32\lsass.exe (ID: 524 |ParentID: 452)
C:\Windows\system32\lsm.exe (ID: 532 |ParentID: 452)
C:\Windows\system32\winlogon.exe (ID: 560 |ParentID: 444)
C:\Windows\system32\svchost.exe (ID: 680 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 756 |ParentID: 508)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 840 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 904 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 940 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 968 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1116 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1260 |ParentID: 508)
C:\Windows\System32\spoolsv.exe (ID: 1520 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1548 |ParentID: 508)
C:\Windows\system32\rundll32.exe (ID: 1628 |ParentID: 508)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1668 |ParentID: 508)
C:\Windows\system32\DKabcoms.exe (ID: 1712 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1744 |ParentID: 508)
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (ID: 1812 |ParentID: 508)
C:\Program Files\Hotspot Shield\bin\hsswd.exe (ID: 1864 |ParentID: 508)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 1912 |ParentID: 508)
C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe (ID: 1956 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 272 |ParentID: 508)
C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe (ID: 392 |ParentID: 508)
C:\Windows\system32\NLSSRV32.EXE (ID: 464 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 1224 |ParentID: 508)
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (ID: 1416 |ParentID: 508)
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (ID: 1448 |ParentID: 1416)
C:\Windows\Installer\MSIF60C.tmp (ID: 1728 |ParentID: 508)
C:\Program Files\Skype\Updater\Updater.exe (ID: 1980 |ParentID: 508)
C:\Windows\system32\Dwm.exe (ID: 1336 |ParentID: 940)
C:\Windows\system32\svchost.exe (ID: 2020 |ParentID: 508)
C:\Windows\Explorer.EXE (ID: 372 |ParentID: 1604)
C:\Windows\system32\WUDFHost.exe (ID: 2440 |ParentID: 940)
C:\Windows\system32\svchost.exe (ID: 2460 |ParentID: 508)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2844 |ParentID: 680)
C:\Windows\system32\runonce.exe (ID: 3132 |ParentID: 372)

################## | Regedit Run |

04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
04 - HKCU\..\Run : [Facebook Update] "C:\Users\ZAHOUI\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [5adea2b84d5e18ee580c82d45dd7ede0] ..
04 - HKCU\..\Run : [DKab1err] C:\Program Files\Dell\Printer Software\ErrorApp\DKab1err.exe
04 - HKCU\..\Run : [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
04 - HKCU\..\Run : [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
04 - HKLM\..\Run : [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
04 - HKLM\..\Run : [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [5adea2b84d5e18ee580c82d45dd7ede0] ..
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Samsung Link] "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\..\Policies\Explorer\run : [rescue] "C:\ProgramData\rescue.vbe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [Facebook Update] "C:\Users\ZAHOUI\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [5adea2b84d5e18ee580c82d45dd7ede0] ..
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [DKab1err] C:\Program Files\Dell\Printer Software\ErrorApp\DKab1err.exe
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\..\Run : [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
04 - HKU\S-1-5-18\..\Run : [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
04 - HKU\S-1-5-18\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche g�n�rique |

Supprim�! C:\Users\All Users\rescue.vbe
Supprim�! C:\kernel
Supprim�! C:\Windows\system32\system\svchost.exe
Supprim�! C:\Windows\InstallDir
Supprim�! I:\config.dat

(!) Fichiers temporaires supprim�s.

################## | Registre |

Supprim�! HKCU\Software\5adea2b84d5e18ee580c82d45dd7ede0
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
R�par� ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
R�par� ! HKLM\Software\Microsoft\Security Center|UacDisableNotify -> 0
Supprim�! HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\Software\Microsoft\Windows\CurrentVersion\Run|5adea2b84d5e18ee580c82d45dd7ede0
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|5adea2b84d5e18ee580c82d45dd7ede0
Supprim�! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|rescue
Supprim�! HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\Software\.\.\.\.\Mountpoints2\E
Supprim�! HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\Software\.\.\.\.\Mountpoints2\G
Supprim�! HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\Software\.\.\.\.\Mountpoints2\{2ce18e84-6444-11e3-997e-00266c0720ab}
Supprim�! HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\Software\.\.\.\.\Mountpoints2\{37b58c5c-4e03-11e3-b9ca-e0ca94d3ebdb}
Supprim�! HKU\S-1-5-21-2134588498-3345777639-1277487948-1000\Software\.\.\.\.\Mountpoints2\{4676a77f-fc3c-11e1-8c08-8b0f93cd4b34}

################## | Listing |

[15/09/2012 - 17:09:43 | SHD] - C:\$Recycle.Bin
[13/03/2013 - 23:30:46 | AD] - C:\.Trash-1000
[10/06/2009 - 21:42:20 | A | 0 Ko] - C:\autoexec.bat
[17/09/2012 - 22:18:24 | N | 4150 Ko] - C:\BluetoothPCDialer.msi
[23/09/2012 - 22:27:01 | D] - C:\Boonty
[14/02/2014 - 16:47:12 | D] - C:\Config.Msi
[10/06/2009 - 21:42:20 | N | 0 Ko] - C:\config.sys
[30/01/2014 - 16:13:25 | N | 0 Ko] - C:\cookies.sqlite
[20/08/2013 - 16:56:36 | D] - C:\Dell
[14/07/2009 - 04:53:55 | SHD] - C:\Documents and Settings
[26/01/2014 - 13:39:45 | D] - C:\Download
[16/02/2014 - 15:21:22 | ASH | 2124180 Ko] - C:\hiberfil.sys
[12/09/2012 - 11:49:07 | D] - C:\Intel
[24/09/2012 - 00:14:10 | RASH | 0 Ko] - C:\IO.SYS
[09/10/2012 - 14:42:32 | D] - C:\iOrgSoft pdfToWord
[13/02/2014 - 00:03:37 | D] - C:\Kernel
[13/09/2012 - 20:44:55 | D] - C:\moodledata
[24/09/2012 - 00:14:10 | RASH | 0 Ko] - C:\MSDOS.SYS
[12/09/2012 - 20:46:45 | RHD] - C:\MSOCache
[15/09/2012 - 12:14:51 | D] - C:\ocsdata
[15/09/2012 - 11:55:56 | D] - C:\ojsdata
[16/02/2014 - 15:21:24 | ASH | 2832240 Ko] - C:\pagefile.sys
[14/07/2009 - 02:37:05 | D] - C:\PerfLogs
[15/02/2014 - 08:44:08 | N | 1 Ko] - C:\PhysicalMBR.bin
[15/02/2014 - 11:30:22 | D] - C:\Program Files
[16/02/2014 - 15:27:36 | HD] - C:\ProgramData
[13/07/2013 - 20:50:23 | D] - C:\Python27
[10/09/2012 - 09:50:52 | SHD] - C:\Recovery
[13/02/2014 - 00:03:37 | D] - C:\security
[15/02/2014 - 11:33:00 | SHD] - C:\System Volume Information
[24/01/2014 - 13:32:47 | D] - C:\tmpDownload
[14/10/2013 - 12:23:39 | D] - C:\Upload
[16/02/2014 - 15:16:35 | D] - C:\UsbFix
[16/02/2014 - 15:27:53 | A | 11 Ko | 4F6C821310156541ABE9BD97B377A6D5] - C:\UsbFix [Clean 2] ZAHOUI-PC.txt
[13/02/2014 - 22:12:14 | D] - C:\Users
[16/02/2014 - 15:27:37 | D] - C:\Windows
[03/11/2012 - 19:15:09 | D] - C:\YoutubeMusicDownloader
[07/11/2013 - 14:16:08 | N | 723461 Ko] - I:\La.Marque.Des.Anges.Miserere.2013.FRENCH.SUBFORCED.DVDRip.XviD-RELiC.avi
[17/11/2013 - 17:14:00 | N | 715458 Ko] - I:\Stand.Up.Guys.2012.TRUEFRENCH.DVDRip.XviD-UTT.avi
[27/09/2013 - 13:47:40 | N | 719658 Ko] - I:\Im.So.Excited.2013.FRENCH.SUBFORCED.BRRiP.XViD-ATN.avi

################## | Vaccin |

I:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité