cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.169 | [Research]

User: ibm (Administrator) # IBM-PC
Updated 31/03/2014 by El Desaparecido - Team SosVirus
Started at 16:24:34 | 18/04/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://en.kioskea.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: LENOVO (6457A26)
CPU: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
RAM -> [Total : 4030 Mo| Free : 2172 Mo]
Bios: LENOVO
Boot: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Mozilla Firefox : 29.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | (!) Outdated]
AS: avast! Antivirus [Enabled | Updated]
FW: avast! Antivirus [Enabled]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 93 Gb (52 Mb free - 55%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 2 Gb (927 Mb free - 46%) [KETTANI] # FAT

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 436 |ParentID: 408)
C:\Windows\system32\wininit.exe (ID: 500 |ParentID: 408)
C:\Windows\system32\csrss.exe (ID: 516 |ParentID: 492)
C:\Windows\system32\services.exe (ID: 548 |ParentID: 500)
C:\Windows\system32\lsass.exe (ID: 564 |ParentID: 500)
C:\Windows\system32\lsm.exe (ID: 572 |ParentID: 500)
C:\Windows\system32\winlogon.exe (ID: 676 |ParentID: 492)
C:\Windows\system32\svchost.exe (ID: 740 |ParentID: 548)
C:\Windows\system32\ibmpmsvc.exe (ID: 808 |ParentID: 548)
C:\Windows\system32\nvvsvc.exe (ID: 848 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 888 |ParentID: 548)
C:\Windows\System32\svchost.exe (ID: 948 |ParentID: 548)
C:\Windows\System32\svchost.exe (ID: 1020 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 364 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 440 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 1172 |ParentID: 548)
C:\Windows\system32\nvvsvc.exe (ID: 1300 |ParentID: 848)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1360 |ParentID: 548)
C:\Windows\System32\spoolsv.exe (ID: 1492 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 1524 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 1552 |ParentID: 548)
C:\Program Files\AVAST Software\Avast\afwServ.exe (ID: 1584 |ParentID: 548)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1652 |ParentID: 548)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 1672 |ParentID: 548)
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe (ID: 1780 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 1832 |ParentID: 548)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (ID: 1876 |ParentID: 548)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe (ID: 1980 |ParentID: 1876)
C:\Windows\system32\conhost.exe (ID: 2008 |ParentID: 436)
C:\Windows\system32\svchost.exe (ID: 2268 |ParentID: 548)
C:\Windows\System32\WUDFHost.exe (ID: 2512 |ParentID: 1020)
C:\Windows\system32\taskhost.exe (ID: 2648 |ParentID: 548)
C:\Windows\system32\Dwm.exe (ID: 2780 |ParentID: 1020)
C:\Windows\Explorer.EXE (ID: 2812 |ParentID: 2768)
C:\Windows\System32\wscript.exe (ID: 2936 |ParentID: 2812)
C:\Users\ibm\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 1640 |ParentID: 2812)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 2468 |ParentID: 3016)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 568 |ParentID: 3016)
C:\Program Files (x86)\AVG Secure Search\vprot.exe (ID: 2928 |ParentID: 3016)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 2616 |ParentID: 3016)
C:\Windows\system32\SearchIndexer.exe (ID: 3292 |ParentID: 548)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3488 |ParentID: 548)
C:\Windows\System32\svchost.exe (ID: 3244 |ParentID: 548)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 4188 |ParentID: 2812)
C:\Windows\system32\taskhost.exe (ID: 4452 |ParentID: 548)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3964 |ParentID: 740)
C:\Windows\system32\SearchProtocolHost.exe (ID: 4548 |ParentID: 3292)
C:\Windows\system32\SearchFilterHost.exe (ID: 3252 |ParentID: 3292)
C:\Windows\System32\WUDFHost.exe (ID: 2844 |ParentID: 1020)
C:\Windows\System32\WUDFHost.exe (ID: 1372 |ParentID: 1020)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Google Update] "C:\Users\ibm\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [SysBackUp] wscript.exe //B "C:\Users\ibm\AppData\Roaming\SysBackUp.vbs"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\RunOnce : []
04 - [x64] HKLM\..\Run : [nwiz] nwiz.exe /install
04 - [x64] HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1356511059-382311301-1364173629-1000\..\Run : [Google Update] "C:\Users\ibm\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1356511059-382311301-1364173629-1000\..\Run : [SysBackUp] wscript.exe //B "C:\Users\ibm\AppData\Roaming\SysBackUp.vbs"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Generic Research |

Found ! C:\Users\ibm\AppData\Roaming\SysBackUp.vbs
Found ! C:\Users\ibm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SysBackUp.vbs
Found ! E:\SysBackUp.vbs
Found ! E:\TOP 500 Companies.lnk
Found ! E:\pipeline 10-04-2014.lnk
Found ! E:\Pipeline 10042014.lnk
Found ! E:\cle.lnk
Found ! E:\top 500.lnk
Found ! E:\New folder.lnk
Found ! E:\New folder (2).lnk
Found ! E:\~$~$TOP 500 Companies.lnk
Found ! E:\~$TOP 500 Companies.lnk
Found ! E:\Scanned-image.lnk
Found ! E:\New folder (3).lnk
Found ! E:\New folder (4).lnk
Found ! C:\Users\ibm\AppData\Roaming\FlashPlayer Install

################## | Registry |

Found ! HKU\S-1-5-21-1356511059-382311301-1364173629-1000\Software\Microsoft\Windows\CurrentVersion\Run|SysBackUp
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysBackUp

################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité