Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.152 | [Recherche]
Utilisateur: Admin (Administrateur) # ADMIN-PC
Mis � jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 18:31:58 | 21/11/2013
Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: ASUSTeK Computer INC. (P5QL PRO)
CPU: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
RAM -> [Total : 4095 | Free : 1865]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 259 Go (102 Go libre(s) - 40%) [] # NTFS
D:\ -> Disque fixe # 207 Go (36 Go libre(s) - 17%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 31 Go (28 Go libre(s) - 91%) [COWON J3] # FAT32
H:\ -> Disque amovible # 4 Go (4 Go libre(s) - 96%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 372 |ParentID: 364)
C:\Windows\system32\wininit.exe (ID: 432 |ParentID: 364)
C:\Windows\system32\csrss.exe (ID: 456 |ParentID: 424)
C:\Windows\system32\winlogon.exe (ID: 488 |ParentID: 424)
C:\Windows\system32\services.exe (ID: 540 |ParentID: 432)
C:\Windows\system32\lsass.exe (ID: 548 |ParentID: 432)
C:\Windows\system32\lsm.exe (ID: 560 |ParentID: 432)
C:\Windows\system32\svchost.exe (ID: 660 |ParentID: 540)
C:\Windows\system32\nvvsvc.exe (ID: 724 |ParentID: 540)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 748 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 792 |ParentID: 540)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 840 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 972 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 328 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 388 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1068 |ParentID: 540)
C:\Windows\System32\spoolsv.exe (ID: 1164 |ParentID: 540)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1192 |ParentID: 724)
C:\Windows\system32\nvvsvc.exe (ID: 1200 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 1276 |ParentID: 540)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1364 |ParentID: 540)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1408 |ParentID: 540)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1444 |ParentID: 540)
C:\Windows\SysWOW64\PnkBstrA.exe (ID: 1536 |ParentID: 540)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (ID: 1568 |ParentID: 540)
C:\Windows\system32\taskhost.exe (ID: 1648 |ParentID: 540)
C:\Windows\system32\Dwm.exe (ID: 1696 |ParentID: 1004)
C:\Windows\Explorer.EXE (ID: 1708 |ParentID: 1688)
C:\Windows\system32\svchost.exe (ID: 1996 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1128 |ParentID: 540)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (ID: 1348 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 1956 |ParentID: 1128)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (ID: 2100 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 2632 |ParentID: 540)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 2896 |ParentID: 1708)
C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID: 2968 |ParentID: 2924)
C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (ID: 3040 |ParentID: 2924)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 2604 |ParentID: 1192)
C:\Windows\System32\WUDFHost.exe (ID: 2848 |ParentID: 1004)
c:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 1776 |ParentID: 540)
C:\Windows\system32\SearchIndexer.exe (ID: 2748 |ParentID: 540)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2892 |ParentID: 540)
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ID: 3144 |ParentID: 2232)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 3204 |ParentID: 2232)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (ID: 3308 |ParentID: 2232)
D:\Programmes\iTunes\iTunesHelper.exe (ID: 3380 |ParentID: 2232)
C:\Windows\system32\svchost.exe (ID: 3524 |ParentID: 540)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3944 |ParentID: 540)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3716 |ParentID: 1708)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4272 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4900 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2608 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2728 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3388 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2680 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4456 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4612 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4744 |ParentID: 3716)
C:\Users\Admin\Desktop\RogueKiller-8.7.8.exe (ID: 1804 |ParentID: 1708)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4888 |ParentID: 660)
C:\Windows\servicing\TrustedInstaller.exe (ID: 4192 |ParentID: 540)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4676 |ParentID: 3716)
C:\Windows\system32\taskeng.exe (ID: 3632 |ParentID: 388)
C:\Windows\system32\SearchProtocolHost.exe (ID: 696 |ParentID: 2748)
C:\Windows\system32\SearchFilterHost.exe (ID: 2584 |ParentID: 2748)
C:\UsbFix\Go.exe (ID: 3032 |ParentID: 3212)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [WinampAgent] - D:\Programmes\Winamp\winampa.exe
04 - HKLM\SOFTWARE | Run : [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "D:\Programmes\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [WinampAgent] - D:\Programmes\Winamp\winampa.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "D:\Programmes\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "D:\Programmes\Daemon Tool\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [Spybot-S&D Cleaning] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [BitTorrent] - "C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [HKCU] - C:\Users\Admin\AppData\Local\Temp\cvtres.exe
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Admin\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche g�n�rique |
Pr�sent! C:\Users\Admin\AppData\Roaming\0EC8ACDE\ak.tmp
Pr�sent! C:\Users\Admin\AppData\Roaming\0EC8ACDE
Pr�sent! G:\DID.lnk
Pr�sent! G:\nonce.lnk
Pr�sent! G:\LOST.DIR.lnk
Pr�sent! G:\.Theater.lnk
Pr�sent! G:\System.lnk
Pr�sent! G:\Audible.lnk
Pr�sent! G:\Documents.lnk
Pr�sent! G:\Flash.lnk
Pr�sent! G:\Music.lnk
Pr�sent! G:\Pictures.lnk
Pr�sent! G:\Recordings.lnk
Pr�sent! G:\Video.lnk
Pr�sent! G:\Autorun.inf.lnk
Pr�sent! H:\Groupe 1 - Druart Dorian.lnk
Pr�sent! H:\Autorun.inf.lnk
Pr�sent! H:\Logos.lnk
Pr�sent! H:\Progra.lnk
Pr�sent! H:\logo modifi�.lnk
Pr�sent! H:\recto.lnk
Pr�sent! H:\Interro.lnk
Pr�sent! H:\Pyramide.lnk
Pr�sent! H:\Fibonacci tab.lnk
Pr�sent! H:\Fraise Xray Dorian.lnk
Pr�sent! H:\~psD026.lnk
Pr�sent! C:\Users\Admin\AppData\Roaming\Admin-wchelper.dll
Pr�sent! F:\autorun.inf
################## | R�f�rence de comparaison MD5 |
Md5 : D41D8CD98F00B204E9800998ECF8427E -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> G:\iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> H:\iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
################## | Comparaison MD5 |
################## | Registre |
Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Pr�sent! HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Pr�sent! HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | UsbFix - Information |
UsbFix a d�tect� sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
Apr�s d�sinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectu� des achats sur internet,
veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.
################## | Vaccin |
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: Admin (Administrateur) # ADMIN-PC
Mis � jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 18:31:58 | 21/11/2013
Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: ASUSTeK Computer INC. (P5QL PRO)
CPU: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
RAM -> [Total : 4095 | Free : 1865]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 259 Go (102 Go libre(s) - 40%) [] # NTFS
D:\ -> Disque fixe # 207 Go (36 Go libre(s) - 17%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 31 Go (28 Go libre(s) - 91%) [COWON J3] # FAT32
H:\ -> Disque amovible # 4 Go (4 Go libre(s) - 96%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 372 |ParentID: 364)
C:\Windows\system32\wininit.exe (ID: 432 |ParentID: 364)
C:\Windows\system32\csrss.exe (ID: 456 |ParentID: 424)
C:\Windows\system32\winlogon.exe (ID: 488 |ParentID: 424)
C:\Windows\system32\services.exe (ID: 540 |ParentID: 432)
C:\Windows\system32\lsass.exe (ID: 548 |ParentID: 432)
C:\Windows\system32\lsm.exe (ID: 560 |ParentID: 432)
C:\Windows\system32\svchost.exe (ID: 660 |ParentID: 540)
C:\Windows\system32\nvvsvc.exe (ID: 724 |ParentID: 540)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 748 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 792 |ParentID: 540)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 840 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 972 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 328 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 388 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1068 |ParentID: 540)
C:\Windows\System32\spoolsv.exe (ID: 1164 |ParentID: 540)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1192 |ParentID: 724)
C:\Windows\system32\nvvsvc.exe (ID: 1200 |ParentID: 724)
C:\Windows\system32\svchost.exe (ID: 1276 |ParentID: 540)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1364 |ParentID: 540)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1408 |ParentID: 540)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1444 |ParentID: 540)
C:\Windows\SysWOW64\PnkBstrA.exe (ID: 1536 |ParentID: 540)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (ID: 1568 |ParentID: 540)
C:\Windows\system32\taskhost.exe (ID: 1648 |ParentID: 540)
C:\Windows\system32\Dwm.exe (ID: 1696 |ParentID: 1004)
C:\Windows\Explorer.EXE (ID: 1708 |ParentID: 1688)
C:\Windows\system32\svchost.exe (ID: 1996 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1128 |ParentID: 540)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (ID: 1348 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 1956 |ParentID: 1128)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (ID: 2100 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 2632 |ParentID: 540)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 2896 |ParentID: 1708)
C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID: 2968 |ParentID: 2924)
C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (ID: 3040 |ParentID: 2924)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 2604 |ParentID: 1192)
C:\Windows\System32\WUDFHost.exe (ID: 2848 |ParentID: 1004)
c:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 1776 |ParentID: 540)
C:\Windows\system32\SearchIndexer.exe (ID: 2748 |ParentID: 540)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2892 |ParentID: 540)
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ID: 3144 |ParentID: 2232)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 3204 |ParentID: 2232)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (ID: 3308 |ParentID: 2232)
D:\Programmes\iTunes\iTunesHelper.exe (ID: 3380 |ParentID: 2232)
C:\Windows\system32\svchost.exe (ID: 3524 |ParentID: 540)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3944 |ParentID: 540)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3716 |ParentID: 1708)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4272 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4900 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2608 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2728 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3388 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2680 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4456 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4612 |ParentID: 3716)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4744 |ParentID: 3716)
C:\Users\Admin\Desktop\RogueKiller-8.7.8.exe (ID: 1804 |ParentID: 1708)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4888 |ParentID: 660)
C:\Windows\servicing\TrustedInstaller.exe (ID: 4192 |ParentID: 540)
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4676 |ParentID: 3716)
C:\Windows\system32\taskeng.exe (ID: 3632 |ParentID: 388)
C:\Windows\system32\SearchProtocolHost.exe (ID: 696 |ParentID: 2748)
C:\Windows\system32\SearchFilterHost.exe (ID: 2584 |ParentID: 2748)
C:\UsbFix\Go.exe (ID: 3032 |ParentID: 3212)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [WinampAgent] - D:\Programmes\Winamp\winampa.exe
04 - HKLM\SOFTWARE | Run : [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "D:\Programmes\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [WinampAgent] - D:\Programmes\Winamp\winampa.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "D:\Programmes\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "D:\Programmes\Daemon Tool\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [Spybot-S&D Cleaning] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [BitTorrent] - "C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [HKCU] - C:\Users\Admin\AppData\Local\Temp\cvtres.exe
04 - HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Admin\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche g�n�rique |
Pr�sent! C:\Users\Admin\AppData\Roaming\0EC8ACDE\ak.tmp
Pr�sent! C:\Users\Admin\AppData\Roaming\0EC8ACDE
Pr�sent! G:\DID.lnk
Pr�sent! G:\nonce.lnk
Pr�sent! G:\LOST.DIR.lnk
Pr�sent! G:\.Theater.lnk
Pr�sent! G:\System.lnk
Pr�sent! G:\Audible.lnk
Pr�sent! G:\Documents.lnk
Pr�sent! G:\Flash.lnk
Pr�sent! G:\Music.lnk
Pr�sent! G:\Pictures.lnk
Pr�sent! G:\Recordings.lnk
Pr�sent! G:\Video.lnk
Pr�sent! G:\Autorun.inf.lnk
Pr�sent! H:\Groupe 1 - Druart Dorian.lnk
Pr�sent! H:\Autorun.inf.lnk
Pr�sent! H:\Logos.lnk
Pr�sent! H:\Progra.lnk
Pr�sent! H:\logo modifi�.lnk
Pr�sent! H:\recto.lnk
Pr�sent! H:\Interro.lnk
Pr�sent! H:\Pyramide.lnk
Pr�sent! H:\Fibonacci tab.lnk
Pr�sent! H:\Fraise Xray Dorian.lnk
Pr�sent! H:\~psD026.lnk
Pr�sent! C:\Users\Admin\AppData\Roaming\Admin-wchelper.dll
Pr�sent! F:\autorun.inf
################## | R�f�rence de comparaison MD5 |
Md5 : D41D8CD98F00B204E9800998ECF8427E -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> G:\iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> H:\iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
################## | Comparaison MD5 |
################## | Registre |
Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Pr�sent! HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HKCU
Pr�sent! HKU\S-1-5-21-3816408545-1883177193-1285993949-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | UsbFix - Information |
UsbFix a d�tect� sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
Apr�s d�sinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectu� des achats sur internet,
veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.
################## | Vaccin |
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |