cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.145 | [Deletion]

User: Administrator (Administrator) # COMPUTER
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 12:48:22 | 18/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Dell Inc. (038C0K)
CPU: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
RAM -> [Total : 3977 | Free : 1165]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 282 Gb (215 Mb free - 76%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Fixed drive # 931 Gb (526 Mb free - 56%) [My Passport] # NTFS
G:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [] # FAT32

################## | Regedit Run |

HKLM\SOFTWARE | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKLM\SOFTWARE | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
HKLM\SOFTWARE | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
HKLM\SOFTWARE | Run : [RoxWatchTray] - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
HKLM\SOFTWARE | Run : [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM\SOFTWARE | Run : [Athan] - C:\Program Files (x86)\Athan\Athan.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
HKLM\SOFTWARE\wow6432Node | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM\SOFTWARE\wow6432Node | Run : [Athan] - C:\Program Files (x86)\Athan\Athan.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | Policies\Explorer\run : [] - 1
HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [Connectify] - C:\Program Files (x86)\Connectify\Connectify.exe
HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [Lync] - "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [dtlswbgexu] - wscript.exe //B "C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [] -
HKU\S-1-5-20\SOFTWARE | RunOnce : [] -
HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\SOFTWARE | RunOnce : [] -
HKU\S-1-5-18\SOFTWARE | RunOnce : [] -

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (ID 836 |ParentID 652)
Stopped! C:\Program Files\IDT\WDM\STacSV64.exe (ID 344 |ParentID 652)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1420 |ParentID 836)
Stopped! C:\Windows\system32\nvvsvc.exe (ID 1428 |ParentID 836)
Stopped! C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (ID 1476 |ParentID 652)
Stopped! C:\Windows\system32\WLANExt.exe (ID 1484 |ParentID 996)
Stopped! C:\Windows\system32\conhost.exe (ID 1492 |ParentID 440)
Stopped! C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (ID 1532 |ParentID 1476)
Stopped! C:\Windows\System32\spoolsv.exe (ID 1664 |ParentID 652)
Stopped! C:\Program Files\Common Files\SPBA\upeksvr.exe (ID 1748 |ParentID 952)
Stopped! C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (ID 1816 |ParentID 652)
Stopped! C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (ID 1840 |ParentID 652)
Stopped! C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (ID 1948 |ParentID 652)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 2016 |ParentID 652)
Stopped! C:\Program Files\IDT\WDM\AESTSr64.exe (ID 436 |ParentID 652)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 2044 |ParentID 652)
Stopped! C:\Windows\system32\taskhost.exe (ID 2204 |ParentID 652)
Stopped! C:\Windows\system32\taskeng.exe (ID 2232 |ParentID 1020)
Stopped! C:\Windows\Explorer.EXE (ID 2336 |ParentID 2280)
Stopped! C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (ID 2440 |ParentID 2232)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (ID 2504 |ParentID 652)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 2552 |ParentID 652)
Stopped! C:\Program Files\DellTPad\Apoint.exe (ID 2772 |ParentID 2336)
Stopped! C:\Program Files\IDT\WDM\sttray64.exe (ID 2780 |ParentID 2336)
Stopped! C:\Windows\System32\hkcmd.exe (ID 2848 |ParentID 2336)
Stopped! C:\Windows\System32\igfxpers.exe (ID 2872 |ParentID 2336)
Stopped! C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (ID 2924 |ParentID 2336)
Stopped! C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (ID 2956 |ParentID 2336)
Stopped! C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (ID 2980 |ParentID 2336)
Stopped! C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (ID 2996 |ParentID 2336)
Stopped! C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (ID 2184 |ParentID 2336)
Stopped! C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (ID 956 |ParentID 2336)
Stopped! C:\Windows\System32\wscript.exe (ID 3104 |ParentID 2336)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID 3216 |ParentID 2336)
Stopped! C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (ID 3332 |ParentID 652)
Stopped! C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ID 3360 |ParentID 3180)
Stopped! C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ID 3488 |ParentID 3180)
Stopped! C:\Program Files (x86)\Athan\Athan.exe (ID 3648 |ParentID 3180)
Stopped! C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 3844 |ParentID 3180)
Stopped! C:\Windows\system32\IProsetMonitor.exe (ID 4044 |ParentID 652)
Stopped! C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (ID 704 |ParentID 652)
Stopped! C:\Program Files\ma-config.com\MaConfigAgent.exe (ID 3284 |ParentID 652)
Stopped! C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID 468 |ParentID 652)
Stopped! C:\Program Files (x86)\Norton Zone\Engine\1.0.12.6\ccSvcHst.exe (ID 3448 |ParentID 652)
Stopped! C:\Windows\system32\DRIVERS\o2flash.exe (ID 1064 |ParentID 652)
Stopped! c:\Windows\SysWOW64\srvany.exe (ID 4060 |ParentID 652)
Stopped! c:\Windows\sysWOW64\SDIOAssist.exe (ID 2088 |ParentID 4060)
Stopped! C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 1932 |ParentID 652)
Stopped! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 2180 |ParentID 652)
Stopped! C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (ID 4184 |ParentID 652)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 4256 |ParentID 652)
Stopped! c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe (ID 4336 |ParentID 652)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 4352 |ParentID 4256)
Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID 4396 |ParentID 3028)
Stopped! C:\Program Files (x86)\Norton Zone\Engine\1.0.12.6\ccSvcHst.exe (ID 4912 |ParentID 3448)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (ID 5008 |ParentID 652)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (ID 5096 |ParentID 3344)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID 4532 |ParentID 652)
Stopped! C:\Program Files\DellTPad\ApMsgFwd.exe (ID 5736 |ParentID 2772)
Stopped! C:\Windows\System32\WUDFHost.exe (ID 5804 |ParentID 996)
Stopped! C:\Program Files\DellTPad\Apntex.exe (ID 6124 |ParentID 6112)
Stopped! C:\Windows\system32\conhost.exe (ID 2548 |ParentID 548)
Stopped! C:\Windows\SysWOW64\RunDll32.exe (ID 5164 |ParentID 3216)
Stopped! C:\Program Files\DellTPad\HidFind.exe (ID 3536 |ParentID 2772)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID 5240 |ParentID 768)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID 784 |ParentID 5240)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 3672 |ParentID 652)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 4144 |ParentID 652)
Stopped! C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID 6512 |ParentID 468)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7164 |ParentID 2336)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2116 |ParentID 7164)
Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 5324 |ParentID 652)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4816 |ParentID 7164)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID 7244 |ParentID 652)
Stopped! C:\Program Files (x86)\Connectify\ConnectifyService.exe (ID 4428 |ParentID 652)
Stopped! C:\Program Files (x86)\Connectify\Connectifyd.exe (ID 8028 |ParentID 4428)
Stopped! C:\Windows\system32\conhost.exe (ID 4580 |ParentID 440)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3952 |ParentID 652)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1696 |ParentID 7164)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7992 |ParentID 7164)
Stopped! C:\Program Files (x86)\iTunes\iTunes.exe (ID 7352 |ParentID 3844)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (ID 2640 |ParentID 7352)
Stopped! C:\Windows\system32\conhost.exe (ID 8908 |ParentID 548)
Stopped! C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (ID 3628 |ParentID 2640)
Stopped! C:\Windows\system32\conhost.exe (ID 5792 |ParentID 548)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe (ID 4484 |ParentID 7352)
Stopped! C:\Windows\system32\conhost.exe (ID 4672 |ParentID 548)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (ID 8632 |ParentID 2640)
Stopped! C:\Windows\system32\conhost.exe (ID 7252 |ParentID 548)
Stopped! C:\Program Files (x86)\Connectify\Connectify.exe (ID 7452 |ParentID 2336)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6476 |ParentID 7164)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 9596 |ParentID 7164)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 10692 |ParentID 7164)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 10516 |ParentID 7164)
Stopped! C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (ID 11272 |ParentID 3736)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8488 |ParentID 7164)
Stopped! C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (ID 10352 |ParentID 8028)
Stopped! C:\Windows\system32\conhost.exe (ID 10188 |ParentID 440)
Stopped! C:\Windows\System32\WUDFHost.exe (ID 11204 |ParentID 996)
Stopped! C:\Windows\system32\taskeng.exe (ID 10332 |ParentID 1020)

################## | Files # Infected Folders |

Deleted ! G:\dtlswbgexu..vbs
Deleted ! C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs
Deleted ! C:\Users\Administrator.COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlswbgexu..vbs
Deleted ! G:\Ru-423z_DMLR_066_131016.lnk
Deleted ! G:\Ru-423z_GMLR_067_131017.lnk
Not deleted ! E:\autorun.inf

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKU\S-1-5-21-4051628422-3525690287-1979791056-500\Software\Microsoft\Windows\CurrentVersion\Run|dtlswbgexu
Deleted ! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Listing |

[05/10/2013 - 18:41:06 | D ] C:\$RECYCLE.BIN
[29/03/2012 - 00:34:18 | D ] C:\Apps
[21/07/2013 - 19:22:39 | N | 1001] C:\DelFix.txt
[26/06/2012 - 15:54:48 | D ] C:\dell
[29/03/2012 - 01:59:53 | N | 39329] C:\dell.sdr
[14/07/2009 - 08:08:56 | SHD ] C:\Documents and Settings
[29/03/2012 - 01:46:52 | D ] C:\Drivers
[16/10/2013 - 20:54:18 | D ] C:\FFOutput
[21/07/2013 - 19:26:22 | D ] C:\FRST
[17/10/2013 - 12:02:39 | ASH | 3127558144] C:\hiberfil.sys
[29/03/2012 - 02:03:37 | D ] C:\Intel
[06/07/2013 - 21:19:07 | D ] C:\Logs
[13/06/2012 - 20:30:16 | RD ] C:\MSOCache
[17/10/2013 - 12:02:48 | ASH | 4170080256] C:\pagefile.sys
[14/07/2009 - 06:20:08 | D ] C:\PerfLogs
[17/10/2013 - 13:22:46 | N | 512] C:\PhysicalDisk0_MBR.bin
[07/10/2013 - 23:11:19 | D ] C:\Program Files
[17/10/2013 - 20:48:10 | D ] C:\Program Files (x86)
[17/10/2013 - 19:39:04 | D ] C:\ProgramData
[17/10/2013 - 20:47:55 | SHD ] C:\System Volume Information
[13/06/2012 - 19:57:40 | N | 31] C:\tmuninst.ini
[18/10/2013 - 12:52:44 | D ] C:\UsbFix
[18/10/2013 - 12:53:38 | A | 15570] C:\UsbFix [Clean 1] COMPUTER.txt
[17/10/2013 - 23:38:50 | N | 15855] C:\UsbFix [Scan 1] COMPUTER.txt
[15/06/2013 - 08:32:34 | RD ] C:\Users
[17/10/2013 - 19:38:49 | D ] C:\Windows
[01/11/2011 - 23:39:30 | A | 79] E:\autorun.inf
[29/08/2012 - 02:57:49 | AD ] E:\Extras
[29/08/2012 - 01:36:07 | AD ] E:\Locale
[14/08/2012 - 18:35:28 | A | 2009024] E:\WD Drive Unlock.exe
[25/09/2013 - 13:36:59 | SHD ] F:\$RECYCLE.BIN
[26/09/2013 - 19:58:44 | N | 78978] F:\115-117#2931 (24-9) (8+2pax).jpg
[02/10/2013 - 23:35:06 | D ] F:\Ahmed
[05/09/2013 - 16:27:33 | N | 385594] F:\ChkFlsh.zip
[24/05/2013 - 21:50:30 | D ] F:\film
[08/09/2013 - 16:50:10 | D ] F:\found.000
[04/09/2013 - 20:26:04 | N | 205399] F:\ll.jpeg
[10/05/2013 - 14:07:46 | SHD ] F:\RECYCLER
[17/10/2013 - 23:17:25 | SHD ] F:\System Volume Information
[17/10/2013 - 12:40:36 | N | 20294] G:\Ru-423z_DMLR_066_131016.pdf
[18/10/2013 - 12:51:40 | N | 1445227] G:\Ru-423z_GMLR_067_131017.zip
[18/10/2013 - 02:51:16 | D ] G:\Ru-423z_GMLR_067_131017

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité