cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.121 | [Suppression]

Utilisateur: G�raud (Administrateur) # DETERSON
Mis � jour le 07/04/2013 par El Desaparecido
Lanc� � 22:09:35 | 14/04/2013

Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Dell Inc. (Latitude D820 ) (X86-based PC)
CPU: Genuine Intel(R) CPU T2400 @ 1.83GHz (1828)
RAM -> [Total : 2046 | Free : 1095]
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A06
BOOT: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 466 Go (355 Go libre(s) - 76%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (3 Go libre(s) - 73%) [EASY KEY] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\SOFTWARE | Run : [IntelZeroConfig] - "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
HKLM\SOFTWARE | Run : [IntelWireless] - "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [DellTouch] - C:\WINDOWS\MMKeybd.exe
HKLM\SOFTWARE | Run : [Apoint] - C:\Program Files\DellTPad\Apoint.exe
HKLM\SOFTWARE | Run : [SigmatelSysTrayApp] - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /installquiet
HKLM\SOFTWARE | Run : [NVHotkey] - rundll32.exe nvHotkey.dll,Start
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [BootSkin Startup Jobs] - "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-1757981266-329068152-1606980848-1003\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1757981266-329068152-1606980848-1003\SOFTWARE | Run : [Gadwin PrintScreen] - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
HKU\S-1-5-21-1757981266-329068152-1606980848-1003\SOFTWARE | Run : [GoogleChromeAutoLaunch_E1AB64F4BED446AD887BD7CAAB5C76D5] - "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Processus Stopp�s |

Stopp�! C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1536)
Stopp�! C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (1596)
Stopp�! C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (1620)
Stopp�! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (2016)
Stopp�! C:\WINDOWS\Explorer.EXE (440)
Stopp�! C:\WINDOWS\system32\spoolsv.exe (1232)
Stopp�! C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (1348)
Stopp�! C:\WINDOWS\system32\rundll32.exe (1956)
Stopp�! C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (1964)
Stopp�! C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (1972)
Stopp�! C:\Program Files\AVAST Software\Avast\avastUI.exe (1980)
Stopp�! C:\Program Files\DellTPad\Apoint.exe (2040)
Stopp�! C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (1780)
Stopp�! C:\WINDOWS\system32\rundll32.exe (192)
Stopp�! C:\WINDOWS\system32\RUNDLL32.EXE (212)
Stopp�! C:\Program Files\iTunes\iTunesHelper.exe (256)
Stopp�! C:\Program Files\DellTPad\ApMsgFwd.exe (308)
Stopp�! C:\Program Files\DellTPad\HidFind.exe (460)
Stopp�! C:\Program Files\DellTPad\Apntex.exe (548)
Stopp�! C:\WINDOWS\Nhksrv.exe (560)
Stopp�! C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (940)
Stopp�! C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (1672)
Stopp�! C:\Program Files\Bonjour\mDNSResponder.exe (1728)
Stopp�! C:\WINDOWS\system32\libusbd-nt.exe (2768)
Stopp�! C:\WINDOWS\system32\nvsvc32.exe (2924)
Stopp�! c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe (3384)
Stopp�! C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3408)
Stopp�! C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (3684)
Stopp�! C:\Program Files\iPod\bin\iPodService.exe (3556)
Stopp�! C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe (2756)
Stopp�! C:\WINDOWS\system32\taskmgr.exe (2104)

################## | �l�ments infectieux |


(!) Fichiers temporaires supprim�s.

################## | Registre |

Supprim�! HKLM\software\microsoft\shared tools\msconfig\startupreg\

################## | Mountpoints2 |

Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\D

################## | Listing |

[30/12/2011 - 21:49:16 | N | 112] C:\224CC312826A
[29/12/2012 - 19:15:24 | D ] C:\640fdd75fefd1b5f71dda43c57
[30/12/2011 - 21:49:16 | N | 40] C:\726DD17F1AAF
[28/12/2012 - 15:53:13 | N | 0] C:\AUTOEXEC.BAT
[02/01/2013 - 16:10:11 | N | 0] C:\AutomapClients.ini
[14/04/2013 - 22:09:04 | RASHD ] C:\Autorun.inf
[13/04/2013 - 17:12:36 | N | 212] C:\boot.ini
[14/04/2008 - 14:00:00 | N | 4952] C:\Bootfont.bin
[28/12/2012 - 15:53:13 | N | 0] C:\CONFIG.SYS
[28/12/2012 - 23:42:07 | D ] C:\dell
[26/01/2013 - 17:27:55 | D ] C:\Dell Management Packs
[28/12/2012 - 16:03:32 | D ] C:\Documents and Settings
[06/04/2013 - 22:33:15 | D ] C:\FFOutput
[26/01/2013 - 15:39:41 | D ] C:\Games
[29/12/2012 - 15:52:46 | D ] C:\Intel
[28/12/2012 - 15:53:13 | N | 0] C:\IO.SYS
[14/04/2013 - 22:04:19 | N | 21500] C:\JavaRa.log
[24/11/2012 - 11:57:40 | N | 107] C:\main.c
[28/12/2012 - 15:53:13 | N | 0] C:\MSDOS.SYS
[14/04/2008 - 14:00:00 | N | 47564] C:\NTDETECT.COM
[14/04/2008 - 14:00:00 | N | 252240] C:\ntldr
[14/04/2013 - 21:11:45 | ASH | 2145386496] C:\pagefile.sys
[14/04/2013 - 20:39:47 | D ] C:\Program Files
[28/12/2012 - 23:30:51 | SHD ] C:\RECYCLER
[29/12/2012 - 14:17:44 | D ] C:\SWSetup
[28/12/2012 - 15:58:12 | SHD ] C:\System Volume Information
[29/03/2013 - 00:38:09 | D ] C:\temp
[14/04/2013 - 22:15:25 | D ] C:\UsbFix
[14/04/2013 - 22:15:47 | A | 6902] C:\UsbFix [Clean 1] DETERSON.txt
[13/04/2013 - 15:56:32 | D ] C:\WINDOWS
[14/04/2013 - 11:39:10 | D ] C:\ZHP
[14/01/2013 - 22:48:52 | D ] G:\Dubstep Drum Kit
[14/01/2013 - 22:48:12 | D ] G:\ELECTRO and DUBSTEP
[14/01/2013 - 22:46:56 | D ] G:\FL Studio 10 Final Up By Oli-Ploop
[14/01/2013 - 22:40:10 | D ] G:\photoshop cs6
[24/07/2012 - 18:18:18 | N | 26] G:\cl� wifi.txt
[30/12/2012 - 12:18:22 | N | 3773504] G:\vpsetup_v2.30.exe
[11/01/2013 - 00:23:50 | N | 107223780] G:\orchestral.flp
[29/12/2012 - 23:05:32 | N | 5179191] G:\Crack DriverScanner2013 by Gerus Magnus.rar
[14/02/2013 - 21:53:24 | N | 349399] G:\Sans nom 1.odt
[17/02/2013 - 22:54:32 | N | 5304271] G:\I LIKE TRAINS (asdfmovie song).mp3
[03/02/2013 - 08:20:14 | N | 14784823] G:\Pablo Casals lol.odt
[24/02/2013 - 17:48:46 | D ] G:\Game_Maker_8.0_Pro_Cracked_Tutorials(masoodalam51)
[21/03/2013 - 20:44:12 | N | 3941006] G:\Tacata.mp3
[08/04/2013 - 20:19:10 | N | 1326447] G:\img_2645.jpg
[19/03/2013 - 21:39:50 | D ] G:\Prison Architect (Alpha 5)
[27/03/2013 - 08:05:42 | D ] G:\Black Mesa Security
[11/02/2013 - 23:53:32 | N | 104833532] G:\SB.Cyclop.101.R2R.PC.rar
[14/04/2013 - 22:09:10 | RASHD ] G:\Autorun.inf
[04/04/2013 - 22:48:14 | N | 13836] G:\LA BIODIVERSITE EN DANGER.docx
[14/01/2013 - 22:49:00 | D ] G:\autobiographie lol

################## | Vaccin |

C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.org |

Publicité


Signaler le contenu de ce document

Publicité