Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.128 | [Recherche]
Utilisateur: Utilisateur (Administrateur) # UTILISATEUR-MSI
Mis � jour le 20/06/2013 par El Desaparecido
Lanc� � 05:58:48 | 24/06/2013
Site Web: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/forum-virus-securite/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: Micro-Star International (MS-16GN) (x64-based PC)
CPU: AMD E-350 Processor (1600)
RAM -> [Total : 3692 | Free : 2324]
BIOS: E16GNAMS Ver1.05 Date: 01/27/11
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16618
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 95 Go (40 Go libre(s) - 42%) [OS_Install] # NTFS
D:\ -> Disque fixe # 359 Go (287 Go libre(s) - 80%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 728 Mo (196 Mo libre(s) - 27%) [Mot de passe] # NTFS
G:\ -> Disque amovible # 8 Go (6 Go libre(s) - 74%) [KINGSTON] # FAT32
H:\ -> Disque amovible # 2 Go (1 Go libre(s) - 67%) [KINGSTON] # FAT
J:\ -> Disque fixe # 149 Go (70 Go libre(s) - 47%) [DD Externe] # NTFS
################## | Processus Actif |
C:\windows\system32\csrss.exe (664)
C:\windows\system32\wininit.exe (744)
C:\windows\system32\csrss.exe (756)
C:\windows\system32\services.exe (800)
C:\windows\system32\lsass.exe (816)
C:\windows\system32\lsm.exe (824)
C:\windows\system32\winlogon.exe (856)
C:\windows\system32\svchost.exe (984)
C:\windows\system32\svchost.exe (520)
C:\windows\system32\atiesrxx.exe (696)
C:\windows\System32\svchost.exe (1032)
C:\windows\System32\svchost.exe (1076)
C:\windows\system32\svchost.exe (1120)
C:\windows\system32\svchost.exe (1160)
C:\windows\system32\svchost.exe (1356)
C:\windows\system32\atieclxx.exe (1404)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1452)
C:\windows\System32\spoolsv.exe (1612)
C:\windows\system32\svchost.exe (1660)
C:\windows\system32\taskhost.exe (1760)
C:\windows\system32\Dwm.exe (1880)
C:\windows\Explorer.EXE (1920)
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (1976)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2004)
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (1144)
C:\windows\system32\svchost.exe (1116)
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (2056)
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (2104)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (2344)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2380)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2648)
C:\windows\system32\svchost.exe (2792)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (2992)
C:\windows\system32\svchost.exe (2192)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (3104)
C:\Program Files (x86)\YoWindow\yowindow.exe (3336)
C:\windows\system32\SearchIndexer.exe (3352)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3716)
C:\windows\explorer.exe (3644)
C:\windows\System32\svchost.exe (2480)
C:\Program Files\Windows Media Player\wmpnetwk.exe (3844)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (1792)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (1872)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (1072)
C:\windows\System32\WUDFHost.exe (1132)
C:\windows\system32\wbem\wmiprvse.exe (3604)
C:\UsbFix\Go.exe (4740)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKLM\SOFTWARE\wow6432Node | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\garminlifetime.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetection.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsettings.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msi game corner.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s-bar.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer_setup_fr.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tomtomax_maxibox.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe
################## | Mountpoints2 |
################## | Vaccin |
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |
Utilisateur: Utilisateur (Administrateur) # UTILISATEUR-MSI
Mis � jour le 20/06/2013 par El Desaparecido
Lanc� � 05:58:48 | 24/06/2013
Site Web: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/forum-virus-securite/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: Micro-Star International (MS-16GN) (x64-based PC)
CPU: AMD E-350 Processor (1600)
RAM -> [Total : 3692 | Free : 2324]
BIOS: E16GNAMS Ver1.05 Date: 01/27/11
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16618
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 95 Go (40 Go libre(s) - 42%) [OS_Install] # NTFS
D:\ -> Disque fixe # 359 Go (287 Go libre(s) - 80%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 728 Mo (196 Mo libre(s) - 27%) [Mot de passe] # NTFS
G:\ -> Disque amovible # 8 Go (6 Go libre(s) - 74%) [KINGSTON] # FAT32
H:\ -> Disque amovible # 2 Go (1 Go libre(s) - 67%) [KINGSTON] # FAT
J:\ -> Disque fixe # 149 Go (70 Go libre(s) - 47%) [DD Externe] # NTFS
################## | Processus Actif |
C:\windows\system32\csrss.exe (664)
C:\windows\system32\wininit.exe (744)
C:\windows\system32\csrss.exe (756)
C:\windows\system32\services.exe (800)
C:\windows\system32\lsass.exe (816)
C:\windows\system32\lsm.exe (824)
C:\windows\system32\winlogon.exe (856)
C:\windows\system32\svchost.exe (984)
C:\windows\system32\svchost.exe (520)
C:\windows\system32\atiesrxx.exe (696)
C:\windows\System32\svchost.exe (1032)
C:\windows\System32\svchost.exe (1076)
C:\windows\system32\svchost.exe (1120)
C:\windows\system32\svchost.exe (1160)
C:\windows\system32\svchost.exe (1356)
C:\windows\system32\atieclxx.exe (1404)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1452)
C:\windows\System32\spoolsv.exe (1612)
C:\windows\system32\svchost.exe (1660)
C:\windows\system32\taskhost.exe (1760)
C:\windows\system32\Dwm.exe (1880)
C:\windows\Explorer.EXE (1920)
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (1976)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2004)
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (1144)
C:\windows\system32\svchost.exe (1116)
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (2056)
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (2104)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (2344)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2380)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2648)
C:\windows\system32\svchost.exe (2792)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (2992)
C:\windows\system32\svchost.exe (2192)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (3104)
C:\Program Files (x86)\YoWindow\yowindow.exe (3336)
C:\windows\system32\SearchIndexer.exe (3352)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3716)
C:\windows\explorer.exe (3644)
C:\windows\System32\svchost.exe (2480)
C:\Program Files\Windows Media Player\wmpnetwk.exe (3844)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (1792)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (1872)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (1072)
C:\windows\System32\WUDFHost.exe (1132)
C:\windows\system32\wbem\wmiprvse.exe (3604)
C:\UsbFix\Go.exe (4740)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKLM\SOFTWARE\wow6432Node | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\garminlifetime.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetection.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsettings.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msi game corner.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s-bar.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer_setup_fr.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tomtomax_maxibox.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe
################## | Mountpoints2 |
################## | Vaccin |
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |