cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Serato (Administrateur) # SERATO-PC
Mis � jour le 31/03/2014 par El Desaparecido - Team SosVirus
Lanc� � 10:31:52 | 28/04/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: LENOVO (27147TG)
CPU: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
RAM -> [Total : 1944 Mo| Free : 1304 Mo]
Bios: LENOVO
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 34.0.1847.116

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 228 Go (120 Go libre(s) - 53%) [] # NTFS
D:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (624 Mo libre(s) - 16%) [KINGSTON] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 376 |ParentID: 340)
C:\Windows\system32\wininit.exe (ID: 432 |ParentID: 340)
C:\Windows\system32\csrss.exe (ID: 444 |ParentID: 424)
C:\Windows\system32\services.exe (ID: 480 |ParentID: 432)
C:\Windows\system32\lsass.exe (ID: 496 |ParentID: 432)
C:\Windows\system32\lsm.exe (ID: 504 |ParentID: 432)
C:\Windows\system32\svchost.exe (ID: 612 |ParentID: 480)
C:\Windows\system32\winlogon.exe (ID: 636 |ParentID: 424)
C:\Windows\system32\svchost.exe (ID: 736 |ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 800 |ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 876 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 928 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 964 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1080 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1188 |ParentID: 480)
C:\Windows\System32\spoolsv.exe (ID: 1360 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1400 |ParentID: 480)
C:\Windows\system32\taskhost.exe (ID: 1488 |ParentID: 480)
C:\Windows\system32\Dwm.exe (ID: 1584 |ParentID: 876)
C:\Windows\Explorer.EXE (ID: 1632 |ParentID: 1576)
C:\Windows\system32\svchost.exe (ID: 1704 |ParentID: 480)
C:\Windows\system32\runonce.exe (ID: 1804 |ParentID: 1632)
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 1820 |ParentID: 480)
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (ID: 1928 |ParentID: 480)
C:\Windows\system32\sppsvc.exe (ID: 2008 |ParentID: 480)
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (ID: 1624 |ParentID: 1928)
C:\Windows\System32\svchost.exe (ID: 372 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 2160 |ParentID: 480)
C:\Windows\System32\WUDFHost.exe (ID: 2356 |ParentID: 876)
C:\Windows\system32\taskeng.exe (ID: 2400 |ParentID: 964)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2796 |ParentID: 480)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 920 |ParentID: 612)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3996 |ParentID: 612)

################## | Recherche g�n�rique |


(!) Fichiers temporaires supprim�s.

################## | Registre |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [Apoint] C:\Program Files\Apoint2K\Apoint.exe
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Listing |

[04/12/2013 - 14:43:47 | SHD] - C:\$Recycle.Bin
[10/06/2009 - 23:42:20 | A | 0 Ko] - C:\autoexec.bat
[04/12/2013 - 14:32:06 | SHD] - C:\Boot
[20/11/2010 - 23:29:06 | RASH | 375 Ko] - C:\bootmgr
[04/12/2013 - 14:32:08 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[10/06/2009 - 23:42:20 | | 0 Ko] - C:\config.sys
[14/07/2009 - 06:53:55 | SHD] - C:\Documents and Settings
[04/08/2009 - 19:06:10 | | 167 Ko] - C:\grldr
[28/04/2014 - 10:29:22 | ASH | 1493016 Ko] - C:\hiberfil.sys
[04/12/2013 - 16:00:32 | D] - C:\Intel
[28/04/2014 - 10:29:27 | ASH | 1990688 Ko] - C:\pagefile.sys
[14/07/2009 - 04:37:05 | D] - C:\PerfLogs
[27/04/2014 - 14:04:36 | D] - C:\Program Files
[27/04/2014 - 14:04:49 | HD] - C:\ProgramData
[04/12/2013 - 14:43:20 | SHD] - C:\Recovery
[27/04/2014 - 20:58:03 | SHD] - C:\System Volume Information
[28/04/2014 - 10:09:24 | D] - C:\UsbFix
[27/04/2014 - 21:01:45 | | 7 Ko | 509C29CF3CF4957EC0DA50F6D1D4AAAE] - C:\UsbFix [Clean 2] SERATO-PC.txt
[27/04/2014 - 21:13:45 | | 7 Ko | 6966B823FA66E0A99521D0938C42BFB7] - C:\UsbFix [Clean 4] SERATO-PC.txt
[27/04/2014 - 21:17:11 | | 6 Ko | FBB2ECD6151EA7D562AB2840E58652C2] - C:\UsbFix [Clean 6] SERATO-PC.txt
[28/04/2014 - 10:32:21 | A | 5 Ko | CEBC328645B100D6E48E49A6AF38E9BD] - C:\UsbFix [Clean 8] SERATO-PC.txt
[27/04/2014 - 20:58:57 | | 3 Ko | B545F8F4A1017994FB431792AA6FFAA0] - C:\UsbFix [Listing 1] SERATO-PC.txt
[27/04/2014 - 20:57:59 | | 6 Ko | EFCFD1EDAEFE5963FB394B2B3EADBB41] - C:\UsbFix [Scan 1] SERATO-PC.txt
[28/04/2014 - 10:09:55 | | 5 Ko | F3A61B3C1BE21E72827EAEEC5E34F294] - C:\UsbFix [Scan 2] SERATO-PC.txt
[04/12/2013 - 14:43:33 | D] - C:\Users
[06/12/2013 - 17:55:02 | D] - C:\Windows
[27/04/2014 - 18:09:28 | SH | 4 Ko] - G:\._.Trashes
[27/04/2014 - 18:09:28 | SHD] - G:\.Trashes
[27/04/2014 - 18:09:30 | SHD] - G:\.fseventsd
[23/04/2014 - 13:24:18 | N | 1090519 Ko] - G:\DCIM
[23/04/2014 - 14:15:30 | N | 1 Ko] - G:\_CIM_.LNK
[23/04/2014 - 14:16:24 | N | 1090519 Ko] - G:\_DCIM.link
[23/04/2014 - 14:15:44 | N | 1090519 Ko] - G:\_ETER

################## | Vaccin |

G:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité