Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.130 | [Deletion]
User: Administrateur (Administrator) # BE15B
Updated 20/08/2013 by El Desaparecido
Started at 08:39:22 | 25/04/2014
Website: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net
PC: System manufacturer (System Product Name) (x64-based PC)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
RAM -> [Total : 4095 | Free : 3133]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft(R) Windows(R) XP Professionnel Edition x64 (5.2.3790 64-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.3790.1830
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (49 Mb free - 21%) [] # NTFS
D:\ -> Removable drive # 15 Gb (5 Mb free - 35%) [KINGSTON] # FAT32
E:\ -> Removable drive # 7 Gb (3 Mb free - 41%) [] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-19\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
################## | Stopped processes |
Stopped! C:\WINDOWS\explorer.exe (1876)
################## | Files # Infected Folders |
Deleted ! E:\snkb0pt
Not deleted ! X:\autorun.inf
Not deleted ! X:\snkb0pt\desktop.ini
Not deleted ! X:\snkb0pt\snkb0pt.exe
Not deleted ! X:\snkb0pt
Not deleted ! Y:\autorun.inf
Not deleted ! Y:\snkb0pt\desktop.ini
Not deleted ! Y:\snkb0pt\snkb0pt.exe
Not deleted ! Y:\snkb0pt
Not deleted ! Z:\autorun.inf
Not deleted ! Z:\snkb0pt\desktop.ini
Not deleted ! Z:\snkb0pt\snkb0pt.exe
Not deleted ! Z:\snkb0pt
(!) Temporary files deleted.
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[23/04/2014 - 12:05:23 | D ] C:\0201E14a-CN
[07/10/2013 - 13:13:53 | N | 4358316] C:\5Za01300
[22/11/2010 - 15:21:01 | D ] C:\841a925b9e1a01b75d0eff7b62
[23/04/2014 - 14:00:58 | D ] C:\AdwCleaner
[11/03/2009 - 16:03:12 | N | 0] C:\AUTOEXEC.BAT
[25/04/2014 - 08:17:52 | RASHD ] C:\Autorun.inf
[11/03/2009 - 15:58:56 | N | 213] C:\boot.ini
[03/09/2012 - 14:41:30 | D ] C:\Brother
[11/03/2009 - 16:03:12 | N | 0] C:\CONFIG.SYS
[15/12/2009 - 14:33:24 | D ] C:\Crack
[02/04/2014 - 15:20:24 | D ] C:\CT
[24/04/2014 - 13:56:05 | N | 120] C:\Documents
[04/04/2014 - 10:45:54 | D ] C:\Documents and Settings
[02/08/2013 - 13:43:25 | N | 1203391] C:\eof.txt
[09/03/2011 - 10:56:43 | D ] C:\GTI
[11/03/2009 - 16:34:23 | D ] C:\Intel
[11/03/2009 - 16:03:12 | N | 0] C:\IO.SYS
[02/12/2006 - 00:37:14 | N | 904704] C:\msdia80.dll
[11/03/2009 - 16:03:12 | N | 0] C:\MSDOS.SYS
[06/02/2013 - 10:46:19 | RHD ] C:\MSOCache
[18/02/2007 - 14:00:00 | N | 47772] C:\NTDETECT.COM
[18/02/2007 - 14:00:00 | N | 297072] C:\ntldr
[24/04/2014 - 11:23:02 | ASH | 6439305216] C:\pagefile.sys
[04/04/2014 - 11:34:47 | D ] C:\Program Files
[24/04/2014 - 11:59:23 | D ] C:\Program Files (x86)
[06/02/2013 - 10:25:48 | SHD ] C:\RECYCLER
[04/04/2014 - 11:44:09 | D ] C:\SolidWorks Data
[21/02/2014 - 09:47:45 | D ] C:\SUIVI BEST CN
[13/03/2009 - 10:46:16 | D ] C:\System
[11/03/2009 - 16:06:41 | SHD ] C:\System Volume Information
[18/04/2014 - 12:22:52 | D ] C:\temp
[25/04/2014 - 08:40:04 | D ] C:\UsbFix
[17/04/2014 - 18:27:46 | N | 6919] C:\UsbFix [Clean 10] BE15B.txt
[18/04/2014 - 07:40:01 | N | 6469] C:\UsbFix [Clean 11] BE15B.txt
[21/04/2014 - 17:45:18 | N | 7828] C:\UsbFix [Clean 12] BE15B.txt
[24/04/2014 - 10:01:27 | N | 7251] C:\UsbFix [Clean 13] BE15B.txt
[24/04/2014 - 11:52:27 | N | 8385] C:\UsbFix [Clean 14] BE15B.txt
[23/04/2014 - 12:28:46 | N | 9850] C:\UsbFix [Clean 15] BE15B.txt
[23/04/2014 - 13:51:23 | N | 9015] C:\UsbFix [Clean 16] BE15B.txt
[23/04/2014 - 13:55:06 | N | 9498] C:\UsbFix [Clean 17] BE15B.txt
[24/04/2014 - 10:06:09 | N | 11746] C:\UsbFix [Clean 18] BE15B.txt
[24/04/2014 - 11:57:10 | N | 12750] C:\UsbFix [Clean 19] BE15B.txt
[15/11/2013 - 19:06:50 | N | 6735] C:\UsbFix [Clean 1] BE15B.txt
[24/04/2014 - 11:58:27 | N | 11816] C:\UsbFix [Clean 20] BE15B.txt
[25/04/2014 - 08:15:14 | N | 14310] C:\UsbFix [Clean 21] BE15B.txt
[25/04/2014 - 08:16:33 | N | 14116] C:\UsbFix [Clean 22] BE15B.txt
[25/04/2014 - 08:17:52 | N | 14185] C:\UsbFix [Clean 23] BE15B.txt
[25/04/2014 - 08:40:17 | A | 6458] C:\UsbFix [Clean 24] BE15B.txt
[07/01/2014 - 19:41:11 | N | 8325] C:\UsbFix [Clean 2] BE15B.txt
[07/02/2014 - 19:05:26 | N | 5965] C:\UsbFix [Clean 3] BE15B.txt
[12/03/2014 - 17:07:30 | N | 3561] C:\UsbFix [Clean 4] BE15B.txt
[12/03/2014 - 17:44:23 | N | 6348] C:\UsbFix [Clean 5] BE15B.txt
[02/04/2014 - 12:50:32 | N | 7818] C:\UsbFix [Clean 6] BE15B.txt
[09/04/2014 - 17:17:45 | N | 8119] C:\UsbFix [Clean 7] BE15B.txt
[11/04/2014 - 13:53:25 | N | 8709] C:\UsbFix [Clean 8] BE15B.txt
[11/04/2014 - 17:45:54 | N | 8500] C:\UsbFix [Clean 9] BE15B.txt
[18/04/2014 - 07:38:28 | N | 4382] C:\UsbFix [Scan 1] BE15B.txt
[23/04/2014 - 13:56:50 | N | 4093] C:\UsbFix [Scan 2] BE15B.txt
[24/04/2014 - 14:11:39 | N | 4142] C:\UsbFix [Scan 3] BE15B.txt
[24/04/2014 - 14:12:35 | N | 4285] C:\UsbFix [Scan 4] BE15B.txt
[24/04/2014 - 14:43:31 | N | 4499] C:\UsbFix [Scan 5] BE15B.txt
[02/04/2014 - 15:20:24 | D ] C:\WINDOWS
[20/01/2014 - 21:17:54 | N | 4096] D:\._.Trashes
[09/07/2012 - 10:49:36 | N | 1642866] D:\IMG_4249.JPG
[02/01/2014 - 14:38:46 | D ] D:\CN
[05/02/2014 - 11:27:38 | D ] D:\DOSSIER ICPE - VERITAS
[31/01/2014 - 07:50:00 | N | 4096] D:\._Plaque porte.pptx
[20/01/2014 - 21:17:54 | HD ] D:\.Trashes
[20/01/2014 - 21:17:54 | D ] D:\.Spotlight-V100
[20/01/2014 - 21:17:54 | D ] D:\.fseventsd
[09/07/2012 - 10:49:38 | N | 1661286] D:\IMG_4250.JPG
[24/09/2012 - 15:11:02 | N | 1448491] D:\33.jpg
[20/01/2014 - 22:04:28 | N | 294] D:\.apdisk
[19/09/2002 - 11:30:34 | N | 589014] D:\minicats interieur004.JPG
[31/01/2014 - 07:50:00 | N | 4096] D:\._Plaque porte BE.pptx
[10/01/2003 - 11:27:42 | N | 27651] D:\minicats interieur006.JPG
[28/02/2009 - 10:33:30 | N | 1505458] D:\P1060354.JPG
[06/02/2014 - 15:01:58 | N | 2564714] D:\Toit complet V3.IGS
[04/02/2014 - 14:15:56 | N | 1893052] D:\Toit complet V1.IGS
[06/02/2014 - 15:09:34 | SHD ] D:\System Volume Information
[22/11/2010 - 18:33:16 | N | 179987] D:\NV01M01eP02.pdf
[26/02/2014 - 22:18:54 | D ] D:\Gallerie
[17/03/2014 - 10:06:38 | N | 961431] D:\Plaque porte BE.pptx
[07/02/2014 - 15:14:54 | N | 149874] D:\Plaque porte BE 07-02-2014.jpg
[26/02/2014 - 22:53:44 | D ] D:\.TemporaryItems
[26/02/2014 - 22:53:44 | N | 4096] D:\._.TemporaryItems
[26/02/2014 - 23:56:48 | D ] D:\PSA
[26/02/2014 - 23:57:04 | D ] D:\One gallerie
[26/02/2014 - 23:57:04 | D ] D:\AIRPOD GALLERIE
[21/11/2011 - 16:59:32 | N | 38912] D:\CALCULA ACV COMP.xls
[18/03/2014 - 10:37:24 | D ] D:\Iphone Cyril
[19/03/2014 - 13:41:00 | N | 4709160] D:\IMG_1370.MOV
[07/03/2014 - 17:03:04 | N | 1524825] D:\Plaque porte.pptx
[17/03/2014 - 09:40:10 | N | 147791] D:\Plaque porte BE 1703-2014.jpg
[19/03/2014 - 13:41:16 | N | 719546] D:\photo1.JPG
[19/03/2014 - 13:41:44 | N | 781713] D:\photo2.JPG
[19/03/2014 - 13:41:56 | N | 673344] D:\photo3.JPG
[19/03/2014 - 13:42:16 | N | 633342] D:\photo.JPG
[19/03/2014 - 18:13:06 | D ] D:\Dessin GN 53
[19/03/2014 - 22:12:32 | N | 4096] D:\._IMG_1370.MOV
[21/03/2014 - 12:18:36 | N | 213592] D:\Valorisation du Groupe MDI Anglais.docx
[21/03/2014 - 17:26:20 | N | 47377] D:\trumptus.docx
[27/03/2014 - 15:41:02 | D ] D:\Egypt
[27/03/2014 - 17:59:26 | N | 6729216] D:\MASTER LICENCE TUK TUK.ppt
[25/04/2014 - 08:17:54 | RASHD ] D:\Autorun.inf
[27/03/2014 - 18:00:52 | N | 1971389] D:\MASTER LICENCE TUK TUK.pdf
[24/04/2014 - 15:30:36 | N | 2191] D:\RKreport[0]_S_04242014_152823.txt
[22/01/2014 - 12:53:50 | D ] D:\MDI
[30/01/2014 - 11:46:50 | D ] D:\Textes
[31/01/2014 - 16:51:16 | N | 147975] D:\Plaque porte BE.jpg
[04/02/2014 - 17:49:04 | N | 14014825] D:\bak_040214.txt
[05/02/2014 - 08:05:30 | D ] D:\Pointeurse etc
[09/07/2012 - 10:49:26 | N | 1660995] D:\IMG_4247.JPG
[09/07/2012 - 16:40:58 | N | 1238155] D:\IMG_4248.jpg
[14/10/2013 - 20:33:00 | HD ] E:\.Trashes
[02/04/2014 - 19:07:28 | D ] E:\.fseventsd
[03/12/2013 - 19:56:20 | D ] E:\MDI
[04/04/2014 - 10:38:18 | N | 86421] E:\AGL_001.TXT
[14/10/2013 - 20:33:00 | N | 4096] E:\._.Trashes
[14/10/2013 - 20:33:02 | D ] E:\.Spotlight-V100
[14/10/2013 - 20:35:36 | D ] E:\.TemporaryItems
[14/10/2013 - 20:35:36 | N | 4096] E:\._.TemporaryItems
[14/10/2013 - 20:35:36 | N | 293] E:\.apdisk
[14/10/2013 - 20:35:36 | N | 4096] E:\._.apdisk
[04/11/2013 - 12:13:28 | D ] E:\CN
[04/04/2014 - 10:25:34 | N | 44942] E:\AGL_001a.TXT
[23/04/2014 - 16:39:46 | RASHD ] E:\Autorun.inf
[14/04/2014 - 16:49:17 | D ] X:\Membres BEST
[11/02/2014 - 12:21:10 | D ] X:\21P04
[04/04/2014 - 14:15:01 | D ] X:\snkb0pt
[20/02/2014 - 18:37:59 | A | 6312960] X:\suivi journalier.xls
[03/04/2007 - 14:46:19 | | 1723] X:\eaglerc.usr
[20/10/2009 - 13:17:02 | A | 11520054] X:\Came fantome.bmp
[14/10/2009 - 19:49:35 | A | 6436047] X:\Analyse comparative - dossier - Annexes.pdf
[25/03/2014 - 10:29:55 | D ] X:\Bibliotheque
[28/02/2014 - 10:22:31 | D ] X:\44P08
[27/02/2014 - 18:28:06 | D ] X:\44P13
[07/09/2012 - 11:54:03 | D ] X:\R&D sur serveur-be (Serveur-be) (2)
[11/04/2013 - 15:24:12 | D ] X:\Informatique
[18/10/2013 - 18:28:18 | D ] X:\20P07
[07/09/2012 - 11:54:03 | D ] X:\R&D sur serveur-be (Serveur-be)
[29/08/2013 - 13:30:30 | D ] X:\organisation
[24/01/2014 - 11:11:05 | D ] X:\04R02
[29/11/2013 - 16:04:03 | D ] X:\Programmes
[24/04/2014 - 11:44:22 | A | 4228] X:\autorun.inf
[24/04/2014 - 11:44:22 | | 1527] X:\..lnk
[24/04/2014 - 11:44:23 | | 1529] X:\...lnk
[24/04/2014 - 11:44:23 | | 1549] X:\Membres BEST.lnk
[24/04/2014 - 11:44:23 | | 1535] X:\21P04.lnk
[24/04/2014 - 11:44:24 | | 1549] X:\Bibliotheque.lnk
[24/04/2014 - 11:44:25 | | 1535] X:\44P08.lnk
[24/04/2014 - 11:44:25 | | 1535] X:\44P13.lnk
[24/04/2014 - 11:44:25 | | 1595] X:\R&D sur serveur-be (Serveur-be) (2).lnk
[24/04/2014 - 11:44:26 | | 1549] X:\Informatique.lnk
[24/04/2014 - 11:44:26 | | 1535] X:\20P07.lnk
[24/04/2014 - 11:44:26 | | 1587] X:\R&D sur serveur-be (Serveur-be).lnk
[24/04/2014 - 11:44:26 | | 1549] X:\organisation.lnk
[24/04/2014 - 11:44:26 | | 1535] X:\04R02.lnk
[24/04/2014 - 11:44:27 | | 1545] X:\Programmes.lnk
[14/04/2014 - 16:49:17 | D ] Y:\Membres BEST
[11/02/2014 - 12:21:10 | D ] Y:\21P04
[04/04/2014 - 14:15:01 | D ] Y:\snkb0pt
[20/02/2014 - 18:37:59 | A | 6312960] Y:\suivi journalier.xls
[03/04/2007 - 14:46:19 | | 1723] Y:\eaglerc.usr
[20/10/2009 - 13:17:02 | A | 11520054] Y:\Came fantome.bmp
[14/10/2009 - 19:49:35 | A | 6436047] Y:\Analyse comparative - dossier - Annexes.pdf
[25/03/2014 - 10:29:55 | D ] Y:\Bibliotheque
[28/02/2014 - 10:22:31 | D ] Y:\44P08
[27/02/2014 - 18:28:06 | D ] Y:\44P13
[07/09/2012 - 11:54:03 | D ] Y:\R&D sur serveur-be (Serveur-be) (2)
[11/04/2013 - 15:24:12 | D ] Y:\Informatique
[18/10/2013 - 18:28:18 | D ] Y:\20P07
[07/09/2012 - 11:54:03 | D ] Y:\R&D sur serveur-be (Serveur-be)
[29/08/2013 - 13:30:30 | D ] Y:\organisation
[24/01/2014 - 11:11:05 | D ] Y:\04R02
[29/11/2013 - 16:04:03 | D ] Y:\Programmes
[24/04/2014 - 11:44:22 | A | 4228] Y:\autorun.inf
[24/04/2014 - 11:44:22 | | 1527] Y:\..lnk
[24/04/2014 - 11:44:23 | | 1529] Y:\...lnk
[24/04/2014 - 11:44:23 | | 1549] Y:\Membres BEST.lnk
[24/04/2014 - 11:44:23 | | 1535] Y:\21P04.lnk
[24/04/2014 - 11:44:24 | | 1549] Y:\Bibliotheque.lnk
[24/04/2014 - 11:44:25 | | 1535] Y:\44P08.lnk
[24/04/2014 - 11:44:25 | | 1535] Y:\44P13.lnk
[24/04/2014 - 11:44:25 | | 1595] Y:\R&D sur serveur-be (Serveur-be) (2).lnk
[24/04/2014 - 11:44:26 | | 1549] Y:\Informatique.lnk
[24/04/2014 - 11:44:26 | | 1535] Y:\20P07.lnk
[24/04/2014 - 11:44:26 | | 1587] Y:\R&D sur serveur-be (Serveur-be).lnk
[24/04/2014 - 11:44:26 | | 1549] Y:\organisation.lnk
[24/04/2014 - 11:44:26 | | 1535] Y:\04R02.lnk
[24/04/2014 - 11:44:27 | | 1545] Y:\Programmes.lnk
[17/02/2014 - 15:32:58 | D ] Z:\Etudes Composants
[20/12/2013 - 14:30:33 | D ] Z:\snkb0pt
[24/01/2014 - 10:41:43 | D ] Z:\Etudes Produits
[24/04/2014 - 11:44:10 | A | 1717] Z:\autorun.inf
[24/04/2014 - 11:44:13 | A | 1527] Z:\..lnk
[24/04/2014 - 11:44:14 | A | 1529] Z:\...lnk
[24/04/2014 - 11:44:14 | A | 1559] Z:\Etudes Composants.lnk
[24/04/2014 - 11:44:15 | A | 1555] Z:\Etudes Produits.lnk
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |
User: Administrateur (Administrator) # BE15B
Updated 20/08/2013 by El Desaparecido
Started at 08:39:22 | 25/04/2014
Website: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net
PC: System manufacturer (System Product Name) (x64-based PC)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
RAM -> [Total : 4095 | Free : 3133]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft(R) Windows(R) XP Professionnel Edition x64 (5.2.3790 64-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.3790.1830
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (49 Mb free - 21%) [] # NTFS
D:\ -> Removable drive # 15 Gb (5 Mb free - 35%) [KINGSTON] # FAT32
E:\ -> Removable drive # 7 Gb (3 Mb free - 41%) [] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-19\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
################## | Stopped processes |
Stopped! C:\WINDOWS\explorer.exe (1876)
################## | Files # Infected Folders |
Deleted ! E:\snkb0pt
Not deleted ! X:\autorun.inf
Not deleted ! X:\snkb0pt\desktop.ini
Not deleted ! X:\snkb0pt\snkb0pt.exe
Not deleted ! X:\snkb0pt
Not deleted ! Y:\autorun.inf
Not deleted ! Y:\snkb0pt\desktop.ini
Not deleted ! Y:\snkb0pt\snkb0pt.exe
Not deleted ! Y:\snkb0pt
Not deleted ! Z:\autorun.inf
Not deleted ! Z:\snkb0pt\desktop.ini
Not deleted ! Z:\snkb0pt\snkb0pt.exe
Not deleted ! Z:\snkb0pt
(!) Temporary files deleted.
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[23/04/2014 - 12:05:23 | D ] C:\0201E14a-CN
[07/10/2013 - 13:13:53 | N | 4358316] C:\5Za01300
[22/11/2010 - 15:21:01 | D ] C:\841a925b9e1a01b75d0eff7b62
[23/04/2014 - 14:00:58 | D ] C:\AdwCleaner
[11/03/2009 - 16:03:12 | N | 0] C:\AUTOEXEC.BAT
[25/04/2014 - 08:17:52 | RASHD ] C:\Autorun.inf
[11/03/2009 - 15:58:56 | N | 213] C:\boot.ini
[03/09/2012 - 14:41:30 | D ] C:\Brother
[11/03/2009 - 16:03:12 | N | 0] C:\CONFIG.SYS
[15/12/2009 - 14:33:24 | D ] C:\Crack
[02/04/2014 - 15:20:24 | D ] C:\CT
[24/04/2014 - 13:56:05 | N | 120] C:\Documents
[04/04/2014 - 10:45:54 | D ] C:\Documents and Settings
[02/08/2013 - 13:43:25 | N | 1203391] C:\eof.txt
[09/03/2011 - 10:56:43 | D ] C:\GTI
[11/03/2009 - 16:34:23 | D ] C:\Intel
[11/03/2009 - 16:03:12 | N | 0] C:\IO.SYS
[02/12/2006 - 00:37:14 | N | 904704] C:\msdia80.dll
[11/03/2009 - 16:03:12 | N | 0] C:\MSDOS.SYS
[06/02/2013 - 10:46:19 | RHD ] C:\MSOCache
[18/02/2007 - 14:00:00 | N | 47772] C:\NTDETECT.COM
[18/02/2007 - 14:00:00 | N | 297072] C:\ntldr
[24/04/2014 - 11:23:02 | ASH | 6439305216] C:\pagefile.sys
[04/04/2014 - 11:34:47 | D ] C:\Program Files
[24/04/2014 - 11:59:23 | D ] C:\Program Files (x86)
[06/02/2013 - 10:25:48 | SHD ] C:\RECYCLER
[04/04/2014 - 11:44:09 | D ] C:\SolidWorks Data
[21/02/2014 - 09:47:45 | D ] C:\SUIVI BEST CN
[13/03/2009 - 10:46:16 | D ] C:\System
[11/03/2009 - 16:06:41 | SHD ] C:\System Volume Information
[18/04/2014 - 12:22:52 | D ] C:\temp
[25/04/2014 - 08:40:04 | D ] C:\UsbFix
[17/04/2014 - 18:27:46 | N | 6919] C:\UsbFix [Clean 10] BE15B.txt
[18/04/2014 - 07:40:01 | N | 6469] C:\UsbFix [Clean 11] BE15B.txt
[21/04/2014 - 17:45:18 | N | 7828] C:\UsbFix [Clean 12] BE15B.txt
[24/04/2014 - 10:01:27 | N | 7251] C:\UsbFix [Clean 13] BE15B.txt
[24/04/2014 - 11:52:27 | N | 8385] C:\UsbFix [Clean 14] BE15B.txt
[23/04/2014 - 12:28:46 | N | 9850] C:\UsbFix [Clean 15] BE15B.txt
[23/04/2014 - 13:51:23 | N | 9015] C:\UsbFix [Clean 16] BE15B.txt
[23/04/2014 - 13:55:06 | N | 9498] C:\UsbFix [Clean 17] BE15B.txt
[24/04/2014 - 10:06:09 | N | 11746] C:\UsbFix [Clean 18] BE15B.txt
[24/04/2014 - 11:57:10 | N | 12750] C:\UsbFix [Clean 19] BE15B.txt
[15/11/2013 - 19:06:50 | N | 6735] C:\UsbFix [Clean 1] BE15B.txt
[24/04/2014 - 11:58:27 | N | 11816] C:\UsbFix [Clean 20] BE15B.txt
[25/04/2014 - 08:15:14 | N | 14310] C:\UsbFix [Clean 21] BE15B.txt
[25/04/2014 - 08:16:33 | N | 14116] C:\UsbFix [Clean 22] BE15B.txt
[25/04/2014 - 08:17:52 | N | 14185] C:\UsbFix [Clean 23] BE15B.txt
[25/04/2014 - 08:40:17 | A | 6458] C:\UsbFix [Clean 24] BE15B.txt
[07/01/2014 - 19:41:11 | N | 8325] C:\UsbFix [Clean 2] BE15B.txt
[07/02/2014 - 19:05:26 | N | 5965] C:\UsbFix [Clean 3] BE15B.txt
[12/03/2014 - 17:07:30 | N | 3561] C:\UsbFix [Clean 4] BE15B.txt
[12/03/2014 - 17:44:23 | N | 6348] C:\UsbFix [Clean 5] BE15B.txt
[02/04/2014 - 12:50:32 | N | 7818] C:\UsbFix [Clean 6] BE15B.txt
[09/04/2014 - 17:17:45 | N | 8119] C:\UsbFix [Clean 7] BE15B.txt
[11/04/2014 - 13:53:25 | N | 8709] C:\UsbFix [Clean 8] BE15B.txt
[11/04/2014 - 17:45:54 | N | 8500] C:\UsbFix [Clean 9] BE15B.txt
[18/04/2014 - 07:38:28 | N | 4382] C:\UsbFix [Scan 1] BE15B.txt
[23/04/2014 - 13:56:50 | N | 4093] C:\UsbFix [Scan 2] BE15B.txt
[24/04/2014 - 14:11:39 | N | 4142] C:\UsbFix [Scan 3] BE15B.txt
[24/04/2014 - 14:12:35 | N | 4285] C:\UsbFix [Scan 4] BE15B.txt
[24/04/2014 - 14:43:31 | N | 4499] C:\UsbFix [Scan 5] BE15B.txt
[02/04/2014 - 15:20:24 | D ] C:\WINDOWS
[20/01/2014 - 21:17:54 | N | 4096] D:\._.Trashes
[09/07/2012 - 10:49:36 | N | 1642866] D:\IMG_4249.JPG
[02/01/2014 - 14:38:46 | D ] D:\CN
[05/02/2014 - 11:27:38 | D ] D:\DOSSIER ICPE - VERITAS
[31/01/2014 - 07:50:00 | N | 4096] D:\._Plaque porte.pptx
[20/01/2014 - 21:17:54 | HD ] D:\.Trashes
[20/01/2014 - 21:17:54 | D ] D:\.Spotlight-V100
[20/01/2014 - 21:17:54 | D ] D:\.fseventsd
[09/07/2012 - 10:49:38 | N | 1661286] D:\IMG_4250.JPG
[24/09/2012 - 15:11:02 | N | 1448491] D:\33.jpg
[20/01/2014 - 22:04:28 | N | 294] D:\.apdisk
[19/09/2002 - 11:30:34 | N | 589014] D:\minicats interieur004.JPG
[31/01/2014 - 07:50:00 | N | 4096] D:\._Plaque porte BE.pptx
[10/01/2003 - 11:27:42 | N | 27651] D:\minicats interieur006.JPG
[28/02/2009 - 10:33:30 | N | 1505458] D:\P1060354.JPG
[06/02/2014 - 15:01:58 | N | 2564714] D:\Toit complet V3.IGS
[04/02/2014 - 14:15:56 | N | 1893052] D:\Toit complet V1.IGS
[06/02/2014 - 15:09:34 | SHD ] D:\System Volume Information
[22/11/2010 - 18:33:16 | N | 179987] D:\NV01M01eP02.pdf
[26/02/2014 - 22:18:54 | D ] D:\Gallerie
[17/03/2014 - 10:06:38 | N | 961431] D:\Plaque porte BE.pptx
[07/02/2014 - 15:14:54 | N | 149874] D:\Plaque porte BE 07-02-2014.jpg
[26/02/2014 - 22:53:44 | D ] D:\.TemporaryItems
[26/02/2014 - 22:53:44 | N | 4096] D:\._.TemporaryItems
[26/02/2014 - 23:56:48 | D ] D:\PSA
[26/02/2014 - 23:57:04 | D ] D:\One gallerie
[26/02/2014 - 23:57:04 | D ] D:\AIRPOD GALLERIE
[21/11/2011 - 16:59:32 | N | 38912] D:\CALCULA ACV COMP.xls
[18/03/2014 - 10:37:24 | D ] D:\Iphone Cyril
[19/03/2014 - 13:41:00 | N | 4709160] D:\IMG_1370.MOV
[07/03/2014 - 17:03:04 | N | 1524825] D:\Plaque porte.pptx
[17/03/2014 - 09:40:10 | N | 147791] D:\Plaque porte BE 1703-2014.jpg
[19/03/2014 - 13:41:16 | N | 719546] D:\photo1.JPG
[19/03/2014 - 13:41:44 | N | 781713] D:\photo2.JPG
[19/03/2014 - 13:41:56 | N | 673344] D:\photo3.JPG
[19/03/2014 - 13:42:16 | N | 633342] D:\photo.JPG
[19/03/2014 - 18:13:06 | D ] D:\Dessin GN 53
[19/03/2014 - 22:12:32 | N | 4096] D:\._IMG_1370.MOV
[21/03/2014 - 12:18:36 | N | 213592] D:\Valorisation du Groupe MDI Anglais.docx
[21/03/2014 - 17:26:20 | N | 47377] D:\trumptus.docx
[27/03/2014 - 15:41:02 | D ] D:\Egypt
[27/03/2014 - 17:59:26 | N | 6729216] D:\MASTER LICENCE TUK TUK.ppt
[25/04/2014 - 08:17:54 | RASHD ] D:\Autorun.inf
[27/03/2014 - 18:00:52 | N | 1971389] D:\MASTER LICENCE TUK TUK.pdf
[24/04/2014 - 15:30:36 | N | 2191] D:\RKreport[0]_S_04242014_152823.txt
[22/01/2014 - 12:53:50 | D ] D:\MDI
[30/01/2014 - 11:46:50 | D ] D:\Textes
[31/01/2014 - 16:51:16 | N | 147975] D:\Plaque porte BE.jpg
[04/02/2014 - 17:49:04 | N | 14014825] D:\bak_040214.txt
[05/02/2014 - 08:05:30 | D ] D:\Pointeurse etc
[09/07/2012 - 10:49:26 | N | 1660995] D:\IMG_4247.JPG
[09/07/2012 - 16:40:58 | N | 1238155] D:\IMG_4248.jpg
[14/10/2013 - 20:33:00 | HD ] E:\.Trashes
[02/04/2014 - 19:07:28 | D ] E:\.fseventsd
[03/12/2013 - 19:56:20 | D ] E:\MDI
[04/04/2014 - 10:38:18 | N | 86421] E:\AGL_001.TXT
[14/10/2013 - 20:33:00 | N | 4096] E:\._.Trashes
[14/10/2013 - 20:33:02 | D ] E:\.Spotlight-V100
[14/10/2013 - 20:35:36 | D ] E:\.TemporaryItems
[14/10/2013 - 20:35:36 | N | 4096] E:\._.TemporaryItems
[14/10/2013 - 20:35:36 | N | 293] E:\.apdisk
[14/10/2013 - 20:35:36 | N | 4096] E:\._.apdisk
[04/11/2013 - 12:13:28 | D ] E:\CN
[04/04/2014 - 10:25:34 | N | 44942] E:\AGL_001a.TXT
[23/04/2014 - 16:39:46 | RASHD ] E:\Autorun.inf
[14/04/2014 - 16:49:17 | D ] X:\Membres BEST
[11/02/2014 - 12:21:10 | D ] X:\21P04
[04/04/2014 - 14:15:01 | D ] X:\snkb0pt
[20/02/2014 - 18:37:59 | A | 6312960] X:\suivi journalier.xls
[03/04/2007 - 14:46:19 | | 1723] X:\eaglerc.usr
[20/10/2009 - 13:17:02 | A | 11520054] X:\Came fantome.bmp
[14/10/2009 - 19:49:35 | A | 6436047] X:\Analyse comparative - dossier - Annexes.pdf
[25/03/2014 - 10:29:55 | D ] X:\Bibliotheque
[28/02/2014 - 10:22:31 | D ] X:\44P08
[27/02/2014 - 18:28:06 | D ] X:\44P13
[07/09/2012 - 11:54:03 | D ] X:\R&D sur serveur-be (Serveur-be) (2)
[11/04/2013 - 15:24:12 | D ] X:\Informatique
[18/10/2013 - 18:28:18 | D ] X:\20P07
[07/09/2012 - 11:54:03 | D ] X:\R&D sur serveur-be (Serveur-be)
[29/08/2013 - 13:30:30 | D ] X:\organisation
[24/01/2014 - 11:11:05 | D ] X:\04R02
[29/11/2013 - 16:04:03 | D ] X:\Programmes
[24/04/2014 - 11:44:22 | A | 4228] X:\autorun.inf
[24/04/2014 - 11:44:22 | | 1527] X:\..lnk
[24/04/2014 - 11:44:23 | | 1529] X:\...lnk
[24/04/2014 - 11:44:23 | | 1549] X:\Membres BEST.lnk
[24/04/2014 - 11:44:23 | | 1535] X:\21P04.lnk
[24/04/2014 - 11:44:24 | | 1549] X:\Bibliotheque.lnk
[24/04/2014 - 11:44:25 | | 1535] X:\44P08.lnk
[24/04/2014 - 11:44:25 | | 1535] X:\44P13.lnk
[24/04/2014 - 11:44:25 | | 1595] X:\R&D sur serveur-be (Serveur-be) (2).lnk
[24/04/2014 - 11:44:26 | | 1549] X:\Informatique.lnk
[24/04/2014 - 11:44:26 | | 1535] X:\20P07.lnk
[24/04/2014 - 11:44:26 | | 1587] X:\R&D sur serveur-be (Serveur-be).lnk
[24/04/2014 - 11:44:26 | | 1549] X:\organisation.lnk
[24/04/2014 - 11:44:26 | | 1535] X:\04R02.lnk
[24/04/2014 - 11:44:27 | | 1545] X:\Programmes.lnk
[14/04/2014 - 16:49:17 | D ] Y:\Membres BEST
[11/02/2014 - 12:21:10 | D ] Y:\21P04
[04/04/2014 - 14:15:01 | D ] Y:\snkb0pt
[20/02/2014 - 18:37:59 | A | 6312960] Y:\suivi journalier.xls
[03/04/2007 - 14:46:19 | | 1723] Y:\eaglerc.usr
[20/10/2009 - 13:17:02 | A | 11520054] Y:\Came fantome.bmp
[14/10/2009 - 19:49:35 | A | 6436047] Y:\Analyse comparative - dossier - Annexes.pdf
[25/03/2014 - 10:29:55 | D ] Y:\Bibliotheque
[28/02/2014 - 10:22:31 | D ] Y:\44P08
[27/02/2014 - 18:28:06 | D ] Y:\44P13
[07/09/2012 - 11:54:03 | D ] Y:\R&D sur serveur-be (Serveur-be) (2)
[11/04/2013 - 15:24:12 | D ] Y:\Informatique
[18/10/2013 - 18:28:18 | D ] Y:\20P07
[07/09/2012 - 11:54:03 | D ] Y:\R&D sur serveur-be (Serveur-be)
[29/08/2013 - 13:30:30 | D ] Y:\organisation
[24/01/2014 - 11:11:05 | D ] Y:\04R02
[29/11/2013 - 16:04:03 | D ] Y:\Programmes
[24/04/2014 - 11:44:22 | A | 4228] Y:\autorun.inf
[24/04/2014 - 11:44:22 | | 1527] Y:\..lnk
[24/04/2014 - 11:44:23 | | 1529] Y:\...lnk
[24/04/2014 - 11:44:23 | | 1549] Y:\Membres BEST.lnk
[24/04/2014 - 11:44:23 | | 1535] Y:\21P04.lnk
[24/04/2014 - 11:44:24 | | 1549] Y:\Bibliotheque.lnk
[24/04/2014 - 11:44:25 | | 1535] Y:\44P08.lnk
[24/04/2014 - 11:44:25 | | 1535] Y:\44P13.lnk
[24/04/2014 - 11:44:25 | | 1595] Y:\R&D sur serveur-be (Serveur-be) (2).lnk
[24/04/2014 - 11:44:26 | | 1549] Y:\Informatique.lnk
[24/04/2014 - 11:44:26 | | 1535] Y:\20P07.lnk
[24/04/2014 - 11:44:26 | | 1587] Y:\R&D sur serveur-be (Serveur-be).lnk
[24/04/2014 - 11:44:26 | | 1549] Y:\organisation.lnk
[24/04/2014 - 11:44:26 | | 1535] Y:\04R02.lnk
[24/04/2014 - 11:44:27 | | 1545] Y:\Programmes.lnk
[17/02/2014 - 15:32:58 | D ] Z:\Etudes Composants
[20/12/2013 - 14:30:33 | D ] Z:\snkb0pt
[24/01/2014 - 10:41:43 | D ] Z:\Etudes Produits
[24/04/2014 - 11:44:10 | A | 1717] Z:\autorun.inf
[24/04/2014 - 11:44:13 | A | 1527] Z:\..lnk
[24/04/2014 - 11:44:14 | A | 1529] Z:\...lnk
[24/04/2014 - 11:44:14 | A | 1559] Z:\Etudes Composants.lnk
[24/04/2014 - 11:44:15 | A | 1555] Z:\Etudes Produits.lnk
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |