cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.167 | [Recherche]

Utilisateur: Administrateur (Administrateur) # 4BC5BC996640410
Mis � jour le 13/03/2014 par El Desaparecido - Team SosVirus
Lanc� � 13:56:48 | 13/04/2015

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ECS (945GCT-M2)
CPU: Processeur Intel Pentium III Xeon
RAM -> [Total : 2039 Mo| Free : 1558 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 7.0.5730.13
WB: Google Chrome : 41.0.2272.118
WB: Mozilla Firefox : 1.9.0.1

SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]

C:\ -> Disque fixe # 98 Go (85 Go libre(s) - 87%) [] # NTFS
D:\ (%systemdrive%) -> Disque fixe # 51 Go (46 Go libre(s) - 89%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM

################## | Processus Actif |

D:\WINDOWS\System32\smss.exe (ID: 452 |ParentID: 4)
D:\WINDOWS\system32\winlogon.exe (ID: 528 |ParentID: 452)
D:\WINDOWS\system32\services.exe (ID: 572 |ParentID: 528)
D:\WINDOWS\system32\lsass.exe (ID: 584 |ParentID: 528)
D:\WINDOWS\system32\svchost.exe (ID: 748 |ParentID: 572)
D:\WINDOWS\System32\svchost.exe (ID: 856 |ParentID: 572)
D:\WINDOWS\system32\spoolsv.exe (ID: 1108 |ParentID: 572)
d:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe (ID: 1144 |ParentID: 572)
D:\WINDOWS\Explorer.EXE (ID: 1364 |ParentID: 1312)
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (ID: 1560 |ParentID: 572)
D:\Program Files\IDT\WDM\sttray.exe (ID: 112 |ParentID: 1364)
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 128 |ParentID: 1364)
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (ID: 212 |ParentID: 1364)
D:\WINDOWS\system32\ctfmon.exe (ID: 236 |ParentID: 1364)
D:\Program Files\Windows Media Player\wmplayer.exe (ID: 440 |ParentID: 1364)
D:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe (ID: 2464 |ParentID: 572)
D:\WINDOWS\system32\wuauclt.exe (ID: 1004 |ParentID: 856)
D:\Documents and Settings\tazebama.dl_ (ID: 3380 |ParentID: 1628)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] D:\WINDOWS\system32\userinit.exe,
F2 - [64bit] HKLM\..\Winlogon : [Userinit] D:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
04 - HKCU\..\Run : [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
04 - HKLM\..\Run : [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] D:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
04 - HKLM\..\Run : [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
04 - HKU\S-1-5-20\..\Run : [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
04 - HKU\S-1-5-21-1409082233-1682526488-682003330-500\..\Run : [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
04 - HKU\S-1-5-21-1409082233-1682526488-682003330-500\..\Run : [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-18\..\Run : [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
04 - HKU\S-1-5-19\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-19\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

################## | Recherche g�n�rique |

Pr�sent! D:\Documents and Settings\hook.dl_
Pr�sent! D:\Documents and Settings\tazebama.dl_
Pr�sent! D:\Documents and Settings\tazebama.dll
Pr�sent! C:\1.taz
Pr�sent! C:\RECYCLER\Make Windows Original.exe
Pr�sent! C:\RECYCLER\RECYCLER .exe
Pr�sent! C:\zPharaoh.exe

################## | Registre |


################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité