############################## | UsbFix V 7.120 | [Recherche] Utilisateur: Administrateur (Administrateur) # AMANDINE Mis à jour le 30/03/2013 par El Desaparecido Lancé à 13:19:13 | 06/04/2013 Site Web: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: MAXDATA (*) (X86-based PC) CPU: AMD Athlon(tm) 64 Processor 3000+ (2000) RAM -> [Total : 511 | Free : 261] BIOS: 5 Ver: 08.00.09 BOOT: Normal boot OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3 WB: Windows Internet Explorer 7.0.5730.13 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 75 Go (8 Go libre(s) - 11%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 976 Mo (974 Mo libre(s) - 100%) [CLÉAMANDINE] # FAT H:\ -> Disque amovible # 7 Go (2 Go libre(s) - 22%) [USB JU] # FAT32 ################## | Processus Actif | C:\WINDOWS\System32\smss.exe (664) C:\WINDOWS\system32\winlogon.exe (1124) C:\WINDOWS\system32\services.exe (1248) C:\WINDOWS\system32\lsass.exe (1280) C:\WINDOWS\system32\svchost.exe (1520) C:\WINDOWS\System32\svchost.exe (1640) C:\WINDOWS\system32\svchost.exe (1684) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (384) C:\WINDOWS\system32\spoolsv.exe (736) C:\Program Files\Java\jre6\bin\jqs.exe (832) C:\WINDOWS\system32\nvsvc32.exe (904) C:\WINDOWS\system32\svchost.exe (960) C:\WINDOWS\system32\wbem\wmiapsrv.exe (952) C:\WINDOWS\Explorer.EXE (184) C:\WINDOWS\SOUNDMAN.EXE (2024) C:\WINDOWS\system32\RUNDLL32.EXE (480) C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (916) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (1064) C:\Program Files\AVAST Software\Avast\avastUI.exe (1072) C:\Program Files\Hercules\WiFi Station N\WiFiN.exe (2032) C:\Documents and Settings\Administrateur\Application Data\Dropbox\bin\Dropbox.exe (440) C:\Program Files\OpenOffice.org 3\program\soffice.exe (844) C:\Program Files\OpenOffice.org 3\program\soffice.bin (2000) C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe (2852) C:\WINDOWS\system32\wuauclt.exe (3720) C:\WINDOWS\system32\msiexec.exe (192) C:\Program Files\Mozilla Firefox\firefox.exe (884) C:\UsbFix\Go.exe (2408) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [SoundMan] - SOUNDMAN.EXE HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /install HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-21-329068152-706699826-1417001333-500\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-20\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N HKU\S-1-5-20\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub HKU\S-1-5-18\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N HKU\S-1-5-18\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\G Shell\AutoRun\Command = G:\SFR.exe HKCU\.\.\.\.\Explorer\MountPoints2\{86898bae-b88c-11e0-98a6-0008d3950e9a} Shell\AutoRun\Command = E:\Une-cle-pour-demarrer.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | http://sosvirus.org |