Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.120 | [Recherche]
Utilisateur: Administrateur (Administrateur) # AMANDINE
Mis � jour le 30/03/2013 par El Desaparecido
Lanc� � 13:19:13 | 06/04/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: MAXDATA (*) (X86-based PC)
CPU: AMD Athlon(tm) 64 Processor 3000+ (2000)
RAM -> [Total : 511 | Free : 261]
BIOS: 5 Ver: 08.00.09
BOOT: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 7.0.5730.13
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 75 Go (8 Go libre(s) - 11%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 976 Mo (974 Mo libre(s) - 100%) [CL�AMANDINE] # FAT
H:\ -> Disque amovible # 7 Go (2 Go libre(s) - 22%) [USB JU] # FAT32
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (664)
C:\WINDOWS\system32\winlogon.exe (1124)
C:\WINDOWS\system32\services.exe (1248)
C:\WINDOWS\system32\lsass.exe (1280)
C:\WINDOWS\system32\svchost.exe (1520)
C:\WINDOWS\System32\svchost.exe (1640)
C:\WINDOWS\system32\svchost.exe (1684)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (384)
C:\WINDOWS\system32\spoolsv.exe (736)
C:\Program Files\Java\jre6\bin\jqs.exe (832)
C:\WINDOWS\system32\nvsvc32.exe (904)
C:\WINDOWS\system32\svchost.exe (960)
C:\WINDOWS\system32\wbem\wmiapsrv.exe (952)
C:\WINDOWS\Explorer.EXE (184)
C:\WINDOWS\SOUNDMAN.EXE (2024)
C:\WINDOWS\system32\RUNDLL32.EXE (480)
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (916)
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (1064)
C:\Program Files\AVAST Software\Avast\avastUI.exe (1072)
C:\Program Files\Hercules\WiFi Station N\WiFiN.exe (2032)
C:\Documents and Settings\Administrateur\Application Data\Dropbox\bin\Dropbox.exe (440)
C:\Program Files\OpenOffice.org 3\program\soffice.exe (844)
C:\Program Files\OpenOffice.org 3\program\soffice.bin (2000)
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe (2852)
C:\WINDOWS\system32\wuauclt.exe (3720)
C:\WINDOWS\system32\msiexec.exe (192)
C:\Program Files\Mozilla Firefox\firefox.exe (884)
C:\UsbFix\Go.exe (2408)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SoundMan] - SOUNDMAN.EXE
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /install
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-21-329068152-706699826-1417001333-500\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-20\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
HKU\S-1-5-20\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
HKU\S-1-5-18\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
HKU\S-1-5-18\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
################## | �l�ments infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\SFR.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{86898bae-b88c-11e0-98a6-0008d3950e9a}
Shell\AutoRun\Command = E:\Une-cle-pour-demarrer.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://sosvirus.org |
Utilisateur: Administrateur (Administrateur) # AMANDINE
Mis � jour le 30/03/2013 par El Desaparecido
Lanc� � 13:19:13 | 06/04/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: MAXDATA (*) (X86-based PC)
CPU: AMD Athlon(tm) 64 Processor 3000+ (2000)
RAM -> [Total : 511 | Free : 261]
BIOS: 5 Ver: 08.00.09
BOOT: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 7.0.5730.13
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 75 Go (8 Go libre(s) - 11%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 976 Mo (974 Mo libre(s) - 100%) [CL�AMANDINE] # FAT
H:\ -> Disque amovible # 7 Go (2 Go libre(s) - 22%) [USB JU] # FAT32
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (664)
C:\WINDOWS\system32\winlogon.exe (1124)
C:\WINDOWS\system32\services.exe (1248)
C:\WINDOWS\system32\lsass.exe (1280)
C:\WINDOWS\system32\svchost.exe (1520)
C:\WINDOWS\System32\svchost.exe (1640)
C:\WINDOWS\system32\svchost.exe (1684)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (384)
C:\WINDOWS\system32\spoolsv.exe (736)
C:\Program Files\Java\jre6\bin\jqs.exe (832)
C:\WINDOWS\system32\nvsvc32.exe (904)
C:\WINDOWS\system32\svchost.exe (960)
C:\WINDOWS\system32\wbem\wmiapsrv.exe (952)
C:\WINDOWS\Explorer.EXE (184)
C:\WINDOWS\SOUNDMAN.EXE (2024)
C:\WINDOWS\system32\RUNDLL32.EXE (480)
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (916)
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (1064)
C:\Program Files\AVAST Software\Avast\avastUI.exe (1072)
C:\Program Files\Hercules\WiFi Station N\WiFiN.exe (2032)
C:\Documents and Settings\Administrateur\Application Data\Dropbox\bin\Dropbox.exe (440)
C:\Program Files\OpenOffice.org 3\program\soffice.exe (844)
C:\Program Files\OpenOffice.org 3\program\soffice.bin (2000)
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe (2852)
C:\WINDOWS\system32\wuauclt.exe (3720)
C:\WINDOWS\system32\msiexec.exe (192)
C:\Program Files\Mozilla Firefox\firefox.exe (884)
C:\UsbFix\Go.exe (2408)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SoundMan] - SOUNDMAN.EXE
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /install
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-21-329068152-706699826-1417001333-500\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-20\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
HKU\S-1-5-20\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
HKU\S-1-5-18\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
HKU\S-1-5-18\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
################## | �l�ments infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\SFR.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{86898bae-b88c-11e0-98a6-0008d3950e9a}
Shell\AutoRun\Command = E:\Une-cle-pour-demarrer.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://sosvirus.org |