Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.128 | [Recherche]
Utilisateur: Utilisateur (Administrateur) # UTILISATEUR-MSI
Mis � jour le 20/06/2013 par El Desaparecido
Lanc� � 20:49:00 | 23/06/2013
Site Web: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/forum-virus-securite/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: Micro-Star International (MS-16GN) (x64-based PC)
CPU: AMD E-350 Processor (1600)
RAM -> [Total : 3692 | Free : 1991]
BIOS: E16GNAMS Ver1.05 Date: 01/27/11
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16618
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 95 Go (40 Go libre(s) - 42%) [OS_Install] # NTFS
D:\ -> Disque fixe # 359 Go (287 Go libre(s) - 80%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 728 Mo (196 Mo libre(s) - 27%) [Mot de passe] # NTFS
G:\ -> Disque amovible # 8 Go (6 Go libre(s) - 74%) [KINGSTON] # FAT32
H:\ -> Disque amovible # 2 Go (1 Go libre(s) - 67%) [KINGSTON] # FAT
################## | Processus Actif |
C:\windows\system32\csrss.exe (660)
C:\windows\system32\wininit.exe (740)
C:\windows\system32\csrss.exe (752)
C:\windows\system32\services.exe (796)
C:\windows\system32\lsass.exe (812)
C:\windows\system32\lsm.exe (820)
C:\windows\system32\winlogon.exe (896)
C:\windows\system32\svchost.exe (972)
C:\windows\system32\svchost.exe (608)
C:\windows\system32\atiesrxx.exe (656)
C:\windows\System32\svchost.exe (924)
C:\windows\System32\svchost.exe (1052)
C:\windows\system32\svchost.exe (1096)
C:\windows\system32\svchost.exe (1128)
C:\windows\system32\atieclxx.exe (1320)
C:\windows\system32\svchost.exe (1348)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1496)
C:\windows\system32\Dwm.exe (1660)
C:\windows\Explorer.EXE (1696)
C:\windows\System32\spoolsv.exe (1740)
C:\windows\system32\svchost.exe (1772)
C:\windows\system32\taskhost.exe (1796)
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (2016)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1400)
C:\Program Files (x86)\YoWindow\yowindow.exe (1688)
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (1908)
C:\windows\system32\svchost.exe (2096)
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (2156)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (2172)
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (2212)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (2276)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2308)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2584)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (2956)
C:\windows\system32\svchost.exe (1372)
C:\windows\system32\SearchIndexer.exe (2372)
C:\windows\system32\svchost.exe (3332)
C:\windows\System32\svchost.exe (3608)
C:\Program Files\Windows Media Player\wmpnetwk.exe (2236)
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (1812)
C:\Program Files (x86)\TechSmith\SnagIt 8\TSCHelp.exe (988)
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagPriv.exe (2532)
C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (4920)
C:\Program Files (x86)\Tomtomax Maxi-Box V3\tomtomax_maxibox.exe (4820)
C:\windows\SysWOW64\ctfmon.exe (1528)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2328)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3308)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (4384)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (3764)
C:\windows\explorer.exe (4540)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (4764)
C:\UsbFix\Go.exe (3840)
C:\windows\system32\wbem\wmiprvse.exe (628)
C:\windows\System32\WUDFHost.exe (4228)
\\?\C:\windows\system32\wbem\WMIADAP.EXE (4616)
C:\windows\system32\wbem\wmiprvse.exe (3116)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKLM\SOFTWARE\wow6432Node | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\garminlifetime.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetection.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsettings.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msi game corner.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s-bar.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer_setup_fr.exe
################## | Mountpoints2 |
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://sosvirus.net |
Utilisateur: Utilisateur (Administrateur) # UTILISATEUR-MSI
Mis � jour le 20/06/2013 par El Desaparecido
Lanc� � 20:49:00 | 23/06/2013
Site Web: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/forum-virus-securite/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: Micro-Star International (MS-16GN) (x64-based PC)
CPU: AMD E-350 Processor (1600)
RAM -> [Total : 3692 | Free : 1991]
BIOS: E16GNAMS Ver1.05 Date: 01/27/11
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16618
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 95 Go (40 Go libre(s) - 42%) [OS_Install] # NTFS
D:\ -> Disque fixe # 359 Go (287 Go libre(s) - 80%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 728 Mo (196 Mo libre(s) - 27%) [Mot de passe] # NTFS
G:\ -> Disque amovible # 8 Go (6 Go libre(s) - 74%) [KINGSTON] # FAT32
H:\ -> Disque amovible # 2 Go (1 Go libre(s) - 67%) [KINGSTON] # FAT
################## | Processus Actif |
C:\windows\system32\csrss.exe (660)
C:\windows\system32\wininit.exe (740)
C:\windows\system32\csrss.exe (752)
C:\windows\system32\services.exe (796)
C:\windows\system32\lsass.exe (812)
C:\windows\system32\lsm.exe (820)
C:\windows\system32\winlogon.exe (896)
C:\windows\system32\svchost.exe (972)
C:\windows\system32\svchost.exe (608)
C:\windows\system32\atiesrxx.exe (656)
C:\windows\System32\svchost.exe (924)
C:\windows\System32\svchost.exe (1052)
C:\windows\system32\svchost.exe (1096)
C:\windows\system32\svchost.exe (1128)
C:\windows\system32\atieclxx.exe (1320)
C:\windows\system32\svchost.exe (1348)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1496)
C:\windows\system32\Dwm.exe (1660)
C:\windows\Explorer.EXE (1696)
C:\windows\System32\spoolsv.exe (1740)
C:\windows\system32\svchost.exe (1772)
C:\windows\system32\taskhost.exe (1796)
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (2016)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1400)
C:\Program Files (x86)\YoWindow\yowindow.exe (1688)
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (1908)
C:\windows\system32\svchost.exe (2096)
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (2156)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (2172)
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (2212)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (2276)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2308)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2584)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (2956)
C:\windows\system32\svchost.exe (1372)
C:\windows\system32\SearchIndexer.exe (2372)
C:\windows\system32\svchost.exe (3332)
C:\windows\System32\svchost.exe (3608)
C:\Program Files\Windows Media Player\wmpnetwk.exe (2236)
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (1812)
C:\Program Files (x86)\TechSmith\SnagIt 8\TSCHelp.exe (988)
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagPriv.exe (2532)
C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (4920)
C:\Program Files (x86)\Tomtomax Maxi-Box V3\tomtomax_maxibox.exe (4820)
C:\windows\SysWOW64\ctfmon.exe (1528)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2328)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3308)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (4384)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (3764)
C:\windows\explorer.exe (4540)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (4764)
C:\UsbFix\Go.exe (3840)
C:\windows\system32\wbem\wmiprvse.exe (628)
C:\windows\System32\WUDFHost.exe (4228)
\\?\C:\windows\system32\wbem\WMIADAP.EXE (4616)
C:\windows\system32\wbem\wmiprvse.exe (3116)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKLM\SOFTWARE\wow6432Node | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\garminlifetime.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetection.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsettings.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msi game corner.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s-bar.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer_setup_fr.exe
################## | Mountpoints2 |
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://sosvirus.net |