Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.129 | [Recherche]
Utilisateur: USER (Administrateur) # USER-PC
Mis � jour le 24/06/2013 par El Desaparecido
Lanc� � 15:18:10 | 09/08/2013
Site Web: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: Acer (AOHAPPY) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1666)
RAM -> [Total : 1013 | Free : 78]
BIOS: InsydeH2O Version V3.16(DDR2)
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Int�grale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 107 Go (86 Go libre(s) - 80%) [SYSTEM] # NTFS
D:\ -> Disque fixe # 27 Go (26 Go libre(s) - 97%) [DRIVERS] # NTFS
E:\ -> Disque fixe # 99 Go (50 Go libre(s) - 51%) [DONNEES] # NTFS
F:\ -> Disque amovible # 4 Go (2 Go libre(s) - 58%) [THEROM] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (492)
C:\Windows\system32\wininit.exe (576)
C:\Windows\system32\csrss.exe (584)
C:\Windows\system32\winlogon.exe (640)
C:\Windows\system32\services.exe (664)
C:\Windows\system32\lsass.exe (688)
C:\Windows\system32\lsm.exe (696)
C:\Windows\system32\svchost.exe (808)
C:\Windows\system32\svchost.exe (888)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (936)
C:\Windows\System32\svchost.exe (1064)
C:\Windows\System32\svchost.exe (1108)
C:\Windows\system32\svchost.exe (1136)
C:\Windows\system32\svchost.exe (1276)
C:\Windows\system32\svchost.exe (1408)
C:\Windows\system32\svchost.exe (1836)
C:\Windows\system32\Dwm.exe (1884)
c:\Program Files\Microsoft Security Client\NisSrv.exe (1072)
C:\Windows\system32\svchost.exe (2928)
C:\Windows\system32\wbem\wmiprvse.exe (2268)
C:\Windows\System32\rundll32.exe (360)
C:\Windows\System32\dinotify.exe (3656)
C:\Windows\system32\SearchIndexer.exe (2216)
C:\Windows\System32\spoolsv.exe (2532)
C:\Windows\System32\rundll32.exe (4800)
C:\Windows\Explorer.exe (3776)
C:\Program Files\Google\Chrome\Application\chrome.exe (1160)
C:\Program Files\Google\Chrome\Application\chrome.exe (1788)
C:\Program Files\Google\Chrome\Application\chrome.exe (4576)
C:\Program Files\Google\Chrome\Application\chrome.exe (4256)
C:\Program Files\Google\Chrome\Application\chrome.exe (1728)
C:\Program Files\Google\Chrome\Application\chrome.exe (1968)
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (3604)
C:\Windows\System32\WUDFHost.exe (896)
C:\Program Files\Internet Explorer\iexplore.exe (1616)
C:\Program Files\Internet Explorer\iexplore.exe (1700)
C:\Program Files\Google\Chrome\Application\chrome.exe (5532)
C:\Windows\system32\taskhost.exe (4168)
C:\Program Files\Google\Chrome\Application\chrome.exe (3232)
C:\Program Files\Google\Chrome\Application\chrome.exe (5824)
C:\Windows\System32\WUDFHost.exe (2892)
C:\Program Files\Google\Chrome\Application\chrome.exe (2404)
C:\UsbFix\Go.exe (4444)
C:\Windows\system32\wbem\wmiprvse.exe (4224)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\SOFTWARE | Run : [Moov_Group Imola ModemListener] - C:\Program Files\MOOV INTERNET\BackgroundService\ModemListener.exe start
HKLM\SOFTWARE | Run : [CardDetectorHUAWEI160] - C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe
HKLM\SOFTWARE | Run : [BEWINTERNET-RTUSessionManager] - "C:\Program Files\Connection Kit\SessionManager\SessionManager.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1417969056-2952988766-2408155821-1000\SOFTWARE | Run : [SuperCopier2.exe] - C:\Program Files\SuperCopier2\SuperCopier2.exe
HKU\S-1-5-21-1417969056-2952988766-2408155821-1000\SOFTWARE | Run : [Sony Ericsson PC Companion] - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
Pr�sent! F:\predeftemp.lnk
Pr�sent! F:\nokia_unprocessed_images_.lnk
Pr�sent! F:\Playlists.lnk
Pr�sent! F:\moov_faces_data.lnk
Pr�sent! F:\Photos.lnk
Pr�sent! F:\temp.lnk
Pr�sent! F:\Jeux.lnk
Pr�sent! F:\WhatsApp.lnk
Pr�sent! F:\Fichiers_audio.lnk
Pr�sent! F:\355186056991498WMLicense.dat.lnk
Pr�sent! F:\~$RECRUTEMENT_ZONE_RCN_2.xlsx.lnk
Pr�sent! F:\Vid�os.lnk
Pr�sent! F:\Enregistrements.lnk
Pr�sent! F:\Fichiers_re�us.lnk
Pr�sent! F:\~$ETAT_ENLEVEMENT_DE_KITS.xlsx.lnk
Pr�sent! F:\MF_AG_P_CM_2.1.0.lnk
Pr�sent! F:\~$Fiche_d'emargement.xlsx.lnk
Pr�sent! F:\~$Suivi_des_Perf_Mai13_Romy.xlsx.lnk
Pr�sent! F:\Documents.lnk
Pr�sent! F:\Logiciel.lnk
Pr�sent! F:\syncguid.dat.lnk
Pr�sent! F:\Mot_de_passe_pour_idm_7.docx.lnk
Pr�sent! F:\.Trashes.lnk
Pr�sent! F:\syncguid.dat
################## | Registre |
################## | Mountpoints2 |
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |
Utilisateur: USER (Administrateur) # USER-PC
Mis � jour le 24/06/2013 par El Desaparecido
Lanc� � 15:18:10 | 09/08/2013
Site Web: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: Acer (AOHAPPY) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1666)
RAM -> [Total : 1013 | Free : 78]
BIOS: InsydeH2O Version V3.16(DDR2)
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Int�grale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 107 Go (86 Go libre(s) - 80%) [SYSTEM] # NTFS
D:\ -> Disque fixe # 27 Go (26 Go libre(s) - 97%) [DRIVERS] # NTFS
E:\ -> Disque fixe # 99 Go (50 Go libre(s) - 51%) [DONNEES] # NTFS
F:\ -> Disque amovible # 4 Go (2 Go libre(s) - 58%) [THEROM] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (492)
C:\Windows\system32\wininit.exe (576)
C:\Windows\system32\csrss.exe (584)
C:\Windows\system32\winlogon.exe (640)
C:\Windows\system32\services.exe (664)
C:\Windows\system32\lsass.exe (688)
C:\Windows\system32\lsm.exe (696)
C:\Windows\system32\svchost.exe (808)
C:\Windows\system32\svchost.exe (888)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (936)
C:\Windows\System32\svchost.exe (1064)
C:\Windows\System32\svchost.exe (1108)
C:\Windows\system32\svchost.exe (1136)
C:\Windows\system32\svchost.exe (1276)
C:\Windows\system32\svchost.exe (1408)
C:\Windows\system32\svchost.exe (1836)
C:\Windows\system32\Dwm.exe (1884)
c:\Program Files\Microsoft Security Client\NisSrv.exe (1072)
C:\Windows\system32\svchost.exe (2928)
C:\Windows\system32\wbem\wmiprvse.exe (2268)
C:\Windows\System32\rundll32.exe (360)
C:\Windows\System32\dinotify.exe (3656)
C:\Windows\system32\SearchIndexer.exe (2216)
C:\Windows\System32\spoolsv.exe (2532)
C:\Windows\System32\rundll32.exe (4800)
C:\Windows\Explorer.exe (3776)
C:\Program Files\Google\Chrome\Application\chrome.exe (1160)
C:\Program Files\Google\Chrome\Application\chrome.exe (1788)
C:\Program Files\Google\Chrome\Application\chrome.exe (4576)
C:\Program Files\Google\Chrome\Application\chrome.exe (4256)
C:\Program Files\Google\Chrome\Application\chrome.exe (1728)
C:\Program Files\Google\Chrome\Application\chrome.exe (1968)
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (3604)
C:\Windows\System32\WUDFHost.exe (896)
C:\Program Files\Internet Explorer\iexplore.exe (1616)
C:\Program Files\Internet Explorer\iexplore.exe (1700)
C:\Program Files\Google\Chrome\Application\chrome.exe (5532)
C:\Windows\system32\taskhost.exe (4168)
C:\Program Files\Google\Chrome\Application\chrome.exe (3232)
C:\Program Files\Google\Chrome\Application\chrome.exe (5824)
C:\Windows\System32\WUDFHost.exe (2892)
C:\Program Files\Google\Chrome\Application\chrome.exe (2404)
C:\UsbFix\Go.exe (4444)
C:\Windows\system32\wbem\wmiprvse.exe (4224)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\SOFTWARE | Run : [Moov_Group Imola ModemListener] - C:\Program Files\MOOV INTERNET\BackgroundService\ModemListener.exe start
HKLM\SOFTWARE | Run : [CardDetectorHUAWEI160] - C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe
HKLM\SOFTWARE | Run : [BEWINTERNET-RTUSessionManager] - "C:\Program Files\Connection Kit\SessionManager\SessionManager.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1417969056-2952988766-2408155821-1000\SOFTWARE | Run : [SuperCopier2.exe] - C:\Program Files\SuperCopier2\SuperCopier2.exe
HKU\S-1-5-21-1417969056-2952988766-2408155821-1000\SOFTWARE | Run : [Sony Ericsson PC Companion] - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
Pr�sent! F:\predeftemp.lnk
Pr�sent! F:\nokia_unprocessed_images_.lnk
Pr�sent! F:\Playlists.lnk
Pr�sent! F:\moov_faces_data.lnk
Pr�sent! F:\Photos.lnk
Pr�sent! F:\temp.lnk
Pr�sent! F:\Jeux.lnk
Pr�sent! F:\WhatsApp.lnk
Pr�sent! F:\Fichiers_audio.lnk
Pr�sent! F:\355186056991498WMLicense.dat.lnk
Pr�sent! F:\~$RECRUTEMENT_ZONE_RCN_2.xlsx.lnk
Pr�sent! F:\Vid�os.lnk
Pr�sent! F:\Enregistrements.lnk
Pr�sent! F:\Fichiers_re�us.lnk
Pr�sent! F:\~$ETAT_ENLEVEMENT_DE_KITS.xlsx.lnk
Pr�sent! F:\MF_AG_P_CM_2.1.0.lnk
Pr�sent! F:\~$Fiche_d'emargement.xlsx.lnk
Pr�sent! F:\~$Suivi_des_Perf_Mai13_Romy.xlsx.lnk
Pr�sent! F:\Documents.lnk
Pr�sent! F:\Logiciel.lnk
Pr�sent! F:\syncguid.dat.lnk
Pr�sent! F:\Mot_de_passe_pour_idm_7.docx.lnk
Pr�sent! F:\.Trashes.lnk
Pr�sent! F:\syncguid.dat
################## | Registre |
################## | Mountpoints2 |
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |