Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.138 | [Recherche]
Utilisateur: Esteban (Administrateur) # ESTEBAN-PC
Mis � jour le 20/09/2013 par El Desaparecido - Team SosVirus
Lanc� � 12:13:17 | 21/09/2013
Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: ASUS (All Series) (x64-based PC)
CPU: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz (3401)
RAM -> [Total : 8131 | Free : 6499]
BIOS: BIOS Date: 07/31/13 10:09:24 Ver: 05.01
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Bitdefender Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [(!) Disabled]
B:\ -> Disque fixe # 400 Go (327 Go libre(s) - 82%) [Sauvegardes] # NTFS
C:\ (%systemdrive%) -> Disque fixe # 531 Go (438 Go libre(s) - 82%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 15 Go (14 Go libre(s) - 98%) [USB DISK] # FAT32
F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (632)
C:\Windows\system32\wininit.exe (684)
C:\Windows\system32\csrss.exe (704)
C:\Windows\system32\winlogon.exe (748)
C:\Windows\system32\services.exe (796)
C:\Windows\system32\lsass.exe (804)
C:\Windows\system32\lsm.exe (816)
C:\Windows\system32\svchost.exe (908)
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (968)
C:\Windows\system32\nvvsvc.exe (1096)
C:\Windows\system32\svchost.exe (1136)
C:\Windows\System32\svchost.exe (1232)
C:\Windows\System32\svchost.exe (1292)
C:\Windows\system32\svchost.exe (1332)
C:\Windows\system32\svchost.exe (1380)
C:\Windows\system32\svchost.exe (1508)
C:\Windows\system32\svchost.exe (1772)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1824)
C:\Windows\system32\nvvsvc.exe (1836)
C:\Windows\System32\spoolsv.exe (1800)
C:\Windows\system32\svchost.exe (2052)
C:\Windows\system32\svchost.exe (2112)
C:\Windows\SysWOW64\svchost.exe (2136)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (2256)
C:\Windows\System32\svchost.exe (2284)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (2320)
C:\Windows\system32\taskhost.exe (2384)
C:\Windows\system32\Dwm.exe (2468)
C:\Windows\Explorer.EXE (2552)
C:\Windows\system32\rundll32.exe (2688)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2740)
C:\Windows\System32\svchost.exe (2816)
C:\Windows\SysWOW64\PnkBstrA.exe (2848)
C:\Windows\system32\svchost.exe (2876)
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (2948)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (2672)
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (2904)
C:\Program Files\Windows Sidebar\sidebar.exe (2812)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (3220)
C:\Windows\system32\wbem\wmiprvse.exe (3228)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (3316)
C:\Windows\system32\svchost.exe (3472)
C:\Windows\System32\WUDFHost.exe (3720)
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (3752)
C:\Windows\system32\svchost.exe (3832)
C:\Windows\system32\SearchIndexer.exe (2040)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3520)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (3976)
C:\Windows\system32\conhost.exe (3204)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (4404)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (4452)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (4488)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5100)
C:\Windows\System32\svchost.exe (4112)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (5048)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (5692)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (5764)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5812)
C:\Users\Esteban\AppData\Local\Temp\B26DB5AD-D4845D42-C20D8AF6-71A560D8\k0r8duz2.exe (4060)
C:\UsbFix\Go.exe (1540)
C:\Windows\System32\WUDFHost.exe (2128)
C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe (5480)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (5956)
C:\Windows\system32\wbem\wmiprvse.exe (4024)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2269556892-668980708-1879617014-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2269556892-668980708-1879617014-1004\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-2269556892-668980708-1879617014-1004\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{729d95ce-17e3-11e3-9fb4-806e6f6e6963}
Shell\AutoRun\Command = D:\Bin\ASSETUP.exe
################## | Vaccin |
B:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: Esteban (Administrateur) # ESTEBAN-PC
Mis � jour le 20/09/2013 par El Desaparecido - Team SosVirus
Lanc� � 12:13:17 | 21/09/2013
Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: ASUS (All Series) (x64-based PC)
CPU: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz (3401)
RAM -> [Total : 8131 | Free : 6499]
BIOS: BIOS Date: 07/31/13 10:09:24 Ver: 05.01
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Bitdefender Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [(!) Disabled]
B:\ -> Disque fixe # 400 Go (327 Go libre(s) - 82%) [Sauvegardes] # NTFS
C:\ (%systemdrive%) -> Disque fixe # 531 Go (438 Go libre(s) - 82%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 15 Go (14 Go libre(s) - 98%) [USB DISK] # FAT32
F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (632)
C:\Windows\system32\wininit.exe (684)
C:\Windows\system32\csrss.exe (704)
C:\Windows\system32\winlogon.exe (748)
C:\Windows\system32\services.exe (796)
C:\Windows\system32\lsass.exe (804)
C:\Windows\system32\lsm.exe (816)
C:\Windows\system32\svchost.exe (908)
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (968)
C:\Windows\system32\nvvsvc.exe (1096)
C:\Windows\system32\svchost.exe (1136)
C:\Windows\System32\svchost.exe (1232)
C:\Windows\System32\svchost.exe (1292)
C:\Windows\system32\svchost.exe (1332)
C:\Windows\system32\svchost.exe (1380)
C:\Windows\system32\svchost.exe (1508)
C:\Windows\system32\svchost.exe (1772)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1824)
C:\Windows\system32\nvvsvc.exe (1836)
C:\Windows\System32\spoolsv.exe (1800)
C:\Windows\system32\svchost.exe (2052)
C:\Windows\system32\svchost.exe (2112)
C:\Windows\SysWOW64\svchost.exe (2136)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (2256)
C:\Windows\System32\svchost.exe (2284)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (2320)
C:\Windows\system32\taskhost.exe (2384)
C:\Windows\system32\Dwm.exe (2468)
C:\Windows\Explorer.EXE (2552)
C:\Windows\system32\rundll32.exe (2688)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2740)
C:\Windows\System32\svchost.exe (2816)
C:\Windows\SysWOW64\PnkBstrA.exe (2848)
C:\Windows\system32\svchost.exe (2876)
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (2948)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (2672)
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (2904)
C:\Program Files\Windows Sidebar\sidebar.exe (2812)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (3220)
C:\Windows\system32\wbem\wmiprvse.exe (3228)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (3316)
C:\Windows\system32\svchost.exe (3472)
C:\Windows\System32\WUDFHost.exe (3720)
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (3752)
C:\Windows\system32\svchost.exe (3832)
C:\Windows\system32\SearchIndexer.exe (2040)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3520)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (3976)
C:\Windows\system32\conhost.exe (3204)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (4404)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (4452)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (4488)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5100)
C:\Windows\System32\svchost.exe (4112)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (5048)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (5692)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (5764)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5812)
C:\Users\Esteban\AppData\Local\Temp\B26DB5AD-D4845D42-C20D8AF6-71A560D8\k0r8duz2.exe (4060)
C:\UsbFix\Go.exe (1540)
C:\Windows\System32\WUDFHost.exe (2128)
C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe (5480)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (5956)
C:\Windows\system32\wbem\wmiprvse.exe (4024)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2269556892-668980708-1879617014-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2269556892-668980708-1879617014-1004\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-2269556892-668980708-1879617014-1004\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{729d95ce-17e3-11e3-9fb4-806e6f6e6963}
Shell\AutoRun\Command = D:\Bin\ASSETUP.exe
################## | Vaccin |
B:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |