Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.162 | [Recherche]
Utilisateur: guessas amar (Administrateur) # MY-PC
Mis � jour le 27/01/2014 par El Desaparecido - Team SosVirus
Lanc� � 23:28:14 | 30/01/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: ASUSTeK Computer INC. (P5KPL-AM SE)
CPU: Processeur Intel Pentium III Xeon
RAM -> [Total : 1014 Mo| Free : 404 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 26.0
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 66 Go (15 Go libre(s) - 23%) [] # NTFS
D:\ -> Disque fixe # 100 Go (74 Go libre(s) - 74%) [] # NTFS
E:\ -> Disque fixe # 100 Go (98 Go libre(s) - 98%) [] # NTFS
F:\ -> Disque fixe # 200 Go (190 Go libre(s) - 95%) [] # NTFS
G:\ -> Disque amovible # 8 Go (25 Mo libre(s) - 0%) [ADATA UFD] # FAT32
H:\ -> Disque fixe # 20 Go (345 Mo libre(s) - 2%) [System] # NTFS
I:\ -> Disque fixe # 20 Go (5 Go libre(s) - 25%) [Programme] # NTFS
J:\ -> Disque fixe # 20 Go (2 Go libre(s) - 12%) [Barmaja] # NTFS
K:\ -> Disque fixe # 16 Go (5 Go libre(s) - 32%) [Download] # NTFS
L:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 1072 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 1188 |ParentID: 1072)
C:\WINDOWS\system32\services.exe (ID: 1232 |ParentID: 1188)
C:\WINDOWS\system32\lsass.exe (ID: 1244 |ParentID: 1188)
C:\WINDOWS\system32\svchost.exe (ID: 1408 |ParentID: 1232)
C:\WINDOWS\System32\svchost.exe (ID: 1536 |ParentID: 1232)
C:\WINDOWS\system32\spoolsv.exe (ID: 1844 |ParentID: 1232)
d:\AppServ\Apache2.2\bin\httpd.exe (ID: 1948 |ParentID: 1232)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 1968 |ParentID: 1232)
C:\WINDOWS\system32\inetsrv\inetinfo.exe (ID: 276 |ParentID: 1232)
C:\Program Files\Java\jre6\bin\jqs.exe (ID: 296 |ParentID: 1232)
d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 388 |ParentID: 1232)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 772 |ParentID: 1968)
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 780 |ParentID: 1232)
d:\AppServ\MySQL\bin\mysqld-nt.exe (ID: 940 |ParentID: 1232)
C:\WINDOWS\system32\svchost.exe (ID: 1024 |ParentID: 1232)
D:\AppServ\Apache2.2\bin\httpd.exe (ID: 2072 |ParentID: 1948)
d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 3180 |ParentID: 780)
C:\WINDOWS\system32\wscntfy.exe (ID: 2712 |ParentID: 1536)
C:\WINDOWS\Explorer.EXE (ID: 360 |ParentID: 2628)
C:\WINDOWS\RTHDCPL.EXE (ID: 3344 |ParentID: 360)
C:\WINDOWS\system32\igfxtray.exe (ID: 3368 |ParentID: 360)
C:\WINDOWS\system32\hkcmd.exe (ID: 3424 |ParentID: 360)
C:\WINDOWS\system32\igfxpers.exe (ID: 3524 |ParentID: 360)
D:\Program Files\Unlocker\UnlockerAssistant.exe (ID: 1364 |ParentID: 360)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 980 |ParentID: 360)
C:\Program Files\Real\RealPlayer\update\realsched.exe (ID: 2592 |ParentID: 360)
C:\WINDOWS\system32\ctfmon.exe (ID: 2496 |ParentID: 360)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 2736 |ParentID: 1408)
D:\Vista Inspirat 2\RocketDock\RocketDock.exe (ID: 3888 |ParentID: 360)
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (ID: 2372 |ParentID: 360)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 3864 |ParentID: 360)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 3420 |ParentID: 3864)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 1776 |ParentID: 3864)
C:\WINDOWS\system32\notepad.exe (ID: 3924 |ParentID: 360)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 1688 |ParentID: 3864)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 1128 |ParentID: 3864)
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (ID: 2464 |ParentID: 360)
D:\Program Files\Notepad++\notepad++.exe (ID: 1792 |ParentID: 4084)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 536 |ParentID: 3864)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 3628 |ParentID: 3864)
D:\Program Files\Internet Download Manager\IDMan.exe (ID: 1416 |ParentID: 1408)
F:\T�l�chargements\Programmes\SoftonicDownloader_pour_avira-free-antivirus.exe (ID: 4264 |ParentID: 1416)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5032 |ParentID: 3864)
################## | Regedit Run |
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
04 - HKLM\..\Run : [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe
04 - HKLM\..\Run : [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
04 - HKLM\..\Run : [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
04 - HKLM\..\Run : [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKLM\..\Run : [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKLM\..\Run : [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
04 - HKLM\..\Run : [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
04 - HKLM\..\Run : [USB Security] d:\Program Files\USB Disk Security\USBGuard.exe
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\..\Run : [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run : [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RunOnce : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-448539723-746137067-1801674531-1003\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-448539723-746137067-1801674531-1003\..\Run : [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
################## | Recherche g�n�rique |
################## | Registre |
################## | Vaccin |
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
K:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: guessas amar (Administrateur) # MY-PC
Mis � jour le 27/01/2014 par El Desaparecido - Team SosVirus
Lanc� � 23:28:14 | 30/01/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: ASUSTeK Computer INC. (P5KPL-AM SE)
CPU: Processeur Intel Pentium III Xeon
RAM -> [Total : 1014 Mo| Free : 404 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 26.0
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 66 Go (15 Go libre(s) - 23%) [] # NTFS
D:\ -> Disque fixe # 100 Go (74 Go libre(s) - 74%) [] # NTFS
E:\ -> Disque fixe # 100 Go (98 Go libre(s) - 98%) [] # NTFS
F:\ -> Disque fixe # 200 Go (190 Go libre(s) - 95%) [] # NTFS
G:\ -> Disque amovible # 8 Go (25 Mo libre(s) - 0%) [ADATA UFD] # FAT32
H:\ -> Disque fixe # 20 Go (345 Mo libre(s) - 2%) [System] # NTFS
I:\ -> Disque fixe # 20 Go (5 Go libre(s) - 25%) [Programme] # NTFS
J:\ -> Disque fixe # 20 Go (2 Go libre(s) - 12%) [Barmaja] # NTFS
K:\ -> Disque fixe # 16 Go (5 Go libre(s) - 32%) [Download] # NTFS
L:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 1072 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 1188 |ParentID: 1072)
C:\WINDOWS\system32\services.exe (ID: 1232 |ParentID: 1188)
C:\WINDOWS\system32\lsass.exe (ID: 1244 |ParentID: 1188)
C:\WINDOWS\system32\svchost.exe (ID: 1408 |ParentID: 1232)
C:\WINDOWS\System32\svchost.exe (ID: 1536 |ParentID: 1232)
C:\WINDOWS\system32\spoolsv.exe (ID: 1844 |ParentID: 1232)
d:\AppServ\Apache2.2\bin\httpd.exe (ID: 1948 |ParentID: 1232)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 1968 |ParentID: 1232)
C:\WINDOWS\system32\inetsrv\inetinfo.exe (ID: 276 |ParentID: 1232)
C:\Program Files\Java\jre6\bin\jqs.exe (ID: 296 |ParentID: 1232)
d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 388 |ParentID: 1232)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 772 |ParentID: 1968)
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 780 |ParentID: 1232)
d:\AppServ\MySQL\bin\mysqld-nt.exe (ID: 940 |ParentID: 1232)
C:\WINDOWS\system32\svchost.exe (ID: 1024 |ParentID: 1232)
D:\AppServ\Apache2.2\bin\httpd.exe (ID: 2072 |ParentID: 1948)
d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 3180 |ParentID: 780)
C:\WINDOWS\system32\wscntfy.exe (ID: 2712 |ParentID: 1536)
C:\WINDOWS\Explorer.EXE (ID: 360 |ParentID: 2628)
C:\WINDOWS\RTHDCPL.EXE (ID: 3344 |ParentID: 360)
C:\WINDOWS\system32\igfxtray.exe (ID: 3368 |ParentID: 360)
C:\WINDOWS\system32\hkcmd.exe (ID: 3424 |ParentID: 360)
C:\WINDOWS\system32\igfxpers.exe (ID: 3524 |ParentID: 360)
D:\Program Files\Unlocker\UnlockerAssistant.exe (ID: 1364 |ParentID: 360)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 980 |ParentID: 360)
C:\Program Files\Real\RealPlayer\update\realsched.exe (ID: 2592 |ParentID: 360)
C:\WINDOWS\system32\ctfmon.exe (ID: 2496 |ParentID: 360)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 2736 |ParentID: 1408)
D:\Vista Inspirat 2\RocketDock\RocketDock.exe (ID: 3888 |ParentID: 360)
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (ID: 2372 |ParentID: 360)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 3864 |ParentID: 360)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 3420 |ParentID: 3864)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 1776 |ParentID: 3864)
C:\WINDOWS\system32\notepad.exe (ID: 3924 |ParentID: 360)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 1688 |ParentID: 3864)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 1128 |ParentID: 3864)
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (ID: 2464 |ParentID: 360)
D:\Program Files\Notepad++\notepad++.exe (ID: 1792 |ParentID: 4084)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 536 |ParentID: 3864)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 3628 |ParentID: 3864)
D:\Program Files\Internet Download Manager\IDMan.exe (ID: 1416 |ParentID: 1408)
F:\T�l�chargements\Programmes\SoftonicDownloader_pour_avira-free-antivirus.exe (ID: 4264 |ParentID: 1416)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5032 |ParentID: 3864)
################## | Regedit Run |
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
04 - HKLM\..\Run : [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe
04 - HKLM\..\Run : [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
04 - HKLM\..\Run : [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
04 - HKLM\..\Run : [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKLM\..\Run : [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKLM\..\Run : [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
04 - HKLM\..\Run : [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
04 - HKLM\..\Run : [USB Security] d:\Program Files\USB Disk Security\USBGuard.exe
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\..\Run : [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run : [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RunOnce : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-448539723-746137067-1801674531-1003\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-448539723-746137067-1801674531-1003\..\Run : [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
################## | Recherche g�n�rique |
################## | Registre |
################## | Vaccin |
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
K:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |