- jeu. 14 nov. 2013 22:20
#16890
Voici le rapport rechercher :
e rapport du recherche :
############################## | UsbFix V 7.150 | [Recherche]
Utilisateur: admin (Administrateur) # ADMIN2013
Mis à jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à 22:10:20 | 14/11/2013
Site Web : https://www.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : upload_malware.php
Contact : https://www.usbfix.net/contact/
PC: ASUSTeK Computer INC. (P5K-VM)
CPU: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
RAM -> [Total : 1014 | Free : 335]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 26.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 49 Go (31 Go libre(s) - 64%) [] # NTFS
D:\ -> Disque fixe # 100 Go (100 Go libre(s) - 100%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 99%) [SHAHIDA] # FAT32
G:\ -> Disque amovible # 492 Mo (242 Mo libre(s) - 49%) [SHAHIDA] # FAT
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 636 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 720 |ParentID: 636)
C:\WINDOWS\system32\services.exe (ID: 764 |ParentID: 720)
C:\WINDOWS\system32\lsass.exe (ID: 776 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 952 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 1148 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 260 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 504 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 444 |ParentID: 764)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 3420 |ParentID: 764)
C:\WINDOWS\system32\spoolsv.exe (ID: 3596 |ParentID: 764)
C:\WINDOWS\Explorer.exe (ID: 2588 |ParentID: 3476)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2524 |ParentID: 2588)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3184 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3156 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4056 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2456 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2128 |ParentID: 2524)
C:\UsbFix\Go.exe (ID: 2272 |ParentID: 1168)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [Facebook Update] - "C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [MailNotifier] - C:\Program Files\Orange\MailNotifier\MailNotifier.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
################## | Recherche générique |
################## | Registre |
################## | Vaccin |
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
e rapport du recherche :
############################## | UsbFix V 7.150 | [Recherche]
Utilisateur: admin (Administrateur) # ADMIN2013
Mis à jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à 22:10:20 | 14/11/2013
Site Web : https://www.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : upload_malware.php
Contact : https://www.usbfix.net/contact/
PC: ASUSTeK Computer INC. (P5K-VM)
CPU: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
RAM -> [Total : 1014 | Free : 335]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 26.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 49 Go (31 Go libre(s) - 64%) [] # NTFS
D:\ -> Disque fixe # 100 Go (100 Go libre(s) - 100%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 99%) [SHAHIDA] # FAT32
G:\ -> Disque amovible # 492 Mo (242 Mo libre(s) - 49%) [SHAHIDA] # FAT
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 636 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 720 |ParentID: 636)
C:\WINDOWS\system32\services.exe (ID: 764 |ParentID: 720)
C:\WINDOWS\system32\lsass.exe (ID: 776 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 952 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 1148 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 260 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 504 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 444 |ParentID: 764)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 3420 |ParentID: 764)
C:\WINDOWS\system32\spoolsv.exe (ID: 3596 |ParentID: 764)
C:\WINDOWS\Explorer.exe (ID: 2588 |ParentID: 3476)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2524 |ParentID: 2588)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3184 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3156 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4056 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2456 |ParentID: 2524)
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2128 |ParentID: 2524)
C:\UsbFix\Go.exe (ID: 2272 |ParentID: 1168)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [Facebook Update] - "C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-583907252-926492609-1177238915-1003\SOFTWARE | Run : [MailNotifier] - C:\Program Files\Orange\MailNotifier\MailNotifier.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
################## | Recherche générique |
################## | Registre |
################## | Vaccin |
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
- Par El Magnifico