Oualid Arkam
Participant
Nombre d'articles : 9

@g3n-h@ckm@n wrote:

il t’a fait un rapport dans c:tout de meme

############################## | UsbFix V 7.119 | [Suppression]

Utilisateur: ARKAM (Administrateur) # ARKAM-8F30FD7DD
Mis à jour le 27/03/2013 par El Desaparecido
Lancé à 09:56:27 | 01/04/2013

Site Web: http://sosvirus.org/” onclick=”window.open(this.href);return false;
Upload Malware: http://upload.sosvirus.org/” onclick=”window.open(this.href);return false;
Contact: contact@sosvirus.org

PC: O.E.M (O.E.M) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU 230 @ 1.60GHz (1596)
RAM -> [Total : 1015 | Free : 649]
BIOS: BIOS Date: 05/08/09 10:07:02 Ver: 08.00.14
BOOT: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 49 Go (36 Go libre(s) – 74%) [] # NTFS
D: -> Disque fixe # 133 Go (88 Go libre(s) – 67%) [] # NTFS
I: -> Disque fixe # 51 Go (46 Go libre(s) – 90%) [] # NTFS
J: -> CD-ROM

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [RTHDCPL] – RTHDCPL.EXE
HKLMSOFTWARE | Run : [Alcmtr] – ALCMTR.EXE
HKLMSOFTWARE | Run : [IgfxTray] – C:WINDOWSsystem32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:WINDOWSsystem32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:WINDOWSsystem32igfxpers.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [EPSON Stylus CX3900 Series] – C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBEP.EXE /FU “C:WINDOWSTEMPE_SA7.tmp” /EF “HKLM”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesFichiers communsJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [InboxToolbar] – “C:Program FilesInbox ToolbarInbox.exe” /STARTUP
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-21-220523388-2052111302-515967899-1003SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
HKUS-1-5-21-220523388-2052111302-515967899-1003SOFTWARE | Run : [MSMSGS] – “C:Program FilesMessengermsmsgs.exe” /background
HKUS-1-5-21-220523388-2052111302-515967899-1003SOFTWARE | Run : [IDMan] – C:Program FilesInternet Download ManagerIDMan.exe /onboot
HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (1552)
Stoppé! C:WINDOWSsystem32spoolsv.exe (1712)
Stoppé! C:WINDOWSExplorer.EXE (176)
Stoppé! C:WINDOWSRTHDCPL.EXE (1468)
Stoppé! C:WINDOWSsystem32igfxtray.exe (516)
Stoppé! C:WINDOWSsystem32hkcmd.exe (552)
Stoppé! C:WINDOWSsystem32igfxsrvc.exe (604)
Stoppé! C:WINDOWSsystem32igfxpers.exe (712)
Stoppé! C:Program FilesFichiers communsJavaJava Updatejusched.exe (1336)
Stoppé! C:Program FilesInbox ToolbarInbox.exe (2064)
Stoppé! C:Program FilesAVAST SoftwareAvastavastUI.exe (2080)
Stoppé! C:WINDOWSsystem32ctfmon.exe (2088)
Stoppé! C:Program FilesMessengermsmsgs.exe (2096)
Stoppé! C:Program FilesInternet Download ManagerIDMan.exe (2220)
Stoppé! C:Program FilesInternet Download ManagerIEMonitor.exe (3340)
Stoppé! C:WINDOWSsystem32wuauclt.exe (3928)
Stoppé! C:WINDOWSsystem32wuauclt.exe (2384)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

################## | Listing |

[15/11/2012 – 14:35:38 | N | 0] C:AUTOEXEC.BAT
[29/03/2013 – 13:22:43 | RASHD ] C:Autorun.inf
[30/03/2013 – 16:59:19 | N | 212] C:boot.ini
[02/10/2001 – 20:17:20 | N | 4952] C:Bootfont.bin
[14/12/2012 – 11:56:15 | D ] C:Cantine Facture
[15/11/2012 – 14:35:38 | N | 0] C:CONFIG.SYS
[30/03/2013 – 22:01:57 | D ] C:Documents and Settings
[17/02/2013 – 18:13:16 | D ] C:DriveKey
[15/11/2012 – 14:43:23 | D ] C:Intel
[15/11/2012 – 14:35:38 | N | 0] C:IO.SYS
[17/08/2009 – 02:25:14 | N | 1668853] C:macaroni.pdf
[15/11/2012 – 14:35:38 | N | 0] C:MSDOS.SYS
[24/11/2012 – 19:12:03 | RHD ] C:MSOCache
[13/04/2008 – 10:43:04 | N | 47564] C:NTDETECT.COM
[13/04/2008 – 12:31:52 | N | 252240] C:ntldr
[01/04/2013 – 09:53:11 | ASH | 1598029824] C:pagefile.sys
[29/03/2013 – 12:12:27 | N | 512] C:PhysicalMBR.bin
[30/03/2013 – 14:43:30 | D ] C:Program Files
[08/05/2009 – 01:09:56 | SHD ] C:RECYCLER
[23/11/2012 – 22:41:39 | N | 51200] C:sdssservices.exe
[04/03/2013 – 21:39:14 | D ] C:SSTMP
[15/11/2012 – 14:39:35 | SHD ] C:System Volume Information
[13/03/2013 – 19:01:10 | N | 4] C:timeStmp.tmp
[01/04/2013 – 09:58:13 | D ] C:UsbFix
[29/03/2013 – 13:22:45 | N | 8798] C:UsbFix [Clean 3] ARKAM-8F30FD7DD.txt
[01/04/2013 – 09:59:02 | A | 4957] C:UsbFix [Clean 4] ARKAM-8F30FD7DD.txt
[31/12/2012 – 13:32:18 | N | 0] C:UsbFix.txt
[08/05/2009 – 01:13:59 | N | 21283] C:UsbFix_Upload_Me_ARKAM-8F30FD7DD.zip
[30/03/2013 – 16:58:04 | D ] C:WINDOWS
[29/03/2013 – 12:26:00 | D ] C:_OTL
[01/03/2013 – 13:39:36 | D ] D:—-2013
[01/03/2013 – 13:39:37 | D ] D:2013????? ??????
[29/01/2013 – 12:55:48 | D ] D:arkam oualid
[29/03/2013 – 13:22:43 | RASHD ] D:Autorun.inf
[01/03/2013 – 13:39:34 | D ] D:azrar fariza
[01/03/2013 – 13:39:38 | D ] D:bacaloria
[08/09/2012 – 16:18:05 | D ] D:dettes
[29/10/2012 – 12:41:13 | D ] D:films coch
[17/02/2013 – 18:13:53 | D ] D:fladh mem
[01/03/2013 – 13:39:39 | D ] D:Nouveau dossier (2)
[08/05/2009 – 01:09:56 | SHD ] D:RECYCLER
[25/12/2011 – 15:21:19 | D ] D:sys
[15/11/2012 – 14:40:27 | SHD ] D:System Volume Information
[09/05/2012 – 10:06:34 | ASH | 6144] D:Thumbs.db
[10/10/2012 – 22:19:33 | N | 513877] D:??????? ?????? ??? 5.docx
[10/10/2012 – 12:41:52 | N | 1220614] D:??????? ?????????.docx
[03/11/2012 – 21:59:12 | D ] D:????????
[02/10/2012 – 21:26:58 | D ] D:????????
[08/09/2012 – 17:37:36 | D ] D:????? ???????
[08/09/2012 – 17:40:38 | D ] D:?????? ?????
[11/09/2012 – 18:52:36 | D ] D:?? ?? ??? ???????
[01/03/2013 – 13:39:35 | D ] D:???? ??????
[08/12/2012 – 10:56:26 | N | 41588] I:2012.pdf
[29/03/2013 – 13:22:43 | RASHD ] I:Autorun.inf
[14/11/2012 – 13:05:27 | D ] I:films
[19/03/2013 – 20:41:27 | N | 194387] I:formulair c.identite pasport.pdf
[28/05/2012 – 07:38:41 | D ] I:guerre d’algerie
[06/02/2013 – 09:20:21 | D ] I:Hotmail
[14/11/2012 – 22:03:23 | N | 10404] I:http.docx
[05/11/2012 – 17:01:00 | D ] I:idmen
[20/01/2013 – 10:54:46 | D ] I:Kitab-Techriaa-Madrassi
[17/03/2013 – 11:06:01 | D ] I:livres cuisine
[17/11/2012 – 16:40:32 | N | 318686] I:new_quran_method.pdf
[08/05/2009 – 01:09:56 | SHD ] I:RECYCLER
[15/11/2012 – 14:40:27 | SHD ] I:System Volume Information
[13/03/2013 – 00:46:20 | N | 476160] I:???????? ????? ??????? ??????? ????? ?????.doc
[17/11/2012 – 21:30:18 | D ] I:???????
[06/11/2012 – 19:34:13 | D ] I:??????? ??????????
[12/03/2013 – 15:12:30 | N | 112640] I:?????? ?4.doc
[17/11/2012 – 21:21:31 | D ] I:?? ???????? ????? ??????? ???????

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)