ninautica
Participant
Nombre d'articles : 11

voilà le rapport !! mais je crois qu’il reste encore un truc…[spoiler:27wabuck]############################## | UsbFix V 7.129 | [Suppression]

Utilisateur: eric (Administrateur) # IVANEBINE
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 15:50:16 | 06/08/2013

Site Web: http://sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html » onclick= »window.open(this.href);return false;
Contact: contact@sosvirus.net

PC: Acer (Aspire 5040) (X86-based PC)
CPU: AMD Turion(tm) 64 Mobile Technology ML-34 (1800)
RAM -> [Total : 894 | Free : 747]
BIOS: Ver 1.00PARTTBL
BOOT: Fail-safe boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 35 Go (27 Go libre(s) – 77%) [ACER] # FAT32
D: -> Disque fixe # 36 Go (9 Go libre(s) – 24%) [ACERDATA] # FAT32
E: -> CD-ROM
F: -> Disque amovible # 7 Go (70 Mo libre(s) – 1%) [BIG MAMA] # FAT32
G: -> Disque fixe # 233 Go (78 Go libre(s) – 33%) [Iomega HDD] # NTFS

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [preload] – C:WindowsRUNXMLPL.exe
HKLMSOFTWARE | Run : [SynTPLpr] – C:Program FilesSynapticsSynTPSynTPLpr.exe
HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:WINDOWSsystem32WLTRAY
HKLMSOFTWARE | Run : [RTHDCPL] – RTHDCPL.EXE
HKLMSOFTWARE | Run : [Alcmtr] – ALCMTR.EXE
HKLMSOFTWARE | Run : [LaunchAp] – « C:Program FilesLaunch ManagerLaunchAp.exe »
HKLMSOFTWARE | Run : [PowerKey] – « C:Program FilesLaunch ManagerPowerKey.exe »
HKLMSOFTWARE | Run : [LManager] – « C:Program FilesLaunch ManagerHotkeyApp.exe »
HKLMSOFTWARE | Run : [CtrlVol] – « C:Program FilesLaunch ManagerCtrlVol.exe »
HKLMSOFTWARE | Run : [LMgrOSD] – « C:Program FilesLaunch ManagerOSDCtrl.exe »
HKLMSOFTWARE | Run : [Wbutton] – « C:Program FilesLaunch ManagerWbutton.exe »
HKLMSOFTWARE | Run : [PCMService] – « C:Program FilesAcerAcer ArcadePCMService.exe »
HKLMSOFTWARE | Run : [IMJPMIG8.1] – « C:WINDOWSIMEimjp8_1IMJPMIG.EXE » /Spoil /RemAdvDef /Migration32
HKLMSOFTWARE | Run : [MSPY2002] – C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
HKLMSOFTWARE | Run : [PHIME2002ASync] – C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
HKLMSOFTWARE | Run : [PHIME2002A] – C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
HKLMSOFTWARE | Run : [ATICCC] – « C:Program FilesATI TechnologiesATI.ACEcli.exe » runtime -Delay
HKLMSOFTWARE | Run : [ADMTray.exe] – « C:AcerEmpowering Technologyadmtray.exe »
HKLMSOFTWARE | Run : [eDataSecurity Loader] – C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
HKLMSOFTWARE | Run : [eRecoveryService] – C:AcerEmpowering TechnologyeRecoveryMonitor.exe
HKLMSOFTWARE | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-21-4244209995-4258332182-1472871485-1006SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Processus Stoppés |

Stoppé! C:WINDOWSExplorer.EXE (768)

################## | Éléments infectieux |

Supprimé! C:DOCUME~1ericLOCALS~1TempRtkBtMnt.exe
Supprimé! D:desktop.ini
Non supprimé ! G:RecyclerS-5-3-42-2819952290-8240758988-879315005-3665
Supprimé! C:System Volume Information_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}RP11A0000930.exe
Supprimé! C:System Volume Information_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}RP12A0001999.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

################## | Listing |

[15/10/2004 – 11:33:18 | D ] C:I386
[15/10/2004 – 11:36:38 | D ] C:DOCS
[15/10/2004 – 11:36:48 | D ] C:SUPPORT
[15/10/2004 – 11:36:52 | D ] C:VALUEADD
[15/10/2004 – 11:37:00 | D ] C:ELEMENTS
[15/10/2004 – 11:47:16 | D ] C:WINDOWS
[15/10/2004 – 11:51:22 | D ] C:Documents and Settings
[15/10/2004 – 11:59:30 | D ] C:Program Files
[07/04/2005 – 14:12:34 | D ] C:BOOK
[07/04/2005 – 14:12:36 | D ] C:Sysinfo
[15/02/2006 – 17:33:54 | D ] C:DOTNETFX
[15/10/2004 – 11:41:16 | N | 512] C:BOOTSECT.DOS
[05/08/2004 – 05:00:00 | N | 4952] C:Bootfont.bin
[05/08/2004 – 05:00:00 | N | 251712] C:ntldr
[05/08/2004 – 05:00:00 | N | 47564] C:NTDETECT.COM
[05/08/2013 – 18:58:04 | N | 194] C:BOOT.INI
[07/04/2005 – 14:13:32 | N | 4] C:wps.dat
[07/04/2005 – 14:19:08 | N | 167] C:bcmwl5.log
[05/07/2006 – 20:16:50 | N | 65] C:Preload.rev
[05/07/2006 – 20:16:50 | N | 65] C:preload.aaa
[11/07/2006 – 14:20:30 | N | 867] C:Patch.rev
[06/08/2013 – 15:48:04 | ASH | 1409286144] C:pagefile.sys
[05/08/2013 – 18:58:08 | SHD ] C:System Volume Information
[05/08/2013 – 19:04:26 | D ] C:Acer
[05/08/2013 – 19:09:08 | N | 86] C:setup.log
[05/08/2013 – 19:38:32 | SHD ] C:Recycled
[05/08/2013 – 21:52:00 | D ] C:UsbFix
[05/08/2013 – 22:06:30 | N | 4819] C:UsbFix [Listing 1 ] IVANEBINE.txt
[05/08/2013 – 22:46:00 | N | 6515] C:UsbFix [Scan 9] IVANEBINE.txt
[05/08/2013 – 22:52:22 | N | 6555] C:UsbFix [Scan 10] IVANEBINE.txt
[05/08/2013 – 22:54:28 | N | 54436453] C:Upload_UsbFix.zip
[05/08/2013 – 22:56:40 | N | 4427] C:UsbFix [Scan 11] IVANEBINE.txt
[06/08/2013 – 00:05:40 | N | 4772] C:UsbFix [Scan 12] IVANEBINE.txt
[06/08/2013 – 10:08:50 | N | 6042] C:UsbFix [Scan 14] IVANEBINE.txt
[06/08/2013 – 10:11:32 | N | 5977] C:UsbFix [Scan 15] IVANEBINE.txt
[06/08/2013 – 10:14:06 | N | 5978] C:UsbFix [Scan 16] IVANEBINE.txt
[05/08/2013 – 22:54:18 | D ] C:Autorun(2).inf
[06/08/2013 – 11:08:34 | N | 6066] C:UsbFix [Scan 1] IVANEBINE.txt
[06/08/2013 – 12:05:08 | N | 1200] C:AdwCleaner[S1].txt
[06/08/2013 – 12:11:34 | D ] C:ZHP
[06/08/2013 – 12:19:10 | N | 6493] C:UsbFix [Scan 4] IVANEBINE.txt
[06/08/2013 – 13:57:48 | N | 6425] C:UsbFix [Scan 5] IVANEBINE.txt
[06/08/2013 – 14:53:20 | N | 5698] C:UsbFix [Clean 1] IVANEBINE.txt
[06/08/2013 – 15:20:02 | N | 6412] C:UsbFix [Scan 8] IVANEBINE.txt
[06/08/2013 – 15:21:52 | N | 5609] C:UsbFix [Clean 2] IVANEBINE.txt
[06/08/2013 – 15:54:56 | A | 6385] C:UsbFix [Clean 3] IVANEBINE.txt
[05/08/2013 – 15:18:08 | D ] D:photos
[10/03/2010 – 18:44:30 | N | 1282675] D:eric.abr
[28/09/2006 – 00:53:52 | SHD ] D:System Volume Information
[19/02/2011 – 15:18:24 | D ] D:Images artiste histeria
[30/07/2013 – 17:53:00 | D ] D:Musique
[05/08/2013 – 14:39:24 | D ] D:Enfants animation
[11/02/2011 – 14:45:34 | D ] D:documents à Nina
[05/08/2013 – 15:11:10 | D ] D:Ma vie, mon oeuvre
[05/08/2013 – 15:14:24 | D ] D:images documents utiles
[23/06/2012 – 20:08:20 | N | 732562394] D:Mientras Duermes (Malveillance).mkv
[12/07/2013 – 00:24:14 | N | 838860288] D:No.mkv
[05/08/2013 – 22:54:18 | D ] D:Autorun(2).inf
[27/07/2013 – 17:14:08 | D ] D:Mes images
[04/11/2009 – 13:33:36 | D ] D:emploi!!!
[11/09/2011 – 20:24:14 | D ] D:Téléchargements
[27/01/2007 – 16:24:52 | SHD ] D:Recycled
[16/02/2007 – 22:07:44 | N | 60] D:Copie de desktop.ini
[18/09/2012 – 10:04:58 | D ] F:Boulot
[30/12/2012 – 22:02:18 | N | 4096] F:._.Trashes
[30/12/2012 – 22:02:18 | HD ] F:.Trashes
[14/02/2013 – 16:37:22 | D ] F:.fseventsd
[30/12/2012 – 22:02:20 | D ] F:.Spotlight-V100
[23/07/2013 – 16:28:44 | D ] F:Mise en page les anciens
[27/02/2013 – 22:35:28 | D ] F:projets créatifs sauvegarde
[30/12/2012 – 22:29:06 | N | 4096] F:._velvet goldmine
[20/01/2013 – 06:48:34 | D ] F:2013
[16/03/2013 – 22:24:30 | SHD ] G:$RECYCLE.BIN
[16/08/2011 – 12:15:46 | D ] G:ADOBE CS5
[05/08/2013 – 22:54:17 | RASHD ] G:Autorun.inf
[20/08/2011 – 12:18:43 | D ] G:found.000
[27/02/2013 – 14:01:00 | D ] G:musique antoine
[05/08/2013 – 22:53:53 | SHD ] G:RECYCLER
[05/08/2013 – 17:23:52 | D ] G:sauvegarde entière 5 aout 2013
[03/12/2010 – 22:43:35 | SHD ] G:System Volume Information

################## | Vaccin |

C:Autorun(2).inf -> Vaccin créé par UsbFix (El Desaparecido)
C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun(2).inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:27wabuck]