ines
Participant
Nombre d'articles : 12

et les usbfix
[attachment=]############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: serge (Administrateur) # MAURICETTE
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 16:30:35 | 20/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (P5Q-PRO)
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
RAM -> [Total : 3327 | Free : 2635]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) – 77%) [] # NTFS
D: -> Disque fixe # 184 Go (183 Go libre(s) – 100%) [] # NTFS
E: -> Disque fixe # 176 Go (77 Go libre(s) – 44%) [] # NTFS
F: -> Disque fixe # 290 Go (290 Go libre(s) – 100%) [Disque local ] # NTFS
J: -> CD-ROM
O: -> Disque fixe # 466 Go (367 Go libre(s) – 79%) [disque ext ] # NTFS

################## | Processus Actif |

C:WINDOWSSystem32smss.exe (ID 444 |ParentID 4)
C:WINDOWSsystem32winlogon.exe (ID 748 |ParentID 444)
C:WINDOWSsystem32services.exe (ID 792 |ParentID 748)
C:WINDOWSsystem32lsass.exe (ID 804 |ParentID 748)
C:WINDOWSsystem32Ati2evxx.exe (ID 1008 |ParentID 792)
C:WINDOWSsystem32svchost.exe (ID 1044 |ParentID 792)
C:WINDOWSSystem32svchost.exe (ID 1212 |ParentID 792)
C:WINDOWSsystem32Ati2evxx.exe (ID 1424 |ParentID 748)
C:WINDOWSsystem32spoolsv.exe (ID 1620 |ParentID 792)
C:Program FilesAviraAntiVir Desktopsched.exe (ID 1656 |ParentID 792)
C:WINDOWSExplorer.EXE (ID 1924 |ParentID 1904)
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID 124 |ParentID 116)
C:Program FilesHpHP Software UpdateHPWuSchd2.exe (ID 136 |ParentID 1924)
C:WINDOWSRTHDCPL.EXE (ID 148 |ParentID 1924)
C:Program FilesASUSSix EngineSixEngine.exe (ID 128 |ParentID 1924)
C:Program FilesAviraAntiVir Desktopavgnt.exe (ID 164 |ParentID 1924)
C:WINDOWSsystem32ctfmon.exe (ID 172 |ParentID 1924)
C:Program FilesAviraAntiVir Desktopavguard.exe (ID 408 |ParentID 792)
C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe (ID 564 |ParentID 792)
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe (ID 1376 |ParentID 124)
C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe (ID 1472 |ParentID 792)
C:WINDOWSsystem32svchost.exe (ID 1724 |ParentID 792)
C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe (ID 1876 |ParentID 1472)
C:Program FilesAviraAntiVir Desktopavshadow.exe (ID 4036 |ParentID 408)
C:WINDOWSSystem32svchost.exe (ID 3228 |ParentID 792)
C:Program FilesInternet Exploreriexplore.exe (ID 908 |ParentID 1924)
C:Program FilesInternet Exploreriexplore.exe (ID 868 |ParentID 908)
C:UsbFixGo.exe (ID 2908 |ParentID 1924)
C:UsbFixGo.exe (ID 3456 |ParentID 1924)
C:WINDOWSsystem32wscntfy.exe (ID 2632 |ParentID 1212)

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [RTHDCPL] – RTHDCPL.EXE
HKLMSOFTWARE | Run : [Alcmtr] – ALCMTR.EXE
HKLMSOFTWARE | Run : [Six Engine] – “C:Program FilesASUSSix EngineSixEngine.exe” -r
HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-21-1060284298-515967899-839522115-1004SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Éléments infectieux |

################## | Registre |

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
O:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
[attachment] [attachment=]############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: serge (Administrateur) # MAURICETTE
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 09:25:10 | 20/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (P5Q-PRO)
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
RAM -> [Total : 3327 | Free : 2558]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) – 78%) [] # NTFS
D: -> Disque fixe # 184 Go (183 Go libre(s) – 100%) [] # NTFS
E: -> Disque fixe # 176 Go (77 Go libre(s) – 44%) [] # NTFS
F: -> Disque fixe # 290 Go (290 Go libre(s) – 100%) [Disque local ] # NTFS
J: -> CD-ROM
O: -> Disque fixe # 466 Go (367 Go libre(s) – 79%) [disque ext ] # NTFS

################## | Processus Actif |

C:WINDOWSSystem32smss.exe (ID 444 |ParentID 4)
C:WINDOWSsystem32winlogon.exe (ID 740 |ParentID 444)
C:WINDOWSsystem32services.exe (ID 784 |ParentID 740)
C:WINDOWSsystem32lsass.exe (ID 796 |ParentID 740)
C:WINDOWSsystem32Ati2evxx.exe (ID 980 |ParentID 784)
C:WINDOWSsystem32svchost.exe (ID 1000 |ParentID 784)
C:WINDOWSSystem32svchost.exe (ID 1168 |ParentID 784)
C:WINDOWSsystem32Ati2evxx.exe (ID 1424 |ParentID 740)
C:WINDOWSsystem32spoolsv.exe (ID 1568 |ParentID 784)
C:Program FilesAviraAntiVir Desktopsched.exe (ID 1624 |ParentID 784)
C:WINDOWSExplorer.EXE (ID 1892 |ParentID 1860)
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2012 |ParentID 2004)
C:Program FilesHpHP Software UpdateHPWuSchd2.exe (ID 2020 |ParentID 1892)
C:WINDOWSRTHDCPL.EXE (ID 2028 |ParentID 1892)
C:Program FilesASUSSix EngineSixEngine.exe (ID 2044 |ParentID 1892)
C:Program FilesAviraAntiVir Desktopavgnt.exe (ID 132 |ParentID 1892)
C:WINDOWSsystem32ctfmon.exe (ID 144 |ParentID 1892)
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe (ID 392 |ParentID 2012)
C:Program FilesAviraAntiVir Desktopavguard.exe (ID 1272 |ParentID 784)
C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe (ID 1472 |ParentID 784)
C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe (ID 1840 |ParentID 784)
C:WINDOWSsystem32svchost.exe (ID 1404 |ParentID 784)
C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe (ID 2112 |ParentID 1840)
C:Program FilesAviraAntiVir Desktopavshadow.exe (ID 3120 |ParentID 1272)
C:WINDOWSSystem32svchost.exe (ID 2872 |ParentID 784)
C:Program FilesInternet Exploreriexplore.exe (ID 1300 |ParentID 1892)
C:Program FilesInternet Exploreriexplore.exe (ID 1800 |ParentID 1300)
C:WINDOWSsystem32wuauclt.exe (ID 2736 |ParentID 1168)
C:Program FilesInternet Exploreriexplore.exe (ID 3572 |ParentID 1300)
C:UsbFixGo.exe (ID 1248 |ParentID 120)
C:WINDOWSsystem32wscntfy.exe (ID 4064 |ParentID 1168)

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [RTHDCPL] – RTHDCPL.EXE
HKLMSOFTWARE | Run : [Alcmtr] – ALCMTR.EXE
HKLMSOFTWARE | Run : [Six Engine] – “C:Program FilesASUSSix EngineSixEngine.exe” -r
HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
HKUS-1-5-21-1060284298-515967899-839522115-1004SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Éléments infectieux |

################## | Registre |

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
[/attachement]