kami
Nombre d'articles : 0

Le rapport 2

Ordinateur 2 : Banquet 2

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: BANQUET2 (Administrateur) # BANQUET2
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 16:03:42 | 26/11/2013

Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: MSI (0A48)
CPU: Intel(R) Pentium(R) 4 CPU 3.40GHz
RAM -> [Total : 895 | Free : 100]
Bios: Phoenix Technologies, LTD
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 11.0.9600.16428

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 74 Go (34 Go libre(s) – 46%) [] # NTFS
D: -> CD-ROM
E: -> CD-ROM

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – « C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe » MSRun
HKLMSOFTWARE | Run : [MSC] – « c:Program FilesMicrosoft Security Clientmsseces.exe » -hide -runkey
HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe »
HKLMSOFTWARE | Run : [PWRISOVM.EXE] – C:Program FilesPowerISOPWRISOVM.EXE
HKLMSOFTWARE | Run : [BCSSync] – « C:Program FilesMicrosoft OfficeOffice14BCSSync.exe » /DelayServices
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1013663335-846473457-1848416765-1000SOFTWARE | Run : [IDMan] – C:Program FilesInternet Download ManagerIDMan.exe /onboot
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 908 |ParentID 640)
Stoppé! C:Windowssystem32Ati2evxx.exe (ID 1044 |ParentID 640)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1576 |ParentID 640)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID 1680 |ParentID 640)
Stoppé! C:Program FilesInternetEverywhereInternetEverywhere_Service.exe (ID 1740 |ParentID 640)
Stoppé! C:Program FilesTeamViewerVersion8TeamViewer_Service.exe (ID 1868 |ParentID 640)
Stoppé! C:Windowssystem32Ati2evxx.exe (ID 2032 |ParentID 1044)
Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID 2220 |ParentID 640)
Stoppé! C:Windowssystem32taskhost.exe (ID 2336 |ParentID 640)
Stoppé! C:Windowssystem32taskeng.exe (ID 2372 |ParentID 1196)
Stoppé! C:Program FilesTeamViewerVersion8TeamViewer.exe (ID 2488 |ParentID 1868)
Stoppé! C:WindowsExplorer.EXE (ID 2548 |ParentID 2512)
Stoppé! C:Program FilesTeamViewerVersion8tv_w32.exe (ID 2656 |ParentID 1868)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID 2824 |ParentID 2548)
Stoppé! C:Program FilesPowerISOPWRISOVM.EXE (ID 2840 |ParentID 2548)
Stoppé! C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2856 |ParentID 2804)
Stoppé! C:Program FilesInternet Download ManagerIDMan.exe (ID 2996 |ParentID 2548)
Stoppé! C:Program FilesInternetEverywhereInternetEverywhere_Launcher.exe (ID 3132 |ParentID 2548)
Stoppé! C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID 3216 |ParentID 2856)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3340 |ParentID 640)
Stoppé! C:Windowssystem32sppsvc.exe (ID 2404 |ParentID 640)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 2696 |ParentID 640)
Stoppé! C:Windowssystem32taskhost.exe (ID 756 |ParentID 640)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID 2980 |ParentID 640)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 2744 |ParentID 3340)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 3336 |ParentID 3340)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 2592 |ParentID 3340)

################## | Éléments infectieux |

Supprimé! C:UsersBANQUET2AppDataLocalTempCPBA.bat
Supprimé! C:UsersBANQUET2Microsoftsys32.bin

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU….ExplorerMountPoints2{2442fb5f-2ae6-11e2-8257-0019db532964}
Supprimé! HKCU….ExplorerMountPoints2{fd9cdfff-cce4-11e2-ad82-0019db532964}

################## | Listing |

[06/11/2012 – 17:20:32 | SHD ] C:$Recycle.Bin
[06/11/2012 – 18:07:02 | D ] C:ATI
[10/06/2009 – 21:42:20 | N | 24] C:autoexec.bat
[10/06/2009 – 21:42:20 | N | 10] C:config.sys
[14/07/2009 – 04:53:55 | SHD ] C:Documents and Settings
[26/11/2013 – 15:59:44 | ASH | 703504384] C:hiberfil.sys
[07/11/2012 – 11:32:15 | RHD ] C:MSOCache
[26/11/2013 – 15:59:44 | ASH | 1073741824] C:pagefile.sys
[14/07/2009 – 02:37:05 | D ] C:PerfLogs
[19/11/2013 – 17:10:04 | D ] C:Program Files
[07/11/2012 – 11:32:44 | HD ] C:ProgramData
[06/11/2012 – 17:20:15 | SHD ] C:Recovery
[25/11/2013 – 16:19:33 | SHD ] C:System Volume Information
[26/11/2013 – 16:08:17 | D ] C:UsbFix
[26/11/2013 – 16:10:47 | A | 5319] C:UsbFix [Clean 1] BANQUET2.txt
[25/11/2013 – 15:53:54 | N | 5762] C:UsbFix [Scan 1] BANQUET2.txt
[13/11/2013 – 09:18:12 | RD ] C:Users
[19/11/2013 – 10:02:21 | D ] C:Windows

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |