cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.130 | [Research]

User: Administrateur (Administrator) # BE15B
Updated 20/08/2013 by El Desaparecido
Started at 14:42:40 | 24/04/2014

Website: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net

PC: System manufacturer (System Product Name) (x64-based PC)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
RAM -> [Total : 4095 | Free : 2891]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft(R) Windows(R) XP Professionnel Edition x64 (5.2.3790 64-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.3790.1830

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 233 Gb (49 Mb free - 21%) [] # NTFS
D:\ -> Removable drive # 2 Gb (1 Mb free - 55%) [KINGSTON] # FAT32
E:\ -> Removable drive # 7 Gb (3 Mb free - 41%) [] # FAT32

################## | Active Processes |

C:\WINDOWS\system32\winlogon.exe (360)
C:\WINDOWS\system32\services.exe (408)
C:\WINDOWS\system32\lsass.exe (420)
C:\WINDOWS\system32\svchost.exe (648)
C:\WINDOWS\System32\svchost.exe (752)
C:\WINDOWS\System32\svchost.exe (1224)
C:\WINDOWS\explorer.exe (2736)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (3688)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (2812)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (1524)
C:\UsbFix\Go.exe (1700)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-19\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe

################## | Files # Infected Folders |

Found ! E:\snkb0pt
Found ! X:\autorun.inf
Found ! X:\snkb0pt\desktop.ini
Found ! X:\snkb0pt\snkb0pt.exe
Found ! X:\snkb0pt
Found ! Y:\autorun.inf
Found ! Y:\snkb0pt\desktop.ini
Found ! Y:\snkb0pt\snkb0pt.exe
Found ! Y:\snkb0pt
Found ! Z:\autorun.inf
Found ! Z:\snkb0pt\desktop.ini
Found ! Z:\snkb0pt\snkb0pt.exe
Found ! Z:\snkb0pt

################## | Registry |


################## | Mountpoints2 |



################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité