- mer. 31 juil. 2013 17:18
#6093
Bonjour,
je viens de passer ma clé usb avec usb fix et j'ai ce rapportQue dois faire?
Merci
je viens de passer ma clé usb avec usb fix et j'ai ce rapport
- Code: Tout sélectionner
############################## | UsbFix V 7.129 | [Recherche]
Utilisateur: Famille MOREAU (Administrateur) # FAMILLEMOREAU
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 17:09:15 | 31/07/2013
Site Web: https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: TOSHIBA (SATELLITE L750) (x64-based PC)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz (2399)
RAM -> [Total : 3894 | Free : 2158]
BIOS: InsydeH2O Version 2.30
BOOT: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16635
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Internet Security [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 297 Go (222 Go libre(s) - 75%) [WINDOWS] # NTFS
D:\ -> Disque fixe # 298 Go (74 Go libre(s) - 25%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (4 Go libre(s) - 59%) [KINGSTON] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (524)
C:\Windows\system32\wininit.exe (596)
C:\Windows\system32\csrss.exe (628)
C:\Windows\system32\services.exe (664)
C:\Windows\system32\lsass.exe (692)
C:\Windows\system32\lsm.exe (700)
C:\Windows\system32\svchost.exe (812)
C:\Windows\system32\svchost.exe (892)
C:\Windows\system32\winlogon.exe (912)
C:\Windows\System32\svchost.exe (1020)
C:\Windows\System32\svchost.exe (396)
C:\Windows\system32\svchost.exe (420)
C:\Windows\system32\svchost.exe (760)
C:\Windows\system32\svchost.exe (1148)
C:\Windows\System32\spoolsv.exe (1460)
C:\Windows\system32\svchost.exe (1488)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1620)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1716)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (1756)
C:\Program Files\Bonjour\mDNSResponder.exe (1788)
C:\Windows\system32\svchost.exe (1824)
C:\Windows\SysWOW64\svchost.exe (1856)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1956)
C:\Windows\System32\svchost.exe (1988)
C:\Windows\System32\svchost.exe (1172)
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1668)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2228)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2260)
C:\Windows\system32\TODDSrv.exe (2432)
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (2468)
C:\Program Files (x86)\Software\Update\1.2.201.0\SoftwareCrashHandler.exe (2596)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2656)
C:\Windows\system32\taskhost.exe (2732)
C:\Windows\system32\Dwm.exe (2824)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2944)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3024)
C:\Windows\Explorer.EXE (3052)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (2764)
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (3636)
C:\Windows\System32\igfxpers.exe (3812)
C:\Windows\System32\igfxtray.exe (3880)
C:\Windows\System32\hkcmd.exe (3888)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (3896)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3904)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (4044)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3284)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (3252)
C:\Windows\System32\svchost.exe (2676)
C:\Windows\system32\svchost.exe (3480)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (1252)
C:\Windows\system32\svchost.exe (3080)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (3328)
C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe (4104)
C:\Windows\system32\SearchIndexer.exe (4156)
C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe (4168)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4628)
C:\Windows\System32\svchost.exe (4904)
C:\Windows\system32\DllHost.exe (1008)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (2324)
C:\Windows\system32\taskeng.exe (1384)
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (1388)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (4852)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (4988)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (5160)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (5196)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (5700)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (5880)
c:\Program Files (x86)\Nero\Update\NASvc.exe (5956)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6112)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (4872)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4580)
C:\Windows\system32\taskhost.exe (3656)
C:\Windows\System32\WUDFHost.exe (5860)
C:\Windows\system32\taskhost.exe (3196)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (5816)
C:\Windows\system32\wbem\wmiprvse.exe (4496)
C:\UsbFix\Go.exe (4588)
C:\Windows\system32\wbem\wmiprvse.exe (788)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
HKLM\SOFTWARE | Run : [TSleepSrv] - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM\SOFTWARE | Run : [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
HKLM\SOFTWARE | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [NPSStartup] -
HKLM\SOFTWARE | Run : [Boxore Client] - C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe
HKLM\SOFTWARE\wow6432Node | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [TSleepSrv] - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM\SOFTWARE\wow6432Node | Run : [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
HKLM\SOFTWARE\wow6432Node | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [NPSStartup] -
HKLM\SOFTWARE\wow6432Node | Run : [Boxore Client] - C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3577049793-2904340903-794327574-1000\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-21-3577049793-2904340903-794327574-1000\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | à‰léments infectieux |
Présent! C:\Users\FAMILL~1\AppData\Local\Temp\Drives.vbs
################## | Registre |
################## | Mountpoints2 |
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.sosvirus.net |
Merci