Répondre à : usb fix 2016-09-08T13:02:24+00:00
kiki
Participant
Nombre d'articles : 11

rapport de recherche sur l’iphone[spoiler:bbxx553l]############################## | UsbFix V 7.129 | [Recherche]

Utilisateur: Famille MOREAU (Administrateur) # FAMILLEMOREAU
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 18:10:21 | 31/07/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: TOSHIBA (SATELLITE L750) (x64-based PC)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz (2399)
RAM -> [Total : 3894 | Free : 2143]
BIOS: InsydeH2O Version 2.30
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16635

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Internet Security [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 297 Go (223 Go libre(s) – 75%) [WINDOWS] # NTFS
D: -> Disque fixe # 298 Go (74 Go libre(s) – 25%) [Data] # NTFS
E: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (540)
C:Windowssystem32wininit.exe (576)
C:Windowssystem32csrss.exe (608)
C:Windowssystem32services.exe (644)
C:Windowssystem32lsass.exe (672)
C:Windowssystem32lsm.exe (680)
C:Windowssystem32svchost.exe (788)
C:Windowssystem32svchost.exe (872)
C:Windowssystem32winlogon.exe (892)
C:WindowsSystem32svchost.exe (1012)
C:WindowsSystem32svchost.exe (292)
C:Windowssystem32svchost.exe (476)
C:Windowssystem32svchost.exe (500)
C:Windowssystem32svchost.exe (1044)
C:Windowssystem32svchost.exe (1164)
C:Windowssystem32svchost.exe (1512)
C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (1752)
C:Windowssystem32svchost.exe (1844)
C:WindowsSysWOW64svchost.exe (1892)
C:WindowsSystem32svchost.exe (1976)
C:WindowsSystem32svchost.exe (1256)
C:Windowssystem32svchost.exe (3528)
C:Windowssystem32svchost.exe (3732)
C:Windowssystem32Dwm.exe (4068)
C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (4848)
C:WindowsSystem32svchost.exe (3224)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (5884)
C:WindowsservicingTrustedInstaller.exe (4236)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (2240)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (2260)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (2456)
C:Windowssystem32SearchIndexer.exe (5256)
C:Program FilesWindows Media Playerwmpnetwk.exe (2720)
C:WindowsSystem32spoolsv.exe (4988)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (4532)
C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (1524)
C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (4480)
C:Windowssystem32svchost.exe (2196)
C:WindowsExplorer.exe (6060)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (2164)
C:Program Files (x86)Mozilla Firefoxplugin-container.exe (5124)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_94.exe (2668)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_94.exe (2180)
C:WindowsSystem32WUDFHost.exe (5916)
C:UsbFixGo.exe (1220)
C:Windowssystem32wbemwmiprvse.exe (928)

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe”
HKLMSOFTWARE | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWARE | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [NPSStartup] –
HKLMSOFTWARE | Run : [Boxore Client] – C:Program Files (x86)BoxoreBoxoreClientboxore.exe
HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe”
HKLMSOFTWAREwow6432Node | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
HKLMSOFTWAREwow6432Node | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [NPSStartup] –
HKLMSOFTWAREwow6432Node | Run : [Boxore Client] – C:Program Files (x86)BoxoreBoxoreClientboxore.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-21-3577049793-2904340903-794327574-1000SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
HKUS-1-5-21-3577049793-2904340903-794327574-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Éléments infectieux |

################## | Registre |

################## | Mountpoints2 |

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:bbxx553l]