Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.127 | [Recherche]
Utilisateur: marinoel (Administrateur) # MANO-TOSH
Mis � jour le 05/06/2013 par El Desaparecido
Lanc� � 22:02:59 | 19/06/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (Satellite P200) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz (1795)
RAM -> [Total : 3070 | Free : 2326]
BIOS: Ver 1.00PARTTBL
BOOT: Fail-safe boot
OS: Microsoft Windows�7 �dition Int�grale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 149 Go (64 Go libre(s) - 43%) [] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\Windows\system32\csrss.exe (380)
C:\Windows\system32\wininit.exe (416)
C:\Windows\system32\csrss.exe (428)
C:\Windows\system32\winlogon.exe (452)
C:\Windows\system32\services.exe (500)
C:\Windows\system32\lsass.exe (508)
C:\Windows\system32\lsm.exe (516)
C:\Windows\system32\svchost.exe (632)
C:\Windows\system32\svchost.exe (704)
C:\Windows\System32\svchost.exe (784)
C:\Windows\system32\svchost.exe (816)
C:\Windows\system32\svchost.exe (884)
C:\Windows\Explorer.EXE (1116)
C:\Windows\system32\ctfmon.exe (1176)
C:\UsbFix\Go.exe (1456)
C:\Windows\system32\wbem\wmiprvse.exe (1508)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [EPSON Stylus DX5000 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S691E.tmp" /EF "HKLM"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\marinoel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-18\SOFTWARE | Run : [Welcome Center] - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{c311c999-e61e-11e0-ba18-001b381b80fc}
Shell\AutoRun\Command = H:\SFR.exe
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.org |
Utilisateur: marinoel (Administrateur) # MANO-TOSH
Mis � jour le 05/06/2013 par El Desaparecido
Lanc� � 22:02:59 | 19/06/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (Satellite P200) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz (1795)
RAM -> [Total : 3070 | Free : 2326]
BIOS: Ver 1.00PARTTBL
BOOT: Fail-safe boot
OS: Microsoft Windows�7 �dition Int�grale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 149 Go (64 Go libre(s) - 43%) [] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\Windows\system32\csrss.exe (380)
C:\Windows\system32\wininit.exe (416)
C:\Windows\system32\csrss.exe (428)
C:\Windows\system32\winlogon.exe (452)
C:\Windows\system32\services.exe (500)
C:\Windows\system32\lsass.exe (508)
C:\Windows\system32\lsm.exe (516)
C:\Windows\system32\svchost.exe (632)
C:\Windows\system32\svchost.exe (704)
C:\Windows\System32\svchost.exe (784)
C:\Windows\system32\svchost.exe (816)
C:\Windows\system32\svchost.exe (884)
C:\Windows\Explorer.EXE (1116)
C:\Windows\system32\ctfmon.exe (1176)
C:\UsbFix\Go.exe (1456)
C:\Windows\system32\wbem\wmiprvse.exe (1508)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [EPSON Stylus DX5000 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S691E.tmp" /EF "HKLM"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\marinoel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-18\SOFTWARE | Run : [Welcome Center] - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{c311c999-e61e-11e0-ba18-001b381b80fc}
Shell\AutoRun\Command = H:\SFR.exe
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.org |