cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.168 | [Suppression]

Utilisateur: Margot (Administrateur) # MARGOT-VAIO
Mis � jour le 28/03/2014 par El Desaparecido - Team SosVirus
Lanc� � 10:57:59 | 29/03/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Sony Corporation (VAIO)
CPU: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
RAM -> [Total : 3950 Mo| Free : 2498 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7600 64-Bit)
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 23.0.1271.97

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Anti-virus firewall 9.12 [(!) Disabled | Updated]
AV: avast! Antivirus [(!) Disabled | (!) Outdated]
AS: Anti-virus firewall 9.12 [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | (!) Outdated]
FW: Anti-virus firewall 9.12 [(!) Disabled]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 287 Go (193 Go libre(s) - 67%) [] # NTFS
E:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 516 |ParentID: 456)
C:\Windows\system32\wininit.exe (ID: 584 |ParentID: 456)
C:\Windows\system32\csrss.exe (ID: 616 |ParentID: 592)
C:\Windows\system32\services.exe (ID: 640 |ParentID: 584)
C:\Windows\system32\lsass.exe (ID: 672 |ParentID: 584)
C:\Windows\system32\lsm.exe (ID: 680 |ParentID: 584)
C:\Windows\system32\winlogon.exe (ID: 696 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 820 |ParentID: 640)
C:\Windows\system32\svchost.exe (ID: 912 |ParentID: 640)
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (ID: 960 |ParentID: 640)
C:\Windows\system32\atiesrxx.exe (ID: 632 |ParentID: 640)
C:\Windows\System32\svchost.exe (ID: 512 |ParentID: 640)
C:\Windows\System32\svchost.exe (ID: 1040 |ParentID: 640)
C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 640)
C:\Windows\system32\svchost.exe (ID: 1188 |ParentID: 640)
C:\Windows\system32\atieclxx.exe (ID: 1260 |ParentID: 632)
C:\Windows\system32\svchost.exe (ID: 1292 |ParentID: 640)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1464 |ParentID: 640)
C:\Windows\System32\spoolsv.exe (ID: 1628 |ParentID: 640)
C:\Windows\system32\svchost.exe (ID: 1656 |ParentID: 640)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1776 |ParentID: 640)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1856 |ParentID: 640)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1876 |ParentID: 640)
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (ID: 1900 |ParentID: 640)
C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe (ID: 1960 |ParentID: 640)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe (ID: 2000 |ParentID: 640)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE (ID: 1804 |ParentID: 2000)
C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.EXE (ID: 1988 |ParentID: 640)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2220 |ParentID: 640)
C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.EXE (ID: 2248 |ParentID: 1988)
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (ID: 2412 |ParentID: 640)
C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (ID: 2484 |ParentID: 640)
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ID: 2972 |ParentID: 640)
C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL64.EXE (ID: 1496 |ParentID: 1988)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (ID: 1424 |ParentID: 640)
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (ID: 2680 |ParentID: 640)
C:\Windows\SysWOW64\DllHost.exe (ID: 3396 |ParentID: 820)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (ID: 3472 |ParentID: 1424)
C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe (ID: 3596 |ParentID: 640)
C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe (ID: 3672 |ParentID: 640)
C:\Windows\system32\svchost.exe (ID: 3848 |ParentID: 640)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe (ID: 4092 |ParentID: 1804)
C:\Windows\system32\Dwm.exe (ID: 4156 |ParentID: 1040)
C:\Windows\system32\taskeng.exe (ID: 4300 |ParentID: 1088)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe (ID: 4356 |ParentID: 1804)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID: 4488 |ParentID: 4300)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5052 |ParentID: 820)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 4748 |ParentID: 640)
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (ID: 3688 |ParentID: 640)
C:\Program Files\Sony\VAIO Care\VCPerfService.exe (ID: 4456 |ParentID: 640)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4524 |ParentID: 640)
C:\Program Files\Sony\VAIO Power Management\SPMService.exe (ID: 3892 |ParentID: 640)
C:\Windows\System32\svchost.exe (ID: 1160 |ParentID: 640)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2672 |ParentID: 640)
C:\Windows\system32\SearchIndexer.exe (ID: 4472 |ParentID: 640)
C:\Windows\explorer.exe (ID: 4568 |ParentID: 4796)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 4860 |ParentID: 4568)
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (ID: 4548 |ParentID: 4568)
C:\Program Files\Sony\VAIO Care\listener.exe (ID: 2900 |ParentID: 4456)
C:\Windows\SysWOW64\RunDll32.exe (ID: 4444 |ParentID: 4860)
C:\Windows\system32\wuauclt.exe (ID: 1680 |ParentID: 1088)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 5008 |ParentID: 4568)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2920 |ParentID: 4472)
C:\Windows\system32\DllHost.exe (ID: 2480 |ParentID: 820)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1000 |ParentID: 820)

################## | Recherche g�n�rique |


(!) Fichiers temporaires supprim�s.

################## | Registre |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [cacaoweb] "C:\Users\Margot\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKCU\..\Run : [Facebook Update] "C:\Users\Margot\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Margot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_1A16BEAB0BCAA4CEA321A4AA07B7C651] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKCU\..\Run : [OrangeInside] C:\Users\Margot\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
04 - HKCU\..\Run : [Bubble Dock] "C:\Users\Margot\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKCU\..\Run : [Spotify] "C:\Users\Margot\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKCU\..\Run : [MailNotifier] C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\..\Run : [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [F-Secure Manager] "C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash
04 - HKLM\..\Run : [F-Secure TNB] "C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
04 - HKLM\..\Run : [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
04 - HKLM\..\Run : [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
04 - HKLM\..\Run : [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
04 - HKLM\..\Run : [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
04 - HKLM\..\Run : [Boxore Client] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
04 - [x64] HKLM\..\Run : [Apoint] %ProgramFiles%\Apoint\Apoint.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [cacaoweb] "C:\Users\Margot\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Facebook Update] "C:\Users\Margot\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Spotify Web Helper] "C:\Users\Margot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [GoogleChromeAutoLaunch_1A16BEAB0BCAA4CEA321A4AA07B7C651] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [OrangeInside] C:\Users\Margot\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Bubble Dock] "C:\Users\Margot\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Spotify] "C:\Users\Margot\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [MailNotifier] C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Listing |

[01/06/2011 - 13:22:15 | SHD] - C:\$Recycle.Bin
[02/06/2011 - 17:30:36 | D] - C:\7fd52379b02a8a885910323ac2889a9e
[01/09/2010 - 03:26:26 | D] - C:\Documentation
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[11/01/2013 - 15:20:26 | D] - C:\found.000
[29/03/2014 - 10:34:02 | ASH | 3033680 Ko] - C:\hiberfil.sys
[12/07/2010 - 21:49:45 | D] - C:\Intel
[01/09/2010 - 03:38:47 | N | 314 Ko] - C:\lv.log
[01/12/2006 - 22:37:14 | N | 884 Ko | 800B746FDC4D80469AFC7E5E9B510C9C] - C:\msdia80.dll
[01/10/2013 - 20:03:47 | D] - C:\net-snmp-compil-win
[29/03/2014 - 10:34:03 | ASH | 4044908 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[28/03/2014 - 15:04:36 | D] - C:\Program Files
[23/10/2013 - 13:38:05 | D] - C:\Program Files (x86)
[28/03/2014 - 15:03:25 | HD] - C:\ProgramData
[01/09/2010 - 03:21:44 | N | 3 Ko] - C:\RHDSetup.log
[01/09/2010 - 03:38:41 | D] - C:\SPLASH.000
[01/09/2010 - 03:38:41 | N | 0 Ko] - C:\splash.idx
[01/09/2010 - 03:38:29 | D] - C:\SPLASH.SYS
[28/03/2014 - 15:04:39 | SHD] - C:\System Volume Information
[01/09/2010 - 03:43:29 | D] - C:\Temp
[29/03/2014 - 10:55:41 | D] - C:\UsbFix
[29/03/2014 - 10:42:17 | N | 15 Ko | E03185B85A1740C5AAD9A3253F76A716] - C:\UsbFix [Clean 2] MARGOT-VAIO.txt
[29/03/2014 - 10:58:42 | A | 12 Ko | 7290C929994EE35D9ED04DFC8AD8EAB4] - C:\UsbFix [Clean 4] MARGOT-VAIO.txt
[29/03/2014 - 10:29:49 | N | 15 Ko | 5B1C1D950089A48DF685A7495D030509] - C:\UsbFix [Scan 1] MARGOT-VAIO.txt
[29/03/2014 - 10:56:26 | N | 11 Ko | F73E82456D8B4B126B417FB37F875A5A] - C:\UsbFix [Scan 2] MARGOT-VAIO.txt
[21/01/2013 - 20:54:47 | N | 0 Ko] - C:\user.js
[23/08/2013 - 13:35:07 | D] - C:\Users
[01/09/2010 - 03:44:57 | D] - C:\VAIO Sample Contents
[22/06/2010 - 23:14:20 | N | 4 Ko] - C:\version
[28/03/2014 - 15:05:27 | D] - C:\Windows
[01/09/2010 - 03:26:30 | D] - C:\_FS_SWRINFO

################## | Vaccin |


################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité