############################## | UsbFix V 7.127 | [Recherche] Utilisateur: marinoel (Administrateur) # MANO-TOSH Mis à jour le 05/06/2013 par El Desaparecido Lancé à 20:49:20 | 19/06/2013 Site Web: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: TOSHIBA (Satellite P200) (X86-based PC) CPU: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz (1801) RAM -> [Total : 3070 | Free : 1685] BIOS: Ver 1.00PARTTBL BOOT: Normal boot OS: Microsoft Windows 7 Édition Intégrale (6.1.7600 32-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Avira Desktop [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 149 Go (63 Go libre(s) - 42%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Disque fixe # 466 Go (97 Go libre(s) - 21%) [MY BOOK] # FAT32 H:\ -> Disque fixe # 466 Go (65 Go libre(s) - 14%) [Skyper MNM] # NTFS I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 94%) [] # FAT32 ################## | Processus Actif | C:\Windows\system32\csrss.exe (444) C:\Windows\system32\wininit.exe (520) C:\Windows\system32\csrss.exe (528) C:\Windows\system32\services.exe (568) C:\Windows\system32\lsass.exe (580) C:\Windows\system32\lsm.exe (588) C:\Windows\system32\svchost.exe (704) C:\Windows\system32\svchost.exe (792) C:\Windows\system32\atiesrxx.exe (848) C:\Windows\system32\winlogon.exe (884) C:\Windows\System32\svchost.exe (956) C:\Windows\System32\svchost.exe (988) C:\Windows\system32\svchost.exe (1036) C:\Windows\system32\svchost.exe (1176) C:\Windows\system32\svchost.exe (1276) C:\Windows\system32\atieclxx.exe (1396) C:\Windows\System32\spoolsv.exe (1504) C:\Windows\system32\taskeng.exe (1536) C:\Program Files\Avira\AntiVir Desktop\sched.exe (1544) C:\Windows\system32\svchost.exe (1588) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1704) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1744) C:\Windows\system32\taskhost.exe (1820) C:\Windows\system32\Dwm.exe (1936) C:\Windows\Explorer.EXE (1980) C:\Windows\system32\svchost.exe (652) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (1260) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1828) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2196) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2388) C:\Program Files\Synaptics\SynTP\SynToshiba.exe (2436) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (2504) C:\Program Files\PowerISO\PWRISOVM.EXE (2560) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (2580) C:\Program Files\Windows Sidebar\sidebar.exe (2600) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (2644) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe (2652) C:\Program Files\RocketDock\RocketDock.exe (2660) C:\Program Files\OpenOffice.org 3\program\soffice.exe (2852) C:\Program Files\OpenOffice.org 3\program\soffice.bin (2916) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (3204) C:\Windows\system32\SearchIndexer.exe (3320) C:\Windows\system32\svchost.exe (3496) C:\Windows\system32\svchost.exe (3544) C:\Program Files\Windows Media Player\wmpnetwk.exe (3856) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3288) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (1776) C:\Windows\system32\svchost.exe (3056) C:\Users\marinoel\Desktop\OTL.exe (2308) C:\Program Files\Google\Chrome\Application\chrome.exe (1124) C:\Program Files\Google\Chrome\Application\chrome.exe (3824) C:\Program Files\Google\Chrome\Application\chrome.exe (2620) C:\Program Files\Google\Chrome\Application\chrome.exe (1764) C:\Windows\System32\WUDFHost.exe (4660) C:\Windows\system32\wbem\wmiprvse.exe (5112) C:\UsbFix\Go.exe (5388) C:\Windows\system32\wbem\wmiprvse.exe (5460) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [EPSON Stylus DX5000 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S691E.tmp" /EF "HKLM" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\marinoel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-18\SOFTWARE | Run : [Welcome Center] - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Éléments infectieux | Présent! C:\Users\marinoel\AppData\Roaming\Temp ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{9dbce664-240d-11e1-936d-001b381b80fc} Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.lesantitnf.fr ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ HKCU\.\.\.\.\Explorer\MountPoints2\{c311c949-e61e-11e0-ba18-001b77946f21} Shell\AutoRun\Command = F:\SFR.exe HKCU\.\.\.\.\Explorer\MountPoints2\{c311c999-e61e-11e0-ba18-001b381b80fc} Shell\AutoRun\Command = H:\SFR.exe ################## | Vaccin | F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.org |