############################## | UsbFix V 7.168 | [Suppression] Utilisateur: Margot (Administrateur) # MARGOT-VAIO Mis à jour le 28/03/2014 par El Desaparecido - Team SosVirus Lancé à 10:57:59 | 29/03/2014 Site Web : http://www.usbfix.net/ Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/forum-virus-securite.html Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: Sony Corporation (VAIO) CPU: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz RAM -> [Total : 3950 Mo| Free : 2498 Mo] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) WB: Windows Internet Explorer : 9.0.8112.16421 WB: Google Chrome : 23.0.1271.97 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Anti-virus firewall 9.12 [(!) Disabled | Updated] AV: avast! Antivirus [(!) Disabled | (!) Outdated] AS: Anti-virus firewall 9.12 [(!) Disabled | Updated] AS: Windows Defender [Enabled | Updated] AS: avast! Antivirus [(!) Disabled | (!) Outdated] FW: Anti-virus firewall 9.12 [(!) Disabled] FW: Windows FireWall [Enabled] C:\ (%systemdrive%) -> Disque fixe # 287 Go (193 Go libre(s) - 67%) [] # NTFS E:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (ID: 516 |ParentID: 456) C:\Windows\system32\wininit.exe (ID: 584 |ParentID: 456) C:\Windows\system32\csrss.exe (ID: 616 |ParentID: 592) C:\Windows\system32\services.exe (ID: 640 |ParentID: 584) C:\Windows\system32\lsass.exe (ID: 672 |ParentID: 584) C:\Windows\system32\lsm.exe (ID: 680 |ParentID: 584) C:\Windows\system32\winlogon.exe (ID: 696 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 820 |ParentID: 640) C:\Windows\system32\svchost.exe (ID: 912 |ParentID: 640) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (ID: 960 |ParentID: 640) C:\Windows\system32\atiesrxx.exe (ID: 632 |ParentID: 640) C:\Windows\System32\svchost.exe (ID: 512 |ParentID: 640) C:\Windows\System32\svchost.exe (ID: 1040 |ParentID: 640) C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 640) C:\Windows\system32\svchost.exe (ID: 1188 |ParentID: 640) C:\Windows\system32\atieclxx.exe (ID: 1260 |ParentID: 632) C:\Windows\system32\svchost.exe (ID: 1292 |ParentID: 640) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1464 |ParentID: 640) C:\Windows\System32\spoolsv.exe (ID: 1628 |ParentID: 640) C:\Windows\system32\svchost.exe (ID: 1656 |ParentID: 640) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1776 |ParentID: 640) C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1856 |ParentID: 640) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1876 |ParentID: 640) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (ID: 1900 |ParentID: 640) C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe (ID: 1960 |ParentID: 640) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe (ID: 2000 |ParentID: 640) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE (ID: 1804 |ParentID: 2000) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.EXE (ID: 1988 |ParentID: 640) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2220 |ParentID: 640) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.EXE (ID: 2248 |ParentID: 1988) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (ID: 2412 |ParentID: 640) C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (ID: 2484 |ParentID: 640) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ID: 2972 |ParentID: 640) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL64.EXE (ID: 1496 |ParentID: 1988) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (ID: 1424 |ParentID: 640) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (ID: 2680 |ParentID: 640) C:\Windows\SysWOW64\DllHost.exe (ID: 3396 |ParentID: 820) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (ID: 3472 |ParentID: 1424) C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe (ID: 3596 |ParentID: 640) C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe (ID: 3672 |ParentID: 640) C:\Windows\system32\svchost.exe (ID: 3848 |ParentID: 640) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe (ID: 4092 |ParentID: 1804) C:\Windows\system32\Dwm.exe (ID: 4156 |ParentID: 1040) C:\Windows\system32\taskeng.exe (ID: 4300 |ParentID: 1088) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe (ID: 4356 |ParentID: 1804) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID: 4488 |ParentID: 4300) C:\Windows\system32\wbem\wmiprvse.exe (ID: 5052 |ParentID: 820) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 4748 |ParentID: 640) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (ID: 3688 |ParentID: 640) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (ID: 4456 |ParentID: 640) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4524 |ParentID: 640) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (ID: 3892 |ParentID: 640) C:\Windows\System32\svchost.exe (ID: 1160 |ParentID: 640) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2672 |ParentID: 640) C:\Windows\system32\SearchIndexer.exe (ID: 4472 |ParentID: 640) C:\Windows\explorer.exe (ID: 4568 |ParentID: 4796) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 4860 |ParentID: 4568) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (ID: 4548 |ParentID: 4568) C:\Program Files\Sony\VAIO Care\listener.exe (ID: 2900 |ParentID: 4456) C:\Windows\SysWOW64\RunDll32.exe (ID: 4444 |ParentID: 4860) C:\Windows\system32\wuauclt.exe (ID: 1680 |ParentID: 1088) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 5008 |ParentID: 4568) C:\Windows\system32\SearchProtocolHost.exe (ID: 2920 |ParentID: 4472) C:\Windows\system32\DllHost.exe (ID: 2480 |ParentID: 820) C:\Windows\system32\wbem\wmiprvse.exe (ID: 1000 |ParentID: 820) ################## | Recherche générique | (!) Fichiers temporaires supprimés. ################## | Registre | ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] Explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] Explorer.exe F2 - HKLM\..\Winlogon : [Userinit] userinit.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKCU\..\Run : [cacaoweb] "C:\Users\Margot\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer 04 - HKCU\..\Run : [Facebook Update] "C:\Users\Margot\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver 04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Margot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" 04 - HKCU\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background 04 - HKCU\..\Run : [GoogleChromeAutoLaunch_1A16BEAB0BCAA4CEA321A4AA07B7C651] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window 04 - HKCU\..\Run : [OrangeInside] C:\Users\Margot\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 04 - HKCU\..\Run : [Bubble Dock] "C:\Users\Margot\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup 04 - HKCU\..\Run : [Spotify] "C:\Users\Margot\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart 04 - HKCU\..\Run : [MailNotifier] C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe 04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 04 - HKLM\..\Run : [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" 04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 04 - HKLM\..\Run : [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [F-Secure Manager] "C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash 04 - HKLM\..\Run : [F-Secure TNB] "C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW 04 - HKLM\..\Run : [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" 04 - HKLM\..\Run : [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe 04 - HKLM\..\Run : [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe 04 - HKLM\..\Run : [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe 04 - HKLM\..\Run : [Boxore Client] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe 04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui 04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s 04 - [x64] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 04 - [x64] HKLM\..\Run : [Apoint] %ProgramFiles%\Apoint\Apoint.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [cacaoweb] "C:\Users\Margot\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Facebook Update] "C:\Users\Margot\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Spotify Web Helper] "C:\Users\Margot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [GoogleChromeAutoLaunch_1A16BEAB0BCAA4CEA321A4AA07B7C651] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [OrangeInside] C:\Users\Margot\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Bubble Dock] "C:\Users\Margot\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [Spotify] "C:\Users\Margot\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart 04 - HKU\S-1-5-21-3141763043-3064299496-3374427723-1000\..\Run : [MailNotifier] C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ################## | Listing | [01/06/2011 - 13:22:15 | SHD] - C:\$Recycle.Bin [02/06/2011 - 17:30:36 | D] - C:\7fd52379b02a8a885910323ac2889a9e [01/09/2010 - 03:26:26 | D] - C:\Documentation [14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings [11/01/2013 - 15:20:26 | D] - C:\found.000 [29/03/2014 - 10:34:02 | ASH | 3033680 Ko] - C:\hiberfil.sys [12/07/2010 - 21:49:45 | D] - C:\Intel [01/09/2010 - 03:38:47 | N | 314 Ko] - C:\lv.log [01/12/2006 - 22:37:14 | N | 884 Ko | 800B746FDC4D80469AFC7E5E9B510C9C] - C:\msdia80.dll [01/10/2013 - 20:03:47 | D] - C:\net-snmp-compil-win [29/03/2014 - 10:34:03 | ASH | 4044908 Ko] - C:\pagefile.sys [14/07/2009 - 04:20:08 | D] - C:\PerfLogs [28/03/2014 - 15:04:36 | D] - C:\Program Files [23/10/2013 - 13:38:05 | D] - C:\Program Files (x86) [28/03/2014 - 15:03:25 | HD] - C:\ProgramData [01/09/2010 - 03:21:44 | N | 3 Ko] - C:\RHDSetup.log [01/09/2010 - 03:38:41 | D] - C:\SPLASH.000 [01/09/2010 - 03:38:41 | N | 0 Ko] - C:\splash.idx [01/09/2010 - 03:38:29 | D] - C:\SPLASH.SYS [28/03/2014 - 15:04:39 | SHD] - C:\System Volume Information [01/09/2010 - 03:43:29 | D] - C:\Temp [29/03/2014 - 10:55:41 | D] - C:\UsbFix [29/03/2014 - 10:42:17 | N | 15 Ko | E03185B85A1740C5AAD9A3253F76A716] - C:\UsbFix [Clean 2] MARGOT-VAIO.txt [29/03/2014 - 10:58:42 | A | 12 Ko | 7290C929994EE35D9ED04DFC8AD8EAB4] - C:\UsbFix [Clean 4] MARGOT-VAIO.txt [29/03/2014 - 10:29:49 | N | 15 Ko | 5B1C1D950089A48DF685A7495D030509] - C:\UsbFix [Scan 1] MARGOT-VAIO.txt [29/03/2014 - 10:56:26 | N | 11 Ko | F73E82456D8B4B126B417FB37F875A5A] - C:\UsbFix [Scan 2] MARGOT-VAIO.txt [21/01/2013 - 20:54:47 | N | 0 Ko] - C:\user.js [23/08/2013 - 13:35:07 | D] - C:\Users [01/09/2010 - 03:44:57 | D] - C:\VAIO Sample Contents [22/06/2010 - 23:14:20 | N | 4 Ko] - C:\version [28/03/2014 - 15:05:27 | D] - C:\Windows [01/09/2010 - 03:26:30 | D] - C:\_FS_SWRINFO ################## | Vaccin | ################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |