Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.127 | [Suppression]
Utilisateur: marinoel (Administrateur) # MANO-TOSH
Mis � jour le 05/06/2013 par El Desaparecido
Lanc� � 21:21:50 | 19/06/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (Satellite P200) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz (1801)
RAM -> [Total : 3070 | Free : 1626]
BIOS: Ver 1.00PARTTBL
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Int�grale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 149 Go (63 Go libre(s) - 42%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Disque fixe # 466 Go (97 Go libre(s) - 21%) [MY BOOK] # FAT32
H:\ -> Disque fixe # 466 Go (65 Go libre(s) - 14%) [Skyper MNM] # NTFS
I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 94%) [] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [EPSON Stylus DX5000 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S691E.tmp" /EF "HKLM"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\marinoel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-18\SOFTWARE | Run : [Welcome Center] - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Processus Stopp�s |
Stopp�! C:\Windows\system32\atiesrxx.exe (848)
Stopp�! C:\Windows\system32\atieclxx.exe (1396)
Stopp�! C:\Windows\System32\spoolsv.exe (1504)
Stopp�! C:\Windows\system32\taskeng.exe (1536)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\sched.exe (1544)
Stopp�! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1704)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1744)
Stopp�! C:\Windows\system32\taskhost.exe (1820)
Stopp�! C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (1260)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1828)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2196)
Stopp�! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2388)
Stopp�! C:\Program Files\Synaptics\SynTP\SynToshiba.exe (2436)
Stopp�! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (2504)
Stopp�! C:\Program Files\PowerISO\PWRISOVM.EXE (2560)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (2580)
Stopp�! C:\Program Files\Windows Sidebar\sidebar.exe (2600)
Stopp�! C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (2644)
Stopp�! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe (2652)
Stopp�! C:\Program Files\RocketDock\RocketDock.exe (2660)
Stopp�! C:\Program Files\OpenOffice.org 3\program\soffice.exe (2852)
Stopp�! C:\Program Files\OpenOffice.org 3\program\soffice.bin (2916)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (3204)
Stopp�! C:\Windows\system32\SearchIndexer.exe (3320)
Stopp�! C:\Program Files\Windows Media Player\wmpnetwk.exe (3856)
Stopp�! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3288)
Stopp�! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (1776)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (1124)
Stopp�! C:\Windows\System32\WUDFHost.exe (4660)
################## | �l�ments infectieux |
Supprim�! C:\Users\marinoel\AppData\Roaming\Temp
(!) Fichiers temporaires supprim�s.
################## | Registre |
################## | Mountpoints2 |
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{9dbce664-240d-11e1-936d-001b381b80fc}
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{c311c949-e61e-11e0-ba18-001b77946f21}
################## | Listing |
[06/06/2012 - 19:45:47 | SHD ] C:\$Recycle.Bin
[16/06/2013 - 00:21:48 | N | 1516] C:\AdwCleaner[R12].txt
[19/06/2013 - 02:25:27 | N | 1111] C:\AdwCleaner[R13].txt
[16/06/2013 - 00:22:57 | N | 1485] C:\AdwCleaner[S12].txt
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[22/09/2011 - 13:26:10 | D ] C:\CIEL
[12/06/2013 - 12:04:22 | D ] C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[22/09/2011 - 13:18:41 | D ] C:\Donn�es Ciel
[08/02/2013 - 09:33:47 | D ] C:\found.000
[23/05/2013 - 16:04:38 | D ] C:\found.001
[19/06/2013 - 17:50:09 | ASH | 2414682112] C:\hiberfil.sys
[22/09/2011 - 09:27:36 | D ] C:\Intel
[22/09/2011 - 00:12:15 | N | 0] C:\IO.SYS
[22/09/2011 - 00:12:15 | N | 0] C:\MSDOS.SYS
[22/09/2011 - 00:06:18 | RHD ] C:\MSOCache
[19/06/2013 - 17:50:10 | ASH | 3219578880] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[19/06/2013 - 18:07:01 | N | 512] C:\PhysicalMBR.bin
[11/06/2013 - 22:35:47 | D ] C:\Program Files
[16/06/2013 - 00:22:23 | HD ] C:\ProgramData
[20/11/2012 - 22:56:42 | SHD ] C:\Recovery
[19/06/2013 - 18:08:39 | SHD ] C:\System Volume Information
[23/06/2012 - 20:14:25 | D ] C:\Temp
[19/06/2013 - 21:25:41 | D ] C:\UsbFix
[19/06/2013 - 21:25:59 | A | 6514] C:\UsbFix [Clean 1] MANO-TOSH.txt
[19/06/2013 - 20:52:55 | N | 6516] C:\UsbFix [Scan 1] MANO-TOSH.txt
[21/09/2011 - 23:53:17 | D ] C:\Users
[31/05/2013 - 04:32:16 | D ] C:\Windows
[29/06/2007 - 16:05:30 | N | 424671] F:\UserGuide.pdf
[04/12/2012 - 19:25:36 | N | 528] F:\MediaID.bin
[22/11/2012 - 00:50:30 | D ] F:\MANO-TOSH
[22/11/2012 - 19:39:26 | RASHD ] F:\Autorun.inf
[27/08/2008 - 23:20:48 | D ] F:\sauvegarde Documents
[20/08/2008 - 09:39:14 | SHD ] F:\$RECYCLE.BIN
[29/10/2011 - 18:54:56 | SHD ] H:\$RECYCLE.BIN
[21/11/2012 - 01:16:53 | D ] H:\ca86c5631c3ccfaf70f2b8
[08/12/2012 - 21:31:01 | D ] H:\MANO-NETBOOK
[20/11/2012 - 13:56:22 | N | 528] H:\MediaID.bin
[27/09/2011 - 14:30:58 | SHD ] H:\RECYCLER
[07/02/2013 - 15:43:49 | D ] H:\sauvegarde 07 02 2013
[12/12/2012 - 16:23:06 | SHD ] H:\System Volume Information
[25/11/2012 - 23:11:49 | D ] H:\WindowsImageBackup
[11/06/2008 - 13:58:46 | D ] I:\MISC
[11/06/2008 - 13:58:46 | D ] I:\DCIM
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.org |
Utilisateur: marinoel (Administrateur) # MANO-TOSH
Mis � jour le 05/06/2013 par El Desaparecido
Lanc� � 21:21:50 | 19/06/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: TOSHIBA (Satellite P200) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz (1801)
RAM -> [Total : 3070 | Free : 1626]
BIOS: Ver 1.00PARTTBL
BOOT: Normal boot
OS: Microsoft Windows�7 �dition Int�grale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 149 Go (63 Go libre(s) - 42%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Disque fixe # 466 Go (97 Go libre(s) - 21%) [MY BOOK] # FAT32
H:\ -> Disque fixe # 466 Go (65 Go libre(s) - 14%) [Skyper MNM] # NTFS
I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 94%) [] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [EPSON Stylus DX5000 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S691E.tmp" /EF "HKLM"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\marinoel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1784463209-742869431-939904069-1000\SOFTWARE | Run : [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-18\SOFTWARE | Run : [Welcome Center] - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Processus Stopp�s |
Stopp�! C:\Windows\system32\atiesrxx.exe (848)
Stopp�! C:\Windows\system32\atieclxx.exe (1396)
Stopp�! C:\Windows\System32\spoolsv.exe (1504)
Stopp�! C:\Windows\system32\taskeng.exe (1536)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\sched.exe (1544)
Stopp�! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1704)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1744)
Stopp�! C:\Windows\system32\taskhost.exe (1820)
Stopp�! C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (1260)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1828)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2196)
Stopp�! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2388)
Stopp�! C:\Program Files\Synaptics\SynTP\SynToshiba.exe (2436)
Stopp�! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (2504)
Stopp�! C:\Program Files\PowerISO\PWRISOVM.EXE (2560)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (2580)
Stopp�! C:\Program Files\Windows Sidebar\sidebar.exe (2600)
Stopp�! C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (2644)
Stopp�! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe (2652)
Stopp�! C:\Program Files\RocketDock\RocketDock.exe (2660)
Stopp�! C:\Program Files\OpenOffice.org 3\program\soffice.exe (2852)
Stopp�! C:\Program Files\OpenOffice.org 3\program\soffice.bin (2916)
Stopp�! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (3204)
Stopp�! C:\Windows\system32\SearchIndexer.exe (3320)
Stopp�! C:\Program Files\Windows Media Player\wmpnetwk.exe (3856)
Stopp�! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3288)
Stopp�! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (1776)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (1124)
Stopp�! C:\Windows\System32\WUDFHost.exe (4660)
################## | �l�ments infectieux |
Supprim�! C:\Users\marinoel\AppData\Roaming\Temp
(!) Fichiers temporaires supprim�s.
################## | Registre |
################## | Mountpoints2 |
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{9dbce664-240d-11e1-936d-001b381b80fc}
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{c311c949-e61e-11e0-ba18-001b77946f21}
################## | Listing |
[06/06/2012 - 19:45:47 | SHD ] C:\$Recycle.Bin
[16/06/2013 - 00:21:48 | N | 1516] C:\AdwCleaner[R12].txt
[19/06/2013 - 02:25:27 | N | 1111] C:\AdwCleaner[R13].txt
[16/06/2013 - 00:22:57 | N | 1485] C:\AdwCleaner[S12].txt
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[22/09/2011 - 13:26:10 | D ] C:\CIEL
[12/06/2013 - 12:04:22 | D ] C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[22/09/2011 - 13:18:41 | D ] C:\Donn�es Ciel
[08/02/2013 - 09:33:47 | D ] C:\found.000
[23/05/2013 - 16:04:38 | D ] C:\found.001
[19/06/2013 - 17:50:09 | ASH | 2414682112] C:\hiberfil.sys
[22/09/2011 - 09:27:36 | D ] C:\Intel
[22/09/2011 - 00:12:15 | N | 0] C:\IO.SYS
[22/09/2011 - 00:12:15 | N | 0] C:\MSDOS.SYS
[22/09/2011 - 00:06:18 | RHD ] C:\MSOCache
[19/06/2013 - 17:50:10 | ASH | 3219578880] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[19/06/2013 - 18:07:01 | N | 512] C:\PhysicalMBR.bin
[11/06/2013 - 22:35:47 | D ] C:\Program Files
[16/06/2013 - 00:22:23 | HD ] C:\ProgramData
[20/11/2012 - 22:56:42 | SHD ] C:\Recovery
[19/06/2013 - 18:08:39 | SHD ] C:\System Volume Information
[23/06/2012 - 20:14:25 | D ] C:\Temp
[19/06/2013 - 21:25:41 | D ] C:\UsbFix
[19/06/2013 - 21:25:59 | A | 6514] C:\UsbFix [Clean 1] MANO-TOSH.txt
[19/06/2013 - 20:52:55 | N | 6516] C:\UsbFix [Scan 1] MANO-TOSH.txt
[21/09/2011 - 23:53:17 | D ] C:\Users
[31/05/2013 - 04:32:16 | D ] C:\Windows
[29/06/2007 - 16:05:30 | N | 424671] F:\UserGuide.pdf
[04/12/2012 - 19:25:36 | N | 528] F:\MediaID.bin
[22/11/2012 - 00:50:30 | D ] F:\MANO-TOSH
[22/11/2012 - 19:39:26 | RASHD ] F:\Autorun.inf
[27/08/2008 - 23:20:48 | D ] F:\sauvegarde Documents
[20/08/2008 - 09:39:14 | SHD ] F:\$RECYCLE.BIN
[29/10/2011 - 18:54:56 | SHD ] H:\$RECYCLE.BIN
[21/11/2012 - 01:16:53 | D ] H:\ca86c5631c3ccfaf70f2b8
[08/12/2012 - 21:31:01 | D ] H:\MANO-NETBOOK
[20/11/2012 - 13:56:22 | N | 528] H:\MediaID.bin
[27/09/2011 - 14:30:58 | SHD ] H:\RECYCLER
[07/02/2013 - 15:43:49 | D ] H:\sauvegarde 07 02 2013
[12/12/2012 - 16:23:06 | SHD ] H:\System Volume Information
[25/11/2012 - 23:11:49 | D ] H:\WindowsImageBackup
[11/06/2008 - 13:58:46 | D ] I:\MISC
[11/06/2008 - 13:58:46 | D ] I:\DCIM
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.org |