############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: Florian94 (Administrateur) # FLORIAN
Mis à jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à 21:54:48 | 27/11/2013

Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Hewlett-Packard (1900)
CPU: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
RAM -> [Total : 6041 | Free : 3579]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit) 
WB: Windows Internet Explorer : 11.0.9600.16438
WB: Google Chrome : 29.0.1547.66
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 910 Go (838 Go libre(s) - 92%) [] # NTFS
D:\ -> Disque fixe # 20 Go (2 Go libre(s) - 12%) [RECOVERY] # NTFS
E:\ -> Disque amovible # 8 Go (8 Go libre(s) - 100%) [SANS TITRE] # FAT32

################## | Processus Actif |

C:\WINDOWS\system32\wininit.exe (ID: 532 |ParentID: 460)
C:\WINDOWS\system32\lsass.exe (ID: 636 |ParentID: 532)
C:\WINDOWS\system32\svchost.exe (ID: 696 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 740 |ParentID: 628)
C:\WINDOWS\System32\svchost.exe (ID: 864 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 900 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 924 |ParentID: 628)
C:\WINDOWS\System32\svchost.exe (ID: 988 |ParentID: 628)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 384 |ParentID: 628)
C:\WINDOWS\system32\Hpservice.exe (ID: 612 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 856 |ParentID: 628)
C:\Program Files (x86)\WinZipper\winzipersvc.exe (ID: 1104 |ParentID: 628)
C:\ProgramData\eSafe\eGdpSvc.exe (ID: 1312 |ParentID: 628)
C:\WINDOWS\system32\taskeng.exe (ID: 1476 |ParentID: 900)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID: 1856 |ParentID: 1476)
C:\WINDOWS\System32\spoolsv.exe (ID: 2928 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 2956 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 3044 |ParentID: 628)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 3068 |ParentID: 628)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1964 |ParentID: 628)
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (ID: 2728 |ParentID: 628)
C:\WINDOWS\system32\dashost.exe (ID: 2400 |ParentID: 988)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 2132 |ParentID: 628)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 2276 |ParentID: 628)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 2968 |ParentID: 628)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 2488 |ParentID: 628)
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID: 2348 |ParentID: 628)
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe (ID: 2588 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 2848 |ParentID: 628)
C:\Program Files (x86)\Tor\tor.exe (ID: 3076 |ParentID: 628)
C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe (ID: 3200 |ParentID: 628)
C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe (ID: 3268 |ParentID: 628)
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (ID: 3324 |ParentID: 628)
C:\WINDOWS\system32\svchost.exe (ID: 3520 |ParentID: 628)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 3804 |ParentID: 628)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 3940 |ParentID: 696)
C:\WINDOWS\system32\svchost.exe (ID: 3188 |ParentID: 628)
C:\WINDOWS\System32\svchost.exe (ID: 4580 |ParentID: 628)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 5188 |ParentID: 696)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 5260 |ParentID: 628)
C:\WINDOWS\system32\DllHost.exe (ID: 5404 |ParentID: 696)
C:\Program Files\iPod\bin\iPodService.exe (ID: 5592 |ParentID: 628)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 4216 |ParentID: 628)
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID: 4416 |ParentID: 628)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 4568 |ParentID: 628)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2204 |ParentID: 628)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1696 |ParentID: 628)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4848 |ParentID: 628)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3736 |ParentID: 628)
C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (ID: 1460 |ParentID: 628)
C:\WINDOWS\System32\WinLogon.exe (ID: 888 |ParentID: 7620)
C:\WINDOWS\System32\dwm.exe (ID: 7212 |ParentID: 888)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 7456 |ParentID: 1696)
C:\WINDOWS\system32\taskhostex.exe (ID: 7052 |ParentID: 900)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 7764 |ParentID: 900)
C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (ID: 2284 |ParentID: 900)
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (ID: 3456 |ParentID: 900)
C:\WINDOWS\Explorer.EXE (ID: 7032 |ParentID: 1668)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 1752 |ParentID: 7132)
C:\Windows\System32\hkcmd.exe (ID: 7384 |ParentID: 7032)
C:\Windows\System32\igfxpers.exe (ID: 6776 |ParentID: 7032)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 1992 |ParentID: 7032)
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (ID: 3992 |ParentID: 7032)
C:\Users\Florian94\AppData\Roaming\SearchProtect\bin\cltmng.exe (ID: 6016 |ParentID: 7032)
C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe (ID: 968 |ParentID: 7032)
C:\Windows\System32\wscript.exe (ID: 3592 |ParentID: 7032)
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 1492 |ParentID: 7032)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 4112 |ParentID: 7348)
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (ID: 5652 |ParentID: 7032)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 5368 |ParentID: 7348)
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID: 7668 |ParentID: 7348)
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ID: 3740 |ParentID: 900)
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (ID: 7800 |ParentID: 7348)
C:\Program Files (x86)\FrameFox\Extensions\InternetExplorer\framefox.exe (ID: 5208 |ParentID: 7348)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 7872 |ParentID: 7348)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 2696 |ParentID: 7348)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 2336 |ParentID: 2476)
C:\Program Files (x86)\Opera\18.0.1284.49\opera_crashreporter.exe (ID: 4944 |ParentID: 2336)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 6884 |ParentID: 2336)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 3128 |ParentID: 2336)
C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe (ID: 5872 |ParentID: 696)
C:\Windows\System32\RuntimeBroker.exe (ID: 4700 |ParentID: 696)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 7216 |ParentID: 2336)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 7476 |ParentID: 2336)
C:\WINDOWS\system32\taskeng.exe (ID: 3240 |ParentID: 900)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 2540 |ParentID: 2336)
C:\Windows\System32\WUDFHost.exe (ID: 2748 |ParentID: 988)
C:\WINDOWS\explorer.exe (ID: 6072 |ParentID: 696)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 1596 |ParentID: 2336)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 7508 |ParentID: 2336)
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe (ID: 4336 |ParentID: 2336)
C:\WINDOWS\system32\SearchProtocolHost.exe (ID: 3876 |ParentID: 3804)
C:\WINDOWS\system32\SearchFilterHost.exe (ID: 1368 |ParentID: 3804)
C:\UsbFix\Go.exe (ID: 3372 |ParentID: 4880)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [] - 
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_33] - 
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_37] - 
04 - HKLM\SOFTWARE | Run : [FrameFox Extensions] - C:\Program Files (x86)\FrameFox\Extensions\InternetExplorer\framefox.exe
04 - HKLM\SOFTWARE | Run : [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
04 - HKLM\SOFTWARE | Run : [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_49] - 
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [tuto4pc_fr_33] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [tuto4pc_fr_37] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [FrameFox Extensions] - C:\Program Files (x86)\FrameFox\Extensions\InternetExplorer\framefox.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
04 - HKLM\SOFTWARE\wow6432Node | Run : [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [tuto4pc_fr_49] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-21-1625807277-190852866-2472632823-1001\SOFTWARE | Run : [Bubble Dock] - "C:\Users\Florian94\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-1625807277-190852866-2472632823-1001\SOFTWARE | Run : [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
04 - HKU\S-1-5-21-1625807277-190852866-2472632823-1001\SOFTWARE | Run : [SearchProtect] - C:\Users\Florian94\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1625807277-190852866-2472632823-1001\SOFTWARE | Run : [PSwitch] - C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe
04 - HKU\S-1-5-21-1625807277-190852866-2472632823-1001\SOFTWARE | Run : [mmpifmxnth] - wscript.exe //B "C:\Users\Florian94\AppData\Roaming\mmpifmxnth..vbs"

################## | Recherche générique |

Présent! C:\Users\Florian94\AppData\Roaming\mmpifmxnth..vbs
Présent! C:\Users\Florian94\AppData\Roaming\BabMaint.exe
Présent! C:\Users\Florian94\AppData\Roaming\delta-homes.exe
Présent! C:\Users\Florian94\AppData\Roaming\Re.exe
Présent! C:\Users\Florian94\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmpifmxnth..vbs
Présent! E:\mmpifmxnth..vbs
Présent! E:\.lnk
Présent! E:\ULYSSE.lnk
Présent! E:\Œdipe Roi.lnk
Présent! E:\III.lnk
Présent! E:\.Trashes.lnk
Présent! E:\.Spotlight-V100.lnk
Présent! E:\System Volume Information.lnk

################## | Référence de comparaison MD5 |

Md5 : 5240A2F46FBBF5E91440FEFA046B06CB -> C:\Users\Florian94\AppData\Roaming\mmpifmxnth..vbs
Md5 : 5240A2F46FBBF5E91440FEFA046B06CB -> C:\Users\Florian94\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmpifmxnth..vbs
Md5 : 5240A2F46FBBF5E91440FEFA046B06CB -> E:\mmpifmxnth..vbs
Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\Florian94\AppData\Roaming\BabMaint.exe
Md5 : 0B428B42B615A357666D3F5131878D62 -> C:\Users\Florian94\AppData\Roaming\delta-homes.exe
Md5 : D484C89912A30D1D620C48B9ED5345DE -> C:\Users\Florian94\AppData\Roaming\Re.exe
Md5 : 5240A2F46FBBF5E91440FEFA046B06CB -> C:\Users\Florian94\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmpifmxnth..vbs

################## | Comparaison MD5 |

Présent! Md5 : CC1A55091FD96BCB624AD791CD15D179 -> C:\Users\Florian94\AppData\Roaming\BabMaint.exe
Présent! Md5 : 0B428B42B615A357666D3F5131878D62 -> C:\Users\Florian94\AppData\Roaming\delta-homes.exe
Présent! Md5 : 5240A2F46FBBF5E91440FEFA046B06CB -> C:\Users\Florian94\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmpifmxnth..vbs
Présent! Md5 : 5240A2F46FBBF5E91440FEFA046B06CB -> C:\Users\Florian94\AppData\Roaming\mmpifmxnth..vbs
Présent! Md5 : D484C89912A30D1D620C48B9ED5345DE -> C:\Users\Florian94\AppData\Roaming\Re.exe
Présent! Md5 : 5240A2F46FBBF5E91440FEFA046B06CB -> E:\mmpifmxnth..vbs

################## | Registre |

Présent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Présent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Présent! HKU\S-1-5-21-1625807277-190852866-2472632823-1001\Software\Microsoft\Windows\CurrentVersion\Run|mmpifmxnth
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mmpifmxnth

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |