Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.150 | [Recherche]
Utilisateur: user (Administrateur) # USER-PC
Mis � jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 14:34:28 | 10/11/2013
Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Micro-Star International Co., Ltd. (MS-1755)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
RAM -> [Total : 3993 | Free : 2183]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 30.0.1599.101
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 932 Go (874 Go libre(s) - 94%) [] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 508)
C:\Windows\system32\wininit.exe (ID: 668 |ParentID: 508)
C:\Windows\system32\csrss.exe (ID: 676 |ParentID: 660)
C:\Windows\system32\winlogon.exe (ID: 724 |ParentID: 660)
C:\Windows\system32\services.exe (ID: 772 |ParentID: 668)
C:\Windows\system32\lsass.exe (ID: 780 |ParentID: 668)
C:\Windows\system32\lsm.exe (ID: 792 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 896 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 980 |ParentID: 772)
C:\Windows\System32\svchost.exe (ID: 584 |ParentID: 772)
C:\Windows\System32\svchost.exe (ID: 616 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 760 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 420 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1128 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1260 |ParentID: 772)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1372 |ParentID: 772)
C:\Windows\system32\Dwm.exe (ID: 1572 |ParentID: 616)
C:\Windows\Explorer.EXE (ID: 1604 |ParentID: 1564)
C:\Windows\System32\spoolsv.exe (ID: 1668 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1712 |ParentID: 772)
C:\Windows\system32\taskhost.exe (ID: 1740 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1928 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 2084 |ParentID: 772)
C:\Windows\System32\rundll32.exe (ID: 2236 |ParentID: 896)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2384 |ParentID: 1604)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 2396 |ParentID: 1604)
C:\Windows\System32\wscript.exe (ID: 2440 |ParentID: 1604)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 2680 |ParentID: 2468)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 2820 |ParentID: 2468)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 2876 |ParentID: 2468)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 3028 |ParentID: 2396)
C:\Windows\system32\SearchIndexer.exe (ID: 2124 |ParentID: 772)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2416 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 2860 |ParentID: 772)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3700 |ParentID: 896)
C:\Windows\system32\svchost.exe (ID: 2028 |ParentID: 772)
C:\Windows\System32\svchost.exe (ID: 3524 |ParentID: 772)
C:\Windows\system32\wuauclt.exe (ID: 3516 |ParentID: 420)
C:\Windows\system32\svchost.exe (ID: 3840 |ParentID: 772)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 4796 |ParentID: 772)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5096 |ParentID: 1604)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4168 |ParentID: 5096)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3312 |ParentID: 5096)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4676 |ParentID: 5096)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4064 |ParentID: 5096)
C:\UsbFix\Go.exe (ID: 5580 |ParentID: 5192)
C:\Windows\system32\DllHost.exe (ID: 4852 |ParentID: 896)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [EPSON Stylus DX4000 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_S756D.tmp" /EF "HKCU"
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [EPSON Stylus DX4000 Series (Copie 1)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SFC86.tmp" /EF "HKCU"
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [DataMgr] - "C:\Users\user\AppData\Roaming\DataMgr\DataMgr.exe"
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche g�n�rique |
Pr�sent! C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Pr�sent! C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
################## | R�f�rence de comparaison MD5 |
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
################## | Comparaison MD5 |
Pr�sent! Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Pr�sent! Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
################## | Registre |
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Pr�sent! HKU\S-1-5-21-706841262-3010205296-179775926-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: user (Administrateur) # USER-PC
Mis � jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 14:34:28 | 10/11/2013
Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Micro-Star International Co., Ltd. (MS-1755)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
RAM -> [Total : 3993 | Free : 2183]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16686
WB: Google Chrome : 30.0.1599.101
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 932 Go (874 Go libre(s) - 94%) [] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 508)
C:\Windows\system32\wininit.exe (ID: 668 |ParentID: 508)
C:\Windows\system32\csrss.exe (ID: 676 |ParentID: 660)
C:\Windows\system32\winlogon.exe (ID: 724 |ParentID: 660)
C:\Windows\system32\services.exe (ID: 772 |ParentID: 668)
C:\Windows\system32\lsass.exe (ID: 780 |ParentID: 668)
C:\Windows\system32\lsm.exe (ID: 792 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 896 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 980 |ParentID: 772)
C:\Windows\System32\svchost.exe (ID: 584 |ParentID: 772)
C:\Windows\System32\svchost.exe (ID: 616 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 760 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 420 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1128 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1260 |ParentID: 772)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1372 |ParentID: 772)
C:\Windows\system32\Dwm.exe (ID: 1572 |ParentID: 616)
C:\Windows\Explorer.EXE (ID: 1604 |ParentID: 1564)
C:\Windows\System32\spoolsv.exe (ID: 1668 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1712 |ParentID: 772)
C:\Windows\system32\taskhost.exe (ID: 1740 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 1928 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 2084 |ParentID: 772)
C:\Windows\System32\rundll32.exe (ID: 2236 |ParentID: 896)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2384 |ParentID: 1604)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 2396 |ParentID: 1604)
C:\Windows\System32\wscript.exe (ID: 2440 |ParentID: 1604)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 2680 |ParentID: 2468)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 2820 |ParentID: 2468)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 2876 |ParentID: 2468)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 3028 |ParentID: 2396)
C:\Windows\system32\SearchIndexer.exe (ID: 2124 |ParentID: 772)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2416 |ParentID: 772)
C:\Windows\system32\svchost.exe (ID: 2860 |ParentID: 772)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3700 |ParentID: 896)
C:\Windows\system32\svchost.exe (ID: 2028 |ParentID: 772)
C:\Windows\System32\svchost.exe (ID: 3524 |ParentID: 772)
C:\Windows\system32\wuauclt.exe (ID: 3516 |ParentID: 420)
C:\Windows\system32\svchost.exe (ID: 3840 |ParentID: 772)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 4796 |ParentID: 772)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5096 |ParentID: 1604)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4168 |ParentID: 5096)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3312 |ParentID: 5096)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4676 |ParentID: 5096)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4064 |ParentID: 5096)
C:\UsbFix\Go.exe (ID: 5580 |ParentID: 5192)
C:\Windows\system32\DllHost.exe (ID: 4852 |ParentID: 896)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [EPSON Stylus DX4000 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_S756D.tmp" /EF "HKCU"
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [EPSON Stylus DX4000 Series (Copie 1)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SFC86.tmp" /EF "HKCU"
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [DataMgr] - "C:\Users\user\AppData\Roaming\DataMgr\DataMgr.exe"
04 - HKU\S-1-5-21-706841262-3010205296-179775926-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche g�n�rique |
Pr�sent! C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Pr�sent! C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
################## | R�f�rence de comparaison MD5 |
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
################## | Comparaison MD5 |
Pr�sent! Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Pr�sent! Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
################## | Registre |
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Pr�sent! HKU\S-1-5-21-706841262-3010205296-179775926-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |