usbfix_report.txt

Document joint : DBbu0wZRI5p_usbfix_report.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.162 | [Recherche]

Utilisateur: Rudy-ds (Administrateur) # ANTIKNOTE
Mis � jour le 27/01/2014 par El Desaparecido - Team SosVirus
Lanc� � 20:18:55 | 01/02/2014

Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (K52JT)
CPU: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
RAM -> [Total : 4021 Mo| Free : 2056 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.7601.17514
WB: Mozilla Firefox : 26.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001

C:\ (%systemdrive%) -> Disque fixe # 182 Go (120 Go libre(s) - 66%) [OS] # NTFS
D:\ -> Disque fixe # 495 Go (344 Go libre(s) - 69%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (1 Mo libre(s) - 0%) [RUDY DS] # FAT
H:\ -> Disque amovible # 2 Go (2 Go libre(s) - 96%) [CLEF RDS] # FAT

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 484 |ParentID: 472)
C:\Windows\system32\wininit.exe (ID: 536 |ParentID: 472)
C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 544)
C:\Windows\system32\services.exe (ID: 592 |ParentID: 536)
C:\Windows\system32\lsass.exe (ID: 620 |ParentID: 536)
C:\Windows\system32\lsm.exe (ID: 628 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 728 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 816 |ParentID: 592)
C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 592)
C:\Windows\system32\winlogon.exe (ID: 920 |ParentID: 544)
C:\Windows\System32\svchost.exe (ID: 964 |ParentID: 592)
C:\Windows\System32\svchost.exe (ID: 1008 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 160 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1044 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1116 |ParentID: 592)
C:\Windows\system32\atieclxx.exe (ID: 1272 |ParentID: 880)
C:\Windows\system32\FBAgent.exe (ID: 1300 |ParentID: 592)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1392 |ParentID: 592)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1488 |ParentID: 592)
C:\Windows\System32\spoolsv.exe (ID: 1572 |ParentID: 592)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1624 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1708 |ParentID: 592)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1816 |ParentID: 592)
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (ID: 1876 |ParentID: 592)
C:\Windows\SysWOW64\svchost.exe (ID: 2036 |ParentID: 592)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1100 |ParentID: 592)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 1772 |ParentID: 592)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 1244 |ParentID: 592)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2072 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 2156 |ParentID: 592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2224 |ParentID: 592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2364 |ParentID: 2224)
C:\Windows\system32\taskhost.exe (ID: 2844 |ParentID: 592)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 2880 |ParentID: 1244)
C:\Windows\system32\Dwm.exe (ID: 2988 |ParentID: 1008)
C:\Windows\Explorer.EXE (ID: 3012 |ParentID: 2964)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 2244 |ParentID: 1392)
C:\Windows\AsScrPro.exe (ID: 2604 |ParentID: 1300)
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (ID: 1544 |ParentID: 3012)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 2952 |ParentID: 3012)
C:\Program Files\Microsoft IntelliPoint\ipoint.exe (ID: 3004 |ParentID: 3012)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2716 |ParentID: 728)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 2924 |ParentID: 1300)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID: 3108 |ParentID: 2244)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID: 3132 |ParentID: 2244)
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (ID: 3148 |ParentID: 3012)
C:\Windows\System32\wscript.exe (ID: 3172 |ParentID: 3012)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (ID: 3244 |ParentID: 3012)
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (ID: 3268 |ParentID: 3004)
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ID: 3308 |ParentID: 3180)
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (ID: 3344 |ParentID: 3012)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID: 3360 |ParentID: 3180)
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (ID: 3368 |ParentID: 3012)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID: 3376 |ParentID: 3180)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 3388 |ParentID: 3180)
C:\Windows\system32\taskeng.exe (ID: 3420 |ParentID: 160)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 3432 |ParentID: 3180)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 3440 |ParentID: 3180)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3456 |ParentID: 3180)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 3544 |ParentID: 3352)
C:\Windows\system32\taskeng.exe (ID: 3588 |ParentID: 160)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID: 3636 |ParentID: 3588)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 3648 |ParentID: 3588)
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 3820 |ParentID: 3588)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 3856 |ParentID: 3420)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 4064 |ParentID: 728)
C:\Program Files\P4G\BatteryLife.exe (ID: 4072 |ParentID: 3588)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 480 |ParentID: 728)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 2404 |ParentID: 3544)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 4364 |ParentID: 1816)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID: 4908 |ParentID: 592)
C:\Windows\system32\SearchIndexer.exe (ID: 4952 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 5020 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 4176 |ParentID: 592)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 2100 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 4892 |ParentID: 592)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 5276 |ParentID: 3244)
C:\Windows\System32\svchost.exe (ID: 5520 |ParentID: 592)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (ID: 5664 |ParentID: 728)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 5672 |ParentID: 2952)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (ID: 5712 |ParentID: 728)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5808 |ParentID: 592)
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ID: 3260 |ParentID: 3588)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 5852 |ParentID: 592)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4304 |ParentID: 592)
C:\Program Files (x86)\Windows Media Player\wmplayer.exe (ID: 5740 |ParentID: 728)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 9344 |ParentID: 3012)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 8612 |ParentID: 9344)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (ID: 9120 |ParentID: 8612)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (ID: 8828 |ParentID: 9120)
C:\Windows\System32\WUDFHost.exe (ID: 7276 |ParentID: 1008)
C:\Users\Rudy-ds\Downloads\RogueKiller.exe (ID: 1224 |ParentID: 9344)
C:\Windows\system32\SearchProtocolHost.exe (ID: 9772 |ParentID: 4952)
C:\Windows\system32\SearchFilterHost.exe (ID: 9232 |ParentID: 4952)

################## | Regedit Run |

04 - HKCU\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKCU\..\Run : [flashmemory] wscript.exe //B "C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe"
04 - HKLM\..\Run : [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
04 - HKLM\..\Run : [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\..\Run : [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\..\Run : [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\..\Run : [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\..\Run : [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
04 - HKLM64\..\Run : [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
04 - HKLM64\..\Run : [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [Setwallpaper] c:\programdata\SetWallpaper.cmd
04 - HKLM64\..\Run : [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-465012693-2708230279-1097855847-1000\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKU\S-1-5-21-465012693-2708230279-1097855847-1000\..\Run : [flashmemory] wscript.exe //B "C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche g�n�rique |

Pr�sent! C:\Users\Rudy-ds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Pr�sent! C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe
Pr�sent! H:\flashmemory.vbe
Pr�sent! F:\SThumbDB.lnk
Pr�sent! F:\Store(caf6a04e8ee3cee63f06899813569e487077575f).lnk
Pr�sent! F:\Images.lnk
Pr�sent! F:\Videos.lnk
Pr�sent! F:\Sounds.lnk
Pr�sent! F:\Themes.lnk
Pr�sent! F:\Documents.lnk
Pr�sent! F:\FOUND.000.lnk
Pr�sent! F:\Others.lnk
Pr�sent! F:\SamsungNavigator.lnk
Pr�sent! F:\Backup.lnk
Pr�sent! F:\GoogleAppsData.lnk
Pr�sent! F:\Recycled.lnk
Pr�sent! H:\DSCN8531.lnk
Pr�sent! H:\Doc admin.lnk
Pr�sent! H:\Photos Hipposcars 2013.lnk
Pr�sent! H:\Curriculum Vitae.lnk
Pr�sent! H:\Photos Bu Rudy - pr�voir corrections.lnk
Pr�sent! C:\Users\Rudy-ds\AppData\Roaming\system

################## | Registre |

Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Pr�sent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Pr�sent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Pr�sent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Pr�sent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Pr�sent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Pr�sent! HKU\S-1-5-21-465012693-2708230279-1097855847-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory

################## | Vaccin |

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Signaler le contenu de ce document