cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.164 | [Recherche]

Utilisateur: Utilisateur (Administrateur) # PC
Mis � jour le05/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 19:14:02 | 10/02/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: FOXCONN (2AAF)
CPU: AMD Athlon(tm) II X2 245 Processor
RAM -> [Total : 2815 Mo| Free : 557 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Mozilla Firefox : 12.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001

C:\ (%systemdrive%) -> Disque fixe # 455 Go (323 Go libre(s) - 71%) [COMPAQ] # NTFS
D:\ -> Disque fixe # 11 Go (1 Go libre(s) - 10%) [FACTORY_IMAGE] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (1 Go libre(s) - 73%) [] # FAT
G:\ -> Disque fixe # 233 Go (99 Go libre(s) - 42%) [UNTITLED] # NTFS

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 424 |ParentID: 364)
C:\Windows\system32\csrss.exe (ID: 512 |ParentID: 504)
C:\Windows\system32\wininit.exe (ID: 520 |ParentID: 364)
C:\Windows\system32\winlogon.exe (ID: 568 |ParentID: 504)
C:\Windows\system32\services.exe (ID: 616 |ParentID: 520)
C:\Windows\system32\lsass.exe (ID: 624 |ParentID: 520)
C:\Windows\system32\lsm.exe (ID: 632 |ParentID: 520)
C:\Windows\system32\svchost.exe (ID: 728 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 824 |ParentID: 616)
C:\Windows\system32\atiesrxx.exe (ID: 892 |ParentID: 616)
C:\Windows\System32\svchost.exe (ID: 952 |ParentID: 616)
C:\Windows\System32\svchost.exe (ID: 988 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 1012 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 312 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 1084 |ParentID: 616)
C:\Windows\system32\atieclxx.exe (ID: 1260 |ParentID: 892)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1280 |ParentID: 988)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1288 |ParentID: 616)
C:\Windows\System32\spoolsv.exe (ID: 1544 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 1608 |ParentID: 616)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1712 |ParentID: 616)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 1784 |ParentID: 616)
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (ID: 1824 |ParentID: 616)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID: 1860 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 1916 |ParentID: 616)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 1940 |ParentID: 616)
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (ID: 1964 |ParentID: 616)
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID: 1996 |ParentID: 616)
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (ID: 2036 |ParentID: 616)
C:\Program Files (x86)\Mobogenie\MgAssist.exe (ID: 1220 |ParentID: 616)
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (ID: 1416 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 1628 |ParentID: 616)
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (ID: 436 |ParentID: 616)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1796 |ParentID: 616)
C:\Windows\System32\atwtusb.exe (ID: 2064 |ParentID: 616)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2112 |ParentID: 1796)
C:\Windows\system32\atwtusb.exe (ID: 2172 |ParentID: 2064)
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ID: 2180 |ParentID: 616)
C:\Windows\system32\svchost.exe (ID: 2792 |ParentID: 616)
C:\Windows\servicing\TrustedInstaller.exe (ID: 2368 |ParentID: 616)
C:\Windows\system32\taskhost.exe (ID: 3304 |ParentID: 616)
C:\Windows\system32\taskeng.exe (ID: 3340 |ParentID: 312)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 3364 |ParentID: 988)
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID: 3432 |ParentID: 988)
C:\Windows\system32\Dwm.exe (ID: 3540 |ParentID: 988)
C:\Windows\Explorer.EXE (ID: 3548 |ParentID: 3532)
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (ID: 3556 |ParentID: 3432)
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (ID: 3788 |ParentID: 1220)
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (ID: 3204 |ParentID: 616)
C:\Windows\System32\svchost.exe (ID: 2464 |ParentID: 616)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (ID: 984 |ParentID: 3548)
C:\Windows\System32\WTMKM.exe (ID: 4072 |ParentID: 3548)
C:\Windows\System32\wscript.exe (ID: 3972 |ParentID: 3548)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3996 |ParentID: 3548)
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (ID: 1216 |ParentID: 3548)
C:\Program Files (x86)\SFR\Kit\9props.exe (ID: 3084 |ParentID: 3548)
C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe (ID: 3220 |ParentID: 3548)
C:\Users\Utilisateur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 696 |ParentID: 3548)
C:\Users\Utilisateur\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 3384 |ParentID: 3548)
C:\Windows\SysWOW64\rundll32.exe (ID: 3944 |ParentID: 3548)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (ID: 3968 |ParentID: 1768)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 2712 |ParentID: 1768)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4088 |ParentID: 1768)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 1056 |ParentID: 1768)
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 2476 |ParentID: 3548)
C:\Windows\system32\SearchIndexer.exe (ID: 1568 |ParentID: 616)
C:\Program Files (x86)\SFR\Media Center\httpd\httpd.exe (ID: 3188 |ParentID: 3220)
C:\Windows\system32\conhost.exe (ID: 3200 |ParentID: 512)
C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (ID: 3636 |ParentID: 1768)
C:\Program Files (x86)\SFR\Media Center\httpd\httpd.exe (ID: 3728 |ParentID: 3188)
C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 4228 |ParentID: 3548)
C:\Users\Utilisateur\AppData\Local\Lollipop\Lollipop.exe (ID: 4244 |ParentID: 3548)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4408 |ParentID: 616)
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (ID: 4932 |ParentID: 616)
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4272 |ParentID: 180)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4420 |ParentID: 728)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 4340 |ParentID: 4272)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 428 |ParentID: 616)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4100 |ParentID: 728)
C:\Windows\System32\WUDFHost.exe (ID: 1556 |ParentID: 988)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID: 3824 |ParentID: 1056)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 5948 |ParentID: 312)
C:\Windows\system32\vssvc.exe (ID: 5352 |ParentID: 616)
C:\Windows\System32\svchost.exe (ID: 5052 |ParentID: 616)
C:\Windows\system32\wuauclt.exe (ID: 336 |ParentID: 312)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (ID: 5892 |ParentID: 3340)
C:\Windows\System32\svchost.exe (ID: 4540 |ParentID: 616)
C:\Windows\SysWOW64\ctfmon.exe (ID: 4860 |ParentID: 2712)
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID: 5968 |ParentID: 988)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2128 |ParentID: 1568)
C:\Windows\system32\SearchFilterHost.exe (ID: 2708 |ParentID: 1568)
C:\Windows\system32\DllHost.exe (ID: 5652 |ParentID: 728)

################## | Regedit Run |

04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKCU\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run : [Connexion SFR 9props.exe] "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
04 - HKCU\..\Run : [Neuf Media Center] "C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe"
04 - HKCU\..\Run : [Spotify] "C:\Users\Utilisateur\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Utilisateur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [Google Update] "C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [cacaoweb] "C:\Users\Utilisateur\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKCU\..\Run : [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Utilisateur\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
04 - HKCU\..\Run : [flashmemory] wscript.exe //B "C:\Users\UTILIS~1\AppData\Local\Temp\flashmemory.vbe"
04 - HKLM\..\Run : [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\..\Run : [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
04 - HKLM\..\Run : [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
04 - HKLM64\..\Run : [FullScreen] C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd
04 - HKLM64\..\Run : [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
04 - HKLM64\..\Run : []
04 - HKLM64\..\Run : [MacroKeyManager] WTMKM.exe
04 - HKLM64\..\Run : [flashmemory] wscript.exe //B "C:\Users\UTILIS~1\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [Connexion SFR 9props.exe] "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [Neuf Media Center] "C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe"
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [Spotify] "C:\Users\Utilisateur\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [Spotify Web Helper] "C:\Users\Utilisateur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [Google Update] "C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [cacaoweb] "C:\Users\Utilisateur\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Utilisateur\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
04 - HKU\S-1-5-21-526703959-3673707853-276692237-1000\..\Run : [flashmemory] wscript.exe //B "C:\Users\UTILIS~1\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche g�n�rique |

Pr�sent! C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Pr�sent! C:\Users\UTILIS~1\AppData\Local\Temp\flashmemory.vbe
Pr�sent! F:\flashmemory.vbe
Pr�sent! F:\STDBSTR.lnk
Pr�sent! F:\STDBDATA.lnk
Pr�sent! F:\RAMLIST.lnk
Pr�sent! F:\playqueue.lnk
Pr�sent! F:\SETSTOR.lnk
Pr�sent! F:\Straight Life.lnk
Pr�sent! F:\Battle Field.lnk
Pr�sent! F:\FMRecord.lnk
Pr�sent! F:\Fashion Nugget.lnk
Pr�sent! F:\Video.lnk
Pr�sent! F:\Handle with Care.lnk
Pr�sent! F:\Photos.lnk
Pr�sent! F:\MicRecord.lnk
Pr�sent! F:\Disc 2.lnk
Pr�sent! G:\Notepad.lnk
Pr�sent! C:\Users\Utilisateur\AppData\Roaming\newnext.me
Pr�sent! C:\Users\Utilisateur\AppData\Local\Temp\flashmemory.vbe

################## | Registre |

Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Pr�sent! HKU\S-1-5-21-526703959-3673707853-276692237-1000\Software\Microsoft\Windows\CurrentVersion\Run|NextLive
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NextLive
Pr�sent! HKU\S-1-5-21-526703959-3673707853-276692237-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Pr�sent! HKLM64\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory

################## | Vaccin |


################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité