############################## | UsbFix V 7.128 | [Recherche] Utilisateur: Utilisateur (Administrateur) # UTILISATEUR-MSI Mis à jour le 20/06/2013 par El Desaparecido Lancé à 20:49:00 | 23/06/2013 Site Web: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/forum-virus-securite/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Micro-Star International (MS-16GN) (x64-based PC) CPU: AMD E-350 Processor (1600) RAM -> [Total : 3692 | Free : 1991] BIOS: E16GNAMS Ver1.05 Date: 01/27/11 BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16618 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Antivirus [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 95 Go (40 Go libre(s) - 42%) [OS_Install] # NTFS D:\ -> Disque fixe # 359 Go (287 Go libre(s) - 80%) [Data] # NTFS E:\ -> CD-ROM F:\ -> Disque fixe # 728 Mo (196 Mo libre(s) - 27%) [Mot de passe] # NTFS G:\ -> Disque amovible # 8 Go (6 Go libre(s) - 74%) [KINGSTON] # FAT32 H:\ -> Disque amovible # 2 Go (1 Go libre(s) - 67%) [KINGSTON] # FAT ################## | Processus Actif | C:\windows\system32\csrss.exe (660) C:\windows\system32\wininit.exe (740) C:\windows\system32\csrss.exe (752) C:\windows\system32\services.exe (796) C:\windows\system32\lsass.exe (812) C:\windows\system32\lsm.exe (820) C:\windows\system32\winlogon.exe (896) C:\windows\system32\svchost.exe (972) C:\windows\system32\svchost.exe (608) C:\windows\system32\atiesrxx.exe (656) C:\windows\System32\svchost.exe (924) C:\windows\System32\svchost.exe (1052) C:\windows\system32\svchost.exe (1096) C:\windows\system32\svchost.exe (1128) C:\windows\system32\atieclxx.exe (1320) C:\windows\system32\svchost.exe (1348) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1496) C:\windows\system32\Dwm.exe (1660) C:\windows\Explorer.EXE (1696) C:\windows\System32\spoolsv.exe (1740) C:\windows\system32\svchost.exe (1772) C:\windows\system32\taskhost.exe (1796) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (2016) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1400) C:\Program Files (x86)\YoWindow\yowindow.exe (1688) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (1908) C:\windows\system32\svchost.exe (2096) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (2156) C:\Program Files\AVAST Software\Avast\AvastUI.exe (2172) C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (2212) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (2276) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2308) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2584) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (2956) C:\windows\system32\svchost.exe (1372) C:\windows\system32\SearchIndexer.exe (2372) C:\windows\system32\svchost.exe (3332) C:\windows\System32\svchost.exe (3608) C:\Program Files\Windows Media Player\wmpnetwk.exe (2236) C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (1812) C:\Program Files (x86)\TechSmith\SnagIt 8\TSCHelp.exe (988) C:\Program Files (x86)\TechSmith\SnagIt 8\SnagPriv.exe (2532) C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (4920) C:\Program Files (x86)\Tomtomax Maxi-Box V3\tomtomax_maxibox.exe (4820) C:\windows\SysWOW64\ctfmon.exe (1528) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2328) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3308) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (4384) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (3764) C:\windows\explorer.exe (4540) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (4764) C:\UsbFix\Go.exe (3840) C:\windows\system32\wbem\wmiprvse.exe (628) C:\windows\System32\WUDFHost.exe (4228) \\?\C:\windows\system32\wbem\WMIADAP.EXE (4616) C:\windows\system32\wbem\wmiprvse.exe (3116) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [WOOWATCH] - C:\PROGRA~2\Wanadoo\Watch.exe HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKLM\SOFTWARE | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe HKLM\SOFTWARE\wow6432Node | RunServices : [FTRTSVC] - C:\windows\SysWOW64\FTRTSVC.exe HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Éléments infectieux | ################## | Registre | Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\garminlifetime.exe Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetection.exe Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsettings.exe Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msi game corner.exe Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s-bar.exe Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer_setup_fr.exe ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | http://sosvirus.net |