############################## | UsbFix V 7.142 | [Recherche] Utilisateur: Jerry (Administrateur) # JERRY-PC Mis à jour le 02/10/2013 par El Desaparecido - Team SosVirus Lancé à 17:59:18 | 03/10/2013 Site Web: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: ASUSTeK Computer INC. (P8P67 LE) CPU: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz RAM -> [Total : 8173 | Free : 5947] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16686 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Avira Desktop [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 466 Go (131 Go libre(s) - 28%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Disque fixe # 1863 Go (3 Go libre(s) - 0%) [DISQUE DUR] # NTFS ################## | Processus Actif | C:\Windows\system32\csrss.exe (ID 460 |ParentID 384) C:\Windows\system32\wininit.exe (ID 532 |ParentID 384) C:\Windows\system32\csrss.exe (ID 556 |ParentID 540) C:\Windows\system32\services.exe (ID 588 |ParentID 532) C:\Windows\system32\lsass.exe (ID 612 |ParentID 532) C:\Windows\system32\lsm.exe (ID 620 |ParentID 532) C:\Windows\system32\svchost.exe (ID 720 |ParentID 588) C:\Windows\system32\svchost.exe (ID 804 |ParentID 588) C:\Windows\system32\atiesrxx.exe (ID 872 |ParentID 588) C:\Windows\system32\winlogon.exe (ID 916 |ParentID 540) C:\Windows\System32\svchost.exe (ID 960 |ParentID 588) C:\Windows\System32\svchost.exe (ID 1000 |ParentID 588) C:\Windows\system32\svchost.exe (ID 328 |ParentID 588) C:\Windows\system32\svchost.exe (ID 348 |ParentID 588) C:\Windows\system32\svchost.exe (ID 1056 |ParentID 588) C:\Windows\system32\svchost.exe (ID 1188 |ParentID 588) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (ID 1252 |ParentID 588) C:\Windows\system32\atieclxx.exe (ID 1436 |ParentID 872) C:\Windows\System32\spoolsv.exe (ID 1636 |ParentID 588) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID 1672 |ParentID 588) C:\Windows\system32\svchost.exe (ID 1692 |ParentID 588) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1856 |ParentID 588) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (ID 1896 |ParentID 588) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID 1960 |ParentID 588) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe (ID 1080 |ParentID 588) C:\Windows\system32\taskhost.exe (ID 1208 |ParentID 588) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe (ID 1984 |ParentID 588) C:\Windows\system32\taskeng.exe (ID 1772 |ParentID 348) C:\Windows\system32\Dwm.exe (ID 2076 |ParentID 1000) C:\Windows\Explorer.EXE (ID 2112 |ParentID 2068) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (ID 2144 |ParentID 588) C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 2176 |ParentID 588) C:\Program Files\ma-config.com\MaConfigAgent.exe (ID 2224 |ParentID 588) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ID 2240 |ParentID 1772) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 2276 |ParentID 588) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID 2296 |ParentID 588) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID 2316 |ParentID 588) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID 2328 |ParentID 2296) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2492 |ParentID 588) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (ID 2684 |ParentID 588) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ID 2644 |ParentID 2240) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3000 |ParentID 2492) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ID 1396 |ParentID 2240) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ID 2476 |ParentID 2240) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ID 2820 |ParentID 2476) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID 2968 |ParentID 1960) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (ID 3244 |ParentID 588) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (ID 3856 |ParentID 588) C:\Windows\system32\SearchIndexer.exe (ID 3756 |ParentID 588) C:\Windows\system32\svchost.exe (ID 3440 |ParentID 588) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 3300 |ParentID 2112) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (ID 3744 |ParentID 2112) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (ID 3336 |ParentID 2112) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ID 3328 |ParentID 3336) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (ID 4760 |ParentID 2748) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID 4888 |ParentID 2748) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (ID 4988 |ParentID 2748) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 5076 |ParentID 4800) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe (ID 4652 |ParentID 4760) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 5004 |ParentID 5076) C:\Windows\system32\svchost.exe (ID 4928 |ParentID 588) C:\Windows\System32\svchost.exe (ID 4364 |ParentID 588) C:\Windows\system32\DllHost.exe (ID 1920 |ParentID 720) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID 1800 |ParentID 3348) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 4148 |ParentID 588) C:\Program Files (x86)\Nero\Update\NASvc.exe (ID 1072 |ParentID 588) C:\Windows\System32\svchost.exe (ID 4172 |ParentID 588) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (ID 4572 |ParentID 2112) \\FREEBOX\Disque dur\winupdatefix.exe (ID 4000 |ParentID 2112) C:\UsbFix\Go.exe (ID 3948 |ParentID 5292) C:\Windows\system32\wbem\wmiprvse.exe (ID 4448 |ParentID 720) C:\UsbFix\Go.exe (ID 644 |ParentID 3716) C:\Windows\system32\wbem\wmiprvse.exe (ID 3292 |ParentID 720) \\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID 952 |ParentID 348) ################## | Regedit Run | HKLM\SOFTWARE | Run : [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\SOFTWARE | Run : [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\SOFTWARE\wow6432Node | Run : [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-440345812-2725411837-4022958379-1000\SOFTWARE | Run : [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" HKU\S-1-5-21-440345812-2725411837-4022958379-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent HKU\S-1-5-21-440345812-2725411837-4022958379-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Éléments infectieux | Présent! D:\Launcher.exe Présent! D:\autorun.inf ################## | Registre | HKCU\.\.\.\.\Explorer\MountPoints2\{4dbaa163-d507-11e2-8ec6-806e6f6e6963} Shell\AutoRun\Command = D:\Launcher.exe HKCU\.\.\.\.\Explorer\MountPoints2\{7c88eb3e-e661-11e2-849f-f46d0429bb59} Shell\AutoRun\Command = E:\Launch.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |