############################## | UsbFix V 7.139 | [Recherche]

Utilisateur: Top (Administrateur) # TOP-PC
Mis à jour le 26/09/2013 par El Desaparecido - Team SosVirus
Lancé à 20:25:48 | 26/09/2013

Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (K73SV) (x64-based PC)
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz (2100)
RAM -> [Total : 4008 | Free : 1994]
BIOS: BIOS Date: 04/01/11 10:01:29 Ver: 04.06.03
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Anti-virus firewall 10.10 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 279 Go (217 Go libre(s) - 78%) [OS] # NTFS
D:\ -> Disque fixe # 394 Go (393 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> CD-ROM
G:\ -> Disque fixe # 466 Go (269 Go libre(s) - 58%) [Elements] # NTFS
H:\ -> Disque amovible # 15 Go (9 Go libre(s) - 62%) [CLE PATRICK] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (444)
C:\Windows\system32\wininit.exe (520)
C:\Windows\system32\csrss.exe (540)
C:\Windows\system32\services.exe (584)
C:\Windows\system32\winlogon.exe (616)
C:\Windows\system32\lsass.exe (628)
C:\Windows\system32\lsm.exe (636)
C:\Windows\system32\svchost.exe (748)
C:\Windows\system32\nvvsvc.exe (816)
C:\Windows\system32\svchost.exe (856)
C:\Windows\System32\svchost.exe (952)
C:\Windows\System32\svchost.exe (988)
C:\Windows\system32\svchost.exe (1016)
C:\Windows\system32\svchost.exe (344)
C:\Windows\system32\svchost.exe (840)
C:\Windows\system32\svchost.exe (1088)
C:\Windows\system32\FBAgent.exe (1200)
C:\Windows\system32\WLANExt.exe (1224)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1232)
C:\Windows\system32\conhost.exe (1256)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1316)
C:\Windows\system32\nvvsvc.exe (1328)
C:\Windows\SYSTEM32\WISPTIS.EXE (1360)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1464)
C:\Windows\System32\spoolsv.exe (1604)
C:\Windows\system32\svchost.exe (1644)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1872)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe (1976)
C:\Windows\system32\svchost.exe (1996)
C:\Windows\system32\taskhost.exe (1076)
C:\Windows\system32\taskeng.exe (2052)
C:\Windows\SYSTEM32\WISPTIS.EXE (2072)
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (2088)
C:\Windows\system32\Dwm.exe (2140)
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (2160)
C:\Windows\Explorer.EXE (2204)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (2280)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (2292)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2308)
C:\Program Files\P4G\BatteryLife.exe (2316)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE (2416)
C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.EXE (2428)
C:\Windows\SysWOW64\ACEngSvr.exe (2552)
C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.EXE (2620)
C:\Program Files (x86)\PDF Architect\HelperService.exe (2692)
C:\Program Files (x86)\PDF Architect\ConversionService.exe (2740)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (2776)
C:\Windows\system32\svchost.exe (2844)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (2928)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (2992)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (3024)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2700)
C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL64.EXE (2044)
C:\Windows\system32\atwtusb.exe (3276)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3284)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3308)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (3388)
C:\Windows\system32\atwtusb.exe (3420)
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (3432)
C:\Program Files\Elantech\ETDCtrl.exe (3448)
C:\Windows\AsScrPro.exe (3460)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (3648)
C:\Windows\system32\conhost.exe (3668)
C:\Windows\system32\wbem\wmiprvse.exe (3776)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (3868)
C:\Windows\System32\WTMKM.exe (3912)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (3920)
C:\Windows\System32\igfxtray.exe (3176)
C:\Windows\System32\hkcmd.exe (3200)
C:\Windows\System32\igfxpers.exe (3216)
C:\Program Files\Windows Sidebar\sidebar.exe (3224)
C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe (3584)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3980)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (1624)
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (3560)
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (2436)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (3376)
C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe (780)
C:\Windows\system32\svchost.exe (4452)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe (4484)
C:\Program Files\Elantech\ETDCtrlHelper.exe (4836)
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (5100)
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe (5108)
C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe (1712)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2360)
C:\Windows\system32\SearchIndexer.exe (4800)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (5620)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (5648)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (5656)
C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE (5792)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5904)
C:\Program Files (x86)\AVG Secure Search\vprot.exe (5964)
C:\Program Files (x86)\Orange\Antivirus Firewall\Spam Control\fsscoepl_x64.exe (5188)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1884)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (4656)
C:\Windows\System32\svchost.exe (3608)
C:\Windows\system32\DllHost.exe (7048)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1668)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6140)
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (6264)
C:\Windows\system32\svchost.exe (4764)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (3260)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5788)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4640)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (5856)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (6728)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (5752)
C:\Windows\splwow64.exe (4464)
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe (824)
C:\Windows\System32\WUDFHost.exe (5540)
C:\UsbFix\Go.exe (5472)
C:\Windows\system32\wbem\wmiprvse.exe (2248)
C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\fscuif.exe (6712)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM\SOFTWARE | Run : [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\SOFTWARE | Run : [F-Secure Manager] - "C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash
HKLM\SOFTWARE | Run : [F-Secure TNB] - "C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] - 
HKLM\SOFTWARE\wow6432Node | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM\SOFTWARE\wow6432Node | Run : [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\SOFTWARE\wow6432Node | Run : [F-Secure Manager] - "C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash
HKLM\SOFTWARE\wow6432Node | Run : [F-Secure TNB] - "C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [] - 
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2891440792-598076236-1546626878-1002\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2891440792-598076236-1546626878-1002\SOFTWARE | Run : [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
HKU\S-1-5-21-2891440792-598076236-1546626878-1002\SOFTWARE | Run : [HP Deskjet 3070 B611 series (NET)] - "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN23S682HD05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
HKU\S-1-5-21-2891440792-598076236-1546626878-1002\SOFTWARE | Run : [Speech Recognition] - "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Éléments infectieux |

Présent! C:\Users\Top\AppData\Local\Temp\PrintPreview.hta
Présent! G:\autorun.inf
Présent! G:\syncguid.dat

################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{3391bf5c-fa48-11e1-a79f-14dae90f2381}
Shell\AutoRun\Command = F:\LGAutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b065965b-b94d-11e2-942d-14dae90f2381}
Shell\AutoRun\Command = H:\LGAutoRun.exe



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |