############################## | UsbFix V 7.169 | [Recherche] Utilisateur: djecel (Administrateur) # DJECEL-PC Mis à jour le 31/03/2014 par El Desaparecido - Team SosVirus Lancé à 17:50:13 | 07/04/2014 Site Web : http://www.usbfix.net/ Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/forum-virus-securite.html Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: SAMSUNG ELECTRONICS CO., LTD. (RV410/RV510/S3510/E3510 ) CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz RAM -> [Total : 3067 Mo| Free : 1493 Mo] Bios: Phoenix Technologies Ltd. Boot: Normal boot OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 64-Bit) Service Pack 1 WB: Windows Internet Explorer : 11.0.9600.16521 WB: Google Chrome : 33.0.1750.154 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: avast! Antivirus [Enabled | Updated] AS: Windows Defender [Enabled | Updated] AS: avast! Antivirus [Enabled | Updated] FW: Windows FireWall [(!) Disabled] C:\ (%systemdrive%) -> Disque fixe # 357 Go (173 Go libre(s) - 48%) [] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 8 Go (7 Go libre(s) - 99%) [] # FAT32 G:\ -> Disque amovible # 7 Go (2 Go libre(s) - 32%) [] # FAT32 ################## | Processus Actif | C:\Windows\system32\csrss.exe (ID: 400 |ParentID: 392) C:\Windows\system32\wininit.exe (ID: 468 |ParentID: 392) C:\Windows\system32\csrss.exe (ID: 488 |ParentID: 460) C:\Windows\system32\services.exe (ID: 528 |ParentID: 468) C:\Windows\system32\winlogon.exe (ID: 560 |ParentID: 460) C:\Windows\system32\lsass.exe (ID: 572 |ParentID: 468) C:\Windows\system32\lsm.exe (ID: 580 |ParentID: 468) C:\Windows\system32\svchost.exe (ID: 712 |ParentID: 528) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (ID: 768 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 872 |ParentID: 528) C:\Windows\system32\atiesrxx.exe (ID: 960 |ParentID: 528) C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 528) C:\Windows\System32\svchost.exe (ID: 344 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 384 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 396 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 1080 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 1192 |ParentID: 528) C:\Windows\system32\atieclxx.exe (ID: 1292 |ParentID: 960) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1408 |ParentID: 528) C:\Windows\System32\spoolsv.exe (ID: 1552 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 1580 |ParentID: 528) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1672 |ParentID: 528) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (ID: 1728 |ParentID: 528) C:\Windows\system32\taskhost.exe (ID: 1900 |ParentID: 528) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (ID: 1968 |ParentID: 528) C:\Windows\system32\Dwm.exe (ID: 2020 |ParentID: 344) C:\Windows\Explorer.EXE (ID: 1272 |ParentID: 1976) C:\Windows\system32\taskeng.exe (ID: 1920 |ParentID: 396) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (ID: 2076 |ParentID: 1920) C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 2140 |ParentID: 528) C:\Program Files (x86)\Mobogenie\MgAssist.exe (ID: 2168 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 2416 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 2256 |ParentID: 528) C:\Windows\system32\svchost.exe (ID: 2508 |ParentID: 528) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (ID: 3084 |ParentID: 1272) C:\Windows\System32\wscript.exe (ID: 3096 |ParentID: 1272) C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe (ID: 3248 |ParentID: 3104) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3256 |ParentID: 3104) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 3288 |ParentID: 3168) C:\Windows\system32\SearchIndexer.exe (ID: 3596 |ParentID: 528) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3708 |ParentID: 528) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 3000 |ParentID: 3288) C:\Windows\System32\svchost.exe (ID: 3124 |ParentID: 528) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 4624 |ParentID: 528) C:\Windows\System32\svchost.exe (ID: 4384 |ParentID: 528) C:\Program Files\Internet Explorer\iexplore.exe (ID: 592 |ParentID: 1272) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe (ID: 3076 |ParentID: 712) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 4116 |ParentID: 592) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 1072 |ParentID: 592) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 5996 |ParentID: 592) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 1536 |ParentID: 592) C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 6812 |ParentID: 712) C:\Windows\system32\AUDIODG.EXE (ID: 6668 |ParentID: 996) C:\Windows\System32\WUDFHost.exe (ID: 6756 |ParentID: 344) C:\Users\djecel\Downloads\RogueKillerX64.exe (ID: 5536 |ParentID: 1272) C:\Windows\system32\SearchProtocolHost.exe (ID: 6960 |ParentID: 3596) C:\Windows\system32\SearchFilterHost.exe (ID: 6996 |ParentID: 3596) c:\program files\windows defender\MpCmdRun.exe (ID: 4992 |ParentID: 5748) C:\Windows\system32\wbem\wmiprvse.exe (ID: 6300 |ParentID: 712) ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] userinit.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKCU\..\Run : [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S862C.tmp" /EF "HKCU" 04 - HKCU\..\Run : [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto 04 - HKCU\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\djecel\AppData\Local\Temp\iTunesHelper.vbe" 04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 04 - HKLM\..\Run : [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe 04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui 04 - HKLM\..\RunOnce : [] 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-21-2680582778-3496884801-3350215911-1000\..\Run : [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S862C.tmp" /EF "HKCU" 04 - HKU\S-1-5-21-2680582778-3496884801-3350215911-1000\..\Run : [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto 04 - HKU\S-1-5-21-2680582778-3496884801-3350215911-1000\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\djecel\AppData\Local\Temp\iTunesHelper.vbe" 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ################## | Recherche générique | Présent! C:\Users\djecel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe Présent! C:\Users\djecel\AppData\Local\Temp\iTunesHelper.vbe Présent! F:\iTunesHelper.vbe Présent! G:\iTunesHelper.vbe Présent! G:\Nouveau dossier.lnk Présent! G:\trz36EB.tmp ################## | Registre | Présent! HKU\S-1-5-21-2680582778-3496884801-3350215911-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper ################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |