############################## | UsbFix V 7.162 | [Recherche]

Utilisateur: Rudy-ds (Administrateur) # ANTIKNOTE
Mis à jour le 27/01/2014 par El Desaparecido - Team SosVirus
Lancé à 20:18:55 | 01/02/2014

Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc.         (K52JT)
CPU: Intel(R) Core(TM) i7 CPU       Q 740  @ 1.73GHz
RAM -> [Total : 4021 Mo| Free : 2056 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.7601.17514
WB: Mozilla Firefox : 26.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001

C:\ (%systemdrive%) -> Disque fixe # 182 Go (120 Go libre(s) - 66%) [OS] # NTFS
D:\ -> Disque fixe # 495 Go (344 Go libre(s) - 69%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (1 Mo libre(s) - 0%) [RUDY DS] # FAT
H:\ -> Disque amovible # 2 Go (2 Go libre(s) - 96%) [CLEF RDS] # FAT

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 484 |ParentID: 472)
C:\Windows\system32\wininit.exe (ID: 536 |ParentID: 472)
C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 544)
C:\Windows\system32\services.exe (ID: 592 |ParentID: 536)
C:\Windows\system32\lsass.exe (ID: 620 |ParentID: 536)
C:\Windows\system32\lsm.exe (ID: 628 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 728 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 816 |ParentID: 592)
C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 592)
C:\Windows\system32\winlogon.exe (ID: 920 |ParentID: 544)
C:\Windows\System32\svchost.exe (ID: 964 |ParentID: 592)
C:\Windows\System32\svchost.exe (ID: 1008 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 160 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1044 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1116 |ParentID: 592)
C:\Windows\system32\atieclxx.exe (ID: 1272 |ParentID: 880)
C:\Windows\system32\FBAgent.exe (ID: 1300 |ParentID: 592)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1392 |ParentID: 592)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1488 |ParentID: 592)
C:\Windows\System32\spoolsv.exe (ID: 1572 |ParentID: 592)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1624 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1708 |ParentID: 592)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1816 |ParentID: 592)
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (ID: 1876 |ParentID: 592)
C:\Windows\SysWOW64\svchost.exe (ID: 2036 |ParentID: 592)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1100 |ParentID: 592)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 1772 |ParentID: 592)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 1244 |ParentID: 592)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2072 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 2156 |ParentID: 592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2224 |ParentID: 592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2364 |ParentID: 2224)
C:\Windows\system32\taskhost.exe (ID: 2844 |ParentID: 592)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 2880 |ParentID: 1244)
C:\Windows\system32\Dwm.exe (ID: 2988 |ParentID: 1008)
C:\Windows\Explorer.EXE (ID: 3012 |ParentID: 2964)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 2244 |ParentID: 1392)
C:\Windows\AsScrPro.exe (ID: 2604 |ParentID: 1300)
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (ID: 1544 |ParentID: 3012)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 2952 |ParentID: 3012)
C:\Program Files\Microsoft IntelliPoint\ipoint.exe (ID: 3004 |ParentID: 3012)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2716 |ParentID: 728)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 2924 |ParentID: 1300)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID: 3108 |ParentID: 2244)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID: 3132 |ParentID: 2244)
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (ID: 3148 |ParentID: 3012)
C:\Windows\System32\wscript.exe (ID: 3172 |ParentID: 3012)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (ID: 3244 |ParentID: 3012)
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (ID: 3268 |ParentID: 3004)
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ID: 3308 |ParentID: 3180)
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (ID: 3344 |ParentID: 3012)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID: 3360 |ParentID: 3180)
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (ID: 3368 |ParentID: 3012)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID: 3376 |ParentID: 3180)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 3388 |ParentID: 3180)
C:\Windows\system32\taskeng.exe (ID: 3420 |ParentID: 160)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 3432 |ParentID: 3180)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 3440 |ParentID: 3180)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3456 |ParentID: 3180)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 3544 |ParentID: 3352)
C:\Windows\system32\taskeng.exe (ID: 3588 |ParentID: 160)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID: 3636 |ParentID: 3588)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 3648 |ParentID: 3588)
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 3820 |ParentID: 3588)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 3856 |ParentID: 3420)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 4064 |ParentID: 728)
C:\Program Files\P4G\BatteryLife.exe (ID: 4072 |ParentID: 3588)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 480 |ParentID: 728)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 2404 |ParentID: 3544)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 4364 |ParentID: 1816)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID: 4908 |ParentID: 592)
C:\Windows\system32\SearchIndexer.exe (ID: 4952 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 5020 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 4176 |ParentID: 592)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 2100 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 4892 |ParentID: 592)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 5276 |ParentID: 3244)
C:\Windows\System32\svchost.exe (ID: 5520 |ParentID: 592)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (ID: 5664 |ParentID: 728)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 5672 |ParentID: 2952)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (ID: 5712 |ParentID: 728)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5808 |ParentID: 592)
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ID: 3260 |ParentID: 3588)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 5852 |ParentID: 592)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4304 |ParentID: 592)
C:\Program Files (x86)\Windows Media Player\wmplayer.exe (ID: 5740 |ParentID: 728)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 9344 |ParentID: 3012)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 8612 |ParentID: 9344)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (ID: 9120 |ParentID: 8612)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (ID: 8828 |ParentID: 9120)
C:\Windows\System32\WUDFHost.exe (ID: 7276 |ParentID: 1008)
C:\Users\Rudy-ds\Downloads\RogueKiller.exe (ID: 1224 |ParentID: 9344)
C:\Windows\system32\SearchProtocolHost.exe (ID: 9772 |ParentID: 4952)
C:\Windows\system32\SearchFilterHost.exe (ID: 9232 |ParentID: 4952)

################## | Regedit Run |

04 - HKCU\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKCU\..\Run : [flashmemory] wscript.exe //B "C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe"
04 - HKLM\..\Run : [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
04 - HKLM\..\Run : [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\..\Run : [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\..\Run : [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\..\Run : [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\..\Run : [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [] 
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : [] 
04 - HKLM64\..\Run : [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
04 - HKLM64\..\Run : [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
04 - HKLM64\..\Run : [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [Setwallpaper] c:\programdata\SetWallpaper.cmd
04 - HKLM64\..\Run : [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-465012693-2708230279-1097855847-1000\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKU\S-1-5-21-465012693-2708230279-1097855847-1000\..\Run : [flashmemory] wscript.exe //B "C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Présent! C:\Users\Rudy-ds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Présent! C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe
Présent! H:\flashmemory.vbe
Présent! F:\SThumbDB.lnk
Présent! F:\Store(caf6a04e8ee3cee63f06899813569e487077575f).lnk
Présent! F:\Images.lnk
Présent! F:\Videos.lnk
Présent! F:\Sounds.lnk
Présent! F:\Themes.lnk
Présent! F:\Documents.lnk
Présent! F:\FOUND.000.lnk
Présent! F:\Others.lnk
Présent! F:\SamsungNavigator.lnk
Présent! F:\Backup.lnk
Présent! F:\GoogleAppsData.lnk
Présent! F:\Recycled.lnk
Présent! H:\DSCN8531.lnk
Présent! H:\Doc admin.lnk
Présent! H:\Photos Hipposcars 2013.lnk
Présent! H:\Curriculum Vitae.lnk
Présent! H:\Photos Bu Rudy - prévoir corrections.lnk
Présent! C:\Users\Rudy-ds\AppData\Roaming\system

################## | Registre |

Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKU\S-1-5-21-465012693-2708230279-1097855847-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory

################## | Vaccin |


################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |