Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.126 | [Recherche]
Utilisateur: Anthony (Administrateur) # PC-ANTHO
Mis � jour le 13/05/2013 par El Desaparecido
Lanc� � 21:50:36 | 01/06/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: ASUSTeK COMPUTER INC. (K56CM) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz (1701)
RAM -> [Total : 3982 | Free : 1433]
BIOS: K56CM.206
BOOT: Normal boot
OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16580
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 264 Go (209 Go libre(s) - 79%) [OS] # NTFS
D:\ -> Disque fixe # 398 Go (383 Go libre(s) - 96%) [DATA] # NTFS
E:\ -> Disque amovible # 8 Go (7 Go libre(s) - 99%) [CRUZER] # NTFS
G:\ -> CD-ROM
H:\ -> Disque fixe # 931 Go (918 Go libre(s) - 99%) [My Passport] # NTFS
I:\ -> Disque amovible # 2 Go (379 Mo libre(s) - 20%) [USB DISK] # FAT
################## | Processus Actif |
C:\Windows\system32\csrss.exe (612)
C:\Windows\system32\wininit.exe (688)
C:\Windows\system32\csrss.exe (704)
C:\Windows\system32\winlogon.exe (748)
C:\Windows\system32\services.exe (792)
C:\Windows\system32\lsass.exe (800)
C:\Windows\system32\svchost.exe (908)
C:\Windows\system32\nvvsvc.exe (952)
C:\Windows\system32\svchost.exe (996)
C:\Windows\System32\svchost.exe (384)
C:\Windows\system32\svchost.exe (452)
C:\Windows\system32\dwm.exe (620)
C:\Windows\system32\svchost.exe (608)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (316)
C:\Windows\system32\nvvsvc.exe (1036)
C:\Windows\System32\svchost.exe (1120)
C:\Windows\system32\svchost.exe (1364)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1420)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1472)
C:\Windows\System32\spoolsv.exe (1576)
C:\Windows\system32\svchost.exe (1656)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1744)
C:\Windows\system32\svchost.exe (1792)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1908)
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe (1944)
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe (1964)
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe (1972)
C:\Windows\system32\conhost.exe (1984)
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe (2004)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (2016)
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (1068)
C:\Windows\system32\DptfParticipantProcessorService.exe (1560)
C:\Windows\system32\DptfPolicyConfigTDPService.exe (1808)
C:\Windows\system32\dashost.exe (1868)
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (2080)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (2112)
C:\Windows\SysWOW64\irstrtsv.exe (2176)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2212)
C:\Windows\system32\svchost.exe (2368)
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (2492)
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (2760)
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (3120)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (3152)
C:\Program Files\ASUS\P4G\BatteryLife.exe (3160)
C:\Windows\system32\taskhostex.exe (3180)
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (3208)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (3456)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (3488)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (3500)
C:\Windows\system32\wbem\wmiprvse.exe (3840)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (3924)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (4000)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (2276)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (4376)
C:\Windows\system32\SearchIndexer.exe (4452)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (4552)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (4564)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (4920)
C:\Windows\System32\RuntimeBroker.exe (5040)
C:\Windows\System32\igfxtray.exe (2896)
C:\Windows\System32\hkcmd.exe (2908)
C:\Windows\system32\svchost.exe (4900)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (5096)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (5260)
C:\Windows\system32\igfxpers.exe (5416)
C:\Windows\SysWOW64\ACEngSvr.exe (5452)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (5704)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5892)
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (5920)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (5952)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (2432)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (4184)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (2632)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (14408)
C:\Windows\system32\wbem\wmiprvse.exe (5412)
C:\Windows\explorer.exe (14732)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3612)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (5992)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (15480)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (5976)
C:\Windows\System32\WUDFHost.exe (184)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (4164)
C:\UsbFix\Go.exe (6448)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
HKLM\SOFTWARE | Run : [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
HKLM\SOFTWARE\wow6432Node | Run : [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
HKLM\SOFTWARE\wow6432Node | Run : [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-3124752941-3885292783-1113856017-1002\SOFTWARE | Run : [Spotify] - "C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
HKU\S-1-5-21-3124752941-3885292783-1113856017-1002\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
################## | �l�ments infectieux |
Pr�sent! G:\WD Drive Unlock.exe
Pr�sent! G:\autorun.inf
Pr�sent! I:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
################## | Registre |
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{0f63272f-5714-11e2-be85-50465de27868}
Shell\AutoRun\Command = "F:\LaunchU3.exe" -a
HKCU\.\.\.\.\Explorer\MountPoints2\{dd7f7032-c5da-11e2-bf60-50465de27868}
Shell\AutoRun\Command = "G:\WD Drive Unlock.exe" autoplay=true
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://sosvirus.org |
Utilisateur: Anthony (Administrateur) # PC-ANTHO
Mis � jour le 13/05/2013 par El Desaparecido
Lanc� � 21:50:36 | 01/06/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: ASUSTeK COMPUTER INC. (K56CM) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz (1701)
RAM -> [Total : 3982 | Free : 1433]
BIOS: K56CM.206
BOOT: Normal boot
OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16580
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 264 Go (209 Go libre(s) - 79%) [OS] # NTFS
D:\ -> Disque fixe # 398 Go (383 Go libre(s) - 96%) [DATA] # NTFS
E:\ -> Disque amovible # 8 Go (7 Go libre(s) - 99%) [CRUZER] # NTFS
G:\ -> CD-ROM
H:\ -> Disque fixe # 931 Go (918 Go libre(s) - 99%) [My Passport] # NTFS
I:\ -> Disque amovible # 2 Go (379 Mo libre(s) - 20%) [USB DISK] # FAT
################## | Processus Actif |
C:\Windows\system32\csrss.exe (612)
C:\Windows\system32\wininit.exe (688)
C:\Windows\system32\csrss.exe (704)
C:\Windows\system32\winlogon.exe (748)
C:\Windows\system32\services.exe (792)
C:\Windows\system32\lsass.exe (800)
C:\Windows\system32\svchost.exe (908)
C:\Windows\system32\nvvsvc.exe (952)
C:\Windows\system32\svchost.exe (996)
C:\Windows\System32\svchost.exe (384)
C:\Windows\system32\svchost.exe (452)
C:\Windows\system32\dwm.exe (620)
C:\Windows\system32\svchost.exe (608)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (316)
C:\Windows\system32\nvvsvc.exe (1036)
C:\Windows\System32\svchost.exe (1120)
C:\Windows\system32\svchost.exe (1364)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1420)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1472)
C:\Windows\System32\spoolsv.exe (1576)
C:\Windows\system32\svchost.exe (1656)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1744)
C:\Windows\system32\svchost.exe (1792)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1908)
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe (1944)
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe (1964)
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe (1972)
C:\Windows\system32\conhost.exe (1984)
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe (2004)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (2016)
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (1068)
C:\Windows\system32\DptfParticipantProcessorService.exe (1560)
C:\Windows\system32\DptfPolicyConfigTDPService.exe (1808)
C:\Windows\system32\dashost.exe (1868)
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (2080)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (2112)
C:\Windows\SysWOW64\irstrtsv.exe (2176)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2212)
C:\Windows\system32\svchost.exe (2368)
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (2492)
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (2760)
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (3120)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (3152)
C:\Program Files\ASUS\P4G\BatteryLife.exe (3160)
C:\Windows\system32\taskhostex.exe (3180)
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (3208)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (3456)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (3488)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (3500)
C:\Windows\system32\wbem\wmiprvse.exe (3840)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (3924)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (4000)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (2276)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (4376)
C:\Windows\system32\SearchIndexer.exe (4452)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (4552)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (4564)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (4920)
C:\Windows\System32\RuntimeBroker.exe (5040)
C:\Windows\System32\igfxtray.exe (2896)
C:\Windows\System32\hkcmd.exe (2908)
C:\Windows\system32\svchost.exe (4900)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (5096)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (5260)
C:\Windows\system32\igfxpers.exe (5416)
C:\Windows\SysWOW64\ACEngSvr.exe (5452)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (5704)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5892)
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (5920)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (5952)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (2432)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (4184)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (2632)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (14408)
C:\Windows\system32\wbem\wmiprvse.exe (5412)
C:\Windows\explorer.exe (14732)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3612)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (5992)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (15480)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (5976)
C:\Windows\System32\WUDFHost.exe (184)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (4164)
C:\UsbFix\Go.exe (6448)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
HKLM\SOFTWARE | Run : [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
HKLM\SOFTWARE\wow6432Node | Run : [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
HKLM\SOFTWARE\wow6432Node | Run : [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-3124752941-3885292783-1113856017-1002\SOFTWARE | Run : [Spotify] - "C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
HKU\S-1-5-21-3124752941-3885292783-1113856017-1002\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
################## | �l�ments infectieux |
Pr�sent! G:\WD Drive Unlock.exe
Pr�sent! G:\autorun.inf
Pr�sent! I:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
################## | Registre |
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{0f63272f-5714-11e2-be85-50465de27868}
Shell\AutoRun\Command = "F:\LaunchU3.exe" -a
HKCU\.\.\.\.\Explorer\MountPoints2\{dd7f7032-c5da-11e2-bf60-50465de27868}
Shell\AutoRun\Command = "G:\WD Drive Unlock.exe" autoplay=true
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://sosvirus.org |