cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.142 | [Recherche]

Utilisateur: Jerry (Administrateur) # JERRY-PC
Mis � jour le 02/10/2013 par El Desaparecido - Team SosVirus
Lanc� � 17:59:18 | 03/10/2013

Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: ASUSTeK Computer INC. (P8P67 LE)
CPU: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
RAM -> [Total : 8173 | Free : 5947]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows�7 �dition Int�grale (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 466 Go (131 Go libre(s) - 28%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Disque fixe # 1863 Go (3 Go libre(s) - 0%) [DISQUE DUR] # NTFS

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID 460 |ParentID 384)
C:\Windows\system32\wininit.exe (ID 532 |ParentID 384)
C:\Windows\system32\csrss.exe (ID 556 |ParentID 540)
C:\Windows\system32\services.exe (ID 588 |ParentID 532)
C:\Windows\system32\lsass.exe (ID 612 |ParentID 532)
C:\Windows\system32\lsm.exe (ID 620 |ParentID 532)
C:\Windows\system32\svchost.exe (ID 720 |ParentID 588)
C:\Windows\system32\svchost.exe (ID 804 |ParentID 588)
C:\Windows\system32\atiesrxx.exe (ID 872 |ParentID 588)
C:\Windows\system32\winlogon.exe (ID 916 |ParentID 540)
C:\Windows\System32\svchost.exe (ID 960 |ParentID 588)
C:\Windows\System32\svchost.exe (ID 1000 |ParentID 588)
C:\Windows\system32\svchost.exe (ID 328 |ParentID 588)
C:\Windows\system32\svchost.exe (ID 348 |ParentID 588)
C:\Windows\system32\svchost.exe (ID 1056 |ParentID 588)
C:\Windows\system32\svchost.exe (ID 1188 |ParentID 588)
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (ID 1252 |ParentID 588)
C:\Windows\system32\atieclxx.exe (ID 1436 |ParentID 872)
C:\Windows\System32\spoolsv.exe (ID 1636 |ParentID 588)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID 1672 |ParentID 588)
C:\Windows\system32\svchost.exe (ID 1692 |ParentID 588)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1856 |ParentID 588)
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (ID 1896 |ParentID 588)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID 1960 |ParentID 588)
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe (ID 1080 |ParentID 588)
C:\Windows\system32\taskhost.exe (ID 1208 |ParentID 588)
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe (ID 1984 |ParentID 588)
C:\Windows\system32\taskeng.exe (ID 1772 |ParentID 348)
C:\Windows\system32\Dwm.exe (ID 2076 |ParentID 1000)
C:\Windows\Explorer.EXE (ID 2112 |ParentID 2068)
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (ID 2144 |ParentID 588)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 2176 |ParentID 588)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID 2224 |ParentID 588)
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ID 2240 |ParentID 1772)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 2276 |ParentID 588)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID 2296 |ParentID 588)
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID 2316 |ParentID 588)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID 2328 |ParentID 2296)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2492 |ParentID 588)
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (ID 2684 |ParentID 588)
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ID 2644 |ParentID 2240)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3000 |ParentID 2492)
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ID 1396 |ParentID 2240)
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ID 2476 |ParentID 2240)
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ID 2820 |ParentID 2476)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID 2968 |ParentID 1960)
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (ID 3244 |ParentID 588)
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (ID 3856 |ParentID 588)
C:\Windows\system32\SearchIndexer.exe (ID 3756 |ParentID 588)
C:\Windows\system32\svchost.exe (ID 3440 |ParentID 588)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 3300 |ParentID 2112)
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (ID 3744 |ParentID 2112)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (ID 3336 |ParentID 2112)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ID 3328 |ParentID 3336)
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (ID 4760 |ParentID 2748)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID 4888 |ParentID 2748)
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (ID 4988 |ParentID 2748)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 5076 |ParentID 4800)
C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe (ID 4652 |ParentID 4760)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 5004 |ParentID 5076)
C:\Windows\system32\svchost.exe (ID 4928 |ParentID 588)
C:\Windows\System32\svchost.exe (ID 4364 |ParentID 588)
C:\Windows\system32\DllHost.exe (ID 1920 |ParentID 720)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID 1800 |ParentID 3348)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 4148 |ParentID 588)
C:\Program Files (x86)\Nero\Update\NASvc.exe (ID 1072 |ParentID 588)
C:\Windows\System32\svchost.exe (ID 4172 |ParentID 588)
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (ID 4572 |ParentID 2112)
\\FREEBOX\Disque dur\winupdatefix.exe (ID 4000 |ParentID 2112)
C:\UsbFix\Go.exe (ID 3948 |ParentID 5292)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4448 |ParentID 720)
C:\UsbFix\Go.exe (ID 644 |ParentID 3716)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3292 |ParentID 720)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID 952 |ParentID 348)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE\wow6432Node | Run : [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-440345812-2725411837-4022958379-1000\SOFTWARE | Run : [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-440345812-2725411837-4022958379-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-440345812-2725411837-4022958379-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | �l�ments infectieux |

Pr�sent! D:\Launcher.exe
Pr�sent! D:\autorun.inf

################## | Registre |

HKCU\.\.\.\.\Explorer\MountPoints2\{4dbaa163-d507-11e2-8ec6-806e6f6e6963}
Shell\AutoRun\Command = D:\Launcher.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7c88eb3e-e661-11e2-849f-f46d0429bb59}
Shell\AutoRun\Command = E:\Launch.exe



################## | Vaccin |

(!) Cet ordinateur n'est pas vaccin�!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité