cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.162 | [Recherche]

Utilisateur: Nono et Jeff (Administrateur) # PC-DE-NONOETJF
Mis � jour le 27/01/2014 par El Desaparecido - Team SosVirus
Lanc� � 16:40:03 | 02/02/2014

Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: eMachines (eMachines E725 )
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
RAM -> [Total : 3001 Mo| Free : 1669 Mo]
Bios: eMachines
Boot: Normal boot

OS: Microsoft� Windows Vista� �dition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001

C:\ (%systemdrive%) -> Disque fixe # 139 Go (20 Go libre(s) - 14%) [OS] # NTFS
D:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 584 |ParentID: 572)
C:\Windows\system32\wininit.exe (ID: 628 |ParentID: 572)
C:\Windows\system32\csrss.exe (ID: 640 |ParentID: 620)
C:\Windows\system32\services.exe (ID: 680 |ParentID: 628)
C:\Windows\system32\lsass.exe (ID: 692 |ParentID: 628)
C:\Windows\system32\lsm.exe (ID: 700 |ParentID: 628)
C:\Windows\system32\winlogon.exe (ID: 792 |ParentID: 620)
C:\Windows\system32\svchost.exe (ID: 900 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 964 |ParentID: 680)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 1008 |ParentID: 680)
C:\Windows\System32\svchost.exe (ID: 1204 |ParentID: 680)
C:\Windows\System32\svchost.exe (ID: 1236 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 1252 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 1360 |ParentID: 680)
C:\Windows\system32\SLsvc.exe (ID: 1380 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 1408 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 1632 |ParentID: 680)
C:\Windows\System32\spoolsv.exe (ID: 1896 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 1924 |ParentID: 680)
C:\Windows\system32\taskeng.exe (ID: 592 |ParentID: 1252)
C:\Windows\system32\Dwm.exe (ID: 732 |ParentID: 1236)
C:\Windows\Explorer.EXE (ID: 436 |ParentID: 560)
C:\Windows\system32\taskeng.exe (ID: 1108 |ParentID: 1252)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ID: 1724 |ParentID: 680)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 464 |ParentID: 680)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 320 |ParentID: 680)
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (ID: 2072 |ParentID: 680)
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (ID: 2100 |ParentID: 680)
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (ID: 2216 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 2264 |ParentID: 680)
C:\Windows\system32\svchost.exe (ID: 2300 |ParentID: 680)
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (ID: 2332 |ParentID: 680)
C:\Windows\System32\svchost.exe (ID: 2352 |ParentID: 680)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2388 |ParentID: 680)
C:\Windows\system32\SearchIndexer.exe (ID: 2500 |ParentID: 680)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2604 |ParentID: 2388)
C:\Windows\system32\igfxsrvc.exe (ID: 3124 |ParentID: 900)
c:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 3448 |ParentID: 680)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3784 |ParentID: 2500)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 2548 |ParentID: 436)
C:\Windows\PLFSetI.exe (ID: 1424 |ParentID: 436)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2260 |ParentID: 436)
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (ID: 928 |ParentID: 436)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ID: 2928 |ParentID: 436)
C:\Windows\WindowsMobile\wmdc.exe (ID: 2708 |ParentID: 436)
C:\Windows\System32\hkcmd.exe (ID: 564 |ParentID: 436)
C:\Windows\System32\igfxpers.exe (ID: 2772 |ParentID: 436)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 2992 |ParentID: 436)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 1460 |ParentID: 436)
C:\Windows\ehome\ehtray.exe (ID: 1628 |ParentID: 436)
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (ID: 1520 |ParentID: 436)
C:\Windows\ehome\ehmsas.exe (ID: 1344 |ParentID: 900)
C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 3328 |ParentID: 436)
C:\Windows\system32\wbem\unsecapp.exe (ID: 3036 |ParentID: 900)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3144 |ParentID: 900)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3360 |ParentID: 680)
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ID: 2712 |ParentID: 2928)
C:\Windows\system32\svchost.exe (ID: 720 |ParentID: 680)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (ID: 1748 |ParentID: 680)
C:\Windows\System32\mobsync.exe (ID: 3924 |ParentID: 900)
C:\Windows\system32\igfxext.exe (ID: 3576 |ParentID: 900)
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe (ID: 3988 |ParentID: 2072)
C:\Windows\system32\svchost.exe (ID: 3692 |ParentID: 680)
C:\Users\NONOET~1\AppData\Local\Temp\RtkBtMnt.exe (ID: 1692 |ParentID: 2548)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2448 |ParentID: 2260)
C:\Windows\servicing\TrustedInstaller.exe (ID: 2572 |ParentID: 680)
C:\Windows\system32\taskeng.exe (ID: 4940 |ParentID: 1252)
C:\Windows\system32\SearchFilterHost.exe (ID: 5504 |ParentID: 2500)
C:\Windows\system32\rundll32.exe (ID: 6028 |ParentID: 6008)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4296 |ParentID: 900)

################## | Regedit Run |

04 - HKCU\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKCU\..\Run : [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S3650.tmp" /EF "HKCU"
04 - HKCU\..\Run : [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
04 - HKCU\..\Run : [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
04 - HKCU\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
04 - HKLM\..\Run : [PLFSetI] C:\Windows\PLFSetI.exe
04 - HKLM\..\Run : [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
04 - HKLM\..\Run : [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
04 - HKLM\..\Run : [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
04 - HKLM\..\Run : [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-21-1981829535-3348030352-3952427123-1000\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKU\S-1-5-21-1981829535-3348030352-3952427123-1000\..\Run : [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S3650.tmp" /EF "HKCU"
04 - HKU\S-1-5-21-1981829535-3348030352-3952427123-1000\..\Run : [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
04 - HKU\S-1-5-21-1981829535-3348030352-3952427123-1000\..\Run : [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
04 - HKU\S-1-5-21-1981829535-3348030352-3952427123-1000\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## | Recherche g�n�rique |

Pr�sent! C:\Users\NONOET~1\AppData\Local\Temp\RtkBtMnt.exe

################## | Registre |


################## | Vaccin |


################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité