cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.163 | [Recherche]

Utilisateur: User (Administrateur) # HP
Mis � jour le 02/02/2014 par El Desaparecido - Team SosVirus
Lanc� � 13:42:02 | 23/02/2014

Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Hewlett-Packard (144A)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3894 Mo| Free : 1722 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Google Chrome : 33.0.1750.117

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: AVG AntiVirus Free Edition 2014 [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: AVG AntiVirus Free Edition 2014 [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Disque fixe # 298 Go (203 Go libre(s) - 68%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [] # FAT32

################## | Processus Actif |

C:\PROGRA~2\AVG\AVG2014\avgrsa.exe (ID: 360 |ParentID: 348)
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 472 |ParentID: 360)
C:\Windows\system32\csrss.exe (ID: 736 |ParentID: 728)
C:\Windows\system32\wininit.exe (ID: 912 |ParentID: 728)
C:\Windows\system32\csrss.exe (ID: 936 |ParentID: 924)
C:\Windows\system32\services.exe (ID: 980 |ParentID: 912)
C:\Windows\system32\lsass.exe (ID: 996 |ParentID: 912)
C:\Windows\system32\lsm.exe (ID: 1012 |ParentID: 912)
C:\Windows\system32\winlogon.exe (ID: 128 |ParentID: 924)
C:\Windows\system32\svchost.exe (ID: 792 |ParentID: 980)
C:\Windows\system32\svchost.exe (ID: 732 |ParentID: 980)
C:\Windows\system32\atiesrxx.exe (ID: 928 |ParentID: 980)
C:\Windows\System32\svchost.exe (ID: 1080 |ParentID: 980)
C:\Windows\System32\svchost.exe (ID: 1116 |ParentID: 980)
C:\Windows\system32\svchost.exe (ID: 1168 |ParentID: 980)
C:\Windows\system32\svchost.exe (ID: 1192 |ParentID: 980)
C:\Windows\system32\Hpservice.exe (ID: 1424 |ParentID: 980)
C:\Windows\Explorer.EXE (ID: 1596 |ParentID: 1552)
C:\Windows\system32\Dwm.exe (ID: 1680 |ParentID: 1116)
C:\Windows\system32\svchost.exe (ID: 1716 |ParentID: 980)
C:\Windows\system32\svchost.exe (ID: 1824 |ParentID: 980)
C:\Windows\System32\igfxpers.exe (ID: 1976 |ParentID: 1596)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 1228 |ParentID: 1596)
C:\Windows\System32\spoolsv.exe (ID: 2072 |ParentID: 980)
C:\Windows\system32\taskhost.exe (ID: 2160 |ParentID: 980)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2312 |ParentID: 980)
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 2408 |ParentID: 1596)
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (ID: 2612 |ParentID: 980)
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID: 2632 |ParentID: 980)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2652 |ParentID: 980)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 2752 |ParentID: 980)
C:\ProgramData\DatacardService\HWDeviceService64.exe (ID: 2788 |ParentID: 980)
c:\altera\90\quartus\bin64\jtagserver.exe (ID: 2820 |ParentID: 980)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 2828 |ParentID: 2788)
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (ID: 2852 |ParentID: 980)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (ID: 2884 |ParentID: 980)
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (ID: 2964 |ParentID: 980)
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe (ID: 1240 |ParentID: 980)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 2672 |ParentID: 980)
C:\Windows\system32\svchost.exe (ID: 1040 |ParentID: 980)
C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID: 3760 |ParentID: 2392)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 3776 |ParentID: 2392)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 3792 |ParentID: 2392)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3812 |ParentID: 792)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4228 |ParentID: 980)
C:\Windows\system32\svchost.exe (ID: 4360 |ParentID: 980)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 4492 |ParentID: 1744)
C:\Windows\system32\svchost.exe (ID: 4528 |ParentID: 980)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 1088 |ParentID: 3768)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 3160 |ParentID: 1088)
C:\wamp\wampmanager.exe (ID: 5456 |ParentID: 1596)
c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe (ID: 5492 |ParentID: 980)
c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe (ID: 5520 |ParentID: 980)
C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe (ID: 5568 |ParentID: 5492)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 3360 |ParentID: 980)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 1052 |ParentID: 980)
C:\Windows\system32\wuauclt.exe (ID: 804 |ParentID: 1192)
C:\Windows\system32\svchost.exe (ID: 6724 |ParentID: 980)
C:\Program Files (x86)\Dim@net\Dim@net.exe (ID: 1072 |ParentID: 1596)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 3384 |ParentID: 1596)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 2280 |ParentID: 6172)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 6736 |ParentID: 980)
C:\Windows\system32\SearchIndexer.exe (ID: 6384 |ParentID: 980)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2660 |ParentID: 1596)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4628 |ParentID: 2660)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4944 |ParentID: 2660)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3852 |ParentID: 2660)
C:\Windows\System32\WUDFHost.exe (ID: 5388 |ParentID: 1116)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3464 |ParentID: 792)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4404 |ParentID: 2660)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4624 |ParentID: 2660)
C:\Users\User\Downloads\RogueKiller (1).exe (ID: 1472 |ParentID: 2660)
C:\Windows\system32\SearchProtocolHost.exe (ID: 7132 |ParentID: 6384)
C:\Windows\system32\SearchFilterHost.exe (ID: 3208 |ParentID: 6384)

################## | Regedit Run |

04 - HKCU\..\Run : [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [photo 2013 45151545124] wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs"
04 - HKCU\..\Run : [cacaoweb] "C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM64\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-224683104-1602457905-2880346776-1000\..\Run : [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-224683104-1602457905-2880346776-1000\..\Run : [photo 2013 45151545124] wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs"
04 - HKU\S-1-5-21-224683104-1602457905-2880346776-1000\..\Run : [cacaoweb] "C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Recherche g�n�rique |

Pr�sent! C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs
Pr�sent! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\photo 2013 45151545124.jpg______________.vbs
Pr�sent! C:\Windows\SysWOW64\User.exe
Pr�sent! E:\photo 2013 45151545124.jpg______________.vbs
Pr�sent! E:\ArfaouiRahma_2ATEL1_2013-2014_�P�C_3.lnk
Pr�sent! C:\Windows\System32\user.exe

################## | Registre |

Pr�sent! HKU\S-1-5-21-224683104-1602457905-2880346776-1000\Software\Microsoft\Windows\CurrentVersion\Run|photo 2013 45151545124
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|photo 2013 45151545124

################## | Vaccin |


################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité