cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.169 | [Recherche]

Utilisateur: alain (Administrateur) # ALAIN-HP
Mis � jour le 31/03/2014 par El Desaparecido - Team SosVirus
Lanc� � 22:46:56 | 05/04/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Hewlett-Packard (1661)
CPU: AMD Phenom(tm) II P960 Quad-Core Processor
RAM -> [Total : 3835 Mo| Free : 1952 Mo]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender [Enabled | Updated]
AS: Norton Internet Security [(!) Disabled | (!) Outdated]
FW: Norton Internet Security [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Disque fixe # 451 Go (345 Go libre(s) - 76%) [] # NTFS
D:\ -> Disque fixe # 14 Go (130 Mo libre(s) - 1%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 99 Mo (89 Mo libre(s) - 90%) [HP_TOOLS] # FAT32
G:\ -> Disque amovible # 4 Go (2 Go libre(s) - 62%) [Lexar] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 424 |ParentID: 408)
C:\Windows\system32\wininit.exe (ID: 524 |ParentID: 408)
C:\Windows\system32\csrss.exe (ID: 548 |ParentID: 536)
C:\Windows\system32\services.exe (ID: 592 |ParentID: 524)
C:\Windows\system32\lsass.exe (ID: 600 |ParentID: 524)
C:\Windows\system32\lsm.exe (ID: 608 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 708 |ParentID: 592)
C:\Windows\system32\winlogon.exe (ID: 796 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 828 |ParentID: 592)
C:\Windows\system32\atiesrxx.exe (ID: 888 |ParentID: 592)
C:\Windows\System32\svchost.exe (ID: 956 |ParentID: 592)
C:\Windows\System32\svchost.exe (ID: 992 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 120 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 324 |ParentID: 592)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 416 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1312 |ParentID: 592)
C:\Windows\system32\atieclxx.exe (ID: 1320 |ParentID: 888)
C:\Windows\system32\WLANExt.exe (ID: 1432 |ParentID: 992)
C:\Windows\system32\conhost.exe (ID: 1440 |ParentID: 424)
C:\Windows\System32\spoolsv.exe (ID: 1560 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1592 |ParentID: 592)
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (ID: 1680 |ParentID: 592)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1708 |ParentID: 592)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1848 |ParentID: 592)
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (ID: 1876 |ParentID: 592)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID: 1936 |ParentID: 592)
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (ID: 1168 |ParentID: 592)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 1288 |ParentID: 592)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 1612 |ParentID: 592)
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID: 1780 |ParentID: 592)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID: 2136 |ParentID: 592)
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 2168 |ParentID: 592)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2712 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 2740 |ParentID: 592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2796 |ParentID: 592)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID: 2892 |ParentID: 592)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2924 |ParentID: 592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2932 |ParentID: 2796)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1820 |ParentID: 708)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2196 |ParentID: 708)
C:\Windows\system32\taskhost.exe (ID: 3508 |ParentID: 592)
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 3540 |ParentID: 2168)
C:\Windows\system32\taskeng.exe (ID: 3696 |ParentID: 324)
C:\Windows\system32\Dwm.exe (ID: 3828 |ParentID: 992)
C:\Windows\Explorer.EXE (ID: 3940 |ParentID: 3820)
C:\PROGRA~2\Orange\ASSIST~1\ASSIST~1.EXE (ID: 3964 |ParentID: 3696)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 4000 |ParentID: 592)
C:\Windows\System32\rundll32.exe (ID: 3256 |ParentID: 708)
C:\Windows\system32\SearchIndexer.exe (ID: 4072 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 4112 |ParentID: 592)
C:\PROGRA~2\Orange\ASSIST~1\dist\ST2.exe (ID: 4248 |ParentID: 3964)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 4952 |ParentID: 3940)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 4992 |ParentID: 3940)
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (ID: 5024 |ParentID: 3940)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ID: 5064 |ParentID: 3940)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4776 |ParentID: 4952)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 4836 |ParentID: 5080)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4728 |ParentID: 5080)
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 1084 |ParentID: 5080)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4936 |ParentID: 5080)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 5200 |ParentID: 5080)
C:\Program Files\iPod\bin\iPodService.exe (ID: 5236 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 5348 |ParentID: 592)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 5440 |ParentID: 592)
C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (ID: 5472 |ParentID: 5080)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 4520 |ParentID: 592)
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (ID: 1728 |ParentID: 592)
C:\Program Files (x86)\Nero\Update\NASvc.exe (ID: 1568 |ParentID: 592)
C:\Windows\System32\svchost.exe (ID: 3568 |ParentID: 592)
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (ID: 3936 |ParentID: 5000)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 2844 |ParentID: 592)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4896 |ParentID: 592)
C:\Windows\system32\svchost.exe (ID: 1508 |ParentID: 592)
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe (ID: 644 |ParentID: 592)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 6280 |ParentID: 3940)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 6412 |ParentID: 6280)
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (ID: 1788 |ParentID: 6280)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 6204 |ParentID: 708)
C:\Windows\system32\taskhost.exe (ID: 5428 |ParentID: 592)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 2900 |ParentID: 6280)
C:\Windows\System32\WUDFHost.exe (ID: 4704 |ParentID: 992)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 2392 |ParentID: 324)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3276 |ParentID: 4072)
C:\Windows\system32\SearchFilterHost.exe (ID: 1028 |ParentID: 4072)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKCU\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
04 - HKLM\..\Run : [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\..\Run : [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
04 - HKLM\..\RunOnce : []
04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - [x64] HKLM\..\Run : [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
04 - [x64] HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3945258308-1706749784-157900744-1001\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-3945258308-1706749784-157900744-1001\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-3945258308-1706749784-157900744-1001_Classes\..\Run : [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche g�n�rique |


################## | Registre |

Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Pr�sent! HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité