Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.169 | [Recherche]
Utilisateur: amine (Administrateur) # PC-DE-AMINE
Mis à jour le 31/03/2014 par El Desaparecido - Team SosVirus
Lancé à 18:09:18 | 28/09/2015
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: PACKARD BELL BV (PE2)
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
RAM -> [Total : 3000 Mo| Free : 1266 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft® Windows Vista Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 45.0.2454.101
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Antivirus [Enabled | Updated]
AS: Avira Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 246 Go (121 Go libre(s) - 49%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 39 Go (35 Go libre(s) - 90%) [partition 1] # NTFS
F:\ -> Disque amovible # 964 Mo (962 Mo libre(s) - 100%) [AMINE STORE] # FAT
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 544)
C:\Windows\system32\wininit.exe (ID: 596 |ParentID: 544)
C:\Windows\system32\csrss.exe (ID: 612 |ParentID: 604)
C:\Windows\system32\services.exe (ID: 648 |ParentID: 596)
C:\Windows\system32\lsass.exe (ID: 660 |ParentID: 596)
C:\Windows\system32\lsm.exe (ID: 668 |ParentID: 596)
C:\Windows\system32\winlogon.exe (ID: 848 |ParentID: 604)
C:\Windows\system32\svchost.exe (ID: 856 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 948 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 1080 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 1144 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1180 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1260 |ParentID: 648)
C:\Windows\system32\SLsvc.exe (ID: 1280 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1340 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1476 |ParentID: 648)
C:\Windows\System32\spoolsv.exe (ID: 1652 |ParentID: 648)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1676 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1688 |ParentID: 648)
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (ID: 1912 |ParentID: 648)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1984 |ParentID: 648)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 2020 |ParentID: 648)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 2036 |ParentID: 648)
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ID: 296 |ParentID: 648)
C:\Windows\system32\Dwm.exe (ID: 1060 |ParentID: 1144)
C:\Windows\system32\taskeng.exe (ID: 1328 |ParentID: 1180)
C:\Windows\system32\taskeng.exe (ID: 2088 |ParentID: 1180)
C:\Windows\Explorer.EXE (ID: 2104 |ParentID: 1332)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 2296 |ParentID: 2104)
C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 2304 |ParentID: 2104)
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 2312 |ParentID: 2104)
C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (ID: 2320 |ParentID: 2104)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 2352 |ParentID: 2104)
C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe (ID: 2360 |ParentID: 2104)
C:\Windows\System32\wscript.exe (ID: 2368 |ParentID: 2104)
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 2712 |ParentID: 648)
C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe (ID: 2728 |ParentID: 648)
C:\ProgramData\MobileBrServ\mbbservice.exe (ID: 2744 |ParentID: 648)
C:\Program Files\Lectra\Modaservice\modaserv.exe (ID: 2760 |ParentID: 648)
C:\PROGRA~1\MYWEBF~2\bar\2.bin\5abarsvc.exe (ID: 3068 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 3212 |ParentID: 648)
C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 3380 |ParentID: 2304)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 3484 |ParentID: 648)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 3576 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 3596 |ParentID: 648)
C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbarsvc.exe (ID: 3676 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 3704 |ParentID: 648)
C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe (ID: 3780 |ParentID: 648)
C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (ID: 3844 |ParentID: 648)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2680 |ParentID: 856)
C:\Program Files\Avira\Launcher\Avira.Systray.exe (ID: 3372 |ParentID: 3844)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 3668 |ParentID: 2020)
C:\Windows\System32\alg.exe (ID: 1292 |ParentID: 648)
C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 3056 |ParentID: 2104)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (ID: 3524 |ParentID: 648)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 4016 |ParentID: 2352)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2692 |ParentID: 648)
C:\Windows\system32\wbem\unsecapp.exe (ID: 1924 |ParentID: 856)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4216 |ParentID: 856)
C:\Windows\system32\svchost.exe (ID: 5896 |ParentID: 648)
C:\Program Files\Skype\Phone\Skype.exe (ID: 5848 |ParentID: 5404)
C:\Windows\system32\wuauclt.exe (ID: 2440 |ParentID: 1180)
C:\Windows\System32\WUDFHost.exe (ID: 4056 |ParentID: 1144)
C:\Windows\system32\conime.exe (ID: 3936 |ParentID: 2504)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5052 |ParentID: 2104)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4948 |ParentID: 5052)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3912 |ParentID: 5052)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5628 |ParentID: 5052)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKCU\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs"
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKCU\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
04 - HKCU\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKCU\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKCU\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKLM\..\Run : [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
04 - HKLM\..\Run : [MyWebFace Search Scope Monitor] "C:\PROGRA~1\MYWEBF~2\bar\2.bin\5asrchmn.exe" /m=2 /w /h
04 - HKLM\..\Run : [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs"
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
################## | Recherche générique |
Présent! F:\AFFICHE_MED_2015_3.lnk
Présent! F:\FICHE INDIVIDUELLE.lnk
################## | Registre |
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
Utilisateur: amine (Administrateur) # PC-DE-AMINE
Mis à jour le 31/03/2014 par El Desaparecido - Team SosVirus
Lancé à 18:09:18 | 28/09/2015
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: PACKARD BELL BV (PE2)
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
RAM -> [Total : 3000 Mo| Free : 1266 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft® Windows Vista Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 45.0.2454.101
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Antivirus [Enabled | Updated]
AS: Avira Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 246 Go (121 Go libre(s) - 49%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 39 Go (35 Go libre(s) - 90%) [partition 1] # NTFS
F:\ -> Disque amovible # 964 Mo (962 Mo libre(s) - 100%) [AMINE STORE] # FAT
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 544)
C:\Windows\system32\wininit.exe (ID: 596 |ParentID: 544)
C:\Windows\system32\csrss.exe (ID: 612 |ParentID: 604)
C:\Windows\system32\services.exe (ID: 648 |ParentID: 596)
C:\Windows\system32\lsass.exe (ID: 660 |ParentID: 596)
C:\Windows\system32\lsm.exe (ID: 668 |ParentID: 596)
C:\Windows\system32\winlogon.exe (ID: 848 |ParentID: 604)
C:\Windows\system32\svchost.exe (ID: 856 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 948 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 1080 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 1144 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1180 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1260 |ParentID: 648)
C:\Windows\system32\SLsvc.exe (ID: 1280 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1340 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1476 |ParentID: 648)
C:\Windows\System32\spoolsv.exe (ID: 1652 |ParentID: 648)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1676 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1688 |ParentID: 648)
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (ID: 1912 |ParentID: 648)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1984 |ParentID: 648)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 2020 |ParentID: 648)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 2036 |ParentID: 648)
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ID: 296 |ParentID: 648)
C:\Windows\system32\Dwm.exe (ID: 1060 |ParentID: 1144)
C:\Windows\system32\taskeng.exe (ID: 1328 |ParentID: 1180)
C:\Windows\system32\taskeng.exe (ID: 2088 |ParentID: 1180)
C:\Windows\Explorer.EXE (ID: 2104 |ParentID: 1332)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 2296 |ParentID: 2104)
C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 2304 |ParentID: 2104)
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 2312 |ParentID: 2104)
C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (ID: 2320 |ParentID: 2104)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 2352 |ParentID: 2104)
C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe (ID: 2360 |ParentID: 2104)
C:\Windows\System32\wscript.exe (ID: 2368 |ParentID: 2104)
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 2712 |ParentID: 648)
C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe (ID: 2728 |ParentID: 648)
C:\ProgramData\MobileBrServ\mbbservice.exe (ID: 2744 |ParentID: 648)
C:\Program Files\Lectra\Modaservice\modaserv.exe (ID: 2760 |ParentID: 648)
C:\PROGRA~1\MYWEBF~2\bar\2.bin\5abarsvc.exe (ID: 3068 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 3212 |ParentID: 648)
C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 3380 |ParentID: 2304)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 3484 |ParentID: 648)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 3576 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 3596 |ParentID: 648)
C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbarsvc.exe (ID: 3676 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 3704 |ParentID: 648)
C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe (ID: 3780 |ParentID: 648)
C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (ID: 3844 |ParentID: 648)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2680 |ParentID: 856)
C:\Program Files\Avira\Launcher\Avira.Systray.exe (ID: 3372 |ParentID: 3844)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 3668 |ParentID: 2020)
C:\Windows\System32\alg.exe (ID: 1292 |ParentID: 648)
C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 3056 |ParentID: 2104)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (ID: 3524 |ParentID: 648)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 4016 |ParentID: 2352)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2692 |ParentID: 648)
C:\Windows\system32\wbem\unsecapp.exe (ID: 1924 |ParentID: 856)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4216 |ParentID: 856)
C:\Windows\system32\svchost.exe (ID: 5896 |ParentID: 648)
C:\Program Files\Skype\Phone\Skype.exe (ID: 5848 |ParentID: 5404)
C:\Windows\system32\wuauclt.exe (ID: 2440 |ParentID: 1180)
C:\Windows\System32\WUDFHost.exe (ID: 4056 |ParentID: 1144)
C:\Windows\system32\conime.exe (ID: 3936 |ParentID: 2504)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5052 |ParentID: 2104)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4948 |ParentID: 5052)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3912 |ParentID: 5052)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5628 |ParentID: 5052)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKCU\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs"
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKCU\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
04 - HKCU\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKCU\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKCU\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKLM\..\Run : [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
04 - HKLM\..\Run : [MyWebFace Search Scope Monitor] "C:\PROGRA~1\MYWEBF~2\bar\2.bin\5asrchmn.exe" /m=2 /w /h
04 - HKLM\..\Run : [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs"
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
################## | Recherche générique |
Présent! F:\AFFICHE_MED_2015_3.lnk
Présent! F:\FICHE INDIVIDUELLE.lnk
################## | Registre |
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |