cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.169 | [Recherche]

Utilisateur: amine (Administrateur) # PC-DE-AMINE
Mis à jour le 31/03/2014 par El Desaparecido - Team SosVirus
Lancé à 20:22:52 | 28/09/2015

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: PACKARD BELL BV (PE2)
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
RAM -> [Total : 3000 Mo| Free : 1322 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 45.0.2454.101

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Antivirus [Enabled | Updated]
AS: Avira Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 246 Go (121 Go libre(s) - 49%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 39 Go (35 Go libre(s) - 90%) [partition 1] # NTFS
G:\ -> Disque amovible # 964 Mo (962 Mo libre(s) - 100%) [AMINE STORE] # FAT

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 544)
C:\Windows\system32\wininit.exe (ID: 596 |ParentID: 544)
C:\Windows\system32\csrss.exe (ID: 612 |ParentID: 604)
C:\Windows\system32\services.exe (ID: 648 |ParentID: 596)
C:\Windows\system32\lsass.exe (ID: 660 |ParentID: 596)
C:\Windows\system32\lsm.exe (ID: 668 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 836 |ParentID: 648)
C:\Windows\system32\winlogon.exe (ID: 872 |ParentID: 604)
C:\Windows\system32\svchost.exe (ID: 952 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 1000 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 1116 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 1152 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1168 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1268 |ParentID: 648)
C:\Windows\system32\SLsvc.exe (ID: 1288 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1360 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1484 |ParentID: 648)
C:\Windows\System32\spoolsv.exe (ID: 1668 |ParentID: 648)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1692 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1712 |ParentID: 648)
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (ID: 188 |ParentID: 648)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 276 |ParentID: 648)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 300 |ParentID: 648)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 436 |ParentID: 648)
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ID: 604 |ParentID: 648)
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 1908 |ParentID: 648)
C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe (ID: 1556 |ParentID: 648)
C:\ProgramData\MobileBrServ\mbbservice.exe (ID: 1964 |ParentID: 648)
C:\Program Files\Lectra\Modaservice\modaserv.exe (ID: 708 |ParentID: 648)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (ID: 1700 |ParentID: 648)
C:\PROGRA~1\MYWEBF~2\bar\2.bin\5abarsvc.exe (ID: 1160 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 2052 |ParentID: 648)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 2072 |ParentID: 648)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 2184 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 2224 |ParentID: 648)
C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbarsvc.exe (ID: 2284 |ParentID: 648)
C:\Windows\System32\svchost.exe (ID: 2316 |ParentID: 648)
C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe (ID: 2384 |ParentID: 648)
C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (ID: 2420 |ParentID: 648)
C:\Windows\System32\WUDFHost.exe (ID: 2476 |ParentID: 1152)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 3096 |ParentID: 300)
C:\Windows\system32\taskeng.exe (ID: 3460 |ParentID: 1168)
C:\Windows\System32\alg.exe (ID: 3468 |ParentID: 648)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3768 |ParentID: 836)
C:\Windows\system32\Dwm.exe (ID: 904 |ParentID: 1152)
C:\Windows\system32\taskeng.exe (ID: 3544 |ParentID: 1168)
C:\Windows\Explorer.EXE (ID: 3672 |ParentID: 3344)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3884 |ParentID: 3860)
C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 3988 |ParentID: 3672)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 3336 |ParentID: 3672)
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 3504 |ParentID: 3672)
C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (ID: 3064 |ParentID: 3672)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 3932 |ParentID: 3672)
C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe (ID: 3352 |ParentID: 3672)
C:\Windows\System32\wscript.exe (ID: 4016 |ParentID: 3672)
C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 3980 |ParentID: 3672)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 560 |ParentID: 648)
C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 1740 |ParentID: 3988)
C:\Windows\system32\wbem\unsecapp.exe (ID: 4084 |ParentID: 836)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2136 |ParentID: 836)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3648 |ParentID: 3884)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3360 |ParentID: 3884)
C:\Program Files\Avira\Launcher\Avira.Systray.exe (ID: 4168 |ParentID: 2420)
C:\Windows\system32\svchost.exe (ID: 4976 |ParentID: 648)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 5008 |ParentID: 3932)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (ID: 5208 |ParentID: 648)
C:\Windows\system32\wuauclt.exe (ID: 4480 |ParentID: 1168)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4292 |ParentID: 3884)
C:\Windows\system32\conime.exe (ID: 5232 |ParentID: 4148)
C:\Windows\regedit.exe (ID: 5092 |ParentID: 3672)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5452 |ParentID: 3884)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5308 |ParentID: 3884)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5624 |ParentID: 3884)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKCU\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs"
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKCU\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
04 - HKCU\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKCU\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKCU\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKLM\..\Run : [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
04 - HKLM\..\Run : [MyWebFace Search Scope Monitor] "C:\PROGRA~1\MYWEBF~2\bar\2.bin\5asrchmn.exe" /m=2 /w /h
04 - HKLM\..\Run : [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs"
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session

################## | Recherche générique |

Présent! G:\AFFICHE_MED_2015_3.lnk
Présent! G:\FICHE INDIVIDUELLE.lnk
Présent! G:\Autorun.inf.lnk

################## | Registre |


################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité