############################## | UsbFix V 7.169 | [Recherche] Utilisateur: amine (Administrateur) # PC-DE-AMINE Mis à jour le 31/03/2014 par El Desaparecido - Team SosVirus Lancé à 18:09:18 | 28/09/2015 Site Web : http://www.usbfix.net/ Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/forum-virus-securite.html Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: PACKARD BELL BV (PE2) CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz RAM -> [Total : 3000 Mo| Free : 1266 Mo] Bios: Phoenix Technologies LTD Boot: Normal boot OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2 WB: Windows Internet Explorer : 9.0.8112.16421 WB: Google Chrome : 45.0.2454.101 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Avira Antivirus [Enabled | Updated] AS: Avira Antivirus [Enabled | Updated] AS: Windows Defender [Enabled | Updated] FW: Windows FireWall [Enabled] C:\ (%systemdrive%) -> Disque fixe # 246 Go (121 Go libre(s) - 49%) [OS] # NTFS D:\ -> CD-ROM E:\ -> Disque fixe # 39 Go (35 Go libre(s) - 90%) [partition 1] # NTFS F:\ -> Disque amovible # 964 Mo (962 Mo libre(s) - 100%) [AMINE STORE] # FAT ################## | Processus Actif | C:\Windows\system32\csrss.exe (ID: 556 |ParentID: 544) C:\Windows\system32\wininit.exe (ID: 596 |ParentID: 544) C:\Windows\system32\csrss.exe (ID: 612 |ParentID: 604) C:\Windows\system32\services.exe (ID: 648 |ParentID: 596) C:\Windows\system32\lsass.exe (ID: 660 |ParentID: 596) C:\Windows\system32\lsm.exe (ID: 668 |ParentID: 596) C:\Windows\system32\winlogon.exe (ID: 848 |ParentID: 604) C:\Windows\system32\svchost.exe (ID: 856 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 948 |ParentID: 648) C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 648) C:\Windows\System32\svchost.exe (ID: 1080 |ParentID: 648) C:\Windows\System32\svchost.exe (ID: 1144 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 1180 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 1260 |ParentID: 648) C:\Windows\system32\SLsvc.exe (ID: 1280 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 1340 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 1476 |ParentID: 648) C:\Windows\System32\spoolsv.exe (ID: 1652 |ParentID: 648) C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1676 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 1688 |ParentID: 648) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (ID: 1912 |ParentID: 648) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1984 |ParentID: 648) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 2020 |ParentID: 648) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 2036 |ParentID: 648) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ID: 296 |ParentID: 648) C:\Windows\system32\Dwm.exe (ID: 1060 |ParentID: 1144) C:\Windows\system32\taskeng.exe (ID: 1328 |ParentID: 1180) C:\Windows\system32\taskeng.exe (ID: 2088 |ParentID: 1180) C:\Windows\Explorer.EXE (ID: 2104 |ParentID: 1332) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 2296 |ParentID: 2104) C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 2304 |ParentID: 2104) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 2312 |ParentID: 2104) C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (ID: 2320 |ParentID: 2104) C:\Program Files\Internet Download Manager\IDMan.exe (ID: 2352 |ParentID: 2104) C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe (ID: 2360 |ParentID: 2104) C:\Windows\System32\wscript.exe (ID: 2368 |ParentID: 2104) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (ID: 2712 |ParentID: 648) C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe (ID: 2728 |ParentID: 648) C:\ProgramData\MobileBrServ\mbbservice.exe (ID: 2744 |ParentID: 648) C:\Program Files\Lectra\Modaservice\modaserv.exe (ID: 2760 |ParentID: 648) C:\PROGRA~1\MYWEBF~2\bar\2.bin\5abarsvc.exe (ID: 3068 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 3212 |ParentID: 648) C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe (ID: 3380 |ParentID: 2304) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 3484 |ParentID: 648) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 3576 |ParentID: 648) C:\Windows\system32\svchost.exe (ID: 3596 |ParentID: 648) C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbarsvc.exe (ID: 3676 |ParentID: 648) C:\Windows\System32\svchost.exe (ID: 3704 |ParentID: 648) C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe (ID: 3780 |ParentID: 648) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (ID: 3844 |ParentID: 648) C:\Windows\system32\wbem\wmiprvse.exe (ID: 2680 |ParentID: 856) C:\Program Files\Avira\Launcher\Avira.Systray.exe (ID: 3372 |ParentID: 3844) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 3668 |ParentID: 2020) C:\Windows\System32\alg.exe (ID: 1292 |ParentID: 648) C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 3056 |ParentID: 2104) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (ID: 3524 |ParentID: 648) C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 4016 |ParentID: 2352) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2692 |ParentID: 648) C:\Windows\system32\wbem\unsecapp.exe (ID: 1924 |ParentID: 856) C:\Windows\system32\wbem\wmiprvse.exe (ID: 4216 |ParentID: 856) C:\Windows\system32\svchost.exe (ID: 5896 |ParentID: 648) C:\Program Files\Skype\Phone\Skype.exe (ID: 5848 |ParentID: 5404) C:\Windows\system32\wuauclt.exe (ID: 2440 |ParentID: 1180) C:\Windows\System32\WUDFHost.exe (ID: 4056 |ParentID: 1144) C:\Windows\system32\conime.exe (ID: 3936 |ParentID: 2504) C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5052 |ParentID: 2104) C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4948 |ParentID: 5052) C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3912 |ParentID: 5052) C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5628 |ParentID: 5052) ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe, F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe, 04 - HKCU\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs" 04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot 04 - HKCU\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe 04 - HKCU\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF" 04 - HKCU\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session 04 - HKCU\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session 04 - HKCU\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session 04 - HKLM\..\Run : [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" 04 - HKLM\..\Run : [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zsrchmn.exe" /m=2 /w /h 04 - HKLM\..\Run : [MyWebFace Search Scope Monitor] "C:\PROGRA~1\MYWEBF~2\bar\2.bin\5asrchmn.exe" /m=2 /w /h 04 - HKLM\..\Run : [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem 04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem 04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Liste des Robes Haifa(france 2014-3)] wscript.exe //B "C:\Users\amine\AppData\Local\Temp\Liste des Robes Haifa(france 2014-3).vbs" 04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot 04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [BingSvc] C:\Users\amine\AppData\Local\Microsoft\BingSvc\BingSvc.exe 04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\Run : [Microsoft Word] wscript.exe //B "C:\Users\amine\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF" 04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #4] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session 04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #3] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session 04 - HKU\S-1-5-21-2446137286-77876486-3352192479-1000\..\RunOnce : [Application Restart #2] C:\Users\amine\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\amine\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session ################## | Recherche générique | Présent! F:\AFFICHE_MED_2015_3.lnk Présent! F:\FICHE INDIVIDUELLE.lnk ################## | Registre | ################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |