############################## | UsbFix V 7.121 | [Recherche] Utilisateur: Ludivine (Administrateur) # LUDIVINE-PC Mis à jour le 07/04/2013 par El Desaparecido Lancé à 13:58:28 | 13/04/2013 Site Web: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: Acer (Aspire 5738 ) (x64-based PC) CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz (2100) RAM -> [Total : 4025 | Free : 2581] BIOS: Ver 1.00PARTTBL BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16540 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Antivirus [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 454 Go (48 Go libre(s) - 11%) [ACER] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [USB DISK] # FAT32 G:\ -> Disque amovible # 4 Go (3 Go libre(s) - 89%) [USB DISK] # FAT32 ################## | Processus Actif | C:\Windows\system32\csrss.exe (504) C:\Windows\system32\wininit.exe (560) C:\Windows\system32\csrss.exe (576) C:\Windows\system32\services.exe (624) C:\Windows\system32\winlogon.exe (648) C:\Windows\system32\lsass.exe (660) C:\Windows\system32\lsm.exe (668) C:\Windows\system32\svchost.exe (784) C:\Windows\system32\svchost.exe (880) C:\Windows\System32\svchost.exe (964) C:\Windows\System32\svchost.exe (1008) C:\Windows\system32\svchost.exe (380) C:\Windows\system32\svchost.exe (396) C:\Windows\system32\svchost.exe (1112) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1228) C:\Windows\System32\spoolsv.exe (1440) C:\Windows\system32\svchost.exe (1468) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (1616) C:\Windows\system32\taskhost.exe (1628) C:\Windows\system32\Dwm.exe (1680) C:\Windows\Explorer.EXE (1700) C:\Windows\system32\taskeng.exe (1748) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1856) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1880) C:\Program Files\Bonjour\mDNSResponder.exe (1260) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (1948) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (2116) C:\Windows\system32\svchost.exe (2144) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (2248) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (2296) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (2328) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (2380) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (2436) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2476) C:\Windows\system32\svchost.exe (2552) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2608) C:\Windows\System32\svchost.exe (2632) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2656) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2728) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2824) C:\Windows\system32\svchost.exe (3020) C:\Windows\system32\svchost.exe (552) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (3252) C:\Windows\system32\SearchIndexer.exe (3272) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3312) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3760) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3816) C:\Windows\PLFSetI.exe (3964) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (3980) C:\Windows\System32\igfxtray.exe (3996) C:\Windows\System32\hkcmd.exe (4040) C:\Windows\system32\igfxext.exe (4076) C:\Windows\system32\igfxsrvc.exe (3108) C:\Windows\System32\igfxpers.exe (3132) C:\Program Files\Windows Sidebar\sidebar.exe (2792) C:\Windows\system32\wbem\unsecapp.exe (3204) C:\Windows\System32\spool\drivers\x64\3\E_IATIHKE.EXE (3328) C:\Program Files (x86)\uTorrent\uTorrent.exe (3424) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (3268) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (4112) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (4124) C:\Program Files (x86)\Launch Manager\LManager.exe (4148) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (4172) C:\Windows\system32\wbem\wmiprvse.exe (4228) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (4244) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (4336) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4404) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (4428) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (4496) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (4604) C:\Program Files (x86)\iTunes\iTunesHelper.exe (4824) C:\Windows\system32\wbem\wmiprvse.exe (4980) C:\Program Files\iPod\bin\iPodService.exe (5056) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (4120) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (3904) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (2648) C:\Windows\system32\sppsvc.exe (3604) C:\Program Files\Windows Media Player\wmpnetwk.exe (240) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4516) C:\UsbFix\Go.exe (4072) C:\Windows\System32\WUDFHost.exe (3172) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [BackupManagerTray] - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k HKLM\SOFTWARE | Run : [EgisTecLiveUpdate] - "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe HKLM\SOFTWARE | Run : [ArcadeDeluxeAgent] - "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" HKLM\SOFTWARE | Run : [PlayMovie] - "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" HKLM\SOFTWARE | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [Seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE | Run : [EEventManager] - "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE | Run : [UnlockerAssistant] - "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM\SOFTWARE\wow6432Node | Run : [BackupManagerTray] - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k HKLM\SOFTWARE\wow6432Node | Run : [EgisTecLiveUpdate] - "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe HKLM\SOFTWARE\wow6432Node | Run : [ArcadeDeluxeAgent] - "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" HKLM\SOFTWARE\wow6432Node | Run : [PlayMovie] - "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" HKLM\SOFTWARE\wow6432Node | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [Seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE\wow6432Node | Run : [EEventManager] - "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE\wow6432Node | Run : [UnlockerAssistant] - "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1227070071-3598577670-4083579787-1000\SOFTWARE | Run : [Global Registration] - "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT HKU\S-1-5-21-1227070071-3598577670-4083579787-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-1227070071-3598577670-4083579787-1000\SOFTWARE | Run : [EPSON SX230 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Ludivine\AppData\Local\Temp\E_S7D8C.tmp" /EF "HKCU" HKU\S-1-5-21-1227070071-3598577670-4083579787-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" HKU\S-1-5-21-1227070071-3598577670-4083579787-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Éléments infectieux | Présent! C:\ProgramData\FullRemove.exe ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{710ea56e-9485-11de-8767-806e6f6e6963} Shell\AutoRun\Command = D:\InstallNavi.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | http://sosvirus.org |