############################## | UsbFix V 7.121 | [Recherche]

Utilisateur: Damien (Administrateur) # DAMIEN-PC
Mis à jour le 07/04/2013 par El Desaparecido
Lancé à 11:56:28 | 15/04/2013

Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Hewlett-Packard (HP Pavilion dv7 Notebook PC) (x64-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz (2200)
RAM -> [Total : 4063 | Free : 2378]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16540

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 285 Go (247 Go libre(s) - 87%) [OS] # NTFS
D:\ -> Disque fixe # 298 Go (298 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> Disque fixe # 13 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
F:\ -> CD-ROM
G:\ -> Disque fixe # 931 Go (764 Go libre(s) - 82%) [My Passport] # NTFS

################## | Processus Actif |

C:\Windows\system32\csrss.exe (452)
C:\Windows\system32\wininit.exe (528)
C:\Windows\system32\csrss.exe (544)
C:\Windows\system32\services.exe (588)
C:\Windows\system32\lsass.exe (620)
C:\Windows\system32\lsm.exe (628)
C:\Windows\system32\winlogon.exe (636)
C:\Windows\system32\svchost.exe (748)
C:\Windows\system32\svchost.exe (836)
C:\Windows\system32\atiesrxx.exe (880)
C:\Windows\System32\svchost.exe (972)
C:\Windows\System32\svchost.exe (1020)
C:\Windows\system32\svchost.exe (380)
C:\Windows\system32\svchost.exe (448)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (392)
C:\Windows\system32\svchost.exe (1256)
C:\Windows\system32\Hpservice.exe (1312)
C:\Windows\system32\atieclxx.exe (1368)
C:\Windows\system32\svchost.exe (1380)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1516)
C:\Windows\system32\WLANExt.exe (1524)
C:\Windows\system32\conhost.exe (1532)
C:\Windows\System32\spoolsv.exe (1688)
C:\Windows\system32\svchost.exe (1728)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1804)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (1840)
C:\Windows\SysWOW64\svchost.exe (1880)
C:\Windows\system32\svchost.exe (1928)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1968)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (2000)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2036)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (1176)
C:\Windows\system32\svchost.exe (1288)
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (1152)
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (2084)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2764)
C:\Windows\system32\taskhost.exe (2920)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2180)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2480)
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (2592)
C:\Windows\system32\Dwm.exe (2712)
C:\Windows\Explorer.EXE (3028)
C:\Windows\system32\svchost.exe (2584)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3132)
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (3272)
C:\Program Files\IDT\WDM\sttray64.exe (3344)
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (3500)
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (3596)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (1028)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (3716)
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (3752)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (3164)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (4088)
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (3436)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (3404)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (2796)
C:\Windows\system32\wbem\wmiprvse.exe (3644)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3256)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (2360)
C:\Windows\system32\SearchIndexer.exe (4104)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (5108)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (5052)
C:\Windows\system32\taskeng.exe (4840)
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (4284)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4628)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4528)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4668)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4260)
C:\Windows\System32\svchost.exe (2244)
C:\Windows\system32\DllHost.exe (5292)
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (5984)
C:\Windows\System32\svchost.exe (5892)
C:\Program Files\Windows Media Player\wmpnetwk.exe (6120)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5324)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5036)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4380)
C:\UsbFix\Go.exe (3584)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (4136)
C:\Windows\system32\wbem\wmiprvse.exe (2948)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [HPCam_Menu] - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
HKLM\SOFTWARE | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE | Run : [UpdatePRCShortCut] - "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [HPCam_Menu] - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
HKLM\SOFTWARE\wow6432Node | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE\wow6432Node | Run : [UpdatePRCShortCut] - "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2399800536-4079095281-4039618715-1001\SOFTWARE | Run : [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-2399800536-4079095281-4039618715-1001\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Éléments infectieux |

Présent! G:\WD Apps Setup.exe

################## | Registre |


################## | Mountpoints2 |



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://sosvirus.org |