############################## | UsbFix V 7.129 | [Recherche] Utilisateur: Barrot (Administrateur) # BARROT-PC Mis à jour le 24/06/2013 par El Desaparecido Lancé à 15:23:47 | 25/06/2013 Site Web: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Acer (Aspire M3900) (x64-based PC) CPU: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz (3003) RAM -> [Total : 4095 | Free : 2594] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16618 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Internet Security [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 456 Go (98 Go libre(s) - 21%) [Acer] # NTFS D:\ -> Disque fixe # 456 Go (39 Go libre(s) - 9%) [DATA] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [CAROLE&PHIL] # FAT32 ################## | Processus Actif | C:\Windows\system32\csrss.exe (544) C:\Windows\system32\wininit.exe (604) C:\Windows\system32\csrss.exe (612) C:\Windows\system32\winlogon.exe (660) C:\Windows\system32\services.exe (704) C:\Windows\system32\lsass.exe (720) C:\Windows\system32\lsm.exe (728) C:\Windows\system32\svchost.exe (836) C:\Windows\system32\nvvsvc.exe (916) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (940) C:\Windows\system32\svchost.exe (988) C:\Windows\System32\svchost.exe (560) C:\Windows\System32\svchost.exe (748) C:\Windows\system32\svchost.exe (804) C:\Windows\system32\svchost.exe (1048) C:\Windows\system32\svchost.exe (1156) C:\Windows\system32\svchost.exe (1256) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1348) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1356) C:\Windows\system32\nvvsvc.exe (1400) C:\Program Files\AVAST Software\Avast\afwServ.exe (1564) C:\Windows\System32\spoolsv.exe (1712) C:\Windows\system32\svchost.exe (1740) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1828) C:\Windows\system32\svchost.exe (1868) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (1920) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (1952) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (1196) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2140) C:\Windows\system32\svchost.exe (2164) C:\Windows\system32\svchost.exe (2184) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2248) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2284) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (2688) C:\Windows\System32\WUDFHost.exe (2924) C:\Windows\system32\taskhost.exe (3052) C:\Windows\system32\Dwm.exe (2448) C:\Windows\Explorer.EXE (1372) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (3208) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3220) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (3364) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (3396) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (3440) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (3480) C:\Program Files\AVAST Software\Avast\AvastUI.exe (3672) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3708) C:\Windows\system32\SearchIndexer.exe (2108) C:\Windows\System32\svchost.exe (2884) C:\Program Files\Windows Media Player\wmpnetwk.exe (3880) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (1692) C:\Windows\System32\svchost.exe (2864) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (1128) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (5028) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (3628) C:\Windows\system32\taskeng.exe (5160) C:\UsbFix\Go.exe (5920) C:\Windows\system32\wbem\wmiprvse.exe (5812) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" HKLM\SOFTWARE | Run : [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe HKLM\SOFTWARE | Run : [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe HKLM\SOFTWARE | Run : [MDS_Menu] - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" HKLM\SOFTWARE | Run : [ArcadeMovieService] - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" HKLM\SOFTWARE | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" 196609 HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" HKLM\SOFTWARE\wow6432Node | Run : [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe HKLM\SOFTWARE\wow6432Node | Run : [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe HKLM\SOFTWARE\wow6432Node | Run : [MDS_Menu] - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" HKLM\SOFTWARE\wow6432Node | Run : [ArcadeMovieService] - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" HKLM\SOFTWARE\wow6432Node | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" 196609 HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2321249593-2777871323-1087615088-1001\SOFTWARE | Run : [msnmsgr] - ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{f4688339-5adc-11e1-a86a-1078d29e0203} Shell\AutoRun\Command = F:\Startme.exe ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.net |