############################## | UsbFix V 7.141 | [Recherche] Utilisateur: Mian (Administrateur) # MIAN-PC Mis à jour le 30/09/2013 par El Desaparecido - Team SosVirus Lancé à 21:53:27 | 01/10/2013 Site Web: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: ASUSTeK Computer Inc. (K52Jc) CPU: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz RAM -> [Total : 3884 | Free : 1449] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16686 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 116 Go (34 Go libre(s) - 29%) [OS] # NTFS D:\ -> Disque fixe # 330 Go (257 Go libre(s) - 78%) [DATA] # NTFS E:\ -> CD-ROM G:\ -> Disque amovible # 15 Go (13 Go libre(s) - 84%) [MIAN16] # FAT32 ################## | Processus Actif | C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (ID 420 |ParentID 404) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (ID 468 |ParentID 420) C:\Windows\system32\csrss.exe (ID 740 |ParentID 732) C:\Windows\system32\wininit.exe (ID 804 |ParentID 732) C:\Windows\system32\csrss.exe (ID 828 |ParentID 816) C:\Windows\system32\services.exe (ID 876 |ParentID 804) C:\Windows\system32\lsass.exe (ID 884 |ParentID 804) C:\Windows\system32\lsm.exe (ID 892 |ParentID 804) C:\Windows\system32\winlogon.exe (ID 988 |ParentID 816) C:\Windows\system32\svchost.exe (ID 128 |ParentID 876) C:\Windows\system32\nvvsvc.exe (ID 748 |ParentID 876) C:\Windows\system32\svchost.exe (ID 832 |ParentID 876) C:\Windows\System32\svchost.exe (ID 1072 |ParentID 876) C:\Windows\System32\svchost.exe (ID 1112 |ParentID 876) C:\Windows\system32\svchost.exe (ID 1164 |ParentID 876) C:\Windows\system32\svchost.exe (ID 1200 |ParentID 876) C:\Windows\system32\svchost.exe (ID 1380 |ParentID 876) C:\Windows\system32\FBAgent.exe (ID 1456 |ParentID 876) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID 1480 |ParentID 876) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID 1532 |ParentID 876) C:\Windows\System32\spoolsv.exe (ID 1600 |ParentID 876) C:\Windows\system32\nvvsvc.exe (ID 1736 |ParentID 748) C:\Windows\system32\svchost.exe (ID 1792 |ParentID 876) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1932 |ParentID 876) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 1956 |ParentID 876) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (ID 1984 |ParentID 876) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID 2020 |ParentID 876) C:\Program Files\Bonjour\mDNSResponder.exe (ID 1060 |ParentID 876) C:\Windows\system32\svchost.exe (ID 1360 |ParentID 876) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 1780 |ParentID 876) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID 2144 |ParentID 876) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID 2620 |ParentID 876) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 2724 |ParentID 876) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (ID 2928 |ParentID 2020) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (ID 2940 |ParentID 2020) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe (ID 3100 |ParentID 876) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3128 |ParentID 876) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe (ID 3188 |ParentID 3100) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3196 |ParentID 3128) C:\Windows\system32\conhost.exe (ID 3248 |ParentID 740) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID 3292 |ParentID 876) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID 3792 |ParentID 876) C:\Windows\system32\SearchIndexer.exe (ID 3872 |ParentID 876) C:\Windows\system32\svchost.exe (ID 4136 |ParentID 876) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID 4592 |ParentID 876) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 4244 |ParentID 876) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 256 |ParentID 876) C:\Windows\system32\taskhost.exe (ID 1844 |ParentID 876) C:\Windows\system32\Dwm.exe (ID 1224 |ParentID 1112) C:\Windows\system32\taskeng.exe (ID 3336 |ParentID 1200) C:\Windows\Explorer.EXE (ID 3424 |ParentID 2360) D:\PPS.tv\PPStream\PPSProtect.exe (ID 3384 |ParentID 3336) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID 3084 |ParentID 3336) C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID 4080 |ParentID 3336) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe (ID 4356 |ParentID 3336) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID 3220 |ParentID 3336) C:\Program Files\P4G\BatteryLife.exe (ID 4020 |ParentID 3336) C:\Program Files\Elantech\ETDCtrl.exe (ID 3076 |ParentID 3424) C:\Windows\System32\igfxtray.exe (ID 2480 |ParentID 3424) C:\Windows\System32\hkcmd.exe (ID 4852 |ParentID 3424) C:\Windows\System32\igfxpers.exe (ID 1396 |ParentID 3424) C:\Users\Mian\AppData\Local\Facebook\Update\FacebookUpdate.exe (ID 4440 |ParentID 3424) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ID 3364 |ParentID 1456) C:\Program Files (x86)\Skype\Phone\Skype.exe (ID 5036 |ParentID 3424) D:\PPS.tv\PPStream\PPSKernel.exe (ID 1832 |ParentID 3424) C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe (ID 4520 |ParentID 3424) C:\Program Files\Windows Sidebar\sidebar.exe (ID 2628 |ParentID 3424) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (ID 3756 |ParentID 3424) C:\Users\Mian\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID 5148 |ParentID 3424) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID 5188 |ParentID 4472) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID 5380 |ParentID 4472) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID 5400 |ParentID 4472) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (ID 5460 |ParentID 4472) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID 5496 |ParentID 876) C:\Windows\system32\wbem\wmiprvse.exe (ID 5636 |ParentID 128) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID 5680 |ParentID 4472) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID 5688 |ParentID 4472) C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 5704 |ParentID 4472) C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (ID 5776 |ParentID 4472) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID 5808 |ParentID 1480) C:\Windows\AsScrPro.exe (ID 5816 |ParentID 1456) C:\Windows\system32\wbem\wmiprvse.exe (ID 5924 |ParentID 128) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID 6136 |ParentID 5808) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID 2748 |ParentID 1456) C:\Program Files\iPod\bin\iPodService.exe (ID 4000 |ParentID 876) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID 6508 |ParentID 5808) C:\Windows\System32\svchost.exe (ID 7244 |ParentID 876) C:\Program Files\Elantech\ETDCtrlHelper.exe (ID 7512 |ParentID 3076) C:\Windows\system32\DllHost.exe (ID 4436 |ParentID 128) C:\Windows\SysWOW64\ACEngSvr.exe (ID 7080 |ParentID 128) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ID 8000 |ParentID 3336) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 7324 |ParentID 876) C:\Windows\System32\wscript.exe (ID 6320 |ParentID 6532) C:\Windows\system32\svchost.exe (ID 7052 |ParentID 876) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ID 8308 |ParentID 5688) C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 5140 |ParentID 3424) C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 1928 |ParentID 5140) C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 3492 |ParentID 5140) C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6972 |ParentID 5140) C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 9156 |ParentID 5140) C:\Windows\System32\WUDFHost.exe (ID 5028 |ParentID 1112) C:\Windows\system32\taskeng.exe (ID 4824 |ParentID 1200) C:\UsbFix\Go.exe (ID 3024 |ParentID 8604) ################## | Regedit Run | HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE HKLM\SOFTWARE | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe" HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE\wow6432Node | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE HKLM\SOFTWARE\wow6432Node | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe HKU\S-1-5-21-874336220-1330978730-1593934170-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-874336220-1330978730-1593934170-1000\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe HKU\S-1-5-21-874336220-1330978730-1593934170-1000_Classes\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Facebook Update] - "C:\Users\Mian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Google Update] - "C:\Users\Mian\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [VoipBuster] - "C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [AVG-Secure-Search-Update_0913b] - C:\Users\Mian\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a14b6227502547d1af7cf18676b9070c-7cc5fdae1d66b3e44ecd46081277aacea3fcae8e --CMPID 0913b HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [1L8prJDN] - wscript.exe //B "C:\Users\Mian\AppData\Local\Temp\1L8prJDN.vbs" HKU\S-1-5-21-874336220-1330978730-1593934170-1002_Classes\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe HKU\S-1-5-18\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-21-874336220-1330978730-1593934170-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Éléments infectieux | Présent! G:\1L8prJDN.vbs Présent! C:\Users\Mian\AppData\Local\Temp\1L8prJDN.vbs Présent! C:\Users\Mian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1L8prJDN.vbs Présent! G:\Biomed 1ere master.lnk Présent! G:\Photos.lnk Présent! G:\.lnk Présent! G:\A7KGEquN.lnk Présent! G:\.Trashes.lnk Présent! G:\.Spotlight-V100.lnk Présent! C:\Users\Mian\AppData\Local\dt.dat Présent! C:\desktop.ini Présent! G:\A7KGEquN.vbs ################## | Registre | Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1L8prJDN Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1L8prJDN Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1L8prJDN HKCU\.\.\.\.\Explorer\MountPoints2\{89ff0ec3-ec8c-11e1-8c87-20cf305deeff} Shell\AutoRun\Command = F:\iPadTV.exe HKCU\.\.\.\.\Explorer\MountPoints2\{bfecb25e-ac9e-11e1-8c53-20cf305deeff} Shell\AutoRun\Command = F:\iStudio.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |