############################## | UsbFix V 7.142 | [Recherche]

Utilisateur: Maryvonne (Administrateur) # MARYVONNE-PC
Mis à jour le 02/10/2013 par El Desaparecido - Team SosVirus
Lancé à 22:45:40 | 03/10/2013

Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: eMachines (WMCP61M)
CPU: AMD Athlon(tm) Dual Core Processor 5050e  
RAM -> [Total : 3838 | Free : 1849]
Bios: Phoenix Technologies, LTD
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium Maximum Security [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 583 Go (454 Go libre(s) - 78%) [eMachines] # NTFS
D:\ -> CD-ROM
G:\ -> Disque fixe # 466 Go (239 Go libre(s) - 51%) [MEMUP 500GB] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID 500 |ParentID 492)
C:\Windows\system32\wininit.exe (ID 552 |ParentID 492)
C:\Windows\system32\csrss.exe (ID 580 |ParentID 568)
C:\Windows\system32\winlogon.exe (ID 628 |ParentID 568)
C:\Windows\system32\services.exe (ID 668 |ParentID 552)
C:\Windows\system32\lsass.exe (ID 676 |ParentID 552)
C:\Windows\system32\lsm.exe (ID 684 |ParentID 552)
C:\Windows\system32\svchost.exe (ID 792 |ParentID 668)
C:\Windows\system32\nvvsvc.exe (ID 852 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 892 |ParentID 668)
C:\Windows\System32\svchost.exe (ID 956 |ParentID 668)
C:\Windows\System32\svchost.exe (ID 112 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 512 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 568 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 1132 |ParentID 668)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1244 |ParentID 852)
C:\Windows\system32\nvvsvc.exe (ID 1252 |ParentID 852)
C:\Windows\System32\spoolsv.exe (ID 1416 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 1444 |ParentID 668)
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (ID 1528 |ParentID 668)
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (ID 1616 |ParentID 668)
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (ID 1624 |ParentID 1528)
C:\Windows\system32\conhost.exe (ID 1632 |ParentID 500)
C:\Windows\system32\taskhost.exe (ID 1660 |ParentID 668)
C:\Windows\system32\taskeng.exe (ID 1768 |ParentID 568)
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (ID 1864 |ParentID 1528)
C:\Windows\system32\conhost.exe (ID 1892 |ParentID 500)
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ID 1936 |ParentID 668)
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (ID 1972 |ParentID 1864)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID 1464 |ParentID 1768)
C:\Windows\system32\taskeng.exe (ID 1504 |ParentID 568)
C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe (ID 1896 |ParentID 668)
C:\Windows\system32\taskeng.exe (ID 2060 |ParentID 568)
C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe (ID 2140 |ParentID 2060)
C:\Users\Maryvonne\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (ID 2148 |ParentID 2060)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (ID 2208 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 2236 |ParentID 668)
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (ID 2308 |ParentID 668)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 2504 |ParentID 668)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID 2532 |ParentID 668)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID 2592 |ParentID 2532)
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 2632 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 2672 |ParentID 668)
C:\Windows\system32\svchost.exe (ID 2760 |ParentID 668)
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (ID 2812 |ParentID 668)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2856 |ParentID 668)
C:\Windows\system32\EscSvc64.exe (ID 2880 |ParentID 668)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (ID 2912 |ParentID 668)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (ID 2948 |ParentID 668)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3004 |ParentID 2856)
C:\Windows\system32\svchost.exe (ID 3076 |ParentID 668)
C:\Windows\system32\SearchIndexer.exe (ID 3244 |ParentID 668)
C:\Windows\system32\SearchProtocolHost.exe (ID 3776 |ParentID 3244)
C:\Windows\system32\Dwm.exe (ID 3608 |ParentID 112)
C:\Windows\Explorer.EXE (ID 3728 |ParentID 3276)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 3288 |ParentID 3728)
C:\Windows\Philips\SPC220NC\Monitor.exe (ID 3308 |ParentID 3728)
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (ID 3208 |ParentID 3728)
C:\Program Files\Windows Sidebar\sidebar.exe (ID 3724 |ParentID 3728)
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (ID 4052 |ParentID 1624)
C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE (ID 4016 |ParentID 3728)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID 2384 |ParentID 1244)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 4108 |ParentID 668)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4308 |ParentID 792)
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (ID 5008 |ParentID 3728)
C:\Program Files\WinZip\zipsendservice.exe (ID 4604 |ParentID 792)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID 864 |ParentID 668)
C:\Program Files\Internet Explorer\iexplore.exe (ID 2428 |ParentID 5008)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID 240 |ParentID 2428)
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe (ID 5460 |ParentID 792)
C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OL\TMAS_OL.exe (ID 5396 |ParentID 5008)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID 1064 |ParentID 2428)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (ID 3920 |ParentID 668)
C:\Windows\system32\sppsvc.exe (ID 5852 |ParentID 668)
C:\Windows\system32\wbem\wmiprvse.exe (ID 468 |ParentID 792)
C:\Windows\system32\SearchProtocolHost.exe (ID 5216 |ParentID 3244)
C:\Windows\system32\SearchFilterHost.exe (ID 5768 |ParentID 3244)
C:\Windows\sysWow64\SearchProtocolHost.exe (ID 3644 |ParentID 3244)
C:\Windows\servicing\TrustedInstaller.exe (ID 6080 |ParentID 668)
C:\UsbFix\Go.exe (ID 5140 |ParentID 2012)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3475292997-3782416986-4134328322-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3475292997-3782416986-4134328322-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\Maryvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-3475292997-3782416986-4134328322-1001\SOFTWARE | Run : [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-402 403 405 406 Series" /EF "HKCU"
HKU\S-1-5-21-3475292997-3782416986-4134328322-1001\SOFTWARE | Run : [OrangeInside] - C:\Users\Maryvonne\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
HKU\S-1-5-21-3475292997-3782416986-4134328322-1003\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-3475292997-3782416986-4134328322-1003\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-3475292997-3782416986-4134328322-1003\SOFTWARE | RunOnce : [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default

################## | Éléments infectieux |


################## | Registre |

HKCU\.\.\.\.\Explorer\MountPoints2\{fc6f5473-e7fe-11e2-92ca-00262d15732e}
Shell\AutoRun\Command = E:\AutoRunCardDetector.exe



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |