############################## | UsbFix V 7.145 | [Recherche] Utilisateur: Kh (Administrateur) # WORLDCRAFT Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus Lancé à 19:57:57 | 18/10/2013 Site Web: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: Intel (PLCSF8) CPU: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz RAM -> [Total : 3977 | Free : 1868] Bios: Insyde Corp. Boot: Normal boot OS: Microsoft Windows 8 (6.2.9200 64-Bit) # WB: Windows Internet Explorer 10.0.9200.16721 SC: Security Center Service [Enabled] WU: Windows Update Service [(!) Disabled] AV: avast! Antivirus [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 919 Go (832 Go libre(s) - 91%) [TI31065600A] # NTFS D:\ -> CD-ROM G:\ -> Disque amovible # 29 Go (29 Go libre(s) - 99%) [Lexar] # FAT32 ################## | Processus Actif | C:\windows\system32\csrss.exe (ID 616 |ParentID 600) C:\windows\system32\wininit.exe (ID 660 |ParentID 600) C:\windows\system32\services.exe (ID 760 |ParentID 660) C:\windows\system32\lsass.exe (ID 768 |ParentID 660) C:\windows\system32\svchost.exe (ID 872 |ParentID 760) C:\windows\system32\svchost.exe (ID 948 |ParentID 760) C:\windows\System32\svchost.exe (ID 1004 |ParentID 760) C:\windows\system32\svchost.exe (ID 304 |ParentID 760) C:\windows\system32\svchost.exe (ID 624 |ParentID 760) C:\windows\System32\svchost.exe (ID 1052 |ParentID 760) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (ID 1208 |ParentID 760) C:\windows\system32\svchost.exe (ID 1268 |ParentID 760) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID 1372 |ParentID 760) C:\windows\system32\WLANExt.exe (ID 1388 |ParentID 1052) C:\windows\system32\conhost.exe (ID 1404 |ParentID 1388) C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (ID 1556 |ParentID 760) C:\windows\System32\spoolsv.exe (ID 1704 |ParentID 760) C:\windows\system32\svchost.exe (ID 1776 |ParentID 760) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1876 |ParentID 760) C:\windows\system32\dashost.exe (ID 1928 |ParentID 1052) C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 2016 |ParentID 760) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID 1252 |ParentID 760) C:\windows\system32\svchost.exe (ID 1740 |ParentID 760) C:\Windows\system32\TODDSrv.exe (ID 1900 |ParentID 760) C:\Program Files\TOSHIBA\Teco\TecoService.exe (ID 2064 |ParentID 760) C:\windows\system32\svchost.exe (ID 2484 |ParentID 760) C:\windows\system32\wbem\wmiprvse.exe (ID 2428 |ParentID 872) C:\windows\System32\svchost.exe (ID 3244 |ParentID 760) C:\windows\system32\wbem\unsecapp.exe (ID 3416 |ParentID 872) C:\windows\system32\DllHost.exe (ID 4272 |ParentID 872) C:\windows\system32\SearchIndexer.exe (ID 4464 |ParentID 760) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID 1636 |ParentID 760) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 1760 |ParentID 760) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 3340 |ParentID 760) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 5472 |ParentID 760) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (ID 6140 |ParentID 760) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ID 3668 |ParentID 760) C:\windows\system32\csrss.exe (ID 6020 |ParentID 7948) C:\windows\System32\WinLogon.exe (ID 7972 |ParentID 7948) C:\windows\System32\dwm.exe (ID 7240 |ParentID 7972) C:\windows\system32\taskhostex.exe (ID 2720 |ParentID 760) C:\windows\Explorer.EXE (ID 1120 |ParentID 7784) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 6504 |ParentID 760) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 3008 |ParentID 1208) C:\Windows\System32\igfxtray.exe (ID 3704 |ParentID 1120) C:\Windows\System32\hkcmd.exe (ID 1544 |ParentID 1120) C:\Windows\System32\igfxpers.exe (ID 3812 |ParentID 1120) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 5764 |ParentID 6540) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 7756 |ParentID 1120) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (ID 2200 |ParentID 1120) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (ID 3192 |ParentID 1120) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (ID 4904 |ParentID 6376) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (ID 6864 |ParentID 1120) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3900 |ParentID 1120) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID 6396 |ParentID 3472) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4068 |ParentID 3472) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7348 |ParentID 3900) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8036 |ParentID 3900) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8124 |ParentID 3900) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4980 |ParentID 3900) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe (ID 7904 |ParentID 760) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6808 |ParentID 3900) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID 4824 |ParentID 4068) C:\Users\Kh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID 3732 |ParentID 4632) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID 7896 |ParentID 5888) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (ID 2596 |ParentID 5888) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (ID 8748 |ParentID 872) C:\Windows\System32\RuntimeBroker.exe (ID 668 |ParentID 872) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5688 |ParentID 3900) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5292 |ParentID 3900) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8908 |ParentID 3900) C:\Windows\System32\WUDFHost.exe (ID 5232 |ParentID 1052) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (ID 5324 |ParentID 1120) C:\windows\splwow64.exe (ID 8680 |ParentID 5324) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 932 |ParentID 3900) C:\windows\system32\taskeng.exe (ID 7468 |ParentID 304) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3448 |ParentID 3900) C:\UsbFix\Go.exe (ID 1896 |ParentID 8824) C:\windows\system32\wbem\wmiprvse.exe (ID 6940 |ParentID 872) C:\windows\SysWOW64\ctfmon.exe (ID 4928 |ParentID 6396) ################## | Regedit Run | HKLM\SOFTWARE | Run : [Intel AppUp(R) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 HKLM\SOFTWARE | Run : [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [Intel AppUp(R) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 HKLM\SOFTWARE\wow6432Node | Run : [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-21-517538292-3189266131-3522857453-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\Kh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" HKU\S-1-5-21-517538292-3189266131-3522857453-1001\SOFTWARE | Run : [GoogleChromeAutoLaunch_2C05E0445D62E9D567A52A92A84B0E46] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window ################## | Éléments infectieux | Présent! G:\-Personnel-.lnk ################## | Registre | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |