############################## | UsbFix V 7.169 | [Recherche] Utilisateur: alain (Administrateur) # ALAIN-HP Mis à jour le 31/03/2014 par El Desaparecido - Team SosVirus Lancé à 22:46:56 | 05/04/2014 Site Web : http://www.usbfix.net/ Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/forum-virus-securite.html Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: Hewlett-Packard (1661) CPU: AMD Phenom(tm) II P960 Quad-Core Processor RAM -> [Total : 3835 Mo| Free : 1952 Mo] Bios: Insyde Boot: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1 WB: Windows Internet Explorer : 11.0.9600.16521 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Norton Internet Security [(!) Disabled | (!) Outdated] AS: Windows Defender [Enabled | Updated] AS: Norton Internet Security [(!) Disabled | (!) Outdated] FW: Norton Internet Security [(!) Disabled] FW: Windows FireWall [(!) Disabled] C:\ (%systemdrive%) -> Disque fixe # 451 Go (345 Go libre(s) - 76%) [] # NTFS D:\ -> Disque fixe # 14 Go (130 Mo libre(s) - 1%) [RECOVERY] # NTFS E:\ -> CD-ROM F:\ -> Disque fixe # 99 Mo (89 Mo libre(s) - 90%) [HP_TOOLS] # FAT32 G:\ -> Disque amovible # 4 Go (2 Go libre(s) - 62%) [Lexar] # FAT32 ################## | Processus Actif | C:\Windows\system32\csrss.exe (ID: 424 |ParentID: 408) C:\Windows\system32\wininit.exe (ID: 524 |ParentID: 408) C:\Windows\system32\csrss.exe (ID: 548 |ParentID: 536) C:\Windows\system32\services.exe (ID: 592 |ParentID: 524) C:\Windows\system32\lsass.exe (ID: 600 |ParentID: 524) C:\Windows\system32\lsm.exe (ID: 608 |ParentID: 524) C:\Windows\system32\svchost.exe (ID: 708 |ParentID: 592) C:\Windows\system32\winlogon.exe (ID: 796 |ParentID: 536) C:\Windows\system32\svchost.exe (ID: 828 |ParentID: 592) C:\Windows\system32\atiesrxx.exe (ID: 888 |ParentID: 592) C:\Windows\System32\svchost.exe (ID: 956 |ParentID: 592) C:\Windows\System32\svchost.exe (ID: 992 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 120 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 324 |ParentID: 592) C:\Program Files\IDT\WDM\STacSV64.exe (ID: 416 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 1312 |ParentID: 592) C:\Windows\system32\atieclxx.exe (ID: 1320 |ParentID: 888) C:\Windows\system32\WLANExt.exe (ID: 1432 |ParentID: 992) C:\Windows\system32\conhost.exe (ID: 1440 |ParentID: 424) C:\Windows\System32\spoolsv.exe (ID: 1560 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 1592 |ParentID: 592) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (ID: 1680 |ParentID: 592) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1708 |ParentID: 592) C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1848 |ParentID: 592) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (ID: 1876 |ParentID: 592) C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID: 1936 |ParentID: 592) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (ID: 1168 |ParentID: 592) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 1288 |ParentID: 592) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 1612 |ParentID: 592) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID: 1780 |ParentID: 592) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID: 2136 |ParentID: 592) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 2168 |ParentID: 592) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2712 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 2740 |ParentID: 592) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2796 |ParentID: 592) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID: 2892 |ParentID: 592) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2924 |ParentID: 592) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2932 |ParentID: 2796) C:\Windows\system32\wbem\wmiprvse.exe (ID: 1820 |ParentID: 708) C:\Windows\system32\wbem\wmiprvse.exe (ID: 2196 |ParentID: 708) C:\Windows\system32\taskhost.exe (ID: 3508 |ParentID: 592) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 3540 |ParentID: 2168) C:\Windows\system32\taskeng.exe (ID: 3696 |ParentID: 324) C:\Windows\system32\Dwm.exe (ID: 3828 |ParentID: 992) C:\Windows\Explorer.EXE (ID: 3940 |ParentID: 3820) C:\PROGRA~2\Orange\ASSIST~1\ASSIST~1.EXE (ID: 3964 |ParentID: 3696) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 4000 |ParentID: 592) C:\Windows\System32\rundll32.exe (ID: 3256 |ParentID: 708) C:\Windows\system32\SearchIndexer.exe (ID: 4072 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 4112 |ParentID: 592) C:\PROGRA~2\Orange\ASSIST~1\dist\ST2.exe (ID: 4248 |ParentID: 3964) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 4952 |ParentID: 3940) C:\Program Files\IDT\WDM\sttray64.exe (ID: 4992 |ParentID: 3940) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (ID: 5024 |ParentID: 3940) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ID: 5064 |ParentID: 3940) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4776 |ParentID: 4952) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 4836 |ParentID: 5080) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4728 |ParentID: 5080) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 1084 |ParentID: 5080) C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4936 |ParentID: 5080) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 5200 |ParentID: 5080) C:\Program Files\iPod\bin\iPodService.exe (ID: 5236 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 5348 |ParentID: 592) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 5440 |ParentID: 592) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (ID: 5472 |ParentID: 5080) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 4520 |ParentID: 592) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (ID: 1728 |ParentID: 592) C:\Program Files (x86)\Nero\Update\NASvc.exe (ID: 1568 |ParentID: 592) C:\Windows\System32\svchost.exe (ID: 3568 |ParentID: 592) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (ID: 3936 |ParentID: 5000) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 2844 |ParentID: 592) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4896 |ParentID: 592) C:\Windows\system32\svchost.exe (ID: 1508 |ParentID: 592) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe (ID: 644 |ParentID: 592) C:\Program Files\Internet Explorer\iexplore.exe (ID: 6280 |ParentID: 3940) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 6412 |ParentID: 6280) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (ID: 1788 |ParentID: 6280) C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 6204 |ParentID: 708) C:\Windows\system32\taskhost.exe (ID: 5428 |ParentID: 592) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 2900 |ParentID: 6280) C:\Windows\System32\WUDFHost.exe (ID: 4704 |ParentID: 992) \\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 2392 |ParentID: 324) C:\Windows\system32\SearchProtocolHost.exe (ID: 3276 |ParentID: 4072) C:\Windows\system32\SearchFilterHost.exe (ID: 1028 |ParentID: 4072) ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] userinit.exe, F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKCU\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden 04 - HKCU\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" 04 - HKLM\..\Run : [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - HKLM\..\Run : [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc 04 - HKLM\..\Run : [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe 04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" 04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" 04 - HKLM\..\Run : [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe 04 - HKLM\..\Run : [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" 04 - HKLM\..\RunOnce : [] 04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe 04 - [x64] HKLM\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe 04 - [x64] HKLM\..\Run : [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden 04 - [x64] HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-21-3945258308-1706749784-157900744-1001\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden 04 - HKU\S-1-5-21-3945258308-1706749784-157900744-1001\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 04 - HKU\S-1-5-21-3945258308-1706749784-157900744-1001_Classes\..\Run : [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ################## | Recherche générique | ################## | Registre | Présent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1 Présent! HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1 ################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |