############################## | UsbFix V 7.162 | [Recherche] Utilisateur: guessas amar (Administrateur) # MY-PC Mis à jour le 27/01/2014 par El Desaparecido - Team SosVirus Lancé à 23:28:14 | 30/01/2014 Site Web : http://www.usbfix.net Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/ Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: ASUSTeK Computer INC. (P5KPL-AM SE) CPU: Processeur Intel Pentium III Xeon RAM -> [Total : 1014 Mo| Free : 404 Mo] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3 WB: Windows Internet Explorer : 8.0.6001.18702 WB: Mozilla Firefox : 26.0 SC: Security Center [Enabled] WU: Windows Update [Enabled] FW: Windows FireWall [Enabled] C:\ (%systemdrive%) -> Disque fixe # 66 Go (15 Go libre(s) - 23%) [] # NTFS D:\ -> Disque fixe # 100 Go (74 Go libre(s) - 74%) [] # NTFS E:\ -> Disque fixe # 100 Go (98 Go libre(s) - 98%) [] # NTFS F:\ -> Disque fixe # 200 Go (190 Go libre(s) - 95%) [] # NTFS G:\ -> Disque amovible # 8 Go (25 Mo libre(s) - 0%) [ADATA UFD] # FAT32 H:\ -> Disque fixe # 20 Go (345 Mo libre(s) - 2%) [System] # NTFS I:\ -> Disque fixe # 20 Go (5 Go libre(s) - 25%) [Programme] # NTFS J:\ -> Disque fixe # 20 Go (2 Go libre(s) - 12%) [Barmaja] # NTFS K:\ -> Disque fixe # 16 Go (5 Go libre(s) - 32%) [Download] # NTFS L:\ -> CD-ROM ################## | Processus Actif | C:\WINDOWS\System32\smss.exe (ID: 1072 |ParentID: 4) C:\WINDOWS\system32\winlogon.exe (ID: 1188 |ParentID: 1072) C:\WINDOWS\system32\services.exe (ID: 1232 |ParentID: 1188) C:\WINDOWS\system32\lsass.exe (ID: 1244 |ParentID: 1188) C:\WINDOWS\system32\svchost.exe (ID: 1408 |ParentID: 1232) C:\WINDOWS\System32\svchost.exe (ID: 1536 |ParentID: 1232) C:\WINDOWS\system32\spoolsv.exe (ID: 1844 |ParentID: 1232) d:\AppServ\Apache2.2\bin\httpd.exe (ID: 1948 |ParentID: 1232) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 1968 |ParentID: 1232) C:\WINDOWS\system32\inetsrv\inetinfo.exe (ID: 276 |ParentID: 1232) C:\Program Files\Java\jre6\bin\jqs.exe (ID: 296 |ParentID: 1232) d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 388 |ParentID: 1232) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 772 |ParentID: 1968) d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 780 |ParentID: 1232) d:\AppServ\MySQL\bin\mysqld-nt.exe (ID: 940 |ParentID: 1232) C:\WINDOWS\system32\svchost.exe (ID: 1024 |ParentID: 1232) D:\AppServ\Apache2.2\bin\httpd.exe (ID: 2072 |ParentID: 1948) d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 3180 |ParentID: 780) C:\WINDOWS\system32\wscntfy.exe (ID: 2712 |ParentID: 1536) C:\WINDOWS\Explorer.EXE (ID: 360 |ParentID: 2628) C:\WINDOWS\RTHDCPL.EXE (ID: 3344 |ParentID: 360) C:\WINDOWS\system32\igfxtray.exe (ID: 3368 |ParentID: 360) C:\WINDOWS\system32\hkcmd.exe (ID: 3424 |ParentID: 360) C:\WINDOWS\system32\igfxpers.exe (ID: 3524 |ParentID: 360) D:\Program Files\Unlocker\UnlockerAssistant.exe (ID: 1364 |ParentID: 360) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (ID: 980 |ParentID: 360) C:\Program Files\Real\RealPlayer\update\realsched.exe (ID: 2592 |ParentID: 360) C:\WINDOWS\system32\ctfmon.exe (ID: 2496 |ParentID: 360) C:\WINDOWS\system32\igfxsrvc.exe (ID: 2736 |ParentID: 1408) D:\Vista Inspirat 2\RocketDock\RocketDock.exe (ID: 3888 |ParentID: 360) C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe (ID: 2372 |ParentID: 360) C:\Program Files\Internet Explorer\iexplore.exe (ID: 3864 |ParentID: 360) C:\Program Files\Internet Explorer\iexplore.exe (ID: 3420 |ParentID: 3864) C:\Program Files\Internet Explorer\iexplore.exe (ID: 1776 |ParentID: 3864) C:\WINDOWS\system32\notepad.exe (ID: 3924 |ParentID: 360) C:\Program Files\Internet Explorer\iexplore.exe (ID: 1688 |ParentID: 3864) C:\Program Files\Internet Explorer\iexplore.exe (ID: 1128 |ParentID: 3864) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (ID: 2464 |ParentID: 360) D:\Program Files\Notepad++\notepad++.exe (ID: 1792 |ParentID: 4084) C:\Program Files\Internet Explorer\iexplore.exe (ID: 536 |ParentID: 3864) C:\Program Files\Internet Explorer\iexplore.exe (ID: 3628 |ParentID: 3864) D:\Program Files\Internet Download Manager\IDMan.exe (ID: 1416 |ParentID: 1408) F:\Téléchargements\Programmes\SoftonicDownloader_pour_avira-free-antivirus.exe (ID: 4264 |ParentID: 1416) C:\Program Files\Internet Explorer\iexplore.exe (ID: 5032 |ParentID: 3864) ################## | Regedit Run | 04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 04 - HKCU\..\Run : [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot 04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE 04 - HKLM\..\Run : [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe 04 - HKLM\..\Run : [Persistence] C:\WINDOWS\system32\igfxpers.exe 04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 04 - HKLM\..\Run : [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe 04 - HKLM\..\Run : [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 04 - HKLM\..\Run : [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC 04 - HKLM\..\Run : [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC 04 - HKLM\..\Run : [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName 04 - HKLM\..\Run : [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" 04 - HKLM\..\Run : [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" 04 - HKLM\..\Run : [USB Security] d:\Program Files\USB Disk Security\USBGuard.exe 04 - HKLM\..\Run : [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot 04 - HKLM\..\Run : [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime 04 - HKLM\..\Run : [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 04 - HKLM\..\RunOnce : [] 04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : [] 04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : [] 04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE 04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE 04 - HKU\S-1-5-21-448539723-746137067-1801674531-1003\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 04 - HKU\S-1-5-21-448539723-746137067-1801674531-1003\..\Run : [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot 04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE ################## | Recherche générique | ################## | Registre | ################## | Vaccin | H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) I:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) J:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) K:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |