############################## | UsbFix V 7.165 | [Recherche] Utilisateur: fredyo (Administrateur) # PC-DE-FREDYO Mis à jour le 20/02/2014 par El Desaparecido - Team SosVirus Lancé à 22:25:59 | 20/02/2014 Site Web : http://www.usbfix.net/ Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/ Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: SAMSUNG ELECTRONICS CO., LTD. (R520/R522/R620 ) CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz RAM -> [Total : 3036 Mo| Free : 1059 Mo] Bios: Phoenix Technologies Ltd. Boot: Normal boot OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2 WB: Windows Internet Explorer : 9.0.8112.16421 WB: Google Chrome : 32.0.1700.107 WB: Mozilla Firefox : 20.0.1 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Microsoft Security Essentials [Enabled | Updated] AS: Windows Defender [(!) Disabled | Updated] AS: Microsoft Security Essentials [Enabled | Updated] FW: Windows FireWall [Enabled] AS: Malwarebytes' Anti-Malware : 1.75.0001 C:\ (%systemdrive%) -> Disque fixe # 142 Go (59 Go libre(s) - 41%) [] # NTFS D:\ -> Disque fixe # 143 Go (57 Go libre(s) - 40%) [] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 961 Mo (584 Mo libre(s) - 61%) [ASCE] # FAT H:\ -> Disque amovible # 15 Go (15 Go libre(s) - 97%) [DATABAR] # FAT32 ################## | Processus Actif | C:\Windows\system32\csrss.exe (ID: 560 |ParentID: 548) C:\Windows\system32\wininit.exe (ID: 624 |ParentID: 548) C:\Windows\system32\csrss.exe (ID: 636 |ParentID: 616) C:\Windows\system32\services.exe (ID: 672 |ParentID: 624) C:\Windows\system32\lsass.exe (ID: 688 |ParentID: 624) C:\Windows\system32\lsm.exe (ID: 696 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 836 |ParentID: 672) C:\Windows\system32\winlogon.exe (ID: 872 |ParentID: 616) C:\Windows\system32\svchost.exe (ID: 940 |ParentID: 672) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 976 |ParentID: 672) C:\Windows\system32\Ati2evxx.exe (ID: 1156 |ParentID: 672) C:\Windows\System32\svchost.exe (ID: 1172 |ParentID: 672) C:\Windows\System32\svchost.exe (ID: 1208 |ParentID: 672) C:\Windows\system32\svchost.exe (ID: 1228 |ParentID: 672) C:\Windows\system32\svchost.exe (ID: 1324 |ParentID: 672) C:\Windows\system32\SLsvc.exe (ID: 1340 |ParentID: 672) C:\Windows\system32\svchost.exe (ID: 1376 |ParentID: 672) C:\Windows\system32\svchost.exe (ID: 1524 |ParentID: 672) C:\Windows\system32\Ati2evxx.exe (ID: 1628 |ParentID: 1156) C:\Windows\System32\svchost.exe (ID: 1656 |ParentID: 672) C:\Windows\System32\spoolsv.exe (ID: 1876 |ParentID: 672) C:\Windows\system32\taskeng.exe (ID: 1884 |ParentID: 1228) C:\Windows\system32\svchost.exe (ID: 1916 |ParentID: 672) C:\Windows\system32\Dwm.exe (ID: 392 |ParentID: 1208) C:\Windows\system32\taskeng.exe (ID: 424 |ParentID: 1228) C:\Windows\system32\taskeng.exe (ID: 12 |ParentID: 1228) C:\Windows\Explorer.EXE (ID: 548 |ParentID: 364) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (ID: 1044 |ParentID: 12) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (ID: 568 |ParentID: 12) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (ID: 2068 |ParentID: 12) C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe (ID: 2092 |ParentID: 12) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2284 |ParentID: 672) C:\Windows\system32\agrsmsvc.exe (ID: 2320 |ParentID: 672) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2332 |ParentID: 672) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (ID: 2360 |ParentID: 672) C:\Windows\system32\svchost.exe (ID: 2372 |ParentID: 672) C:\Program Files\Orange\Assistance Livebox\dedicarz\DedicarzService.exe (ID: 2428 |ParentID: 672) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe (ID: 2456 |ParentID: 672) C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE (ID: 2472 |ParentID: 672) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE (ID: 2516 |ParentID: 2456) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (ID: 2676 |ParentID: 672) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (ID: 2800 |ParentID: 672) C:\Windows\system32\svchost.exe (ID: 2916 |ParentID: 672) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (ID: 2928 |ParentID: 672) C:\Program Files\Serveur Media\twonkymediaserverwatchdog.exe (ID: 2984 |ParentID: 672) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (ID: 3004 |ParentID: 672) C:\Program Files\Serveur Media\TwonkyMediaServer.exe (ID: 3048 |ParentID: 2984) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 3100 |ParentID: 672) C:\Windows\System32\svchost.exe (ID: 3140 |ParentID: 672) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3208 |ParentID: 672) C:\Windows\system32\SearchIndexer.exe (ID: 3340 |ParentID: 672) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3408 |ParentID: 3208) C:\Program Files\Orange\Assistance Livebox\dist\ST2.exe (ID: 3840 |ParentID: 2092) C:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 3060 |ParentID: 672) C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe (ID: 4044 |ParentID: 2516) C:\Program Files\Microsoft Security Client\msseces.exe (ID: 3068 |ParentID: 548) C:\Windows\System32\wpcumi.exe (ID: 552 |ParentID: 548) C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe (ID: 1032 |ParentID: 548) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 3884 |ParentID: 548) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 1320 |ParentID: 548) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (ID: 4088 |ParentID: 548) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (ID: 1924 |ParentID: 548) C:\Program Files\DivX\DivX Update\DivXUpdate.exe (ID: 4292 |ParentID: 548) C:\Windows\ehome\ehtray.exe (ID: 4332 |ParentID: 548) C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 4368 |ParentID: 548) C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (ID: 4512 |ParentID: 548) C:\Program Files\Samsung\Kies\Kies.exe (ID: 4532 |ParentID: 548) C:\Windows\System32\wscript.exe (ID: 4548 |ParentID: 548) C:\Program Files\Orange HSS\Launcher\Launcher.exe (ID: 4564 |ParentID: 548) C:\Windows\system32\svchost.exe (ID: 5044 |ParentID: 672) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5332 |ParentID: 672) C:\Program Files\Google\Update\GoogleUpdate.exe (ID: 5612 |ParentID: 5576) C:\Windows\ehome\ehmsas.exe (ID: 5672 |ParentID: 836) C:\Program Files\Orange\Antivirus Firewall\Common\FSLAUNCH.EXE (ID: 1812 |ParentID: 2780) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (ID: 4376 |ParentID: 1924) C:\Windows\system32\wbem\wmiprvse.exe (ID: 4972 |ParentID: 836) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (ID: 5172 |ParentID: 4216) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (ID: 6032 |ParentID: 836) C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe (ID: 4472 |ParentID: 4564) C:\Program Files\Orange HSS\systray\systrayapp.exe (ID: 3768 |ParentID: 4564) C:\Program Files\Orange HSS\Deskboard\deskboard.exe (ID: 4004 |ParentID: 4564) C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe (ID: 4028 |ParentID: 4472) C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe (ID: 4816 |ParentID: 4028) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe (ID: 3692 |ParentID: 836) C:\Windows\system32\DllHost.exe (ID: 5136 |ParentID: 836) C:\Windows\system32\SearchProtocolHost.exe (ID: 4252 |ParentID: 3340) C:\Windows\system32\wbem\wmiprvse.exe (ID: 5440 |ParentID: 836) C:\Program Files\Internet Explorer\iexplore.exe (ID: 5740 |ParentID: 4564) C:\Program Files\Internet Explorer\iexplore.exe (ID: 6084 |ParentID: 5740) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (ID: 6068 |ParentID: 6084) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe (ID: 3784 |ParentID: 836) C:\Program Files\Internet Explorer\iexplore.exe (ID: 6040 |ParentID: 5740) C:\Windows\system32\taskeng.exe (ID: 4696 |ParentID: 1228) C:\Program Files\Free Download Manager\fdm.exe (ID: 5608 |ParentID: 836) C:\Windows\system32\SearchFilterHost.exe (ID: 4880 |ParentID: 3340) C:\Windows\System32\WUDFHost.exe (ID: 316 |ParentID: 1208) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (ID: 4448 |ParentID: 4720) C:\Windows\system32\msfeedssync.exe (ID: 5028 |ParentID: 424) ################## | Regedit Run | 04 - HKCU\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe 04 - HKCU\..\Run : [orangeinside] C:\Users\fredyo\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 04 - HKCU\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 04 - HKCU\..\Run : [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun 04 - HKCU\..\Run : [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload 04 - HKCU\..\Run : [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 04 - HKCU\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\fredyo\AppData\Local\Temp\SURVIVAL.vbe" 04 - HKCU\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe 04 - HKCU\..\RunOnce : [Application Restart #5] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end -- http://ads.regiedepub.com/cgi-bin/advert/getads?x_dp_id=192&ustate=0&x_src_=7BmZOCXRrJcqqHenQsNDhVdGgeZPPFYzlHoefDD%2FxRQr0ZV%2Fh7L%2FQScC2msA2CshBTEwGZLAF7qZZotPM41HPOifiDTazI%2FYugMsr5K38B4Wt7cO0jI4Sem7aOSWpo85uSHPi1aFoq4jpoMGQLlh5YWwQhHmywa6bGDUPvL3US5QZjQD0T%2BRDMeo0O0aL%2BMnQJOXkXCThJx7MftpTEtbVW0wrxGzyC2QR%2Fbt1lX8ZJjsmobV0k8qk7KAFRT4olw5x8sAgsyiz78aItGGFmScdjHB11KEVQ%2Fo2n4WB0ZCxnukl5laMp5pF3QSArRMPCGrAQ8wcUtbPHBE7QbjITGT5tQgc14JJFNysRD6FXZkfx6R1K%2B5qYCPsCtJ8%2FBiR%2Fc1c1aUyuwfJUHmMoKtZp2bV9i7pmVhOLZLKAHAsPpGpkY%3D --restore-last-session 04 - HKLM\..\Run : [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey 04 - HKLM\..\Run : [WPCUMI] C:\Windows\system32\WpcUmi.exe 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" 04 - HKLM\..\Run : [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun 04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime 04 - HKLM\..\Run : [F-Secure TNB] "C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW 04 - HKLM\..\Run : [F-Secure Manager] "C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash 04 - HKLM\..\Run : [tuto4pc_fr_30] 04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" 04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe 04 - HKLM\..\Run : [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN 04 - HKLM\..\Run : [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun 04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW 04 - HKLM\..\Run : [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe 04 - HKLM\..\RunOnce : [] 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem 04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem 04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [orangeinside] C:\Users\fredyo\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\fredyo\AppData\Local\Temp\SURVIVAL.vbe" 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe 04 - HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\..\RunOnce : [Application Restart #5] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end -- http://ads.regiedepub.com/cgi-bin/advert/getads?x_dp_id=192&ustate=0&x_src_=7BmZOCXRrJcqqHenQsNDhVdGgeZPPFYzlHoefDD%2FxRQr0ZV%2Fh7L%2FQScC2msA2CshBTEwGZLAF7qZZotPM41HPOifiDTazI%2FYugMsr5K38B4Wt7cO0jI4Sem7aOSWpo85uSHPi1aFoq4jpoMGQLlh5YWwQhHmywa6bGDUPvL3US5QZjQD0T%2BRDMeo0O0aL%2BMnQJOXkXCThJx7MftpTEtbVW0wrxGzyC2QR%2Fbt1lX8ZJjsmobV0k8qk7KAFRT4olw5x8sAgsyiz78aItGGFmScdjHB11KEVQ%2Fo2n4WB0ZCxnukl5laMp5pF3QSArRMPCGrAQ8wcUtbPHBE7QbjITGT5tQgc14JJFNysRD6FXZkfx6R1K%2B5qYCPsCtJ8%2FBiR%2Fc1c1aUyuwfJUHmMoKtZp2bV9i7pmVhOLZLKAHAsPpGpkY%3D --restore-last-session ################## | Recherche générique | Présent! C:\Users\fredyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe Présent! C:\Users\fredyo\AppData\Local\Temp\SURVIVAL.vbe Présent! F:\SURVIVAL.vbe Présent! H:\SURVIVAL.vbe Présent! C:\Users\fredyo\dxdllreg.exe Présent! C:\Users\fredyo\DXSETUP.exe Présent! C:\Users\fredyo\setup.exe Présent! F:\REGLEMENTATION BNSSA 25 12 2013.lnk Présent! F:\comptes amss.lnk Présent! F:\lettres.lnk Présent! H:\The.lnk Présent! C:\Users\Public\sdelevURL.tmp ################## | Registre | Présent! HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL Présent! HKU\S-1-5-21-1228387082-1587413325-2831801477-1003\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL ################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |