[b]############################## | UsbFix V 7.173 | [Recherche][/b]

Utilisateur: Oim (Administrateur) # URGO
Mis à jour le 04/07/2014 par El Desaparecido - SosVirus
Lancé à 20:01:26 | 06/07/2014

Site Web : [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Assistance : [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: SAMSUNG ELECTRONICS CO., LTD. (R519/R719) 
CPU: Pentium(R) Dual-Core CPU       T4300  @ 2.10GHz
GC: Mobile Intel(R) 4 Series Express Chipset Family
RAM -> [Total : 4029 Mo | Free : 1531 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428

[b]################## | Security Information |[/b]

AV: Microsoft Security Essentials [Actif |A jour]
AS: Windows Defender [[b](!) Désactivé[/b] |A jour]
AS: Microsoft Security Essentials [Actif |A jour]
AS: Malwarebytes Anti-Malware : 1.0.0.532
FW: Windows Firewall [[b](!) Désactivé[/b]]
SC: Security Center [Actif]
WU: Windows Update [Actif]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Disque fixe # 149 Go (28 Go libre(s) - 19%) [] # NTFS
E:\ -> Disque fixe # 298 Go (8 Go libre(s) - 3%) [[PERSO]] # NTFS
U:\ -> Disque fixe # 283 Go (90 Go libre(s) - 32%) [DISQUE 3615] # NTFS

[b]################## | Processus Actif |[/b]

C:\Windows\System32\smss.exe (ID: 312|ParentID: 4|Système)
C:\Windows\System32\wininit.exe (ID: 496|ParentID: 428)
C:\Windows\System32\services.exe (ID: 560|ParentID: 496)
C:\Windows\System32\lsass.exe (ID: 568|ParentID: 496)
C:\Windows\System32\lsm.exe (ID: 576|ParentID: 496)
C:\Windows\System32\winlogon.exe (ID: 652|ParentID: 488)
C:\Windows\System32\svchost.exe (ID: 736|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 820|ParentID: 560)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 908|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 292|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 448|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 432|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 492|ParentID: 560)
C:\Windows\System32\audiodg.exe (ID: 444|ParentID: 292)
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (ID: 1064|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 1196|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 1304|ParentID: 560)
C:\Windows\System32\spoolsv.exe (ID: 1424|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 1456|ParentID: 560)
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (ID: 1536|ParentID: 560)
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (ID: 1596|ParentID: 560)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (ID: 1660|ParentID: 560)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 1788|ParentID: 560)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (ID: 1884|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 1248|ParentID: 560)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1156|ParentID: 560)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 1732|ParentID: 1156)
C:\Windows\System32\dwm.exe (ID: 2128|ParentID: 448|Oim)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ID: 2140|ParentID: 1884|Oim)
C:\Windows\System32\taskhost.exe (ID: 2220|ParentID: 560|Oim)
C:\Windows\explorer.exe (ID: 2268|ParentID: 2116|Oim)
C:\Program Files\Microsoft Security Client\NisSrv.exe (ID: 2600|ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 2760|ParentID: 560)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 3060|ParentID: 2268|Oim)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2276|ParentID: 2268|Oim)
C:\Windows\System32\igfxtray.exe (ID: 1920|ParentID: 2268|Oim)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2880|ParentID: 2276|Oim)
C:\Windows\System32\hkcmd.exe (ID: 2888|ParentID: 2268|Oim)
C:\Windows\System32\igfxpers.exe (ID: 932|ParentID: 2268|Oim)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 3104|ParentID: 2268|Oim)
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (ID: 3112|ParentID: 2268|Oim)
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (ID: 3200|ParentID: 2268|Oim)
C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (ID: 3368|ParentID: 3304|Oim)
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (ID: 3392|ParentID: 2268|Oim)
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (ID: 3424|ParentID: 3304|Oim)
C:\Windows\System32\SearchIndexer.exe (ID: 3460|ParentID: 560)
C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (ID: 3500|ParentID: 3304|Oim)
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (ID: 3512|ParentID: 3304|Oim)
C:\Program Files (x86)\Real\RealPlayer\realplay.exe (ID: 3528|ParentID: 3304|Oim)
C:\PROGRA~2\HEWLET~1\HPSHAR~1\hpgs2wnf.exe (ID: 3628|ParentID: 736|Oim)
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (ID: 3776|ParentID: 2268|Oim)
C:\Program Files (x86)\Larousse\Petit Larousse 2010\bin\Hyperappel.exe (ID: 3956|ParentID: 2268|Oim)
C:\Program Files\Logitech\SetPoint\SetPoint.exe (ID: 4084|ParentID: 2268|Oim)
C:\Program Files (x86)\DGP1000\Note Manager.exe (ID: 2664|ParentID: 2268|Oim)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ID: 3788|ParentID: 164|Oim)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ID: 3760|ParentID: 3788|Oim)
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (ID: 3784|ParentID: 4084|Oim)
C:\Program Files (x86)\DGP1000\PegRoute.exe (ID: 1100|ParentID: 2664|Oim)
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (ID: 4444|ParentID: 4084|Oim)
C:\Windows\System32\SearchProtocolHost.exe (ID: 4776|ParentID: 3460)
C:\Program Files (x86)\eMule\emule.exe (ID: 696|ParentID: 2268|Oim)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 4260|ParentID: 2268|Oim)
C:\Users\Oim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2728|ParentID: 2268|Oim)
C:\Users\Oim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4312|ParentID: 2728|Oim)
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (ID: 4372|ParentID: 2268|Oim)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 4644|ParentID: 4260|Oim)
C:\Windows\System32\svchost.exe (ID: 2928|ParentID: 560)
C:\Windows\System32\sppsvc.exe (ID: 2896|ParentID: 560)
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (ID: 4180|ParentID: 736|Oim)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1800|ParentID: 560)
C:\Users\Oim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 336|ParentID: 2728|Oim)
C:\Windows\System32\wuauclt.exe (ID: 2084|ParentID: 492|Oim)
C:\Windows\System32\rundll32.exe (ID: 3596|ParentID: 736|Oim)
C:\Windows\servicing\TrustedInstaller.exe (ID: 1092|ParentID: 560)
C:\Windows\System32\taskeng.exe (ID: 4152|ParentID: 492|Oim)
C:\Windows\System32\dinotify.exe (ID: 3684|ParentID: 3596|Oim)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 5104|ParentID: 4260|Oim)
C:\Windows\System32\wbem\WMIADAP.exe (ID: 4952|ParentID: 492)
C:\Windows\System32\SearchFilterHost.exe (ID: 5144|ParentID: 3460|Système)
C:\UsbFix\UsbFix.exe (ID: 5440|ParentID: 5416|Oim)
C:\Windows\System32\rundll32.exe (ID: 5824|ParentID: 4164|Oim)

[b]################## | Autorun |[/b]


[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Google Update] "C:\Users\Oim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKCU\..\Run : [Facebook Update] "C:\Users\Oim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_C0B41EBCAD8CA7D9B0D4442F298E2F03] "C:\Users\Oim\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKLM\..\Run : [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
04 - HKLM\..\Run : [Nuance OmniPage 17-reminder] "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
04 - HKLM\..\Run : [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
04 - HKLM\..\Run : [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
04 - HKLM\..\Run : [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
04 - HKLM\..\Run : [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
04 - HKLM\..\Run : [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
04 - HKLM\..\Run : [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
04 - HKLM\..\Run : [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run : [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
04 - [x64] HKLM\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - [x64] HKLM\..\Run : [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
04 - [x64] HKLM\..\Run : [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2254416563-1694720694-3321684032-1000\..\Run : [Google Update] "C:\Users\Oim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2254416563-1694720694-3321684032-1000\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKU\S-1-5-21-2254416563-1694720694-3321684032-1000\..\Run : [Facebook Update] "C:\Users\Oim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-2254416563-1694720694-3321684032-1000\..\Run : [GoogleChromeAutoLaunch_C0B41EBCAD8CA7D9B0D4442F298E2F03] "C:\Users\Oim\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

[b]################## | Recherche générique |[/b]

Présent! E:\a.txt

[b]################## | Registre |[/b]


[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]