############################## | UsbFix V 7.161 | [Research] User: User (Administrator) # USER-PC Updated 15/01/2014 by El Desaparecido - Team SosVirus Started at 12:40:55 | 26/01/2014 Website : http://www.en.usbfix.net Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/ Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.en.usbfix.net/contact/ PC: Dell Inc. (0GGRV5) CPU: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz RAM -> [Total : 4004 Mo| Free : 1454 Mo] Bios: Dell Inc. Boot: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1 WB: Windows Internet Explorer : 11.0.9600.16476 WB: Google Chrome : 32.0.1700.76 WB: Mozilla Firefox : 26.0 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255) FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 466 Gb (368 Mb free - 79%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM H:\ -> Fixed drive # 466 Gb (29 Mb free - 6%) [P JUNIOR DD] # FAT32 ################## | Active Processes | C:\PROGRA~2\AVG\AVG2012\avgrsa.exe (ID: 448 |ParentID: 436) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe (ID: 528 |ParentID: 448) C:\Windows\system32\csrss.exe (ID: 808 |ParentID: 796) C:\Windows\system32\wininit.exe (ID: 908 |ParentID: 796) C:\Windows\system32\csrss.exe (ID: 916 |ParentID: 900) C:\Windows\system32\services.exe (ID: 964 |ParentID: 908) C:\Windows\system32\lsass.exe (ID: 984 |ParentID: 908) C:\Windows\system32\lsm.exe (ID: 996 |ParentID: 908) C:\Windows\system32\winlogon.exe (ID: 728 |ParentID: 900) C:\Windows\system32\svchost.exe (ID: 760 |ParentID: 964) C:\Windows\system32\svchost.exe (ID: 1036 |ParentID: 964) C:\Windows\system32\atiesrxx.exe (ID: 1148 |ParentID: 964) C:\Windows\System32\svchost.exe (ID: 1184 |ParentID: 964) C:\Windows\System32\svchost.exe (ID: 1216 |ParentID: 964) C:\Windows\system32\svchost.exe (ID: 1260 |ParentID: 964) C:\Windows\system32\svchost.exe (ID: 1288 |ParentID: 964) C:\Windows\system32\AUDIODG.EXE (ID: 1364 |ParentID: 1184) C:\Windows\system32\svchost.exe (ID: 1456 |ParentID: 964) C:\Windows\system32\svchost.exe (ID: 1560 |ParentID: 964) C:\Windows\system32\WLANExt.exe (ID: 1620 |ParentID: 1216) C:\Windows\system32\conhost.exe (ID: 1636 |ParentID: 808) C:\Windows\system32\atieclxx.exe (ID: 1676 |ParentID: 1148) C:\Windows\System32\spoolsv.exe (ID: 1760 |ParentID: 964) C:\Windows\system32\taskhost.exe (ID: 2036 |ParentID: 964) C:\Windows\system32\taskeng.exe (ID: 1120 |ParentID: 1288) C:\Windows\system32\Dwm.exe (ID: 1412 |ParentID: 1216) C:\Windows\Explorer.EXE (ID: 1476 |ParentID: 1348) C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe (ID: 1892 |ParentID: 1936) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (ID: 1968 |ParentID: 964) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (ID: 2064 |ParentID: 964) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (ID: 2120 |ParentID: 964) C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (ID: 2220 |ParentID: 964) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (ID: 2256 |ParentID: 964) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2388 |ParentID: 964) C:\Windows\system32\taskeng.exe (ID: 2468 |ParentID: 1288) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (ID: 2516 |ParentID: 1120) C:\Windows\system32\svchost.exe (ID: 2648 |ParentID: 964) C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe (ID: 2716 |ParentID: 964) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (ID: 2760 |ParentID: 964) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (ID: 2820 |ParentID: 964) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (ID: 2868 |ParentID: 964) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe (ID: 3060 |ParentID: 2120) C:\Windows\System32\hkcmd.exe (ID: 2844 |ParentID: 1476) C:\Windows\System32\igfxpers.exe (ID: 3100 |ParentID: 1476) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (ID: 3160 |ParentID: 1476) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (ID: 3180 |ParentID: 1476) C:\Program Files\Zune\ZuneLauncher.exe (ID: 3188 |ParentID: 1476) C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 3400 |ParentID: 1476) C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDico36.exe (ID: 3500 |ParentID: 3204) C:\Windows\system32\svchost.exe (ID: 3764 |ParentID: 964) C:\Windows\system32\svchost.exe (ID: 3800 |ParentID: 964) C:\Windows\system32\svchost.exe (ID: 3948 |ParentID: 964) C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\RAC36.exe (ID: 1644 |ParentID: 3204) C:\Windows\System32\WUDFHost.exe (ID: 4104 |ParentID: 1216) C:\Windows\system32\SearchIndexer.exe (ID: 4232 |ParentID: 964) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (ID: 5024 |ParentID: 1476) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (ID: 4992 |ParentID: 4936) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 4968 |ParentID: 4936) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (ID: 5092 |ParentID: 4936) C:\Program Files (x86)\GLO BOLT\AutoDect.exe (ID: 5100 |ParentID: 4936) C:\Program Files (x86)\GLO BOLT\UIMain.exe (ID: 4960 |ParentID: 5100) C:\Program Files (x86)\GLO BOLT\CMUpdater.exe (ID: 5124 |ParentID: 4960) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2992 |ParentID: 964) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe (ID: 3776 |ParentID: 3060) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2604 |ParentID: 1476) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 5688 |ParentID: 964) C:\Program Files\Zune\zune.exe (ID: 1572 |ParentID: 3188) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2508 |ParentID: 2604) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5788 |ParentID: 964) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6248 |ParentID: 2604) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6312 |ParentID: 2604) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6324 |ParentID: 2604) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6640 |ParentID: 2604) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6868 |ParentID: 2604) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 6172 |ParentID: 964) C:\Program Files\Zune\WMZuneComm.exe (ID: 6980 |ParentID: 964) C:\Program Files\Zune\ZuneWlanCfgSvc.exe (ID: 764 |ParentID: 964) \\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 7092 |ParentID: 1288) C:\Windows\system32\wbem\wmiprvse.exe (ID: 6676 |ParentID: 760) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2588 |ParentID: 2604) C:\Windows\system32\wbem\wmiprvse.exe (ID: 4804 |ParentID: 760) C:\Windows\servicing\TrustedInstaller.exe (ID: 6828 |ParentID: 964) C:\Windows\system32\SearchProtocolHost.exe (ID: 3708 |ParentID: 4232) C:\Windows\system32\SearchFilterHost.exe (ID: 6808 |ParentID: 4232) C:\Windows\system32\wuauclt.exe (ID: 4352 |ParentID: 1288) ################## | Regedit Run | 04 - HKLM\..\Run : [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" 04 - HKLM\..\Run : [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" 04 - HKLM\..\Run : [autodetect] C:\PROGRA~2\GLOBOL~1\AutoDect.exe 04 - HKLM\..\RunOnce : [] 04 - HKLM64\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM64\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - HKLM64\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKLM64\..\Run : [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" 04 - HKLM64\..\Run : [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" 04 - HKLM64\..\Run : [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-21-3302344190-811091659-1627376649-1000\..\Run : [MediaDICO36] C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement 04 - HKU\S-1-5-21-3302344190-811091659-1627376649-1000\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 04 - HKU\S-1-5-21-3302344190-811091659-1627376649-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun 04 - HKU\S-1-5-21-3302344190-811091659-1627376649-1000\..\Run : [AGupdate] C:\Program Files (x86)\AppGraffiti\AGupdate.exe 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ################## | Generic Research | Found ! C:\Windows\SysWOW64\User.exe Found ! C:\Users\User\AppData\Local\Temp\svchost.exe Found ! H:\PC.lnk Found ! H:\Videos.lnk Found ! H:\Musique.lnk Found ! H:\Cours.lnk Found ! H:\General.lnk Found ! H:\Programs.lnk Found ! H:\.Trasher Found ! C:\Windows\System32\user.exe ################## | Registry | ################## | Vaccin | ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |