############################## | UsbFix V 7.158 | [Recherche]

Utilisateur: maxime (Administrateur) # MAXIME-PC
Mis à jour le 02/01/2014 par El Desaparecido - Team SosVirus
Lancé à 14:19:08 | 04/01/2014

Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc.         (K52JT)
CPU: Intel(R) Core(TM) i3 CPU       M 350  @ 2.27GHz
RAM -> [Total : 3949 Mo| Free : 2014 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 15.0.874.121
WB: Mozilla Firefox : 19.0.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 256 Go (33 Go libre(s) - 13%) [OS] # NTFS
D:\ -> Disque fixe # 315 Go (144 Go libre(s) - 46%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (2 Go libre(s) - 62%) [] # FAT32
G:\ -> Disque amovible # 250 Mo (183 Mo libre(s) - 73%) [USB DISK] # FAT
H:\ -> Disque amovible # 478 Mo (406 Mo libre(s) - 85%) [USB DISK] # FAT

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 580 |ParentID: 572)
C:\Windows\system32\wininit.exe (ID: 640 |ParentID: 572)
C:\Windows\system32\csrss.exe (ID: 660 |ParentID: 652)
C:\Windows\system32\services.exe (ID: 716 |ParentID: 640)
C:\Windows\system32\lsass.exe (ID: 724 |ParentID: 640)
C:\Windows\system32\lsm.exe (ID: 732 |ParentID: 640)
C:\Windows\system32\svchost.exe (ID: 828 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 924 |ParentID: 716)
C:\Windows\system32\atiesrxx.exe (ID: 972 |ParentID: 716)
C:\Windows\system32\winlogon.exe (ID: 128 |ParentID: 652)
C:\Windows\System32\svchost.exe (ID: 484 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 556 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 592 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 524 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1148 |ParentID: 716)
C:\Windows\system32\FBAgent.exe (ID: 1240 |ParentID: 716)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1288 |ParentID: 716)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1356 |ParentID: 716)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1380 |ParentID: 716)
C:\Windows\system32\atieclxx.exe (ID: 1412 |ParentID: 972)
C:\Windows\system32\taskeng.exe (ID: 1692 |ParentID: 524)
C:\Windows\System32\spoolsv.exe (ID: 1712 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1804 |ParentID: 716)
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (ID: 1944 |ParentID: 716)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1108 |ParentID: 716)
C:\Windows\SysWOW64\svchost.exe (ID: 1316 |ParentID: 716)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1652 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 1128 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 2076 |ParentID: 716)
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (ID: 2128 |ParentID: 1944)
C:\Windows\system32\conhost.exe (ID: 2176 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 2212 |ParentID: 716)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2256 |ParentID: 716)
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (ID: 2444 |ParentID: 1944)
C:\Windows\system32\conhost.exe (ID: 2552 |ParentID: 580)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2588 |ParentID: 2256)
C:\Windows\system32\svchost.exe (ID: 2864 |ParentID: 716)
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (ID: 2964 |ParentID: 2444)
C:\Windows\system32\svchost.exe (ID: 1468 |ParentID: 716)
C:\Windows\system32\taskhost.exe (ID: 3280 |ParentID: 716)
C:\Windows\system32\taskeng.exe (ID: 3300 |ParentID: 524)
C:\Windows\system32\taskeng.exe (ID: 3368 |ParentID: 524)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID: 3376 |ParentID: 1692)
C:\Windows\system32\Dwm.exe (ID: 3452 |ParentID: 556)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 3540 |ParentID: 3300)
C:\Program Files\P4G\BatteryLife.exe (ID: 3548 |ParentID: 3300)
C:\Windows\Explorer.EXE (ID: 3564 |ParentID: 3320)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 3580 |ParentID: 3368)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID: 3588 |ParentID: 3300)
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 3600 |ParentID: 3300)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 3720 |ParentID: 828)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3840 |ParentID: 828)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 3900 |ParentID: 1288)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3960 |ParentID: 828)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID: 3968 |ParentID: 716)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID: 4072 |ParentID: 3900)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ID: 4084 |ParentID: 1240)
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (ID: 1916 |ParentID: 3564)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 3260 |ParentID: 3564)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ID: 3440 |ParentID: 3900)
C:\Users\maxime\AppData\Local\Google\Update\GoogleUpdate.exe (ID: 3528 |ParentID: 3564)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID: 3472 |ParentID: 3900)
C:\Users\maxime\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 3716 |ParentID: 3564)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 4300 |ParentID: 3260)
C:\Windows\AsScrPro.exe (ID: 4308 |ParentID: 1240)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 4608 |ParentID: 1240)
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (ID: 4620 |ParentID: 3564)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID: 4948 |ParentID: 4524)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID: 4960 |ParentID: 4524)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 4976 |ParentID: 4524)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4996 |ParentID: 4524)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4148 |ParentID: 4940)
C:\Windows\system32\SearchIndexer.exe (ID: 4204 |ParentID: 716)
C:\Games\Game Alarm\Updater.exe (ID: 268 |ParentID: 4872)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4752 |ParentID: 716)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 4164 |ParentID: 4148)
C:\Windows\system32\svchost.exe (ID: 4052 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 5456 |ParentID: 716)
C:\Games\Game Alarm\gamealarm.exe (ID: 5644 |ParentID: 268)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3324 |ParentID: 3564)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4368 |ParentID: 3324)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4388 |ParentID: 3324)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4400 |ParentID: 3324)
C:\Windows\system32\DllHost.exe (ID: 5556 |ParentID: 828)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4928 |ParentID: 3324)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5612 |ParentID: 3324)
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ID: 2196 |ParentID: 3300)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 5228 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 4036 |ParentID: 716)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 6156 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 5512 |ParentID: 716)
C:\Windows\System32\WUDFHost.exe (ID: 5736 |ParentID: 556)
C:\Users\maxime\Downloads\RogueKiller.exe (ID: 4060 |ParentID: 3324)
C:\Windows\SysWOW64\notepad.exe (ID: 4924 |ParentID: 4060)
C:\Windows\SysWOW64\notepad.exe (ID: 1364 |ParentID: 4060)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6388 |ParentID: 3324)
C:\Windows\system32\taskhost.exe (ID: 6544 |ParentID: 716)
C:\Users\maxime\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4340 |ParentID: 3324)
C:\UsbFix\Go.exe (ID: 944 |ParentID: 6420)

################## | Regedit Run |

04 - HKLM\..\Run : [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\..\Run : [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\..\Run : [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [] 
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\RunOnce : [] 
04 - HKLM64\..\Run : [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
04 - HKLM64\..\Run : [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
04 - HKLM64\..\Run : [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1991405687-1042479073-4051453386-1000\..\Run : [Google Update] "C:\Users\maxime\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1991405687-1042479073-4051453386-1000\..\Run : [Facebook Update] "C:\Users\maxime\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1991405687-1042479073-4051453386-1000\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-1991405687-1042479073-4051453386-1000\..\Run : [Spotify Web Helper] "C:\Users\maxime\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1991405687-1042479073-4051453386-1000\..\Run : [Spotify] "C:\Users\maxime\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1991405687-1042479073-4051453386-1000\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\maxime\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Présent! C:\Users\maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! C:\Users\maxime\AppData\Local\Temp\iTunesHelper.vbe
Présent! F:\iTunesHelper.vbe
Présent! G:\iTunesHelper.vbe
Présent! H:\iTunesHelper.vbe
Présent! F:\Django.lnk
Présent! F:\System Volume Information.lnk
Présent! G:\~WRL0786.lnk
Présent! G:\curriculum vitae.lnk
Présent! G:\~WRL3357.lnk
Présent! H:\08.lnk
Présent! H:\09.lnk
Présent! H:\02.lnk
Présent! H:\CertifScolarite (2).lnk
Présent! C:\Users\maxime\AppData\Roaming\newnext.me

################## | Registre |

Présent! HKU\S-1-5-21-1991405687-1042479073-4051453386-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |