Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.141 | [Recherche]
Utilisateur: Mian (Administrateur) # MIAN-PC
Mis � jour le 30/09/2013 par El Desaparecido - Team SosVirus
Lanc� � 21:53:27 | 01/10/2013
Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: ASUSTeK Computer Inc. (K52Jc)
CPU: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
RAM -> [Total : 3884 | Free : 1449]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 116 Go (34 Go libre(s) - 29%) [OS] # NTFS
D:\ -> Disque fixe # 330 Go (257 Go libre(s) - 78%) [DATA] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 15 Go (13 Go libre(s) - 84%) [MIAN16] # FAT32
################## | Processus Actif |
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (ID 420 |ParentID 404)
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (ID 468 |ParentID 420)
C:\Windows\system32\csrss.exe (ID 740 |ParentID 732)
C:\Windows\system32\wininit.exe (ID 804 |ParentID 732)
C:\Windows\system32\csrss.exe (ID 828 |ParentID 816)
C:\Windows\system32\services.exe (ID 876 |ParentID 804)
C:\Windows\system32\lsass.exe (ID 884 |ParentID 804)
C:\Windows\system32\lsm.exe (ID 892 |ParentID 804)
C:\Windows\system32\winlogon.exe (ID 988 |ParentID 816)
C:\Windows\system32\svchost.exe (ID 128 |ParentID 876)
C:\Windows\system32\nvvsvc.exe (ID 748 |ParentID 876)
C:\Windows\system32\svchost.exe (ID 832 |ParentID 876)
C:\Windows\System32\svchost.exe (ID 1072 |ParentID 876)
C:\Windows\System32\svchost.exe (ID 1112 |ParentID 876)
C:\Windows\system32\svchost.exe (ID 1164 |ParentID 876)
C:\Windows\system32\svchost.exe (ID 1200 |ParentID 876)
C:\Windows\system32\svchost.exe (ID 1380 |ParentID 876)
C:\Windows\system32\FBAgent.exe (ID 1456 |ParentID 876)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID 1480 |ParentID 876)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID 1532 |ParentID 876)
C:\Windows\System32\spoolsv.exe (ID 1600 |ParentID 876)
C:\Windows\system32\nvvsvc.exe (ID 1736 |ParentID 748)
C:\Windows\system32\svchost.exe (ID 1792 |ParentID 876)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1932 |ParentID 876)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 1956 |ParentID 876)
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (ID 1984 |ParentID 876)
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID 2020 |ParentID 876)
C:\Program Files\Bonjour\mDNSResponder.exe (ID 1060 |ParentID 876)
C:\Windows\system32\svchost.exe (ID 1360 |ParentID 876)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 1780 |ParentID 876)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID 2144 |ParentID 876)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID 2620 |ParentID 876)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 2724 |ParentID 876)
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (ID 2928 |ParentID 2020)
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (ID 2940 |ParentID 2020)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe (ID 3100 |ParentID 876)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3128 |ParentID 876)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe (ID 3188 |ParentID 3100)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3196 |ParentID 3128)
C:\Windows\system32\conhost.exe (ID 3248 |ParentID 740)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID 3292 |ParentID 876)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID 3792 |ParentID 876)
C:\Windows\system32\SearchIndexer.exe (ID 3872 |ParentID 876)
C:\Windows\system32\svchost.exe (ID 4136 |ParentID 876)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID 4592 |ParentID 876)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 4244 |ParentID 876)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 256 |ParentID 876)
C:\Windows\system32\taskhost.exe (ID 1844 |ParentID 876)
C:\Windows\system32\Dwm.exe (ID 1224 |ParentID 1112)
C:\Windows\system32\taskeng.exe (ID 3336 |ParentID 1200)
C:\Windows\Explorer.EXE (ID 3424 |ParentID 2360)
D:\PPS.tv\PPStream\PPSProtect.exe (ID 3384 |ParentID 3336)
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID 3084 |ParentID 3336)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID 4080 |ParentID 3336)
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe (ID 4356 |ParentID 3336)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID 3220 |ParentID 3336)
C:\Program Files\P4G\BatteryLife.exe (ID 4020 |ParentID 3336)
C:\Program Files\Elantech\ETDCtrl.exe (ID 3076 |ParentID 3424)
C:\Windows\System32\igfxtray.exe (ID 2480 |ParentID 3424)
C:\Windows\System32\hkcmd.exe (ID 4852 |ParentID 3424)
C:\Windows\System32\igfxpers.exe (ID 1396 |ParentID 3424)
C:\Users\Mian\AppData\Local\Facebook\Update\FacebookUpdate.exe (ID 4440 |ParentID 3424)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ID 3364 |ParentID 1456)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID 5036 |ParentID 3424)
D:\PPS.tv\PPStream\PPSKernel.exe (ID 1832 |ParentID 3424)
C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe (ID 4520 |ParentID 3424)
C:\Program Files\Windows Sidebar\sidebar.exe (ID 2628 |ParentID 3424)
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (ID 3756 |ParentID 3424)
C:\Users\Mian\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID 5148 |ParentID 3424)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID 5188 |ParentID 4472)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID 5380 |ParentID 4472)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID 5400 |ParentID 4472)
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (ID 5460 |ParentID 4472)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID 5496 |ParentID 876)
C:\Windows\system32\wbem\wmiprvse.exe (ID 5636 |ParentID 128)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID 5680 |ParentID 4472)
C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID 5688 |ParentID 4472)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 5704 |ParentID 4472)
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (ID 5776 |ParentID 4472)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID 5808 |ParentID 1480)
C:\Windows\AsScrPro.exe (ID 5816 |ParentID 1456)
C:\Windows\system32\wbem\wmiprvse.exe (ID 5924 |ParentID 128)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID 6136 |ParentID 5808)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID 2748 |ParentID 1456)
C:\Program Files\iPod\bin\iPodService.exe (ID 4000 |ParentID 876)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID 6508 |ParentID 5808)
C:\Windows\System32\svchost.exe (ID 7244 |ParentID 876)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID 7512 |ParentID 3076)
C:\Windows\system32\DllHost.exe (ID 4436 |ParentID 128)
C:\Windows\SysWOW64\ACEngSvr.exe (ID 7080 |ParentID 128)
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ID 8000 |ParentID 3336)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 7324 |ParentID 876)
C:\Windows\System32\wscript.exe (ID 6320 |ParentID 6532)
C:\Windows\system32\svchost.exe (ID 7052 |ParentID 876)
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ID 8308 |ParentID 5688)
C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 5140 |ParentID 3424)
C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 1928 |ParentID 5140)
C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 3492 |ParentID 5140)
C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6972 |ParentID 5140)
C:\Users\Mian\AppData\Local\Google\Chrome\Application\chrome.exe (ID 9156 |ParentID 5140)
C:\Windows\System32\WUDFHost.exe (ID 5028 |ParentID 1112)
C:\Windows\system32\taskeng.exe (ID 4824 |ParentID 1200)
C:\UsbFix\Go.exe (ID 3024 |ParentID 8604)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM\SOFTWARE | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM\SOFTWARE\wow6432Node | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-21-874336220-1330978730-1593934170-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-874336220-1330978730-1593934170-1000\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-21-874336220-1330978730-1593934170-1000_Classes\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Facebook Update] - "C:\Users\Mian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Google Update] - "C:\Users\Mian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [VoipBuster] - "C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [AVG-Secure-Search-Update_0913b] - C:\Users\Mian\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a14b6227502547d1af7cf18676b9070c-7cc5fdae1d66b3e44ecd46081277aacea3fcae8e --CMPID 0913b
HKU\S-1-5-21-874336220-1330978730-1593934170-1002\SOFTWARE | Run : [1L8prJDN] - wscript.exe //B "C:\Users\Mian\AppData\Local\Temp\1L8prJDN.vbs"
HKU\S-1-5-21-874336220-1330978730-1593934170-1002_Classes\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-18\SOFTWARE | Run : [PPS Accelerator] - D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-874336220-1330978730-1593934170-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | �l�ments infectieux |
Pr�sent! G:\1L8prJDN.vbs
Pr�sent! C:\Users\Mian\AppData\Local\Temp\1L8prJDN.vbs
Pr�sent! C:\Users\Mian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1L8prJDN.vbs
Pr�sent! G:\Biomed 1ere master.lnk
Pr�sent! G:\Photos.lnk
Pr�sent! G:\.lnk
Pr�sent! G:\A7KGEquN.lnk
Pr�sent! G:\.Trashes.lnk
Pr�sent! G:\.Spotlight-V100.lnk
Pr�sent! C:\Users\Mian\AppData\Local\dt.dat
Pr�sent! C:\desktop.ini
Pr�sent! G:\A7KGEquN.vbs
################## | Registre |
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1L8prJDN
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1L8prJDN
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|1L8prJDN
HKCU\.\.\.\.\Explorer\MountPoints2\{89ff0ec3-ec8c-11e1-8c87-20cf305deeff}
Shell\AutoRun\Command = F:\iPadTV.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{bfecb25e-ac9e-11e1-8c53-20cf305deeff}
Shell\AutoRun\Command = F:\iStudio.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |