Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.145 | [Recherche]
Utilisateur: Kh (Administrateur) # WORLDCRAFT
Mis � jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lanc� � 19:57:57 | 18/10/2013
Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: Intel (PLCSF8)
CPU: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
RAM -> [Total : 3977 | Free : 1868]
Bios: Insyde Corp.
Boot: Normal boot
OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16721
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 919 Go (832 Go libre(s) - 91%) [TI31065600A] # NTFS
D:\ -> CD-ROM
G:\ -> Disque amovible # 29 Go (29 Go libre(s) - 99%) [Lexar] # FAT32
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID 616 |ParentID 600)
C:\windows\system32\wininit.exe (ID 660 |ParentID 600)
C:\windows\system32\services.exe (ID 760 |ParentID 660)
C:\windows\system32\lsass.exe (ID 768 |ParentID 660)
C:\windows\system32\svchost.exe (ID 872 |ParentID 760)
C:\windows\system32\svchost.exe (ID 948 |ParentID 760)
C:\windows\System32\svchost.exe (ID 1004 |ParentID 760)
C:\windows\system32\svchost.exe (ID 304 |ParentID 760)
C:\windows\system32\svchost.exe (ID 624 |ParentID 760)
C:\windows\System32\svchost.exe (ID 1052 |ParentID 760)
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (ID 1208 |ParentID 760)
C:\windows\system32\svchost.exe (ID 1268 |ParentID 760)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID 1372 |ParentID 760)
C:\windows\system32\WLANExt.exe (ID 1388 |ParentID 1052)
C:\windows\system32\conhost.exe (ID 1404 |ParentID 1388)
C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (ID 1556 |ParentID 760)
C:\windows\System32\spoolsv.exe (ID 1704 |ParentID 760)
C:\windows\system32\svchost.exe (ID 1776 |ParentID 760)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1876 |ParentID 760)
C:\windows\system32\dashost.exe (ID 1928 |ParentID 1052)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 2016 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID 1252 |ParentID 760)
C:\windows\system32\svchost.exe (ID 1740 |ParentID 760)
C:\Windows\system32\TODDSrv.exe (ID 1900 |ParentID 760)
C:\Program Files\TOSHIBA\Teco\TecoService.exe (ID 2064 |ParentID 760)
C:\windows\system32\svchost.exe (ID 2484 |ParentID 760)
C:\windows\system32\wbem\wmiprvse.exe (ID 2428 |ParentID 872)
C:\windows\System32\svchost.exe (ID 3244 |ParentID 760)
C:\windows\system32\wbem\unsecapp.exe (ID 3416 |ParentID 872)
C:\windows\system32\DllHost.exe (ID 4272 |ParentID 872)
C:\windows\system32\SearchIndexer.exe (ID 4464 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID 1636 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 1760 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 3340 |ParentID 760)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 5472 |ParentID 760)
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (ID 6140 |ParentID 760)
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ID 3668 |ParentID 760)
C:\windows\system32\csrss.exe (ID 6020 |ParentID 7948)
C:\windows\System32\WinLogon.exe (ID 7972 |ParentID 7948)
C:\windows\System32\dwm.exe (ID 7240 |ParentID 7972)
C:\windows\system32\taskhostex.exe (ID 2720 |ParentID 760)
C:\windows\Explorer.EXE (ID 1120 |ParentID 7784)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 6504 |ParentID 760)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 3008 |ParentID 1208)
C:\Windows\System32\igfxtray.exe (ID 3704 |ParentID 1120)
C:\Windows\System32\hkcmd.exe (ID 1544 |ParentID 1120)
C:\Windows\System32\igfxpers.exe (ID 3812 |ParentID 1120)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 5764 |ParentID 6540)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 7756 |ParentID 1120)
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (ID 2200 |ParentID 1120)
C:\Program Files\TOSHIBA\Teco\TecoResident.exe (ID 3192 |ParentID 1120)
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (ID 4904 |ParentID 6376)
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (ID 6864 |ParentID 1120)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3900 |ParentID 1120)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID 6396 |ParentID 3472)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4068 |ParentID 3472)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7348 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8036 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8124 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4980 |ParentID 3900)
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe (ID 7904 |ParentID 760)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6808 |ParentID 3900)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID 4824 |ParentID 4068)
C:\Users\Kh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID 3732 |ParentID 4632)
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID 7896 |ParentID 5888)
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (ID 2596 |ParentID 5888)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (ID 8748 |ParentID 872)
C:\Windows\System32\RuntimeBroker.exe (ID 668 |ParentID 872)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5688 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5292 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8908 |ParentID 3900)
C:\Windows\System32\WUDFHost.exe (ID 5232 |ParentID 1052)
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (ID 5324 |ParentID 1120)
C:\windows\splwow64.exe (ID 8680 |ParentID 5324)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 932 |ParentID 3900)
C:\windows\system32\taskeng.exe (ID 7468 |ParentID 304)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3448 |ParentID 3900)
C:\UsbFix\Go.exe (ID 1896 |ParentID 8824)
C:\windows\system32\wbem\wmiprvse.exe (ID 6940 |ParentID 872)
C:\windows\SysWOW64\ctfmon.exe (ID 4928 |ParentID 6396)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [Intel AppUp(R) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM\SOFTWARE | Run : [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Intel AppUp(R) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM\SOFTWARE\wow6432Node | Run : [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-517538292-3189266131-3522857453-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\Kh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-21-517538292-3189266131-3522857453-1001\SOFTWARE | Run : [GoogleChromeAutoLaunch_2C05E0445D62E9D567A52A92A84B0E46] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
################## | �l�ments infectieux |
Pr�sent! G:\-Personnel-.lnk
################## | Registre |
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: Kh (Administrateur) # WORLDCRAFT
Mis � jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lanc� � 19:57:57 | 18/10/2013
Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: Intel (PLCSF8)
CPU: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
RAM -> [Total : 3977 | Free : 1868]
Bios: Insyde Corp.
Boot: Normal boot
OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16721
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 919 Go (832 Go libre(s) - 91%) [TI31065600A] # NTFS
D:\ -> CD-ROM
G:\ -> Disque amovible # 29 Go (29 Go libre(s) - 99%) [Lexar] # FAT32
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID 616 |ParentID 600)
C:\windows\system32\wininit.exe (ID 660 |ParentID 600)
C:\windows\system32\services.exe (ID 760 |ParentID 660)
C:\windows\system32\lsass.exe (ID 768 |ParentID 660)
C:\windows\system32\svchost.exe (ID 872 |ParentID 760)
C:\windows\system32\svchost.exe (ID 948 |ParentID 760)
C:\windows\System32\svchost.exe (ID 1004 |ParentID 760)
C:\windows\system32\svchost.exe (ID 304 |ParentID 760)
C:\windows\system32\svchost.exe (ID 624 |ParentID 760)
C:\windows\System32\svchost.exe (ID 1052 |ParentID 760)
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (ID 1208 |ParentID 760)
C:\windows\system32\svchost.exe (ID 1268 |ParentID 760)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID 1372 |ParentID 760)
C:\windows\system32\WLANExt.exe (ID 1388 |ParentID 1052)
C:\windows\system32\conhost.exe (ID 1404 |ParentID 1388)
C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (ID 1556 |ParentID 760)
C:\windows\System32\spoolsv.exe (ID 1704 |ParentID 760)
C:\windows\system32\svchost.exe (ID 1776 |ParentID 760)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1876 |ParentID 760)
C:\windows\system32\dashost.exe (ID 1928 |ParentID 1052)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 2016 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID 1252 |ParentID 760)
C:\windows\system32\svchost.exe (ID 1740 |ParentID 760)
C:\Windows\system32\TODDSrv.exe (ID 1900 |ParentID 760)
C:\Program Files\TOSHIBA\Teco\TecoService.exe (ID 2064 |ParentID 760)
C:\windows\system32\svchost.exe (ID 2484 |ParentID 760)
C:\windows\system32\wbem\wmiprvse.exe (ID 2428 |ParentID 872)
C:\windows\System32\svchost.exe (ID 3244 |ParentID 760)
C:\windows\system32\wbem\unsecapp.exe (ID 3416 |ParentID 872)
C:\windows\system32\DllHost.exe (ID 4272 |ParentID 872)
C:\windows\system32\SearchIndexer.exe (ID 4464 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID 1636 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 1760 |ParentID 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 3340 |ParentID 760)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 5472 |ParentID 760)
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (ID 6140 |ParentID 760)
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ID 3668 |ParentID 760)
C:\windows\system32\csrss.exe (ID 6020 |ParentID 7948)
C:\windows\System32\WinLogon.exe (ID 7972 |ParentID 7948)
C:\windows\System32\dwm.exe (ID 7240 |ParentID 7972)
C:\windows\system32\taskhostex.exe (ID 2720 |ParentID 760)
C:\windows\Explorer.EXE (ID 1120 |ParentID 7784)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 6504 |ParentID 760)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 3008 |ParentID 1208)
C:\Windows\System32\igfxtray.exe (ID 3704 |ParentID 1120)
C:\Windows\System32\hkcmd.exe (ID 1544 |ParentID 1120)
C:\Windows\System32\igfxpers.exe (ID 3812 |ParentID 1120)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 5764 |ParentID 6540)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 7756 |ParentID 1120)
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (ID 2200 |ParentID 1120)
C:\Program Files\TOSHIBA\Teco\TecoResident.exe (ID 3192 |ParentID 1120)
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (ID 4904 |ParentID 6376)
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (ID 6864 |ParentID 1120)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3900 |ParentID 1120)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID 6396 |ParentID 3472)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4068 |ParentID 3472)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7348 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8036 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8124 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4980 |ParentID 3900)
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe (ID 7904 |ParentID 760)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6808 |ParentID 3900)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID 4824 |ParentID 4068)
C:\Users\Kh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID 3732 |ParentID 4632)
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID 7896 |ParentID 5888)
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (ID 2596 |ParentID 5888)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (ID 8748 |ParentID 872)
C:\Windows\System32\RuntimeBroker.exe (ID 668 |ParentID 872)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5688 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5292 |ParentID 3900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 8908 |ParentID 3900)
C:\Windows\System32\WUDFHost.exe (ID 5232 |ParentID 1052)
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (ID 5324 |ParentID 1120)
C:\windows\splwow64.exe (ID 8680 |ParentID 5324)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 932 |ParentID 3900)
C:\windows\system32\taskeng.exe (ID 7468 |ParentID 304)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3448 |ParentID 3900)
C:\UsbFix\Go.exe (ID 1896 |ParentID 8824)
C:\windows\system32\wbem\wmiprvse.exe (ID 6940 |ParentID 872)
C:\windows\SysWOW64\ctfmon.exe (ID 4928 |ParentID 6396)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [Intel AppUp(R) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM\SOFTWARE | Run : [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Intel AppUp(R) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM\SOFTWARE\wow6432Node | Run : [TPUReg] - "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-517538292-3189266131-3522857453-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\Kh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-21-517538292-3189266131-3522857453-1001\SOFTWARE | Run : [GoogleChromeAutoLaunch_2C05E0445D62E9D567A52A92A84B0E46] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
################## | �l�ments infectieux |
Pr�sent! G:\-Personnel-.lnk
################## | Registre |
################## | Vaccin |
(!) Cet ordinateur n'est pas vaccin�!
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |