cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.150 | [Recherche]

Utilisateur: Etienne (Administrateur) # ETIENNE-MSI
Mis � jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lanc� � 17:12:12 | 14/11/2013

Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Micro-Star International (E7003)
CPU: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
RAM -> [Total : 3886 | Free : 2024]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16618
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 273 Go (39 Go libre(s) - 14%) [OS_Install] # NTFS
D:\ -> Disque fixe # 180 Go (178 Go libre(s) - 99%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Disque amovible # 4 Go (100 Mo libre(s) - 3%) [COURS FAC] # FAT32
W:\ -> Disque fixe # 12 Go (4 Go libre(s) - 30%) [BIOS_RVY] # NTFS

################## | Processus Actif |

C:\windows\system32\csrss.exe (ID: 552 |ParentID: 544)
C:\windows\system32\wininit.exe (ID: 584 |ParentID: 544)
C:\windows\system32\csrss.exe (ID: 612 |ParentID: 600)
C:\windows\system32\services.exe (ID: 652 |ParentID: 584)
C:\windows\system32\lsass.exe (ID: 684 |ParentID: 584)
C:\windows\system32\lsm.exe (ID: 692 |ParentID: 584)
C:\windows\system32\winlogon.exe (ID: 796 |ParentID: 600)
C:\windows\system32\svchost.exe (ID: 816 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 932 |ParentID: 652)
C:\windows\system32\atiesrxx.exe (ID: 1000 |ParentID: 652)
C:\windows\System32\svchost.exe (ID: 120 |ParentID: 652)
C:\windows\System32\svchost.exe (ID: 332 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 392 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 448 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 1124 |ParentID: 652)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1256 |ParentID: 652)
C:\windows\system32\atieclxx.exe (ID: 1280 |ParentID: 1000)
C:\windows\system32\Dwm.exe (ID: 1420 |ParentID: 332)
C:\windows\Explorer.EXE (ID: 1500 |ParentID: 1412)
C:\windows\System32\spoolsv.exe (ID: 1668 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 1696 |ParentID: 652)
C:\windows\system32\taskhost.exe (ID: 1772 |ParentID: 652)
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ID: 1912 |ParentID: 652)
C:\Program Files\LSI SoftModem\agr64svc.exe (ID: 1940 |ParentID: 652)
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (ID: 1960 |ParentID: 652)
C:\ProgramData\DatacardService\DCService.exe (ID: 1996 |ParentID: 652)
C:\windows\SysWOW64\srvany.exe (ID: 1044 |ParentID: 652)
C:\windows\KMService.exe (ID: 1116 |ParentID: 1044)
C:\windows\system32\conhost.exe (ID: 1168 |ParentID: 552)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 1316 |ParentID: 1996)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1564 |ParentID: 652)
C:\Program Files (x86)\System Control Manager\MSIService.exe (ID: 1376 |ParentID: 652)
C:\windows\system32\taskeng.exe (ID: 1624 |ParentID: 448)
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (ID: 556 |ParentID: 1624)
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (ID: 1144 |ParentID: 1624)
C:\Program Files (x86)\PDF Architect\HelperService.exe (ID: 2076 |ParentID: 652)
C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID: 2428 |ParentID: 652)
C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (ID: 2492 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 2728 |ParentID: 652)
C:\Program Files\Motorola\Bluetooth\obexsrv.exe (ID: 2792 |ParentID: 652)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (ID: 2816 |ParentID: 652)
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (ID: 2200 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 2832 |ParentID: 652)
C:\windows\System32\rundll32.exe (ID: 3608 |ParentID: 816)
C:\Windows\System32\igfxtray.exe (ID: 3928 |ParentID: 1500)
C:\Windows\System32\hkcmd.exe (ID: 3940 |ParentID: 1500)
C:\Windows\System32\igfxpers.exe (ID: 3956 |ParentID: 1500)
C:\windows\system32\igfxsrvc.exe (ID: 3984 |ParentID: 816)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 3208 |ParentID: 1500)
C:\Program Files\FSP\FspUip.exe (ID: 3444 |ParentID: 1500)
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (ID: 3332 |ParentID: 1500)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ID: 3364 |ParentID: 1500)
C:\Program Files\Logitech\Gaming Software\LWEMon.exe (ID: 3476 |ParentID: 1500)
C:\windows\system32\SearchIndexer.exe (ID: 3512 |ParentID: 652)
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (ID: 3864 |ParentID: 3828)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 724 |ParentID: 3832)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 4192 |ParentID: 724)
C:\windows\system32\wbem\unsecapp.exe (ID: 4204 |ParentID: 816)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4344 |ParentID: 3828)
C:\windows\system32\wbem\wmiprvse.exe (ID: 4676 |ParentID: 816)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 2468 |ParentID: 652)
C:\windows\System32\svchost.exe (ID: 952 |ParentID: 652)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3780 |ParentID: 652)
C:\windows\system32\svchost.exe (ID: 1896 |ParentID: 652)
C:\windows\system32\DllHost.exe (ID: 5896 |ParentID: 816)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 168 |ParentID: 652)
C:\windows\System32\WUDFHost.exe (ID: 2700 |ParentID: 332)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 928 |ParentID: 1500)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3156 |ParentID: 928)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5368 |ParentID: 928)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5544 |ParentID: 928)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5520 |ParentID: 928)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5964 |ParentID: 928)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3680 |ParentID: 928)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5220 |ParentID: 928)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 948 |ParentID: 928)
C:\Users\Etienne\Downloads\RogueKiller.exe (ID: 2096 |ParentID: 928)
C:\windows\system32\wbem\wmiprvse.exe (ID: 5360 |ParentID: 816)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5836 |ParentID: 928)
C:\UsbFix\Go.exe (ID: 5212 |ParentID: 5044)
C:\windows\SysWOW64\ctfmon.exe (ID: 6084 |ParentID: 4344)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [MGSysCtrl] - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
04 - HKLM\SOFTWARE | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [MGSysCtrl] - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [ShowBatteryBar] - "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [cacaoweb] - "C:\Users\Etienne\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3183035398-3778654731-323455342-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche g�n�rique |

Pr�sent! H:\FOUND.000.lnk
Pr�sent! H:\.fseventsd.lnk
Pr�sent! H:\.Trashes.lnk
Pr�sent! H:\Fac.lnk
Pr�sent! H:\.Spotlight-V100.lnk
Pr�sent! H:\.TemporaryItems.lnk
Pr�sent! H:\Master 1 EEI.lnk
Pr�sent! H:\Recherche Travail.lnk
Pr�sent! H:\Voyage Juin 2011.lnk
Pr�sent! H:\Tennis Elbow 2011.lnk
Pr�sent! C:\Users\Etienne\AppData\Local\Temp\uttC4DA.tmp.exe
Pr�sent! C:\Users\Etienne\AppData\Local\Temp\48871-80099-esf-database-convert.exe
Pr�sent! C:\Users\Etienne\AppData\Local\Temp\7z920.exe
Pr�sent! C:\Users\Etienne\AppData\Local\Temp\winzip1664_2_wrapped.exe
Pr�sent! F:\SETUP.EXE
Pr�sent! F:\autorun.inf
Pr�sent! H:\Recycler\desktop.ini
Pr�sent! F:\Updates

################## | R�f�rence de comparaison MD5 |

Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:\Users\Etienne\AppData\Local\Temp\7z920.exe
Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> W:\imagex.exe

################## | Comparaison MD5 |

Pr�sent! Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:\Users\Etienne\AppData\Local\Temp\7z920.exe
Pr�sent! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERY\imagex.exe
Pr�sent! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\imagex.exe
Pr�sent! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\ConfigSetRoot\$oem$\$$\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\imagex.exe
Pr�sent! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\RE_DRIVE\RECOVERY\imagex.exe
Pr�sent! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\RE_DRIVE\RECOVERYCD_ISO\imagex.exe
Pr�sent! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> C:\Windows\RE_DRIVE\RECOVERYCD_ISO\RECOVERY_DVD\imagex.exe
Pr�sent! Md5 : C8AD6CB2D5F840B8DF718A8DB67649DF -> W:\imagex.exe

################## | Registre |


################## | Vaccin |

(!) Cet ordinateur n'est pas vaccin�!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité