Publicité
Publicité
Format du document : text/plain
Prévisualisation
[b]############################## | UsbFix V 7.172 | [Recherche][/b]
Utilisateur: bonizzi (Administrateur) # BONIZZI-HP
Mis � jour le 23/06/2014 par El Desaparecido - SosVirus
Lanc� � 09:51:59 | 28/06/2014
Site Web : [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Assistance : [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: PEGATRON CORPORATION (2AB6)
CPU: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
GC: AMD RADEON HD 6450
RAM -> [Total : 4079 Mo | Free : 2814 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft� Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Safari : 534.57.2
[b]################## | Security Information |[/b]
AV: Microsoft Security Essentials [[b](!) D�sactiv�[/b] |A jour]
AS: Windows Defender [[b](!) D�sactiv�[/b] |[b](!) Non � jour[/b]]
AS: Microsoft Security Essentials [[b](!) D�sactiv�[/b] |A jour]
AS: Malwarebytes Anti-Malware : 1.0.0.532
FW: Windows Firewall [Actif]
SC: Security Center [Actif]
WU: Windows Update [Actif]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Disque fixe # 1385 Go (1324 Go libre(s) - 96%) [OS] # NTFS
D:\ -> Disque fixe # 12 Go (1 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
[b]################## | Processus Actif |[/b]
C:\Windows\System32\smss.exe (ID: 352|ParentID: 4|Syst�me)
C:\Windows\System32\wininit.exe (ID: 508|ParentID: 432)
C:\Windows\System32\services.exe (ID: 564|ParentID: 508)
C:\Windows\System32\lsass.exe (ID: 588|ParentID: 508)
C:\Windows\System32\lsm.exe (ID: 596|ParentID: 508)
C:\Windows\System32\winlogon.exe (ID: 652|ParentID: 516)
C:\Windows\System32\svchost.exe (ID: 732|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 812|ParentID: 564)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 880|ParentID: 564)
C:\Windows\System32\atiesrxx.exe (ID: 964|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1004|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 124|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 396|ParentID: 564)
C:\Program Files\IDT\WDM\stacsv64.exe (ID: 432|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1368|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1460|ParentID: 564)
C:\Windows\System32\atieclxx.exe (ID: 1540|ParentID: 964)
C:\Windows\System32\spoolsv.exe (ID: 1784|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1812|ParentID: 564)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1948|ParentID: 564)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 2040|ParentID: 564)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1232|ParentID: 564)
C:\Users\bonizzi\AppData\Local\69b094e69fe2284f962a5e6a5eef9e54\DebugDOSRemote.exe (ID: 1348|ParentID: 564)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID: 1668|ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 1996|ParentID: 564)
C:\Windows\SysWOW64\svchost.exe (ID: 1684|ParentID: 564)
C:\Program Files\Microsoft LifeCam\MSCamS64.exe (ID: 2072|ParentID: 564)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 2172|ParentID: 564)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2460|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 2552|ParentID: 564)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2668|ParentID: 564)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2700|ParentID: 564)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 2800|ParentID: 2668)
C:\Windows\System32\taskhost.exe (ID: 2732|ParentID: 564|bonizzi)
C:\Windows\System32\dwm.exe (ID: 2920|ParentID: 124|bonizzi)
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ID: 3244|ParentID: 564)
C:\Windows\explorer.exe (ID: 3252|ParentID: 2828|bonizzi)
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (ID: 3544|ParentID: 3252|bonizzi)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (ID: 3568|ParentID: 3252|bonizzi)
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (ID: 3584|ParentID: 3252|bonizzi)
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (ID: 3676|ParentID: 3544|bonizzi)
C:\Windows\System32\conhost.exe (ID: 3684|ParentID: 532|bonizzi)
C:\Windows\System32\SearchIndexer.exe (ID: 3864|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 3960|ParentID: 564)
C:\Users\bonizzi\AppData\Local\69b094e69fe2284f962a5e6a5eef9e54\BIOSDirect3dScript.exe (ID: 3616|ParentID: 1348|bonizzi)
C:\Windows\System32\svchost.exe (ID: 2512|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 3284|ParentID: 564)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (ID: 4472|ParentID: 3568|bonizzi)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (ID: 4540|ParentID: 732|bonizzi)
C:\Windows\System32\svchost.exe (ID: 4816|ParentID: 564)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (ID: 4904|ParentID: 732|bonizzi)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (ID: 2188|ParentID: 564)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5080|ParentID: 564)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 3228|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 4136|ParentID: 564)
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (ID: 6112|ParentID: 564)
C:\Windows\SysWOW64\dllhost.exe (ID: 6708|ParentID: 732|bonizzi)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 4912|ParentID: 3252|bonizzi)
C:\Windows\System32\taskeng.exe (ID: 8064|ParentID: 396)
C:\Windows\System32\svchost.exe (ID: 10740|ParentID: 564)
C:\Windows\System32\audiodg.exe (ID: 8568|ParentID: 1004)
C:\Windows\servicing\TrustedInstaller.exe (ID: 9536|ParentID: 564)
C:\UsbFix\UsbFix.exe (ID: 2892|ParentID: 836|bonizzi)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5084|ParentID: 732|bonizzi)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 7444|ParentID: 5084|bonizzi)
[b]################## | Autorun |[/b]
[b]################## | Regedit Run |[/b]
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
04 - HKCU\..\Run : [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
04 - [x64] HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3568491273-876444469-2320510264-1000\..\Run : [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
04 - HKU\S-1-5-21-3568491273-876444469-2320510264-1000\..\Run : [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
[b]################## | Recherche g�n�rique |[/b]
[b]################## | Registre |[/b]
Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Pr�sent! HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]
Utilisateur: bonizzi (Administrateur) # BONIZZI-HP
Mis � jour le 23/06/2014 par El Desaparecido - SosVirus
Lanc� � 09:51:59 | 28/06/2014
Site Web : [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Assistance : [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: PEGATRON CORPORATION (2AB6)
CPU: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
GC: AMD RADEON HD 6450
RAM -> [Total : 4079 Mo | Free : 2814 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft� Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Safari : 534.57.2
[b]################## | Security Information |[/b]
AV: Microsoft Security Essentials [[b](!) D�sactiv�[/b] |A jour]
AS: Windows Defender [[b](!) D�sactiv�[/b] |[b](!) Non � jour[/b]]
AS: Microsoft Security Essentials [[b](!) D�sactiv�[/b] |A jour]
AS: Malwarebytes Anti-Malware : 1.0.0.532
FW: Windows Firewall [Actif]
SC: Security Center [Actif]
WU: Windows Update [Actif]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Disque fixe # 1385 Go (1324 Go libre(s) - 96%) [OS] # NTFS
D:\ -> Disque fixe # 12 Go (1 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
[b]################## | Processus Actif |[/b]
C:\Windows\System32\smss.exe (ID: 352|ParentID: 4|Syst�me)
C:\Windows\System32\wininit.exe (ID: 508|ParentID: 432)
C:\Windows\System32\services.exe (ID: 564|ParentID: 508)
C:\Windows\System32\lsass.exe (ID: 588|ParentID: 508)
C:\Windows\System32\lsm.exe (ID: 596|ParentID: 508)
C:\Windows\System32\winlogon.exe (ID: 652|ParentID: 516)
C:\Windows\System32\svchost.exe (ID: 732|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 812|ParentID: 564)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (ID: 880|ParentID: 564)
C:\Windows\System32\atiesrxx.exe (ID: 964|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1004|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 124|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 396|ParentID: 564)
C:\Program Files\IDT\WDM\stacsv64.exe (ID: 432|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1368|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1460|ParentID: 564)
C:\Windows\System32\atieclxx.exe (ID: 1540|ParentID: 964)
C:\Windows\System32\spoolsv.exe (ID: 1784|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1812|ParentID: 564)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1948|ParentID: 564)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 2040|ParentID: 564)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1232|ParentID: 564)
C:\Users\bonizzi\AppData\Local\69b094e69fe2284f962a5e6a5eef9e54\DebugDOSRemote.exe (ID: 1348|ParentID: 564)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID: 1668|ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 1996|ParentID: 564)
C:\Windows\SysWOW64\svchost.exe (ID: 1684|ParentID: 564)
C:\Program Files\Microsoft LifeCam\MSCamS64.exe (ID: 2072|ParentID: 564)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 2172|ParentID: 564)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2460|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 2552|ParentID: 564)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2668|ParentID: 564)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2700|ParentID: 564)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 2800|ParentID: 2668)
C:\Windows\System32\taskhost.exe (ID: 2732|ParentID: 564|bonizzi)
C:\Windows\System32\dwm.exe (ID: 2920|ParentID: 124|bonizzi)
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ID: 3244|ParentID: 564)
C:\Windows\explorer.exe (ID: 3252|ParentID: 2828|bonizzi)
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (ID: 3544|ParentID: 3252|bonizzi)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (ID: 3568|ParentID: 3252|bonizzi)
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (ID: 3584|ParentID: 3252|bonizzi)
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (ID: 3676|ParentID: 3544|bonizzi)
C:\Windows\System32\conhost.exe (ID: 3684|ParentID: 532|bonizzi)
C:\Windows\System32\SearchIndexer.exe (ID: 3864|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 3960|ParentID: 564)
C:\Users\bonizzi\AppData\Local\69b094e69fe2284f962a5e6a5eef9e54\BIOSDirect3dScript.exe (ID: 3616|ParentID: 1348|bonizzi)
C:\Windows\System32\svchost.exe (ID: 2512|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 3284|ParentID: 564)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (ID: 4472|ParentID: 3568|bonizzi)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (ID: 4540|ParentID: 732|bonizzi)
C:\Windows\System32\svchost.exe (ID: 4816|ParentID: 564)
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (ID: 4904|ParentID: 732|bonizzi)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (ID: 2188|ParentID: 564)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5080|ParentID: 564)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 3228|ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 4136|ParentID: 564)
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (ID: 6112|ParentID: 564)
C:\Windows\SysWOW64\dllhost.exe (ID: 6708|ParentID: 732|bonizzi)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 4912|ParentID: 3252|bonizzi)
C:\Windows\System32\taskeng.exe (ID: 8064|ParentID: 396)
C:\Windows\System32\svchost.exe (ID: 10740|ParentID: 564)
C:\Windows\System32\audiodg.exe (ID: 8568|ParentID: 1004)
C:\Windows\servicing\TrustedInstaller.exe (ID: 9536|ParentID: 564)
C:\UsbFix\UsbFix.exe (ID: 2892|ParentID: 836|bonizzi)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5084|ParentID: 732|bonizzi)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 7444|ParentID: 5084|bonizzi)
[b]################## | Autorun |[/b]
[b]################## | Regedit Run |[/b]
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
04 - HKCU\..\Run : [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
04 - [x64] HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3568491273-876444469-2320510264-1000\..\Run : [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
04 - HKU\S-1-5-21-3568491273-876444469-2320510264-1000\..\Run : [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
[b]################## | Recherche g�n�rique |[/b]
[b]################## | Registre |[/b]
Pr�sent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Pr�sent! HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]