snory
Participant
Nombre d'articles : 9

rapport du programme de recherche

############################## | UsbFix V 7.149 | [Recherche]

Utilisateur: lamti (Administrateur) # PC-DE-LAMTI
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 23:13:32 | 04/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Packard Bell BV (PF2P)
CPU: AMD Turion(tm) X2 Dual-Core Mobile RM-72
RAM -> [Total : 3582 | Free : 1787]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 1.9.1.18
WB: Safari : 533.18.5

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 285 Go (20 Go libre(s) – 7%) [OS] # NTFS
D: -> Disque fixe # 298 Go (126 Go libre(s) – 42%) [] # NTFS
E: -> CD-ROM
F: -> CD-ROM
J: -> Disque amovible # 2 Go (246 Mo libre(s) – 13%) [] # FAT

################## | Référence de comparaison MD5 |

Md5 : dbf9c0fc72dab07ec39de9bff859557d -> J:iTunesHelper.vbe
Md5 : dbf9c0fc72dab07ec39de9bff859557d -> J:iTunesHelper.vbe
Md5 : dbf9c0fc72dab07ec39de9bff859557d -> J:iTunesHelper.vbe
Md5 : dbf9c0fc72dab07ec39de9bff859557d -> J:iTunesHelper.vbe
Md5 : dbf9c0fc72dab07ec39de9bff859557d -> J:iTunesHelper.vbe

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 588 |ParentID: 576)
C:Windowssystem32csrss.exe (ID: 652 |ParentID: 644)
C:Windowssystem32wininit.exe (ID: 660 |ParentID: 576)
C:Windowssystem32services.exe (ID: 700 |ParentID: 660)
C:Windowssystem32lsass.exe (ID: 712 |ParentID: 660)
C:Windowssystem32lsm.exe (ID: 720 |ParentID: 660)
C:Windowssystem32winlogon.exe (ID: 796 |ParentID: 644)
C:Windowssystem32svchost.exe (ID: 904 |ParentID: 700)
C:Windowssystem32svchost.exe (ID: 972 |ParentID: 700)
C:WindowsSystem32svchost.exe (ID: 1008 |ParentID: 700)
C:Windowssystem32Ati2evxx.exe (ID: 1092 |ParentID: 700)
C:WindowsSystem32svchost.exe (ID: 1112 |ParentID: 700)
C:WindowsSystem32svchost.exe (ID: 1152 |ParentID: 700)
C:Windowssystem32svchost.exe (ID: 1212 |ParentID: 700)
C:Windowssystem32svchost.exe (ID: 1312 |ParentID: 700)
C:Windowssystem32SLsvc.exe (ID: 1348 |ParentID: 700)
C:Windowssystem32svchost.exe (ID: 1400 |ParentID: 700)
C:Windowssystem32Ati2evxx.exe (ID: 1480 |ParentID: 1092)
C:Windowssystem32svchost.exe (ID: 1668 |ParentID: 700)
C:Windowssystem32Dwm.exe (ID: 1904 |ParentID: 1152)
C:WindowsSystem32spoolsv.exe (ID: 1976 |ParentID: 700)
C:Windowssystem32taskeng.exe (ID: 1996 |ParentID: 1212)
C:WindowsExplorer.EXE (ID: 2008 |ParentID: 1892)
C:Program FilesAviraAntiVir Desktopsched.exe (ID: 2016 |ParentID: 700)
C:Windowssystem32svchost.exe (ID: 328 |ParentID: 700)
C:Program FilesAdvanced System ProtectorAdvancedSystemProtector.exe (ID: 384 |ParentID: 1996)
C:Windowssystem32taskeng.exe (ID: 456 |ParentID: 1212)
C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe (ID: 1816 |ParentID: 700)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 896 |ParentID: 700)
C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 544 |ParentID: 700)
C:Windowssystem32taskeng.exe (ID: 600 |ParentID: 1212)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1532 |ParentID: 700)
C:Program FilesBonjourmDNSResponder.exe (ID: 2168 |ParentID: 700)
C:ProgramDataBrowserProtect2.5.1005.80{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserProtect.exe (ID: 2216 |ParentID: 700)
C:Windowssystem32svchost.exe (ID: 2280 |ParentID: 700)
C:Windowssystem32FsUsbExService.Exe (ID: 2364 |ParentID: 700)
C:Program FilesGenie-SoftGenie TimelineGenieTimelineService.exe (ID: 2412 |ParentID: 700)
C:ProgramDataBrowserProtect2.5.1005.80{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserProtect.exe (ID: 2488 |ParentID: 2216)
C:Windowssystem32svchost.exe (ID: 2668 |ParentID: 700)
C:Program FilesLaCieDesktop Managerlacie_dm_service.exe (ID: 2700 |ParentID: 700)
C:WindowsSystem32svchost.exe (ID: 2728 |ParentID: 700)
C:Windowssystem32IoctlSvc.exe (ID: 2892 |ParentID: 700)
C:WindowsSystem32svchost.exe (ID: 2912 |ParentID: 700)
C:Windowssystem32PnkBstrA.exe (ID: 2928 |ParentID: 700)
C:Windowssystem32conime.exe (ID: 2936 |ParentID: 2860)
C:Windowssystem32svchost.exe (ID: 2948 |ParentID: 700)
C:Program FilesMicrosoft Application Virtualization Clientsftvsa.exe (ID: 3184 |ParentID: 700)
C:Windowssystem32svchost.exe (ID: 3224 |ParentID: 700)
C:WindowsSystem32svchost.exe (ID: 3276 |ParentID: 700)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3324 |ParentID: 700)
C:Windowssystem32SearchIndexer.exe (ID: 3392 |ParentID: 700)
C:Program FilesYontooY2Desktop.Updater.exe (ID: 3412 |ParentID: 700)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3444 |ParentID: 3324)
C:Program FilesMicrosoft Application Virtualization Clientsftlist.exe (ID: 3616 |ParentID: 700)
C:Program FilesGenie-SoftGenie TimelineGSTimeLineAgent.exe (ID: 3964 |ParentID: 3860)
C:Program FilesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2360 |ParentID: 700)
C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 2544 |ParentID: 544)
C:UserslamtiAppDataRoamingYontooYontooDesktop.exe (ID: 3900 |ParentID: 3412)
C:Program FilesGenie-SoftGenie TimelineWebServerPHPphp-cgi.exe (ID: 2096 |ParentID: 2412)
C:Program FilesGenie-SoftGenie TimelineWebServernginxGSTimeLineSearch.exe (ID: 3672 |ParentID: 2716)
C:Program FilesGenie-SoftGenie TimelineWebServernginxGSTimeLineSearch.exe (ID: 1604 |ParentID: 3672)
C:Program FilesWindows DefenderMSASCui.exe (ID: 3084 |ParentID: 2008)
C:WindowsRtHDVCpl.exe (ID: 1608 |ParentID: 2008)
C:Program FilesPACKARD BELLSetUpMyPCSmpSys.exe (ID: 3260 |ParentID: 2008)
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 2804 |ParentID: 3844)
C:Windowssystem32svchost.exe (ID: 4104 |ParentID: 700)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 4828 |ParentID: 2008)
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe (ID: 4848 |ParentID: 2008)
C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 4888 |ParentID: 2008)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 4896 |ParentID: 2008)
C:Windowsehomeehtray.exe (ID: 4916 |ParentID: 2008)
C:Program FilesMicrosoft OfficeOffice14MSOSYNC.EXE (ID: 4924 |ParentID: 2008)
C:UserslamtiAppDataLocalAkamainetsession_win.exe (ID: 4952 |ParentID: 2008)
C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 4988 |ParentID: 2008)
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 5004 |ParentID: 2008)
C:Windowsehomeehmsas.exe (ID: 5060 |ParentID: 904)
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 5544 |ParentID: 2804)
C:UserslamtiAppDataLocalAkamainetsession_win.exe (ID: 5668 |ParentID: 4952)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3288 |ParentID: 2008)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4940 |ParentID: 3288)
C:program filesaviraantivir desktopavcenter.exe (ID: 4480 |ParentID: 4888)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5388 |ParentID: 3288)
C:Windowssystem32wbemwmiprvse.exe (ID: 5828 |ParentID: 904)
C:WindowsSystem32WUDFHost.exe (ID: 5684 |ParentID: 1152)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5952 |ParentID: 3288)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5104 |ParentID: 3288)
C:Windowssystem32Taskmgr.exe (ID: 4836 |ParentID: 796)
C:UsbFixGo.exe (ID: 5164 |ParentID: 464)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [RtHDVCpl] – RtHDVCpl.exe
04 – HKLMSOFTWARE | Run : [SmpcSys] – C:Program FilesPackard BellSetupMyPCSmpSys.exe
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [Skytel] – Skytel.exe
04 – HKLMSOFTWARE | Run : [NPSStartup] –
04 – HKLMSOFTWARE | Run : [TkBellExe] – “C:Program FilesCommon FilesRealUpdate_OBrealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Autodesk Sync] – C:Program FilesAutodeskAutodesk SyncAdSync.exe
04 – HKLMSOFTWARE | Run : [AdobeCS4ServiceManager] – “C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [AvgUninstallURL] – cmd.exe /c start http://www.avg.fr/fr.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA” onclick=”window.open(this.href);return false;”&”inst=NwA3AC0ANAA0ADAANgA4ADIANgA5ADgALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADEAOQA3ADcAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARQBOACsAMQAtAFQAQgBOACsAMQAtAEwAOQAwAE0ASgArADIALQBGADkAMABNADEAMgBKAFQAKwAxAC0ARgA5ADAATQAxADIAUgArADEALQBWAEkAUAAxADIAKwAxAA”&”prod=90″&”ver=9.0.894
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | Run : [SmpcSys] – C:Program FilesPACKARD BELLSetUpMyPCSmpSys.exe
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | Run : [ehTray.exe] – C:WindowsehomeehTray.exe
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | Run : [OfficeSyncProcess] – “C:Program FilesMicrosoft OfficeOffice14MSOSYNC.EXE”
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | Run : [Akamai NetSession Interface] – “C:UserslamtiAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | Run : [Yontoo Desktop] – “C:UserslamtiAppDataRoamingYontooYontooDesktop.exe”
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | Run : [AdobeBridge] –
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKUS-1-5-21-3689281527-3389543398-1246023291-1000SOFTWARE | RunOnce : [Shockwave Updater] – C:Windowssystem32AdobeShockwave 11SwHelper_1151601.exe -Update -1151601 -“Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.4; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)” -“http://www.neroucheffmichel.be/html/courbeniveau/courbeniveau.html”

################## | Recherche générique |

Présent! J:BOOTEX.lnk
Présent! J:clef.lnk
Présent! J:URBA.lnk
Présent! J:K.lnk
Présent! J:LaunchU3.lnk
Présent! J:.lnk
Présent! J:2 A0 N_B 1_200e.lnk
Présent! J:ANALYSE – Cadrages (1).lnk
Présent! J:A3 TEST 2.lnk
Présent! J:A3 TEST.lnk
Présent! J:A3 TEST 3.lnk
Présent! J:velo nico.lnk
Présent! J:photo hangar.lnk
Présent! J:esquisse reference.lnk
Présent! J:melting pot reference.lnk
Présent! J:System.lnk
Présent! J:.Trashes.lnk
Présent! J:Groupe lama.lnk
Présent! J:17 octobre.lnk
Présent! J:.Spotlight-V100.lnk
Présent! J:IMPRESSION 24_09.lnk
Présent! J:Philippe Wessels cours de projection et perspective 1° bac AI.lnk
Présent! J:carte liege.lnk
Présent! J:soleil photos.lnk
Présent! J:ReadMe.lnk
Présent! J:IMPRESSION 03_10.lnk
Présent! J:Documents.lnk
Présent! J:httparchives.lesoir.be-les-livres-l-alcool-et-les-jeunes-un-vrai_t-20111206.lnk
Présent! J:rapport.lnk
Présent! J:BILLETS A IMPRIMER.lnk
Présent! F:autorun.inf
Présent! J:iTunesHelper.vbe
Présent! J:SYSTEMFILES

################## | Comparaison MD5 |

################## | Registre |

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |