totoetboubou
Participant
Nombre d'articles : 34

[Utube]############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: Antoine (Administrateur) # LABASE
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 20:02:21 | 30/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Intel Corporation (Oneonta Falls)
CPU: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
RAM -> [Total : 4008 | Free : 2436]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Protection antivirus et antispyware McAfee [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 349 Go (266 Go libre(s) – 76%) [WINDOWS] # NTFS
D: -> Disque fixe # 349 Go (335 Go libre(s) – 96%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (6 Go libre(s) – 75%) [] # FAT32
G: -> CD-ROM
H: -> Disque amovible # 7 Go (5 Go libre(s) – 64%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 672 |ParentID: 664)
C:Windowssystem32wininit.exe (ID: 800 |ParentID: 664)
C:Windowssystem32csrss.exe (ID: 824 |ParentID: 808)
C:Windowssystem32services.exe (ID: 872 |ParentID: 800)
C:Windowssystem32lsass.exe (ID: 896 |ParentID: 800)
C:Windowssystem32lsm.exe (ID: 904 |ParentID: 800)
C:Windowssystem32svchost.exe (ID: 1004 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 476 |ParentID: 872)
C:Windowssystem32winlogon.exe (ID: 692 |ParentID: 808)
C:WindowsSystem32svchost.exe (ID: 744 |ParentID: 872)
C:WindowsSystem32svchost.exe (ID: 856 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 496 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1036 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1308 |ParentID: 872)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1408 |ParentID: 872)
C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1500 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 1880 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 2024 |ParentID: 872)
C:Windowssystem32mfevtps.exe (ID: 2288 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 2704 |ParentID: 872)
C:Windowssystem32Dwm.exe (ID: 3084 |ParentID: 856)
C:Windowssystem32wbemwmiprvse.exe (ID: 3896 |ParentID: 1004)
C:Windowssystem32wbemunsecapp.exe (ID: 3992 |ParentID: 1004)
C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 4124 |ParentID: 872)
C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 4188 |ParentID: 872)
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 4680 |ParentID: 3096)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 6020 |ParentID: 5436)
C:Windowssystem32svchost.exe (ID: 9440 |ParentID: 872)
C:WindowsSystem32svchost.exe (ID: 10148 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 6048 |ParentID: 872)
C:Program Files (x86)Hotspot Shieldbincmw_srv.exe (ID: 5600 |ParentID: 872)
C:Windowsexplorer.exe (ID: 5952 |ParentID: 692)
C:WindowsSystem32rundll32.exe (ID: 8160 |ParentID: 1004)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 8408 |ParentID: 872)
C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 7112 |ParentID: 872)
C:Windowssystem32SearchIndexer.exe (ID: 7408 |ParentID: 872)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 7876 |ParentID: 872)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 8660 |ParentID: 872)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 9572 |ParentID: 872)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 8768 |ParentID: 8660)
C:Windowssystem32DllHost.exe (ID: 9104 |ParentID: 1004)
C:WindowsSystem32spoolsv.exe (ID: 6072 |ParentID: 872)
C:Program FilesCommon FilesMcAfeeMcSvcHostMcSvHost.exe (ID: 6440 |ParentID: 872)
C:Program Files (x86)Hotspot Shieldbinhsscp.exe (ID: 2276 |ParentID: 2688)
c:PROGRA~1mcafee.comagentmcagent.exe (ID: 8336 |ParentID: 1004)
C:Windowssystem32rundll32.exe (ID: 3952 |ParentID: 6440)
C:Windowssystem32rundll32.exe (ID: 9796 |ParentID: 6440)
C:WindowsSysWOW64rundll32.exe (ID: 3520 |ParentID: 3952)
C:WindowsSystem32wscript.exe (ID: 3876 |ParentID: 10172)
C:Windowssystem32wbemwmiprvse.exe (ID: 2252 |ParentID: 1004)
C:Program Files (x86)Steamsteam.exe (ID: 5560 |ParentID: 6592)
C:Program Files (x86)Common FilesSteamSteamService.exe (ID: 116 |ParentID: 872)
c:PROGRA~1mcafee.comagentMcUpdate.exe (ID: 5512 |ParentID: 6440)
c:PROGRA~1mcafeemscmcupdmgr.exe (ID: 8464 |ParentID: 1004)
C:WindowsSystem32WUDFHost.exe (ID: 9064 |ParentID: 856)
c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe (ID: 10060 |ParentID: 1004)
C:Program FilesCommon FilesMcAfeeCoremchost.exe (ID: 5288 |ParentID: 6440)
C:Program FilesCommon FilesMcAfeeCoremchost.exe (ID: 4388 |ParentID: 6440)
C:WindowsSystem32svchost.exe (ID: 6116 |ParentID: 872)
C:UsbFixGo.exe (ID: 6684 |ParentID: 3908)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLMSOFTWARE | Run : [PVE] – “C:Program Files (x86)ProdipePVEPVE_GMMode.exe”
04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatee3e25083-d8dc-4751-8474-399c9bfc86f4.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
04 – HKLMSOFTWAREwow6432Node | Run : [PVE] – “C:Program Files (x86)ProdipePVEPVE_GMMode.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatee3e25083-d8dc-4751-8474-399c9bfc86f4.exe /check
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-21-2479608208-2334582977-3564189957-1001SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
04 – HKUS-1-5-21-2479608208-2334582977-3564189957-1001SOFTWARE | Run : [Facebook Update] – “C:UsersAntoineAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-2479608208-2334582977-3564189957-1001SOFTWARE | Run : [Free Download Manager] – “C:Program Files (x86)Free Download Managerfdm.exe” -autorun
04 – HKUS-1-5-21-2479608208-2334582977-3564189957-1001SOFTWARE | Run : [uTorrent] – “C:Program Files (x86)uTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-21-2479608208-2334582977-3564189957-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersAntoineAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! C:UsersAntoineAppDataLocalTempiTunesHelper.vbe
Présent! C:UsersAntoineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! F:iTunesHelper.vbe
Présent! H:iTunesHelper.vbe
Présent! F:RunClubSanDisk.exe
Présent! F:club_application.lnk
Présent! H:CCALM.lnk
Présent! H:ccs.lnk
Présent! H:epci montdidier.lnk
Présent! H:base de données et traitement stats.lnk
Présent! H:Enjeux du développement économique de l’arrondissement de Montdidier.lnk
Présent! F:trz1E5B.tmp
Présent! F:trz1E59.tmp

################## | Référence de comparaison MD5 |

Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> C:UsersAntoineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> C:UsersAntoineAppDataLocalTempiTunesHelper.vbe
Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> F:iTunesHelper.vbe
Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> H:iTunesHelper.vbe
Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> C:UsersAntoineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

################## | Comparaison MD5 |

Présent! Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> C:UsersAntoineAppDataLocalTempiTunesHelper.vbe
Présent! Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> C:UsersAntoineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> F:iTunesHelper.vbe
Présent! Md5 : 39F3ED2820238123159B8FBA481F5DE3 -> H:iTunesHelper.vbe

################## | Registre |

Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1
Présent! HKUS-1-5-21-2479608208-2334582977-3564189957-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
[/Utube]