############################## | UsbFix V 7.124 | [Recherche]

Utilisateur: léo (Administrateur) # LÉO-HP
Mis à jour le 24/04/2013 par El Desaparecido
Lancé à 22:54:43 | 28/04/2013

Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Hewlett-Packard (HP 635 Notebook PC              ) (X86-based PC)
CPU: AMD E-300 APU with Radeon(tm) HD Graphics (1300)
RAM -> [Total : 1643 | Free : 575]
BIOS: InsydeH2O Version CCB.03.61.11F.43
BOOT: Normal boot

OS: Microsoft Windows 7 Professionnel  (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Anti-Virus 2013 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 298 Go (189 Go libre(s) - 64%) [Windows] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 8 Go (3 Go libre(s) - 39%) [TRANSCEND] # FAT32

################## | Processus Actif |

C:\windows\system32\csrss.exe (412)
C:\windows\system32\csrss.exe (484)
C:\windows\system32\wininit.exe (492)
C:\windows\system32\winlogon.exe (548)
C:\windows\system32\services.exe (580)
C:\windows\system32\lsass.exe (596)
C:\windows\system32\lsm.exe (604)
C:\windows\system32\svchost.exe (712)
C:\windows\system32\svchost.exe (800)
C:\windows\System32\svchost.exe (984)
C:\windows\System32\svchost.exe (1040)
C:\windows\system32\svchost.exe (1064)
C:\windows\system32\svchost.exe (1224)
C:\windows\system32\svchost.exe (1312)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1492)
C:\windows\system32\Dwm.exe (1680)
C:\windows\system32\svchost.exe (416)
C:\windows\system32\svchost.exe (1616)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (2428)
C:\windows\system32\wbem\wmiprvse.exe (4000)
C:\windows\System32\rundll32.exe (3156)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3148)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (4620)
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (3948)
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (5884)
C:\windows\system32\SearchIndexer.exe (1120)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4772)
C:\windows\System32\spoolsv.exe (2192)
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (5964)
C:\windows\System32\rundll32.exe (2364)
C:\windows\Explorer.exe (2528)
C:\windows\system32\svchost.exe (3600)
C:\windows\System32\svchost.exe (3300)
C:\Program Files\Google\Chrome\Application\chrome.exe (4752)
C:\Program Files\Google\Chrome\Application\chrome.exe (112)
C:\windows\system32\DllHost.exe (5812)
C:\windows\System32\WUDFHost.exe (4680)
C:\Program Files\Google\Chrome\Application\chrome.exe (5672)
C:\Program Files\Google\Chrome\Application\chrome.exe (5628)
C:\UsbFix\Go.exe (1460)
C:\windows\system32\wbem\wmiprvse.exe (4336)
C:\Program Files\Google\Chrome\Application\chrome.exe (2572)
C:\windows\system32\taskeng.exe (3128)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [Flyer] - "c:\Ordina13 Help\MessageSCC.exe"
HKLM\SOFTWARE | Run : [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [AtherosBtStack] - "C:\Program Files\Bluetooth Suite\BtvStack.exe"
HKLM\SOFTWARE | Run : [AthBtTray] - "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HKLM\SOFTWARE | Run : [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE | RunOnceEx : [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2823203330-1570677491-1077528394-1014\SOFTWARE | Run : [Connexion SFR 9props.exe] - "C:\Program Files\SFR\Kit\9props.exe" /trayicon
HKU\S-1-5-21-2823203330-1570677491-1077528394-1014\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-2823203330-1570677491-1077528394-1014\SOFTWARE | Run : [Steam] - "C:\Program Files\Steam\Steam.exe" -silent
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Éléments infectieux |


################## | Registre |


################## | Mountpoints2 |



################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.org |