chrispat.beauchamps
Participant
Nombre d'articles : 62

oups voici le rapport[spoiler:1qfkpell]############################## | UsbFix V 7.150 | [Recherche]

Utilisateur: Jessica (Administrateur) # JESSICA-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 11:57:28 | 10/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Mimic )
CPU: Intel(R) Celeron(R) CPU 877 @ 1.40GHz
RAM -> [Total : 3932 | Free : 2911]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 450 Go (382 Go libre(s) – 85%) [Acer] # NTFS
E: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 464 |ParentID: 452)
C:Windowssystem32wininit.exe (ID: 516 |ParentID: 452)
C:Windowssystem32csrss.exe (ID: 532 |ParentID: 508)
C:Windowssystem32services.exe (ID: 564 |ParentID: 516)
C:Windowssystem32lsass.exe (ID: 588 |ParentID: 516)
C:Windowssystem32lsm.exe (ID: 596 |ParentID: 516)
C:Windowssystem32winlogon.exe (ID: 656 |ParentID: 508)
C:Windowssystem32svchost.exe (ID: 752 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 832 |ParentID: 564)
c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 876 |ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 1004 |ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 352 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 476 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 536 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 1060 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 1208 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 1416 |ParentID: 564)
C:Windowssystem32Dwm.exe (ID: 1700 |ParentID: 352)
C:Windowssystem32svchost.exe (ID: 1896 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 2608 |ParentID: 564)
C:Windowssystem32svchost.exe (ID: 3428 |ParentID: 564)
C:Windowssystem32wbemwmiprvse.exe (ID: 3564 |ParentID: 752)
C:Windowssystem32wbemunsecapp.exe (ID: 3712 |ParentID: 752)
c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 1056 |ParentID: 564)
C:Windowsexplorer.exe (ID: 1076 |ParentID: 656)
C:Program FilesInteliCLS ClientHeciServer.exe (ID: 4452 |ParentID: 564)
C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 4600 |ParentID: 564)
C:Program Files (x86)Launch ManagerLMworker.exe (ID: 2492 |ParentID: 4600)
C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 4340 |ParentID: 4600)
C:Windowssystem32SearchIndexer.exe (ID: 1992 |ParentID: 564)
C:Windowssystem32DllHost.exe (ID: 2260 |ParentID: 752)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 4856 |ParentID: 564)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5004 |ParentID: 564)
C:Windowssystem32taskeng.exe (ID: 1672 |ParentID: 536)
C:WindowsSystem32spoolsv.exe (ID: 3788 |ParentID: 564)
C:Program FilesEgisTec IPSPMMUpdate.exe (ID: 184 |ParentID: 1672)
C:UsbFixGo.exe (ID: 1648 |ParentID: 2416)
C:Windowssystem32wbemwmiprvse.exe (ID: 2360 |ParentID: 752)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3035427628-744425887-619855534-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-3035427628-744425887-619855534-1000SOFTWARE | Run : [HP Deskjet 3070 B611 series (NET)] – “C:Program FilesHPHP Deskjet 3070 B611 seriesBinScanToPCActivationApp.exe” -deviceID “CN18S376ZV05MQ:NW” -scfn “HP Deskjet 3070 B611 series (NET)” -AutoStart 1
04 – HKUS-1-5-21-3035427628-744425887-619855534-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-18SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}

################## | Recherche générique |

################## | Registre |

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1qfkpell]
merci