Maringouin
Participant
Nombre d'articles : 16

SCAN 2
############################## | UsbFix V 7.159 | [Recherche]

Utilisateur: FROTTBF-GUY (Administrateur) # FROTTBF-GUY-HP
Mis à jour le 06/01/2014 par El Desaparecido – Team SosVirus
Lancé à 15:13:48 | 08/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (1425)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3894 Mo| Free : 2624 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 238 Go (161 Go libre(s) – 68%) [] # NTFS
D: -> Disque fixe # 21 Go (3 Go libre(s) – 14%) [RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 3 Go (3 Go libre(s) – 98%) [Divers] # NTFS
G: -> Disque fixe # 155 Go (150 Go libre(s) – 97%) [FROTTBF] # NTFS
H: -> Disque amovible # 4 Go (4 Go libre(s) – 94%) [] # FAT32
I: -> Disque fixe # 49 Go (27 Go libre(s) – 55%) [Photos] # NTFS
J: -> Disque amovible # 4 Go (3 Go libre(s) – 91%) [SP UFD U2] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 540 |ParentID: 532)
C:Windowssystem32wininit.exe (ID: 604 |ParentID: 532)
C:Windowssystem32csrss.exe (ID: 628 |ParentID: 612)
C:Windowssystem32services.exe (ID: 660 |ParentID: 604)
C:Windowssystem32lsass.exe (ID: 688 |ParentID: 604)
C:Windowssystem32lsm.exe (ID: 696 |ParentID: 604)
C:Windowssystem32winlogon.exe (ID: 764 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 836 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 944 |ParentID: 660)
C:WindowsSystem32svchost.exe (ID: 124 |ParentID: 660)
C:WindowsSystem32svchost.exe (ID: 468 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 552 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 572 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 1124 |ParentID: 660)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1244 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 1756 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 1976 |ParentID: 660)
C:Windowssystem32svchost.exe (ID: 1916 |ParentID: 660)
C:Windowssystem32Dwm.exe (ID: 2552 |ParentID: 468)
C:Windowssystem32wbemunsecapp.exe (ID: 2632 |ParentID: 836)
C:Windowssystem32wbemwmiprvse.exe (ID: 2740 |ParentID: 836)
C:Windowssystem32svchost.exe (ID: 3100 |ParentID: 660)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3792 |ParentID: 960)
C:Windowssystem32svchost.exe (ID: 4664 |ParentID: 660)
C:Windowssystem32wbemwmiprvse.exe (ID: 1840 |ParentID: 836)
C:WindowsSystem32svchost.exe (ID: 1140 |ParentID: 660)
C:WindowsSystem32rundll32.exe (ID: 1272 |ParentID: 836)
C:WindowsSystem32WUDFHost.exe (ID: 1100 |ParentID: 468)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 2316 |ParentID: 660)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2420 |ParentID: 660)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2216 |ParentID: 2420)
C:WindowsExplorer.exe (ID: 2612 |ParentID: 1456)
C:Windowssystem32SearchIndexer.exe (ID: 3756 |ParentID: 660)
C:Windowssystem32SearchFilterHost.exe (ID: 1676 |ParentID: 3756)
C:Windowssystem32DllHost.exe (ID: 4600 |ParentID: 836)
C:Windowssystem32SearchProtocolHost.exe (ID: 3948 |ParentID: 3756)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3892 |ParentID: 660)
C:WindowsservicingTrustedInstaller.exe (ID: 2276 |ParentID: 660)
C:Windowssystem32sppsvc.exe (ID: 4892 |ParentID: 660)
C:WindowsSystem32spoolsv.exe (ID: 4420 |ParentID: 660)
C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe (ID: 2768 |ParentID: 660)
C:Windowssystem32SearchProtocolHost.exe (ID: 164 |ParentID: 3756)
C:Windowssystem32mspaint.exe (ID: 2712 |ParentID: 2612)
C:UsbFixGo.exe (ID: 3480 |ParentID: 2612)

################## | Regedit Run |

04 – HKLM..Run : [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLM..Run : [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLM..Run : [Ad-Aware Browsing Protection] “C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..RunOnce : []
04 – HKLM64..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM64..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM64..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM64..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLM64..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
04 – HKLM64..Run : [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
04 – HKLM64..Run : [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1808001180-3675462397-1662788160-1001..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-1808001180-3675462397-1662788160-1001..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-1808001180-3675462397-1662788160-1001..Run : [SpybotSD TeaTimer] C:Program Files (x86)Spybot – Search & DestroyTeaTimer.exe
04 – HKUS-1-5-21-1808001180-3675462397-1662788160-1001..Run : [Skype] “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-18..RunOnce : [adawarebp] reg.exe delete “HKCUSoftwareAppDataLowSoftwareadawarebp” /f
04 – HKUS-1-5-18..RunOnce : [adawarebp_XP] reg.exe delete “HKCUSoftwareadawarebp” /f

################## | Recherche générique |

################## | Registre |

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |