Lena
Nombre d'articles : 0

Bonsoir,

merci bcp pour votre aide !!

voici le rapport :

############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: Hélène (Administrateur) # HÉLENE-PC
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 20:13:46 | 07/11/2013

Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (N150P )
CPU: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
RAM -> [Total : 1013 | Free : 189]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 112 Go (65 Go libre(s) – 58%) [] # NTFS
D: -> Disque fixe # 166 Go (166 Go libre(s) – 100%) [] # NTFS
E: -> Disque amovible # 4 Go (3 Go libre(s) – 76%) [HÉLÈNE] # FAT32

################## | Référence de comparaison MD5 |

Md5 : DENIED -> C:UsersHLNE~1AppDataLocalTempIntel(R)Service.vbs
Md5 : 0432ea5e5d3d9897407715ac9a743ecc -> E:Intel(R)Service.vbs

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1460 |ParentID: 644)
Stoppé! C:windowssystem32WLANExt.exe (ID: 1468 |ParentID: 1024)
Stoppé! C:windowssystem32conhost.exe (ID: 1480 |ParentID: 500)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 1588 |ParentID: 644)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 1740 |ParentID: 644)
Stoppé! C:windowssystem32taskhost.exe (ID: 2104 |ParentID: 644)
Stoppé! C:windowssystem32taskeng.exe (ID: 2144 |ParentID: 1072)
Stoppé! C:windowsExplorer.EXE (ID: 2296 |ParentID: 2220)
Stoppé! C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 2836 |ParentID: 2296)
Stoppé! C:Program FilesElantechETDCtrl.exe (ID: 2932 |ParentID: 2296)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2944 |ParentID: 2296)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3012 |ParentID: 2296)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3172 |ParentID: 2296)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 3308 |ParentID: 644)
Stoppé! C:Program FilesElantechETDCtrlHelper.exe (ID: 3496 |ParentID: 2932)
Stoppé! C:Program FilesOpenOffice.org 3programsoffice.exe (ID: 4052 |ParentID: 3232)
Stoppé! C:Program FilesOpenOffice.org 3programsoffice.bin (ID: 1380 |ParentID: 4052)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID: 2224 |ParentID: 780)
Stoppé! C:Program FilesMicrosoftBingBarSeaPort.EXE (ID: 2632 |ParentID: 644)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1436 |ParentID: 644)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3300 |ParentID: 1436)
Stoppé! C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe (ID: 2524 |ParentID: 2144)
Stoppé! C:windowssystem32hkcmd.exe (ID: 984 |ParentID: 3184)
Stoppé! C:windowssystem32igfxtray.exe (ID: 3228 |ParentID: 3184)
Stoppé! C:windowssystem32igfxpers.exe (ID: 2620 |ParentID: 3184)
Stoppé! C:windowssystem32igfxsrvc.exe (ID: 1752 |ParentID: 780)
Stoppé! C:Program FilesSamsungSamsung Recovery Solution 4WCScheduler.exe (ID: 1900 |ParentID: 3184)
Stoppé! C:Program FilesSamsungEasy Display Managerdmhkcore.exe (ID: 3728 |ParentID: 3184)
Stoppé! C:Program FilesSamsungSFBSmartRestarter.exe (ID: 1164 |ParentID: 3184)
Stoppé! C:windowssystem32igfxext.exe (ID: 3072 |ParentID: 780)
Stoppé! C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe (ID: 3928 |ParentID: 2144)
Stoppé! C:PROGRA~1samsungSAMSUN~2SUPNOT~1.EXE (ID: 3812 |ParentID: 1424)
Stoppé! C:windowsservicingTrustedInstaller.exe (ID: 1216 |ParentID: 644)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4136 |ParentID: 644)
Stoppé! C:UsersHélèneAppDataLocalGoogleChromeApplicationchrome.exe (ID: 632 |ParentID: 2296)
Stoppé! C:UsersHélèneAppDataLocalGoogleChromeApplicationchrome.exe (ID: 4288 |ParentID: 632)
Stoppé! C:UsersHélèneAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3592 |ParentID: 632)
Stoppé! C:UsersHélèneAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1908 |ParentID: 632)
Stoppé! C:windowssystem32taskeng.exe (ID: 5292 |ParentID: 1072)
Stoppé! C:UsersHélèneAppDataLocalGoogleUpdateGoogleUpdate.exe (ID: 4584 |ParentID: 5292)
Stoppé! C:windowsSystem32WUDFHost.exe (ID: 5444 |ParentID: 1024)
Stoppé! \?C:windowssystem32wbemWMIADAP.EXE (ID: 2452 |ParentID: 1072)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLMSOFTWARE | Run : [ETDCtrl] – %ProgramFiles%ElantechETDCtrl.exe
04 – HKLMSOFTWARE | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-264978880-1747315322-2305944383-1000SOFTWARE | Run : [msnmsgr] – « C:Program FilesWindows LiveMessengermsnmsgr.exe » /background
04 – HKUS-1-5-21-264978880-1747315322-2305944383-1000SOFTWARE | Run : [Google Update] – « C:UsersHélèneAppDataLocalGoogleUpdateGoogleUpdate.exe » /c
04 – HKUS-1-5-21-264978880-1747315322-2305944383-1000SOFTWARE | Run : [Facebook Update] – « C:UsersHélèneAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKUS-1-5-21-264978880-1747315322-2305944383-1000SOFTWARE | Run : [Intel(R)Service] – wscript.exe //B « C:UsersHLNE~1AppDataLocalTempIntel(R)Service.vbs »
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersHLNE~1AppDataLocalTempIntel(R)Service.vbs
Supprimé! C:UsersHélèneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)Service.vbs
Supprimé! E:Intel(R)Service.vbs
Supprimé! E:BURR(1989)_Bone_remodeling.lnk
Supprimé! E:HAWKEY_MERBS(1995)_IJO_MSM_Eskimos.lnk
Supprimé! C:ProgramDataezsidmv.dat

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-264978880-1747315322-2305944383-1000SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)Service

################## | Listing |

[01/03/2012 – 20:45:25 | SHD ] C:$Recycle.Bin
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[07/11/2013 – 09:58:06 | ASH | 1062518784] C:hiberfil.sys
[25/07/2011 – 11:20:06 | D ] C:Intel
[01/03/2012 – 21:59:58 | D ] C:OpenOffice.org 3.3 (fr) Installation Files
[07/11/2013 – 09:58:09 | ASH | 1073741824] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[13/03/2013 – 19:36:49 | D ] C:Program Files
[07/11/2013 – 20:24:52 | HD ] C:ProgramData
[01/03/2012 – 20:26:16 | SHD ] C:Recovery
[25/07/2011 – 11:22:55 | N | 2069] C:RHDSetup.log
[25/07/2011 – 11:44:34 | N | 171] C:setup.log
[07/11/2013 – 15:51:10 | SHD ] C:System Volume Information
[07/11/2013 – 20:24:59 | D ] C:UsbFix
[07/11/2013 – 20:25:04 | A | 7752] C:UsbFix [Clean 1] HÉLENE-PC.txt
[01/03/2012 – 20:27:31 | RD ] C:Users
[20/09/2013 – 07:40:03 | D ] C:Windows
[01/03/2012 – 20:45:25 | SHD ] D:$RECYCLE.BIN
[15/09/2013 – 14:57:35 | D ] D:fa3f9b551b1b0f8ac0d149
[01/03/2012 – 21:43:25 | SHD ] D:System Volume Information
[04/03/2012 – 17:32:38 | D ] D:SystemSoftware
[27/10/2013 – 12:18:04 | RASHD ] E:Autorun.inf
[26/10/2013 – 12:00:14 | D ] E:A IMPRIMER
[25/10/2013 – 09:10:58 | D ] E:CV
[25/10/2013 – 11:50:28 | D ] E:Mémoire Master 2
[25/10/2013 – 09:11:50 | D ] E:Relevés de notes
[23/10/2013 – 12:37:56 | N | 3704895] E:BURR(1989)_Bone_remodeling.pdf
[23/10/2013 – 12:37:56 | N | 1214189] E:HAWKEY_MERBS(1995)_IJO_MSM_Eskimos.pdf

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |