Répondre à : grops problème 2016-09-08T13:14:51+00:00
familicomputer
Post count: 0

coucou!!

voila le rapport de USBFix après sur la suppression

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Rébecca (Administrateur) # PC-DE-CHAUFOUR
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 19:35:17 | 09/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
RAM -> [Total : 3036 | Free : 1337]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 144 Go (11 Go libre(s) – 8%) [] # NTFS
D: -> Disque fixe # 144 Go (106 Go libre(s) – 73%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (3 Go libre(s) – 87%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Windowssystem32SLsvc.exe (ID: 1380 |ParentID: 708)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1748 |ParentID: 708)
Stoppé! C:ProgramDataeSafeeGdpSvc.exe (ID: 1804 |ParentID: 708)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1284 |ParentID: 708)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1072 |ParentID: 708)
Stoppé! C:Program FilesCommon FilesAOLACSAOLAcsd.exe (ID: 916 |ParentID: 708)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 828 |ParentID: 708)
Stoppé! C:Program FilesDeviceVMBrowser Configuration UtilityBCUService.exe (ID: 2152 |ParentID: 708)
Stoppé! C:ProgramDataBitGuard2.7.1769.27{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID: 2172 |ParentID: 708)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 2200 |ParentID: 708)
Stoppé! C:PROGRA~1COMMON~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe (ID: 2316 |ParentID: 708)
Stoppé! C:Program FilesTortor.exe (ID: 2604 |ParentID: 708)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2676 |ParentID: 708)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2724 |ParentID: 708)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2784 |ParentID: 2676)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3060 |ParentID: 1164)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3804 |ParentID: 1188)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3948 |ParentID: 1188)
Stoppé! C:WindowsExplorer.EXE (ID: 3968 |ParentID: 3876)
Stoppé! C:Program FilesGoogleUpdate1.3.21.165GoogleCrashHandler.exe (ID: 1320 |ParentID: 4004)
Stoppé! C:ProgramDataBitGuard2.7.1769.27{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID: 536 |ParentID: 2172)
Stoppé! C:Program FilesWindows DefenderMSASCui.exe (ID: 2828 |ParentID: 3968)
Stoppé! C:Program FilesDeviceVMBrowser Configuration UtilityBCU.exe (ID: 3104 |ParentID: 3968)
Stoppé! C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 3492 |ParentID: 3968)
Stoppé! C:Program FilesCommon Filesaol1265362316eeaolsoftware.exe (ID: 3512 |ParentID: 3968)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 3504 |ParentID: 3968)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3520 |ParentID: 3968)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 3536 |ParentID: 3968)
Stoppé! C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 2560 |ParentID: 3968)
Stoppé! C:Program FilesIminentIMBoosterIMBooster.exe (ID: 3780 |ParentID: 3968)
Stoppé! C:Program FilesSweetIMMessengerSweetIM.exe (ID: 3820 |ParentID: 3968)
Stoppé! C:Program FilesCardDetectorHUAWEICardDetector.exe (ID: 3996 |ParentID: 3968)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 4020 |ParentID: 3968)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID: 2140 |ParentID: 3968)
Stoppé! C:Program FilesAlwil SoftwareAvast5avastui.exe (ID: 4084 |ParentID: 3968)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 4092 |ParentID: 3968)
Stoppé! C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 2108 |ParentID: 3968)
Stoppé! C:Program FilesPando NetworksMedia BoosterPMB.exe (ID: 1436 |ParentID: 3968)
Stoppé! C:WindowsSystem32wscript.exe (ID: 1024 |ParentID: 3968)
Stoppé! C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 3228 |ParentID: 3968)
Stoppé! D:AOL 9.0 VRwaol.exe (ID: 4228 |ParentID: 2968)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4380 |ParentID: 708)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 4764 |ParentID: 4092)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID: 4924 |ParentID: 708)
Stoppé! C:Program FilesHPDigital ImagingbinhpqSTE08.exe (ID: 5132 |ParentID: 3228)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 5256 |ParentID: 2724)
Stoppé! C:Program FilesHPDigital Imagingbinhpqbam08.exe (ID: 5368 |ParentID: 924)
Stoppé! C:Program FilesHPDigital Imagingbinhpqgpc01.exe (ID: 5552 |ParentID: 924)
Stoppé! D:AOL 9.0 VRshellmon.exe (ID: 3944 |ParentID: 4228)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 2164 |ParentID: 1188)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5924 |ParentID: 3968)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4824 |ParentID: 5924)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5320 |ParentID: 5924)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5504 |ParentID: 5924)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejucheck.exe (ID: 6132 |ParentID: 4020)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 1200 |ParentID: 708)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5992 |ParentID: 1188)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 5176 |ParentID: 2724)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3756 |ParentID: 5924)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [BCU] – “C:Program FilesDeviceVMBrowser Configuration UtilityBCU.exe”
04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe
04 – HKLMSOFTWARE | Run : [Skytel] – C:Program FilesRealtekAudioHDASkytel.exe
04 – HKLMSOFTWARE | Run : [HostManager] – C:Program FilesCommon FilesAOL1265362316eeAOLSoftware.exe
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [EoEngine] –
04 – HKLMSOFTWARE | Run : [EoWeather] –
04 – HKLMSOFTWARE | Run : [eorezo] –
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [IMBooster] – C:Program FilesIminentIMBoosterimbooster.exe /warmup
04 – HKLMSOFTWARE | Run : [SweetIM] – C:Program FilesSweetIMMessengerSweetIM.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [CardDetectorHUAWEI] – C:Program FilesCardDetectorHUAWEICardDetector.exe
04 – HKLMSOFTWARE | Run : [BEWINTERNET-FR-DMGP-V2SessionManager] – “C:Program FilesOrangeIEWInternetSessionManagerSessionManager.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-3385765646-2502414165-3692084876-1002SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-3385765646-2502414165-3692084876-1002SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-21-3385765646-2502414165-3692084876-1002SOFTWARE | Run : [msnmsgr] – ~”C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-3385765646-2502414165-3692084876-1002SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKUS-1-5-21-3385765646-2502414165-3692084876-1002SOFTWARE | Run : [Pando Media Booster] – C:Program FilesPando NetworksMedia BoosterPMB.exe
04 – HKUS-1-5-21-3385765646-2502414165-3692084876-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersRBECCA~1AppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-3385765646-2502414165-3692084876-1002SOFTWARE | Run : [AOL Fast Start] – “D:AOL 9.0 VRAOL.EXE” -b

################## | Recherche générique |

Supprimé! C:UsersRBECCA~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersRébeccaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! F:.lnk
Supprimé! F:LOST.DIR.lnk
Supprimé! F:.android_secure.lnk
Supprimé! F:Android.lnk
Supprimé! F:DCIM.lnk
Supprimé! F:Sounds.lnk
Supprimé! F:Halfbrick.lnk
Supprimé! F:.beintoo.lnk
Supprimé! F:Pictures.lnk
Supprimé! F:ppy_cross.lnk
Supprimé! F:download.lnk
Supprimé! F:.downloadTemp.lnk
Supprimé! F:media.lnk
Supprimé! F:bluetooth.lnk
Supprimé! F:samsungapps.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersRébeccaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersRBECCA~1AppDataLocalTempiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> F:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-3385765646-2502414165-3692084876-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-3385765646-2502414165-3692084876-1002Software….Mountpoints2{784be32a-874f-11e0-bbf8-00038a000015}
Supprimé! HKUS-1-5-21-3385765646-2502414165-3692084876-1002Software….Mountpoints2{a4c60095-75fc-11df-86b0-00038a000015}

################## | Listing |

[06/02/2010 – 10:39:37 | SHD ] C:$Recycle.Bin
[10/09/2012 – 14:23:49 | N | 1310720] C:Aladdin (F).smc
[18/09/2006 – 22:43:36 | N | 24] C:autoexec.bat
[14/08/2011 – 16:30:31 | D ] C:BigFishGamesCache
[04/02/2010 – 21:34:49 | SHD ] C:Boot
[11/04/2009 – 14:18:38 | RASH | 333257] C:bootmgr
[04/02/2010 – 21:34:51 | RAS | 8192] C:BOOTSECT.BAK
[04/11/2013 – 07:39:10 | HD ] C:Config.Msi
[18/09/2006 – 22:43:37 | N | 10] C:config.sys
[02/11/2006 – 14:02:03 | SHD ] C:Documents and Settings
[09/11/2013 – 19:19:04 | ASH | 3183992832] C:hiberfil.sys
[04/02/2010 – 21:56:05 | N | 193] C:Install.log
[04/02/2010 – 21:49:01 | D ] C:Intel
[09/02/2010 – 12:56:38 | N | 941] C:IPH.PH
[07/11/2011 – 20:16:08 | D ] C:jeux
[03/09/1997 – 02:25:06 | N | 524800] C:Mario.smc
[09/11/2013 – 19:19:03 | ASH | 3497803776] C:pagefile.sys
[21/01/2008 – 03:32:31 | D ] C:PerfLogs
[15/10/2013 – 12:23:09 | D ] C:Program Files
[04/11/2013 – 22:33:43 | HD ] C:ProgramData
[04/02/2010 – 21:52:50 | N | 1841] C:RHDSetup.log
[01/09/2013 – 21:58:00 | N | 8258] C:service.log
[01/01/1980 – 00:00:00 | N | 2097664] C:Super Mario All Stars (E).smc
[14/06/2013 – 17:27:02 | N | 8192] C:Super Mario All Stars (E).srm
[28/02/2013 – 17:38:14 | N | 8192] C:Super_Nes_Super_Mario_All-Stars.srm
[27/02/2013 – 13:34:59 | N | 282459] C:Super_Nes_Super_Mario_All-Stars.zst
[09/11/2013 – 13:36:42 | SHD ] C:System Volume Information
[09/11/2013 – 19:50:24 | D ] C:UsbFix
[09/11/2013 – 19:50:55 | A | 12786] C:UsbFix [Clean 3] PC-DE-CHAUFOUR.txt
[04/11/2013 – 19:53:45 | N | 16387] C:UsbFix [Scan 3] PC-DE-CHAUFOUR.txt
[06/02/2010 – 10:39:25 | RD ] C:Users
[29/10/2013 – 08:33:47 | D ] C:Windows
[06/02/2010 – 10:39:37 | SHD ] D:$RECYCLE.BIN
[12/12/2010 – 17:01:12 | D ] D:AOL 9.0 VR
[15/10/2013 – 12:16:18 | N | 134622711] D:Apache_OpenOffice_4.0.1_Win_x86_install_fr.exe
[26/01/2013 – 14:39:56 | N | 503312318] D:Catherine de Médicis et les châteaux de la Loire – Secrets d’Histoire.mp4
[21/07/2013 – 14:16:22 | D ] D:DRAMA
[26/01/2010 – 23:00:01 | D ] D:erData
[06/10/2012 – 19:23:54 | N | 17518127] D:Génériques de Pokémon – Saisons 1a1 1.mp4
[26/01/2013 – 14:47:14 | N | 422029624] D:Henri VIII, un amour de tyran – Secrets d’Histoire.mp4
[21/07/2013 – 12:24:25 | D ] D:Mangas
[24/05/2013 – 15:31:19 | D ] D:musique ordi
[14/02/2010 – 16:31:18 | D ] D:open office
[15/10/2013 – 12:18:45 | D ] D:open office 2
[24/05/2013 – 15:29:59 | D ] D:rebechou
[18/12/2012 – 12:04:06 | N | 688146306] D:Secrets d-histoire – E42 (1).avi
[12/06/2008 – 06:41:47 | SHD ] D:System Volume Information
[27/03/2010 – 21:12:56 | D ] D:VLC
[09/09/2013 – 12:16:48 | D ] F:LOST.DIR
[28/10/2013 – 23:06:54 | D ] F:.android_secure
[09/09/2013 – 12:16:58 | D ] F:Android
[09/09/2013 – 12:47:06 | D ] F:DCIM
[25/09/2013 – 07:54:48 | N | 77922304] F:.HPIMAGE.VFS
[28/10/2013 – 16:37:52 | D ] F:Sounds
[09/09/2013 – 13:35:08 | D ] F:Halfbrick
[09/09/2013 – 13:35:20 | D ] F:.beintoo
[09/09/2013 – 21:35:12 | N | 36] F:.profig.os
[10/09/2013 – 09:44:10 | D ] F:Pictures
[11/09/2013 – 22:24:08 | D ] F:ppy_cross
[07/11/2013 – 21:54:04 | D ] F:download
[20/10/2013 – 00:03:02 | D ] F:.downloadTemp
[25/09/2013 – 22:43:28 | D ] F:media
[01/10/2013 – 14:58:28 | D ] F:bluetooth
[11/10/2013 – 09:56:12 | D ] F:samsungapps

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |