Marie
Nombre d'articles : 0

Bonsoir, merci !

Voilà ce que j’ai reçu :

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Marie (Administrateur) # MARIE-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 20:19:24 | 12/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Packard Bell (SJV70_HR)
CPU: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
RAM -> [Total : 8044 | Free : 4955]
Bios: Packard Bell
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 446 Go (364 Go libre(s) – 82%) [Packard Bell] # NTFS
D: -> Disque fixe # 466 Go (466 Go libre(s) – 100%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 94%) [] # FAT32
G: -> Disque amovible # 4 Go (2 Go libre(s) – 52%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1532 |ParentID: 676)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1868 |ParentID: 676)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe (ID: 1528 |ParentID: 676)
Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID: 2076 |ParentID: 676)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 3552 |ParentID: 1868)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe (ID: 1316 |ParentID: 1528)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 4980 |ParentID: 4252)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavscan.exe (ID: 2980 |ParentID: 1532)
Stoppé! C:ProgramDataBitGuard2.7.1769.27{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID: 1080 |ParentID: 676)
Stoppé! C:Windowsexplorer.exe (ID: 4276 |ParentID: 840)
Stoppé! C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID: 4268 |ParentID: 676)
Stoppé! C:ProgramDataBitGuard2.7.1769.27{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID: 7376 |ParentID: 1080)
Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 2296 |ParentID: 676)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7624 |ParentID: 552)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 4736 |ParentID: 796)
Stoppé! C:Program Files (x86)Launch ManagerLMworker.exe (ID: 7028 |ParentID: 2296)
Stoppé! C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 4608 |ParentID: 2296)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4612 |ParentID: 676)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 7228 |ParentID: 676)
Stoppé! C:Windowssystem32taskeng.exe (ID: 1972 |ParentID: 688)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1392 |ParentID: 676)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 3860 |ParentID: 676)
Stoppé! C:UsersMarieAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2532 |ParentID: 4276)
Stoppé! C:UsersMarieAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2568 |ParentID: 2532)
Stoppé! C:UsersMarieAppDataLocalGoogleChromeApplicationchrome.exe (ID: 2340 |ParentID: 2532)
Stoppé! C:UsersMarieAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5880 |ParentID: 2532)
Stoppé! C:UsersMarieAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6616 |ParentID: 2532)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 4596 |ParentID: 676)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1064 |ParentID: 4596)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [lxdimon.exe] – “C:Program Files (x86) (x86)Lexmark 3500-4500 Serieslxdimon.exe”
04 – HKLMSOFTWARE | Run : [lxdiamon] – “C:Program Files (x86) (x86)Lexmark 3500-4500 Serieslxdiamon.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [Reader Application Helper] – C:Program Files (x86)SonyReaderDesktopappHelperReaderAppHelper.exe
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWAREwow6432Node | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [lxdimon.exe] – “C:Program Files (x86) (x86)Lexmark 3500-4500 Serieslxdimon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [lxdiamon] – “C:Program Files (x86) (x86)Lexmark 3500-4500 Serieslxdiamon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [Reader Application Helper] – C:Program Files (x86)SonyReaderDesktopappHelperReaderAppHelper.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1741496536-1965030743-3869395092-1000SOFTWARE | Run : [Google Update] – “C:UsersMarieAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-1741496536-1965030743-3869395092-1000SOFTWARE | Run : [Spotify] – “C:UsersMarieAppDataRoamingSpotifySpotify.exe” /uri spotify:autostart
04 – HKUS-1-5-21-1741496536-1965030743-3869395092-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsersMarieAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-1741496536-1965030743-3869395092-1000SOFTWARE | Run : [Sony PC Companion] – “C:Program Files (x86)SonySony PC CompanionPCCompanion.exe” /Background
04 – HKUS-1-5-21-1741496536-1965030743-3869395092-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersMarieAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-1741496536-1965030743-3869395092-1000SOFTWARE | Run : [SergeLeLama] – wscript.exe //B “C:UsersMarieAppDataLocalTempSergeLeLama.vbs”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersMarieAppDataRoamingSergeLeLama.vbs
Supprimé! C:UsersMarieAppDataRoaming3040000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming3040000
Supprimé! C:UsersMarieAppDataRoaming3080000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming3080000
Supprimé! C:UsersMarieAppDataRoaming30C0000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming30C0000
Supprimé! C:UsersMarieAppDataRoaming3100000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming3100000
Supprimé! C:UsersMarieAppDataRoaming3120000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming3120000
Supprimé! C:UsersMarieAppDataRoaming3140000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming3140000
Supprimé! C:UsersMarieAppDataRoaming3180000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming3180000
Supprimé! C:UsersMarieAppDataRoaming4120000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming4120000
Supprimé! C:UsersMarieAppDataRoaming4130000ak.tmp
Supprimé! C:UsersMarieAppDataRoaming4130000
Supprimé! C:UsersMarieAppDataLocalTempSergeLeLama.vbs
Supprimé! C:UsersMarieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Supprimé! F:iTunesHelper.vbe
Supprimé! F:SergeLeLama.vbs
Supprimé! G:iTunesHelper.vbe
Supprimé! G:SergeLeLama.vbs
Supprimé! F:A7KGEquN.lnk
Supprimé! F:Bruno Mars – Locked Out Of Heaven [OFFICIAL VIDEO].lnk
Supprimé! F:Présenter le système linguistique.lnk
Supprimé! F:A imprimer.lnk
Supprimé! F:Intercalaires.lnk
Supprimé! F:Histoire.lnk
Supprimé! F:Moos – Au nom de la rose.lnk
Supprimé! F:iTunesHelper.lnk
Supprimé! G:NIKON001.lnk
Supprimé! G:Fortunato_Marie_1990_08_27-X-2012_05_22_10_12_53-4.lnk
Supprimé! G:_disk_id.lnk
Supprimé! G:MISC.lnk
Supprimé! G:DCIM.lnk
Supprimé! G:NCFL.lnk
Supprimé! G:Antho.lnk
Supprimé! G:MSa2emHR.lnk
Supprimé! G:iTunesHelper.lnk
Supprimé! C:UsersPublic4z1z.VBE
Supprimé! C:UsersPublic4zz.VBE
Supprimé! C:UsersPublic7z1z.VBE
Supprimé! C:UsersPublic7zz.VBE
Supprimé! C:UsersPublic9eizmmD.vbe
Supprimé! C:UsersPublic9stziemD.VBE
Supprimé! C:UsersPublica4z1z.VBE
Supprimé! C:UsersPublica7z1z.VBE
Supprimé! C:UsersMarieAppDataRoamingMarie-wchelper.dll
Supprimé! C:UsersMarieAppDataRoamingPublic
Supprimé! C:UsersMarieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5z1z.lnk
Supprimé! C:UsersMarieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5zz.lnk
Supprimé! C:UsersMarieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupa5z1z.lnk
Supprimé! C:UsersMarieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiz710bclD.lnk
Supprimé! C:UsersMarieAppDataLocalTempMarie7
Supprimé! C:UsersMarieAppDataLocalTemp201.pif
Supprimé! C:UsersMarieAppDataLocalTempMusiques.pif
Supprimé! C:UsersMarieAppDataLocalTempSkype.pif
Supprimé! C:UsersMarieAppDataLocalTemp21rs4fd.hta
Supprimé! C:UsersMarieAppDataLocalTemp452CG4.hta
Supprimé! C:UsersMarieAppDataLocalTemp4erg.hta
Supprimé! C:UsersMarieAppDataLocalTempB2Y.hta
Supprimé! C:UsersMarieAppDataLocalTempc4afg.hta
Supprimé! C:UsersMarieAppDataLocalTempCG6.hta
Supprimé! C:UsersMarieAppDataLocalTempCG7.hta
Supprimé! C:UsersMarieAppDataLocalTempd44.hta
Supprimé! C:UsersMarieAppDataLocalTemped4.hta
Supprimé! C:UsersMarieAppDataLocalTempGenial-O77.hta
Supprimé! C:UsersMarieAppDataLocalTemps9z.hta
Supprimé! C:UsersMarieAppDataLocalTempvvva.hta
Supprimé! C:UsersMarieAppDataLocalTempzzzzia.hta
Non supprimé ! F:A7KGEquN.vbs
Non supprimé ! F:AUTORUN.INF
Non supprimé ! G:MSa2emHR.vbs

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic4z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic4zz.VBE
Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic7z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic7zz.VBE
Md5 : 9CE0C4ECF33A551D333BC9C8293B8A48 -> C:UsersPublic9eizmmD.vbe
Md5 : 9CE0C4ECF33A551D333BC9C8293B8A48 -> C:UsersPublic9stziemD.VBE
Md5 : 0BCD7B50B346D6ED712781C3E5AEB8A2 -> C:UsersPublica4z1z.VBE
Md5 : 0BCD7B50B346D6ED712781C3E5AEB8A2 -> C:UsersPublica7z1z.VBE
Md5 : C134AD477B828B7922928E0420961979 -> C:UsersMarieAppDataRoamingSergeLeLama.vbs
Md5 : C134AD477B828B7922928E0420961979 -> C:UsersMarieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
Md5 : C134AD477B828B7922928E0420961979 -> C:UsersMarieAppDataLocalTempSergeLeLama.vbs
Md5 : 7F1288B6DCEBAC8A8E82718B67FD4DF3 -> C:UsersMarieAppDataLocalTempSkype.pif
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> F:iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> F:A7KGEquN.vbs
Md5 : C134AD477B828B7922928E0420961979 -> F:SergeLeLama.vbs
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> G:iTunesHelper.vbe
Md5 : D41D8CD98F00B204E9800998ECF8427E -> G:MSa2emHR.vbs
Md5 : C134AD477B828B7922928E0420961979 -> G:SergeLeLama.vbs

################## | Comparaison MD5 |

Supprimé! Md5 : 7F1288B6DCEBAC8A8E82718B67FD4DF3 -> C:UsersMarieAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PSMPVHEBSkype[1].pif
Supprimé! Md5 : D41D8CD98F00B204E9800998ECF8427E -> C:UsersMarieDownloadsWebplayer_FR.exe
Non supprimé ! Md5 : D41D8CD98F00B204E9800998ECF8427E -> F:A7KGEquN.vbs
Non supprimé ! Md5 : D41D8CD98F00B204E9800998ECF8427E -> G:MSa2emHR.vbs

################## | Registre |

Supprimé! HKCUSoftwareÀ classé
Supprimé! HKUS-1-5-21-1741496536-1965030743-3869395092-1000SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
Supprimé! HKUS-1-5-21-1741496536-1965030743-3869395092-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-1741496536-1965030743-3869395092-1000Software….Mountpoints2{64094eb5-5822-11e2-95b3-dc0ea10b1dc7}
Supprimé! HKUS-1-5-21-1741496536-1965030743-3869395092-1000Software….Mountpoints2{d01e18bf-1078-11e3-a0e6-dc0ea10b1dc7}

################## | Listing |

[10/12/2011 – 20:35:47 | SHD ] C:$Recycle.Bin
[10/12/2011 – 20:44:40 | D ] C:book
[11/08/2011 – 17:16:08 | RASH | 8192] C:BOOTSECT.BAK
[04/11/2013 – 12:57:53 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[10/12/2011 – 20:32:08 | D ] C:Dokumente und Einstellungen
[12/11/2013 – 14:36:29 | ASH | 6325948416] C:hiberfil.sys
[11/08/2011 – 16:29:48 | D ] C:Intel
[19/07/2013 – 23:09:54 | N | 40] C:log.txt
[20/05/2012 – 11:18:52 | N | 425] C:lxdi.log
[18/05/2012 – 17:06:38 | N | 630] C:lxdicomx.log
[11/12/2011 – 13:36:55 | RHD ] C:MSOCache
[10/12/2011 – 20:46:34 | D ] C:OEM
[12/11/2013 – 14:36:35 | ASH | 8434597888] C:pagefile.sys
[14/07/2009 – 04:20:08 | HD ] C:PerfLogs
[12/10/2013 – 10:23:17 | D ] C:Program Files
[01/11/2013 – 21:41:08 | D ] C:Program Files (x86)
[18/05/2012 – 17:02:53 | D ] C:Program Files (x86) (x86)
[01/11/2013 – 21:41:08 | HD ] C:ProgramData
[10/12/2011 – 20:32:08 | D ] C:Programme
[10/12/2011 – 20:32:08 | SHD ] C:Recovery
[12/11/2013 – 18:31:42 | SHD ] C:System Volume Information
[12/11/2013 – 20:31:36 | D ] C:UsbFix
[12/11/2013 – 20:31:57 | A | 15919] C:UsbFix [Clean 2] MARIE-PC.txt
[12/11/2013 – 19:19:58 | N | 21233] C:UsbFix [Scan 1] MARIE-PC.txt
[10/12/2011 – 20:32:17 | RD ] C:Users
[13/10/2013 – 23:12:38 | D ] C:Windows
[10/12/2011 – 20:35:47 | SHD ] D:$RECYCLE.BIN
[10/02/2012 – 15:02:21 | SHD ] D:System Volume Information
[22/09/2013 – 18:04:18 | D ] F:A imprimer
[11/10/2011 – 13:04:36 | H | 16] F:AUTORUN.INF
[28/08/2013 – 23:08:04 | N | 131177] F:A7KGEquN.vbs
[04/10/2013 – 21:38:22 | D ] F:Intercalaires
[04/10/2013 – 15:46:54 | D ] F:Histoire
[31/10/2013 – 18:29:54 | N | 3752051] F:Bruno Mars – Locked Out Of Heaven [OFFICIAL VIDEO].mp3
[07/05/2013 – 12:11:42 | N | 20958] F:Présenter le système linguistique.docx
[07/07/2012 – 20:35:42 | N | 4054654] F:Moos – Au nom de la rose.mp3
[23/12/2012 – 16:25:54 | D ] G:MISC
[23/12/2012 – 16:25:56 | D ] G:DCIM
[23/12/2012 – 16:25:56 | N | 512] G:NIKON001.DSC
[23/12/2012 – 16:26:12 | D ] G:NCFL
[13/12/2012 – 12:03:34 | D ] G:Antho
[13/12/2012 – 12:03:56 | N | 3071116] G:Fortunato_Marie_1990_08_27-X-2012_05_22_10_12_53-4.JPG
[23/12/2012 – 15:24:38 | N | 4] G:_disk_id.pod
[19/09/2013 – 13:12:10 | N | 131177] G:MSa2emHR.vbs

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Merci pour ta réponse