pouille
Nombre d'articles : 0

merci de m’aider c’est gentil ;)
voila j’ai fais ce que tu m’as dis et voici le rapport :)

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: poe (Administrateur) # POUPOUILLE
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 23:11:58 | 09/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3579 | Free : 1872]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 445 Go (325 Go libre(s) – 73%) [] # NTFS
D: -> Disque fixe # 17 Go (2 Go libre(s) – 11%) [Recovery] # NTFS
E: -> Disque fixe # 4 Go (1 Go libre(s) – 28%) [HP_TOOLS] # FAT32
F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [FLASH DRIVE] # FAT32

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID: 880 |ParentID: 564)
Stoppé! C:Program FilesIDTWDMSTacSV.exe (ID: 1140 |ParentID: 564)
Stoppé! C:Windowssystem32Hpservice.exe (ID: 1392 |ParentID: 564)
Stoppé! C:Windowssystem32atieclxx.exe (ID: 1416 |ParentID: 880)
Stoppé! C:Windowssystem32WLANExt.exe (ID: 1600 |ParentID: 1004)
Stoppé! C:Windowssystem32conhost.exe (ID: 1612 |ParentID: 400)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1696 |ParentID: 564)
Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1736 |ParentID: 564)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1984 |ParentID: 564)
Stoppé! C:WindowsExplorer.EXE (ID: 2016 |ParentID: 1968)
Stoppé! C:Program FilesIDTWDMaestsrv.exe (ID: 1328 |ParentID: 564)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 1452 |ParentID: 564)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 372 |ParentID: 564)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 2116 |ParentID: 564)
Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 2144 |ParentID: 564)
Stoppé! C:WindowsSystem32ezSharedSvcHost.exe (ID: 2212 |ParentID: 564)
Stoppé! C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (ID: 2308 |ParentID: 564)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2444 |ParentID: 2016)
Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 2496 |ParentID: 2016)
Stoppé! C:Program FilesHewlett-PackardHP QuickWebhpqwutils.exe (ID: 2512 |ParentID: 2016)
Stoppé! C:Program FilesHewlett-PackardHP LaunchBoxHPTaskBar1.exe (ID: 2576 |ParentID: 2520)
Stoppé! C:Program FilesHewlett-PackardHP CoolSenseCoolSense.exe (ID: 2620 |ParentID: 2016)
Stoppé! C:Program FilesHewlett-PackardHP LaunchBoxHPTaskBar2.exe (ID: 2628 |ParentID: 2520)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2792 |ParentID: 1088)
Stoppé! C:Program FilesCyberLinkYouCamYCMMirage.exe (ID: 2828 |ParentID: 2792)
Stoppé! C:Program FilesAsk.comUpdaterUpdater.exe (ID: 2868 |ParentID: 2016)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 3016 |ParentID: 2016)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3024 |ParentID: 2016)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID: 3032 |ParentID: 2016)
Stoppé! C:Program FilesHewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID: 3040 |ParentID: 2016)
Stoppé! C:Program FilesHewlett-PackardHP On Screen DisplayHPOSD.exe (ID: 3048 |ParentID: 2016)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 3064 |ParentID: 2016)
Stoppé! C:Program FilesHewlett-PackardSharedHPDrvMntSvc.exe (ID: 3120 |ParentID: 564)
Stoppé! C:Program FilesHewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 3188 |ParentID: 564)
Stoppé! C:UserspoeAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 3228 |ParentID: 2016)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID: 3532 |ParentID: 2016)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3540 |ParentID: 2016)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3548 |ParentID: 2016)
Stoppé! C:Program FilesNorton Internet SecurityEngine19.9.1.14ccSvcHst.exe (ID: 3592 |ParentID: 564)
Stoppé! C:Program FilesMicrosoft Application Virtualization Clientsftvsa.exe (ID: 3868 |ParentID: 564)
Stoppé! C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 3956 |ParentID: 564)
Stoppé! C:Program FilesNorton Internet SecurityEngine19.9.1.14ccSvcHst.exe (ID: 2108 |ParentID: 3592)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2176 |ParentID: 564)
Stoppé! C:Program FilesMicrosoft Application Virtualization Clientsftlist.exe (ID: 2732 |ParentID: 564)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4204 |ParentID: 2176)
Stoppé! C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 4660 |ParentID: 2408)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 4856 |ParentID: 1452)
Stoppé! C:Windowssystem32conhost.exe (ID: 4888 |ParentID: 400)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 4936 |ParentID: 564)
Stoppé! C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 5068 |ParentID: 4660)
Stoppé! C:Program FilesHewlett-PackardSharedhpqWmiEx.exe (ID: 5408 |ParentID: 564)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5596 |ParentID: 564)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID: 6112 |ParentID: 564)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 6084 |ParentID: 2856)
Stoppé! C:Windowssystem32msiexec.exe (ID: 1944 |ParentID: 564)
Stoppé! C:Program FilesHewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 7860 |ParentID: 564)
Stoppé! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 8188 |ParentID: 564)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 112 |ParentID: 564)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 672 |ParentID: 1004)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID: 5460 |ParentID: 696)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBluetooth Headset Helper.exe (ID: 3260 |ParentID: 3548)
Stoppé! C:Windowssystem32taskhost.exe (ID: 6620 |ParentID: 564)
Stoppé! C:Program FilesMicrosoftBingBar7.2.241.0SeaPort.exe (ID: 7888 |ParentID: 564)
Stoppé! C:UserspoeAppDataLocalTempTrojan.exe (ID: 6412 |ParentID: 4612)
Stoppé! C:Program FilesCommon Filesmicrosoft sharedvirtualization handlercvh.exe (ID: 8296 |ParentID: 8688)
Stoppé! C:Program FilesCommon Filesmicrosoft sharedvirtualization handlerOfficeVirt.exe (ID: 9864 |ParentID: 8296)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 2596 |ParentID: 564)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 628 |ParentID: 1088)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 8396 |ParentID: 2016)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1560 |ParentID: 8396)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6076 |ParentID: 8396)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 8620 |ParentID: 8396)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 9084 |ParentID: 8396)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
04 – HKLMSOFTWARE | Run : [HPQuickWebProxy] – “C:Program FilesHewlett-PackardHP QuickWebhpqwutils.exe”
04 – HKLMSOFTWARE | Run : [SetDefault] – C:Program FilesHewlett-PackardHP LaunchBoxSetDefault.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [HP CoolSense] – C:Program FilesHewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
04 – HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program FilesEasyBits For KidsezRecover.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program FilesAsk.comUpdaterUpdater.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program FilesHewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWARE | Run : [HPOSD] – C:Program FilesHewlett-PackardHP On Screen DisplayHPOSD.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWARE | RunOnce : [NCPluginUpdater] – “c:program fileshewlett-packardhp health checkactivecheckproduct_lineNCPluginUpdater.exe” Update
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1393359087-3183399950-3005852446-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-1393359087-3183399950-3005852446-1001SOFTWARE | Run : [Spotify] – “C:UserspoeAppDataRoamingSpotifySpotify.exe” /uri spotify:autostart
04 – HKUS-1-5-21-1393359087-3183399950-3005852446-1001SOFTWARE | Run : [Spotify Web Helper] – “C:UserspoeAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-1393359087-3183399950-3005852446-1001SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-1393359087-3183399950-3005852446-1001SOFTWARE | Run : [Activator] – wscript.exe //B “C:UserspoeAppDataLocalTempActivator.vbs”
04 – HKUS-1-5-21-1393359087-3183399950-3005852446-1001SOFTWARE | Run : [5cd8f17f4086744065eb0992a09e05a2] – “C:UserspoeAppDataLocalTempTrojan.exe” ..
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UserspoeAppDataRoamingBabMaint.exe
Supprimé! C:UserspoeAppDataLocalTempActivator.vbs
Supprimé! C:UserspoeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5cd8f17f4086744065eb0992a09e05a2.exe
Supprimé! C:UserspoeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupActivator.vbs
Supprimé! F:Activator.vbs
Supprimé! F:Curriculum Vitae france.lnk
Supprimé! F:Partie 1_chap2.lnk
Supprimé! F:Partie1_chap3.lnk
Supprimé! F:Partie 1_chap1.lnk
Supprimé! F:liste des éléments.lnk
Supprimé! F:Résumé 2011.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! F:cours LV1 p4.lnk
Supprimé! F:Thumbs.lnk
Supprimé! F:desktop.lnk
Supprimé! F: .lnk
Supprimé! F:xxx.lnk
Supprimé! F:autorun.lnk
Supprimé! F:4#QVILEZJNBGT.lnk
Supprimé! C:UserspoeAppDataLocalTempTrojan.exe.tmp
Supprimé! C:UserspoeAppDataLocalTempLanceur.vbs
Supprimé! C:UserspoeAppDataLocalTemp7za.exe
Supprimé! C:UserspoeAppDataLocalTempTrojan.exe
Supprimé! D:desktop.ini
Supprimé! F:4#QVILEZJNBGT.ini
Supprimé! F:desktop.ini

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 9A193F949004F78F28193859BE75F13B -> C:UserspoeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupActivator.vbs
Md5 : 9A193F949004F78F28193859BE75F13B -> C:UserspoeAppDataLocalTempActivator.vbs
Md5 : 67EB1322395D41DDDC9045B4EEF2309D -> C:UserspoeAppDataLocalTempLanceur.vbs
Md5 : 885E9EB42889CA547F4E3515DCDE5D3D -> C:UserspoeAppDataLocalTemp7za.exe
Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:UserspoeAppDataLocalTempTrojan.exe
Md5 : 9A193F949004F78F28193859BE75F13B -> F:Activator.vbs

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-1393359087-3183399950-3005852446-1001SoftwareMicrosoftWindowsCurrentVersionRun|5cd8f17f4086744065eb0992a09e05a2
Supprimé! HKUS-1-5-21-1393359087-3183399950-3005852446-1001SoftwareMicrosoftWindowsCurrentVersionRun|Activator

################## | Listing |

[04/04/2012 – 23:07:48 | SHD ] C:$Recycle.Bin
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[12/08/2011 – 10:59:32 | SHD ] C:boot
[20/11/2010 – 22:29:06 | RASH | 383786] C:bootmgr
[05/06/2012 – 20:49:32 | D ] C:cf7c4178d0fb8ff52087d0b4c116f56d
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[31/12/2011 – 15:27:50 | D ] C:Firefox
[07/11/2013 – 21:42:15 | ASH | 2814566400] C:hiberfil.sys
[16/11/2011 – 01:20:56 | D ] C:HP
[09/07/2012 – 21:23:53 | D ] C:Kreapixel
[07/03/2012 – 22:17:45 | RHD ] C:MSOCache
[17/12/2011 – 22:25:53 | D ] C:ordinateur poë
[07/11/2013 – 21:42:17 | ASH | 3752755200] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[09/10/2013 – 23:09:33 | D ] C:Program Files
[20/01/2013 – 03:51:29 | HD ] C:ProgramData
[15/12/2011 – 16:31:59 | SHD ] C:Recovery
[18/10/2013 – 21:51:43 | D ] C:SWSetup
[09/11/2013 – 15:22:28 | SHD ] C:System Volume Information
[15/12/2011 – 16:32:06 | D ] C:SYSTEM.SAV
[09/11/2013 – 23:17:01 | D ] C:UsbFix
[09/11/2013 – 23:17:10 | A | 14146] C:UsbFix [Clean 4] POUPOUILLE.txt
[07/11/2013 – 23:37:05 | N | 13811] C:UsbFix [Scan 1] POUPOUILLE.txt
[07/11/2013 – 23:35:18 | N | 13929] C:UsbFix [Scan 2] POUPOUILLE.txt
[09/11/2013 – 22:41:36 | N | 15397] C:UsbFix [Scan 3] POUPOUILLE.txt
[09/07/2012 – 21:30:29 | N | 4547] C:user.js
[15/12/2011 – 16:31:06 | RD ] C:Users
[19/10/2013 – 08:31:09 | D ] C:Windows
[15/12/2011 – 16:37:32 | SHD ] D:$RECYCLE.BIN
[15/12/2011 – 16:37:24 | RASHD ] D:boot
[14/07/2009 – 19:39:00 | RASH | 383562] D:bootmgr
[15/12/2011 – 16:37:24 | D ] D:FactoryUpdate
[15/12/2011 – 16:37:24 | D ] D:hp
[10/03/2012 – 19:20:43 | N | 20] D:HPSF_Rep.txt
[15/12/2011 – 16:37:04 | N | 8] D:HP_WSD.dat
[15/12/2011 – 16:37:24 | RSHD ] D:preload
[15/12/2011 – 16:37:24 | RSD ] D:recovery
[15/12/2011 – 16:37:24 | D ] D:RM_Reserve
[14/02/2012 – 01:46:31 | SHD ] D:System Volume Information
[16/11/2011 – 01:07:04 | D ] E:Hewlett-Packard
[16/11/2011 – 01:28:24 | SHD ] E:$RECYCLE.BIN
[07/11/2012 – 12:59:22 | N | 8] E:HP_WSD.dat
[10/03/2012 – 19:20:46 | N | 20] E:HPSF_Rep.txt
[11/10/2013 – 01:41:26 | N | 1309886] F:Partie 1_chap2.docx
[11/10/2013 – 01:42:18 | N | 2306593] F:Partie1_chap3.docx
[11/10/2013 – 01:40:48 | N | 2079589] F:Partie 1_chap1.docx
[11/10/2013 – 01:37:00 | N | 62127] F:liste des éléments.pdf
[11/10/2013 – 01:34:44 | N | 102400] F:Résumé 2011.doc
[09/11/2013 – 22:47:36 | SHD ] F:Autorun.inf
[13/09/2011 – 21:48:58 | N | 578752] F:cours LV1 p4.jpg
[07/10/2013 – 14:25:44 | D ] F: 
[07/10/2013 – 14:25:54 | RASH | 320000] F:Thumbs.db
[11/10/2013 – 07:18:48 | D ] F:xxx
[11/10/2013 – 00:48:42 | N | 38842] F:Curriculum Vitae france.docx

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |