Law
Participant
Nombre d'articles : 8

Merci de ta réponse rapide! :)

Oui, j’ai juste ces 2 clés.

Voici le rapport de « suppression » :

[spoiler:37n3jex6]############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Sophiane (Administrateur) # SOPHIANE-HP
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 15:41:11 | 10/11/2013

Site Web : http://www.usbfix.net » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Hewlett-Packard (338B)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3894 | Free : 2612]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 684 Go (515 Go libre(s) – 75%) [] # NTFS
D: -> Disque fixe # 15 Go (2 Go libre(s) – 11%) [RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 30 Go (30 Go libre(s) – 100%) [SOPHIANE] # FAT32
G: -> CD-ROM
H: -> Disque amovible # 7 Go (7 Go libre(s) – 98%) [SOPHIANE] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1584 |ParentID: 804)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2868 |ParentID: 2316)
Stoppé! C:Windowsexplorer.exe (ID: 2104 |ParentID: 752)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 7360 |ParentID: 920)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 976 |ParentID: 588)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 6872 |ParentID: 804)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3904 |ParentID: 804)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3928 |ParentID: 804)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2276 |ParentID: 804)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [IMSS] – « C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe »
04 – HKLMSOFTWARE | Run : [HPConnectionManager] – C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe »
04 – HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLMSOFTWARE | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
04 – HKLMSOFTWARE | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
04 – HKLMSOFTWARE | Run : [iTunesHelper] – « C:Program Files (x86)iTunesiTunesHelper.exe »
04 – HKLMSOFTWARE | Run : [BCSSync] – « C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe » /DelayServices
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWARE | Run : [PDFPrint] – C:Program Files (x86)PDF24pdf24.exe
04 – HKLMSOFTWARE | Run : [LogMeIn Hamachi Ui] – « C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe » –auto-start
04 – HKLMSOFTWARE | Run : [EaseUS EPM tray] – C:Program Files (x86)EaseUSEaseUS Partition Master 9.2.2binEpmNews.exe
04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWAREwow6432Node | Run : [IMSS] – « C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [HPConnectionManager] – C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – « C:Program Files (x86)iTunesiTunesHelper.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – « C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe » /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [PDFPrint] – C:Program Files (x86)PDF24pdf24.exe
04 – HKLMSOFTWAREwow6432Node | Run : [LogMeIn Hamachi Ui] – « C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe » –auto-start
04 – HKLMSOFTWAREwow6432Node | Run : [EaseUS EPM tray] – C:Program Files (x86)EaseUSEaseUS Partition Master 9.2.2binEpmNews.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3231291721-3476658805-130605364-1001SOFTWARE | Run : [Skype] – « C:Program Files (x86)SkypePhoneSkype.exe » /minimized /regrun
04 – HKUS-1-5-21-3231291721-3476658805-130605364-1001SOFTWARE | Run : [iCloudServices] – C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
04 – HKUS-1-5-21-3231291721-3476658805-130605364-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B « C:UsersSophianeAppDataLocalTempiTunesHelper.vbe »
04 – HKUS-1-5-21-3231291721-3476658805-130605364-1001SOFTWARE | Run : [DAEMON Tools Lite] – « C:Program Files (x86)DAEMON Tools LiteDTLite.exe » -autorun
04 – HKUS-1-5-21-3231291721-3476658805-130605364-1001SOFTWARE | Run : [Sidebar] – C:Program Files (x86)Windows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersSophianeAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersSophianeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! H:iTunesHelper.vbe
Supprimé! F:SI2.lnk
Supprimé! F:Montage PC.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! H:CV_sophiane-el-ghandouri_1.lnk
Supprimé! H:Montage du PC ELGHANDOURI.lnk
Supprimé! H:.Trash-1924.lnk
Supprimé! C:UsersPublic4z1z.VBE
Supprimé! C:UsersPublic7z1z.VBE
Non supprimé ! G:Setup.exe
Supprimé! D:desktop.ini
Non supprimé ! G:autorun.inf

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic4z1z.VBE
Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic7z1z.VBE
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersSophianeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersSophianeAppDataLocalTempiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> F:iTunesHelper.vbe
Md5 : 546B6DDF091A504EE22F2D4C931E625E -> H:iTunesHelper.vbe

################## | Comparaison MD5 |

Supprimé! Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> H:.Trash-1924filesiTunesHelper.vbe

################## | Registre |

Supprimé! HKUS-1-5-21-3231291721-3476658805-130605364-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-3231291721-3476658805-130605364-1001Software….Mountpoints2{d8866192-38cc-11e3-846a-2c27d7ec61c0}

################## | Listing |

[10/09/2013 – 20:22:05 | SHD ] C:$Recycle.Bin
[15/05/2011 – 11:36:32 | SHD ] C:boot
[21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[10/11/2013 – 11:45:25 | ASH | 3062255616] C:hiberfil.sys
[30/12/2011 – 01:55:06 | D ] C:HP
[30/12/2011 – 01:37:25 | D ] C:Intel
[19/10/2013 – 17:16:53 | RHD ] C:MSOCache
[10/11/2013 – 14:00:22 | ASH | 4083007488] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[23/10/2013 – 17:57:38 | D ] C:Program Files
[10/11/2013 – 14:29:38 | D ] C:Program Files (x86)
[10/11/2013 – 14:28:17 | HD ] C:ProgramData
[12/04/2013 – 13:24:15 | SHD ] C:Recovery
[25/07/2013 – 11:21:09 | D ] C:SWSetup
[08/11/2013 – 18:31:03 | SHD ] C:System Volume Information
[12/04/2013 – 13:24:20 | D ] C:SYSTEM.SAV
[10/11/2013 – 15:45:58 | D ] C:UsbFix
[10/11/2013 – 15:46:10 | A | 9484] C:UsbFix [Clean 1] SOPHIANE-HP.txt
[10/11/2013 – 15:13:57 | N | 11381] C:UsbFix [Scan 1] SOPHIANE-HP.txt
[12/04/2013 – 13:23:31 | RD ] C:Users
[10/11/2013 – 14:28:11 | D ] C:Windows
[25/12/2011 – 12:48:31 | SHD ] D:$RECYCLE.BIN
[25/12/2011 – 12:48:28 | RASHD ] D:boot
[14/07/2009 – 19:39:00 | RASH | 383562] D:bootmgr
[25/12/2011 – 12:48:28 | D ] D:FactoryUpdate
[25/12/2011 – 12:48:28 | D ] D:hp
[21/01/2012 – 14:36:30 | N | 20] D:HPSF_Rep.txt
[04/11/2012 – 18:46:24 | N | 8] D:HP_WSD.dat
[25/12/2011 – 12:48:28 | RSHD ] D:preload
[07/10/2013 – 19:23:36 | RSD ] D:recovery
[19/02/2012 – 23:22:23 | N | 426] D:RMCStatus.bin
[25/12/2011 – 12:48:28 | D ] D:RM_Reserve
[12/04/2013 – 13:58:59 | SHD ] D:System Volume Information
[07/11/2013 – 19:03:24 | N | 29593753] F:Montage PC.odt
[07/11/2013 – 18:58:24 | D ] F:SI2
[10/11/2013 – 14:23:16 | SHD ] F:Autorun.inf
[24/12/2001 – 16:33:12 | R | 2048] G:0000001.TMP
[24/12/2001 – 16:33:02 | R | 89718] G:0000407.016
[24/12/2001 – 16:33:04 | R | 180278] G:0000407.256
[24/12/2001 – 16:33:04 | R | 89718] G:0000409.016
[24/12/2001 – 16:33:04 | R | 180278] G:0000409.256
[24/12/2001 – 16:33:04 | R | 89718] G:000040a.016
[24/12/2001 – 16:33:04 | R | 180278] G:000040a.256
[24/12/2001 – 16:33:04 | R | 89718] G:000040c.016
[24/12/2001 – 16:33:04 | R | 180278] G:000040c.256
[24/12/2001 – 16:33:04 | R | 89718] G:0000410.016
[24/12/2001 – 16:33:04 | R | 180278] G:0000410.256
[24/12/2001 – 16:33:04 | R | 89718] G:0000809.016
[24/12/2001 – 16:33:04 | R | 180278] G:0000809.256
[24/02/2001 – 20:09:40 | R | 46] G:autorun.inf
[23/01/2002 – 13:53:56 | D ] G:Drivers
[24/12/2001 – 16:32:54 | R | 35840] G:drvmgt.dll
[23/01/2002 – 13:54:04 | D ] G:Install
[23/01/2002 – 13:56:50 | D ] G:MenuData
[24/12/2001 – 16:32:54 | R | 28400] G:secdrv.sys
[21/12/2001 – 18:01:46 | R | 69632] G:Setup.exe
[17/12/2001 – 19:17:16 | R | 332] G:Setup.ini
[08/11/2013 – 15:18:30 | D ] H:.Trash-1924
[06/11/2013 – 16:54:56 | N | 36462] H:CV_sophiane-el-ghandouri_1.odt
[08/11/2013 – 16:43:42 | N | 32107421] H:Montage du PC ELGHANDOURI.odt

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:37n3jex6]