nicnac
Nombre d'articles : 0

Merci, voici le rapport :

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Annaïck Vandamme (Administrateur) # ANNAÏCKVANDAMME
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 17:49:48 | 17/11/2013

Site Web : http://www.usbfix.net » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Hewlett-Packard (1439)
CPU: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
RAM -> [Total : 2934 | Free : 1367]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 279 Go (168 Go libre(s) – 60%) [] # NTFS
D: -> Disque fixe # 18 Go (3 Go libre(s) – 14%) [RECOVERY] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 2 Go (2 Go libre(s) – 97%) [] # FAT

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 872 |ParentID: 564)
Stoppé! C:Windowssystem32WLANExt.exe (ID: 1280 |ParentID: 292)
Stoppé! C:Windowssystem32conhost.exe (ID: 1296 |ParentID: 452)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1376 |ParentID: 564)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1588 |ParentID: 564)
Stoppé! C:WindowsExplorer.EXE (ID: 1672 |ParentID: 1620)
Stoppé! C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1856 |ParentID: 564)
Stoppé! C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1908 |ParentID: 564)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1132 |ParentID: 564)
Stoppé! C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1548 |ParentID: 564)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1792 |ParentID: 564)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine18.7.2.3ccSvcHst.exe (ID: 1972 |ParentID: 564)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 1540 |ParentID: 1672)
Stoppé! C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID: 1756 |ParentID: 1672)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 2240 |ParentID: 1672)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2260 |ParentID: 1672)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2272 |ParentID: 1672)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 2380 |ParentID: 1672)
Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID: 2412 |ParentID: 564)
Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe (ID: 2440 |ParentID: 1672)
Stoppé! C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2520 |ParentID: 564)
Stoppé! C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2552 |ParentID: 564)
Stoppé! C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 2584 |ParentID: 1672)
Stoppé! C:Program Files (x86)Norton Internet SecurityEngine18.7.2.3ccSvcHst.exe (ID: 2844 |ParentID: 1972)
Stoppé! C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe (ID: 2800 |ParentID: 564)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2608 |ParentID: 564)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3308 |ParentID: 564)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3828 |ParentID: 2608)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID: 3912 |ParentID: 1672)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4036 |ParentID: 1540)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2716 |ParentID: 564)
Stoppé! C:WindowsSystem32wscript.exe (ID: 3804 |ParentID: 1672)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 4420 |ParentID: 3964)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID: 4440 |ParentID: 3964)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 4472 |ParentID: 3964)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID: 4540 |ParentID: 3964)
Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 4764 |ParentID: 564)
Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4920 |ParentID: 564)
Stoppé! C:Windowssystem32DllHost.exe (ID: 2020 |ParentID: 700)
Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 2720 |ParentID: 2204)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 3444 |ParentID: 564)
Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 3528 |ParentID: 564)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 3516 |ParentID: 564)
Stoppé! C:Program FilesRealtekRtVOsdRtVOsdService.exe (ID: 3056 |ParentID: 564)
Stoppé! C:Program FilesRealtekRtVOsdRtVOsd.exe (ID: 2728 |ParentID: 3056)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 1844 |ParentID: 564)
Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID: 2188 |ParentID: 2440)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 4144 |ParentID: 444)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5260 |ParentID: 564)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 7040 |ParentID: 564)
Stoppé! C:Program FilesMicrosoft GamesFreeCellFreeCell.exe (ID: 3512 |ParentID: 1672)
Stoppé! C:Program Files (x86)Hewlett-PackardHP CeementHPCEE.exe (ID: 3948 |ParentID: 2440)
Stoppé! C:Program Files (x86)Microsoft OfficeOffice12EXCEL.EXE (ID: 5552 |ParentID: 1672)
Stoppé! c:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID: 4480 |ParentID: 9136)
Stoppé! c:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID: 5232 |ParentID: 872)
Stoppé! C:Windowssystem32conhost.exe (ID: 8576 |ParentID: 452)
Stoppé! C:WindowsSystem32RunDll32.exe (ID: 7748 |ParentID: 1672)
Stoppé! C:Windowssystem32taskeng.exe (ID: 6988 |ParentID: 444)
Stoppé! C:Windowssystem32taskeng.exe (ID: 4176 |ParentID: 444)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5240 |ParentID: 444)
Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 4704 |ParentID: 1672)
Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6680 |ParentID: 4704)
Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 7856 |ParentID: 4704)
Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 7816 |ParentID: 4704)
Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 8388 |ParentID: 4704)
Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1404 |ParentID: 4704)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5800 |ParentID: 292)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 8764 |ParentID: 3308)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 3320 |ParentID: 3308)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
04 – HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWARE | Run : [GrooveMonitor] – « C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe »
04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWARE | Run : [vProt] – « C:Program Files (x86)AVG Secure Searchvprot.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [GrooveMonitor] – « C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWAREwow6432Node | Run : [vProt] – « C:Program Files (x86)AVG Secure Searchvprot.exe »
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [HPAdvisorDock] – C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Google Update] – « C:UsersAnnaïck VandammeAppDataLocalGoogleUpdateGoogleUpdate.exe » /c
04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Xvid] – C:Program Files (x86)XvidCheckUpdate.exe
04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [msnmsgr] – ~ »C:Program Files (x86)Windows LiveMessengermsnmsgr.exe » /background
04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Skype] – « C:Program Files (x86)SkypePhoneSkype.exe » /minimized /regrun
04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B « C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe »
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – « C:WindowsSystem32SPReviewSPReview.exe » /sp:1 /errorfwlink: »http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Recherche générique |

Supprimé! C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersAnnaïck VandammeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! G:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersAnnaïck VandammeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> G:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2F
Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2{2f868993-1b7e-11e1-ab98-d27c2fd3a6bf}
Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2{95b148d2-4298-11e0-b050-a564a400dfbd}

################## | Listing |

[24/03/2012 – 12:05:51 | SHD ] C:$Recycle.Bin
[15/06/2011 – 21:34:36 | D ] C:6d540b9ea57edd9983353eebe51f
[04/06/2013 – 09:00:07 | N | 17556] C:AdwCleaner[S1].txt
[03/08/2010 – 22:26:11 | SHD ] C:boot
[14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
[17/11/2013 – 12:39:46 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[04/11/2013 – 14:31:54 | ASH | 2307280896] C:hiberfil.sys
[21/01/2011 – 23:29:58 | D ] C:HP
[21/01/2011 – 23:06:19 | D ] C:Intel
[15/02/2013 – 10:08:08 | N | 40] C:log.txt
[03/03/2011 – 23:42:40 | RHD ] C:MSOCache
[04/11/2013 – 14:32:30 | ASH | 3076374528] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[02/06/2013 – 14:16:41 | D ] C:Program Files
[10/10/2013 – 12:19:59 | D ] C:Program Files (x86)
[15/11/2013 – 08:44:14 | HD ] C:ProgramData
[25/02/2011 – 19:28:28 | SHD ] C:Recovery
[17/11/2011 – 06:41:38 | D ] C:sooi832.bin
[26/05/2013 – 10:21:41 | D ] C:SwSetup
[15/11/2013 – 08:44:44 | SHD ] C:System Volume Information
[25/02/2011 – 19:28:31 | D ] C:SYSTEM.SAV
[17/11/2013 – 18:03:04 | D ] C:UsbFix
[17/11/2013 – 18:03:21 | A | 13612] C:UsbFix [Clean 1] ANNAÏCKVANDAMME.txt
[25/02/2011 – 19:23:54 | RD ] C:Users
[19/10/2013 – 10:50:47 | D ] C:Windows
[25/02/2011 – 19:40:32 | SHD ] D:$RECYCLE.BIN
[25/02/2011 – 19:40:28 | SHD ] D:boot
[14/07/2009 – 19:39:00 | ASH | 383562] D:bootmgr
[25/02/2011 – 19:40:27 | N | 0] D:BT_HP.FLG
[22/01/2011 – 09:06:46 | N | 483] D:CSP.DAT
[22/01/2011 – 09:16:03 | N | 14138] D:DeployRp.log
[25/02/2011 – 19:40:28 | D ] D:hp
[03/01/2012 – 17:28:22 | N | 19] D:HPSF_Rep.txt
[25/02/2011 – 19:40:18 | N | 8] D:HP_WSD.dat
[25/02/2011 – 19:40:27 | N | 22] D:language.ini
[25/02/2011 – 19:40:28 | SHD ] D:preload
[25/02/2011 – 19:40:28 | SD ] D:Recovery
[22/01/2011 – 09:16:00 | N | 0] D:RPCONFIG.LOG
[03/08/2012 – 08:19:47 | SHD ] D:System Volume Information
[25/02/2011 – 19:40:28 | D ] D:system.sav
[21/10/2011 – 23:46:23 | R | 733210624] E:Dardenne – Le Gamin Au Vélo.avi
[25/10/2011 – 21:08:47 | R | 733947904] E:Minuit.A.Paris.FRENCH.DVDRip.XviD-AYMO.avi

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |