Anonyme
Nombre d'articles : 0

Merci beaucoup pour votre aide et conseils ! Voici les rapports d’analyse demandés:

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Jean-Baptiste (Administrateur) # PC-JB
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 21:18:11 | 22/11/2013

Site Web : http://www.usbfix.net » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Wistron (303C)
CPU: AMD Sempron(tm) SI-42
RAM -> [Total : 2814 | Free : 1231]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 139 Go (88 Go libre(s) – 63%) [] # NTFS
D: -> Disque fixe # 10 Go (2 Go libre(s) – 17%) [RECOVERY] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [0478 348710] # FAT32

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID: 740 |ParentID: 512)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1404 |ParentID: 512)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1552 |ParentID: 512)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1668 |ParentID: 512)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1700 |ParentID: 512)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1728 |ParentID: 512)
Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 1856 |ParentID: 512)
Stoppé! C:Windowssystem32PnkBstrA.exe (ID: 1900 |ParentID: 512)
Stoppé! C:Program FilesSMINSTBLService.exe (ID: 1928 |ParentID: 512)
Stoppé! C:Program FilesSpybot – Search & DestroySDWinSec.exe (ID: 1272 |ParentID: 512)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3856 |ParentID: 512)
Stoppé! C:Windowssystem32nvvsvc.exe (ID: 2360 |ParentID: 740)
Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 2912 |ParentID: 512)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1412 |ParentID: 512)
Stoppé! C:Windowssystem32taskhost.exe (ID: 4044 |ParentID: 512)
Stoppé! C:WindowsExplorer.EXE (ID: 2528 |ParentID: 3376)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 916 |ParentID: 2528)
Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 1228 |ParentID: 2528)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 2876 |ParentID: 2528)
Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 2988 |ParentID: 512)
Stoppé! C:WindowsPLFSetL.exe (ID: 2000 |ParentID: 2528)
Stoppé! C:Windowssnuvcdsm.exe (ID: 2324 |ParentID: 2528)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 532 |ParentID: 2528)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID: 3148 |ParentID: 2528)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2580 |ParentID: 2528)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3572 |ParentID: 916)
Stoppé! C:Program FilesSpybot – Search & DestroyTeaTimer.exe (ID: 4032 |ParentID: 2528)
Stoppé! C:UsersJean-BaptisteAppDataLocalGoogleUpdateGoogleUpdate.exe (ID: 3592 |ParentID: 2528)
Stoppé! C:UsersJean-BaptisteAppDataRoamingcacaowebcacaoweb.exe (ID: 2368 |ParentID: 2528)
Stoppé! C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 2320 |ParentID: 2528)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 2272 |ParentID: 512)
Stoppé! C:UsersJean-BaptisteAppDataRoamingDropboxbinDropbox.exe (ID: 868 |ParentID: 2528)
Stoppé! C:Program FilesHewlett-PackardSharedHpqToaster.exe (ID: 4068 |ParentID: 668)
Stoppé! C:UsersJean-BaptisteAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3952 |ParentID: 2528)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID: 2828 |ParentID: 512)
Stoppé! C:UsersJean-BaptisteAppDataLocalGoogleChromeApplicationchrome.exe (ID: 3780 |ParentID: 3952)
Stoppé! C:UsersJean-BaptisteAppDataLocalGoogleChromeApplicationchrome.exe (ID: 4168 |ParentID: 3952)
Stoppé! C:Program FilesHPDigital ImagingbinhpqSTE08.exe (ID: 4316 |ParentID: 2320)
Stoppé! C:Program FilesHPDigital Imagingbinhpqbam08.exe (ID: 4448 |ParentID: 668)
Stoppé! C:Program FilesHPDigital Imagingbinhpqgpc01.exe (ID: 4576 |ParentID: 668)
Stoppé! C:UsersJean-BaptisteAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5444 |ParentID: 3952)
Stoppé! C:UsersJean-BaptisteAppDataLocalGoogleChromeApplicationchrome.exe (ID: 5908 |ParentID: 3952)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejucheck.exe (ID: 2276 |ParentID: 2580)
Stoppé! C:Windowssystem32ctfmon.exe (ID: 5224 |ParentID: 532)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 6012 |ParentID: 908)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [hpqSRMon] – C:Program FilesHPDigital ImagingbinhpqSRMon.exe
04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – « C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkPower2Go » UpdateWithCreateOnce « SOFTWARECyberLinkPower2Go6.0 »
04 – HKLMSOFTWARE | Run : [UpdatePSTShortCut] – « C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkDVD Suite » UpdateWithCreateOnce « SoftwareCyberLinkPowerStarter »
04 – HKLMSOFTWARE | Run : [PLFSetL] – C:WindowsPLFSetL.exe
04 – HKLMSOFTWARE | Run : [SNUVCDSM] – C:Windowssnuvcdsm.exe
04 – HKLMSOFTWARE | Run : [avast5] – « C:Program FilesAlwil SoftwareAvast5avastUI.exe » /nogui
04 – HKLMSOFTWARE | Run : [QuickTime Task] – « C:Program FilesQuickTimeQTTask.exe » -atboottime
04 – HKLMSOFTWARE | Run : [iTunesHelper] – « C:Program FilesiTunesiTunesHelper.exe »
04 – HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe »
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – « C:Program FilesCommon FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | Run : [SpybotSD TeaTimer] – C:Program FilesSpybot – Search & DestroyTeaTimer.exe
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | Run : [Jean-Baptiste] – C:UsersJean-BaptisteJean-Baptiste.exe
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | Run : [TomTomHOME.exe] – « C:Program FilesTomTom HOME 2TomTomHOMERunner.exe »
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | Run : [RDReminder] –
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | Run : [Google Update] – « C:UsersJean-BaptisteAppDataLocalGoogleUpdateGoogleUpdate.exe » /c
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | Run : [cacaoweb] – « C:UsersJean-BaptisteAppDataRoamingcacaowebcacaoweb.exe » -noplayer
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-21-222430623-1189483096-3784063953-1000SOFTWARE | RunOnce : [Application Restart #0] – C:UsersJean-BaptisteAppDataLocalGoogleChromeApplicationchrome.exe –flag-switches-begin –flag-switches-end –restore-last-session –flag-switches-begin –flag-switches-end — http://www.pewenvironment.org/uploadedFiles/PEG/Publications/Report/PEGBorealWaterReportFrench.pdf » onclick= »window.open(this.href);return false;

################## | Recherche générique |

Supprimé! D:desktop.ini

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-222430623-1189483096-3784063953-1000SoftwareMicrosoftWindowsCurrentVersionRun|Jean-Baptiste
Supprimé! HKUS-1-5-21-222430623-1189483096-3784063953-1000Software….Mountpoints2{235badc9-ff1f-11df-a77f-001f16df3f6e}
Supprimé! HKUS-1-5-21-222430623-1189483096-3784063953-1000Software….Mountpoints2{36ca554e-b662-11df-a168-001f16df3f6e}
Supprimé! HKUS-1-5-21-222430623-1189483096-3784063953-1000Software….Mountpoints2{82ec95f3-feec-11df-a776-001f16df3f6e}

################## | Listing |

[30/12/2009 – 17:03:24 | SHD ] C:$RECYCLE.BIN
[14/10/2010 – 21:32:29 | D ] C:9ab322e53a836d1d6ed877
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[06/05/2011 – 12:35:00 | SHD ] C:boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[10/12/2009 – 17:32:10 | RASH | 8192] C:BOOTSECT.BAK
[22/11/2013 – 01:47:15 | HD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[22/11/2013 – 19:46:19 | ASH | 2213351424] C:hiberfil.sys
[19/09/2009 – 10:02:33 | D ] C:HP
[03/12/2012 – 18:48:29 | N | 0] C:IO.SYS
[03/12/2012 – 18:48:29 | N | 0] C:MSDOS.SYS
[14/02/2010 – 18:16:53 | RHD ] C:MSOCache
[22/11/2013 – 19:46:31 | ASH | 2951139328] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[22/11/2013 – 00:13:27 | D ] C:Program Files
[31/12/2012 – 23:48:15 | HD ] C:ProgramData
[10/12/2009 – 18:34:47 | SHD ] C:Recovery
[19/09/2009 – 10:03:05 | D ] C:SWSetup
[22/11/2013 – 01:39:32 | SHD ] C:System Volume Information
[19/09/2009 – 10:03:05 | D ] C:System.sav
[22/11/2013 – 21:19:07 | D ] C:UsbFix
[22/11/2013 – 21:19:10 | A | 10411] C:UsbFix [Clean 2] PC-JB.txt
[21/11/2013 – 23:52:38 | N | 10717] C:UsbFix [Scan 1] PC-JB.txt
[10/12/2009 – 18:07:38 | RD ] C:Users
[02/06/2013 – 20:12:55 | D ] C:Windows
[19/09/2009 – 10:18:42 | SHD ] D:$RECYCLE.BIN
[19/09/2009 – 09:54:25 | N | 13] D:BLOCK.RIN
[18/07/2009 – 09:00:37 | RSHD ] D:boot
[04/10/2006 – 00:02:44 | SH | 438328] D:bootmgr
[10/09/2002 – 17:14:28 | N | 8134] D:Folder.htt
[18/07/2009 – 09:01:00 | D ] D:HP
[22/11/2013 – 19:47:36 | N | 196] D:MASTER.LOG
[18/07/2009 – 09:00:47 | RSHD ] D:PRELOAD
[12/09/2008 – 18:18:34 | SH | 156098] D:protect.arabic
[15/09/2008 – 17:06:26 | N | 151163] D:protect.bulgarian
[12/09/2008 – 18:22:34 | SH | 149947] D:protect.chinese hong kong
[12/09/2008 – 18:30:34 | SH | 150503] D:protect.chinese simplified
[12/09/2008 – 18:30:56 | SH | 149947] D:protect.chinese traditional
[12/09/2008 – 18:31:20 | SH | 149591] D:protect.czech
[12/09/2008 – 18:31:40 | SH | 148911] D:protect.danish
[12/09/2008 – 18:32:00 | SH | 148212] D:protect.dutch
[12/09/2008 – 18:32:20 | SH | 148950] D:protect.ed
[12/09/2008 – 18:32:38 | SH | 148952] D:protect.english
[12/09/2008 – 18:32:56 | SH | 148000] D:protect.finnish
[12/09/2008 – 18:33:20 | SH | 147655] D:protect.french
[12/09/2008 – 18:33:40 | SH | 147825] D:protect.german
[12/09/2008 – 18:33:58 | SH | 152670] D:protect.greek
[12/09/2008 – 18:34:22 | SH | 155060] D:protect.hebrew
[12/09/2008 – 18:34:40 | SH | 148303] D:protect.hungarian
[12/09/2008 – 18:35:02 | SH | 147443] D:protect.italian
[12/09/2008 – 18:35:32 | SH | 151323] D:protect.japanese
[12/09/2008 – 18:35:50 | SH | 158134] D:protect.korean
[12/09/2008 – 18:36:08 | SH | 147950] D:protect.norwegian
[12/09/2008 – 18:36:24 | SH | 149293] D:protect.polish
[12/09/2008 – 18:36:42 | SH | 148077] D:protect.portuguese
[12/09/2008 – 18:36:58 | SH | 148808] D:protect.portuguese brazilian
[15/09/2008 – 17:06:54 | SH | 152201] D:protect.romanian
[12/09/2008 – 18:37:16 | SH | 148947] D:protect.russian
[12/09/2008 – 18:37:32 | SH | 149967] D:protect.slovak
[12/09/2008 – 18:37:52 | SH | 147739] D:protect.spanish
[12/09/2008 – 18:38:10 | SH | 148308] D:protect.swedish
[12/09/2008 – 18:38:26 | SH | 149334] D:protect.turkish
[18/07/2009 – 09:00:35 | RD ] D:RECOVERY
[18/07/2009 – 09:00:46 | RSHD ] D:SOURCES
[20/10/2009 – 20:28:41 | SHD ] D:System Volume Information
[18/07/2009 – 09:00:59 | D ] D:Tools
[18/07/2009 – 09:00:46 | D ] D:WINDOWS
[22/11/2013 – 18:49:22 | AH | 4096] G:._.Trashes
[22/11/2013 – 18:49:22 | HD ] G:.Trashes
[22/11/2013 – 18:49:22 | D ] G:.fseventsd
[22/11/2013 – 18:49:24 | HD ] G:.Spotlight-V100
[22/11/2013 – 18:47:14 | N | 192395] G:1.faceA.pdf
[22/11/2013 – 18:49:54 | N | 34159] G:._1.faceA.pdf
[22/11/2013 – 18:47:54 | N | 248347] G:1.faceB.pdf
[22/11/2013 – 18:49:54 | N | 36096] G:._1.faceB.pdf

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |