Répondre à : compte email 2016-09-08T13:26:55+00:00
rebecca blosseville
Post count: 0

Désolée, j’ai été un peu lente à répondre, votre aide ne m’en est pas moins précieuse.
Voici le rapport:

############################## | UsbFix V 7.156 | [Suppression]

Utilisateur: Utilisateur (Administrateur) # PC-DE-UTILISATE
Mis à jour le 27/12/2013 par El Desaparecido – Team SosVirus
Lancé à 17:28:41 | 29/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Quanta (306B)
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
RAM -> [Total : 2974 | Free : 1372]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 288 Go (77 Go libre(s) – 27%) [] # NTFS
D: -> Disque fixe # 10 Go (2 Go libre(s) – 17%) [RECOVERY] # NTFS
E: -> CD-ROM

################## | Processus Stoppés |

Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195STacSV.exe (ID: 1124 |ParentID: 656)
Stoppé! C:Windowssystem32SLsvc.exe (ID: 1272 |ParentID: 656)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1604 |ParentID: 656)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1776 |ParentID: 656)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1872 |ParentID: 656)
Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195aestsrv.exe (ID: 1888 |ParentID: 656)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1916 |ParentID: 656)
Stoppé! C:Program FilesOrangeAssistance LiveboxdedicarzDedicarzService.exe (ID: 1940 |ParentID: 656)
Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 1992 |ParentID: 656)
Stoppé! C:Program FilesSMINSTBLService.exe (ID: 500 |ParentID: 656)
Stoppé! C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 568 |ParentID: 656)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2424 |ParentID: 1084)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2484 |ParentID: 1084)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 2936 |ParentID: 2592)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2944 |ParentID: 2592)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2952 |ParentID: 2592)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 3028 |ParentID: 872)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3112 |ParentID: 2592)
Stoppé! C:Program FilesHPQuickPlayQPService.exe (ID: 3208 |ParentID: 2592)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3364 |ParentID: 2592)
Stoppé! C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 3436 |ParentID: 2592)
Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3444 |ParentID: 2592)
Stoppé! C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3560 |ParentID: 2592)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 3568 |ParentID: 2592)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3776 |ParentID: 2592)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3788 |ParentID: 2592)
Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 3808 |ParentID: 2592)
Stoppé! C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3820 |ParentID: 2592)
Stoppé! C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe (ID: 3852 |ParentID: 2592)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 3880 |ParentID: 2592)
Stoppé! C:Program FilesOrangeAssistance LiveboxdistST2.exe (ID: 3944 |ParentID: 2580)
Stoppé! C:Program FilesSamsungKiesKies.exe (ID: 3984 |ParentID: 2592)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID: 4028 |ParentID: 2592)
Stoppé! C:Program FilesOrangeMailNotifierMailNotifier.exe (ID: 4060 |ParentID: 2592)
Stoppé! C:Program FilesOpenOffice.org 3programsoffice.exe (ID: 504 |ParentID: 4088)
Stoppé! C:Program FilesOpenOffice.org 3programsoffice.bin (ID: 2396 |ParentID: 504)
Stoppé! C:Windowssystem32conime.exe (ID: 3332 |ParentID: 2720)
Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 2868 |ParentID: 656)
Stoppé! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 4020 |ParentID: 656)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3316 |ParentID: 3112)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 360 |ParentID: 656)
Stoppé! C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 2328 |ParentID: 872)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4320 |ParentID: 2592)
Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4728 |ParentID: 656)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 5752 |ParentID: 1084)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4892 |ParentID: 4320)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5448 |ParentID: 4320)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4572 |ParentID: 4320)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4156 |ParentID: 4320)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5032 |ParentID: 4320)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
04 – HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [AdobeAAMUpdater-1.0] – “C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe”
04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWARE | Run : [AdobeCS5.5ServiceManager] – “C:Program FilesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program FilesSamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdated4a6af59-94d6-4c7f-970d-56bfad7cfcc8.exe /check
04 – HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [HPAdvisor] – C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [Mobile Partner] – C:Program FilesWi-Fi ModemWi-Fi Modem
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [AdobeBridge] –
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [orangeinside] – C:UsersUtilisateurAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [KiesPreload] – C:Program FilesSamsungKiesKies.exe /preload
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [KiesAirMessage] – C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [KiesPDLR] – C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [Google Update] – “C:UsersUtilisateurAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-604731211-3219582934-2931691017-1000SOFTWARE | Run : [MailNotifier] – C:Program FilesOrangeMailNotifierMailNotifier.exe

################## | Recherche générique |

Supprimé! C:UsersUTILIS~1AppDataLocalTempPrintPreview.hta

(!) Fichiers temporaires supprimés. (45704 Ko)

################## | Registre |

################## | Listing |

[09/11/2013 – 17:40:33 | N | 2 Ko] – C:DelFix.txt
[29/12/2013 – 17:30:30 | A | 11 Ko] – C:UsbFix [Clean 1] PC-DE-UTILISATE.txt
[18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
[24/12/2013 – 17:23:15 | ASH | 3352560 Ko] – C:pagefile.sys
[24/12/2013 – 17:23:16 | ASH | 3046324 Ko] – C:hiberfil.sys
[08/02/2012 – 12:38:02 | D] – C:System.sav
[19/12/2013 – 11:32:52 | D] – C:Config.Msi
[08/02/2012 – 13:07:09 | N | 2 Ko] – C:RebootLog.ini
[08/02/2012 – 12:46:50 | N | 0 Ko] – C:MSSTBJ.CAT
[09/02/2012 – 03:06:55 | SHD] – C:$RECYCLE.BIN
[18/09/2006 – 22:43:36 | N | 0 Ko] – C:autoexec.bat
[06/06/2008 – 16:40:06 | N | 8 Ko] – C:BOOTSECT.BAK
[02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
[21/01/2008 – 03:43:50 | D] – C:PerfLogs
[26/02/2009 – 22:25:00 | RHD] – C:MSOCache
[11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
[08/02/2012 – 10:48:08 | N | 0 Ko] – C:AUDIT_INSTALL_IN_PROGRESS
[08/02/2012 – 12:36:14 | D] – C:ST_RP
[08/02/2012 – 12:36:39 | SHD] – C:boot
[08/02/2012 – 12:36:44 | D] – C:HP
[08/02/2012 – 12:38:01 | D] – C:SwSetup
[08/02/2012 – 12:45:25 | D] – C:System Recovery
[01/03/2012 – 11:12:22 | D] – C:Report
[19/11/2012 – 21:22:54 | D] – C:Temp
[26/03/2013 – 20:02:21 | D] – C:Users
[03/08/2013 – 10:41:01 | D] – C:925f252db8d43ab95c9aba
[09/11/2013 – 17:57:07 | HD] – C:ProgramData
[07/12/2013 – 09:11:22 | D] – C:Program Files
[12/12/2013 – 03:28:39 | D] – C:Windows
[16/12/2013 – 17:27:38 | SHD] – C:System Volume Information
[29/12/2013 – 17:30:25 | D] – C:UsbFix
[12/09/2008 – 16:38:26 | SH | 146 Ko] – D:protect.turkish
[12/09/2008 – 16:38:10 | SH | 145 Ko] – D:protect.swedish
[12/09/2008 – 16:37:52 | SH | 144 Ko] – D:protect.spanish
[12/09/2008 – 16:37:32 | SH | 146 Ko] – D:protect.slovak
[12/09/2008 – 16:37:16 | SH | 145 Ko] – D:protect.russian
[15/09/2008 – 15:06:54 | SH | 149 Ko] – D:protect.romanian
[31/07/2009 – 08:00:46 | N | 0 Ko] – D:BLOCK.RIN
[12/09/2008 – 16:36:58 | SH | 145 Ko] – D:protect.portuguese brazilian
[12/09/2008 – 16:36:42 | SH | 145 Ko] – D:protect.portuguese
[12/09/2008 – 16:36:24 | SH | 146 Ko] – D:protect.polish
[12/09/2008 – 16:36:08 | SH | 144 Ko] – D:protect.norwegian
[24/12/2013 – 17:23:28 | N | 0 Ko] – D:MASTER.LOG
[12/09/2008 – 16:35:50 | SH | 154 Ko] – D:protect.korean
[12/09/2008 – 16:35:32 | SH | 148 Ko] – D:protect.japanese
[12/09/2008 – 16:35:02 | SH | 144 Ko] – D:protect.italian
[12/09/2008 – 16:34:40 | N | 145 Ko] – D:protect.hungarian
[10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
[12/09/2008 – 16:34:22 | SH | 151 Ko] – D:protect.hebrew
[12/09/2008 – 16:33:58 | SH | 149 Ko] – D:protect.greek
[12/09/2008 – 16:33:40 | SH | 144 Ko] – D:protect.german
[12/09/2008 – 16:33:20 | SH | 144 Ko] – D:protect.french
[12/09/2008 – 16:32:56 | SH | 145 Ko] – D:protect.finnish
[12/09/2008 – 16:32:38 | SH | 145 Ko] – D:protect.english
[12/09/2008 – 16:32:20 | SH | 145 Ko] – D:protect.ed
[12/09/2008 – 16:32:00 | SH | 145 Ko] – D:protect.dutch
[12/09/2008 – 16:31:40 | SH | 145 Ko] – D:protect.danish
[12/09/2008 – 16:31:20 | SH | 146 Ko] – D:protect.czech
[12/09/2008 – 16:30:56 | SH | 146 Ko] – D:protect.chinese traditional
[12/09/2008 – 16:30:34 | SH | 147 Ko] – D:protect.chinese simplified
[12/09/2008 – 16:22:34 | SH | 146 Ko] – D:protect.chinese hong kong
[15/09/2008 – 15:06:26 | N | 148 Ko] – D:protect.bulgarian
[09/02/2012 – 03:06:55 | SHD] – D:$RECYCLE.BIN
[12/09/2008 – 16:18:34 | SH | 152 Ko] – D:protect.arabic
[03/10/2006 – 22:02:44 | SH | 428 Ko] – D:bootmgr
[31/07/2009 – 08:27:31 | N | 0 Ko] – D:DRECOVERY
[08/02/2012 – 10:48:12 | SHD] – D:System Volume Information
[08/02/2012 – 12:12:06 | SHD] – D:boot
[08/02/2012 – 12:12:06 | D] – D:HP
[08/02/2012 – 12:19:14 | SHD] – D:PRELOAD
[08/02/2012 – 12:19:15 | RD] – D:RECOVERY
[08/02/2012 – 12:19:27 | SHD] – D:SOURCES
[08/02/2012 – 12:19:28 | D] – D:Tools
[08/02/2012 – 12:19:28 | D] – D:WINDOWS

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |