ghassan
Participant
Nombre d'articles : 6

voici le rapport de usb fix
[spoiler:2qugoigx]############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: ghassan (Administrateur) # GHASSAN-HP
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 10:24:28 | 28/04/2014

Site Web : http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/ » onclick= »window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Hewlett-Packard (1841)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 3992 Mo| Free : 2240 Mo]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Basique (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16659
WB: Google Chrome : 34.0.1847.116
WB: Mozilla Firefox : 27.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 443 Go (355 Go libre(s) – 80%) [] # NTFS
D: -> Disque fixe # 23 Go (2 Go libre(s) – 11%) [Recovery] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> CD-ROM
J: -> Disque amovible # 4 Go (4 Go libre(s) – 99%) [XP-KOMKU] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 532 |ParentID: 524)
C:Windowssystem32wininit.exe (ID: 600 |ParentID: 524)
C:Windowssystem32csrss.exe (ID: 628 |ParentID: 612)
C:Windowssystem32services.exe (ID: 668 |ParentID: 600)
C:Windowssystem32lsass.exe (ID: 684 |ParentID: 600)
C:Windowssystem32lsm.exe (ID: 692 |ParentID: 600)
C:Windowssystem32winlogon.exe (ID: 736 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 848 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 1004 |ParentID: 668)
C:WindowsSystem32svchost.exe (ID: 540 |ParentID: 668)
C:WindowsSystem32svchost.exe (ID: 480 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 1028 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 1068 |ParentID: 668)
C:Program FilesIDTWDMSTacSV64.exe (ID: 1092 |ParentID: 668)
C:Windowssystem32Hpservice.exe (ID: 1340 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 1444 |ParentID: 668)
C:Windowssystem32WLANExt.exe (ID: 1588 |ParentID: 480)
C:Windowssystem32conhost.exe (ID: 1596 |ParentID: 532)
C:WindowsSystem32spoolsv.exe (ID: 1688 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 1748 |ParentID: 668)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1860 |ParentID: 668)
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 1948 |ParentID: 668)
C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 2028 |ParentID: 668)
C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1320 |ParentID: 668)
C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1432 |ParentID: 668)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 1472 |ParentID: 668)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1768 |ParentID: 668)
C:Windowssystem32lxczcoms.exe (ID: 2088 |ParentID: 668)
C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 2132 |ParentID: 668)
C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe (ID: 2264 |ParentID: 668)
C:Program FilesCommon FilesNitroReader3.0NitroPDFReaderDriverService3x64.exe (ID: 2292 |ParentID: 668)
C:Program Files (x86)RealNetworksRealDownloaderrndlresolversvc.exe (ID: 2348 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 2420 |ParentID: 668)
C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe (ID: 2452 |ParentID: 668)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2632 |ParentID: 668)
C:Program FilesHewlett-PackardHP AutoHPAuto.exe (ID: 2664 |ParentID: 668)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2784 |ParentID: 2632)
C:Windowssystem32Dwm.exe (ID: 2148 |ParentID: 480)
C:Windowssystem32svchost.exe (ID: 2732 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 1908 |ParentID: 668)
C:Windowssystem32wbemwmiprvse.exe (ID: 2952 |ParentID: 848)
C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4828 |ParentID: 668)
C:Windowssystem32SearchIndexer.exe (ID: 5036 |ParentID: 668)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4132 |ParentID: 668)
C:Windowssystem32svchost.exe (ID: 3864 |ParentID: 668)
C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 5548 |ParentID: 668)
C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 5244 |ParentID: 668)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 6064 |ParentID: 668)
C:WindowsSystem32svchost.exe (ID: 5552 |ParentID: 668)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 2408 |ParentID: 668)
C:Windowssystem32SearchProtocolHost.exe (ID: 3732 |ParentID: 5036)
C:Windowssystem32wbemwmiprvse.exe (ID: 5128 |ParentID: 848)
C:Windowsexplorer.exe (ID: 4772 |ParentID: 7040)
C:Windowssystem32SearchFilterHost.exe (ID: 5580 |ParentID: 5036)
C:Windowssystem32DllHost.exe (ID: 6412 |ParentID: 848)
C:WindowsSystem32WUDFHost.exe (ID: 6948 |ParentID: 480)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6804 |ParentID: 4776)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4080 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1160 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6364 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3208 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4168 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6772 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2764 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4940 |ParentID: 6804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5404 |ParentID: 6804)
C:Windowssystem32DllHost.exe (ID: 4900 |ParentID: 848)

################## | Recherche générique |

Supprimé! J:Listen.vbs
Supprimé! J:g.vbs
Supprimé! J:epg.lnk
Supprimé! J:usr.lnk
Supprimé! J:Nouveau Dossier.lnk
Supprimé! J:PMEDUES.lnk
Supprimé! J:crossepg.lnk
Supprimé! J:metamorphisme et granit'.lnk
Supprimé! J:reproduction.lnk
Supprimé! J:geologie.lnk
Supprimé! J:Listen.lnk
Supprimé! J:850d721_l.lnk
Supprimé! J:850d721_a.lnk
Supprimé! J:img.lnk
Supprimé! J:autorun.lnk
Supprimé! J:pict.lnk
Supprimé! J:bizo.lnk
Supprimé! J:bin.lnk
Supprimé! J:g.lnk
Supprimé! J:Imprimer.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [BitTorrent] « C:Program Files (x86)BitTorrentBitTorrent.exe » /MINIMIZED
04 – HKCU..Run : [Facebook Update] « C:UsersghassanAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKCU..Run : [RGSC] C:Program Files (x86)Rockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
04 – HKCU..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools LiteDTLite.exe » -autorun
04 – HKLM..Run : [USB3MON] « C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe »
04 – HKLM..Run : [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLM..Run : [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
04 – HKLM..Run : [HP CoolSense] C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
04 – HKLM..Run : [avgnt] « C:Program Files (x86)AviraAntiVir Desktopavgnt.exe » /min
04 – HKLM..Run : [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLM..Run : [RemoteControl10] « C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe »
04 – HKLM..Run : [BDRegion] C:Program Files (x86)CyberlinkShared filesbrs.exe
04 – HKLM..Run : [TkBellExe] « C:Program Files (x86)RealRealPlayerupdaterealsched.exe » -osboot
04 – HKLM..Run : [SunJavaUpdateSched] « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLM..Run : [GrooveMonitor] « C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe »
04 – HKLM..RunOnce : []
04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – [x64] HKLM..Run : [SetDefault] C:Program FilesHewlett-PackardHP LaunchBoxSetDefault.exe
04 – [x64] HKLM..Run : [SysTrayApp] C:Program FilesIDTWDMsttray64.exe
04 – [x64] HKLM..RunOnce : [NCPluginUpdater] « C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe » Update
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3789407594-2502590900-2999774715-1000..Run : [BitTorrent] « C:Program Files (x86)BitTorrentBitTorrent.exe » /MINIMIZED
04 – HKUS-1-5-21-3789407594-2502590900-2999774715-1000..Run : [Facebook Update] « C:UsersghassanAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKUS-1-5-21-3789407594-2502590900-2999774715-1000..Run : [RGSC] C:Program Files (x86)Rockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
04 – HKUS-1-5-21-3789407594-2502590900-2999774715-1000..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools LiteDTLite.exe » -autorun
04 – HKUS-1-5-18..Run : [Advanced SystemCare 7] « C:Program Files (x86)IObitAdvanced SystemCare 7ASCTray.exe » /Auto
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[23/11/2012 – 19:15:27 | SHD] – C:$Recycle.Bin
[28/04/2014 – 02:37:04 | D] – C:AdwCleaner
[28/04/2014 – 03:39:56 | N | 1 Ko] – C:ASCInit.log
[11/02/2014 – 14:00:44 | N | 0 Ko] – C:AVScanner.ini
[12/02/2012 – 04:54:56 | SHD] – C:boot
[21/11/2010 – 05:23:51 | RASH | 375 Ko] – C:bootmgr
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[28/04/2014 – 03:42:43 | ASH | 3066132 Ko] – C:hiberfil.sys
[28/11/2012 – 13:30:10 | D] – C:HP
[01/06/2012 – 02:42:42 | D] – C:Intel
[18/02/2013 – 22:13:25 | D] – C:lexmark
[03/01/2014 – 22:33:52 | N | 0 Ko] – C:lxcz.log
[17/12/2012 – 00:41:02 | RHD] – C:MSOCache
[28/04/2014 – 03:42:45 | ASH | 4088176 Ko] – C:pagefile.sys
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[16/03/2014 – 00:43:37 | D] – C:Program Files
[28/04/2014 – 03:42:41 | D] – C:Program Files (x86)
[18/02/2013 – 22:14:21 | D] – C:Program Files (x86) (x86)
[28/04/2014 – 03:11:49 | HD] – C:ProgramData
[23/11/2012 – 19:09:48 | SHD] – C:Recovery
[16/01/2014 – 02:42:40 | N | 594 Ko | ECFA4E7350DE3BB49AE671A9A3382A35] – C:SecurityScanner.dll
[04/12/2012 – 23:52:39 | D] – C:Sierra
[09/12/2013 – 15:46:18 | D] – C:SWSetup
[28/04/2014 – 03:37:18 | SHD] – C:System Volume Information
[23/11/2012 – 19:09:54 | D] – C:SYSTEM.SAV
[19/11/2013 – 22:55:22 | D] – C:temp
[28/04/2014 – 10:24:26 | D] – C:UsbFix
[28/04/2014 – 10:19:41 | N | 15 Ko | 311820E72798A4C5743F42FC148553FA] – C:UsbFix [Clean 2] GHASSAN-HP.txt
[28/04/2014 – 10:23:10 | N | 13 Ko | AEA4FAEF76418DDA53C6782AF46690F5] – C:UsbFix [Clean 4] GHASSAN-HP.txt
[28/04/2014 – 10:28:29 | A | 12 Ko | 16791C708A7E3DAD3DE46BBF76AC4032] – C:UsbFix [Clean 6] GHASSAN-HP.txt
[28/04/2014 – 03:08:01 | N | 14 Ko | B5820A0E3955F6F04EDF92A015FCBBCE] – C:UsbFix [Scan 1] GHASSAN-HP.txt
[23/11/2012 – 19:08:34 | D] – C:Users
[02/03/2014 – 04:03:02 | D] – C:Windows
[23/11/2012 – 19:15:27 | SHD] – D:$RECYCLE.BIN
[22/09/2013 – 22:39:48 | N | 14 Ko] – D:AUTOEXE
[22/09/2013 – 22:39:16 | N | 1 Ko] – D:bin.doc
[08/09/2013 – 15:47:30 | N | 0 Ko] – D:bizo.doc
[23/11/2012 – 19:15:24 | RASHD] – D:boot
[14/07/2009 – 20:39:00 | RASH | 375 Ko] – D:bootmgr
[23/05/2010 – 14:55:46 | RASH | 0 Ko] – D:Desktop.ini
[23/11/2012 – 19:15:24 | D] – D:FactoryUpdate
[23/11/2012 – 19:15:24 | D] – D:hp
[28/11/2012 – 13:17:45 | N | 0 Ko | CF6EAB927CA89007B4095C38E6E6C398] – D:HPSF_Rep.txt
[23/11/2012 – 19:11:31 | N | 0 Ko] – D:HP_WSD.dat
[22/09/2013 – 22:39:48 | N | 14 Ko] – D:img.jpg
[23/11/2012 – 19:15:24 | RSHD] – D:preload
[23/11/2012 – 19:15:24 | RSD] – D:recovery
[23/11/2012 – 19:15:24 | D] – D:RM_Reserve
[08/09/2013 – 15:47:30 | N | 0 Ko] – D:system
[26/01/2013 – 15:56:35 | SHD] – D:System Volume Information
[16/08/2013 – 17:19:32 | N | 1 Ko] – D:Zain
[01/01/1980 – 00:00:00 | D] – J:usr
[17/01/2014 – 08:01:10 | D] – J:crossepg
[12/01/2014 – 17:39:56 | N | 5588 Ko] – J:epg.dat.bak
[24/04/2014 – 13:33:44 | D] – J:metamorphisme et granit'
[24/04/2014 – 01:01:16 | D] – J:reproduction
[22/09/2013 – 22:39:48 | N | 14 Ko] – J:img.jpg
[22/09/2013 – 22:39:22 | N | 1 Ko] – J:pict.jpg
[08/09/2013 – 15:47:30 | N | 0 Ko] – J:bizo.doc
[22/09/2013 – 22:39:16 | N | 1 Ko] – J:bin.doc
[16/08/2013 – 17:19:32 | N | 1 Ko] – J:Zain
[24/04/2014 – 14:14:50 | D] – J:svallaw
[28/04/2014 – 02:15:44 | N | 15 Ko] – J:Imprimer.docx
[09/04/2014 – 12:27:10 | D] – J:geologie

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:2qugoigx]

Merci El deseparecido