carole06
Participant
Nombre d'articles : 13

Voici le rapport :

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Louisa (Administrateur) # LOUISA-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 19:04:24 | 06/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (143A)
CPU: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
RAM -> [Total : 3894 Mo| Free : 2680 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17105
WB: Google Chrome : 34.0.1847.131

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 451 Go (303 Go libre(s) – 67%) [] # NTFS
D: -> Disque fixe # 14 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
E: -> Disque fixe # 99 Mo (91 Mo libre(s) – 92%) [HP_TOOLS] # FAT32
F: -> CD-ROM
G: -> Disque amovible # 4 Go (95 Mo libre(s) – 2%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 424 |ParentID: 416)
C:Windowssystem32wininit.exe (ID: 500 |ParentID: 416)
C:Windowssystem32csrss.exe (ID: 516 |ParentID: 492)
C:Windowssystem32services.exe (ID: 548 |ParentID: 500)
C:Windowssystem32lsass.exe (ID: 568 |ParentID: 500)
C:Windowssystem32lsm.exe (ID: 576 |ParentID: 500)
C:Windowssystem32winlogon.exe (ID: 636 |ParentID: 492)
C:Windowssystem32svchost.exe (ID: 732 |ParentID: 548)
C:Windowssystem32svchost.exe (ID: 808 |ParentID: 548)
C:Windowssystem32atiesrxx.exe (ID: 856 |ParentID: 548)
C:WindowsSystem32svchost.exe (ID: 940 |ParentID: 548)
C:WindowsSystem32svchost.exe (ID: 988 |ParentID: 548)
C:Windowssystem32svchost.exe (ID: 108 |ParentID: 548)
C:Windowssystem32svchost.exe (ID: 340 |ParentID: 548)
C:Windowssystem32atieclxx.exe (ID: 1072 |ParentID: 856)
C:Windowssystem32svchost.exe (ID: 1132 |ParentID: 548)
C:Windowssystem32WLANExt.exe (ID: 1304 |ParentID: 988)
C:Windowssystem32conhost.exe (ID: 1316 |ParentID: 424)
C:WindowsSystem32spoolsv.exe (ID: 1464 |ParentID: 548)
C:Windowssystem32svchost.exe (ID: 1496 |ParentID: 548)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1572 |ParentID: 548)
C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1604 |ParentID: 548)
C:Program Files (x86)MicrosoftBingBarBBSvc.EXE (ID: 1632 |ParentID: 548)
C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (ID: 1660 |ParentID: 548)
C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1724 |ParentID: 548)
C:Program FilesHewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1776 |ParentID: 548)
C:Program Files (x86)Jumpstartjswpbapi.exe (ID: 1816 |ParentID: 548)
C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1852 |ParentID: 548)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1880 |ParentID: 548)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 1320 |ParentID: 548)
C:Windowssystem32svchost.exe (ID: 1000 |ParentID: 548)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2052 |ParentID: 548)
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 2112 |ParentID: 548)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2192 |ParentID: 548)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2284 |ParentID: 2052)
C:Windowssystem32taskhost.exe (ID: 2504 |ParentID: 548)
C:Windowssystem32taskeng.exe (ID: 2584 |ParentID: 340)
C:Windowssystem32Dwm.exe (ID: 2620 |ParentID: 988)
C:WindowsExplorer.EXE (ID: 2644 |ParentID: 2592)
C:Windowssystem32runonce.exe (ID: 2860 |ParentID: 2644)
C:WindowsSysWOW64runonce.exe (ID: 2888 |ParentID: 2860)
C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2916 |ParentID: 548)
C:Windowssystem32svchost.exe (ID: 1276 |ParentID: 548)
C:WindowsSystem32WUDFHost.exe (ID: 2812 |ParentID: 988)
C:WindowsSystem32rundll32.exe (ID: 3020 |ParentID: 732)
C:Windowssystem32wbemwmiprvse.exe (ID: 228 |ParentID: 732)

################## | Recherche générique |

Supprimé! G:iTunesHelper.vbe
Supprimé! G:autorun.lnk
Supprimé! G:Etiquettes boites.lnk
Supprimé! G:Boarding_Pass.lnk
Supprimé! G:Etiquettes boites (2).lnk
Supprimé! G:CartevisiteRégis.lnk
Supprimé! G:Etiquettes boites 1.lnk
Supprimé! G:CONTRAT DE LOCATION.lnk
Supprimé! G:etiquettes parlophone.lnk
Supprimé! G:Appel de fonds 2014.lnk
Supprimé! G:Contrat de syndic bénévole.lnk
Supprimé! G:Procès verbal AG du 08.lnk
Supprimé! G:Data.lnk
Supprimé! G:trz7E54.tmp

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
04 – HKCU..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKCU..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLM..Run : []
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [HOSTS Anti-Adware_PUPs] C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe
04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – [x64] HKLM..Run : [IAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
04 – [x64] HKLM..Run : [RtkOSD] C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe
04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – [x64] HKLM..Run : [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[22/08/2011 – 16:46:59 | SHD] – C:$Recycle.Bin
[07/01/2014 – 12:00:34 | D] – C:AdwCleaner
[23/02/2014 – 19:40:31 | N | 0 Ko] – C:AVScanner.ini
[16/05/2010 – 23:43:34 | SHD] – C:boot
[14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
[29/06/2011 – 23:35:34 | D] – C:cbde259474907931138433a6
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[24/02/2012 – 22:43:35 | D] – C:films
[06/05/2014 – 19:03:30 | ASH | 2990484 Ko] – C:hiberfil.sys
[18/06/2010 – 01:53:36 | D] – C:HP
[18/06/2010 – 02:04:25 | D] – C:Intel
[06/05/2014 – 19:03:32 | ASH | 3987312 Ko] – C:pagefile.sys
[18/01/2012 – 14:15:08 | D] – C:pan am saison 1
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[06/05/2014 – 13:30:27 | D] – C:Program Files
[06/05/2014 – 13:29:28 | D] – C:Program Files (x86)
[06/05/2014 – 13:27:14 | HD] – C:ProgramData
[30/08/2010 – 14:21:22 | SHD] – C:Recovery
[16/01/2014 – 02:42:40 | N | 594 Ko | ECFA4E7350DE3BB49AE671A9A3382A35] – C:SecurityScanner.dll
[19/01/2012 – 16:00:43 | D] – C:series
[28/11/2012 – 15:26:01 | D] – C:SwSetup
[06/05/2014 – 13:29:53 | SHD] – C:System Volume Information
[30/08/2010 – 14:21:26 | D] – C:SYSTEM.SAV
[06/05/2014 – 14:39:30 | D] – C:UsbFix
[06/05/2014 – 14:32:35 | N | 13 Ko | 4429718F037483C59069668DEA0D7837] – C:UsbFix [Clean 2] LOUISA-PC.txt
[06/05/2014 – 18:34:31 | N | 4 Ko | 47FDC11B8C5C32DF0788E5CFE7D50B60] – C:UsbFix [Clean 4] LOUISA-PC.txt
[06/05/2014 – 19:29:47 | A | 9 Ko | BF0C6352424935B638A01936E71C7278] – C:UsbFix [Clean 6] LOUISA-PC.txt
[02/05/2014 – 18:08:21 | N | 11 Ko | 311D614CCBD1157FA8B4D27263E89C20] – C:UsbFix [Scan 1] LOUISA-PC.txt
[13/12/2012 – 21:16:20 | N | 0 Ko] – C:user.js
[30/08/2010 – 14:20:54 | D] – C:Users
[05/02/2011 – 13:11:27 | D] – C:UtilisateursAF
[25/03/2014 – 21:03:39 | D] – C:VALCOMPTA4
[02/05/2014 – 17:42:17 | D] – C:Windows
[30/08/2010 – 14:25:57 | SHD] – D:$RECYCLE.BIN
[30/08/2010 – 14:25:53 | SHD] – D:boot
[14/07/2009 – 20:39:00 | ASH | 375 Ko] – D:bootmgr
[30/08/2010 – 14:25:53 | N | 0 Ko] – D:BT_HP.FLG
[18/06/2010 – 12:40:33 | N | 0 Ko] – D:CSP.DAT
[18/06/2010 – 12:47:51 | N | 14 Ko] – D:DeployRp.log
[30/08/2010 – 14:25:53 | D] – D:hp
[30/08/2010 – 14:25:53 | N | 0 Ko] – D:language.ini
[30/08/2010 – 14:25:53 | SHD] – D:preload
[30/08/2010 – 14:25:53 | SD] – D:Recovery
[18/06/2010 – 12:47:48 | N | 0 Ko] – D:RPCONFIG.LOG
[19/01/2012 – 15:40:40 | SHD] – D:System Volume Information
[30/08/2010 – 14:25:54 | D] – D:system.sav
[30/08/2010 – 14:25:58 | SHD] – E:$RECYCLE.BIN
[18/06/2010 – 01:39:08 | D] – E:Hewlett-Packard
[02/05/2013 – 13:44:40 | N | 14 Ko] – E:Etiquettes boites.docx
[02/05/2013 – 13:13:42 | N | 14 Ko] – E:etiquettes parlophone.docx
[01/02/2011 – 14:16:42 | D] – G:Data
[01/02/2011 – 14:29:18 | D] – G:Xtras
[03/07/2001 – 21:43:58 | N | 0 Ko] – G:autorun.inf
[20/05/2000 – 19:44:46 | N | 2992 Ko | 15CAA04245B0D04B1A8CE42A72BF1909] – G:Boarding_Pass.exe
[27/06/2001 – 20:04:12 | N | 15 Ko] – G:Boarding_Pass.ini
[10/07/2012 – 20:11:20 | SHD] – G:.fseventsd
[17/04/2012 – 16:47:50 | SH | 4 Ko] – G:._.Trashes
[02/05/2013 – 13:49:28 | N | 152 Ko] – G:FOUND.000
[17/04/2012 – 16:47:50 | N | 4 Ko] – G:.Trashes
[17/04/2012 – 16:47:52 | SHD] – G:.Spotlight-V100
[10/02/2012 – 21:35:46 | N | 3087639 Ko] – G:All_About_Lyoness_Multimedia_FR.mov
[04/04/2014 – 15:28:06 | D] – G:FOUND.001
[02/05/2013 – 13:44:40 | N | 14 Ko] – G:Etiquettes boites.docx
[02/05/2013 – 13:44:40 | N | 14 Ko] – G:Etiquettes boites (2).docx
[03/04/2014 – 16:04:04 | N | 14 Ko] – G:CartevisiteRégis.docx
[03/05/2013 – 19:27:16 | N | 14 Ko] – G:Etiquettes boites 1.docx
[04/04/2014 – 15:29:44 | N | 18 Ko] – G:CONTRAT DE LOCATION.docx
[22/06/2013 – 11:52:36 | N | 14 Ko] – G:etiquettes parlophone.docx
[15/04/2014 – 11:03:12 | N | 18 Ko] – G:Appel de fonds 2014-2ème trimestre.docx
[07/01/2014 – 15:09:32 | N | 20 Ko] – G:Appel de fonds 2014.docx
[08/11/2013 – 09:40:54 | N | 21 Ko] – G:Contrat de syndic bénévole.docx
[10/11/2013 – 19:44:10 | N | 21 Ko] – G:Procès verbal AG du 08.11.2013.docx

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |