Usbfix, avant la suppression que faire ??

Bonjour

...!??

############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: xxxxx (Administrateur) # xxxxx
Mis à jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à 02:21:30 | 03/12/2013

Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/

PC: Hewlett-Packard (3069)
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
RAM -> [Total : 3999 | Free : 1371]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 23.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 453 Go (172 Go libre(s) - 38%) [] # NTFS
D:\ -> Disque fixe # 13 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 978 Mo (519 Mo libre(s) - 53%) [UDISK2.0] # FAT
G:\ -> Disque amovible # 7 Go (7 Go libre(s) - 96%) [BRADAX] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 420 |ParentID: 412)
C:\Windows\system32\csrss.exe (ID: 472 |ParentID: 464)
C:\Windows\system32\wininit.exe (ID: 480 |ParentID: 412)
C:\Windows\system32\winlogon.exe (ID: 540 |ParentID: 464)
C:\Windows\system32\services.exe (ID: 560 |ParentID: 480)
C:\Windows\system32\lsass.exe (ID: 584 |ParentID: 480)
C:\Windows\system32\lsm.exe (ID: 592 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 688 |ParentID: 560)
C:\Windows\system32\svchost.exe (ID: 780 |ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 864 |ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 908 |ParentID: 560)
C:\Windows\system32\svchost.exe (ID: 932 |ParentID: 560)
C:\Windows\system32\svchost.exe (ID: 960 |ParentID: 560)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (ID: 1012 |ParentID: 560)
C:\Windows\system32\svchost.exe (ID: 1092 |ParentID: 560)
C:\Windows\system32\svchost.exe (ID: 1184 |ParentID: 560)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1300 |ParentID: 560)
C:\Windows\System32\spoolsv.exe (ID: 1452 |ParentID: 560)
C:\Windows\system32\svchost.exe (ID: 1492 |ParentID: 560)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (ID: 1612 |ParentID: 560)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1640 |ParentID: 560)
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (ID: 1672 |ParentID: 560)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1736 |ParentID: 560)
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (ID: 1768 |ParentID: 560)
C:\Windows\SysWOW64\svchost.exe (ID: 1836 |ParentID: 560)
C:\Windows\system32\svchost.exe (ID: 1872 |ParentID: 560)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID: 1900 |ParentID: 560)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 1700 |ParentID: 560)
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 2084 |ParentID: 560)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2236 |ParentID: 560)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2704 |ParentID: 2236)
C:\Windows\system32\svchost.exe (ID: 2956 |ParentID: 560)
C:\Windows\System32\WUDFHost.exe (ID: 2964 |ParentID: 908)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 156 |ParentID: 560)
C:\Windows\System32\svchost.exe (ID: 1436 |ParentID: 560)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2600 |ParentID: 560)
C:\Windows\system32\SearchIndexer.exe (ID: 2532 |ParentID: 560)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 640 |ParentID: 688)
C:\Windows\system32\taskhost.exe (ID: 3452 |ParentID: 560)
C:\Windows\system32\Dwm.exe (ID: 3204 |ParentID: 908)
C:\Windows\Explorer.EXE (ID: 3456 |ParentID: 3572)
C:\Windows\System32\hkcmd.exe (ID: 2156 |ParentID: 3456)
C:\Windows\system32\igfxsrvc.exe (ID: 3376 |ParentID: 688)
C:\Windows\System32\igfxpers.exe (ID: 3964 |ParentID: 3456)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 3544 |ParentID: 3456)
C:\Program Files\Java\jre6\bin\jusched.exe (ID: 3352 |ParentID: 3456)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2056 |ParentID: 3456)
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (ID: 3792 |ParentID: 3456)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 3248 |ParentID: 3784)
C:\Windows\System32\svchost.exe (ID: 2572 |ParentID: 560)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 3596 |ParentID: 3456)
C:\Users\xxxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 3288 |ParentID: 3456)
C:\Users\xxxxx\AppData\Roaming\uTorrent\uTorrent.exe (ID: 3952 |ParentID: 3456)
C:\Windows\System32\wscript.exe (ID: 3992 |ParentID: 3456)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (ID: 3644 |ParentID: 3940)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (ID: 3400 |ParentID: 3940)
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ID: 2932 |ParentID: 3940)
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (ID: 5092 |ParentID: 3940)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4156 |ParentID: 3940)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4184 |ParentID: 3940)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 5112 |ParentID: 3940)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (ID: 4300 |ParentID: 560)
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (ID: 5088 |ParentID: 5092)
C:\Program Files\iPod\bin\iPodService.exe (ID: 5076 |ParentID: 560)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (ID: 4128 |ParentID: 560)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (ID: 4892 |ParentID: 688)
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (ID: 6032 |ParentID: 5092)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5472 |ParentID: 688)
C:\Windows\system32\wbem\unsecapp.exe (ID: 5180 |ParentID: 688)
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (ID: 6064 |ParentID: 5092)
C:\Windows\SysWOW64\ctfmon.exe (ID: 5368 |ParentID: 5112)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (ID: 4336 |ParentID: 3456)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4008 |ParentID: 3456)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4460 |ParentID: 4008)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1528 |ParentID: 4008)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2292 |ParentID: 4008)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5560 |ParentID: 4008)
C:\UsbFix\Go.exe (ID: 4548 |ParentID: 6104)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
04 - HKLM\SOFTWARE | Run : [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe"
04 - HKLM\SOFTWARE | Run : [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe
04 - HKLM\SOFTWARE | Run : [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
04 - HKLM\SOFTWARE | Run : [BrowserPlugInHelper] - C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\e127b8d3-3e9e-4204-ad7a-2fb696928811.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [BrowserPlugInHelper] - C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\e127b8d3-3e9e-4204-ad7a-2fb696928811.exe /check
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [ares] - "C:\Program Files (x86)\Ares\Ares.exe" -h
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\xxxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [Spotify] - "C:\Users\xxxxx\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [uTorrent] - "C:\Users\xxxxx\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\xxxxx~1\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Présent! C:\Users\xxxxx~1\AppData\Local\Temp\iTunesHelper.vbe
Présent! C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! F:\iTunesHelper.vbe
Présent! G:\iTunesHelper.vbe
Présent! F:\vhrpr_drake_598451.lnk
Présent! F:\LMBRAD.lnk
Présent! F:\interfel.lnk
Présent! F:\Sommaire.lnk
Présent! F:\BRADCV2013.lnk
Présent! F:\Fiche produit Soutenance et Photos mise en place.lnk
Présent! F:\BRAD TBCA.lnk
Présent! F:\fugcw_pharrell_598451.lnk
Présent! F:\APB.lnk
Présent! F:\N32963_458.lnk
Présent! F:\CERFAL.lnk
Présent! F:\N32963_458 (1).lnk
Présent! F:\N32963_458 (2).lnk
Présent! F:\Trame de la soutenance.lnk
Présent! F:\BTS COM.lnk
Présent! F:\brad fruichette.lnk
Présent! F:\communiqué de press.lnk
Présent! F:\Planning project.lnk
Présent! F:\Soutenance def.lnk
Présent! F:\BAC SOUTENANCE.lnk
Présent! F:\System Volume Information.lnk
Présent! G:\communiqué de press.lnk
Présent! G:\CERFAL.lnk
Présent! G:\communiqué de press (2).lnk
Présent! G:\COM 1 - F1 PROJET COM.lnk
Présent! C:\Users\xxxxx~1\AppData\Local\Temp\utt99BE.tmp.exe
Présent! C:\Users\xxxxx~1\AppData\Local\Temp\uttC15D.tmp.exe
Présent! C:\Users\xxxxx~1\AppData\Local\Temp\uttCD9D.tmp.exe
Présent! C:\Users\xxxxx~1\AppData\Local\Temp\Drives.vbs

################## | Référence de comparaison MD5 |

Md5 : 77C00A3D2BCAE8F08F8BE0DA512FB899 -> C:\Users\Jxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 77C00A3D2BCAE8F08F8BE0DA512FB899 -> C:\Users\Jxxxxx~1\AppData\Local\Temp\iTunesHelper.vbe
Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\xxxxx~1\AppData\Local\Temp\Drives.vbs
Md5 : F5240245F041F5A795B109412B942225 -> F:\iTunesHelper.vbe
Md5 : 77C00A3D2BCAE8F08F8BE0DA512FB899 -> G:\iTunesHelper.vbe
Md5 : 77C00A3D2BCAE8F08F8BE0DA512FB899 -> C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe

################## | Comparaison MD5 |

Présent! Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\xxxxx\AppData\Local\Temp\Drives.vbs
Présent! Md5 : 77C00A3D2BCAE8F08F8BE0DA512FB899 -> C:\Users\xxxxxAppData\Local\Temp\iTunesHelper.vbe
Présent! Md5 : 77C00A3D2BCAE8F08F8BE0DA512FB899 -> C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! Md5 : F5240245F041F5A795B109412B942225 -> F:\iTunesHelper.vbe
Présent! Md5 : 77C00A3D2BCAE8F08F8BE0DA512FB899 -> G:\iTunesHelper.vbe

################## | Registre |

Présent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Présent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Présent! HKU\S-1-5-21-3685953311-1464243072-1435602113-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU|njq8

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
S'il vous plait... Merci d'avance..!?

xxxxx = Nom supprimé Modération CCM