Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par nadouche92
#17399
avast ne détecte pas de virus mais ma clé usb transforme tous mes documents enregistrer dans celle-ci en raccourci;
j'ai fais une analyse avec usbfix et un rapport en ressort, qu'est ce que je dois faire maintenant?
############################## | UsbFix V 7.150 | [Recherche]

Utilisateur: Nadia (Administrateur) # NADIA-TOSH
Mis à  jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à  20:33:01 | 17/11/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: TOSHIBA (PWWAM)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
RAM -> [Total : 3933 | Free : 1933]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 149 Go (60 Go libre(s) - 40%) [WINDOWS] # NTFS
D:\ -> Disque fixe # 148 Go (140 Go libre(s) - 94%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 98%) [NADIA ASH 4] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 484 |ParentID: 456)
C:\Windows\system32\wininit.exe (ID: 524 |ParentID: 456)
C:\Windows\system32\csrss.exe (ID: 536 |ParentID: 516)
C:\Windows\system32\services.exe (ID: 580 |ParentID: 524)
C:\Windows\system32\lsass.exe (ID: 596 |ParentID: 524)
C:\Windows\system32\lsm.exe (ID: 604 |ParentID: 524)
C:\Windows\system32\winlogon.exe (ID: 680 |ParentID: 516)
C:\Windows\system32\svchost.exe (ID: 748 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 844 |ParentID: 580)
C:\Windows\System32\svchost.exe (ID: 904 |ParentID: 580)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 364 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 476 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 1188 |ParentID: 580)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1268 |ParentID: 580)
C:\Windows\system32\Dwm.exe (ID: 1432 |ParentID: 1004)
C:\Windows\Explorer.EXE (ID: 1452 |ParentID: 1424)
C:\Windows\system32\taskhost.exe (ID: 1528 |ParentID: 580)
C:\Windows\System32\spoolsv.exe (ID: 1604 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 1648 |ParentID: 580)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1756 |ParentID: 580)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1776 |ParentID: 580)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1820 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 1876 |ParentID: 580)
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (ID: 1912 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 1044 |ParentID: 580)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID: 988 |ParentID: 580)
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (ID: 1580 |ParentID: 1452)
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ID: 1168 |ParentID: 1452)
C:\Windows\System32\igfxtray.exe (ID: 1032 |ParentID: 1452)
C:\Windows\System32\hkcmd.exe (ID: 2056 |ParentID: 1452)
C:\Windows\System32\igfxpers.exe (ID: 2076 |ParentID: 1452)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2092 |ParentID: 1452)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 2112 |ParentID: 1452)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (ID: 2144 |ParentID: 1452)
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (ID: 2192 |ParentID: 1452)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2204 |ParentID: 1452)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2316 |ParentID: 2204)
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (ID: 2768 |ParentID: 2544)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (ID: 2776 |ParentID: 2544)
C:\Users\Public\Intel(TM)SD.exe (ID: 2872 |ParentID: 1452)
C:\Windows\SysWOW64\explorer.exe (ID: 2996 |ParentID: 2892)
C:\Windows\SysWOW64\explorer.exe (ID: 3008 |ParentID: 2904)
C:\Windows\SysWOW64\explorer.exe (ID: 3040 |ParentID: 2924)
C:\Windows\SysWOW64\explorer.exe (ID: 3056 |ParentID: 2932)
C:\Windows\SysWOW64\explorer.exe (ID: 2104 |ParentID: 2948)
C:\Windows\SysWOW64\explorer.exe (ID: 2496 |ParentID: 2956)
C:\Users\Nadia\AppData\Roaming\Public\jusched.exe (ID: 3652 |ParentID: 2892)
C:\Users\Nadia\AppData\Roaming\Public\jusched.exe (ID: 3660 |ParentID: 2924)
C:\Users\Nadia\AppData\Roaming\Public\jusched.exe (ID: 3972 |ParentID: 2932)
C:\Users\Public\Intel(R)TCP.exe (ID: 4180 |ParentID: 2948)
C:\Users\Public\Intel(R)TCP.exe (ID: 4196 |ParentID: 2956)
C:\Users\Public\Intel(R)TCP.exe (ID: 4204 |ParentID: 2904)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4744 |ParentID: 2544)
C:\Windows\system32\TODDSrv.exe (ID: 4776 |ParentID: 580)
C:\Program Files (x86)\Tor\tor.exe (ID: 4804 |ParentID: 580)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID: 4824 |ParentID: 580)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 4932 |ParentID: 580)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 5040 |ParentID: 4932)
C:\Windows\SysWOW64\explorer.exe (ID: 3896 |ParentID: 5080)
C:\Users\Nadia\AppData\Roaming\Public\jusched.exe (ID: 2940 |ParentID: 5080)
C:\Windows\system32\SearchIndexer.exe (ID: 1116 |ParentID: 580)
C:\Windows\system32\svchost.exe (ID: 5204 |ParentID: 580)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5620 |ParentID: 580)
C:\Windows\system32\taskeng.exe (ID: 5672 |ParentID: 476)
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (ID: 5864 |ParentID: 5672)
C:\Windows\System32\svchost.exe (ID: 2468 |ParentID: 580)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 5832 |ParentID: 1452)
C:\Windows\system32\DllHost.exe (ID: 236 |ParentID: 748)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ID: 6984 |ParentID: 580)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (ID: 6204 |ParentID: 5864)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (ID: 2964 |ParentID: 580)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (ID: 6364 |ParentID: 580)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (ID: 3564 |ParentID: 580)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (ID: 3692 |ParentID: 2364)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (ID: 4492 |ParentID: 580)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (ID: 3416 |ParentID: 580)
c:\Program Files (x86)\Nero\Update\NASvc.exe (ID: 5404 |ParentID: 580)
C:\Windows\System32\svchost.exe (ID: 5148 |ParentID: 580)
C:\Windows\servicing\TrustedInstaller.exe (ID: 5536 |ParentID: 580)
C:\Windows\system32\msiexec.exe (ID: 5904 |ParentID: 580)
C:\Windows\system32\wuauclt.exe (ID: 3772 |ParentID: 476)
C:\Windows\System32\WUDFHost.exe (ID: 3376 |ParentID: 1004)
C:\Windows\system32\taskhost.exe (ID: 7032 |ParentID: 580)
C:\UsbFix\Go.exe (ID: 2028 |ParentID: 5484)
C:\Windows\system32\svchost.exe (ID: 1536 |ParentID: 580)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4640 |ParentID: 748)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
04 - HKLM\SOFTWARE | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\SOFTWARE | Run : [KeNotify] - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
04 - HKLM\SOFTWARE | Run : [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [jusched7] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKLM\SOFTWARE | Run : [Intel(R)TCP] - C:\Users\Public\Intel(R)TCP.exe
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
04 - HKLM\SOFTWARE\wow6432Node | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\SOFTWARE\wow6432Node | Run : [KeNotify] - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
04 - HKLM\SOFTWARE\wow6432Node | Run : [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [jusched7] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Intel(R)TCP] - C:\Users\Public\Intel(R)TCP.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKLM\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKLM\SOFTWARE | Policies\Explorer\run : [Intel(R)LSM] - C:\Users\Public\Intel(R)TCP.exe
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [Intel(R)TCP] - C:\Users\Public\Intel(R)TCP.exe
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Nadia\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [8jusched] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Policies\Explorer\run : [Intel(R)LSM] - C:\Users\Public\Intel(R)TCP.exe

################## | Recherche générique |

Présent! C:\Users\Nadia\AppData\Roaming\ACFEA309\ak.tmp
Présent! C:\Users\Nadia\AppData\Roaming\ACFEA309
Présent! C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)TCP.exe
Présent! C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! F:\iTunesHelper.vbe
Présent! C:\Users\Public\4z1z.VBE
Présent! C:\Users\Public\4zz.VBE
Présent! C:\Users\Public\7z1z.VBE
Présent! C:\Users\Public\7zz.VBE
Présent! C:\Users\Public\Intel(R)TCP.exe
Présent! C:\Users\Nadia\AppData\Roaming\Nadia-wchelper.dll
Présent! C:\Users\Nadia\AppData\Roaming\Public
Présent! C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe
Présent! C:\Users\Nadia\AppData\Local\Temp\Nadia7
Présent! C:\Users\Nadia\AppData\Local\Temp\Nadia8

################## | Référence de comparaison MD5 |

Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:\Users\Public\4z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:\Users\Public\4zz.VBE
Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:\Users\Public\7z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:\Users\Public\7zz.VBE
Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:\Users\Public\Intel(R)TCP.exe
Md5 : E89028D8068170E606AA0996D457AAA3 -> C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)TCP.exe
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> F:\iTunesHelper.vbe

################## | Comparaison MD5 |

Présent! Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)TCP.exe
Présent! Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! Md5 : E89028D8068170E606AA0996D457AAA3 -> C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe
Présent! Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:\Users\Nadia\AppData\Roaming\Public\Intel(R)TCP.exe
Présent! Md5 : E89028D8068170E606AA0996D457AAA3 -> C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
Présent! Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:\Users\Public\4z1z.VBE
Présent! Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:\Users\Public\4zz.VBE
Présent! Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:\Users\Public\7z1z.VBE
Présent! Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:\Users\Public\7zz.VBE
Présent! Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:\Users\Public\Intel(R)TCP.exe
Présent! Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> F:\iTunesHelper.vbe

################## | Registre |

Présent! HKCU\Software\à€ classé
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Présent! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Run|8jusched
Présent! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel(R)LSM
Présent! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|jusched9
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|8jusched
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel(R)LSM
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel(R)LSM
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|jusched7
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|jusched7
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|jusched9
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|jusched9
Présent! HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{HHX1E7D2-5XOC-6B71-CC12-760IE2EFRCQE}
Présent! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Présent! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Avatar du membre
par g3n-h@ckm@n
#17400
bonsoir j'adore les rapports aussi chargés de bestioles ^^

remance l outil clique sur suppression puis poste le rapport c:\usbfix[clean 1]
Avatar du membre
par nadouche92
#17419
voici le rapport qui en ressort lorsque j'ai cliquer sur suppression, est ce que ma clé est sauvée?############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Nadia (Administrateur) # NADIA-TOSH
Mis à  jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à  21:18:30 | 17/11/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: TOSHIBA (PWWAM)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
RAM -> [Total : 3933 | Free : 1699]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 149 Go (62 Go libre(s) - 41%) [WINDOWS] # NTFS
D:\ -> Disque fixe # 148 Go (140 Go libre(s) - 94%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 98%) [NADIA ASH 4] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1268 |ParentID: 580)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4744 |ParentID: 2544)
Stoppé! C:\Windows\explorer.exe (ID: 6828 |ParentID: 680)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 2836 |ParentID: 1004)
Stoppé! C:\Windows\System32\rundll32.exe (ID: 6596 |ParentID: 748)
Stoppé! C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID: 1056 |ParentID: 580)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 6736 |ParentID: 580)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 6844 |ParentID: 580)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3808 |ParentID: 580)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 5856 |ParentID: 3808)
Stoppé! C:\Windows\system32\wuauclt.exe (ID: 4276 |ParentID: 476)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1856 |ParentID: 580)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1668 |ParentID: 580)
Stoppé! C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (ID: 6132 |ParentID: 580)
Stoppé! C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (ID: 7140 |ParentID: 580)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (ID: 2508 |ParentID: 2028)
Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 3396 |ParentID: 6828)
Stoppé! C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID: 6480 |ParentID: 5904)
Stoppé! C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 1084 |ParentID: 6480)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 6584 |ParentID: 748)
Stoppé! C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (ID: 1672 |ParentID: 1084)
Stoppé! C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (ID: 2160 |ParentID: 1084)
Stoppé! C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 2912 |ParentID: 748)
Stoppé! C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 6808 |ParentID: 6480)
Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 2488 |ParentID: 3396)
Stoppé! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (ID: 2244 |ParentID: 2488)
Stoppé! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (ID: 6204 |ParentID: 2244)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
04 - HKLM\SOFTWARE | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\SOFTWARE | Run : [KeNotify] - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
04 - HKLM\SOFTWARE | Run : [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [jusched7] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKLM\SOFTWARE | Run : [Intel(R)TCP] - C:\Users\Public\Intel(R)TCP.exe
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
04 - HKLM\SOFTWARE\wow6432Node | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
04 - HKLM\SOFTWARE\wow6432Node | Run : [KeNotify] - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
04 - HKLM\SOFTWARE\wow6432Node | Run : [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [jusched7] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Intel(R)TCP] - C:\Users\Public\Intel(R)TCP.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKLM\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKLM\SOFTWARE | Policies\Explorer\run : [Intel(R)LSM] - C:\Users\Public\Intel(R)TCP.exe
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [Intel(R)TCP] - C:\Users\Public\Intel(R)TCP.exe
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Nadia\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Run : [8jusched] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
04 - HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\SOFTWARE | Policies\Explorer\run : [Intel(R)LSM] - C:\Users\Public\Intel(R)TCP.exe

################## | Recherche générique |

Supprimé! C:\Users\Nadia\AppData\Roaming\ACFEA309\ak.tmp
Supprimé! C:\Users\Nadia\AppData\Roaming\ACFEA309
Supprimé! C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)TCP.exe
Supprimé! C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Supprimé! F:\iTunesHelper.vbe
Supprimé! C:\Users\Public\4z1z.VBE
Supprimé! C:\Users\Public\4zz.VBE
Supprimé! C:\Users\Public\7z1z.VBE
Supprimé! C:\Users\Public\7zz.VBE
Supprimé! C:\Users\Public\Intel(R)TCP.exe
Supprimé! C:\Users\Nadia\AppData\Roaming\Nadia-wchelper.dll
Supprimé! C:\Users\Nadia\AppData\Roaming\Public
Supprimé! C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe
Supprimé! C:\Users\Nadia\AppData\Local\Temp\Nadia7
Supprimé! C:\Users\Nadia\AppData\Local\Temp\Nadia8

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:\Users\Public\4z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:\Users\Public\4zz.VBE
Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:\Users\Public\7z1z.VBE
Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:\Users\Public\7zz.VBE
Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:\Users\Public\Intel(R)TCP.exe
Md5 : E89028D8068170E606AA0996D457AAA3 -> C:\Users\Nadia\AppData\Roaming\Public\jusched.exe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)TCP.exe
Md5 : 3278A76DEC52931ADCCFF421EDBB9AEB -> F:\iTunesHelper.vbe

################## | Comparaison MD5 |


################## | Registre |

Supprimé! HKCU\Software\à€ classé
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Run|8jusched
Supprimé! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel(R)LSM
Supprimé! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Supprimé! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|jusched9
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel(R)LSM
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)TCP
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|jusched7
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|jusched9
Supprimé! HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{HHX1E7D2-5XOC-6B71-CC12-760IE2EFRCQE}
Supprimé! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Supprimé! HKU\S-1-5-21-2945581834-3016043712-3197114360-1001\Software\.\.\.\.\Mountpoints2\{7de5c4cd-0147-11e2-9e49-1c7508710116}

################## | Listing |

[23/11/2012 - 16:46:20 | SHD ] C:\$RECYCLE.BIN
[17/11/2013 - 20:25:34 | SHD ] C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[17/11/2013 - 20:12:27 | ASH | 3092942848] C:\hiberfil.sys
[04/09/2012 - 18:54:51 | D ] C:\Intel
[11/11/2013 - 18:22:37 | RHD ] C:\MSOCache
[17/11/2013 - 20:12:31 | ASH | 4123926528] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[11/11/2013 - 20:33:28 | D ] C:\Program Files
[17/11/2013 - 21:19:26 | D ] C:\Program Files (x86)
[11/11/2013 - 20:33:34 | HD ] C:\ProgramData
[19/10/2010 - 13:19:27 | N | 70] C:\SWSTAMP.TXT
[17/11/2013 - 21:05:06 | SHD ] C:\System Volume Information
[04/09/2012 - 19:22:45 | D ] C:\Toshiba
[17/11/2013 - 21:21:25 | D ] C:\UsbFix
[17/11/2013 - 21:21:31 | A | 11317] C:\UsbFix [Clean 3] NADIA-TOSH.txt
[17/11/2013 - 20:38:52 | N | 16183] C:\UsbFix [Scan 1] NADIA-TOSH.txt
[04/09/2012 - 19:19:44 | RD ] C:\Users
[11/11/2013 - 18:57:57 | D ] C:\Windows
[04/09/2012 - 19:22:50 | SHD ] D:\$RECYCLE.BIN
[05/09/2012 - 04:18:21 | D ] D:\HDDRecovery
[11/11/2013 - 18:12:37 | D ] D:\Office 2013 64 bit
[04/09/2012 - 18:48:15 | SHD ] D:\System Volume Information
[20/06/2013 - 14:46:14 | N | 28690] F:\Thomas Arnaud.odt
[21/06/2013 - 15:28:30 | D ] F:\dicredico
[11/06/2013 - 15:19:34 | D ] F:\gacem
[21/01/2013 - 15:46:16 | D ] F:\politique de la ville
[27/05/2013 - 13:52:14 | N | 34127] F:\Aziz.odt
[07/01/2013 - 12:14:38 | N | 35911] F:\Bardini.odt
[18/10/2012 - 10:15:30 | N | 16078] F:\hafidi.odt
[26/02/2013 - 12:48:44 | N | 29975] F:\Ituri.odt
[24/09/2013 - 09:51:10 | N | 33826] F:\lamour.odt
[18/06/2013 - 11:50:08 | N | 30585] F:\large.odt
[09/10/2012 - 14:45:32 | N | 19286] F:\Le Boiteux.odt
[01/10/2012 - 21:45:20 | N | 11113] F:\Mathevon Stephanie.odt
[18/06/2013 - 09:19:22 | N | 54345] F:\perrain.odt
[15/10/2012 - 15:07:48 | N | 17783] F:\Petry.odt
[28/05/2013 - 15:21:38 | N | 24744] F:\sorel.odt
[12/11/2013 - 15:20:46 | D ] F:\Nouveau dossier
[17/11/2013 - 21:05:44 | RASHD ] F:\Autorun.inf
[12/11/2013 - 15:19:12 | D ] F:\2 eme année

################## | Vaccin |

F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)