Clé usb raccourcis 2013-11-17T14:43:37+00:00
  • Auteur
    Messages
  • nicnac
    Post count: 0

    Bonjour,

    J’ai déjà eu ce problème mais je crois qu’il s’est propagé sur un autre ordinateur, celui sur lequel j’écris maintenant : la clé usb semble être infectée et les fichiers en raccourcis. Je n’ose pas la brancher sur un autre ordinateur du coup.

    Merci de votre aide!

  • Anonyme
    Post count: 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Je n’ose pas la brancher sur un autre ordinateur du coup.

    Tu fais bien ;)

    • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
    • Exécute UsbFix
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • nicnac
    Post count: 0

    Merci, voici le rapport :

    ############################## | UsbFix V 7.150 | [Suppression]

    Utilisateur: Annaïck Vandamme (Administrateur) # ANNAÏCKVANDAMME
    Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 17:49:48 | 17/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (1439)
    CPU: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
    RAM -> [Total : 2934 | Free : 1367]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 9.0.8112.16421

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 279 Go (168 Go libre(s) – 60%) [] # NTFS
    D: -> Disque fixe # 18 Go (3 Go libre(s) – 14%) [RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> Disque amovible # 2 Go (2 Go libre(s) – 97%) [] # FAT

    ################## | Processus Stoppés |

    Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 872 |ParentID: 564)
    Stoppé! C:Windowssystem32WLANExt.exe (ID: 1280 |ParentID: 292)
    Stoppé! C:Windowssystem32conhost.exe (ID: 1296 |ParentID: 452)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1376 |ParentID: 564)
    Stoppé! C:Windowssystem32taskhost.exe (ID: 1588 |ParentID: 564)
    Stoppé! C:WindowsExplorer.EXE (ID: 1672 |ParentID: 1620)
    Stoppé! C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1856 |ParentID: 564)
    Stoppé! C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1908 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1132 |ParentID: 564)
    Stoppé! C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1548 |ParentID: 564)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1792 |ParentID: 564)
    Stoppé! C:Program Files (x86)Norton Internet SecurityEngine18.7.2.3ccSvcHst.exe (ID: 1972 |ParentID: 564)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 1540 |ParentID: 1672)
    Stoppé! C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID: 1756 |ParentID: 1672)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID: 2240 |ParentID: 1672)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2260 |ParentID: 1672)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2272 |ParentID: 1672)
    Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 2380 |ParentID: 1672)
    Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID: 2412 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe (ID: 2440 |ParentID: 1672)
    Stoppé! C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2520 |ParentID: 564)
    Stoppé! C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2552 |ParentID: 564)
    Stoppé! C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 2584 |ParentID: 1672)
    Stoppé! C:Program Files (x86)Norton Internet SecurityEngine18.7.2.3ccSvcHst.exe (ID: 2844 |ParentID: 1972)
    Stoppé! C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe (ID: 2800 |ParentID: 564)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2608 |ParentID: 564)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3308 |ParentID: 564)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3828 |ParentID: 2608)
    Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID: 3912 |ParentID: 1672)
    Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4036 |ParentID: 1540)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2716 |ParentID: 564)
    Stoppé! C:WindowsSystem32wscript.exe (ID: 3804 |ParentID: 1672)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 4420 |ParentID: 3964)
    Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID: 4440 |ParentID: 3964)
    Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 4472 |ParentID: 3964)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID: 4540 |ParentID: 3964)
    Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 4764 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4920 |ParentID: 564)
    Stoppé! C:Windowssystem32DllHost.exe (ID: 2020 |ParentID: 700)
    Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 2720 |ParentID: 2204)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 3444 |ParentID: 564)
    Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 3528 |ParentID: 564)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 3516 |ParentID: 564)
    Stoppé! C:Program FilesRealtekRtVOsdRtVOsdService.exe (ID: 3056 |ParentID: 564)
    Stoppé! C:Program FilesRealtekRtVOsdRtVOsd.exe (ID: 2728 |ParentID: 3056)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 1844 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID: 2188 |ParentID: 2440)
    Stoppé! C:Windowssystem32wuauclt.exe (ID: 4144 |ParentID: 444)
    Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5260 |ParentID: 564)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 7040 |ParentID: 564)
    Stoppé! C:Program FilesMicrosoft GamesFreeCellFreeCell.exe (ID: 3512 |ParentID: 1672)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP CeementHPCEE.exe (ID: 3948 |ParentID: 2440)
    Stoppé! C:Program Files (x86)Microsoft OfficeOffice12EXCEL.EXE (ID: 5552 |ParentID: 1672)
    Stoppé! c:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID: 4480 |ParentID: 9136)
    Stoppé! c:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID: 5232 |ParentID: 872)
    Stoppé! C:Windowssystem32conhost.exe (ID: 8576 |ParentID: 452)
    Stoppé! C:WindowsSystem32RunDll32.exe (ID: 7748 |ParentID: 1672)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 6988 |ParentID: 444)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 4176 |ParentID: 444)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 5240 |ParentID: 444)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 4704 |ParentID: 1672)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6680 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 7856 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 7816 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 8388 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1404 |ParentID: 4704)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5800 |ParentID: 292)
    Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 8764 |ParentID: 3308)
    Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 3320 |ParentID: 3308)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
    04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    04 – HKLMSOFTWARE | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [HPAdvisorDock] – C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Google Update] – “C:UsersAnnaïck VandammeAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Xvid] – C:Program Files (x86)XvidCheckUpdate.exe
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [msnmsgr] – ~”C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | Recherche générique |

    Supprimé! C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe
    Supprimé! C:UsersAnnaïck VandammeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Supprimé! G:iTunesHelper.vbe

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersAnnaïck VandammeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe
    Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> G:iTunesHelper.vbe

    ################## | Comparaison MD5 |

    ################## | Registre |

    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2F
    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2{2f868993-1b7e-11e1-ab98-d27c2fd3a6bf}
    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2{95b148d2-4298-11e0-b050-a564a400dfbd}

    ################## | Listing |

    [24/03/2012 – 12:05:51 | SHD ] C:$Recycle.Bin
    [15/06/2011 – 21:34:36 | D ] C:6d540b9ea57edd9983353eebe51f
    [04/06/2013 – 09:00:07 | N | 17556] C:AdwCleaner[S1].txt
    [03/08/2010 – 22:26:11 | SHD ] C:boot
    [14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
    [17/11/2013 – 12:39:46 | SHD ] C:Config.Msi
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [04/11/2013 – 14:31:54 | ASH | 2307280896] C:hiberfil.sys
    [21/01/2011 – 23:29:58 | D ] C:HP
    [21/01/2011 – 23:06:19 | D ] C:Intel
    [15/02/2013 – 10:08:08 | N | 40] C:log.txt
    [03/03/2011 – 23:42:40 | RHD ] C:MSOCache
    [04/11/2013 – 14:32:30 | ASH | 3076374528] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [02/06/2013 – 14:16:41 | D ] C:Program Files
    [10/10/2013 – 12:19:59 | D ] C:Program Files (x86)
    [15/11/2013 – 08:44:14 | HD ] C:ProgramData
    [25/02/2011 – 19:28:28 | SHD ] C:Recovery
    [17/11/2011 – 06:41:38 | D ] C:sooi832.bin
    [26/05/2013 – 10:21:41 | D ] C:SwSetup
    [15/11/2013 – 08:44:44 | SHD ] C:System Volume Information
    [25/02/2011 – 19:28:31 | D ] C:SYSTEM.SAV
    [17/11/2013 – 18:03:04 | D ] C:UsbFix
    [17/11/2013 – 18:03:21 | A | 13612] C:UsbFix [Clean 1] ANNAÏCKVANDAMME.txt
    [25/02/2011 – 19:23:54 | RD ] C:Users
    [19/10/2013 – 10:50:47 | D ] C:Windows
    [25/02/2011 – 19:40:32 | SHD ] D:$RECYCLE.BIN
    [25/02/2011 – 19:40:28 | SHD ] D:boot
    [14/07/2009 – 19:39:00 | ASH | 383562] D:bootmgr
    [25/02/2011 – 19:40:27 | N | 0] D:BT_HP.FLG
    [22/01/2011 – 09:06:46 | N | 483] D:CSP.DAT
    [22/01/2011 – 09:16:03 | N | 14138] D:DeployRp.log
    [25/02/2011 – 19:40:28 | D ] D:hp
    [03/01/2012 – 17:28:22 | N | 19] D:HPSF_Rep.txt
    [25/02/2011 – 19:40:18 | N | 8] D:HP_WSD.dat
    [25/02/2011 – 19:40:27 | N | 22] D:language.ini
    [25/02/2011 – 19:40:28 | SHD ] D:preload
    [25/02/2011 – 19:40:28 | SD ] D:Recovery
    [22/01/2011 – 09:16:00 | N | 0] D:RPCONFIG.LOG
    [03/08/2012 – 08:19:47 | SHD ] D:System Volume Information
    [25/02/2011 – 19:40:28 | D ] D:system.sav
    [21/10/2011 – 23:46:23 | R | 733210624] E:Dardenne – Le Gamin Au Vélo.avi
    [25/10/2011 – 21:08:47 | R | 733947904] E:Minuit.A.Paris.FRENCH.DVDRip.XviD-AYMO.avi

    ################## | Vaccin |

    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Anonyme
    Post count: 0

    Ok,

    T’as pas d’autres PC ? Pas d’autres clé usb ?

  • nicnac
    Post count: 0

    Ca a l’air résolu… :content:
    Non pas d’autre… Ah si un gros disque dur externe mais que je n’ai plus branché depuis longtemps

  • Anonyme
    Post count: 0

    Alors on est bon :)

    Tu peux désinstaller UsbFix ;)
    Bonne semaine ;)

    [hr:38wbyuij]

    [fin2desinf:38wbyuij][/fin2desinf:38wbyuij]

  • nicnac
    Post count: 0

    Trop génial, un grand merci!
    Belle soirée (;

Le sujet ‘Clé usb raccourcis’ est fermé à de nouvelles réponses.