Clé usb raccourcis 2013-11-17T14:43:37+00:00
  • Auteur
    Messages
  • nicnac
    Post count: 0

    Trop génial, un grand merci!
    Belle soirée (;

  • Anonyme
    Post count: 0

    Alors on est bon :)

    Tu peux désinstaller UsbFix ;)
    Bonne semaine ;)

    [hr:38wbyuij]

    [fin2desinf:38wbyuij][/fin2desinf:38wbyuij]

  • nicnac
    Post count: 0

    Ca a l’air résolu… :content:
    Non pas d’autre… Ah si un gros disque dur externe mais que je n’ai plus branché depuis longtemps

  • Anonyme
    Post count: 0

    Ok,

    T’as pas d’autres PC ? Pas d’autres clé usb ?

  • nicnac
    Post count: 0

    Merci, voici le rapport :

    ############################## | UsbFix V 7.150 | [Suppression]

    Utilisateur: Annaïck Vandamme (Administrateur) # ANNAÏCKVANDAMME
    Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 17:49:48 | 17/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (1439)
    CPU: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
    RAM -> [Total : 2934 | Free : 1367]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 9.0.8112.16421

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 279 Go (168 Go libre(s) – 60%) [] # NTFS
    D: -> Disque fixe # 18 Go (3 Go libre(s) – 14%) [RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> Disque amovible # 2 Go (2 Go libre(s) – 97%) [] # FAT

    ################## | Processus Stoppés |

    Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 872 |ParentID: 564)
    Stoppé! C:Windowssystem32WLANExt.exe (ID: 1280 |ParentID: 292)
    Stoppé! C:Windowssystem32conhost.exe (ID: 1296 |ParentID: 452)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1376 |ParentID: 564)
    Stoppé! C:Windowssystem32taskhost.exe (ID: 1588 |ParentID: 564)
    Stoppé! C:WindowsExplorer.EXE (ID: 1672 |ParentID: 1620)
    Stoppé! C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1856 |ParentID: 564)
    Stoppé! C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1908 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1132 |ParentID: 564)
    Stoppé! C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1548 |ParentID: 564)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1792 |ParentID: 564)
    Stoppé! C:Program Files (x86)Norton Internet SecurityEngine18.7.2.3ccSvcHst.exe (ID: 1972 |ParentID: 564)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 1540 |ParentID: 1672)
    Stoppé! C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID: 1756 |ParentID: 1672)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID: 2240 |ParentID: 1672)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2260 |ParentID: 1672)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2272 |ParentID: 1672)
    Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 2380 |ParentID: 1672)
    Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID: 2412 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe (ID: 2440 |ParentID: 1672)
    Stoppé! C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2520 |ParentID: 564)
    Stoppé! C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2552 |ParentID: 564)
    Stoppé! C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 2584 |ParentID: 1672)
    Stoppé! C:Program Files (x86)Norton Internet SecurityEngine18.7.2.3ccSvcHst.exe (ID: 2844 |ParentID: 1972)
    Stoppé! C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater15.2.0ToolbarUpdater.exe (ID: 2800 |ParentID: 564)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2608 |ParentID: 564)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3308 |ParentID: 564)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3828 |ParentID: 2608)
    Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID: 3912 |ParentID: 1672)
    Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4036 |ParentID: 1540)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2716 |ParentID: 564)
    Stoppé! C:WindowsSystem32wscript.exe (ID: 3804 |ParentID: 1672)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 4420 |ParentID: 3964)
    Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID: 4440 |ParentID: 3964)
    Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 4472 |ParentID: 3964)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID: 4540 |ParentID: 3964)
    Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 4764 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4920 |ParentID: 564)
    Stoppé! C:Windowssystem32DllHost.exe (ID: 2020 |ParentID: 700)
    Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 2720 |ParentID: 2204)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 3444 |ParentID: 564)
    Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 3528 |ParentID: 564)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 3516 |ParentID: 564)
    Stoppé! C:Program FilesRealtekRtVOsdRtVOsdService.exe (ID: 3056 |ParentID: 564)
    Stoppé! C:Program FilesRealtekRtVOsdRtVOsd.exe (ID: 2728 |ParentID: 3056)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 1844 |ParentID: 564)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID: 2188 |ParentID: 2440)
    Stoppé! C:Windowssystem32wuauclt.exe (ID: 4144 |ParentID: 444)
    Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5260 |ParentID: 564)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 7040 |ParentID: 564)
    Stoppé! C:Program FilesMicrosoft GamesFreeCellFreeCell.exe (ID: 3512 |ParentID: 1672)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP CeementHPCEE.exe (ID: 3948 |ParentID: 2440)
    Stoppé! C:Program Files (x86)Microsoft OfficeOffice12EXCEL.EXE (ID: 5552 |ParentID: 1672)
    Stoppé! c:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID: 4480 |ParentID: 9136)
    Stoppé! c:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID: 5232 |ParentID: 872)
    Stoppé! C:Windowssystem32conhost.exe (ID: 8576 |ParentID: 452)
    Stoppé! C:WindowsSystem32RunDll32.exe (ID: 7748 |ParentID: 1672)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 6988 |ParentID: 444)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 4176 |ParentID: 444)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 5240 |ParentID: 444)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 4704 |ParentID: 1672)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 6680 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 7856 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 7816 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 8388 |ParentID: 4704)
    Stoppé! C:UsersAnnaïck VandammeAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1404 |ParentID: 4704)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5800 |ParentID: 292)
    Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 8764 |ParentID: 3308)
    Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 3320 |ParentID: 3308)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
    04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    04 – HKLMSOFTWARE | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [HPAdvisorDock] – C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Google Update] – “C:UsersAnnaïck VandammeAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Xvid] – C:Program Files (x86)XvidCheckUpdate.exe
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [msnmsgr] – ~”C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
    04 – HKUS-1-5-21-4258579924-1908854308-1044413581-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | Recherche générique |

    Supprimé! C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe
    Supprimé! C:UsersAnnaïck VandammeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Supprimé! G:iTunesHelper.vbe

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersAnnaïck VandammeAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersANNACK~1AppDataLocalTempiTunesHelper.vbe
    Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> G:iTunesHelper.vbe

    ################## | Comparaison MD5 |

    ################## | Registre |

    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2F
    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2{2f868993-1b7e-11e1-ab98-d27c2fd3a6bf}
    Supprimé! HKUS-1-5-21-4258579924-1908854308-1044413581-1001Software….Mountpoints2{95b148d2-4298-11e0-b050-a564a400dfbd}

    ################## | Listing |

    [24/03/2012 – 12:05:51 | SHD ] C:$Recycle.Bin
    [15/06/2011 – 21:34:36 | D ] C:6d540b9ea57edd9983353eebe51f
    [04/06/2013 – 09:00:07 | N | 17556] C:AdwCleaner[S1].txt
    [03/08/2010 – 22:26:11 | SHD ] C:boot
    [14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
    [17/11/2013 – 12:39:46 | SHD ] C:Config.Msi
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [04/11/2013 – 14:31:54 | ASH | 2307280896] C:hiberfil.sys
    [21/01/2011 – 23:29:58 | D ] C:HP
    [21/01/2011 – 23:06:19 | D ] C:Intel
    [15/02/2013 – 10:08:08 | N | 40] C:log.txt
    [03/03/2011 – 23:42:40 | RHD ] C:MSOCache
    [04/11/2013 – 14:32:30 | ASH | 3076374528] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [02/06/2013 – 14:16:41 | D ] C:Program Files
    [10/10/2013 – 12:19:59 | D ] C:Program Files (x86)
    [15/11/2013 – 08:44:14 | HD ] C:ProgramData
    [25/02/2011 – 19:28:28 | SHD ] C:Recovery
    [17/11/2011 – 06:41:38 | D ] C:sooi832.bin
    [26/05/2013 – 10:21:41 | D ] C:SwSetup
    [15/11/2013 – 08:44:44 | SHD ] C:System Volume Information
    [25/02/2011 – 19:28:31 | D ] C:SYSTEM.SAV
    [17/11/2013 – 18:03:04 | D ] C:UsbFix
    [17/11/2013 – 18:03:21 | A | 13612] C:UsbFix [Clean 1] ANNAÏCKVANDAMME.txt
    [25/02/2011 – 19:23:54 | RD ] C:Users
    [19/10/2013 – 10:50:47 | D ] C:Windows
    [25/02/2011 – 19:40:32 | SHD ] D:$RECYCLE.BIN
    [25/02/2011 – 19:40:28 | SHD ] D:boot
    [14/07/2009 – 19:39:00 | ASH | 383562] D:bootmgr
    [25/02/2011 – 19:40:27 | N | 0] D:BT_HP.FLG
    [22/01/2011 – 09:06:46 | N | 483] D:CSP.DAT
    [22/01/2011 – 09:16:03 | N | 14138] D:DeployRp.log
    [25/02/2011 – 19:40:28 | D ] D:hp
    [03/01/2012 – 17:28:22 | N | 19] D:HPSF_Rep.txt
    [25/02/2011 – 19:40:18 | N | 8] D:HP_WSD.dat
    [25/02/2011 – 19:40:27 | N | 22] D:language.ini
    [25/02/2011 – 19:40:28 | SHD ] D:preload
    [25/02/2011 – 19:40:28 | SD ] D:Recovery
    [22/01/2011 – 09:16:00 | N | 0] D:RPCONFIG.LOG
    [03/08/2012 – 08:19:47 | SHD ] D:System Volume Information
    [25/02/2011 – 19:40:28 | D ] D:system.sav
    [21/10/2011 – 23:46:23 | R | 733210624] E:Dardenne – Le Gamin Au Vélo.avi
    [25/10/2011 – 21:08:47 | R | 733947904] E:Minuit.A.Paris.FRENCH.DVDRip.XviD-AYMO.avi

    ################## | Vaccin |

    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Anonyme
    Post count: 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Je n’ose pas la brancher sur un autre ordinateur du coup.

    Tu fais bien ;)

    • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
    • Exécute UsbFix
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • nicnac
    Post count: 0

    Bonjour,

    J’ai déjà eu ce problème mais je crois qu’il s’est propagé sur un autre ordinateur, celui sur lequel j’écris maintenant : la clé usb semble être infectée et les fichiers en raccourcis. Je n’ose pas la brancher sur un autre ordinateur du coup.

    Merci de votre aide!

Le sujet ‘Clé usb raccourcis’ est fermé à de nouvelles réponses.