HELP Clé usb infectée 2013-11-07T15:32:26+00:00

Dépannage Informatique : HELP Clé usb infectée

  • Auteur
    Messages
  • istawi
    Participant
    Nombre d'articles : 3

    Salut à tous

    Apres avoir réalisé mon travail chez moi à l’aide de ma clé usb, j’ai remarqué que dans mon pc, cette même clé n’affichait que des raccourcis mince :faché15:
    J’ai pris les devant, ni une, ni deux, je me suis inscrit sur votre fofo, télécharger usbfix, executer l’analyse en desactivant mon antivirus et voici le rapport -merci par avance de votre aide :content32:

    ############################## | UsbFix V 7.149 | [Recherche]

    Utilisateur: Hachim (Administrateur) # IDEA-PC
    Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 16:17:38 | 07/11/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: LENOVO (INVALID)
    CPU: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
    RAM -> [Total : 8058 | Free : 3831]
    Bios: LENOVO
    Boot: Normal boot

    OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
    WB: Windows Internet Explorer : 11.0.9600.16384
    WB: Google Chrome : 30.0.1599.101
    WB: Mozilla Firefox : 24.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Windows Defender [(!) Disabled | Updated]
    AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 884 Go (391 Go libre(s) – 44%) [Windows8_OS] # NTFS
    D: -> Disque fixe # 25 Go (22 Go libre(s) – 89%) [LENOVO] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 15 Go (9 Go libre(s) – 64%) [PATRIOT] # FAT32

    ################## | Référence de comparaison MD5 |

    Md5 : DENIED -> C:UsersHachimAppDataLocalTempiTunesHelper.vbe
    Md5 : DENIED -> C:UsersHachimAppDataLocalTempiTunesHelper.vbe

    ################## | Processus Actif |

    C:WINDOWSsystem32wininit.exe (ID: 624 |ParentID: 504)
    C:WINDOWSsystem32winlogon.exe (ID: 696 |ParentID: 632)
    C:WINDOWSsystem32lsass.exe (ID: 736 |ParentID: 624)
    C:WINDOWSsystem32svchost.exe (ID: 816 |ParentID: 728)
    C:WINDOWSsystem32svchost.exe (ID: 864 |ParentID: 728)
    C:WINDOWSsystem32nvvsvc.exe (ID: 948 |ParentID: 728)
    C:WINDOWSsystem32dwm.exe (ID: 988 |ParentID: 696)
    C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 312 |ParentID: 948)
    C:WINDOWSsystem32nvvsvc.exe (ID: 328 |ParentID: 948)
    C:WINDOWSSystem32svchost.exe (ID: 384 |ParentID: 728)
    C:WINDOWSsystem32svchost.exe (ID: 556 |ParentID: 728)
    C:WINDOWSsystem32svchost.exe (ID: 636 |ParentID: 728)
    C:WINDOWSSystem32svchost.exe (ID: 876 |ParentID: 728)
    C:WINDOWSsystem32svchost.exe (ID: 1252 |ParentID: 728)
    C:WINDOWSSystem32spoolsv.exe (ID: 1392 |ParentID: 728)
    C:WINDOWSsystem32svchost.exe (ID: 1420 |ParentID: 728)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1544 |ParentID: 728)
    C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1604 |ParentID: 728)
    C:Program Files (x86)BonjourmDNSResponder.exe (ID: 1676 |ParentID: 728)
    C:Program Files (x86)BlueStacksHD-LogRotatorService.exe (ID: 1696 |ParentID: 728)
    C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1772 |ParentID: 728)
    C:Program FileslenovoSystemAgentSystemAgentService.exe (ID: 1820 |ParentID: 728)
    C:Program Files (x86)Norton ManagementEngine3.2.2.12ccSvcHst.exe (ID: 1844 |ParentID: 728)
    C:Program Files (x86)Norton 360 Premier EditionEngine21.1.0.18N360.exe (ID: 1912 |ParentID: 728)
    C:Program FilesCommon FilesNitroPro8.0NitroPDFDriverService8x64.exe (ID: 2016 |ParentID: 728)
    C:WINDOWSSysWOW64NLSSRV32.EXE (ID: 508 |ParentID: 728)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 1172 |ParentID: 728)
    C:WINDOWSsystem32rundll32.exe (ID: 1784 |ParentID: 1568)
    C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 2056 |ParentID: 728)
    C:WINDOWSsystem32svchost.exe (ID: 2112 |ParentID: 728)
    C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID: 2164 |ParentID: 728)
    C:WINDOWSsystem32svchost.exe (ID: 2580 |ParentID: 728)
    C:WindowsSystem32WUDFHost.exe (ID: 2660 |ParentID: 876)
    C:WINDOWSExplorer.EXE (ID: 2968 |ParentID: 2960)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 3004 |ParentID: 1172)
    C:WINDOWSsystem32conhost.exe (ID: 3020 |ParentID: 3004)
    C:Program Files (x86)Norton ManagementEngine3.2.2.12ccSvcHst.exe (ID: 3036 |ParentID: 1844)
    C:WINDOWSsystem32taskhostex.exe (ID: 2052 |ParentID: 556)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2476 |ParentID: 556)
    C:UsersHachimAppDataLocalPokkiEnginepokki.exe (ID: 3156 |ParentID: 2968)
    C:WINDOWSsystem32svchost.exe (ID: 3320 |ParentID: 728)
    C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 3648 |ParentID: 312)
    C:WINDOWSsystem32SearchIndexer.exe (ID: 3736 |ParentID: 728)
    C:WindowsSystem32skydrive.exe (ID: 4004 |ParentID: 816)
    C:WindowsSystem32igfxtray.exe (ID: 4044 |ParentID: 2968)
    C:WINDOWSsystem32igfxsrvc.exe (ID: 4076 |ParentID: 816)
    C:WindowsSystem32hkcmd.exe (ID: 4084 |ParentID: 2968)
    C:WindowsSystem32igfxpers.exe (ID: 1316 |ParentID: 2968)
    C:Program FilesCONEXANTcAudioFilterAgentCAudioFilterAgent64.exe (ID: 2976 |ParentID: 2968)
    C:Program Files (x86)LenovoEnergy ManagementEnergy Management.exe (ID: 3504 |ParentID: 2968)
    C:Program Files (x86)LenovoEnergy Managementutility.exe (ID: 3512 |ParentID: 2968)
    C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe (ID: 3488 |ParentID: 2968)
    C:Program Files (x86)Common FilesTERRATECRemoteTTTvRc.exe (ID: 2480 |ParentID: 2968)
    C:UsersHachimAppDataLocalAkamainetsession_win.exe (ID: 1064 |ParentID: 2968)
    C:WindowsSystem32wscript.exe (ID: 3620 |ParentID: 2968)
    C:WindowsSystem32StikyNot.exe (ID: 1968 |ParentID: 2968)
    C:UsersHachimAppDataLocalAkamainetsession_win.exe (ID: 1272 |ParentID: 1064)
    C:Program Files (x86)USB CameraVM331STI.EXE (ID: 1572 |ParentID: 1888)
    C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe (ID: 2276 |ParentID: 1888)
    C:Program Files (x86)IntelIntelAppStorebinismagent.exe (ID: 1136 |ParentID: 1888)
    C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID: 2428 |ParentID: 1888)
    C:WINDOWSsystem32wbemwmiprvse.exe (ID: 2176 |ParentID: 816)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3092 |ParentID: 1888)
    C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID: 4792 |ParentID: 1056)
    C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 4828 |ParentID: 1056)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 4836 |ParentID: 728)
    C:Program Files (x86)Bluetooth SuiteActivateDesktop.exe (ID: 4876 |ParentID: 4828)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3100 |ParentID: 728)
    C:UsersHachimAppDataLocalPokkiEnginepokki.exe (ID: 4340 |ParentID: 3156)
    C:WindowsSystem32SettingSyncHost.exe (ID: 2120 |ParentID: 816)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4164 |ParentID: 728)
    C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 5528 |ParentID: 2648)
    C:UsersHachimDownloadswifree connect 4.0.exe (ID: 5496 |ParentID: 2968)
    C:WINDOWSWinStoreWSHost.exe (ID: 3264 |ParentID: 816)
    C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbweLiveComm.exe (ID: 5416 |ParentID: 816)
    C:WindowsSystem32RuntimeBroker.exe (ID: 5200 |ParentID: 816)
    C:WINDOWSsystem32rundll32.exe (ID: 2692 |ParentID: 556)
    C:WindowsSystem32WWAHost.exe (ID: 7228 |ParentID: 816)
    C:Program Files (x86)BlueStacksHD-Agent.exe (ID: 4300 |ParentID: 7060)
    C:WINDOWSsystem32taskhost.exe (ID: 9060 |ParentID: 556)
    C:WINDOWSsystem32wwahost.exe (ID: 3216 |ParentID: 816)
    C:WINDOWSsystem32wwahost.exe (ID: 8676 |ParentID: 816)
    C:WINDOWSsystem32wwahost.exe (ID: 1560 |ParentID: 816)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3456 |ParentID: 2968)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8912 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6364 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7368 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9284 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9004 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9376 |ParentID: 3456)
    C:WINDOWSsystem32DllHost.exe (ID: 9344 |ParentID: 816)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9308 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6860 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6380 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8224 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9360 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3464 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7968 |ParentID: 3456)
    C:WINDOWSsystem32dashost.exe (ID: 10772 |ParentID: 876)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6608 |ParentID: 3456)
    C:Program Files (x86)Norton 360 Premier EditionEngine21.1.0.18N360.exe (ID: 10296 |ParentID: 1912)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3804 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9588 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 8008 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 10448 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2544 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2000 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 11016 |ParentID: 3456)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7652 |ParentID: 3456)
    C:WINDOWSsystem32taskeng.exe (ID: 10848 |ParentID: 556)
    C:UsbFixGo.exe (ID: 10572 |ParentID: 7668)
    C:Program Files (x86)Internet ExplorerIELowutil.exe (ID: 8196 |ParentID: 472)
    C:WindowsSystem32WUDFHost.exe (ID: 5308 |ParentID: 876)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [331BigDog] – C:Program Files (x86)USB CameraVM331STI.EXE
    04 – HKLMSOFTWARE | Run : [Dolby Advanced Audio v2] – “C:Program Files (x86)Dolby Advanced Audio v2pcee4.exe” -autostart
    04 – HKLMSOFTWARE | Run : [UpdateP2GShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go5.0”
    04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWARE | Run : [YouCam Service] – “C:Program Files (x86)CyberLinkYouCamYouCamService.exe” /s
    04 – HKLMSOFTWARE | Run : [Lenovo App Shop] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
    04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [BlueStacks Agent] – C:Program Files (x86)BlueStacksHD-Agent.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [331BigDog] – C:Program Files (x86)USB CameraVM331STI.EXE
    04 – HKLMSOFTWAREwow6432Node | Run : [Dolby Advanced Audio v2] – “C:Program Files (x86)Dolby Advanced Audio v2pcee4.exe” -autostart
    04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go5.0”
    04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWAREwow6432Node | Run : [YouCam Service] – “C:Program Files (x86)CyberLinkYouCamYouCamService.exe” /s
    04 – HKLMSOFTWAREwow6432Node | Run : [Lenovo App Shop] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
    04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BlueStacks Agent] – C:Program Files (x86)BlueStacksHD-Agent.exe
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Remote Control Editor] – “C:Program Files (x86)Common FilesTERRATECRemoteTTTvRc.exe”
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Pokki] – C:WINDOWSsystem32rundll32.exe “%LOCALAPPDATA%PokkiEngineLauncher.dll”,RunLaunchPlatform
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersHachimAppDataLocalAkamainetsession_win.exe”
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersHachimAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1001SOFTWARE | RunOnce : [WAB Migrate] – %ProgramFiles%Windows Mailwab.exe /Upgrade

    ################## | Recherche générique |

    Présent! C:UsersHachimAppDataLocalTempiTunesHelper.vbe
    Présent! F:bilan.lnk
    Présent! F:films.lnk
    Présent! F:docu 2.lnk
    Présent! F:vehicules dispo.lnk
    Présent! F:Applications supprimées.lnk
    Présent! F:emploi.lnk
    Présent! F:E4 Com1 espace forme le littoral.lnk
    Présent! F:tableau dynamique.lnk
    Présent! F:Location de voitures MERLINET.lnk
    Présent! F:td1 realiser des simulations avec la valeur cible.lnk
    Présent! F:Chapitre 6 Approfondir-BD-Elève.lnk
    Présent! F:Diagramme Ishikawa DOPS SL productions.lnk
    Présent! F:Nouveau dossier.lnk
    Présent! F:SL CONSTRUCTIONS.lnk
    Présent! F:DOPS SL CONSTRUCTIONS.lnk
    Présent! F:System Volume Information.lnk
    Présent! F:DOPS SL CONSTRUCTIONS Diagramme d’Hishikawa.lnk
    Présent! F:Fiches E4 E6.lnk
    Présent! F:nouveau office.lnk
    Présent! F:Finalité 4 – Organisation de l’action.lnk
    Présent! F:applications.lnk
    Présent! F:Nouveau dossier (2).lnk
    Présent! F:docu 1.lnk
    Présent! F:Autorun.inf.lnk
    Présent! C:UsersHachimAppDataLocalTempoct6731.tmp.exe
    Présent! C:UsersHachimAppDataLocalTemp228726-672518-bluestacks.exe

    ################## | Comparaison MD5 |

    ################## | Registre |

    Présent! HKUS-1-5-21-3675539094-77198948-1599938810-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

    ################## | Vaccin |

    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Destrio5
    Participant
    Nombre d'articles : 211

    Bonjour,

    • Relance UsbFix et choisis l’option Suppression.

      Note : si UsbFix bloque, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie-colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse.
  • istawi
    Participant
    Nombre d'articles : 3

    Merci de m’aider 🙂 -voici le rapport (ps: pourquoi a cote de la marque de mon pc est inscrit invalid (ligne12), cela n’aura aucune incidence ?)

    ############################## | UsbFix V 7.149 | [Suppression]

    Utilisateur: Hachim (Administrateur) # IDEA-PC
    Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 17:14:58 | 07/11/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: LENOVO (INVALID)
    CPU: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
    RAM -> [Total : 8058 | Free : 5301]
    Bios: LENOVO
    Boot: Normal boot

    OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
    WB: Windows Internet Explorer : 11.0.9600.16384
    WB: Google Chrome : 30.0.1599.101
    WB: Mozilla Firefox : 24.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Windows Defender [(!) Disabled | Updated]
    AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 884 Go (391 Go libre(s) – 44%) [Windows8_OS] # NTFS
    D: -> Disque fixe # 25 Go (22 Go libre(s) – 89%) [LENOVO] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 15 Go (9 Go libre(s) – 64%) [PATRIOT] # FAT32

    ################## | Référence de comparaison MD5 |

    Md5 : DENIED -> C:UsersHachimAppDataLocalTempiTunesHelper.vbe
    Md5 : DENIED -> C:UsersHachimAppDataLocalTempiTunesHelper.vbe

    ################## | Processus Stoppés |

    Stoppé! C:WINDOWSsystem32nvvsvc.exe (ID: 948 |ParentID: 728)
    Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 312 |ParentID: 948)
    Stoppé! C:WINDOWSsystem32nvvsvc.exe (ID: 328 |ParentID: 948)
    Stoppé! C:WINDOWSSystem32spoolsv.exe (ID: 1392 |ParentID: 728)
    Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1544 |ParentID: 728)
    Stoppé! C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1604 |ParentID: 728)
    Stoppé! C:Program Files (x86)BonjourmDNSResponder.exe (ID: 1676 |ParentID: 728)
    Stoppé! C:Program Files (x86)BlueStacksHD-LogRotatorService.exe (ID: 1696 |ParentID: 728)
    Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1772 |ParentID: 728)
    Stoppé! C:Program FileslenovoSystemAgentSystemAgentService.exe (ID: 1820 |ParentID: 728)
    Stoppé! C:Program Files (x86)Norton ManagementEngine3.2.2.12ccSvcHst.exe (ID: 1844 |ParentID: 728)
    Stoppé! C:Program Files (x86)Norton 360 Premier EditionEngine21.1.0.18N360.exe (ID: 1912 |ParentID: 728)
    Stoppé! C:Program FilesCommon FilesNitroPro8.0NitroPDFDriverService8x64.exe (ID: 2016 |ParentID: 728)
    Stoppé! C:WINDOWSSysWOW64NLSSRV32.EXE (ID: 508 |ParentID: 728)
    Stoppé! C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 1172 |ParentID: 728)
    Stoppé! C:WINDOWSsystem32rundll32.exe (ID: 1784 |ParentID: 1568)
    Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 2056 |ParentID: 728)
    Stoppé! C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID: 2164 |ParentID: 728)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2660 |ParentID: 876)
    Stoppé! C:WINDOWSExplorer.EXE (ID: 2968 |ParentID: 2960)
    Stoppé! C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 3004 |ParentID: 1172)
    Stoppé! C:WINDOWSsystem32conhost.exe (ID: 3020 |ParentID: 3004)
    Stoppé! C:Program Files (x86)Norton ManagementEngine3.2.2.12ccSvcHst.exe (ID: 3036 |ParentID: 1844)
    Stoppé! C:WINDOWSsystem32taskhostex.exe (ID: 2052 |ParentID: 556)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2476 |ParentID: 556)
    Stoppé! C:UsersHachimAppDataLocalPokkiEnginepokki.exe (ID: 3156 |ParentID: 2968)
    Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 3648 |ParentID: 312)
    Stoppé! C:WINDOWSsystem32SearchIndexer.exe (ID: 3736 |ParentID: 728)
    Stoppé! C:WindowsSystem32skydrive.exe (ID: 4004 |ParentID: 816)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID: 4044 |ParentID: 2968)
    Stoppé! C:WINDOWSsystem32igfxsrvc.exe (ID: 4076 |ParentID: 816)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 4084 |ParentID: 2968)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 1316 |ParentID: 2968)
    Stoppé! C:Program FilesCONEXANTcAudioFilterAgentCAudioFilterAgent64.exe (ID: 2976 |ParentID: 2968)
    Stoppé! C:Program Files (x86)LenovoEnergy ManagementEnergy Management.exe (ID: 3504 |ParentID: 2968)
    Stoppé! C:Program Files (x86)LenovoEnergy Managementutility.exe (ID: 3512 |ParentID: 2968)
    Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe (ID: 3488 |ParentID: 2968)
    Stoppé! C:Program Files (x86)Common FilesTERRATECRemoteTTTvRc.exe (ID: 2480 |ParentID: 2968)
    Stoppé! C:UsersHachimAppDataLocalAkamainetsession_win.exe (ID: 1064 |ParentID: 2968)
    Stoppé! C:WindowsSystem32wscript.exe (ID: 3620 |ParentID: 2968)
    Stoppé! C:WindowsSystem32StikyNot.exe (ID: 1968 |ParentID: 2968)
    Stoppé! C:UsersHachimAppDataLocalAkamainetsession_win.exe (ID: 1272 |ParentID: 1064)
    Stoppé! C:Program Files (x86)USB CameraVM331STI.EXE (ID: 1572 |ParentID: 1888)
    Stoppé! C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe (ID: 2276 |ParentID: 1888)
    Stoppé! C:Program Files (x86)IntelIntelAppStorebinismagent.exe (ID: 1136 |ParentID: 1888)
    Stoppé! C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID: 2428 |ParentID: 1888)
    Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3092 |ParentID: 1888)
    Stoppé! C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID: 4792 |ParentID: 1056)
    Stoppé! C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 4828 |ParentID: 1056)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 4836 |ParentID: 728)
    Stoppé! C:Program Files (x86)Bluetooth SuiteActivateDesktop.exe (ID: 4876 |ParentID: 4828)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3100 |ParentID: 728)
    Stoppé! C:WindowsSystem32SettingSyncHost.exe (ID: 2120 |ParentID: 816)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4164 |ParentID: 728)
    Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 5528 |ParentID: 2648)
    Stoppé! C:UsersHachimDownloadswifree connect 4.0.exe (ID: 5496 |ParentID: 2968)
    Stoppé! C:WINDOWSWinStoreWSHost.exe (ID: 3264 |ParentID: 816)
    Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbweLiveComm.exe (ID: 5416 |ParentID: 816)
    Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 5200 |ParentID: 816)
    Stoppé! C:WINDOWSsystem32rundll32.exe (ID: 2692 |ParentID: 556)
    Stoppé! C:WindowsSystem32WWAHost.exe (ID: 7228 |ParentID: 816)
    Stoppé! C:Program Files (x86)BlueStacksHD-Agent.exe (ID: 4300 |ParentID: 7060)
    Stoppé! C:WINDOWSsystem32taskhost.exe (ID: 9060 |ParentID: 556)
    Stoppé! C:WINDOWSsystem32wwahost.exe (ID: 3216 |ParentID: 816)
    Stoppé! C:WINDOWSsystem32wwahost.exe (ID: 8676 |ParentID: 816)
    Stoppé! C:WINDOWSsystem32wwahost.exe (ID: 1560 |ParentID: 816)
    Stoppé! C:WINDOWSsystem32DllHost.exe (ID: 9344 |ParentID: 816)
    Stoppé! C:WINDOWSsystem32dashost.exe (ID: 10772 |ParentID: 876)
    Stoppé! C:Program Files (x86)Norton 360 Premier EditionEngine21.1.0.18N360.exe (ID: 10296 |ParentID: 1912)
    Stoppé! C:Program Files (x86)Internet ExplorerIELowutil.exe (ID: 8196 |ParentID: 472)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5308 |ParentID: 876)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [331BigDog] – C:Program Files (x86)USB CameraVM331STI.EXE
    04 – HKLMSOFTWARE | Run : [Dolby Advanced Audio v2] – “C:Program Files (x86)Dolby Advanced Audio v2pcee4.exe” -autostart
    04 – HKLMSOFTWARE | Run : [UpdateP2GShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go5.0”
    04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWARE | Run : [YouCam Service] – “C:Program Files (x86)CyberLinkYouCamYouCamService.exe” /s
    04 – HKLMSOFTWARE | Run : [Lenovo App Shop] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
    04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [BlueStacks Agent] – C:Program Files (x86)BlueStacksHD-Agent.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [331BigDog] – C:Program Files (x86)USB CameraVM331STI.EXE
    04 – HKLMSOFTWAREwow6432Node | Run : [Dolby Advanced Audio v2] – “C:Program Files (x86)Dolby Advanced Audio v2pcee4.exe” -autostart
    04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go5.0”
    04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWAREwow6432Node | Run : [YouCam Service] – “C:Program Files (x86)CyberLinkYouCamYouCamService.exe” /s
    04 – HKLMSOFTWAREwow6432Node | Run : [Lenovo App Shop] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
    04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BlueStacks Agent] – C:Program Files (x86)BlueStacksHD-Agent.exe
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Remote Control Editor] – “C:Program Files (x86)Common FilesTERRATECRemoteTTTvRc.exe”
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Pokki] – C:WINDOWSsystem32rundll32.exe “%LOCALAPPDATA%PokkiEngineLauncher.dll”,RunLaunchPlatform
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersHachimAppDataLocalAkamainetsession_win.exe”
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersHachimAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-21-3675539094-77198948-1599938810-1002SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe

    ################## | Recherche générique |

    Supprimé! F:bilan.lnk
    Supprimé! F:films.lnk
    Supprimé! F:docu 2.lnk
    Supprimé! F:vehicules dispo.lnk
    Supprimé! F:Applications supprimées.lnk
    Supprimé! F:emploi.lnk
    Supprimé! F:E4 Com1 espace forme le littoral.lnk
    Supprimé! F:tableau dynamique.lnk
    Supprimé! F:Location de voitures MERLINET.lnk
    Supprimé! F:td1 realiser des simulations avec la valeur cible.lnk
    Supprimé! F:Chapitre 6 Approfondir-BD-Elève.lnk
    Supprimé! F:Diagramme Ishikawa DOPS SL productions.lnk
    Supprimé! F:Nouveau dossier.lnk
    Supprimé! F:SL CONSTRUCTIONS.lnk
    Supprimé! F:DOPS SL CONSTRUCTIONS.lnk
    Supprimé! F:System Volume Information.lnk
    Supprimé! F:DOPS SL CONSTRUCTIONS Diagramme d’Hishikawa.lnk
    Supprimé! F:Fiches E4 E6.lnk
    Supprimé! F:nouveau office.lnk
    Supprimé! F:Finalité 4 – Organisation de l’action.lnk
    Supprimé! F:applications.lnk
    Supprimé! F:Nouveau dossier (2).lnk
    Supprimé! F:docu 1.lnk
    Supprimé! F:Autorun.inf.lnk
    Supprimé! C:UsersHachimAppDataLocalTempoct6731.tmp.exe
    Supprimé! C:UsersHachimAppDataLocalTemp228726-672518-bluestacks.exe

    (!) Fichiers temporaires supprimés.

    ################## | Comparaison MD5 |

    ################## | Registre |

    ################## | Listing |

    [18/10/2013 – 06:32:11 | SHD ] C:$Recycle.Bin
    [11/10/2012 – 17:56:46 | SHD ] C:Boot
    [26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
    [18/06/2013 – 13:18:29 | N | 1] C:BOOTNXT
    [10/10/2012 – 01:07:57 | RASH | 8192] C:BOOTSECT.BAK
    [06/11/2013 – 20:01:26 | SHD ] C:Config.Msi
    [22/08/2013 – 15:45:52 | SHD ] C:Documents and Settings
    [18/10/2013 – 15:35:37 | D ] C:Drivers
    [06/11/2013 – 19:50:22 | ASH | 6759342080] C:hiberfil.sys
    [11/08/2013 – 11:45:20 | D ] C:Intel
    [10/10/2013 – 13:37:12 | D ] C:ldiag
    [18/10/2013 – 17:36:40 | RHD ] C:MSOCache
    [05/08/2013 – 13:36:49 | D ] C:NVIDIA
    [06/08/2013 – 19:34:37 | D ] C:NvidiaLogging
    [06/11/2013 – 19:50:23 | ASH | 1342177280] C:pagefile.sys
    [22/08/2013 – 16:22:35 | D ] C:PerfLogs
    [22/10/2013 – 20:13:08 | D ] C:Program Files
    [07/11/2013 – 15:29:36 | D ] C:Program Files (x86)
    [28/10/2013 – 14:15:50 | HD ] C:ProgramData
    [18/10/2013 – 06:41:58 | SHD ] C:Recovery
    [22/03/2013 – 20:03:32 | D ] C:sources
    [07/11/2013 – 16:34:17 | ASH | 268435456] C:swapfile.sys
    [06/11/2013 – 15:45:47 | SHD ] C:System Volume Information
    [07/11/2013 – 16:35:15 | D ] C:UsbFix
    [07/11/2013 – 16:31:58 | N | 1334] C:UsbFix [Clean 2] IDEA-PC.txt
    [07/11/2013 – 16:35:16 | A | 14965] C:UsbFix [Clean 3] IDEA-PC.txt
    [07/11/2013 – 15:45:05 | N | 17424] C:UsbFix [Scan 1] IDEA-PC.txt
    [07/11/2013 – 15:52:53 | N | 15604] C:UsbFix [Scan 2] IDEA-PC.txt
    [07/11/2013 – 16:19:22 | N | 16769] C:UsbFix [Scan 3] IDEA-PC.txt
    [22/03/2013 – 11:41:08 | D ] C:UserGuidePDF
    [18/10/2013 – 05:54:35 | RD ] C:Users
    [06/11/2013 – 15:43:32 | D ] C:Windows
    [03/08/2013 – 18:02:42 | SHD ] D:$RECYCLE.BIN
    [22/03/2013 – 11:47:25 | D ] D:Application
    [22/03/2013 – 11:38:30 | D ] D:drivers
    [03/08/2013 – 18:39:42 | D ] D:Lenovo
    [30/10/2013 – 11:38:31 | SHD ] D:System Volume Information
    [30/09/2013 – 14:42:56 | D ] F:docu 2
    [07/10/2013 – 15:38:48 | D ] F:films
    [30/11/2012 – 20:59:54 | D ] F:emploi
    [09/10/2013 – 10:25:02 | D ] F:Nouveau dossier
    [30/10/2012 – 13:02:44 | N | 26340] F:Applications supprimées.html
    [08/10/2013 – 10:15:32 | N | 10344] F:E4 Com1 espace forme le littoral.docx
    [30/09/2013 – 14:21:52 | D ] F:Fiches E4 E6
    [07/10/2013 – 15:39:26 | D ] F:nouveau office
    [09/10/2013 – 11:52:54 | N | 148726] F:bilan.png
    [09/10/2013 – 10:30:52 | D ] F:Finalité 4 – Organisation de l’action
    [07/10/2013 – 15:39:02 | D ] F:applications
    [09/10/2013 – 10:29:08 | N | 13178] F:Location de voitures MERLINET.docx
    [09/10/2013 – 11:49:30 | N | 179742] F:tableau dynamique.png
    [09/10/2013 – 11:51:18 | N | 156077] F:vehicules dispo.png
    [05/11/2013 – 09:06:46 | D ] F:Nouveau dossier (2)
    [11/10/2013 – 14:40:54 | N | 9958] F:td1 realiser des simulations avec la valeur cible.xlsx
    [17/09/2013 – 09:46:50 | D ] F:docu 1
    [05/11/2013 – 09:32:28 | N | 1126400] F:Chapitre 6 Approfondir-BD-Elève.mdb
    [04/11/2013 – 16:34:00 | N | 16660] F:Diagramme Ishikawa DOPS SL productions.docx
    [05/11/2013 – 10:56:00 | N | 17360] F:DOPS SL CONSTRUCTIONS Diagramme d’Hishikawa.docx
    [03/11/2013 – 21:17:24 | SHD ] F:System Volume Information
    [04/11/2013 – 16:37:22 | N | 17090] F:SL CONSTRUCTIONS.docx
    [04/11/2013 – 16:28:40 | N | 22607] F:DOPS SL CONSTRUCTIONS.docx
    [07/11/2013 – 16:31:32 | SHD ] F:Autorun.inf

    ################## | Vaccin |

    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Destrio5
    Participant
    Nombre d'articles : 211

    • Télécharge OTM (par OldTimer) sur ton Bureau.
    • Lance OTL (Sous Windows Vista/7/8, clic droit sur OTL > Exécuter en tant qu’administrateur).
    • Copie-colle le script suivant (texte en vert) dans la partie gauche d’OTM “Paste Instructions for Items to be Moved” :

      :files
      C:UsersHachimAppDataLocalTempiTunesHelper.vbe
      C:UsersHachimAppDataLocalTemp*.vbs

      :reg
      [HKEY_USERSS-1-5-21-3675539094-77198948-1599938810-1002SoftwareMicrosoftWindowsCurrentVersionRun]
      “iTunesHelper”=-

      :commands
      [emptytemp]

    • Clique sur MoveIt!.

    • OTM peut te demander de redémarrer, si c’est le cas fais-le.
    • A la fin du scan un rapport va s’ouvrir, copie-colle son contenu dans ta réponse. S’il ne s’ouvre pas, il est là : C:_OTMMovedFiles¤¤¤¤¤¤¤¤¤¤.log
  • istawi
    Participant
    Nombre d'articles : 3

    voila le rapport

    All processes killed
    ========== FILES ==========
    File/Folder C:UsersHachimAppDataLocalTempiTunesHelper.vbe not found.
    File/Folder C:UsersHachimAppDataLocalTemp*.vbs not found.
    ========== REGISTRY ==========
    Registry value HKEY_USERSS-1-5-21-3675539094-77198948-1599938810-1002SoftwareMicrosoftWindowsCurrentVersionRun\iTunesHelper deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default.migrated

    User: Hachim
    ->Temp folder emptied: 139348979 bytes
    ->Temporary Internet Files folder emptied: 7428017 bytes
    ->Java cache emptied: 821636 bytes
    ->FireFox cache emptied: 6646674 bytes
    ->Google Chrome cache emptied: 70192492 bytes
    ->Flash cache emptied: 60480 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 241985631 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 149360 bytes
    RecycleBin emptied: 8356 bytes

    Total Files Cleaned = 445,00 mb

    OTM by OldTimer – Version 3.1.21.0 log created on 11072013_184651

    Files moved on Reboot…
    C:UsersHachimAppDataLocalTempwinstore.log moved successfully.
    C:UsersHachimAppDataLocalMicrosoftWindowsINetCachecounters.dat moved successfully.

    Registry entries deleted on Reboot…

  • Destrio5
    Participant
    Nombre d'articles : 211

    Plus de souci ?

    • Réutilise l’option “Suppression” d’UsbFix et poste le rapport.
  • istawi
    Participant
    Nombre d'articles : 3

    Non c’est bon comme par magie -ou presque plus aucun probleme :bravo1:
    J’espere que ce genre de mésaventure ne se reproduira pas de si tôt parce que c’est galère…

    merci :content32: la team sosvirus :merci2:

  • Destrio5
    Participant
    Nombre d'articles : 211

    On peut regarder s’il y a autre chose à supprimer/modifier.

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton Bureau.
    • Installe le logiciel et lance ZHPDiag.
    • Clique sur Configurer puis sur la loupe la plus à droite Diagnostic avec légitimes.

    • A la fenêtre Voulez-vous un rapport full options ?, clique sur Oui et patiente le temps du scan.

      Note : ne pas fermer le programme même s’il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé, un rapport est créé sur le Bureau.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie-colle le lien fourni dans ta prochaine réponse.
  • Destrio5
    Participant
    Nombre d'articles : 211

    Pas de nouvelle de ta part pour ZHPDiag, je passe le sujet en résolu.

    Bonne journée.

Le sujet ‘HELP Clé usb infectée’ est fermé à de nouvelles réponses.