infection VBS agent AXN 2013-12-09T15:28:39+00:00
  • Auteur
    Messages
  • azajoke
    Participant
    Post count: 70

    Bonjour,

    Mon ordinateur est infecté par le virus VBS-Agent-AXN [TRj] détecté par Avast.
    Je constate les effets lors de l’ouverture de mes cartes SD et mini SD (raccourcis à la place des dossiers, dossiers cachés…)

    Je voudrais savoir comment me débarrasser de ce virus? (une idée de comment j’ai pu attraper ça?)

    Suite à la lecture d’un sujet similaire j’ai téléchargé UsbFix et je lui ai demandé une suppression. J’ai donc un rapport pour une de mes cartes SD surement infectée, je n’ai pas de lecteur multicartes, dois-je faire un rapport pour chaque carte?)

    [spoiler:knp482pb]############################## | UsbFix V 7.153 | [Suppression]

    Utilisateur: Jo (Administrateur) # PC-DE-JO
    Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 16:02:28 | 09/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Quanta (3069)
    CPU: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
    RAM -> [Total : 3002 | Free : 1094]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 32.0.1700.41

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 223 Go (29 Go libre(s) – 13%) [] # NTFS
    D: -> Disque fixe # 10 Go (1 Go libre(s) – 13%) [RECOVERY] # NTFS
    E: -> CD-ROM
    G: -> Disque amovible # 15 Go (1 Go libre(s) – 8%) [] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195STacSV.exe (ID: 1148 |ParentID: 644)
    Stoppé! C:Windowssystem32SLsvc.exe (ID: 1256 |ParentID: 644)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1596 |ParentID: 644)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1768 |ParentID: 644)
    Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1968 |ParentID: 644)
    Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195aestsrv.exe (ID: 1984 |ParentID: 644)
    Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1996 |ParentID: 644)
    Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 416 |ParentID: 644)
    Stoppé! C:Program FilesSMINSTBLService.exe (ID: 1276 |ParentID: 644)
    Stoppé! C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 1384 |ParentID: 644)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2076 |ParentID: 644)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2768 |ParentID: 1128)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 3272 |ParentID: 1128)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3484 |ParentID: 2828)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 3492 |ParentID: 2828)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3520 |ParentID: 2828)
    Stoppé! C:Program FilesHPQuickPlayQPService.exe (ID: 3536 |ParentID: 2828)
    Stoppé! C:Program FilesWindows DefenderMSASCui.exe (ID: 3568 |ParentID: 2828)
    Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3592 |ParentID: 2828)
    Stoppé! C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 3660 |ParentID: 2828)
    Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3688 |ParentID: 2828)
    Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 3704 |ParentID: 2828)
    Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3764 |ParentID: 2828)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3776 |ParentID: 2828)
    Stoppé! C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3796 |ParentID: 2828)
    Stoppé! C:Program FilesSFRKit9props.exe (ID: 3808 |ParentID: 2828)
    Stoppé! C:Program FilesSonySony PC CompanionPCCompanion.exe (ID: 3828 |ParentID: 2828)
    Stoppé! C:WindowsSystem32wscript.exe (ID: 3836 |ParentID: 2828)
    Stoppé! C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 3848 |ParentID: 2828)
    Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 4036 |ParentID: 840)
    Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 3196 |ParentID: 644)
    Stoppé! C:Program FilesSonySony PC CompanionPCCompanionInfo.exe (ID: 2976 |ParentID: 3828)
    Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3948 |ParentID: 3520)
    Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 3544 |ParentID: 644)
    Stoppé! C:Program FilesHPDigital ImagingbinhpqSTE08.exe (ID: 2676 |ParentID: 3848)
    Stoppé! C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 3636 |ParentID: 840)
    Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 2688 |ParentID: 644)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 12 |ParentID: 2828)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5924 |ParentID: 12)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5044 |ParentID: 12)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5848 |ParentID: 1112)
    Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 4444 |ParentID: 2076)
    Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 5136 |ParentID: 2076)
    Stoppé! C:Windowssystem32conime.exe (ID: 5876 |ParentID: 3616)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
    04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
    04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
    04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
    04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate26e3dfec-3be0-4999-aa0e-fc87b4b74fe9.exe /check
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program FilesSFRKit9props.exe” /trayicon
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Facebook Update] – “C:UsersJoAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Sony PC Companion] – “C:Program FilesSonySony PC CompanionPCCompanion.exe” /Background
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersJoAppDataLocalTempiTunesHelper.vbe”

    ################## | Recherche générique |

    Supprimé! C:UsersJoAppDataLocalTempiTunesHelper.vbe
    Supprimé! C:UsersJoAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Supprimé! G:iTunesHelper.vbe
    Supprimé! G:DCIM.lnk
    Supprimé! G:NIKON001.lnk
    Supprimé! D:desktop.ini

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersJoAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersJoAppDataLocalTempiTunesHelper.vbe
    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> G:iTunesHelper.vbe

    ################## | Comparaison MD5 |

    -> Pas de valeur Md5 identique trouvée.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKUS-1-5-21-4014418277-1995924876-2796588854-1000Software….Mountpoints2{99f73c11-a693-11e2-a8ba-00238bc54655}
    Supprimé! HKUS-1-5-21-4014418277-1995924876-2796588854-1000Software….Mountpoints2{b42d6d8b-373e-11df-b22b-00238bc54655}

    ################## | Listing |

    [13/03/2013 – 19:25:47 | N | 23 Ko] – C:AdwCleaner[R1].txt
    [13/03/2013 – 19:26:39 | N | 0 Ko] – C:AdwCleaner[S1].txt
    [13/03/2013 – 19:43:58 | N | 22 Ko] – C:AdwCleaner[R2].txt
    [13/03/2013 – 19:44:50 | N | 21 Ko] – C:AdwCleaner[S2].txt
    [09/12/2013 – 16:10:57 | A | 10 Ko] – C:UsbFix [Clean 1] PC-DE-JO.txt
    [18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
    [09/12/2013 – 15:21:15 | ASH | 3381432 Ko] – C:pagefile.sys
    [09/12/2013 – 15:21:17 | ASH | 3075004 Ko] – C:hiberfil.sys
    [04/10/2009 – 16:02:18 | D] – C:System.sav
    [12/08/2013 – 11:49:09 | SHD] – C:$RECYCLE.BIN
    [18/09/2006 – 22:43:36 | A | 0 Ko] – C:autoexec.bat
    [02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
    [21/01/2008 – 03:43:50 | D] – C:PerfLogs
    [25/02/2009 – 03:52:49 | RHD] – C:MSOCache
    [11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
    [04/10/2009 – 16:01:44 | D] – C:HP
    [04/10/2009 – 16:02:18 | D] – C:SwSetup
    [13/03/2012 – 20:10:05 | D] – C:Users
    [22/10/2012 – 20:27:00 | SHD] – C:boot
    [28/10/2013 – 12:33:30 | D] – C:AdwCleaner
    [04/12/2013 – 17:53:11 | SHD] – C:System Volume Information
    [08/12/2013 – 11:23:54 | D] – C:Program Files
    [09/12/2013 – 15:21:14 | D] – C:Windows
    [09/12/2013 – 15:24:05 | HD] – C:ProgramData
    [09/12/2013 – 16:10:37 | D] – C:UsbFix
    [12/09/2008 – 16:38:26 | SH | 146 Ko] – D:protect.turkish
    [12/09/2008 – 16:38:10 | SH | 145 Ko] – D:protect.swedish
    [12/09/2008 – 16:37:52 | SH | 144 Ko] – D:protect.spanish
    [12/09/2008 – 16:37:32 | SH | 146 Ko] – D:protect.slovak
    [12/09/2008 – 16:37:16 | SH | 145 Ko] – D:protect.russian
    [15/09/2008 – 15:06:54 | N | 149 Ko] – D:protect.romanian
    [04/10/2009 – 16:01:02 | N | 0 Ko] – D:BLOCK.RIN
    [12/09/2008 – 16:36:58 | SH | 145 Ko] – D:protect.portuguese brazilian
    [12/09/2008 – 16:36:42 | SH | 145 Ko] – D:protect.portuguese
    [12/09/2008 – 16:36:24 | SH | 146 Ko] – D:protect.polish
    [12/09/2008 – 16:36:08 | SH | 144 Ko] – D:protect.norwegian
    [09/12/2013 – 15:21:34 | N | 0 Ko] – D:MASTER.LOG
    [12/09/2008 – 16:35:50 | SH | 154 Ko] – D:protect.korean
    [12/09/2008 – 16:35:32 | SH | 148 Ko] – D:protect.japanese
    [12/09/2008 – 16:35:02 | SH | 144 Ko] – D:protect.italian
    [12/09/2008 – 16:34:40 | N | 145 Ko] – D:protect.hungarian
    [10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
    [12/09/2008 – 16:34:22 | SH | 151 Ko] – D:protect.hebrew
    [12/09/2008 – 16:33:58 | SH | 149 Ko] – D:protect.greek
    [12/09/2008 – 16:33:40 | SH | 144 Ko] – D:protect.german
    [12/09/2008 – 16:33:20 | SH | 144 Ko] – D:protect.french
    [12/09/2008 – 16:32:56 | SH | 145 Ko] – D:protect.finnish
    [12/09/2008 – 16:32:38 | SH | 145 Ko] – D:protect.english
    [12/09/2008 – 16:32:20 | N | 145 Ko] – D:protect.ed
    [12/09/2008 – 16:32:00 | SH | 145 Ko] – D:protect.dutch
    [12/09/2008 – 16:31:40 | SH | 145 Ko] – D:protect.danish
    [12/09/2008 – 16:31:20 | SH | 146 Ko] – D:protect.czech
    [12/09/2008 – 16:30:56 | SH | 146 Ko] – D:protect.chinese traditional
    [12/09/2008 – 16:30:34 | SH | 147 Ko] – D:protect.chinese simplified
    [12/09/2008 – 16:22:34 | SH | 146 Ko] – D:protect.chinese hong kong
    [15/09/2008 – 15:06:26 | N | 148 Ko] – D:protect.bulgarian
    [13/03/2012 – 20:12:22 | SHD] – D:$RECYCLE.BIN
    [12/09/2008 – 16:18:34 | SH | 152 Ko] – D:protect.arabic
    [03/10/2006 – 22:02:44 | SH | 428 Ko] – D:bootmgr
    [26/05/2009 – 04:06:57 | RD] – D:RECOVERY
    [26/05/2009 – 04:06:58 | RSHD] – D:boot
    [26/05/2009 – 04:07:06 | D] – D:WINDOWS
    [26/05/2009 – 04:07:06 | RSHD] – D:SOURCES
    [26/05/2009 – 04:07:07 | RSHD] – D:PRELOAD
    [26/05/2009 – 04:07:13 | D] – D:Tools
    [26/05/2009 – 04:07:14 | D] – D:HP
    [04/12/2013 – 17:54:04 | SHD] – D:System Volume Information
    [03/12/2012 – 19:33:42 | N | 1 Ko] – G:NIKON001.DSC
    [11/05/2013 – 12:04:50 | D] – G:DCIM

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:knp482pb]

    Merci de vos réponses.

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    salut :)

    change tous tes mots de passe ils ont été volés

    suite à cela ,

    • Télécharge MalwareBytes Anti-Malware
    • Installe le. Décoche “Activer l’essai gratuit de Malwarebytes Anti-Malware PRO”
    • Lance Malwarebytes’ Anti-Malware.
    • Clic sur l’onglet “Mises à jours” puis sur “Rechercher des mises à jours”
    • Clic sur l’onglet “Recherche“, coche “éxécuter un examen complet” puis clic sur Rechercher

    • A la fin de l’analyse, si MBAM n’a rien trouvé :
      • Clic sur OK, le rapport s’ouvre spontanément
    • Si des menaces ont été détectées :
      • Clic sur OK puis “Afficher les résultats
      • Choisis l’option “Supprimer la sélection
      • Si MBAM demande le redémarrage de Windows : Clic sur “Oui
      • Une fois le PC redémarré, le rapport se trouve dans l’onglet “Rapports/Logs
      • Sinon le rapport s’ouvre automatiquement après la suppression
      • Poste le rapport dans ta prochaine réponse

  • azajoke
    Participant
    Post count: 70

    oh :shocked: ….tous mes mots de passe c’est à dire? ceux de l’ordinateur proprement dit (entrée dans ma session) ou vraiment tous?

    car je suis inscrite sur de nombreux sites, perso(fb, email…) comme adminitratifs (banque, cpam, caf etc) alors je vais en mettre du temps si je dois tous les retrouver et changer….
    je fais le test malware selon votre réponse.

    Encore merci

  • azajoke
    Participant
    Post count: 70

    Re coucou

    J’insiste pour savoir de quels mots de passe il s’agit? mais au cas où j’ai déjà changé les principaux…

    J’ai fait le test Malware anti malware

    rien d’infecté voici le rapport :

    [spoiler:2sz6cd9j]Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.12.09.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Jo :: PC-DE-JO [administrateur]

    09/12/2013 17:38:43
    mbam-log-2013-12-09 (17-38-43).txt

    Type d'examen: Examen complet (C:|D:|E:|G:|)
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 468763
    Temps écoulé: 2 heure(s), 8 minute(s), 29 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    (fin)[/spoiler:2sz6cd9j]

    :interro: est -ce le pc seulement qui était infecté par ce virus ou les cartes SD etc aussi, car j’ai supprimé avec usbfix qu’avec une des 3 qui ont été touchées par le virus?

    dois-je faire des recherches/nettoyages en +? :interro:

    :merci2: :merci:

    :merci2:

  • azajoke
    Participant
    Post count: 70

    je vous ajoute les rapports “suppression” d’usbfix de mes 2 autres cartes mini SD touchées par le virus

    voici le premier
    [spoiler:32ypcm00]############################## | UsbFix V 7.153 | [Suppression]

    Utilisateur: Jo (Administrateur) # PC-DE-JO
    Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 22:15:30 | 09/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Quanta (3069)
    CPU: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
    RAM -> [Total : 3002 | Free : 1388]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 32.0.1700.41

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 223 Go (25 Go libre(s) – 11%) [] # NTFS
    D: -> Disque fixe # 10 Go (1 Go libre(s) – 12%) [RECOVERY] # NTFS
    E: -> CD-ROM
    G: -> Disque amovible # 2 Go (597 Mo libre(s) – 32%) [] # FAT

    ################## | Processus Stoppés |

    Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195STacSV.exe (ID: 1156 |ParentID: 652)
    Stoppé! C:Windowssystem32SLsvc.exe (ID: 1264 |ParentID: 652)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1616 |ParentID: 652)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1800 |ParentID: 652)
    Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1980 |ParentID: 652)
    Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195aestsrv.exe (ID: 1996 |ParentID: 652)
    Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 2008 |ParentID: 652)
    Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 308 |ParentID: 652)
    Stoppé! C:Program FilesSMINSTBLService.exe (ID: 1356 |ParentID: 652)
    Stoppé! C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 1400 |ParentID: 652)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2088 |ParentID: 652)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2760 |ParentID: 1124)
    Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 3944 |ParentID: 652)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 4080 |ParentID: 1124)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2744 |ParentID: 1344)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2920 |ParentID: 1344)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 284 |ParentID: 1344)
    Stoppé! C:Program FilesHPQuickPlayQPService.exe (ID: 2056 |ParentID: 1344)
    Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 3308 |ParentID: 840)
    Stoppé! C:Program FilesWindows DefenderMSASCui.exe (ID: 3460 |ParentID: 1344)
    Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3172 |ParentID: 1344)
    Stoppé! C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 3132 |ParentID: 1344)
    Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3264 |ParentID: 1344)
    Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 3260 |ParentID: 1344)
    Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3672 |ParentID: 1344)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3688 |ParentID: 1344)
    Stoppé! C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3544 |ParentID: 1344)
    Stoppé! C:Program FilesSFRKit9props.exe (ID: 3628 |ParentID: 1344)
    Stoppé! C:Program FilesSonySony PC CompanionPCCompanion.exe (ID: 3652 |ParentID: 1344)
    Stoppé! C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 1628 |ParentID: 1344)
    Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 3984 |ParentID: 652)
    Stoppé! C:Program FilesSonySony PC CompanionPCCompanionInfo.exe (ID: 212 |ParentID: 3652)
    Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 3240 |ParentID: 652)
    Stoppé! C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 2200 |ParentID: 840)
    Stoppé! C:Program FilesHPDigital ImagingbinhpqSTE08.exe (ID: 3640 |ParentID: 1628)
    Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4392 |ParentID: 284)
    Stoppé! C:Windowsnotepad.exe (ID: 3440 |ParentID: 5832)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5208 |ParentID: 1108)
    Stoppé! C:Windowssystem32conime.exe (ID: 5488 |ParentID: 5168)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
    04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
    04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
    04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
    04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate26e3dfec-3be0-4999-aa0e-fc87b4b74fe9.exe /check
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program FilesSFRKit9props.exe” /trayicon
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Facebook Update] – “C:UsersJoAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Sony PC Companion] – “C:Program FilesSonySony PC CompanionPCCompanion.exe” /Background

    ################## | Recherche générique |

    Supprimé! G:default-capability.lnk
    Supprimé! G:customized-capability.lnk
    Supprimé! G:.android_secure.lnk
    Supprimé! G:.bookmark_thumb1.lnk
    Supprimé! G:MoreExchange.lnk
    Supprimé! G:iTunesHelper.vbe

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> G:iTunesHelper.vbe

    ################## | Comparaison MD5 |

    -> Pas de valeur Md5 identique trouvée.

    ################## | Registre |

    ################## | Listing |

    [13/03/2013 – 19:25:47 | N | 23 Ko] – C:AdwCleaner[R1].txt
    [13/03/2013 – 19:26:39 | N | 0 Ko] – C:AdwCleaner[S1].txt
    [13/03/2013 – 19:43:58 | N | 22 Ko] – C:AdwCleaner[R2].txt
    [13/03/2013 – 19:44:50 | N | 21 Ko] – C:AdwCleaner[S2].txt
    [09/12/2013 – 16:10:57 | N | 13 Ko] – C:UsbFix [Clean 1] PC-DE-JO.txt
    [09/12/2013 – 22:21:33 | A | 9 Ko] – C:UsbFix [Clean 2] PC-DE-JO.txt
    [18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
    [09/12/2013 – 17:22:46 | ASH | 3381432 Ko] – C:pagefile.sys
    [09/12/2013 – 17:22:48 | ASH | 3075004 Ko] – C:hiberfil.sys
    [04/10/2009 – 16:02:18 | D] – C:System.sav
    [12/08/2013 – 11:49:09 | SHD] – C:$RECYCLE.BIN
    [18/09/2006 – 22:43:36 | A | 0 Ko] – C:autoexec.bat
    [02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
    [21/01/2008 – 03:43:50 | D] – C:PerfLogs
    [25/02/2009 – 03:52:49 | RHD] – C:MSOCache
    [11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
    [04/10/2009 – 16:01:44 | D] – C:HP
    [04/10/2009 – 16:02:18 | D] – C:SwSetup
    [13/03/2012 – 20:10:05 | D] – C:Users
    [22/10/2012 – 20:27:00 | SHD] – C:boot
    [28/10/2013 – 12:33:30 | D] – C:AdwCleaner
    [08/12/2013 – 11:23:54 | D] – C:Program Files
    [09/12/2013 – 15:21:14 | D] – C:Windows
    [09/12/2013 – 17:33:26 | HD] – C:ProgramData
    [09/12/2013 – 17:37:33 | D] – C:Configuration
    [09/12/2013 – 20:34:51 | SHD] – C:System Volume Information
    [09/12/2013 – 22:15:32 | D] – C:UsbFix
    [12/09/2008 – 16:38:26 | SH | 146 Ko] – D:protect.turkish
    [12/09/2008 – 16:38:10 | SH | 145 Ko] – D:protect.swedish
    [12/09/2008 – 16:37:52 | SH | 144 Ko] – D:protect.spanish
    [12/09/2008 – 16:37:32 | SH | 146 Ko] – D:protect.slovak
    [12/09/2008 – 16:37:16 | SH | 145 Ko] – D:protect.russian
    [15/09/2008 – 15:06:54 | N | 149 Ko] – D:protect.romanian
    [04/10/2009 – 16:01:02 | N | 0 Ko] – D:BLOCK.RIN
    [12/09/2008 – 16:36:58 | SH | 145 Ko] – D:protect.portuguese brazilian
    [12/09/2008 – 16:36:42 | SH | 145 Ko] – D:protect.portuguese
    [12/09/2008 – 16:36:24 | SH | 146 Ko] – D:protect.polish
    [12/09/2008 – 16:36:08 | SH | 144 Ko] – D:protect.norwegian
    [09/12/2013 – 17:23:04 | N | 0 Ko] – D:MASTER.LOG
    [12/09/2008 – 16:35:50 | SH | 154 Ko] – D:protect.korean
    [12/09/2008 – 16:35:32 | SH | 148 Ko] – D:protect.japanese
    [12/09/2008 – 16:35:02 | SH | 144 Ko] – D:protect.italian
    [09/12/2013 – 16:10:57 | RASHD] – D:Autorun.inf
    [12/09/2008 – 16:34:40 | N | 145 Ko] – D:protect.hungarian
    [10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
    [12/09/2008 – 16:34:22 | SH | 151 Ko] – D:protect.hebrew
    [12/09/2008 – 16:33:58 | SH | 149 Ko] – D:protect.greek
    [12/09/2008 – 16:33:40 | SH | 144 Ko] – D:protect.german
    [12/09/2008 – 16:33:20 | SH | 144 Ko] – D:protect.french
    [12/09/2008 – 16:32:56 | SH | 145 Ko] – D:protect.finnish
    [12/09/2008 – 16:32:38 | SH | 145 Ko] – D:protect.english
    [12/09/2008 – 16:32:20 | N | 145 Ko] – D:protect.ed
    [12/09/2008 – 16:32:00 | SH | 145 Ko] – D:protect.dutch
    [12/09/2008 – 16:31:40 | SH | 145 Ko] – D:protect.danish
    [12/09/2008 – 16:31:20 | SH | 146 Ko] – D:protect.czech
    [12/09/2008 – 16:30:56 | SH | 146 Ko] – D:protect.chinese traditional
    [12/09/2008 – 16:30:34 | SH | 147 Ko] – D:protect.chinese simplified
    [12/09/2008 – 16:22:34 | SH | 146 Ko] – D:protect.chinese hong kong
    [15/09/2008 – 15:06:26 | N | 148 Ko] – D:protect.bulgarian
    [13/03/2012 – 20:12:22 | SHD] – D:$RECYCLE.BIN
    [12/09/2008 – 16:18:34 | SH | 152 Ko] – D:protect.arabic
    [03/10/2006 – 22:02:44 | SH | 428 Ko] – D:bootmgr
    [26/05/2009 – 04:06:57 | RD] – D:RECOVERY
    [26/05/2009 – 04:06:58 | RSHD] – D:boot
    [26/05/2009 – 04:07:06 | D] – D:WINDOWS
    [26/05/2009 – 04:07:06 | RSHD] – D:SOURCES
    [26/05/2009 – 04:07:07 | RSHD] – D:PRELOAD
    [26/05/2009 – 04:07:13 | D] – D:Tools
    [26/05/2009 – 04:07:14 | D] – D:HP
    [09/12/2013 – 20:35:13 | SHD] – D:System Volume Information
    [09/12/2013 – 12:18:28 | N | 14 Ko] – G:default-capability.xml
    [09/12/2013 – 12:18:28 | N | 0 Ko] – G:customized-capability.xml
    [08/04/2011 – 09:55:34 | N | 72302 Ko | CD46511496D5A201B85D8EFFF1CD7FC4] – G:setup_3.0.5527.exe
    [28/06/2013 – 09:55:24 | D] – G:LOST.DIR
    [09/07/2012 – 13:38:20 | D] – G:.bookmark_thumb1
    [18/09/2012 – 16:35:16 | D] – G:.android_secure
    [06/01/1980 – 05:16:14 | D] – G:Android
    [07/06/2012 – 18:33:06 | D] – G:Attachments
    [18/06/2012 – 23:11:18 | D] – G:downloads
    [07/08/2012 – 08:48:38 | D] – G:mp3download
    [30/08/2012 – 16:47:44 | D] – G:MoreExchange
    [30/08/2012 – 16:47:44 | D] – G:droidhen
    [22/09/2012 – 00:19:12 | D] – G:media
    [09/07/2013 – 19:28:40 | D] – G:CrashDump
    [27/08/2013 – 09:43:52 | D] – G:data
    [22/09/2013 – 16:33:42 | D] – G:MEDIAGO
    [08/12/2013 – 01:21:08 | D] – G:DCIM
    [08/12/2013 – 01:59:26 | D] – G:Pictures
    [08/12/2013 – 01:59:34 | D] – G:image
    [08/12/2013 – 01:59:56 | D] – G:download
    [08/12/2013 – 01:59:56 | D] – G:bluetooth
    [08/12/2013 – 01:59:56 | D] – G:Music

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:32ypcm00]

    et le dernier par suppression via usbfix
    [spoiler:32ypcm00]############################## | UsbFix V 7.153 | [Suppression]

    Utilisateur: Jo (Administrateur) # PC-DE-JO
    Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 22:30:59 | 09/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Quanta (3069)
    CPU: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
    RAM -> [Total : 3002 | Free : 1775]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 32.0.1700.41

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 223 Go (25 Go libre(s) – 11%) [] # NTFS
    D: -> Disque fixe # 10 Go (1 Go libre(s) – 12%) [RECOVERY] # NTFS
    E: -> CD-ROM
    G: -> Disque amovible # 7 Go (6 Go libre(s) – 84%) [] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1616 |ParentID: 652)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3688 |ParentID: 1344)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5496 |ParentID: 652)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 5084 |ParentID: 652)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 5632 |ParentID: 1124)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2652 |ParentID: 1124)
    Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4912 |ParentID: 652)
    Stoppé! C:Windowssystem32SLsvc.exe (ID: 4188 |ParentID: 652)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4784 |ParentID: 1108)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
    04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
    04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
    04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
    04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate26e3dfec-3be0-4999-aa0e-fc87b4b74fe9.exe /check
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program FilesSFRKit9props.exe” /trayicon
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Facebook Update] – “C:UsersJoAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Sony PC Companion] – “C:Program FilesSonySony PC CompanionPCCompanion.exe” /Background

    ################## | Recherche générique |

    Supprimé! G:customized-capability.lnk
    Supprimé! G:.android_secure.lnk
    Supprimé! G:default-capability.lnk
    Supprimé! G:.bookmark_thumb1.lnk
    Supprimé! G:MoreExchange.lnk
    Supprimé! G:rosie_scroll.lnk
    Supprimé! G:MP3Downloads.lnk
    Supprimé! G:SFRMonCompte.lnk
    Supprimé! G:MesComptesBNP.lnk
    Supprimé! G:iTunesHelper.vbe

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> G:iTunesHelper.vbe

    ################## | Comparaison MD5 |

    -> Pas de valeur Md5 identique trouvée.

    ################## | Registre |

    ################## | Listing |

    [13/03/2013 – 19:25:47 | N | 23 Ko] – C:AdwCleaner[R1].txt
    [13/03/2013 – 19:26:39 | N | 0 Ko] – C:AdwCleaner[S1].txt
    [13/03/2013 – 19:43:58 | N | 22 Ko] – C:AdwCleaner[R2].txt
    [13/03/2013 – 19:44:50 | N | 21 Ko] – C:AdwCleaner[S2].txt
    [09/12/2013 – 16:10:57 | N | 13 Ko] – C:UsbFix [Clean 1] PC-DE-JO.txt
    [09/12/2013 – 22:21:36 | N | 13 Ko] – C:UsbFix [Clean 2] PC-DE-JO.txt
    [09/12/2013 – 22:38:20 | A | 6 Ko] – C:UsbFix [Clean 3] PC-DE-JO.txt
    [18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
    [09/12/2013 – 17:22:46 | ASH | 3381432 Ko] – C:pagefile.sys
    [09/12/2013 – 17:22:48 | ASH | 3075004 Ko] – C:hiberfil.sys
    [04/10/2009 – 16:02:18 | D] – C:System.sav
    [12/08/2013 – 11:49:09 | SHD] – C:$RECYCLE.BIN
    [18/09/2006 – 22:43:36 | A | 0 Ko] – C:autoexec.bat
    [02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
    [21/01/2008 – 03:43:50 | D] – C:PerfLogs
    [25/02/2009 – 03:52:49 | RHD] – C:MSOCache
    [11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
    [04/10/2009 – 16:01:44 | D] – C:HP
    [04/10/2009 – 16:02:18 | D] – C:SwSetup
    [13/03/2012 – 20:10:05 | D] – C:Users
    [22/10/2012 – 20:27:00 | SHD] – C:boot
    [28/10/2013 – 12:33:30 | D] – C:AdwCleaner
    [08/12/2013 – 11:23:54 | D] – C:Program Files
    [09/12/2013 – 15:21:14 | D] – C:Windows
    [09/12/2013 – 17:33:26 | HD] – C:ProgramData
    [09/12/2013 – 17:37:33 | D] – C:Configuration
    [09/12/2013 – 20:34:51 | SHD] – C:System Volume Information
    [09/12/2013 – 22:31:00 | D] – C:UsbFix
    [12/09/2008 – 16:38:26 | SH | 146 Ko] – D:protect.turkish
    [12/09/2008 – 16:38:10 | SH | 145 Ko] – D:protect.swedish
    [12/09/2008 – 16:37:52 | SH | 144 Ko] – D:protect.spanish
    [12/09/2008 – 16:37:32 | SH | 146 Ko] – D:protect.slovak
    [12/09/2008 – 16:37:16 | SH | 145 Ko] – D:protect.russian
    [15/09/2008 – 15:06:54 | N | 149 Ko] – D:protect.romanian
    [04/10/2009 – 16:01:02 | N | 0 Ko] – D:BLOCK.RIN
    [12/09/2008 – 16:36:58 | SH | 145 Ko] – D:protect.portuguese brazilian
    [12/09/2008 – 16:36:42 | SH | 145 Ko] – D:protect.portuguese
    [12/09/2008 – 16:36:24 | SH | 146 Ko] – D:protect.polish
    [12/09/2008 – 16:36:08 | SH | 144 Ko] – D:protect.norwegian
    [09/12/2013 – 17:23:04 | N | 0 Ko] – D:MASTER.LOG
    [12/09/2008 – 16:35:50 | SH | 154 Ko] – D:protect.korean
    [12/09/2008 – 16:35:32 | SH | 148 Ko] – D:protect.japanese
    [12/09/2008 – 16:35:02 | SH | 144 Ko] – D:protect.italian
    [09/12/2013 – 22:21:35 | RASHD] – D:Autorun.inf
    [12/09/2008 – 16:34:40 | N | 145 Ko] – D:protect.hungarian
    [10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
    [12/09/2008 – 16:34:22 | SH | 151 Ko] – D:protect.hebrew
    [12/09/2008 – 16:33:58 | SH | 149 Ko] – D:protect.greek
    [12/09/2008 – 16:33:40 | SH | 144 Ko] – D:protect.german
    [12/09/2008 – 16:33:20 | SH | 144 Ko] – D:protect.french
    [12/09/2008 – 16:32:56 | SH | 145 Ko] – D:protect.finnish
    [12/09/2008 – 16:32:38 | SH | 145 Ko] – D:protect.english
    [12/09/2008 – 16:32:20 | N | 145 Ko] – D:protect.ed
    [12/09/2008 – 16:32:00 | SH | 145 Ko] – D:protect.dutch
    [12/09/2008 – 16:31:40 | SH | 145 Ko] – D:protect.danish
    [12/09/2008 – 16:31:20 | SH | 146 Ko] – D:protect.czech
    [12/09/2008 – 16:30:56 | SH | 146 Ko] – D:protect.chinese traditional
    [12/09/2008 – 16:30:34 | SH | 147 Ko] – D:protect.chinese simplified
    [12/09/2008 – 16:22:34 | SH | 146 Ko] – D:protect.chinese hong kong
    [15/09/2008 – 15:06:26 | N | 148 Ko] – D:protect.bulgarian
    [13/03/2012 – 20:12:22 | SHD] – D:$RECYCLE.BIN
    [12/09/2008 – 16:18:34 | SH | 152 Ko] – D:protect.arabic
    [03/10/2006 – 22:02:44 | SH | 428 Ko] – D:bootmgr
    [26/05/2009 – 04:06:57 | RD] – D:RECOVERY
    [26/05/2009 – 04:06:58 | RSHD] – D:boot
    [26/05/2009 – 04:07:06 | D] – D:WINDOWS
    [26/05/2009 – 04:07:06 | RSHD] – D:SOURCES
    [26/05/2009 – 04:07:07 | RSHD] – D:PRELOAD
    [26/05/2009 – 04:07:13 | D] – D:Tools
    [26/05/2009 – 04:07:14 | D] – D:HP
    [09/12/2013 – 20:35:13 | SHD] – D:System Volume Information
    [08/12/2013 – 21:59:48 | N | 0 Ko] – G:customized-capability.xml
    [08/12/2013 – 21:59:48 | N | 7 Ko] – G:default-capability.xml
    [16/04/2013 – 15:58:18 | N | 0 Ko] – G:sim_SIM_00001.vcf
    [16/04/2013 – 22:09:58 | N | 0 Ko] – G:sim_SIM_00002.vcf
    [18/04/2013 – 16:02:22 | N | 0 Ko] – G:sim_SIM_00003.vcf
    [18/04/2013 – 16:03:46 | N | 0 Ko] – G:sim_SIM_00004.vcf
    [14/05/2013 – 18:37:24 | N | 1 Ko] – G:sim_SIM_00005.vcf
    [21/05/2013 – 14:30:36 | N | 1 Ko] – G:sim_SIM_00006.vcf
    [21/05/2013 – 14:30:50 | N | 0 Ko] – G:pcsc_pcsc_00001.vcf
    [14/09/2013 – 11:01:24 | N | 2 Ko] – G:sim_SIM_00007.vcf
    [14/09/2013 – 21:12:34 | D] – G:.mmsyscache
    [29/12/2012 – 15:41:40 | D] – G:LOST.DIR
    [22/08/2013 – 00:36:02 | D] – G:.bookmark_thumb1
    [25/06/2013 – 00:48:10 | D] – G:.android_secure
    [30/09/2012 – 13:17:56 | D] – G:Android
    [15/11/2012 – 23:42:32 | D] – G:droidhen
    [24/12/2012 – 18:49:18 | D] – G:media
    [09/01/2013 – 20:22:08 | D] – G:downloads
    [04/03/2013 – 19:02:12 | D] – G:MoreExchange
    [04/03/2013 – 19:55:20 | D] – G:tapjoy
    [18/03/2013 – 17:52:02 | D] – G:BlackBerry
    [24/03/2013 – 11:32:26 | D] – G:rosie_scroll
    [14/05/2013 – 23:56:02 | D] – G:zedge
    [17/05/2013 – 22:55:42 | D] – G:ian
    [15/06/2013 – 12:15:28 | D] – G:Music
    [13/07/2013 – 07:10:02 | D] – G:viber
    [01/08/2013 – 07:11:46 | D] – G:Ringtones
    [23/08/2013 – 19:07:34 | D] – G:SFRMonCompte
    [02/09/2013 – 06:50:44 | D] – G:simplemp3
    [14/09/2013 – 11:21:50 | D] – G:data
    [17/09/2013 – 09:15:32 | D] – G:MesComptesBNP
    [10/10/2013 – 04:51:14 | D] – G:MP3Downloads
    [11/10/2013 – 11:43:52 | D] – G:musicv2
    [02/11/2013 – 14:33:22 | D] – G:bluetooth
    [05/12/2013 – 20:50:04 | D] – G:MEDIAGO
    [07/12/2013 – 10:44:16 | D] – G:Download
    [09/12/2013 – 14:05:40 | D] – G:dcim

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:32ypcm00]

    ???
    :thankU

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    re

    car je suis inscrite sur de nombreux sites, perso(fb, email…) comme adminitratifs (banque, cpam, caf etc)

    oui surtout ceux-là et previens ta banque que tu as été infectée et qu’il risque d’y avoir des problèmes

  • azajoke
    Participant
    Post count: 70

    Un très grand merci pour m’avoir prévenu des possibles conséquences de ce virus!

    J’ai appelé ma banque qui m’a dit qu’il n’y avait rien d’autre à faire que de changer mes codes… :( surveiller et s’il y a une transaction anormale je dois rapidement le signaler.

    :virusalert: Vu mon rapport malware et les ceux d’usbfix dois-je considérer mon problème d’infection comme résolu? :interro:

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    on va faire un diagnostique

    • Copie le script ci dessous :
      HKCUSoftware
      HKLMSoftware
      HKCUSoftwareMicrosoftCommand Processor /s
      HKLMSoftwareMicrosoftCommand Processor /s
      %Homedrive%*
      %Homedrive%*.
      %Userprofile%*
      %Userprofile%*.
      %Allusersprofile%*
      %Allusersprofile%*.
      %LocalAppData%*
      %LocalAppData%*.
      %Userprofile%Local SettingsApplication Data*
      %Userprofile%Local SettingsApplication Data*.
      %programFiles%*
      %programfiles%GoogleDesktopInstall /s
      %programFiles%*.
      %Systemroot%Installer*.
      %Systemroot%Temp*.exe /s
      %systemroot%system32*.dll /lockedfiles
      %systemroot%system32*.exe /lockedfiles
      %systemroot%system32*.in*
      %systemroot%Tasks*
      %systemroot%Tasks*.
      %systemroot%system32Tasks*
      %systemroot%system32Tasks*.
      %systemroot%system32drivers*.sy* /lockedfiles
      %systemroot%system32config*.exe /s
      %Systemroot%ServiceProfiles*.exe /s
      %systemroot%system32*.sys
      dir %Homedrive%* /S /A:L /C
      msconfig
      activex
      /md5start
      explorer.exe
      winlogon.exe
      wininit.exe
      volsnap.sys
      atapi.sys
      ndis.sys
      cdrom.sys
      i8042prt.sys
      iastor.sys
      tdx.sys
      netbt.sys
      afd.sys
      /md5stop
      netsvcs
      safebootminimal
      safebootnetwork
      CREATERESTOREPOINT
    • Télécharge OTL (by OldTimer) sur ton bureau.
    • Lance OTL, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche/Sélectionne les cases comme l’image ci dessous
    • Colle le Script copié plus haut dans la partie inférieure d’OTL “Personnalisation”
    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

  • azajoke
    Participant
    Post count: 70

    “Les fichiers avec l’extension .Txt ne peuvent pas �tre uploadés !”

    voilà ce que ça me note sur sosupload quand je tente d’heberger les 2 rapports d’OTL

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    passe par ici : http://cjoint.com” onclick=”window.open(this.href);return false;

  • azajoke
    Participant
    Post count: 70

    Alors voici les 2 rapports OTL :

    http://cjoint.com/?0LkqYUYBUgy” onclick=”window.open(this.href);return false;
    http://cjoint.com/?0Lkq1bYEaoo” onclick=”window.open(this.href);return false;

    :merci:

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
  • azajoke
    Participant
    Post count: 70

    # AdwCleaner v3.014 – Rapport créé le 10/12/2013 à 17:55:17
    # Mis à jour le 01/12/2013 par Xplode
    # Système d’exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # Nom d’utilisateur : Jo – PC-DE-JO
    # Exécuté depuis : C:UsersJoDownloadsadwcleaner (1).exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Program Fileswebplayer
    Dossier Supprimé : C:UsersJoAppDataRoamingwebplayer

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKCUSoftwareSIEN SA
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{0EEDB912-C5FA-486F-8334-57288578C627}
    Clé Supprimée : HKLMSoftwareUniblue
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components43C098337DB065A49B665D4EA7F16D1C
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA71991503412AEB42838B02C5ED9F9CD
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF2E0D3DD9E5E4B74CA43BCE77815E287
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF7652513C62FF63448CFF05163719DB7

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v9.0.8112.16520

    -\ Google Chrome v32.0.1700.41

    [ Fichier : C:UsersJoAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [9297 octets] – [28/10/2013 12:31:29]
    AdwCleaner[R1].txt – [1804 octets] – [10/12/2013 17:50:43]
    AdwCleaner[S0].txt – [9480 octets] – [28/10/2013 12:33:21]
    AdwCleaner[S1].txt – [1739 octets] – [10/12/2013 17:55:17]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [1799 octets] ##########

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    génial :)

    refais OTL comme precedement , je te vire les restes avec un script et on plie avec le menage :)

  • azajoke
    Participant
    Post count: 70

    :super:

    voici les 2 nouveaux rapports d’OTL :

    http://cjoint.com/?0Lkt7T1Farc” onclick=”window.open(this.href);return false;
    http://cjoint.com/?0Lkub33K0A3” onclick=”window.open(this.href);return false;

    :bravo1:

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    re

    ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit “executer en tant que….”

    sur OTL.exe pour le lancer.

    Copie la liste qui se trouve en gras ci-dessous,
    colle-la dans la zone sous “Personnalisation” :


    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    DRV – File not found [Kernel | On_Demand | Stopped] — C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys — (esgiguard)
    IE – HKLM..SearchScopes{7B4799B2-41C5-4B70-BFA3-6649AA421DE0}: “URL” = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query=” onclick=”window.open(this.href);return false;{searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
    IE – HKLM..SearchScopes{C238042E-D3CE-4DAF-9757-9A9A79EFC3E3}: “URL” = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery=” onclick=”window.open(this.href);return false;{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
    IE – HKUS-1-5-21-4014418277-1995924876-2796588854-1000..SearchScopes{3A154CCB-CD07-4257-97AB-E04A72B8E1F5}: “URL” = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q=” onclick=”window.open(this.href);return false;{searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
    IE – HKUS-1-5-21-4014418277-1995924876-2796588854-1000..SearchScopes{5A4E5971-2809-443C-985D-FDB5AF6BB891}: “URL” = http://fr.search.yahoo.com/search?p=” onclick=”window.open(this.href);return false;{searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
    IE – HKUS-1-5-21-4014418277-1995924876-2796588854-1000..SearchScopes{7B4799B2-41C5-4B70-BFA3-6649AA421DE0}: “URL” = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query=” onclick=”window.open(this.href);return false;{searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
    IE – HKUS-1-5-21-4014418277-1995924876-2796588854-1000..SearchScopes{C238042E-D3CE-4DAF-9757-9A9A79EFC3E3}: “URL” = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery=” onclick=”window.open(this.href);return false;{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
    IE – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 1
    IE – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyOverride” = *.local;
    [2012/03/11 12:19:39 | 000,000,000 | —D | M] (uTorrentBar_FR Community Toolbar) — C:UsersJoAppDataRoamingMozillaFirefoxextensions{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
    O3 – HKLM..Toolbar: (no name) – – No CLSID value found.
    O3 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000..ToolbarWebBrowser: (no name) – {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} – No CLSID value found.
    O3 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000..ToolbarWebBrowser: (no name) – {2318C2B1-4965-11D4-9B18-009027A5CD4F} – No CLSID value found.
    O4 – Startup: C:UsersInvitéAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOutil de notification de cadeaux MSN.lnk = C:UsersInvitéAppDataRoamingMicrosoftOutil de notification de cadeaux MSNmsnotif.exe (Microsoft Corporation)
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab” onclick=”window.open(this.href);return false; (Reg Error: Key error.)
    O20 – AppInit_DLLs: (c:progra~2browse~123796~1.11{16cdf~1browse~1.dll) – File not found
    [1 C:WindowsSystem32drivers*.tmp files -> C:WindowsSystem32drivers*.tmp -> ]
    [1 C:Windows*.tmp files -> C:Windows*.tmp -> ]
    [1 C:Program Files*.tmp files -> C:Program Files*.tmp -> ]
    [2009/12/09 22:14:50 | 000,000,000 | —D | M] — C:ProgramDataNorton
    [2009/02/25 02:59:57 | 000,000,000 | —D | M] — C:ProgramDataNortonInstaller
    [2012/09/13 20:43:19 | 000,000,000 | —D | M] — C:Program FilesGUM389.tmp
    [2010/04/29 09:41:17 | 000,003,154 | —- | M] () — C:Windowssystem32TasksCreateChoiceProcessTask
    [2011/07/16 15:18:13 | 000,003,254 | —- | M] () — C:Windowssystem32TasksRunAsStdUser Task

    :reg
    [-HKEY_LOCAL_MACHINESoftwareBrowserChoice]
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
    “EnableFirewall” =DWORD:0
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
    “EnableFirewall” =DWORD:0
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
    “EnableFirewall” =DWORD:0
    [-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{F750DB0E-D452-3108-63C9-FE16BC686741}]

    :Files
    C:WindowsTemp*
    @Alternate Data Stream – 145 bytes -> C:ProgramDataTemp:895A78C5
    @Alternate Data Stream – 144 bytes -> C:ProgramDataTemp:C72A744C
    @Alternate Data Stream – 124 bytes -> C:ProgramDataTemp:94B46CA2
    @Alternate Data Stream – 102 bytes -> C:ProgramDataTemp:581B0446

    :commands
    [emptytemp]

    Clique sur “Correction” pour lancer la suppression.

    Poste le rapport qui logiquement s’ouvrira tout seul en fin de travail appres le redemarrage.

  • azajoke
    Participant
    Post count: 70

    Bonsoir,

    J ai lancé OTL avec le script personnalisé mais au bout de quelques minutes Windows à ouvert une fenêtre d’erreur et le seul choix proposé était De fermer le programme en cours donc OTL j ai donc cliquer sur cette option depuis rien de se passe, le bureau n est plus visible, seul mon fond d’écran et la flèche de la souris(qui est active)….

    Je préfère te demander quoi faire? :interro: car j hésite à éteindre l ordi manuellement

  • azajoke
    Participant
    Post count: 70

    Re, finalement j’ai tenté Ctrl Alt Suppr et j’ai pu redémarrer l’ordi par le gestionnaire de tâches. Il s’est rallumé normalement, et un rapport s’est malgré tout crée..le voici :

    FilesFolders moved on Reboot…
    Folder move failed. C:WindowsTemp_avast_ scheduled to be moved on reboot.

    PendingFileRenameOperations files…

    Registry entries deleted on Reboot…

    J’attends donc tes instructions^^

    :merci2:

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    ca a pas fonctionné ;)

    refais le script en mode sans echec :)

  • azajoke
    Participant
    Post count: 70

    ça a fonctionné en mode sans échec ;) :

    [spoiler:1r4b4r33]All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    No active process named firefox.exe was found!
    No active process named msnmsgr.exe was found!
    No active process named Teatimer.exe was found!
    ========== OTL ==========
    Error: No service named esgiguard was found to stop!
    ServiceDriver key esgiguard not found.
    File C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{7B4799B2-41C5-4B70-BFA3-6649AA421DE0} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7B4799B2-41C5-4B70-BFA3-6649AA421DE0} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{C238042E-D3CE-4DAF-9757-9A9A79EFC3E3} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{C238042E-D3CE-4DAF-9757-9A9A79EFC3E3} not found.
    Registry key HKEY_USERSS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftInternet ExplorerSearchScopes{3A154CCB-CD07-4257-97AB-E04A72B8E1F5} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3A154CCB-CD07-4257-97AB-E04A72B8E1F5} not found.
    Registry key HKEY_USERSS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftInternet ExplorerSearchScopes{5A4E5971-2809-443C-985D-FDB5AF6BB891} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{5A4E5971-2809-443C-985D-FDB5AF6BB891} not found.
    Registry key HKEY_USERSS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftInternet ExplorerSearchScopes{7B4799B2-41C5-4B70-BFA3-6649AA421DE0} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7B4799B2-41C5-4B70-BFA3-6649AA421DE0} not found.
    Registry key HKEY_USERSS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftInternet ExplorerSearchScopes{C238042E-D3CE-4DAF-9757-9A9A79EFC3E3} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{C238042E-D3CE-4DAF-9757-9A9A79EFC3E3} not found.
    HKUS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings\ProxyEnable|dword:0 /E : value set successfully!
    HKUS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings\ProxyOverride| /E : value set successfully!
    Folder C:UsersJoAppDataRoamingMozillaFirefoxextensions{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} not found.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar\ not found.
    Registry value HKEY_USERSS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftInternet ExplorerToolbarWebBrowser\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} not found.
    Registry value HKEY_USERSS-1-5-21-4014418277-1995924876-2796588854-1000SoftwareMicrosoftInternet ExplorerToolbarWebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    File move failed. C:UsersInvitéAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOutil de notification de cadeaux MSN.lnk scheduled to be moved on reboot.
    File C:UsersInvitéAppDataRoamingMicrosoftOutil de notification de cadeaux MSNmsnotif.exe not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found.
    Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows\AppInit_Dlls:c:progra~2browse~123796~1.11{16cdf~1browse~1.dll deleted successfully.
    File/Folder C:WindowsSystem32drivers*.tmp not found.
    File/Folder C:Windows*.tmp not found.
    File/Folder C:Program Files*.tmp not found.
    Folder C:ProgramDataNorton not found.
    Folder C:ProgramDataNortonInstaller not found.
    Folder C:Program FilesGUM389.tmp not found.
    File C:Windowssystem32TasksCreateChoiceProcessTask not found.
    File C:Windowssystem32TasksRunAsStdUser Task not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINESoftwareBrowserChoice not found.
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile\”EnableFirewall” |DWORD:0 /E : value set successfully!
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile\”EnableFirewall” |DWORD:0 /E : value set successfully!
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile\”EnableFirewall” |DWORD:0 /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{F750DB0E-D452-3108-63C9-FE16BC686741} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F750DB0E-D452-3108-63C9-FE16BC686741} not found.
    ========== FILES ==========
    C:WindowsTempcoinlog.log moved successfully.
    C:WindowsTemphpqddsvc.log moved successfully.
    C:WindowsTempHPSLPSVC0000.log moved successfully.
    C:WindowsTempHPSLPSVC0001.log moved successfully.
    C:WindowsTemp_avast_ folder moved successfully.
    Unable to delete ADS C:ProgramDataTemp:895A78C5 .
    Unable to delete ADS C:ProgramDataTemp:C72A744C .
    Unable to delete ADS C:ProgramDataTemp:94B46CA2 .
    Unable to delete ADS C:ProgramDataTemp:581B0446 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Invité
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 367542365 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 84074124 bytes
    ->Flash cache emptied: 7725 bytes

    User: Jo
    ->Temp folder emptied: 785639039 bytes
    ->Temporary Internet Files folder emptied: 7561549 bytes
    ->Java cache emptied: 31507377 bytes
    ->Google Chrome cache emptied: 241242977 bytes
    ->Flash cache emptied: 58025 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1 447,00 mb

    OTL by OldTimer – Version 3.2.69.0 log created on 12112013_210034

    FilesFolders moved on Reboot…
    FileFolder C:UsersInvitéAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOutil de notification de cadeaux MSN.lnk not found!

    PendingFileRenameOperations files…

    Registry entries deleted on Reboot…[/spoiler:1r4b4r33]

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    1.5 Go de gagnés ^^

    encore des soucis ?

  • azajoke
    Participant
    Post count: 70

    :bravo1:

    :super:

    Tout roule, ça rame moins d’ailleurs^^
    Ménage terminé tu penses?

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    hello :D

    tadaaaa le final

    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche la case suivantes :
      • Réactiver l’UAC
      • Supprimer les outils de désinfection
      • Effectuer une sauvegarde du registre
      • Purger la restauration système
      • Réinitialisation des paramètres système

    [fin2desinf:37acahzo][/fin2desinf:37acahzo]

  • azajoke
    Participant
    Post count: 70

    TADAAA the last rapport :

    [spoiler:2ryr4wum]# DelFix v10.6 – Rapport créé le 12/12/2013 à 16:27:58
    # Mis à jour le 11/11/2013 par Xplode
    # Nom d'utilisateur : Jo – PC-DE-JO
    # Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)

    ~ Activation de l'UAC … OK

    ~ Suppression des outils de désinfection …

    Supprimé : C:USBFix
    Supprimé : C:_OTL
    Supprimé : C:AdwCleaner
    Supprimé : C:AdwCleaner[R1].txt
    Supprimé : C:AdwCleaner[R2].txt
    Supprimé : C:AdwCleaner[S1].txt
    Supprimé : C:AdwCleaner[S2].txt
    Supprimé : C:UsbFix [Clean 1] PC-DE-JO.txt
    Supprimé : C:UsbFix [Clean 2] PC-DE-JO.txt
    Supprimé : C:UsbFix [Clean 3] PC-DE-JO.txt
    Supprimé : C:UsersJoDesktopadwcleaner (1).exe
    Supprimé : C:UsersJoDesktopadwcleaner.exe
    Supprimé : C:UsersJoDesktopExtras.Txt
    Supprimé : C:UsersJoDesktopOTL.Txt
    Supprimé : C:UsersJoDesktopOTL.exe
    Supprimé : C:UsersJoDesktopUsbFix.exe
    Supprimée : HKCUSoftwareUSBFix
    Supprimée : HKLMSOFTWAREOldTimer Tools
    Supprimée : HKLMSOFTWAREAdwCleaner
    Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallUSBFix

    ~ Sauvegarde de la base de registre … OK

    ~ Purge de la restauration système …

    Supprimé : RP #891 [Point de contrôle planifié | 11/18/2013 18:10:50]
    Supprimé : RP #892 [Windows Update | 11/19/2013 15:52:09]
    Supprimé : RP #893 [Point de contrôle planifié | 11/20/2013 12:45:35]
    Supprimé : RP #894 [Windows Update | 11/26/2013 17:22:45]
    Supprimé : RP #895 [Point de contrôle planifié | 11/27/2013 15:44:06]
    Supprimé : RP #896 [Point de contrôle planifié | 11/28/2013 16:17:58]
    Supprimé : RP #897 [Windows Update | 12/04/2013 16:51:06]
    Supprimé : RP #898 [Point de contrôle planifié | 12/09/2013 19:32:50]
    Supprimé : RP #899 [Windows Update | 12/10/2013 12:51:37]
    Supprimé : RP #900 [OTL Restore Point – 10/12/2013 14:21:23 | 12/10/2013 13:21:24]
    Supprimé : RP #901 [OTL Restore Point – 10/12/2013 19:38:32 | 12/10/2013 18:38:32]
    Supprimé : RP #902 [Point de contrôle planifié | 12/11/2013 11:15:03]
    Supprimé : RP #903 [Windows Update | 12/11/2013 21:29:06]

    Nouveau point de restauration créé !

    ~ Réinitialisation des paramètres système … OK[/spoiler:2ryr4wum]

    :merci2:

    Je viens de découvrir ce super site d’aide en cas de virus avec des bénévoles au top, un grand merci, je vais bien sûr aimer la page sur FB et parler de vous autour de moi :alcool:
    :bye:

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8305

    n’aime pas que la page , aime-nous aussi à nous ^^

    à bientôt….^^ enfin tu m’as compris lol ! mdr

Le sujet ‘infection VBS agent AXN’ est fermé à de nouvelles réponses.