Répondre à : VIRUS SUR DISQUE DUR EXTERNE 2016-09-08T12:57:46+00:00
Gaile
Participant
Nombre d'articles : 4

Bsr!

Merci!
Alors dans un 1er temps, USB fix se bloquait sans arret, j’ai un peu lu les autres forums, je l’ai donc redemarré en mode sans échec et de là, je pouvais voir les fichiers sur mon disque dur,
mais les 2 fichiers douteux sont toujours là et je ne peux pas les supprimer…
Je viens de relancer USB fixe en mode normal, il a terminé, voici le rapport:

merci…

############################## | UsbFix V 7.120 | [Suppression]

Utilisateur: Anne-Gaëlle (Administrateur) # PC-DE-ANNE-GAËL
Mis à jour le 30/03/2013 par El Desaparecido
Lancé à 21:21:26 | 03/04/2013

Site Web: http://sosvirus.org/” onclick=”window.open(this.href);return false;
Upload Malware: http://upload.sosvirus.org/” onclick=”window.open(this.href);return false;
Contact: contact@sosvirus.org

PC: Hewlett-Packard (Compaq Presario CQ71 Notebook PC) (X86-based PC)
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz (2000)
RAM -> [Total : 2974 | Free : 1601]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 288 Go (74 Go libre(s) – 26%) [] # NTFS
D: -> Disque fixe # 10 Go (1 Go libre(s) – 12%) [RECOVERY] # NTFS
E: -> CD-ROM

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – “C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
HKLMSOFTWARE | Run : [SSBkgdUpdate] – “C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe” -Embedding -boot
HKLMSOFTWARE | Run : [PaperPort PTD] – “C:Program FilesScanSoftPaperPortpptd40nt.exe”
HKLMSOFTWARE | Run : [IndexSearch] – “C:Program FilesScanSoftPaperPortIndexSearch.exe”
HKLMSOFTWARE | Run : [AdobeAAMUpdater-1.0] – “C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe”
HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
HKLMSOFTWARE | Run : [WPCUMI] – C:Windowssystem32WpcUmi.exe
HKLMSOFTWARE | Run : [CanonMyPrinter] – C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program FilesCanonSolution Menu EXCNSEMAIN.EXE /logon
HKLMSOFTWARE | Run : [IJNetworkScannerSelectorEX] – C:Program FilesCanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
HKLMSOFTWARE | Run : [PDFPrint] – C:Program FilesPDF24pdf24.exe
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [MSC] – “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-21-4003635497-1114055617-155870566-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
HKUS-1-5-21-4003635497-1114055617-155870566-1000SOFTWARE | Run : [HPAdvisor] – C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
HKUS-1-5-21-4003635497-1114055617-155870566-1000SOFTWARE | Run : [ehTray.exe] – C:WindowsehomeehTray.exe
HKUS-1-5-21-4003635497-1114055617-155870566-1000SOFTWARE | Run : [Google Update] – “C:UsersAnne-GaëlleAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-4003635497-1114055617-155870566-1000SOFTWARE | Run : [Freebie Notes] – “C:Program FilesPower SoftFreebie NotesFreebieNotes.exe”
HKUS-1-5-21-4003635497-1114055617-155870566-1000SOFTWARE | Run : [lollipop] – “c:usersanne-gaëlleappdatalocallollipoplollipop.exe” lollipop

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (928)
Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195STacSV.exe (1192)
Stoppé! C:Windowssystem32SLsvc.exe (1312)
Stoppé! C:WindowsSystem32spoolsv.exe (1880)
Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (1920)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (340)
Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195aestsrv.exe (492)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (12)
Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (632)
Stoppé! C:Windowssystem32NLSSRV32.EXE (1868)
Stoppé! C:Program FilesSMINSTBLService.exe (2128)
Stoppé! C:Program FilesCyberLinkShared filesRichVideo.exe (2144)
Stoppé! C:Program FilesWinZip System Utilities SuiteWINZIPSSDefragSrv.exe (2252)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (2300)
Stoppé! C:Windowssystem32SearchIndexer.exe (2376)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (2592)
Stoppé! C:Windowssystem32taskeng.exe (2788)
Stoppé! C:Windowssystem32taskeng.exe (3060)
Stoppé! C:WindowsSystem32igfxtray.exe (3244)
Stoppé! C:WindowsSystem32hkcmd.exe (3252)
Stoppé! C:WindowsSystem32igfxpers.exe (3260)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (3280)
Stoppé! C:Program FilesHPQuickPlayQPService.exe (3300)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (3348)
Stoppé! C:Program FilesHPHP Software UpdatehpwuSchd2.exe (3392)
Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (3416)
Stoppé! C:Program FilesScanSoftPaperPortpptd40nt.exe (3432)
Stoppé! C:Program FilesIDTWDMsttray.exe (3456)
Stoppé! C:WindowsSystem32wpcumi.exe (3472)
Stoppé! C:Program FilesCanonMyPrinterBJMYPRT.EXE (3500)
Stoppé! C:Windowssystem32igfxsrvc.exe (3508)
Stoppé! C:Program FilesCanonSolution Menu EXCNSEMAIN.EXE (3520)
Stoppé! C:Program FilesCanonIJ Network Scanner Selector EXCNMNSST.exe (3536)
Stoppé! C:Program FilesPDF24pdf24.exe (3552)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (3564)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (3572)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (3580)
Stoppé! C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (3588)
Stoppé! C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe (3600)
Stoppé! C:Windowsehomeehtray.exe (3616)
Stoppé! C:Program FilesPower SoftFreebie NotesFreebieNotes.exe (3688)
Stoppé! C:Program FilesHPDigital Imagingbinhpqtra08.exe (3748)
Stoppé! C:UsersAnne-GaëlleAppDataRoamingDropboxbinDropbox.exe (3844)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (4016)
Stoppé! C:Windowsehomeehmsas.exe (2244)
Stoppé! C:Program FilesCanonSolution Menu EXCNSEUPDT.EXE (2404)
Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (3652)
Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (560)
Stoppé! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (3296)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (3880)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (4232)
Stoppé! C:Program FilesHewlett-PackardSharedhpqToaster.exe (4264)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (5660)
Stoppé! C:Windowssystem32MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe (5408)
Stoppé! C:Windowssystem32taskeng.exe (4340)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (7344)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (5936)
Stoppé! C:UsersAnne-GaëlleAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe (7844)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (7508)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

################## | Listing |

[09/02/2013 – 20:50:04 | SHD ] C:$RECYCLE.BIN
[13/10/2012 – 19:43:59 | N | 9753] C:AdwCleaner[R3].txt
[22/01/2013 – 17:46:26 | N | 9639] C:AdwCleaner[R4].txt
[27/01/2013 – 21:36:38 | N | 1211] C:AdwCleaner[R5].txt
[13/10/2012 – 19:44:35 | N | 9946] C:AdwCleaner[S2].txt
[22/01/2013 – 17:46:55 | N | 9715] C:AdwCleaner[S3].txt
[03/04/2013 – 18:40:57 | N | 1507] C:AdwCleaner[S5].txt
[03/04/2013 – 18:45:17 | N | 1483] C:AdwCleaner[S6].txt
[05/02/2013 – 03:33:25 | D ] C:Anne
[09/02/2013 – 16:17:41 | D ] C:Anne24987A
[18/09/2006 – 23:43:36 | N | 24] C:autoexec.bat
[31/03/2013 – 19:36:08 | RASHD ] C:Autorun.inf
[03/11/2011 – 10:27:00 | D ] C:boot
[11/04/2009 – 08:36:36 | RAS | 333257] C:bootmgr
[04/10/2012 – 11:44:19 | D ] C:CIEL
[03/04/2013 – 18:41:54 | D ] C:Config.Msi
[18/09/2006 – 23:43:37 | N | 10] C:config.sys
[02/11/2006 – 15:02:03 | SHD ] C:Documents and Settings
[28/02/2013 – 20:10:54 | N | 0] C:END
[24/09/2009 – 10:52:33 | D ] C:HP
[22/10/2009 – 13:18:03 | N | 0] C:IO.SYS
[27/06/2012 – 10:16:38 | D ] C:isacowf
[27/06/2012 – 10:21:28 | D ] C:isacowp
[27/06/2012 – 10:16:38 | D ] C:isacowt
[22/10/2009 – 13:18:03 | N | 0] C:MSDOS.SYS
[28/02/2009 – 09:34:13 | RD ] C:MSOCache
[03/04/2013 – 18:46:06 | ASH | 3433021440] C:pagefile.sys
[21/01/2008 – 04:32:31 | D ] C:PerfLogs
[31/03/2013 – 18:37:58 | D ] C:Program Files
[03/04/2013 – 18:47:24 | D ] C:ProgramData
[24/09/2009 – 10:53:06 | D ] C:SwSetup
[03/04/2013 – 20:04:24 | SHD ] C:System Volume Information
[24/09/2009 – 10:53:06 | D ] C:System.sav
[03/04/2013 – 21:26:58 | D ] C:UsbFix
[31/03/2013 – 18:54:15 | N | 9381] C:UsbFix [Clean 1] PC-DE-ANNE-GAËL.txt
[31/03/2013 – 19:36:09 | N | 11448] C:UsbFix [Clean 2] PC-DE-ANNE-GAËL.txt
[31/03/2013 – 23:40:05 | N | 9588] C:UsbFix [Clean 3] PC-DE-ANNE-GAËL.txt
[03/04/2013 – 21:27:12 | A | 11536] C:UsbFix [Clean 4] PC-DE-ANNE-GAËL.txt
[31/03/2013 – 14:31:49 | N | 1038] C:UsbFix [Scan 1] PC-DE-ANNE-GAËL.txt
[31/03/2013 – 17:57:49 | N | 11123] C:UsbFix [Scan 3] PC-DE-ANNE-GAËL.txt
[03/09/2012 – 20:25:24 | D ] C:Users
[25/01/2012 – 12:51:43 | D ] C:VueScan
[20/07/2011 – 14:47:08 | D ] C:wamp
[02/04/2013 – 19:35:37 | D ] C:Windows
[02/11/2011 – 16:43:43 | D ] C:www
[10/02/2013 – 19:20:13 | D ] C:ZHP
[20/10/2012 – 13:31:09 | SHD ] D:$RECYCLE.BIN
[31/03/2013 – 19:36:08 | RASHD ] D:Autorun.inf
[24/09/2009 – 10:51:55 | N | 13] D:BLOCK.RIN
[20/07/2009 – 03:12:46 | RSD ] D:boot
[03/10/2006 – 23:02:44 | S | 438328] D:bootmgr
[04/11/2008 – 17:37:42 | SH | 1199] D:Desktop.ini
[10/09/2002 – 16:14:28 | N | 8134] D:Folder.htt
[20/07/2009 – 03:13:02 | D ] D:HP
[03/04/2013 – 18:46:25 | N | 196] D:MASTER.LOG
[20/07/2009 – 03:12:54 | RSD ] D:PRELOAD
[12/09/2008 – 17:18:34 | S | 156098] D:protect.arabic
[15/09/2008 – 16:06:26 | N | 151163] D:protect.bulgarian
[12/09/2008 – 17:22:34 | S | 149947] D:protect.chinese hong kong
[12/09/2008 – 17:30:34 | S | 150503] D:protect.chinese simplified
[12/09/2008 – 17:30:56 | S | 149947] D:protect.chinese traditional
[12/09/2008 – 17:31:20 | S | 149591] D:protect.czech
[12/09/2008 – 17:31:40 | S | 148911] D:protect.danish
[12/09/2008 – 17:32:00 | S | 148212] D:protect.dutch
[12/09/2008 – 17:32:20 | N | 148950] D:protect.ed
[12/09/2008 – 17:32:38 | S | 148952] D:protect.english
[12/09/2008 – 17:32:56 | S | 148000] D:protect.finnish
[12/09/2008 – 17:33:20 | S | 147655] D:protect.french
[12/09/2008 – 17:33:40 | S | 147825] D:protect.german
[12/09/2008 – 17:33:58 | S | 152670] D:protect.greek
[12/09/2008 – 17:34:22 | S | 155060] D:protect.hebrew
[12/09/2008 – 17:34:40 | N | 148303] D:protect.hungarian
[12/09/2008 – 17:35:02 | S | 147443] D:protect.italian
[12/09/2008 – 17:35:32 | S | 151323] D:protect.japanese
[12/09/2008 – 17:35:50 | S | 158134] D:protect.korean
[12/09/2008 – 17:36:08 | S | 147950] D:protect.norwegian
[12/09/2008 – 17:36:24 | S | 149293] D:protect.polish
[12/09/2008 – 17:36:42 | S | 148077] D:protect.portuguese
[12/09/2008 – 17:36:58 | S | 148808] D:protect.portuguese brazilian
[15/09/2008 – 16:06:54 | N | 152201] D:protect.romanian
[12/09/2008 – 17:37:16 | S | 148947] D:protect.russian
[12/09/2008 – 17:37:32 | S | 149967] D:protect.slovak
[12/09/2008 – 17:37:52 | S | 147739] D:protect.spanish
[12/09/2008 – 17:38:10 | S | 148308] D:protect.swedish
[12/09/2008 – 17:38:26 | S | 149334] D:protect.turkish
[20/07/2009 – 03:12:45 | RD ] D:RECOVERY
[20/07/2009 – 03:12:52 | RSD ] D:SOURCES
[03/04/2013 – 19:55:44 | SHD ] D:System Volume Information
[20/07/2009 – 03:13:00 | D ] D:Tools
[20/07/2009 – 03:12:52 | D ] D:WINDOWS

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.usb-antivirus.com/fr/ |