moyaume
Participant
Nombre d'articles : 10

J’ai effectué la suppression. Voilà le rapport :

Spoiler for 2kv3jjoz

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: User (Administrateur) # USER-TOSH
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 10:25:24 | 18/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (QFKAA)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 8157 | Free : 6202]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 74 Go (7 Go libre(s) – 9%) [TI30861800A] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 4 Go (2 Go libre(s) – 55%) [USB DISK] # FAT32
F: -> CD-ROM
G: -> Disque fixe # 347 Go (260 Go libre(s) – 75%) [] # NTFS
M: -> Disque fixe # 493 Go (278 Go libre(s) – 56%) [] # NTFS

################## | Regedit Run |

HKLMSOFTWARE | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
HKLMSOFTWARE | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
HKLMSOFTWARE | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
HKLMSOFTWARE | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWARE | Run : [Boxore Client] – C:Program Files (x86)BoxoreBoxoreClientboxore.exe
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [ITSecMng] – %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
HKLMSOFTWAREwow6432Node | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
HKLMSOFTWAREwow6432Node | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
HKLMSOFTWAREwow6432Node | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWAREwow6432Node | Run : [Boxore Client] – C:Program Files (x86)BoxoreBoxoreClientboxore.exe
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-21-4182927043-658883037-2624424063-1000SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-4182927043-658883037-2624424063-1000SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersUserAppDataLocalAkamainetsession_win.exe”
HKUS-1-5-21-4182927043-658883037-2624424063-1000SOFTWARE | Run : [Media Finder] – “C:Program Files (x86)Media FinderMedia Finder.exe” /opentotray
HKUS-1-5-21-4182927043-658883037-2624424063-1000SOFTWARE | Run : [Dppc6pM2] – wscript.exe //B “C:UsersUserAppDataLocalTempDppc6pM2.vbs”
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 1584 |ParentID 756)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 2576 |ParentID 756)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 1792 |ParentID 2808)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 5124 |ParentID 2576)
Stoppé! C:Program Files (x86)AviraAntiVir DesktopAVWEBGRD.EXE (ID 5156 |ParentID 756)
Stoppé! C:windowsexplorer.exe (ID 720 |ParentID 968)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID 2212 |ParentID 756)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2568 |ParentID 756)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 3520 |ParentID 756)
Stoppé! C:ProgramDataBitGuard2.6.1694.246{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID 1932 |ParentID 756)
Stoppé! C:windowsSysWOW64schtasks.exe (ID 2676 |ParentID 1932)
Stoppé! C:ProgramDataBitGuard2.6.1694.246{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID 2232 |ParentID 1932)
Stoppé! C:windowssystem32SearchIndexer.exe (ID 4120 |ParentID 756)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3680 |ParentID 756)
Stoppé! C:windowsSystem32spoolsv.exe (ID 4428 |ParentID 756)
Stoppé! C:windowsservicingTrustedInstaller.exe (ID 5936 |ParentID 756)
Stoppé! C:windowssystem32sppsvc.exe (ID 3420 |ParentID 756)
Stoppé! C:windowsSystem32WUDFHost.exe (ID 3656 |ParentID 1064)

################## | Éléments infectieux |

Supprimé! E:Dppc6pM2.vbs
Supprimé! C:UsersUserAppDataLocalTempDppc6pM2.vbs
Supprimé! C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDppc6pM2.vbs
Supprimé! E:.lnk
Supprimé! E:img016.lnk
Supprimé! E:texte.lnk
Supprimé! E:101NCD60.lnk
Supprimé! E:CV.lnk
Supprimé! E:CV2.lnk
Supprimé! E:IMGP5769.lnk
Supprimé! E:Analyse Aboukir.lnk
Supprimé! E:img017.lnk
Supprimé! E:img018.lnk
Supprimé! E:img019.lnk
Supprimé! E:bizarre.lnk
Supprimé! E:img015.lnk
Supprimé! E:imprimé.lnk
Supprimé! E:analyse musée.lnk
Supprimé! E:Exposition.lnk
Supprimé! E:MEYER 121213.lnk
Supprimé! E:DSC_5942.lnk
Supprimé! E:dojo analyse.lnk
Supprimé! E:Présentation parcelle.lnk
Supprimé! E:autocad 2.lnk
Supprimé! E:~bizarre~6v_gtd.lnk
Supprimé! E:Rapport de stage Redoute.lnk
Supprimé! E:plan.lnk
Supprimé! E:20121129 MEYER.lnk
Supprimé! E:ZUT.lnk
Supprimé! E:méthodologie du projet MEYER.lnk
Supprimé! E:Rapport de stage Redoute corrigé.lnk
Supprimé! E:rendu es.lnk
Supprimé! E:Histoire du projet.lnk
Supprimé! E:SCAN SHARP _20130522_130754_001.lnk
Supprimé! E:maquettes.lnk
Supprimé! E:syncguid.lnk
Supprimé! E:plan masse maquette.lnk
Supprimé! E:sociologie savoir pouvoir.lnk
Supprimé! E:rendu logement mardi.lnk
Supprimé! E:site rouen.lnk
Supprimé! E:cours 4.lnk
Supprimé! E:tympan de Conques.lnk
Supprimé! E:EnregistrementAuto_projet 3.lnk
Supprimé! E:Meyer 120927.lnk
Supprimé! E:SCAN SHARP _20131011_144451.lnk
Supprimé! E:F__Meyer 120927 Model (1).lnk
Supprimé! E:.Trashes.lnk
Supprimé! E:.Spotlight-V100.lnk
Supprimé! E:Le Moyen-Age.lnk
Supprimé! E:Art plastique L3.lnk
Supprimé! E:DrWeb Quarantine.lnk
Supprimé! E:DSC_5406.lnk
Supprimé! E:-Lettres-.lnk
Supprimé! E:PHOTOS ART PLASTIQUE.lnk
Supprimé! E:projet école de musique.lnk
Supprimé! E:job été.lnk
Supprimé! E:logement 2.lnk
Supprimé! E:3 équipements.lnk
Supprimé! E:.fseventsd.lnk
Supprimé! E:archicad 17.lnk
Supprimé! E:FRITZ.lnk
Supprimé! E:Woodkid – Run Boy Run (Remixes) – EP.lnk
Supprimé! E:Woodkid – Iron – EP.lnk
Supprimé! C:UsersUserAppDataLocalTempubi4376.tmp.exe
Supprimé! C:UsersUserAppDataLocalTempubi5FDF.tmp.exe
Supprimé! C:UsersUserAppDataLocalTempubi9E32.tmp.exe
Supprimé! C:UsersUserAppDataLocalTempubiA34B.tmp.exe
Supprimé! C:UsersUserAppDataLocalTempubiC13E.tmp.exe
Supprimé! C:UsersUserAppDataLocalTempubiE45B.tmp.exe
Supprimé! E:syncguid.dat

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-4182927043-658883037-2624424063-1000SoftwareMicrosoftWindowsCurrentVersionRun|Dppc6pM2
Supprimé! HKCU….ExplorerMountPoints2{3fc758bd-2cf7-11e3-8e32-b888e3155f1e}
Supprimé! HKCU….ExplorerMountPoints2{542e44c8-42aa-11e2-aeec-b888e3155f1e}
Supprimé! HKCU….ExplorerMountPoints2{8da8b159-2da0-11e2-a5e3-b888e3155f1e}
Supprimé! HKCU….ExplorerMountPoints2{dce545c2-284e-11e3-937f-685d4357532d}

################## | Listing |

[23/08/2012 – 10:04:43 | SHD ] C:$Recycle.Bin
[02/10/2013 – 03:29:46 | N | 1265650] C:acadminidump.dmp
[12/03/2012 – 21:35:35 | SHD ] C:Boot
[21/11/2010 – 05:23:51 | RASH | 383786] C:bootmgr
[12/03/2012 – 21:35:39 | RASH | 8192] C:BOOTSECT.BAK
[11/10/2013 – 17:32:42 | SHD ] C:Config.Msi
[29/04/2013 – 11:53:45 | N | 216] C:DebugTrace-RockallDLL.log
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[18/10/2013 – 10:14:41 | ASH | 6414999552] C:hiberfil.sys
[11/06/2012 – 04:14:07 | D ] C:Intel
[08/09/2011 – 12:33:58 | N | 2915] C:Lisez-moi-WIN-64-FR.rtf
[18/10/2013 – 10:15:00 | ASH | 8553332736] C:pagefile.sys
[26/03/2013 – 02:24:47 | D ] C:Program Files
[03/10/2013 – 20:22:30 | D ] C:Program Files (x86)
[22/09/2013 – 23:08:48 | HD ] C:ProgramData
[25/08/2011 – 15:40:12 | N | 3155] C:Read_Me_First-WIN-64-DE.rtf
[09/09/2011 – 10:26:30 | N | 2452] C:Read_Me_First-WIN-64-EN.rtf
[25/08/2011 – 17:34:38 | N | 3116] C:Read_Me_First-Win-64-ES.rtf
[25/08/2011 – 12:05:02 | N | 3085] C:Read_Me_First-WIN-64-IT.rtf
[26/08/2011 – 09:35:26 | N | 7796] C:Read_Me_First-WIN-64-JPN.rtf
[26/08/2011 – 09:32:40 | N | 10985] C:Read_Me_First-WIN-64-RU.rtf
[14/10/2013 – 12:15:29 | SHD ] C:System Volume Information
[23/08/2012 – 08:49:03 | D ] C:Toshiba
[18/10/2013 – 10:30:13 | D ] C:UsbFix
[17/10/2013 – 23:11:05 | N | 9450] C:UsbFix [Clean 2] USER-TOSH.txt
[18/10/2013 – 10:18:50 | N | 9554] C:UsbFix [Clean 4] USER-TOSH.txt
[18/10/2013 – 10:31:09 | A | 10268] C:UsbFix [Clean 5] USER-TOSH.txt
[18/10/2013 – 00:01:48 | N | 7823] C:UsbFix [Scan 1] USER-TOSH.txt
[18/10/2013 – 00:10:44 | N | 11373] C:UsbFix [Scan 2] USER-TOSH.txt
[24/08/2012 – 01:17:11 | N | 304] C:user.js
[23/08/2012 – 08:46:49 | RD ] C:Users
[06/10/2013 – 13:49:41 | D ] C:Windows
[30/05/2012 – 17:43:00 | SH | 4096] E:._.Trashes
[21/10/2012 – 18:16:24 | N | 737874] E:img016.jpg
[30/05/2012 – 17:43:00 | SHD ] E:.Trashes
[11/06/2013 – 18:46:54 | N | 15436] E:texte.odt
[28/11/2012 – 16:42:46 | N | 2920158] E:DSC_5406.JPG
[30/05/2012 – 17:43:02 | SHD ] E:.Spotlight-V100
[26/09/2012 – 18:11:02 | N | 4096] E:._Sécurité incendie Type L Miora.rtf
[09/11/2012 – 23:15:40 | N | 76248] E:CV.pdf
[13/11/2012 – 18:00:24 | N | 56261] E:CV2.pdf
[07/12/2012 – 21:16:50 | N | 1978731] E:IMGP5769.JPG
[14/11/2012 – 16:08:12 | N | 868352] E:Analyse Aboukir.indd
[11/06/2012 – 12:07:06 | D ] E:Le Moyen-Age
[21/10/2012 – 18:16:34 | N | 1136283] E:img017.jpg
[21/10/2012 – 18:16:40 | N | 574951] E:img018.jpg
[21/10/2012 – 18:16:46 | N | 825941] E:img019.jpg
[19/11/2012 – 15:56:02 | N | 2440732] E:bizarre.pdf
[21/10/2012 – 18:16:20 | N | 883736] E:img015.jpg
[15/11/2012 – 19:52:26 | N | 853077] E:imprimé.pdf
[03/10/2013 – 11:26:22 | D ] E:Art plastique L3
[02/10/2012 – 16:29:00 | D ] E:DrWeb Quarantine
[11/01/2013 – 13:06:38 | N | 37797337] E:analyse musée.pdf
[15/11/2012 – 15:19:32 | N | 46483] E:Exposition.idml
[13/12/2012 – 18:36:36 | N | 7577600] E:MEYER 121213.rvt
[03/12/2012 – 11:54:48 | N | 2592912] E:DSC_5942.JPG
[29/08/2009 – 09:56:48 | D ] E:101NCD60
[12/10/2012 – 11:50:10 | N | 12436566] E:dojo analyse.pdf
[15/11/2012 – 15:39:26 | N | 56056] E:Présentation parcelle.idml
[15/11/2012 – 18:32:16 | N | 315035] E:autocad 2.dwg
[15/11/2012 – 17:15:12 | N | 313275] E:autocad 2.bak
[19/11/2012 – 12:47:24 | N | 1933312] E:bizarre.indd
[19/11/2012 – 12:47:24 | N | 0] E:~bizarre~6v_gtd.idlk
[19/12/2012 – 09:18:28 | N | 69154849] E:Rapport de stage Redoute.odt
[14/05/2013 – 10:18:34 | N | 21945] E:plan.pdf
[13/12/2012 – 18:38:08 | N | 3805184] E:20121129 MEYER.rvt
[28/01/2013 – 17:32:34 | D ] E:-Lettres-
[24/05/2013 – 18:51:24 | N | 308521] E:ZUT.odt
[28/11/2012 – 16:09:06 | D ] E:PHOTOS ART PLASTIQUE
[29/11/2012 – 12:25:58 | N | 3682304] E:20121129 MEYER.0001.rvt
[23/01/2013 – 16:04:16 | N | 45640] E:méthodologie du projet MEYER.pdf
[09/05/2013 – 19:29:12 | N | 15364] E:.DS_Store
[13/12/2012 – 18:13:40 | N | 7213056] E:MEYER 121213.0003.rvt
[13/12/2012 – 18:33:10 | N | 7475200] E:MEYER 121213.0004.rvt
[13/12/2012 – 18:33:48 | N | 7475200] E:MEYER 121213.0005.rvt
[19/12/2012 – 09:14:06 | N | 2556646] E:Rapport de stage Redoute corrigé.pdf
[17/05/2013 – 08:43:38 | D ] E:projet école de musique
[01/01/1980 – 00:00:00 | N | 21] E:.cm0012
[17/05/2013 – 14:56:12 | N | 7925126] E:rendu es.pdf
[07/02/2013 – 13:50:10 | D ] E:job été
[21/05/2013 – 17:37:04 | N | 313876] E:Histoire du projet.odt
[22/05/2013 – 15:57:56 | N | 345872] E:Histoire du projet.docx
[22/05/2013 – 13:24:50 | N | 732395] E:SCAN SHARP _20130522_130754_001.jpg
[28/06/2013 – 16:43:14 | N | 4680150] E:maquettes.pdf
[23/05/2013 – 19:39:10 | D ] E:logement 2
[23/05/2013 – 16:18:40 | N | 335719] E:plan masse maquette.pdf
[27/05/2013 – 11:05:00 | N | 6923820] E:sociologie savoir pouvoir.odt
[11/06/2013 – 13:10:30 | N | 9587781] E:rendu logement mardi.pdf
[11/10/2013 – 14:32:16 | D ] E:3 équipements
[15/10/2013 – 12:12:18 | D ] E:.fseventsd
[15/10/2013 – 12:12:00 | D ] E:archicad 17
[11/10/2013 – 15:34:00 | D ] E:FRITZ
[27/09/2013 – 13:18:38 | N | 7172] E:site rouen.pdf
[17/10/2013 – 11:41:00 | N | 6850417] E:cours 4.c4d
[23/05/2012 – 00:51:32 | N | 10006292] E:tympan de Conques.odt
[23/05/2012 – 10:20:02 | N | 131] E:.~lock.tympan de Conques.odt#
[30/05/2012 – 13:43:04 | N | 214003] E:EnregistrementAuto_projet 3.skp
[26/05/2012 – 23:10:38 | D ] E:Woodkid – Run Boy Run (Remixes) – EP
[26/05/2012 – 23:09:18 | D ] E:Woodkid – Iron – EP
[27/09/2012 – 18:42:38 | N | 209] E:Meyer 120927.dwl2
[27/09/2012 – 18:42:38 | N | 59] E:Meyer 120927.dwl
[11/10/2013 – 14:44:52 | N | 479075] E:SCAN SHARP _20131011_144451.pdf
[27/09/2012 – 19:00:12 | N | 63022] E:F__Meyer 120927 Model (1).pdf
[23/08/2012 – 20:14:39 | SHD ] G:$RECYCLE.BIN
[26/03/2013 – 01:15:07 | N | 875355928] G:AC16-3010-FRA64.exe
[14/06/2013 – 18:57:08 | D ] G:Artlantis Studio 4.1.7 x64
[07/05/2013 – 18:43:08 | D ] G:Black_Box
[21/04/2013 – 16:53:26 | D ] G:counter strike
[07/01/2013 – 23:17:01 | N | 40356320] G:googlesketchupwfr.exe
[03/10/2013 – 20:31:58 | D ] G:Program Files (x86)
[18/08/2013 – 16:07:22 | D ] G:programe file
[26/03/2013 – 23:43:55 | N | 80705832] G:SketchUpPro8WFR.exe
[14/10/2013 – 12:15:29 | SHD ] G:System Volume Information
[18/08/2013 – 16:09:56 | N | 615] G:Verification.txt
[23/08/2012 – 20:14:39 | SHD ] M:$RECYCLE.BIN
[24/08/2012 – 02:55:16 | D ] M:Adobe CS4 Master Collection
[23/08/2012 – 23:19:08 | D ] M:Arts Appliqués
[15/09/2013 – 20:17:27 | D ] M:Jeux
[23/08/2012 – 21:16:25 | D ] M:Mes Historiques de Conversation
[02/12/2006 – 00:37:14 | N | 904704] M:msdia80.dll
[07/10/2013 – 12:41:57 | D ] M:musiques
[27/10/2012 – 23:19:02 | D ] M:photos
[12/03/2013 – 18:22:06 | D ] M:Rhino
[14/10/2013 – 12:15:41 | SHD ] M:System Volume Information
[27/09/2013 – 16:25:21 | D ] M:école d'architecture Val de Seine

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
M:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2kv3jjoz]

J’ai récupéré mes fichiers mais j’ai encore peur pour mon ordinateur. Comment vérifier que le virus a bien été complètement supprimé ?