elianeda
Participant
Nombre d'articles : 5

Merci pour la réponse – voici le rapport : A bientôt ![spoiler:30hjv0eq]############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: Tosh Eliane (Administrateur) # TOSHELIANE-TOSH
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 13:44:03 | 20/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Intel Corp. (Base Board Product Name)
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
RAM -> [Total : 4078 | Free : 1808]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 297 Go (225 Go libre(s) – 76%) [WINDOWS] # NTFS
D: -> Disque fixe # 298 Go (284 Go libre(s) – 95%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 14 Go (11 Go libre(s) – 78%) [ALFORD2013] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 564 |ParentID 520)
C:Windowssystem32wininit.exe (ID 752 |ParentID 520)
C:Windowssystem32csrss.exe (ID 776 |ParentID 760)
C:Windowssystem32services.exe (ID 816 |ParentID 752)
C:Windowssystem32lsass.exe (ID 832 |ParentID 752)
C:Windowssystem32lsm.exe (ID 840 |ParentID 752)
C:Windowssystem32svchost.exe (ID 944 |ParentID 816)
C:Windowssystem32nvvsvc.exe (ID 1020 |ParentID 816)
C:Windowssystem32svchost.exe (ID 364 |ParentID 816)
C:WindowsSystem32svchost.exe (ID 524 |ParentID 816)
C:WindowsSystem32svchost.exe (ID 344 |ParentID 816)
C:Windowssystem32svchost.exe (ID 1052 |ParentID 816)
C:Windowssystem32svchost.exe (ID 1084 |ParentID 816)
C:Windowssystem32svchost.exe (ID 1248 |ParentID 816)
C:Windowssystem32winlogon.exe (ID 1352 |ParentID 760)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1388 |ParentID 816)
C:Windowssystem32WLANExt.exe (ID 1396 |ParentID 344)
C:Windowssystem32conhost.exe (ID 1404 |ParentID 564)
C:WindowsSystem32spoolsv.exe (ID 1584 |ParentID 816)
C:Windowssystem32svchost.exe (ID 1612 |ParentID 816)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1752 |ParentID 816)
C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID 1812 |ParentID 1020)
C:Windowssystem32nvvsvc.exe (ID 1824 |ParentID 1020)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 2036 |ParentID 816)
C:Program FilesBonjourmDNSResponder.exe (ID 1192 |ParentID 816)
C:Windowssystem32svchost.exe (ID 1464 |ParentID 816)
C:Windowssystem32lxdicoms.exe (ID 760 |ParentID 816)
C:Windowssystem32taskhost.exe (ID 2212 |ParentID 816)
C:Windowssystem32taskeng.exe (ID 2224 |ParentID 1084)
C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe (ID 2336 |ParentID 2224)
C:Windowssystem32Dwm.exe (ID 2408 |ParentID 344)
C:WindowsExplorer.EXE (ID 2448 |ParentID 2388)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (ID 2548 |ParentID 816)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (ID 2576 |ParentID 816)
C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID 2684 |ParentID 816)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (ID 2728 |ParentID 2576)
C:Windowssystem32svchost.exe (ID 2756 |ParentID 816)
C:Windowssystem32ThpSrv.exe (ID 2792 |ParentID 816)
C:Windowssystem32TODDSrv.exe (ID 2824 |ParentID 816)
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 2884 |ParentID 816)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2980 |ParentID 816)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2392 |ParentID 2980)
C:Windowssystem32taskeng.exe (ID 3156 |ParentID 1084)
C:Program FilesTOSHIBATECOTecoService.exe (ID 3360 |ParentID 816)
C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID 3368 |ParentID 3156)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 3656 |ParentID 816)
C:WindowsSystem32rundll32.exe (ID 3676 |ParentID 944)
C:Windowssystem32svchost.exe (ID 1632 |ParentID 816)
C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID 4268 |ParentID 2448)
C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID 4284 |ParentID 2448)
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID 4336 |ParentID 2448)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 4400 |ParentID 2448)
C:WindowsSystem32ThpSrv.exe (ID 4480 |ParentID 2448)
C:Program FilesTOSHIBATECOTeco.exe (ID 4520 |ParentID 2448)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 4676 |ParentID 4400)
C:Windowssystem32SearchIndexer.exe (ID 4728 |ParentID 816)
C:Program FilesHPHP Photosmart 5510d seriesBinScanToPCActivationApp.exe (ID 4748 |ParentID 2448)
C:Program FilesHPHP Photosmart 5510d seriesBinScanToPCActivationApp.exe (ID 4764 |ParentID 2448)
C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.EXE (ID 4796 |ParentID 2448)
C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID 4248 |ParentID 3368)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 168 |ParentID 816)
C:Program Files (x86)Microsoft OfficeOffice14GROOVE.EXE (ID 4476 |ParentID 2448)
C:Program Files (x86)TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe (ID 280 |ParentID 4816)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4204 |ParentID 4816)
C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID 1080 |ParentID 4816)
C:Program FilesHPHP Photosmart 5510d seriesBinHPNetworkCommunicator.exe (ID 5048 |ParentID 4764)
C:Program Files (x86)iTunesiTunesHelper.exe (ID 4352 |ParentID 4816)
C:Program FilesiPodbiniPodService.exe (ID 5268 |ParentID 816)
C:WindowsSystem32svchost.exe (ID 5856 |ParentID 816)
C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID 5140 |ParentID 816)
C:Windowssystem32DllHost.exe (ID 5288 |ParentID 944)
C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID 952 |ParentID 816)
C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID 3732 |ParentID 816)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID 2112 |ParentID 3692)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 2628 |ParentID 816)
C:WindowsSystem32svchost.exe (ID 1912 |ParentID 816)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 1860 |ParentID 816)
C:WindowsSystem32WUDFHost.exe (ID 2780 |ParentID 344)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 124 |ParentID 816)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID 1808 |ParentID 4608)
C:Windowssystem32svchost.exe (ID 6752 |ParentID 816)
C:WindowsSysWOW64ctfmon.exe (ID 6976 |ParentID 4204)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 7316 |ParentID 8184)
C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 5032 |ParentID 7316)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 5632 |ParentID 5032)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 7032 |ParentID 5632)
C:Windowssystem32wbemwmiprvse.exe (ID 4960 |ParentID 944)
C:Windowssystem32taskeng.exe (ID 6940 |ParentID 1084)
C:Program Files (x86)Internet ExplorerIELowutil.exe (ID 5264 |ParentID 8468)
C:Program FilesInternet Exploreriexplore.exe (ID 7916 |ParentID 2448)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 8476 |ParentID 7916)
C:Windowssystem32MacromedFlashFlashUtil64_11_9_900_117_ActiveX.exe (ID 8704 |ParentID 944)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 8984 |ParentID 7916)
C:WindowsSystem32MsSpellCheckingFacility.exe (ID 5580 |ParentID 944)
C:Windowssystem32taskhost.exe (ID 8660 |ParentID 816)
C:UsbFixGo.exe (ID 6212 |ParentID 5744)
C:Windowssystem32wbemwmiprvse.exe (ID 8744 |ParentID 944)

################## | Regedit Run |

HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-21-3685667633-4024753602-1324392361-1001SOFTWARE | Run : [HP Photosmart 5510d series (NET)] – “C:Program FilesHPHP Photosmart 5510d seriesBinScanToPCActivationApp.exe” -deviceID “CN2133BK0605RW:NW” -scfn “HP Photosmart 5510d series (NET)” -AutoStart 1
HKUS-1-5-21-3685667633-4024753602-1324392361-1001SOFTWARE | Run : [HP Photosmart 5510d series (NET) #2] – “C:Program FilesHPHP Photosmart 5510d seriesBinScanToPCActivationApp.exe” -deviceID “CN192112F205RW:NW” -scfn “HP Photosmart 5510d series (NET) #2” -AutoStart 1
HKUS-1-5-21-3685667633-4024753602-1324392361-1001SOFTWARE | Run : [OfficeSyncProcess] – “C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.EXE”
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-3685667633-4024753602-1324392361-1001SOFTWARE | RunOnce : [Uninstall C:UsersTosh ElianeAppDataLocalMicrosoftSkyDrive17.0.2006.0314amd64] – C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersTosh ElianeAppDataLocalMicrosoftSkyDrive17.0.2006.0314amd64”

################## | Éléments infectieux |

Présent! F:IRREGULAR VERBS.docx.lnk
Présent! F:vacances.docx.lnk
Présent! F:Emploi Du Temps.doc.lnk
Présent! F:EDT.doc.lnk
Présent! F:IRREGVERBS.docx.lnk
Présent! F:Websites to help you revise.docx.lnk
Présent! F:CALENDRIER 2013 – 2014.xlsx.lnk
Présent! F:ALIET ESTELLE.docx.lnk
Présent! F:Understanding_and_Interpreting_Body_Language.ppt.lnk
Présent! F:11 Piste 11.mp3.lnk
Présent! C:UsersTOSHEL~1AppDataLocalTempDrives.vbs

################## | Registre |

HKCU….ExplorerMountPoints2{8d04f113-c362-11e1-a4d8-e89a8f78e050}
ShellAutoRunCommand = F:KODAK_Camera_Setup_App.exe

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:30hjv0eq]