Répondre à : problème raccourcis créés sur clef usb 2016-09-08T13:11:09+00:00
phil
Nombre d'articles : 0

J’ai réalisé l’opération “supprimer”.
Je vous joins le rapport.

Merci pour votre aide.

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: compaq (Administrateur) # PC-DE-COMPAQ
Mis à jour le 17/10/2013 par El Desaparecido -0 Team SosVirus
Lancé à 11:26:47 | 24/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Wistron (3616)
CPU: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
RAM -> [Total : 3068 | Free : 1532]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 140 Go (81 Go libre(s) -0 58%) [] # NTFS
D: -> Disque fixe # 9 Go (2 Go libre(s) -0 18%) [PRESARIO_RP] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (2 Go libre(s) -0 50%) [USB LYC] # FAT32
G: -> Disque amovible # 4 Go (4 Go libre(s) -0 98%) [CLEF-TERM] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [SynTPEnh] -0 C:Program FilesSynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [UCam_Menu] -0 C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe C:Program FilesCyberLinkYouCam update SoftwareCyberLinkYouCam2.0
HKLMSOFTWARE | Run : [QPService] -0 C:Program FilesHPQuickPlayQPService.exe
HKLMSOFTWARE | Run : [Windows Defender] -0 %ProgramFiles%Windows DefenderMSASCui.exe -hide
HKLMSOFTWARE | Run : [QlbCtrl.exe] -0 C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
HKLMSOFTWARE | Run : [hpWirelessAssistant] -0 C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
HKLMSOFTWARE | Run : [NvCplDaemon] -0 RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
HKLMSOFTWARE | Run : [NvMediaCenter] -0 RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
HKLMSOFTWARE | Run : [Adobe ARM] -0 C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe
HKLMSOFTWARE | Run : [HP Software Update] -0 C:Program FilesHpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] -0
HKLMSOFTWARE | Run : [HP Health Check Scheduler] -0 c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
HKLMSOFTWARE | Run : [AvastUI.exe] -0 C:Program FilesAVAST SoftwareAvastAvastUI.exe /nogui
HKLMSOFTWARE | RunOnce : [] -0
HKUS-1-5-19SOFTWARE | Run : [Sidebar] -0 %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] -0 rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-20SOFTWARE | Run : [Sidebar] -0 %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] -0 rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-21-1288367742-1706794118-1451860968-1000SOFTWARE | Run : [Sidebar] -0 C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-1288367742-1706794118-1451860968-1000SOFTWARE | Run : [LightScribe Control Panel] -0 C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
HKUS-1-5-21-1288367742-1706794118-1451860968-1000SOFTWARE | Run : [AdobeBridge] -0
HKUS-1-5-21-1288367742-1706794118-1451860968-1000SOFTWARE | Run : [ehTray.exe] -0 C:WindowsehomeehTray.exe
HKUS-1-5-21-1288367742-1706794118-1451860968-1000SOFTWARE | Run : [Google Update] -0 C:UserscompaqAppDataLocalGoogleUpdateGoogleUpdate.exe /c
HKUS-1-5-21-1288367742-1706794118-1451860968-1000SOFTWARE | Run : [iTunesHelper] -0 wscript.exe //B C:UserscompaqAppDataLocalTempiTunesHelper.vbe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID 896 |ParentID 684)
Stoppé! C:Windowssystem32SLsvc.exe (ID 1348 |ParentID 684)
Stoppé! C:Windowssystem32rundll32.exe (ID 1492 |ParentID 896)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1740 |ParentID 684)
Stoppé! C:Windowssystem32WLANExt.exe (ID 1748 |ParentID 1056)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1936 |ParentID 684)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID 524 |ParentID 684)
Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID 676 |ParentID 684)
Stoppé! C:WindowsSMINSTBLService.exe (ID 1676 |ParentID 684)
Stoppé! C:Program FilesCyberLinkShared FilesRichVideo.exe (ID 1612 |ParentID 684)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2100 |ParentID 684)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 2160 |ParentID 684)
Stoppé! C:Windowssystem32DRIVERSxaudio.exe (ID 2224 |ParentID 684)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2248 |ParentID 2100)
Stoppé! C:Windowssystem32taskeng.exe (ID 2920 |ParentID 1068)
Stoppé! C:Windowssystem32taskeng.exe (ID 3244 |ParentID 1068)
Stoppé! C:WindowsExplorer.EXE (ID 3268 |ParentID 3184)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 3784 |ParentID 3268)
Stoppé! C:Program FilesHPQuickPlayQPService.exe (ID 4052 |ParentID 3268)
Stoppé! C:Program FilesWindows DefenderMSASCui.exe (ID 4064 |ParentID 3268)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID 4080 |ParentID 3268)
Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID 4088 |ParentID 3268)
Stoppé! C:WINDOWSSystem32rundll32.exe (ID 2352 |ParentID 3268)
Stoppé! C:Program FilesHPHP Software Updatehpwuschd2.exe (ID 1324 |ParentID 3268)
Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID 2908 |ParentID 684)
Stoppé! C:Program FilesHewlett-PackardHP wireless AssistantWiFiMsg.EXE (ID 1532 |ParentID 4088)
Stoppé! C:Program FilesAVAST SoftwareAvastavastui.exe (ID 3532 |ParentID 3268)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 1452 |ParentID 3268)
Stoppé! C:Program FilesHewlett-PackardSharedHpqToaster.exe (ID 1236 |ParentID 840)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID 3720 |ParentID 684)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 3716 |ParentID 1452)
Stoppé! C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID 3596 |ParentID 3268)
Stoppé! C:WINDOWSehomeehtray.exe (ID 2744 |ParentID 3268)
Stoppé! C:WINDOWSSystem32wscript.exe (ID 3884 |ParentID 3268)
Stoppé! C:Windowsehomeehmsas.exe (ID 3228 |ParentID 840)
Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID 4276 |ParentID 684)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 4712 |ParentID 3784)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedInkInputPersonalization.exe (ID 5680 |ParentID 3244)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 6160 |ParentID 1056)
Stoppé! C:Windowssystem32conime.exe (ID 7340 |ParentID 4592)
Stoppé! C:Windowssystem32MacromedFlashFlashUtil32_11_9_900_117_ActiveX.exe (ID 6004 |ParentID 840)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 8144 |ParentID 2160)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 3768 |ParentID 2160)

################## | Éléments infectieux |

Supprimé! C:Userscompaqavast_free_antivirus_setup.exe
Supprimé! F:iTunesHelper.vbe
Supprimé! G:iTunesHelper.vbe
Supprimé! C:UserscompaqAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UserscompaqAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! F:crick.lnk
Supprimé! F:.lnk
Supprimé! F:courrier_valenciennes_motivation.lnk
Supprimé! F:sitecinema.lnk
Supprimé! F:clef.lnk
Supprimé! F:.fseventsd.lnk
Supprimé! F:jardins.lnk
Supprimé! F:couv.lnk
Supprimé! F:.Trashes.lnk
Supprimé! F:.Spotlight-V100.lnk
Supprimé! F:aff.lnk
Supprimé! F:nolde.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! F:artnouveau_paulberthon.lnk
Supprimé! F:artnouveau_paulberthon02.lnk
Supprimé! F:enrich_heckel.lnk
Supprimé! F:constructivisme01.lnk
Supprimé! G:le jardin, notre double.lnk
Supprimé! G:memoire_photographie.lnk
Supprimé! G:ETicket_22120330.lnk
Supprimé! G:ETicket_67054015.lnk
Supprimé! G:ETicket_228626911.lnk
Supprimé! D:desktop.ini

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1288367742-1706794118-1451860968-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[12/10/2013 -0 12:14:42 | SHD ] C:$RECYCLE.BIN
[14/07/2008 -0 22:27:19 | N | 74] C:autoexec.bat
[24/06/2011 -0 12:53:52 | D ] C:bandeannonce
[09/07/2012 -0 22:10:15 | SHD ] C:boot
[11/04/2009 -0 08:36:36 | RASH | 333257] C:bootmgr
[18/09/2006 -0 23:43:37 | N | 10] C:config.sys
[02/11/2006 -0 15:02:03 | SHD ] C:Documents and Settings
[11/04/2008 -0 10:07:18 | N | 3820] C:eula.1028.txt
[11/04/2008 -0 10:07:18 | N | 15428] C:eula.1031.txt
[11/04/2008 -0 10:07:18 | N | 10058] C:eula.1033.txt
[11/04/2008 -0 10:07:18 | N | 12246] C:eula.1036.txt
[11/04/2008 -0 10:07:18 | N | 13912] C:eula.1040.txt
[11/04/2008 -0 10:07:18 | N | 5868] C:eula.1041.txt
[11/04/2008 -0 10:07:18 | N | 5970] C:eula.1042.txt
[11/04/2008 -0 10:07:18 | N | 10134] C:eula.1049.txt
[11/04/2008 -0 10:07:18 | N | 3814] C:eula.2052.txt
[11/04/2008 -0 10:07:18 | N | 12936] C:eula.3082.txt
[11/04/2008 -0 10:07:18 | N | 1110] C:globdata.ini
[07/08/2009 -0 08:08:36 | D ] C:HP
[11/04/2008 -0 08:03:48 | N | 562688] C:install.exe
[11/04/2008 -0 10:07:18 | N | 843] C:install.ini
[11/04/2008 -0 08:03:48 | N | 76304] C:install.res.1028.dll
[11/04/2008 -0 08:03:48 | N | 96272] C:install.res.1031.dll
[11/04/2008 -0 08:03:48 | N | 91152] C:install.res.1033.dll
[11/04/2008 -0 08:03:48 | N | 97296] C:install.res.1036.dll
[11/04/2008 -0 08:03:48 | N | 95248] C:install.res.1040.dll
[11/04/2008 -0 08:03:48 | N | 81424] C:install.res.1041.dll
[11/04/2008 -0 08:03:48 | N | 79888] C:install.res.1042.dll
[11/04/2008 -0 10:09:24 | N | 93200] C:install.res.1049.dll
[11/04/2008 -0 08:03:48 | N | 75792] C:install.res.2052.dll
[11/04/2008 -0 08:03:48 | N | 96272] C:install.res.3082.dll
[07/08/2009 -0 08:08:36 | N | 371] C:IPH.PH
[24/10/2013 -0 09:50:58 | ASH | 3532070912] C:pagefile.sys
[21/01/2008 -0 04:32:31 | D ] C:PerfLogs
[23/10/2013 -0 23:08:54 | D ] C:Program Files
[23/10/2013 -0 19:05:38 | HD ] C:ProgramData
[23/09/2013 -0 14:55:06 | D ] C:PRONOTE Réseau 2012
[16/07/2012 -0 15:53:48 | D ] C:SWSetup
[23/10/2013 -0 23:08:26 | SHD ] C:System Volume Information
[07/08/2009 -0 08:07:21 | D ] C:System.sav
[24/10/2013 -0 11:28:10 | D ] C:UsbFix
[24/10/2013 -0 11:30:21 | A | 10756] C:UsbFix [Clean 1] PC-DE-COMPAQ.txt
[23/10/2013 -0 23:03:31 | N | 10679] C:UsbFix [Scan 1] PC-DE-COMPAQ.txt
[24/10/2013 -0 10:57:58 | N | 10263] C:UsbFix [Scan 3] PC-DE-COMPAQ.txt
[07/08/2009 -0 08:05:27 | RD ] C:Users
[11/04/2008 -0 10:07:18 | N | 5686] C:vcredist.bmp
[11/04/2008 -0 10:09:38 | N | 3797292] C:VC_RED.cab
[11/04/2008 -0 10:11:40 | N | 233472] C:VC_RED.MSI
[23/10/2013 -0 19:47:57 | D ] C:WINDOWS
[22/06/2012 -0 11:51:57 | D ] C:WTablet
[07/08/2009 -0 09:20:24 | SHD ] D:$RECYCLE.BIN
[07/08/2009 -0 08:06:01 | N | 13] D:BLOCK.RIN
[07/08/2009 -0 07:46:37 | RSHD ] D:boot
[04/10/2006 -0 01:02:44 | SH | 438328] D:bootmgr
[10/09/2002 -0 18:14:28 | N | 8134] D:Folder.htt
[07/08/2009 -0 07:47:08 | D ] D:HP
[24/10/2013 -0 09:51:13 | N | 163] D:MASTER.LOG
[07/08/2009 -0 07:46:41 | RSHD ] D:PRELOAD
[29/01/2007 -0 19:59:36 | SH | 109342] D:protect.chinese hong kong
[29/01/2007 -0 19:59:24 | SH | 109360] D:protect.chinese simplified
[29/01/2007 -0 19:59:36 | SH | 109342] D:protect.chinese traditional
[14/02/2007 -0 20:30:34 | SH | 111653] D:protect.czech
[29/01/2007 -0 19:55:24 | SH | 109124] D:protect.danish
[29/01/2007 -0 19:57:48 | SH | 109049] D:protect.dutch
[29/01/2007 -0 19:55:48 | SH | 109092] D:protect.ed
[29/01/2007 -0 19:55:48 | SH | 109092] D:protect.english
[29/01/2007 -0 19:56:08 | SH | 109092] D:protect.finnish
[29/01/2007 -0 19:56:20 | SH | 109060] D:protect.french
[29/01/2007 -0 19:55:34 | SH | 109094] D:protect.german
[14/02/2007 -0 20:38:50 | SH | 112541] D:protect.greek
[14/02/2007 -0 20:40:00 | SH | 112375] D:protect.hebrew
[28/08/2007 -0 16:57:46 | SH | 111475] D:protect.hungarian
[29/01/2007 -0 19:56:46 | SH | 108979] D:protect.italian
[29/01/2007 -0 19:57:30 | SH | 109795] D:protect.japanese
[29/01/2007 -0 19:57:36 | SH | 109487] D:protect.korean
[14/02/2007 -0 20:44:28 | SH | 111402] D:protect.norwegian
[14/02/2007 -0 20:45:16 | SH | 111585] D:protect.polish
[14/02/2007 -0 20:46:04 | SH | 111448] D:protect.portuguese
[14/02/2007 -0 20:46:40 | SH | 111697] D:protect.portuguese brazilian
[29/01/2007 -0 19:58:20 | SH | 163804] D:protect.russian
[29/01/2007 -0 19:55:54 | SH | 109016] D:protect.spanish
[14/02/2007 -0 20:48:56 | SH | 111445] D:protect.swedish
[14/02/2007 -0 20:49:30 | SH | 111598] D:protect.turkish
[07/08/2009 -0 07:46:37 | RD ] D:RECOVERY
[07/08/2009 -0 07:46:37 | RSHD ] D:SOURCES
[11/03/2010 -0 10:07:41 | SHD ] D:System Volume Information
[07/08/2009 -0 07:46:57 | D ] D:Tools
[07/08/2009 -0 07:46:37 | D ] D:WINDOWS
[08/02/2013 -0 12:22:42 | D ] F:sitecinema
[21/12/2012 -0 07:36:54 | D ] F:clef
[09/02/2013 -0 09:34:52 | D ] F:.fseventsd
[09/10/2013 -0 11:27:20 | N | 431351] F:crick.png
[23/10/2013 -0 14:41:54 | D ] F:jardins
[09/10/2013 -0 11:26:12 | N | 17621] F:crick.odt
[08/02/2013 -0 12:29:48 | SH | 4096] F:._.Trashes
[08/02/2013 -0 12:29:52 | D ] F:couv
[08/02/2013 -0 12:29:48 | SHD ] F:.Trashes
[08/02/2013 -0 12:29:48 | SHD ] F:.Spotlight-V100
[09/10/2013 -0 11:34:56 | N | 19074] F:courrier_valenciennes_motivation.odt
[23/10/2013 -0 18:50:24 | N | 315902] F:nolde.png
[23/10/2013 -0 18:20:26 | D ] F:aff
[23/10/2013 -0 18:44:50 | N | 2108480] F:artnouveau_paulberthon.png
[23/10/2013 -0 18:45:32 | N | 2473800] F:artnouveau_paulberthon02.png
[23/10/2013 -0 18:48:20 | N | 239668] F:enrich_heckel.png
[23/10/2013 -0 18:51:40 | N | 327128] F:constructivisme01.png
[22/10/2013 -0 12:03:08 | N | 31814] G:le jardin, notre double.odt
[22/10/2013 -0 12:54:32 | N | 31596] G:memoire_photographie.odt
[22/10/2013 -0 13:43:26 | N | 237309] G:ETicket_22120330.pdf
[22/10/2013 -0 13:43:52 | N | 237306] G:ETicket_67054015.pdf
[22/10/2013 -0 13:44:18 | N | 237307] G:ETicket_228626911.pdf

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; -0 https://www.sosvirus.net” onclick=”window.open(this.href);return false; |