Répondre à : clé usb copie des raccourcis 2016-09-08T13:11:34+00:00
Lena
Post count: 0

Bonjour,

je vous remercie pour votre aide !!

Voici le rapport de UsbFix :

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Hélène (Administrateur) # HÉLÈNE-TOSH
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:08:19 | 27/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (KSWAA)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
RAM -> [Total : 3933 | Free : 2089]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 233 Go (1 Go libre(s) – 0%) [WINDOWS] # NTFS
D: -> Disque fixe # 232 Go (8 Go libre(s) – 3%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [HÉLÈNE] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
HKLMSOFTWARE | Run : [HWSetup] – “C:Program FilesTOSHIBAUtilitiesHWSetup.exe” hwSetUP
HKLMSOFTWARE | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
HKLMSOFTWARE | Run : [TWebCamera] – “%ProgramFiles%TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
HKLMSOFTWARE | Run : [SSDMonitor] – C:Program Files (x86)Common FilesPC ToolssMonitorSSDMonitor.exe
HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWARE | Run : [ORAHSSSessionManager] – “C:Program Files (x86)OrangeConnexion Internet OrangeSessionManagerSessionManager.exe”
HKLMSOFTWARE | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
HKLMSOFTWAREwow6432Node | Run : [HWSetup] – “C:Program FilesTOSHIBAUtilitiesHWSetup.exe” hwSetUP
HKLMSOFTWAREwow6432Node | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
HKLMSOFTWAREwow6432Node | Run : [TWebCamera] – “%ProgramFiles%TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
HKLMSOFTWAREwow6432Node | Run : [SSDMonitor] – C:Program Files (x86)Common FilesPC ToolssMonitorSSDMonitor.exe
HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [ORAHSSSessionManager] – “C:Program Files (x86)OrangeConnexion Internet OrangeSessionManagerSessionManager.exe”
HKLMSOFTWAREwow6432Node | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-3942088474-775173721-4025348067-1000SOFTWARE | Run : [RegistryMechanic] – C:Program Files (x86)Registry MechanicRMTray.exe /H
HKUS-1-5-21-3942088474-775173721-4025348067-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-3942088474-775173721-4025348067-1000SOFTWARE | Run : [OrangeInside] – C:UsersHélèneAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
HKUS-1-5-21-3942088474-775173721-4025348067-1000SOFTWARE | Run : [Facebook Update] – “C:UsersHélèneAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-3942088474-775173721-4025348067-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-3942088474-775173721-4025348067-1000SOFTWARE | Run : [cacaoweb] – “C:UsersHélèneAppDataRoamingcacaowebcacaoweb.exe” -noplayer
HKUS-1-5-21-3942088474-775173721-4025348067-1000SOFTWARE | Run : [Intel(R)Service] – wscript.exe //B “C:UsersHLNE~1AppDataLocalTempIntel(R)Service.vbs”
HKUS-1-5-18SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBAToshiba Online Product Informationtopi.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID 1216 |ParentID 604)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1412 |ParentID 604)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1540 |ParentID 604)
Stoppé! C:Program Files (x86)BonjourmDNSResponder.exe (ID 1956 |ParentID 604)
Stoppé! C:WindowsSysWOW64schtasks.exe (ID 1964 |ParentID 1920)
Stoppé! C:Windowssystem32conhost.exe (ID 1976 |ParentID 492)
Stoppé! C:PROGRA~2COMMON~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe (ID 1124 |ParentID 604)
Stoppé! C:Program Files (x86)Common FilesPC ToolssMonitorStartManSvc.exe (ID 2020 |ParentID 604)
Stoppé! C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID 1880 |ParentID 604)
Stoppé! C:Program Files (x86)Toshiba TEMPROTemproSvc.exe (ID 2096 |ParentID 604)
Stoppé! C:Windowssystem32TODDSrv.exe (ID 2188 |ParentID 604)
Stoppé! C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 2220 |ParentID 604)
Stoppé! C:Program FilesTOSHIBATECOTecoService.exe (ID 2300 |ParentID 604)
Stoppé! C:Windowssystem32msiexec.exe (ID 2980 |ParentID 604)
Stoppé! C:Windowssystem32taskhost.exe (ID 2732 |ParentID 604)
Stoppé! C:WindowsExplorer.EXE (ID 2092 |ParentID 1896)
Stoppé! C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID 3388 |ParentID 2092)
Stoppé! C:Program FilesTOSHIBABulletinBoardTosNcCore.exe (ID 3432 |ParentID 2092)
Stoppé! C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID 3568 |ParentID 2092)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 3580 |ParentID 2092)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 3588 |ParentID 2092)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 3596 |ParentID 2092)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID 3628 |ParentID 736)
Stoppé! C:Program FilesTOSHIBASmoothViewSmoothView.exe (ID 3656 |ParentID 2092)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3764 |ParentID 604)
Stoppé! C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID 4020 |ParentID 2092)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID 4068 |ParentID 604)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID 3444 |ParentID 2092)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 1932 |ParentID 2092)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 3372 |ParentID 2092)
Stoppé! C:Program FilesTOSHIBATECOTEco.exe (ID 3972 |ParentID 2092)
Stoppé! C:Program FilesTOSHIBARegistrationToshibaReminder.exe (ID 3556 |ParentID 2092)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 3468 |ParentID 2092)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFProcSRVC.exe (ID 4476 |ParentID 604)
Stoppé! C:UsersHélèneAppDataRoamingcacaowebcacaoweb.exe (ID 4560 |ParentID 2092)
Stoppé! C:Windowssystem32igfxext.exe (ID 4632 |ParentID 736)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID 5000 |ParentID 604)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 236 |ParentID 3372)
Stoppé! C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe (ID 1920 |ParentID 4592)
Stoppé! C:ProgramDataBitGuard2.6.1694.246{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID 2920 |ParentID 604)
Stoppé! C:Program Files (x86)Common FilesPC ToolssMonitorSSDMonitor.exe (ID 4672 |ParentID 4592)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID 3220 |ParentID 4592)
Stoppé! C:Program Files (x86)iTunesiTunesHelper.exe (ID 4764 |ParentID 4592)
Stoppé! C:WindowsSysWOW64schtasks.exe (ID 3856 |ParentID 4948)
Stoppé! C:ProgramDataBitGuard2.6.1694.246{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BitGuard.exe (ID 4528 |ParentID 2920)
Stoppé! C:Program Files (x86)OrangeConnexion Internet OrangeLauncherLauncher.exe (ID 5072 |ParentID 256)
Stoppé! C:Windowssystem32conhost.exe (ID 3464 |ParentID 560)
Stoppé! C:PROGRA~2COMMON~1France TelecomShared ModulesAlertModuleAlertModule.exe (ID 5248 |ParentID 736)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 5444 |ParentID 604)
Stoppé! C:Program Files (x86)OrangeConnexion Internet Orangesystraysystrayapp.exe (ID 5656 |ParentID 5072)
Stoppé! C:Program Files (x86)OrangeConnexion Internet Orangeconnectivityconnectivitymanager.exe (ID 5692 |ParentID 5072)
Stoppé! C:Program Files (x86)OrangeConnexion Internet OrangeconnectivityCoreComCoreCom.exe (ID 5788 |ParentID 5692)
Stoppé! C:Program Files (x86)OrangeConnexion Internet OrangeconnectivityCoreComOraConfigRecover.exe (ID 6016 |ParentID 5788)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 5564 |ParentID 604)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID 5408 |ParentID 3308)
Stoppé! C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID 4948 |ParentID 604)
Stoppé! C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID 5320 |ParentID 1480)
Stoppé! C:Windowssystem32rundll32.exe (ID 5684 |ParentID 488)
Stoppé! C:Windowssystem32vssvc.exe (ID 2428 |ParentID 604)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 5504 |ParentID 1400)
Stoppé! C:WindowsSystem32wscript.exe (ID 3352 |ParentID 6864)
Stoppé! C:Windowssystem32taskhost.exe (ID 4604 |ParentID 604)
Stoppé! C:Windowssystem32wuauclt.exe (ID 3540 |ParentID 484)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3164 |ParentID 2092)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7876 |ParentID 3164)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7328 |ParentID 3164)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3348 |ParentID 3164)
Stoppé! C:Program Files (x86)Internet ExplorerIELowutil.exe (ID 6836 |ParentID 3784)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7252 |ParentID 3164)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5948 |ParentID 3164)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3324 |ParentID 3164)
Stoppé! C:Windowssystem32taskeng.exe (ID 7140 |ParentID 484)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6656 |ParentID 3164)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 5008 |ParentID 1016)
Stoppé! C:Windowssystem32taskhost.exe (ID 6876 |ParentID 604)

################## | Éléments infectieux |

Supprimé! F:Intel(R)Service.vbs
Supprimé! C:UsersHLNE~1AppDataLocalTempIntel(R)Service.vbs
Supprimé! C:UsersHélèneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)Service.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3942088474-775173721-4025348067-1000SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)Service

################## | Listing |

[19/12/2009 – 20:27:15 | SHD ] C:$RECYCLE.BIN
[04/09/2009 – 14:49:05 | D ] C:1033
[16/11/2012 – 01:55:49 | D ] C:204ebae9efa537a695
[22/03/2013 – 11:39:50 | D ] C:BioEdit
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[14/10/2013 – 09:19:48 | ASH | 3092938752] C:hiberfil.sys
[04/10/2009 – 08:14:15 | D ] C:Intel
[04/09/2009 – 14:49:13 | RHD ] C:MSOCache
[14/10/2013 – 09:19:52 | ASH | 4123918336] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[01/05/2013 – 19:37:36 | D ] C:Program Files
[17/10/2013 – 13:51:55 | D ] C:Program Files (x86)
[15/09/2013 – 09:32:33 | HD ] C:ProgramData
[04/10/2009 – 08:23:26 | N | 2942] C:RHDSetup.log
[20/12/2009 – 15:21:31 | N | 159] C:Setup.log
[04/09/2009 – 15:18:06 | N | 70] C:SWSTAMP.TXT
[22/10/2013 – 18:12:39 | SHD ] C:System Volume Information
[19/12/2009 – 20:27:08 | D ] C:Toshiba
[27/10/2013 – 12:15:12 | D ] C:UsbFix
[27/10/2013 – 12:18:02 | A | 13286] C:UsbFix [Clean 1] HÉLÈNE-TOSH.txt
[26/10/2013 – 12:35:15 | N | 13618] C:UsbFix [Scan 2] HÉLÈNE-TOSH.txt
[02/09/2013 – 16:25:31 | RD ] C:Users
[03/09/2013 – 19:37:38 | D ] C:Windows
[04/09/2009 – 14:47:52 | D ] C:Works
[19/12/2009 – 20:27:15 | SHD ] D:$RECYCLE.BIN
[16/08/2013 – 16:55:18 | D ] D:111f0f44f0c3b47e7ca2
[19/01/2013 – 15:46:27 | D ] D:FILMS
[20/12/2009 – 05:22:36 | D ] D:HDDRecovery
[11/09/2009 – 17:43:21 | N | 11] D:R11461FR.tag
[04/10/2009 – 08:11:39 | SHD ] D:System Volume Information

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |