Répondre à : Clef USB : Dossier devenu raccourcis 2016-09-08T13:11:39+00:00
chloe17
Nombre d'articles : 0

Voici le rapport de la suppression.

Concernant la vérification du PC, je viens de la faire avec mon anti-virus. Ce n’est pas sur ce PC que j’ai attraper celui de la clef USB, mais dans une imprimerie.[spoiler:3nnezt55]############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: fabienne (Administrateur) # FABIENNE-TOSH
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 22:51:23 | 26/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (NDU10)
CPU: Intel(R) Pentium(R) CPU U5400 @ 1.20GHz
RAM -> [Total : 2931 | Free : 1068]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: F-Secure Client Security 9.01 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (84 Go libre(s) – 57%) [WINDOWS] # NTFS
D: -> Disque fixe # 149 Go (141 Go libre(s) – 95%) [Data] # NTFS
E: -> Disque amovible # 7 Go (5 Go libre(s) – 61%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
HKLMSOFTWARE | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWARE | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [NBAgent] – “c:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWARE | Run : [MyFunCards_5m Browser Plugin Loader] – C:PROGRA~2MYFUNC~2bar1.bin5mbrmon.exe
HKLMSOFTWARE | Run : [MyFunCards Search Scope Monitor] – “C:PROGRA~2MYFUNC~2bar1.bin5msrchmn.exe” /m=2 /w /h
HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
HKLMSOFTWARE | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
HKLMSOFTWARE | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
HKLMSOFTWARE | Run : [F-Secure TNB] – “C:Program Files (x86)F-SecureFSGUITNBUtil.exe” /CHECKALL /WAITFORSW
HKLMSOFTWARE | Run : [F-Secure Manager] – “C:Program Files (x86)F-SecureCommonFSM32.EXE” /splash
HKLMSOFTWARE | Run : [ControlCenter3] – C:Program Files (x86)BrotherControlCenter3brctrcen.exe /autorun
HKLMSOFTWARE | Run : [BrMfcWnd] – C:Program Files (x86)BrotherBrmfcmonBrMfcWnd.exe /AUTORUN
HKLMSOFTWARE | Run : [beid] – “C:Program Files (x86)Belgium Identity Cardbeid35gui.exe” /startup
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
HKLMSOFTWAREwow6432Node | Run : [TSleepSrv] – %ProgramFiles(x86)%TOSHIBATOSHIBA Sleep UtilityTSleepSrv.exe
HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
HKLMSOFTWAREwow6432Node | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “c:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWAREwow6432Node | Run : [MyFunCards_5m Browser Plugin Loader] – C:PROGRA~2MYFUNC~2bar1.bin5mbrmon.exe
HKLMSOFTWAREwow6432Node | Run : [MyFunCards Search Scope Monitor] – “C:PROGRA~2MYFUNC~2bar1.bin5msrchmn.exe” /m=2 /w /h
HKLMSOFTWAREwow6432Node | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
HKLMSOFTWAREwow6432Node | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [HWSetup] – C:Program FilesTOSHIBAUtilitiesHWSetup.exe hwSetUP
HKLMSOFTWAREwow6432Node | Run : [GrooveMonitor] – “C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe”
HKLMSOFTWAREwow6432Node | Run : [F-Secure TNB] – “C:Program Files (x86)F-SecureFSGUITNBUtil.exe” /CHECKALL /WAITFORSW
HKLMSOFTWAREwow6432Node | Run : [F-Secure Manager] – “C:Program Files (x86)F-SecureCommonFSM32.EXE” /splash
HKLMSOFTWAREwow6432Node | Run : [ControlCenter3] – C:Program Files (x86)BrotherControlCenter3brctrcen.exe /autorun
HKLMSOFTWAREwow6432Node | Run : [BrMfcWnd] – C:Program Files (x86)BrotherBrmfcmonBrMfcWnd.exe /AUTORUN
HKLMSOFTWAREwow6432Node | Run : [beid] – “C:Program Files (x86)Belgium Identity Cardbeid35gui.exe” /startup
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2002910404-3860763008-3131954140-1000SOFTWARE | Run : [TomTomHOME.exe] – “C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe”
HKUS-1-5-21-2002910404-3860763008-3131954140-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-2002910404-3860763008-3131954140-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
HKUS-1-5-21-2002910404-3860763008-3131954140-1000SOFTWARE | Run : [MyTomTomSA.exe] – “C:Program Files (x86)MyTomTom 3MyTomTomSA.exe”
HKUS-1-5-21-2002910404-3860763008-3131954140-1000SOFTWARE | Run : [Google Update] – “C:UsersfabienneAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-2002910404-3860763008-3131954140-1000SOFTWARE | Run : [AVG-Secure-Search-Update_JUNE2013_HP] – “C:Program Files (x86)AVG Secure SearchAVG-Secure-Search-Update_JUNE2013_HP.exe” /PROMPT /CMPID=JUNE2013_HP
HKUS-1-5-18SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:WindowsSystem32spoolsv.exe (ID 1264 |ParentID 588)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1452 |ParentID 588)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1516 |ParentID 588)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 1540 |ParentID 588)
Stoppé! C:Program Files (x86)F-SecureAnti-Virusfsgk32st.exe (ID 1620 |ParentID 588)
Stoppé! C:Program Files (x86)F-SecureAnti-VirusFSGK32.EXE (ID 1648 |ParentID 1620)
Stoppé! C:Program Files (x86)F-SecureCommonFSMA32.EXE (ID 1656 |ParentID 588)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 1692 |ParentID 588)
Stoppé! C:Program Files (x86)F-SecureCommonFSHDLL32.EXE (ID 1744 |ParentID 1656)
Stoppé! C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGmdm.exe (ID 1808 |ParentID 588)
Stoppé! C:PROGRA~2MYFUNC~2bar1.bin5mbarsvc.exe (ID 1836 |ParentID 588)
Stoppé! c:Program Files (x86)Common FilesNeroNero BackItUp 4NBService.exe (ID 1856 |ParentID 588)
Stoppé! C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (ID 2004 |ParentID 588)
Stoppé! C:Windowssystem32ThpSrv.exe (ID 1400 |ParentID 588)
Stoppé! C:Windowssystem32TODDSrv.exe (ID 2080 |ParentID 588)
Stoppé! C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe (ID 2108 |ParentID 588)
Stoppé! C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 2132 |ParentID 588)
Stoppé! C:Program FilesTOSHIBATECOTecoService.exe (ID 2160 |ParentID 588)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2360 |ParentID 588)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2424 |ParentID 2360)
Stoppé! C:Program Files (x86)F-SecureFWESProgramfsdfwd.exe (ID 2708 |ParentID 588)
Stoppé! C:Program Files (x86)F-SecureORSP Clientfsorsp.exe (ID 2812 |ParentID 588)
Stoppé! C:Program Files (x86)F-SecureAnti-Virusfssm32.exe (ID 2884 |ParentID 1648)
Stoppé! C:Program Files (x86)F-SecureCommonFNRB32.EXE (ID 3008 |ParentID 588)
Stoppé! C:Program Files (x86)F-SecureCommonFIH32.EXE (ID 2264 |ParentID 1656)
Stoppé! C:Program Files (x86)F-SecureAnti-Virusfsav32.exe (ID 3080 |ParentID 1648)
Stoppé! C:Windowssystem32taskhost.exe (ID 3416 |ParentID 588)
Stoppé! C:WindowsExplorer.EXE (ID 3560 |ParentID 3524)
Stoppé! C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID 3756 |ParentID 3560)
Stoppé! C:WindowsSystem32ThpSrv.exe (ID 3780 |ParentID 3560)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 3792 |ParentID 3560)
Stoppé! C:Program FilesRealtekAudioHDARAVBg64.exe (ID 3932 |ParentID 3560)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 3940 |ParentID 3560)
Stoppé! C:Program FilesMicrosoft IntelliPointipoint.exe (ID 3948 |ParentID 3560)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 3964 |ParentID 3560)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 3972 |ParentID 3560)
Stoppé! C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe (ID 3100 |ParentID 3560)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 2408 |ParentID 3560)
Stoppé! C:WindowsSystem32StikyNot.exe (ID 3180 |ParentID 3560)
Stoppé! C:Program Files (x86)MyTomTom 3MyTomTomSA.exe (ID 3320 |ParentID 3560)
Stoppé! C:Program Files (x86)MyFunCards_5mbar1.bin5mbrmon.exe (ID 4100 |ParentID 3896)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 4176 |ParentID 588)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 5032 |ParentID 588)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID 4368 |ParentID 588)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID 648 |ParentID 588)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe (ID 5312 |ParentID 588)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 5792 |ParentID 588)
Stoppé! C:Windowssystem32DllHost.exe (ID 6048 |ParentID 732)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 5064 |ParentID 588)
Stoppé! C:Program Files (x86)Internet ExplorerIELowutil.exe (ID 6932 |ParentID 5468)
Stoppé! C:Windowssystem32taskhost.exe (ID 7120 |ParentID 588)
Stoppé! C:Program Files (x86)GoogleUpdate1.3.21.165GoogleCrashHandler.exe (ID 7548 |ParentID 6488)
Stoppé! C:Program Files (x86)GoogleUpdate1.3.21.165GoogleCrashHandler64.exe (ID 4480 |ParentID 6488)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 8112 |ParentID 588)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID 4468 |ParentID 3560)
Stoppé! C:Windowssystem32taskeng.exe (ID 5612 |ParentID 940)
Stoppé! C:Program Files (x86)NeroNero BackItUp & BurnNero BackItUpNBAgent.exe (ID 4996 |ParentID 5612)
Stoppé! C:UsersfabienneAppDataLocalGoogleChromeApplicationchrome.exe (ID 9980 |ParentID 3560)
Stoppé! C:UsersfabienneAppDataLocalGoogleChromeApplicationchrome.exe (ID 6668 |ParentID 9980)
Stoppé! C:UsersfabienneAppDataLocalGoogleChromeApplicationchrome.exe (ID 6660 |ParentID 9980)
Stoppé! C:UsersfabienneAppDataLocalGoogleChromeApplicationchrome.exe (ID 9624 |ParentID 9980)
Stoppé! C:Windowssystem32DeviceDisplayObjectProvider.exe (ID 9504 |ParentID 732)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 7236 |ParentID 900)
Stoppé! C:UsersfabienneAppDataLocalGoogleChromeApplicationchrome.exe (ID 4800 |ParentID 9980)
Stoppé! C:UsersfabienneAppDataLocalGoogleChromeApplicationchrome.exe (ID 7784 |ParentID 9980)

################## | Éléments infectieux |

Supprimé! E:bijoux.lnk
Supprimé! E:photo.lnk
Supprimé! E:.lnk
Supprimé! E:Intouchables.lnk
Supprimé! E:Musique.lnk
Supprimé! E:Colonies.lnk
Supprimé! E:TIPE.lnk
Supprimé! E:RECYCLER.lnk
Supprimé! E:Ski, organisation.lnk
Supprimé! E:Info.lnk
Supprimé! E:Photos.lnk
Supprimé! E:.Trashes.lnk
Supprimé! E:Liège, Ecole Véto.lnk
Supprimé! E:.fseventsd.lnk
Supprimé! E:.Spotlight-V100.lnk
Supprimé! E:Larvotherapie, TPE.lnk
Supprimé! E:Job été.lnk
Supprimé! E:Larvothérapie.lnk
Supprimé! C:UsersfabienneAppDataLocalTempPrintPreview.hta
Supprimé! E:Recyclerdesktop.ini

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[02/09/2011 – 22:15:46 | SHD ] C:$RECYCLE.BIN
[22/11/2010 – 11:19:26 | D ] C:1033
[05/06/2013 – 00:05:29 | N | 1329] C:bla
[26/08/2012 – 08:43:44 | D ] C:Brother
[19/10/2013 – 19:57:49 | SHD ] C:Config.Msi
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[09/05/2012 – 10:18:00 | D ] C:drivers
[06/10/2013 – 08:15:16 | ASH | 2304774144] C:hiberfil.sys
[22/11/2010 – 10:51:00 | D ] C:Intel
[12/10/2012 – 15:34:46 | D ] C:Kreapixel
[22/11/2010 – 11:19:47 | RHD ] C:MSOCache
[06/10/2013 – 08:15:17 | ASH | 3073032192] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[13/03/2013 – 23:26:17 | D ] C:Program Files
[08/10/2013 – 13:40:39 | D ] C:Program Files (x86)
[25/08/2013 – 20:19:48 | HD ] C:ProgramData
[22/11/2010 – 11:03:48 | N | 3173] C:RHDSetup.log
[01/06/2010 – 16:50:31 | N | 70] C:SWSTAMP.TXT
[26/10/2013 – 08:07:30 | SHD ] C:System Volume Information
[22/11/2010 – 13:13:49 | D ] C:Toshiba
[26/10/2013 – 22:52:57 | D ] C:UsbFix
[26/10/2013 – 22:55:26 | A | 14661] C:UsbFix [Clean 1] FABIENNE-TOSH.txt
[26/10/2013 – 21:29:22 | N | 14470] C:UsbFix [Scan 2] FABIENNE-TOSH.txt
[31/08/2012 – 13:19:54 | N | 304] C:user.js
[22/11/2010 – 12:56:24 | RD ] C:Users
[07/07/2013 – 11:30:18 | D ] C:Windows
[22/11/2010 – 11:18:33 | D ] C:Works
[22/11/2010 – 13:13:53 | SHD ] D:$RECYCLE.BIN
[09/11/2011 – 23:20:43 | D ] D:2d430fe8297ed4aab12eb
[16/04/2011 – 15:00:29 | D ] D:6144fbbd11a4210a9ad8
[25/06/2013 – 00:09:19 | D ] D:Firefox
[18/11/2010 – 08:04:16 | D ] D:HDDRecovery
[30/12/2010 – 15:09:37 | D ] D:IDE
[07/06/2010 – 22:08:26 | N | 11] D:R12882FR.tag
[16/07/2010 – 04:13:42 | SHD ] D:System Volume Information
[25/10/2011 – 15:16:44 | N | 321024] E:bijoux.doc
[29/06/2012 – 18:05:44 | D ] E:Musique
[25/10/2011 – 13:48:52 | D ] E:photo
[27/09/2013 – 16:48:12 | D ] E:Colonies
[11/05/2013 – 20:46:48 | D ] E:TIPE
[14/09/2012 – 18:35:18 | SHD ] E:RECYCLER
[27/09/2013 – 16:50:36 | D ] E:Ski, organisation
[09/10/2012 – 15:39:12 | D ] E:Info
[27/09/2013 – 16:43:30 | D ] E:Photos
[10/02/2013 – 21:20:50 | SHD ] E:.Trashes
[05/09/2013 – 15:54:48 | D ] E:Liège, Ecole Véto
[10/02/2013 – 21:20:50 | SH | 4096] E:._.Trashes
[10/02/2013 – 21:20:50 | D ] E:.fseventsd
[10/02/2013 – 21:20:52 | SHD ] E:.Spotlight-V100
[27/09/2013 – 16:38:14 | D ] E:Larvotherapie, TPE
[15/06/2013 – 13:08:14 | N | 1466474530] E:Intouchables.2011.FRENCH.BRRIP.XViD.AC3-ToRa-www.Zone-Telechargement.com.avi
[28/02/2011 – 15:47:02 | D ] E:Job été
[28/02/2011 – 15:47:14 | D ] E:Larvothérapie

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:3nnezt55]
Que veut donc dire ce rapport ? Y a t’il d’autres manipulations à effectuer ?

Merci pour votre disponibilité !

Chloe17