flores76
Participant
Nombre d'articles : 26

J’ai également utilisé, avant les trois opérations précédentes, usbfix dont voici le rapport:
[spoiler:2whbojae]############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: flo (Administrateur) # ORDIFLO
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 22:44:12 | 27/10/2013

Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
RAM -> [Total : 3959 | Free : 1866]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 298 Go (205 Go libre(s) – 69%) [WINDOWS] # NTFS
D: -> Disque fixe # 298 Go (119 Go libre(s) – 40%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 466 Go (334 Go libre(s) – 72%) [TOSHIBA EXT] # NTFS

################## | Regedit Run |

HKLMSOFTWARE | Run : [NBAgent] – « c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe » /WinStart
HKLMSOFTWARE | Run : [StartCCC] – « C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe » MSRun
HKLMSOFTWARE | Run : [ToshibaServiceStation] – C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe /hide:60
HKLMSOFTWARE | Run : [TWebCamera] – « C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe » autorun
HKLMSOFTWARE | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
HKLMSOFTWARE | Run : [GrooveMonitor] – « C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe »
HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [NokiaMServer] – C:Program Files (x86)Common FilesNokiaMPlatformNokiaMServer /watchfiles
HKLMSOFTWARE | Run : [Nokia FastStart] – « C:Program Files (x86)NokiaNokia MusicNokiaMusic.exe » /command:faststart
HKLMSOFTWARE | Run : [hpqSRMon] – C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
HKLMSOFTWARE | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
HKLMSOFTWARE | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
HKLMSOFTWARE | Run : [NokiaMusic FastStart] – « C:Program Files (x86)NokiaNokia Music PlayerNokiaMusicPlayer.exe » /command:faststart
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
HKLMSOFTWAREwow6432Node | Run : [NBAgent] – « c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe » /WinStart
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – « C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe » MSRun
HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe /hide:60
HKLMSOFTWAREwow6432Node | Run : [TWebCamera] – « C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe » autorun
HKLMSOFTWAREwow6432Node | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
HKLMSOFTWAREwow6432Node | Run : [GrooveMonitor] – « C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe »
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [NokiaMServer] – C:Program Files (x86)Common FilesNokiaMPlatformNokiaMServer /watchfiles
HKLMSOFTWAREwow6432Node | Run : [Nokia FastStart] – « C:Program Files (x86)NokiaNokia MusicNokiaMusic.exe » /command:faststart
HKLMSOFTWAREwow6432Node | Run : [hpqSRMon] – C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
HKLMSOFTWAREwow6432Node | Run : [Sweetpacks Communicator] – C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
HKLMSOFTWAREwow6432Node | Run : [NokiaMusic FastStart] – « C:Program Files (x86)NokiaNokia Music PlayerNokiaMusicPlayer.exe » /command:faststart
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-18SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32atiesrxx.exe (ID 908 |ParentID 624)
Stoppé! C:Windowssystem32atieclxx.exe (ID 1160 |ParentID 908)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1400 |ParentID 624)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1620 |ParentID 624)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1728 |ParentID 624)
Stoppé! C:Program Files (x86)Expat Shieldbinopenvpnas.exe (ID 1804 |ParentID 624)
Stoppé! C:Program Files (x86)Expat ShieldHssWPRhsssrv.exe (ID 1828 |ParentID 624)
Stoppé! C:Program Files (x86)Expat Shieldbinhsswd.exe (ID 1856 |ParentID 624)
Stoppé! C:Program Files (x86)FreemakeCaptureLibCaptureLibService.exe (ID 1876 |ParentID 624)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 1992 |ParentID 624)
Stoppé! C:Windowssystem32TODDSrv.exe (ID 1588 |ParentID 624)
Stoppé! C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 424 |ParentID 624)
Stoppé! C:Program FilesTOSHIBATECOTecoService.exe (ID 2104 |ParentID 624)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2136 |ParentID 624)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2212 |ParentID 2136)
Stoppé! C:Windowssystem32taskhost.exe (ID 2824 |ParentID 624)
Stoppé! C:WindowsExplorer.EXE (ID 3048 |ParentID 2952)
Stoppé! C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID 3492 |ParentID 3048)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 3544 |ParentID 3048)
Stoppé! C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID 3584 |ParentID 3048)
Stoppé! C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID 3596 |ParentID 3048)
Stoppé! C:Program FilesTOSHIBASmoothViewSmoothView.exe (ID 3656 |ParentID 3048)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID 3668 |ParentID 3048)
Stoppé! C:Program FilesCONEXANTcAudioFilterAgentcAudioFilterAgent64.exe (ID 3692 |ParentID 3048)
Stoppé! C:Program FilesTOSHIBATECOTeco.exe (ID 3724 |ParentID 3048)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 3940 |ParentID 3544)
Stoppé! C:Program Files (x86)eInstructionDevice ManagerLaunch.exe (ID 3952 |ParentID 3048)
Stoppé! C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe (ID 3988 |ParentID 3788)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe (ID 4036 |ParentID 3788)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 4048 |ParentID 4028)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4092 |ParentID 3788)
Stoppé! C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe (ID 3068 |ParentID 3788)
Stoppé! C:Program Files (x86)Common FilesNokiaMPlatformNokiaMServer.exe (ID 2604 |ParentID 3788)
Stoppé! C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe (ID 3188 |ParentID 3048)
Stoppé! C:UsersfloAppDataRoamingDropboxbinDropbox.exe (ID 3444 |ParentID 3048)
Stoppé! C:Windowssystem32taskeng.exe (ID 3456 |ParentID 344)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 2956 |ParentID 3788)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID 4020 |ParentID 3456)
Stoppé! C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe (ID 3204 |ParentID 3188)
Stoppé! C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe (ID 1932 |ParentID 748)
Stoppé! C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe (ID 4260 |ParentID 748)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 4812 |ParentID 4048)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 4520 |ParentID 624)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 5004 |ParentID 624)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID 1584 |ParentID 3048)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 2524 |ParentID 4520)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 2552 |ParentID 624)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe (ID 5132 |ParentID 624)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID 5176 |ParentID 3552)
Stoppé! C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID 5228 |ParentID 624)
Stoppé! C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID 5676 |ParentID 3744)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID 5704 |ParentID 624)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID 3900 |ParentID 624)
Stoppé! c:Program Files (x86)NeroUpdateNASvc.exe (ID 4556 |ParentID 624)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 1004 |ParentID 624)
Stoppé! C:Windowssystem32MacromedFlashFlashUtil64_11_9_900_117_ActiveX.exe (ID 1440 |ParentID 748)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID 4616 |ParentID 4020)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 3272 |ParentID 1584)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU….ExplorerMountPoints2{83b33aa8-35a5-11e3-a94b-00266c9eb610}

################## | Listing |

[27/10/2013 – 20:40:45 | SHD ] C:$RECYCLE.BIN
[27/10/2013 – 20:40:45 | D ] C:32788R22FWJFW
[02/10/2013 – 11:59:52 | N | 3288] C:bootsqm.dat
[27/10/2013 – 19:14:03 | HD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[26/08/2013 – 11:04:19 | D ] C:e6a94c9dda5c7f6035ef0cdaf39344
[27/10/2013 – 20:24:43 | D ] C:Expat Shield
[27/10/2013 – 21:04:23 | ASH | 3113361408] C:hiberfil.sys
[21/02/2012 – 20:17:09 | D ] C:Intel
[04/12/2012 – 19:43:33 | D ] C:Lib'
[01/10/2013 – 20:06:56 | D ] C:Mes Sites Web
[27/10/2013 – 20:24:43 | RHD ] C:MSOCache
[27/10/2013 – 21:04:29 | ASH | 4151148544] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[27/10/2013 – 20:26:34 | D ] C:Program Files
[27/10/2013 – 20:26:01 | D ] C:Program Files (x86)
[27/10/2013 – 20:26:35 | HD ] C:ProgramData
[27/10/2013 – 19:20:55 | D ] C:Qoobox
[09/11/2010 – 14:49:02 | N | 70] C:SWSTAMP.TXT
[27/10/2013 – 21:14:24 | SHD ] C:System Volume Information
[21/02/2012 – 20:43:51 | D ] C:Toshiba
[27/10/2013 – 22:49:36 | D ] C:UsbFix
[27/10/2013 – 22:51:18 | A | 11777] C:UsbFix [Clean 1] ORDIFLO.txt
[21/02/2012 – 20:41:16 | RD ] C:Users
[27/10/2013 – 20:42:30 | D ] C:Windows
[21/02/2012 – 20:43:55 | SHD ] D:$RECYCLE.BIN
[26/03/2011 – 06:25:20 | D ] D:HDDRecovery
[21/02/2012 – 21:58:04 | N | 528] D:MediaID.bin
[27/10/2013 – 13:07:19 | D ] D:ordiflo
[15/11/2010 – 16:43:05 | N | 11] D:R14479FR.tag
[20/10/2013 – 21:52:24 | SHD ] D:System Volume Information
[21/02/2012 – 21:59:03 | D ] D:WindowsImageBackup
[03/10/2013 – 07:36:54 | SHD ] F:$RECYCLE.BIN
[02/10/2013 – 12:50:41 | D ] F:college
[27/10/2013 – 16:45:13 | D ] F:Euclid
[18/07/2012 – 10:46:38 | D ] F:fichiers d'origine
[29/08/2013 – 14:25:42 | D ] F:Images
[02/10/2013 – 15:31:36 | D ] F:logiciels
[02/08/2012 – 16:21:04 | D ] F:Ma musique
[27/10/2013 – 16:59:50 | D ] F:Nero Autobackup
[18/07/2012 – 12:03:48 | SHD ] F:RECYCLER
[02/08/2012 – 19:35:52 | SHD ] F:System Volume Information

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:2whbojae]