annav
Nombre d'articles : 0

ok, j’ai enlevé les deux clés, il n’y a plus les raccourcis dessus..!! :bravo1:
Et j’ai mis la troisième et refais la suppression avec usbfix, voila le rapport:

############################## | UsbFix V 7.156 | [Suppression]

Utilisateur: Anna (Administrateur) # ANNA-PC
Mis à jour le 27/12/2013 par El Desaparecido – Team SosVirus
Lancé à 12:03:09 | 23/12/2013

Site Web : http://www.usbfix.net » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Hewlett-Packard (1425)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3894 | Free : 2263]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 905 Go (478 Go libre(s) – 53%) [] # NTFS
D: -> Disque fixe # 27 Go (16 Go libre(s) – 58%) [RECOVERY] # NTFS
E: -> Disque fixe # 203 Mo (199 Mo libre(s) – 98%) [HP_TOOLS] # FAT32
F: -> CD-ROM
G: -> Disque amovible # 4 Go (3 Go libre(s) – 80%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1244 |ParentID: 576)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1276 |ParentID: 576)
Stoppé! C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1396 |ParentID: 576)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1428 |ParentID: 576)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1472 |ParentID: 576)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 1508 |ParentID: 576)
Stoppé! C:Program Files (x86)Common FilesDeviceHelperDeviceManager.exe (ID: 1544 |ParentID: 576)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1604 |ParentID: 576)
Stoppé! C:Program Files (x86)CyberLinkShared filesRichVideo.exe (ID: 1672 |ParentID: 576)
Stoppé! C:Program Files (x86)Jump FlipupdateJumpFlip.exe (ID: 1836 |ParentID: 576)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1992 |ParentID: 576)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2096 |ParentID: 576)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2236 |ParentID: 2096)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 2412 |ParentID: 1428)
Stoppé! C:Program Files (x86)AviraAntiVir DesktopAVWEBGRD.EXE (ID: 2540 |ParentID: 576)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 2072 |ParentID: 1356)
Stoppé! C:WindowsSystem32StikyNot.exe (ID: 1944 |ParentID: 1356)
Stoppé! C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe (ID: 2296 |ParentID: 1356)
Stoppé! C:UsersAnnaAppDataRoamingDropboxbinDropbox.exe (ID: 2892 |ParentID: 1356)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 128 |ParentID: 2936)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 3096 |ParentID: 128)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 3128 |ParentID: 1952)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3136 |ParentID: 1952)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 3824 |ParentID: 1356)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 992 |ParentID: 576)
Stoppé! C:Program FilesRealtekRtVOsdRtVOsdService.exe (ID: 1912 |ParentID: 576)
Stoppé! C:Program FilesRealtekRtVOsdRtVOsd.exe (ID: 2976 |ParentID: 1912)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 3272 |ParentID: 576)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1924 |ParentID: 576)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 1056 |ParentID: 984)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [avgnt] – « C:Program Files (x86)AviraAntiVir Desktopavgnt.exe » /min
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – « C:Program Files (x86)AviraAntiVir Desktopavgnt.exe » /min
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3302041396-931589675-567155245-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-3302041396-931589675-567155245-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe

################## | Recherche générique |

Supprimé! C:UsersAnnaAppDataLocalTempavgnt.exe
Supprimé! G:Intel(R)Service.vbs
Supprimé! G:Revue de presse.lnk
Supprimé! G:prix photos.lnk

(!) Fichiers temporaires supprimés. (4510 Ko)

################## | Référence de comparaison MD5 |

Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> G:Intel(R)Service.vbs

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

Supprimé! HKUS-1-5-21-3302041396-931589675-567155245-1000Software….Mountpoints2{58100a1e-1084-11e0-b07d-c80aa971665f}

################## | Listing |

[10/05/2012 – 19:04:06 | N | 7 Ko] – C:debug1214.txt
[23/12/2013 – 11:47:36 | N | 11 Ko] – C:UsbFix [Scan 1] ANNA-PC.txt
[23/12/2013 – 12:11:16 | A | 6 Ko] – C:UsbFix [Clean 4] ANNA-PC.txt
[23/12/2013 – 12:27:46 | N | 17 Ko] – C:UsbFix [Clean 3] ANNA-PC.txt
[23/12/2013 – 11:44:29 | ASH | 2990484 Ko] – C:hiberfil.sys
[23/12/2013 – 11:44:29 | ASH | 3987312 Ko] – C:pagefile.sys
[20/10/2010 – 17:08:35 | D] – C:SYSTEM.SAV
[26/05/2012 – 10:48:45 | N | 0 Ko] – C:hpqlb.log
[24/05/2013 – 12:15:26 | N | 0 Ko] – C:setup.log
[24/05/2013 – 12:21:16 | N | 0 Ko] – C:SYNTPAD.LOG
[31/05/2013 – 11:57:07 | N | 2 Ko] – C:RHDSetup.log
[07/06/2010 – 14:16:58 | N | 687 Ko | 569BCCC5BC9E25E9DF799C4BDACB0B77] – C:autoruns.exe
[17/10/2013 – 14:43:40 | SHD] – C:$Recycle.Bin
[17/10/2013 – 14:18:05 | D] – C:found.000
[14/07/2009 – 02:38:58 | RASH | 375 Ko] – C:bootmgr
[14/07/2009 – 04:20:08 | D] – C:PerfLogs
[14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
[23/01/2010 – 14:55:49 | RHD] – C:MSOCache
[24/01/2010 – 02:18:08 | SHD] – C:boot
[23/05/2010 – 01:26:12 | D] – C:Intel
[23/05/2010 – 01:48:22 | D] – C:HP
[20/10/2010 – 17:08:32 | SHD] – C:Recovery
[10/05/2013 – 11:19:09 | D] – C:Firefox
[05/08/2013 – 15:25:10 | D] – C:net-snmp-compil-win
[04/10/2013 – 11:44:51 | D] – C:SwSetup
[17/10/2013 – 20:16:35 | D] – C:windirstat
[19/10/2013 – 00:01:01 | D] – C:Users
[08/11/2013 – 11:19:24 | D] – C:Program Files
[23/12/2013 – 11:44:37 | D] – C:Windows
[23/12/2013 – 12:03:11 | D] – C:UsbFix
[23/12/2013 – 12:25:55 | SHD] – C:System Volume Information
[23/12/2013 – 12:36:54 | HD] – C:ProgramData
[23/12/2013 – 12:36:55 | D] – C:Program Files (x86)
[23/12/2013 – 12:37:18 | D] – C:AdwCleaner
[24/05/2012 – 21:55:53 | N | 0 Ko] – D:HPSF_Rep.txt
[20/10/2010 – 17:17:04 | D] – D:system.sav
[23/05/2010 – 12:34:37 | N | 0 Ko] – D:RPCONFIG.LOG
[23/05/2010 – 12:34:42 | N | 12 Ko] – D:DeployRp.log
[25/11/2010 – 13:12:09 | N | 0 Ko] – D:HP_TOOLS (E) – Raccourci.lnk
[20/10/2010 – 17:17:03 | N | 0 Ko] – D:language.ini
[23/12/2013 – 12:27:45 | RASHD] – D:Autorun.inf
[20/10/2010 – 17:17:03 | N | 0 Ko] – D:BT_HP.FLG
[22/10/2013 – 17:38:39 | N | 14 Ko] – D:Miss Caroline Mouchot.docx
[23/05/2010 – 12:24:47 | N | 0 Ko] – D:CSP.DAT
[17/10/2013 – 14:43:40 | SHD] – D:$RECYCLE.BIN
[14/07/2009 – 19:39:00 | ASH | 375 Ko] – D:bootmgr
[20/10/2010 – 17:17:03 | SHD] – D:boot
[20/10/2010 – 17:17:03 | SHD] – D:preload
[20/10/2010 – 17:17:03 | SD] – D:Recovery
[03/08/2011 – 10:40:01 | SHD] – D:System Volume Information
[18/10/2013 – 19:53:05 | D] – D:hp
[24/05/2012 – 20:55:54 | N | 0 Ko] – E:HPSF_Rep.txt
[23/12/2013 – 12:27:46 | RASHD] – E:Autorun.inf
[20/10/2010 – 18:17:08 | SHD] – E:$RECYCLE.BIN
[18/10/2013 – 10:13:58 | D] – E:Hewlett-Packard
[24/11/2013 – 23:24:32 | N | 0 Ko] – G:prix photos.txt
[26/11/2013 – 22:21:10 | N | 768 Ko] – G:Revue de presse.pdf
[24/11/2013 – 23:21:56 | D] – G:plus tard
[24/11/2013 – 23:21:56 | D] – G:Normal x 129
[24/11/2013 – 23:31:16 | D] – G:Asso x 31
[25/11/2013 – 00:18:48 | D] – G:Grand x 18

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |