Répondre à : Désinfection clé usb 2016-09-08T13:38:16+00:00
carole06
Participant
Nombre d'articles : 12

Je n’ai pas eu besoin de suivre toute la démarche. En espérant que cela a fonctionné.

Voici le rapport :

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Louisa (Administrateur) # LOUISA-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 14:30:38 | 06/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (143A)
CPU: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
RAM -> [Total : 3894 Mo| Free : 1635 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17105
WB: Google Chrome : 34.0.1847.131

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 451 Go (299 Go libre(s) – 66%) [] # NTFS
D: -> Disque fixe # 14 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
E: -> Disque fixe # 99 Mo (91 Mo libre(s) – 92%) [HP_TOOLS] # FAT32
F: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 432 |ParentID: 384)
C:Windowssystem32wininit.exe (ID: 500 |ParentID: 384)
C:Windowssystem32csrss.exe (ID: 524 |ParentID: 508)
C:Windowssystem32services.exe (ID: 556 |ParentID: 500)
C:Windowssystem32lsass.exe (ID: 580 |ParentID: 500)
C:Windowssystem32lsm.exe (ID: 588 |ParentID: 500)
C:Windowssystem32winlogon.exe (ID: 644 |ParentID: 508)
C:Windowssystem32svchost.exe (ID: 748 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 828 |ParentID: 556)
C:Windowssystem32atiesrxx.exe (ID: 876 |ParentID: 556)
C:WindowsSystem32svchost.exe (ID: 948 |ParentID: 556)
C:WindowsSystem32svchost.exe (ID: 1004 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 308 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 384 |ParentID: 556)
C:Windowssystem32atieclxx.exe (ID: 1124 |ParentID: 876)
C:Windowssystem32svchost.exe (ID: 1160 |ParentID: 556)
C:Windowssystem32WLANExt.exe (ID: 1300 |ParentID: 1004)
C:Windowssystem32conhost.exe (ID: 1308 |ParentID: 432)
C:WindowsSystem32spoolsv.exe (ID: 1476 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 1516 |ParentID: 556)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1588 |ParentID: 556)
C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1628 |ParentID: 556)
C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (ID: 1688 |ParentID: 556)
C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1756 |ParentID: 556)
C:Program FilesHewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1812 |ParentID: 556)
C:Program Files (x86)Jumpstartjswpbapi.exe (ID: 1840 |ParentID: 556)
C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1868 |ParentID: 556)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1900 |ParentID: 556)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 304 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 1924 |ParentID: 556)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2084 |ParentID: 556)
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 2124 |ParentID: 556)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2176 |ParentID: 556)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2300 |ParentID: 2084)
C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2468 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 2684 |ParentID: 556)
C:Windowssystem32taskhost.exe (ID: 2912 |ParentID: 556)
C:Windowssystem32Dwm.exe (ID: 2064 |ParentID: 1004)
C:WindowsSystem32rundll32.exe (ID: 1380 |ParentID: 748)
C:WindowsExplorer.EXE (ID: 2492 |ParentID: 3044)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3036 |ParentID: 2492)
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (ID: 2896 |ParentID: 2492)
C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID: 3000 |ParentID: 2492)
C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe (ID: 456 |ParentID: 2492)
C:WindowsSystem32igfxpers.exe (ID: 3120 |ParentID: 2492)
C:Windowssystem32igfxsrvc.exe (ID: 3228 |ParentID: 748)
C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 3260 |ParentID: 2492)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3532 |ParentID: 3036)
C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID: 3580 |ParentID: 3268)
C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe (ID: 3612 |ParentID: 3268)
C:Windowssystem32SearchIndexer.exe (ID: 3868 |ParentID: 556)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 1224 |ParentID: 3548)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3496 |ParentID: 1224)
C:Windowssystem32svchost.exe (ID: 1072 |ParentID: 556)
C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe (ID: 3948 |ParentID: 556)
C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 1324 |ParentID: 556)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 3692 |ParentID: 556)
C:Windowssystem32wbemwmiprvse.exe (ID: 2696 |ParentID: 748)
C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe (ID: 4024 |ParentID: 556)
C:Windowssystem32wbemwmiprvse.exe (ID: 2452 |ParentID: 748)
C:WindowsSystem32svchost.exe (ID: 4176 |ParentID: 556)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4208 |ParentID: 556)
C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 4544 |ParentID: 3156)
C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID: 4700 |ParentID: 3180)
C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe (ID: 4764 |ParentID: 4544)
C:Windowssystem32taskhost.exe (ID: 5384 |ParentID: 556)
C:Program FilesInternet Exploreriexplore.exe (ID: 5500 |ParentID: 2492)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 7524 |ParentID: 5500)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 7296 |ParentID: 5500)
C:Windowssystem32MacromedFlashFlashUtil64_13_0_0_206_ActiveX.exe (ID: 5168 |ParentID: 748)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 8048 |ParentID: 5500)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 6752 |ParentID: 5500)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 9748 |ParentID: 5500)
C:Windowssystem32SearchProtocolHost.exe (ID: 2280 |ParentID: 3868)
C:Windowssystem32SearchFilterHost.exe (ID: 7176 |ParentID: 3868)
C:Windowssystem32SearchProtocolHost.exe (ID: 9040 |ParentID: 3868)

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|EnableShellExecuteHooks -> 0
Supprimé! HKUS-1-5-21-2438885668-180924057-1699815265-1000Software….Mountpoints2G
Supprimé! HKUS-1-5-21-2438885668-180924057-1699815265-1000Software….Mountpoints2{df77716b-b4fe-11df-9308-002682a01eb4}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
04 – HKCU..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKCU..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLM..Run : []
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [HOSTS Anti-Adware_PUPs] C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe
04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – [x64] HKLM..Run : [IAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
04 – [x64] HKLM..Run : [RtkOSD] C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe
04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – [x64] HKLM..Run : [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[22/08/2011 – 16:46:59 | SHD] – C:$Recycle.Bin
[07/01/2014 – 12:00:34 | D] – C:AdwCleaner
[23/02/2014 – 19:40:31 | N | 0 Ko] – C:AVScanner.ini
[16/05/2010 – 23:43:34 | SHD] – C:boot
[14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
[29/06/2011 – 23:35:34 | D] – C:cbde259474907931138433a6
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[24/02/2012 – 22:43:35 | D] – C:films
[06/05/2014 – 11:00:19 | ASH | 2990484 Ko] – C:hiberfil.sys
[18/06/2010 – 01:53:36 | D] – C:HP
[18/06/2010 – 02:04:25 | D] – C:Intel
[06/05/2014 – 11:00:43 | ASH | 3987312 Ko] – C:pagefile.sys
[18/01/2012 – 14:15:08 | D] – C:pan am saison 1
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[06/05/2014 – 13:30:27 | D] – C:Program Files
[06/05/2014 – 13:29:28 | D] – C:Program Files (x86)
[06/05/2014 – 13:27:14 | HD] – C:ProgramData
[30/08/2010 – 14:21:22 | SHD] – C:Recovery
[16/01/2014 – 02:42:40 | N | 594 Ko | ECFA4E7350DE3BB49AE671A9A3382A35] – C:SecurityScanner.dll
[19/01/2012 – 16:00:43 | D] – C:series
[28/11/2012 – 15:26:01 | D] – C:SwSetup
[06/05/2014 – 13:29:53 | SHD] – C:System Volume Information
[30/08/2010 – 14:21:26 | D] – C:SYSTEM.SAV
[02/05/2014 – 17:50:25 | D] – C:UsbFix
[06/05/2014 – 14:32:35 | A | 11 Ko | 30CDFE15E9C7742742CA9AC3609CA1B2] – C:UsbFix [Clean 2] LOUISA-PC.txt
[02/05/2014 – 18:08:21 | N | 11 Ko | 311D614CCBD1157FA8B4D27263E89C20] – C:UsbFix [Scan 1] LOUISA-PC.txt
[13/12/2012 – 21:16:20 | N | 0 Ko] – C:user.js
[30/08/2010 – 14:20:54 | D] – C:Users
[05/02/2011 – 13:11:27 | D] – C:UtilisateursAF
[25/03/2014 – 21:03:39 | D] – C:VALCOMPTA4
[02/05/2014 – 17:42:17 | D] – C:Windows
[30/08/2010 – 14:25:57 | SHD] – D:$RECYCLE.BIN
[30/08/2010 – 14:25:53 | SHD] – D:boot
[14/07/2009 – 20:39:00 | ASH | 375 Ko] – D:bootmgr
[30/08/2010 – 14:25:53 | N | 0 Ko] – D:BT_HP.FLG
[18/06/2010 – 12:40:33 | N | 0 Ko] – D:CSP.DAT
[18/06/2010 – 12:47:51 | N | 14 Ko] – D:DeployRp.log
[30/08/2010 – 14:25:53 | D] – D:hp
[30/08/2010 – 14:25:53 | N | 0 Ko] – D:language.ini
[30/08/2010 – 14:25:53 | SHD] – D:preload
[30/08/2010 – 14:25:53 | SD] – D:Recovery
[18/06/2010 – 12:47:48 | N | 0 Ko] – D:RPCONFIG.LOG
[19/01/2012 – 15:40:40 | SHD] – D:System Volume Information
[30/08/2010 – 14:25:54 | D] – D:system.sav
[30/08/2010 – 14:25:58 | SHD] – E:$RECYCLE.BIN
[18/06/2010 – 01:39:08 | D] – E:Hewlett-Packard
[02/05/2013 – 13:44:40 | N | 14 Ko] – E:Etiquettes boites.docx
[02/05/2013 – 13:13:42 | N | 14 Ko] – E:etiquettes parlophone.docx

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |