Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
Avatar du membre
par djamel
#12522
############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: Afs erdogan (Administrateur) # AFSERDOGAN-HP
Mis à  jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à  18:54:26 | 22/10/2013

Site Web: http://www.usbfix.net/" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware: http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact: http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Hewlett-Packard (166B)
CPU: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
RAM -> [Total : 3894 | Free : 1820]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Internet Security [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 450 Go (317 Go libre(s) - 70%) [] # NTFS
D:\ -> Disque fixe # 16 Go (2 Go libre(s) - 12%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 99 Mo (85 Mo libre(s) - 85%) [HP_TOOLS] # FAT32
G:\ -> Disque amovible # 15 Go (15 Go libre(s) - 96%) [AFS AFS] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID 544 |ParentID 504)
C:\Windows\system32\wininit.exe (ID 744 |ParentID 504)
C:\Windows\system32\csrss.exe (ID 764 |ParentID 752)
C:\Windows\system32\services.exe (ID 804 |ParentID 744)
C:\Windows\system32\lsass.exe (ID 828 |ParentID 744)
C:\Windows\system32\lsm.exe (ID 836 |ParentID 744)
C:\Windows\system32\svchost.exe (ID 940 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 1012 |ParentID 804)
C:\Windows\system32\atiesrxx.exe (ID 452 |ParentID 804)
C:\Windows\system32\winlogon.exe (ID 580 |ParentID 752)
C:\Windows\System32\svchost.exe (ID 612 |ParentID 804)
C:\Windows\System32\svchost.exe (ID 656 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 684 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 888 |ParentID 804)
C:\Program Files\IDT\WDM\STacSV64.exe (ID 884 |ParentID 804)
C:\Windows\servicing\TrustedInstaller.exe (ID 1196 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 1324 |ParentID 804)
C:\Windows\system32\WLANExt.exe (ID 1424 |ParentID 656)
C:\Windows\system32\conhost.exe (ID 1432 |ParentID 544)
C:\Windows\System32\spoolsv.exe (ID 1508 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 1536 |ParentID 804)
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ID 1620 |ParentID 804)
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (ID 1668 |ParentID 804)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (ID 1948 |ParentID 804)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 1996 |ParentID 804)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID 1208 |ParentID 804)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID 1436 |ParentID 804)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID 1892 |ParentID 804)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID 2120 |ParentID 804)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 2156 |ParentID 804)
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe (ID 2180 |ParentID 804)
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (ID 2208 |ParentID 804)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID 2244 |ParentID 804)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID 2672 |ParentID 804)
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (ID 2732 |ParentID 804)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID 2768 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 2828 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 2852 |ParentID 804)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (ID 2960 |ParentID 804)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3000 |ParentID 804)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID 3036 |ParentID 804)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 2084 |ParentID 3000)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe (ID 3104 |ParentID 2960)
C:\Windows\system32\conhost.exe (ID 3112 |ParentID 544)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID 3124 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 3356 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 3504 |ParentID 804)
C:\Windows\system32\svchost.exe (ID 3560 |ParentID 804)
C:\Windows\system32\atieclxx.exe (ID 4768 |ParentID 452)
C:\Windows\system32\taskhost.exe (ID 4984 |ParentID 804)
C:\Windows\system32\Dwm.exe (ID 1268 |ParentID 656)
C:\Windows\Explorer.EXE (ID 4020 |ParentID 5060)
C:\Windows\System32\igfxtray.exe (ID 4100 |ParentID 4020)
C:\Windows\System32\hkcmd.exe (ID 4696 |ParentID 4020)
C:\Windows\System32\igfxpers.exe (ID 4680 |ParentID 4020)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 4848 |ParentID 4020)
C:\Program Files\IDT\WDM\sttray64.exe (ID 4640 |ParentID 4020)
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (ID 3880 |ParentID 4020)
C:\Windows\System32\WUDFHost.exe (ID 4676 |ParentID 656)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID 2540 |ParentID 4848)
C:\Program Files\Windows Sidebar\sidebar.exe (ID 1960 |ParentID 4020)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID 908 |ParentID 4020)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID 4736 |ParentID 432)
C:\Windows\system32\SearchIndexer.exe (ID 4948 |ParentID 804)
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (ID 1572 |ParentID 432)
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (ID 4920 |ParentID 4020)
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (ID 4336 |ParentID 432)
C:\Program Files (x86)\AVG Secure Search\vprot.exe (ID 3592 |ParentID 432)
C:\Windows\system32\svchost.exe (ID 4520 |ParentID 804)
C:\Windows\system32\taskeng.exe (ID 1676 |ParentID 888)
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (ID 3964 |ParentID 432)
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ID 524 |ParentID 1676)
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (ID 5512 |ParentID 432)
C:\Windows\SysWOW64\RunDll32.exe (ID 5532 |ParentID 908)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (ID 5588 |ParentID 432)
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID 5636 |ParentID 432)
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID 5644 |ParentID 940)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID 5668 |ParentID 432)
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID 5888 |ParentID 5644)
C:\Windows\system32\wbem\wmiprvse.exe (ID 5928 |ParentID 940)
C:\Windows\system32\wbem\wmiprvse.exe (ID 6084 |ParentID 940)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID 4472 |ParentID 804)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID 5944 |ParentID 804)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2704 |ParentID 1224)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (ID 1548 |ParentID 4656)
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (ID 5600 |ParentID 804)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 5884 |ParentID 804)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 6408 |ParentID 804)
C:\Program Files (x86)\Nero\Update\NASvc.exe (ID 6492 |ParentID 804)
C:\Windows\system32\sppsvc.exe (ID 6652 |ParentID 804)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 2492 |ParentID 804)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 6212 |ParentID 804)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 5472 |ParentID 2704)
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (ID 6888 |ParentID 5032)
C:\Windows\system32\taskeng.exe (ID 600 |ParentID 888)
C:\UsbFix\Go.exe (ID 6160 |ParentID 6704)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKLM\SOFTWARE | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE | Run : [NBAgent] - "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM\SOFTWARE | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
HKLM\SOFTWARE | Run : [Browser companion helper] - C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [EEventManager] - "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
HKLM\SOFTWARE | Run : [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM\SOFTWARE | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE\wow6432Node | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE\wow6432Node | Run : [NBAgent] - "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM\SOFTWARE\wow6432Node | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Browser companion helper] - C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [EEventManager] - "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
HKLM\SOFTWARE\wow6432Node | Run : [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM\SOFTWARE\wow6432Node | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-328482170-698208354-2614779597-1000\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-328482170-698208354-2614779597-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-328482170-698208354-2614779597-1000\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-328482170-698208354-2614779597-1000\SOFTWARE | Run : [EPSON SX218 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SC7A3.tmp" /EF "HKCU"
HKU\S-1-5-21-328482170-698208354-2614779597-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | à‰léments infectieux |

Présent! G:\AFS AFS (16GB).lnk
Présent! D:\desktop.ini
Présent! G:\AutoRun.inf
Présent! G:\desktop.ini

################## | Registre |

Présent! HKU\S-1-5-21-328482170-698208354-2614779597-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
HKCU\.\.\.\.\Explorer\MountPoints2\{26ca7945-4f10-11e1-b267-cc52aff40f22}
Shell\AutoRun\Command = G:\HPLauncher.exe



################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Avatar du membre
par El Desaparecido
#12529
Bonjour ,Bonsoir ,Merci ,s'il vous plait ....
Tu connais ?

Merci de prendre connaissance de la charte du site : http://www.sosvirus.net/reglement-chart ... -t334.html" onclick="window.open(this.href);return false;
  • Exécute UsbFix
  • Choisi l'option Suppression

    Note : Si UsbFix bloque à  14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)