Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
Avatar du membre
par the-blues-6
#23409
Mes périphériques ont été infectés par un virus qui a caché mes fichiers et certain ont été transformés en raccourcis.
Voicis le rapport de recherche de USbfix :


############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: Maxime (Administrateur) # PC-MAXIME
Mis à  jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à  20:17:09 | 22/12/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (NP350E7C-S09FR)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
RAM -> [Total : 3987 | Free : 1768]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [Enabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 441 Go (228 Go libre(s) - 52%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 4 Go (3 Go libre(s) - 79%) [Transcend] # FAT32
G:\ -> Disque amovible # 4 Go (928 Mo libre(s) - 25%) [GROS MINET] # FAT32

################## | Processus Actif |

C:\WINDOWS\system32\wininit.exe (ID: 632 |ParentID: 560)
C:\WINDOWS\system32\lsass.exe (ID: 728 |ParentID: 632)
C:\WINDOWS\system32\svchost.exe (ID: 792 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 844 |ParentID: 720)
C:\WINDOWS\system32\atiesrxx.exe (ID: 308 |ParentID: 720)
C:\WINDOWS\System32\svchost.exe (ID: 356 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 580 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 540 |ParentID: 720)
C:\WINDOWS\System32\svchost.exe (ID: 300 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 1164 |ParentID: 720)
C:\WINDOWS\System32\spoolsv.exe (ID: 1264 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 1308 |ParentID: 720)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1424 |ParentID: 720)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1444 |ParentID: 720)
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe (ID: 1468 |ParentID: 720)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 1520 |ParentID: 720)
C:\WINDOWS\system32\dashost.exe (ID: 1544 |ParentID: 300)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 1580 |ParentID: 720)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID: 1696 |ParentID: 720)
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ID: 1760 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 1628 |ParentID: 720)
C:\WINDOWS\System32\msdtc.exe (ID: 2696 |ParentID: 720)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 2324 |ParentID: 720)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 1296 |ParentID: 720)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 3000 |ParentID: 720)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 3028 |ParentID: 720)
C:\WINDOWS\system32\DllHost.exe (ID: 2364 |ParentID: 792)
C:\WINDOWS\system32\svchost.exe (ID: 2456 |ParentID: 720)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 1888 |ParentID: 720)
C:\WINDOWS\System32\svchost.exe (ID: 4956 |ParentID: 720)
C:\WINDOWS\system32\DllHost.exe (ID: 3672 |ParentID: 792)
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 3552 |ParentID: 720)
C:\Windows\System32\WUDFHost.exe (ID: 5052 |ParentID: 300)
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 2052 |ParentID: 720)
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe (ID: 5956 |ParentID: 720)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 3456 |ParentID: 720)
C:\WINDOWS\system32\svchost.exe (ID: 4020 |ParentID: 720)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 6232 |ParentID: 792)
C:\WINDOWS\System32\WinLogon.exe (ID: 3580 |ParentID: 6812)
C:\WINDOWS\System32\dwm.exe (ID: 3484 |ParentID: 3580)
C:\WINDOWS\system32\atieclxx.exe (ID: 4196 |ParentID: 308)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 6148 |ParentID: 580)
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (ID: 4428 |ParentID: 580)
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (ID: 2976 |ParentID: 580)
C:\WINDOWS\system32\taskhostex.exe (ID: 5372 |ParentID: 580)
C:\Windows\System32\skydrive.exe (ID: 3116 |ParentID: 792)
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (ID: 1112 |ParentID: 580)
C:\Windows\System32\igfxtray.exe (ID: 1020 |ParentID: 5360)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 2500 |ParentID: 792)
C:\Windows\System32\hkcmd.exe (ID: 3332 |ParentID: 5360)
C:\Windows\System32\igfxpers.exe (ID: 3632 |ParentID: 5360)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2648 |ParentID: 5360)
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (ID: 5364 |ParentID: 5360)
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ID: 5448 |ParentID: 5360)
C:\Users\Maxime\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 884 |ParentID: 5360)
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (ID: 6752 |ParentID: 5360)
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (ID: 6000 |ParentID: 5360)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 6192 |ParentID: 6520)
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (ID: 5904 |ParentID: 6520)
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (ID: 6172 |ParentID: 6520)
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (ID: 2340 |ParentID: 6520)
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (ID: 5336 |ParentID: 6520)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 6240 |ParentID: 6520)
C:\Program Files\Samsung\S Agent\CommonAgent.exe (ID: 6216 |ParentID: 580)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 6956 |ParentID: 6176)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 5804 |ParentID: 5276)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 5020 |ParentID: 6956)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 2628 |ParentID: 4648)
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (ID: 1776 |ParentID: 6216)
C:\Windows\System32\WWAHost.exe (ID: 6984 |ParentID: 792)
C:\Windows\System32\RuntimeBroker.exe (ID: 4016 |ParentID: 792)
C:\WINDOWS\WinStore\WSHost.exe (ID: 3040 |ParentID: 792)
C:\Windows\System32\SettingSyncHost.exe (ID: 6776 |ParentID: 792)
C:\Windows\System32\WUDFHost.exe (ID: 5292 |ParentID: 300)
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (ID: 2140 |ParentID: 660)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 5932 |ParentID: 5360)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 4640 |ParentID: 5932)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (ID: 3356 |ParentID: 4640)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (ID: 4544 |ParentID: 3356)
C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe (ID: 2236 |ParentID: 5360)
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe (ID: 5476 |ParentID: 2236)
C:\WINDOWS\splwow64.exe (ID: 4168 |ParentID: 2236)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 3500 |ParentID: 792)
C:\WINDOWS\explorer.exe (ID: 5936 |ParentID: 3580)
C:\UsbFix\Go.exe (ID: 6084 |ParentID: 4392)
C:\WINDOWS\system32\taskeng.exe (ID: 5420 |ParentID: 580)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
04 - HKLM\SOFTWARE | Run : [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\SOFTWARE | Run : [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [FUFAXRCV] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
04 - HKLM\SOFTWARE | Run : [FUFAXSTM] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\SOFTWARE\wow6432Node | Run : [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [FUFAXRCV] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [FUFAXSTM] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\Maxime\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE | Run : [OfficeSyncProcess] - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE | Run : [EPSON BX305 Series] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\windows\TEMP\E_S9C70.tmp" /EF "HKCU"

################## | Recherche générique |

Présent! E:\Volume typo .lnk
Présent! E:\Flyer gd .lnk
Présent! E:\Chaplin .lnk
Présent! E:\Autres .lnk
Présent! E:\Shadow .lnk
Présent! E:\livre gd vs gd .lnk
Présent! E:\Metamorphose .lnk
Présent! E:\bodoni bauer .lnk
Présent! E:\livre .lnk
Présent! E:\museum .lnk
Présent! E:\TravauxAffiches .lnk
Présent! E:\AUTORUN_ .lnk
Présent! E:\présentation Batory .lnk
Présent! E:\dossier typo .lnk
Présent! E:\ .lnk
Présent! E:\AUTORUN.INF
Présent! E:\AUTORUN_.INF
Présent! G:\AUTORUN.INF

################## | Registre |

Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe

################## | Vaccin |

E:\AUTORUN_.INF -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Avatar du membre
par g3n-h@ckm@n
#23413
bonjour fais suppression puis poste le rapport

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)