Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
Avatar du membre
par donia
#23448
############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: Donia (Administrateur) # PC-DONIA
Mis à  jour le 16/12/2013 par El Desaparecido - Team SosVirus
Lancé à  02:20:26 | 23/12/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (X550CA)
CPU: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
RAM -> [Total : 6030 | Free : 3949]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16750
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: McAfee Anti-Virus et Anti-Spyware [(!) Disabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 373 Go (249 Go libre(s) - 67%) [OS] # NTFS
D:\ -> Disque fixe # 538 Go (537 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 7 Go (2 Go libre(s) - 23%) [NIKON D3100] # FAT32
H:\ -> Disque amovible # 15 Go (5 Go libre(s) - 36%) [DONIA BEN B] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 708 |ParentID: 696)
C:\Windows\system32\wininit.exe (ID: 764 |ParentID: 696)
C:\Windows\system32\csrss.exe (ID: 780 |ParentID: 772)
C:\Windows\system32\winlogon.exe (ID: 824 |ParentID: 772)
C:\Windows\system32\services.exe (ID: 864 |ParentID: 764)
C:\Windows\system32\lsass.exe (ID: 872 |ParentID: 764)
C:\Windows\system32\svchost.exe (ID: 980 |ParentID: 864)
C:\Windows\system32\svchost.exe (ID: 332 |ParentID: 864)
C:\Windows\System32\svchost.exe (ID: 448 |ParentID: 864)
C:\Windows\system32\dwm.exe (ID: 628 |ParentID: 824)
C:\Windows\system32\svchost.exe (ID: 660 |ParentID: 864)
C:\Windows\system32\svchost.exe (ID: 620 |ParentID: 864)
C:\Windows\System32\svchost.exe (ID: 912 |ParentID: 864)
C:\Windows\system32\svchost.exe (ID: 1152 |ParentID: 864)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1260 |ParentID: 864)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1356 |ParentID: 864)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1384 |ParentID: 864)
C:\Program Files\AVAST Software\Avast\afwServ.exe (ID: 1504 |ParentID: 864)
C:\Windows\System32\spoolsv.exe (ID: 1716 |ParentID: 864)
C:\Windows\system32\svchost.exe (ID: 1744 |ParentID: 864)
C:\Windows\system32\svchost.exe (ID: 1772 |ParentID: 864)
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (ID: 1888 |ParentID: 864)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1924 |ParentID: 864)
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ID: 2044 |ParentID: 864)
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ID: 1028 |ParentID: 864)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 1092 |ParentID: 864)
C:\Program Files\ASUS\P4G\BatteryLife.exe (ID: 1108 |ParentID: 864)
C:\Windows\system32\taskhostex.exe (ID: 996 |ParentID: 864)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 968 |ParentID: 1260)
C:\Windows\Explorer.EXE (ID: 1072 |ParentID: 960)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1832 |ParentID: 864)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ID: 2628 |ParentID: 968)
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ID: 2692 |ParentID: 864)
C:\Windows\System32\igfxtray.exe (ID: 2912 |ParentID: 1072)
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (ID: 2940 |ParentID: 864)
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ID: 2960 |ParentID: 2692)
C:\Windows\System32\hkcmd.exe (ID: 3004 |ParentID: 1072)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2152 |ParentID: 1072)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2504 |ParentID: 864)
C:\Windows\system32\dashost.exe (ID: 1412 |ParentID: 912)
C:\Windows\system32\dmwu.exe (ID: 2572 |ParentID: 864)
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ID: 2800 |ParentID: 864)
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID: 1932 |ParentID: 864)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 3064 |ParentID: 864)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 3052 |ParentID: 864)
C:\Program Files\McAfee\MSC\McAPExe.exe (ID: 2784 |ParentID: 864)
C:\windows\system32\mfevtps.exe (ID: 2436 |ParentID: 864)
C:\Windows\system32\svchost.exe (ID: 3104 |ParentID: 864)
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (ID: 3216 |ParentID: 864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3276 |ParentID: 3244)
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (ID: 3316 |ParentID: 864)
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (ID: 3492 |ParentID: 864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3880 |ParentID: 3276)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4040 |ParentID: 980)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4048 |ParentID: 980)
C:\Windows\system32\SearchIndexer.exe (ID: 2008 |ParentID: 864)
C:\Windows\system32\svchost.exe (ID: 4352 |ParentID: 864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4440 |ParentID: 3276)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4752 |ParentID: 3276)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4844 |ParentID: 3276)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (ID: 4852 |ParentID: 980)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID: 5032 |ParentID: 2508)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 5048 |ParentID: 2112)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 2520 |ParentID: 1072)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (ID: 4832 |ParentID: 1072)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 5732 |ParentID: 3364)
C:\Windows\System32\RuntimeBroker.exe (ID: 5776 |ParentID: 980)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ID: 5912 |ParentID: 1788)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ID: 1972 |ParentID: 1788)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ID: 5148 |ParentID: 5912)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ID: 5680 |ParentID: 1972)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ID: 2608 |ParentID: 5912)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ID: 5752 |ParentID: 1972)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4144 |ParentID: 3276)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ID: 1788 |ParentID: 1972)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 440 |ParentID: 864)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5568 |ParentID: 864)
C:\Windows\system32\igfxpers.exe (ID: 2072 |ParentID: 4764)
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ID: 5320 |ParentID: 864)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4684 |ParentID: 864)
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ID: 5548 |ParentID: 1788)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6452 |ParentID: 3276)
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (ID: 6808 |ParentID: 5740)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5576 |ParentID: 3276)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6460 |ParentID: 3276)
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe (ID: 4496 |ParentID: 980)
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe (ID: 6324 |ParentID: 3492)
C:\Windows\System32\WUDFHost.exe (ID: 6748 |ParentID: 912)
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe (ID: 2672 |ParentID: 3492)
C:\UsbFix\Go.exe (ID: 1132 |ParentID: 6272)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
04 - HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE | Run : [mcpltui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\961c6129-80c4-46f0-9c03-912b1d90048d.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE\wow6432Node | Run : [mcpltui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\961c6129-80c4-46f0-9c03-912b1d90048d.exe /check
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-21-3898148998-3337265062-558374295-1001\SOFTWARE | Run : [AdobeBridge] -
04 - HKU\S-1-5-21-3898148998-3337265062-558374295-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-3898148998-3337265062-558374295-1001\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Donia\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-3898148998-3337265062-558374295-1001\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Donia\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-3898148998-3337265062-558374295-1001\SOFTWARE | Run : [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

################## | Recherche générique |

Présent! C:\Users\All Users\SetStretch.VBS
Présent! C:\ProgramData\SetStretch.VBS
Présent! C:\Users\Donia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! C:\Users\Donia\AppData\Local\Temp\iTunesHelper.vbe
Présent! G:\trzCDF.tmp
Présent! H:\trzD7C8.tmp
Présent! H:\trzB37A.tmp
Présent! H:\trz8C0D.tmp

################## | Référence de comparaison MD5 |

Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:\Users\All Users\SetStretch.VBS
Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:\ProgramData\SetStretch.VBS
Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:\Users\Donia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:\Users\Donia\AppData\Local\Temp\iTunesHelper.vbe

################## | Comparaison MD5 |

Présent! Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:\ProgramData\SetStretch.VBS
Présent! Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:\Users\All Users\SetStretch.VBS
Présent! Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:\Users\Donia\AppData\Local\Temp\iTunesHelper.vbe
Présent! Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:\Users\Donia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe

################## | Registre |

Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKU\S-1-5-21-3898148998-3337265062-558374295-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |


--------------------------------------

MERCI DE VOTRE AIDE !! j
#23450
salut :) ^^

branche tout ce qui peut se brancher à  tes ports usb puis relance usbfix , clique sur suppression , puis donne le rapport obtenu , suite à  cela , change immédiatement tous tes mots de passe ils ont été volés

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)