Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
Avatar du membre
par Kamy
#13408
############################## | UsbFix V 7.145 | [Deletion]

User: Mess (Administrator) # TABLETTE
Updated 17/10/2013 by El Desaparecido - Team SosVirus
Started at 14:37:15 | 29/10/2013

Website:
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact:

PC: Dell Inc. (Inspiron 1090)
CPU: Intel(R) Atom(TM) CPU N550 @ 1.50GHz
RAM -> [Total : 2036 | Free : 1299]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 8 Professionnel (6.2.9200 32-Bit) #
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ -> Fixed drive # 25 Gb (347 Mb free - 1%) [DATAS 2] # NTFS
D:\ (%systemdrive%) -> Fixed drive # 98 Gb (2 Mb free - 2%) [OS] # NTFS
F:\ -> Fixed drive # 162 Gb (2 Mb free - 2%) [DATAS] # NTFS
G:\ -> Fixed drive # 14 Gb (2 Mb free - 18%) [Recovery] # NTFS

################## | Regedit Run |

HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - D:\Program Files\PowerISO\PWRISOVM.EXE
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-21-3559574157-1178214688-1171325909-1002\SOFTWARE | Run : [IDMan] - D:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-3559574157-1178214688-1171325909-1002\SOFTWARE | Run : [Google Update] - "D:\Users\Mess\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3559574157-1178214688-1171325909-1002\SOFTWARE | Run : [Skype] - "D:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3559574157-1178214688-1171325909-1002\SOFTWARE | Run : [xGyreppr] - wscript.exe //B "D:\Users\Mess\AppData\Local\Temp\xGyreppr.vbs"

################## | Stopped processes |

Stopped! D:\Windows\System32\spoolsv.exe (ID 1564 |ParentID 688)
Stopped! D:\Windows\system32\AdminService.exe (ID 1780 |ParentID 688)
Stopped! D:\Windows\system32\dashost.exe (ID 1916 |ParentID 1072)
Stopped! D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (ID 424 |ParentID 688)
Stopped! D:\Program Files\Windows Defender\MsMpEng.exe (ID 592 |ParentID 688)
Stopped! D:\Windows\System32\WUDFHost.exe (ID 2212 |ParentID 1072)
Stopped! D:\Windows\system32\SearchIndexer.exe (ID 3864 |ParentID 688)
Stopped! D:\Program Files\Windows Media Player\wmpnetwk.exe (ID 4176 |ParentID 688)
Stopped! D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID 4968 |ParentID 688)
Stopped! D:\Windows\system32\taskhost.exe (ID 3168 |ParentID 688)
Stopped! D:\Windows\System32\LogonUI.exe (ID 1128 |ParentID 2840)
Stopped! D:\Windows\System32\LogonUI.exe (ID 2416 |ParentID 900)
Stopped! D:\Windows\System32\LogonUI.exe (ID 6400 |ParentID 8120)
Stopped! D:\Windows\system32\taskhostex.exe (ID 3348 |ParentID 688)
Stopped! D:\Windows\system32\taskhost.exe (ID 6308 |ParentID 688)
Stopped! D:\Program Files\TeamViewer\Version8\TeamViewer.exe (ID 3724 |ParentID 424)
Stopped! D:\Windows\Explorer.EXE (ID 3892 |ParentID 3128)
Stopped! D:\Program Files\TeamViewer\Version8\tv_w32.exe (ID 1608 |ParentID 424)
Stopped! D:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe (ID 572 |ParentID 804)
Stopped! D:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID 5600 |ParentID 1072)
Stopped! D:\Windows\System32\RuntimeBroker.exe (ID 6732 |ParentID 804)
Stopped! D:\Program Files\Common Files\Java\Java Update\jusched.exe (ID 7828 |ParentID 3892)
Stopped! D:\Program Files\Internet Download Manager\IDMan.exe (ID 1176 |ParentID 3892)
Stopped! D:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID 1264 |ParentID 3892)
Stopped! D:\Program Files\Internet Download Manager\IEMonitor.exe (ID 6556 |ParentID 1176)
Stopped! D:\Windows\system32\wuauclt.exe (ID 4336 |ParentID 956)
Stopped! D:\Windows\System32\wscript.exe (ID 6700 |ParentID 5796)
Stopped! D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID 7052 |ParentID 4284)
Stopped! D:\Windows\explorer.exe (ID 3176 |ParentID 804)
Stopped! D:\Program Files\Windows Defender\MpCmdRun.exe (ID 5968 |ParentID 5152)

################## | Files # Infected Folders |

Deleted ! D:\Users\Mess\AppData\Local\Temp\xGyreppr.vbs
Deleted ! D:\Users\Mess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xGyreppr.vbs

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKU\S-1-5-21-3559574157-1178214688-1171325909-1002\Software\Microsoft\Windows\CurrentVersion\Run|xGyreppr
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{ee5e3e7d-bb41-11e2-afb5-485d60fc4247}

################## | Listing |

[25/01/2013 - 08:46:08 | SHD ] C:\$RECYCLE.BIN
[23/09/2013 - 22:46:51 | D ] C:\En attente
[09/07/2013 - 15:23:38 | N | 1502720] C:\FETE DE L'INDEPENDANCE 2011.ppt
[09/07/2013 - 15:23:38 | N | 1810432] C:\INDEPENDANCE 2012.ppt
[25/01/2013 - 08:36:13 | N | 0] C:\IO.SYS
[25/01/2013 - 08:36:13 | N | 0] C:\MSDOS.SYS
[24/01/2013 - 01:08:28 | SHD ] C:\System Volume Information
[23/01/2013 - 10:59:20 | SHD ] D:\$Recycle.Bin
[26/07/2012 - 06:52:25 | N | 24] D:\autoexec.bat
[20/01/2013 - 23:01:32 | N | 66707] D:\bdlog.txt
[31/01/2013 - 18:37:50 | SHD ] D:\Boot
[20/09/2012 - 06:27:51 | RASH | 398158] D:\bootmgr
[02/06/2012 - 14:30:55 | N | 1] D:\BOOTNXT
[23/01/2013 - 18:31:19 | RASH | 8192] D:\BOOTSECT.BAK
[26/07/2012 - 06:52:25 | N | 10] D:\config.sys
[24/08/2012 - 23:28:50 | D ] D:\dell
[26/07/2012 - 06:04:44 | SHD ] D:\Documents and Settings
[18/10/2013 - 08:49:31 | ASH | 1707802624] D:\hiberfil.sys
[24/03/2011 - 02:18:07 | D ] D:\Intel
[24/03/2011 - 02:16:23 | N | 0] D:\mini-agent.log
[24/03/2011 - 02:16:23 | N | 29] D:\mini-agent.txt
[24/03/2011 - 10:44:41 | D ] D:\MININT
[25/08/2012 - 21:55:09 | RHD ] D:\MSOCache
[18/10/2013 - 08:50:07 | ASH | 1073741824] D:\pagefile.sys
[26/07/2012 - 06:29:57 | D ] D:\PerfLogs
[25/10/2013 - 11:40:42 | D ] D:\Program Files
[20/08/2013 - 08:26:34 | HD ] D:\ProgramData
[25/01/2013 - 12:53:32 | SHD ] D:\Recovery
[14/11/2012 - 12:12:40 | D ] D:\SkyDriveTemp
[23/01/2013 - 12:58:47 | D ] D:\sources
[18/10/2013 - 08:50:07 | ASH | 268435456] D:\swapfile.sys
[29/10/2013 - 12:03:54 | SHD ] D:\System Volume Information
[24/08/2012 - 23:24:18 | D ] D:\tmp
[29/10/2013 - 14:40:34 | D ] D:\UsbFix
[29/10/2013 - 14:46:40 | A | 6771] D:\UsbFix [Clean 1] TABLETTE.txt
[15/04/2013 - 17:34:14 | RD ] D:\Users
[18/10/2013 - 20:03:40 | D ] D:\VIDEO_TS_DVD2
[18/10/2013 - 20:05:47 | D ] D:\VIDEO_TS_DVD3
[27/08/2012 - 11:07:40 | D ] D:\wamp
[11/09/2013 - 17:11:45 | D ] D:\Windows
[03/10/2012 - 10:23:05 | SHD ] F:\$RECYCLE.BIN
[30/01/2013 - 14:37:28 | D ] F:\Divers
[13/09/2013 - 11:52:54 | D ] F:\Documents
[14/10/2013 - 20:37:32 | D ] F:\Enseignements
[06/09/2012 - 11:18:18 | D ] F:\Facture Mess
[02/04/2013 - 00:43:36 | D ] F:\Formation Regis
[26/08/2012 - 11:21:17 | D ] F:\Images
[04/08/2013 - 12:27:37 | D ] F:\jo
[22/01/2013 - 16:00:33 | D ] F:\Labo Mess
[25/10/2012 - 10:32:23 | D ] F:\Labo sites
[04/02/2013 - 16:11:04 | D ] F:\Logiciels
[01/06/2013 - 15:18:34 | D ] F:\Lt Boleba
[12/10/2012 - 10:19:38 | D ] F:\lt soro
[27/05/2013 - 20:31:29 | D ] F:\Musique
[06/09/2013 - 09:51:57 | D ] F:\PS
[26/03/2013 - 11:18:58 | D ] F:\QNET
[06/09/2012 - 11:18:19 | D ] F:\Recu INP
[25/08/2012 - 10:08:28 | SHD ] F:\System Volume Information
[26/03/2013 - 11:18:58 | D ] F:\Videos
[03/10/2012 - 10:23:05 | SHD ] G:\$RECYCLE.BIN
[26/01/2013 - 10:33:21 | D ] G:\Dell
[24/03/2011 - 13:48:07 | N | 2] G:\Factory.log
[24/03/2011 - 10:43:33 | D ] G:\recovery
[24/03/2011 - 10:41:54 | N | 205] G:\ResSys.ini
[19/11/2012 - 08:55:25 | SHD ] G:\System Volume Information
[18/10/2013 - 20:10:22 | D ] G:\VIDEO_TS_DVD4
[18/10/2013 - 20:11:52 | D ] G:\VIDEO_TS_DVD5

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | - https://www.sosvirus.net |
Avatar du membre
par Kamy
#13417
:merci2: INFINIMENT ;
Je pense ne plus avoir d'infections et j'ai récupéré mes données sur mes clés...
P.S=je suis en Côte d'Ivoire et chez nous quand c'est comme sa on dit "JE SUIS ENJAILLE !!!"
Avatar du membre
par Kamy
#13420
Ok je le ferai ce soir même,
dernière question les infections que j avais peuvent se transmettre par réseau?
Si oui, je crois que je posterai très bientôt...

Coucou, :content: Oui, j'ai bien les 2 fichiers[…]

Suspicion de virus crypto

Ok bonne route :)

Problème avec Adsfix

bonsoir ok , à te lire prochainement :)

suspicion de contamination

ok très bien, merci