désinfection USBfix 2013-12-01T19:58:25+00:00
  • Auteur
    Messages
  • Auriane
    Post count: 0

    J’ai un virus qui transforme les fichiers de mes clefs USB en raccourcis.

    Rapport USBfix Recherche: QUE FAIRE?

    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: aurianep (Administrateur) # AURIANE
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:42:57 | 01/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X200CA)
    CPU: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    RAM -> [Total : 3982 | Free : 1946]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 31.0.1650.57

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: McAfee Anti-Virus et Anti-Spyware [(!) Disabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 186 Go (131 Go libre(s) – 70%) [OS] # NTFS
    D: -> Disque fixe # 258 Go (173 Go libre(s) – 67%) [Data] # NTFS
    E: -> Disque amovible # 8 Go (8 Go libre(s) – 99%) [NOLIMIT] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 600 |ParentID: 592)
    C:Windowssystem32wininit.exe (ID: 672 |ParentID: 592)
    C:Windowssystem32services.exe (ID: 768 |ParentID: 672)
    C:Windowssystem32lsass.exe (ID: 776 |ParentID: 672)
    C:Windowssystem32svchost.exe (ID: 864 |ParentID: 768)
    C:Windowssystem32svchost.exe (ID: 940 |ParentID: 768)
    C:WindowsSystem32svchost.exe (ID: 992 |ParentID: 768)
    C:Windowssystem32svchost.exe (ID: 1020 |ParentID: 768)
    C:Windowssystem32svchost.exe (ID: 524 |ParentID: 768)
    C:WindowsSystem32svchost.exe (ID: 884 |ParentID: 768)
    C:Program FilesClassic ShellClassicShellService.exe (ID: 1080 |ParentID: 768)
    C:Windowssystem32svchost.exe (ID: 1168 |ParentID: 768)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1348 |ParentID: 768)
    C:WindowsSystem32spoolsv.exe (ID: 1568 |ParentID: 768)
    C:Windowssystem32svchost.exe (ID: 1600 |ParentID: 768)
    C:Windowssystem32svchost.exe (ID: 1620 |ParentID: 768)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1748 |ParentID: 768)
    C:Windowssystem32dashost.exe (ID: 2168 |ParentID: 884)
    C:Program FilesMcAfeeMSCMcAPExe.exe (ID: 428 |ParentID: 768)
    C:windowssystem32mfevtps.exe (ID: 2492 |ParentID: 768)
    C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID: 1148 |ParentID: 768)
    C:Program Files (x86)Common FilesUmbrellaumbrella.exe (ID: 2864 |ParentID: 768)
    C:Program Files (x86)SoftwareUpdaterUpdaterService.exe (ID: 2088 |ParentID: 768)
    C:Program Files (x86)WajamUpdaterWajamUpdaterV2.exe (ID: 2284 |ParentID: 768)
    C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 1420 |ParentID: 768)
    C:Windowssystem32SearchIndexer.exe (ID: 3368 |ParentID: 768)
    C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe (ID: 3860 |ParentID: 768)
    C:Windowssystem32svchost.exe (ID: 4028 |ParentID: 768)
    C:WindowsSystem32svchost.exe (ID: 3624 |ParentID: 768)
    C:Windowssystem32DllHost.exe (ID: 4684 |ParentID: 864)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 5152 |ParentID: 768)
    C:Program FilesASUSP4GInsOnSrv.exe (ID: 5440 |ParentID: 768)
    C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSWinService.exe (ID: 5580 |ParentID: 768)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 5732 |ParentID: 768)
    C:Program FilesInteliCLS ClientHeciServer.exe (ID: 5980 |ParentID: 768)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 6072 |ParentID: 768)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 4984 |ParentID: 768)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5124 |ParentID: 768)
    C:Program FilesCommon FilesMcAfeeAMCoremcshield.exe (ID: 3204 |ParentID: 768)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 2248 |ParentID: 768)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6816 |ParentID: 768)
    C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe (ID: 2436 |ParentID: 768)
    c:PROGRA~1mcafee.comagentMcUpdate.exe (ID: 980 |ParentID: 3860)
    c:PROGRA~1mcafeemscmcupdmgr.exe (ID: 3120 |ParentID: 864)
    c:PROGRA~1mcafeemqsqcshm.exe (ID: 3536 |ParentID: 864)
    C:PROGRA~1McAfeeMSCMcInfo.exe (ID: 3728 |ParentID: 3860)
    C:Windowssystem32csrss.exe (ID: 7560 |ParentID: 7192)
    C:WindowsSystem32WinLogon.exe (ID: 2532 |ParentID: 7192)
    C:WindowsSystem32dwm.exe (ID: 2348 |ParentID: 2532)
    C:Windowssystem32FBAgent.exe (ID: 6312 |ParentID: 768)
    C:Windowssystem32taskhostex.exe (ID: 6228 |ParentID: 768)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 724 |ParentID: 5152)
    C:WindowsExplorer.EXE (ID: 5636 |ParentID: 3776)
    C:Program Files (x86)Advanced System ProtectorAdvancedSystemProtector.exe (ID: 4040 |ParentID: 768)
    C:Program FilesASUSP4GInsOnWMI.exe (ID: 6484 |ParentID: 5440)
    C:Program FilesClassic ShellClassicStartMenu.exe (ID: 3288 |ParentID: 1080)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 6060 |ParentID: 724)
    C:Windowssystem32wbemwmiprvse.exe (ID: 408 |ParentID: 864)
    C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 4588 |ParentID: 4424)
    C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 5264 |ParentID: 6180)
    C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweLiveComm.exe (ID: 6844 |ParentID: 864)
    C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID: 4344 |ParentID: 884)
    C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe (ID: 1976 |ParentID: 4344)
    C:Program FilesCommon FilesMcAfeePlatformmcuicnt.exe (ID: 7588 |ParentID: 2800)
    C:WindowsSystem32wscript.exe (ID: 3148 |ParentID: 5636)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 5240 |ParentID: 5864)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 6632 |ParentID: 5864)
    C:Program Files (x86)IminentIminent.exe (ID: 200 |ParentID: 5864)
    C:Program Files (x86)IminentIminent.Messengers.exe (ID: 1412 |ParentID: 5864)
    C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe (ID: 4648 |ParentID: 5864)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5056 |ParentID: 864)
    C:WindowsSystem32RuntimeBroker.exe (ID: 6120 |ParentID: 864)
    C:Program FilesConexantcAudioFilterAgentcAudioFilterAgent64.exe (ID: 4196 |ParentID: 6312)
    C:Windowssystem32hkcmd.exe (ID: 6640 |ParentID: 6312)
    C:Windowssystem32igfxtray.exe (ID: 4992 |ParentID: 6312)
    C:Program FilesConexantSAIISmartAudio.exe (ID: 2764 |ParentID: 8176)
    C:Program FilesASUSP4GBatteryLife.exe (ID: 5376 |ParentID: 768)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID: 5620 |ParentID: 768)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID: 4744 |ParentID: 7500)
    C:Program Files (x86)ASUSSplendidColorUService.exe (ID: 6092 |ParentID: 768)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID: 7084 |ParentID: 4744)
    C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID: 840 |ParentID: 768)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID: 4592 |ParentID: 4744)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (ID: 1428 |ParentID: 4744)
    C:Windowssystem32igfxpers.exe (ID: 4244 |ParentID: 7188)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (ID: 2020 |ParentID: 1428)
    C:WindowsSystem32WUDFHost.exe (ID: 244 |ParentID: 884)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4204 |ParentID: 2364)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3240 |ParentID: 4204)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4836 |ParentID: 4204)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6216 |ParentID: 4204)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5048 |ParentID: 4204)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3704 |ParentID: 4204)
    C:Windowssystem32SearchProtocolHost.exe (ID: 452 |ParentID: 3368)
    C:Windowssystem32SearchFilterHost.exe (ID: 7076 |ParentID: 3368)
    C:UsbFixGo.exe (ID: 2672 |ParentID: 3600)
    C:Windowssystem32taskhost.exe (ID: 1304 |ParentID: 768)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [Iminent] – C:Program Files (x86)IminentIminent.exe /warmup “F77F87E5-A6BD-4922-A530-EDF63D7E9F8C”
    04 – HKLMSOFTWARE | Run : [IminentMessenger] – C:Program Files (x86)IminentIminent.Messengers.exe
    04 – HKLMSOFTWARE | Run : [DivXMediaServer] – C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
    04 – HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
    04 – HKLMSOFTWAREwow6432Node | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [Iminent] – C:Program Files (x86)IminentIminent.exe /warmup “F77F87E5-A6BD-4922-A530-EDF63D7E9F8C”
    04 – HKLMSOFTWAREwow6432Node | Run : [IminentMessenger] – C:Program Files (x86)IminentIminent.Messengers.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [DivXMediaServer] – C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-28175745-856189450-3141033118-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersaurianepAppDataLocalTempiTunesHelper.vbe”

    ################## | Recherche générique |

    Présent! C:UsersaurianepAppDataLocalTempiTunesHelper.vbe
    Présent! C:UsersaurianepAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Présent! E:iTunesHelper.vbe
    Présent! C:ProgramDataSetStretch.VBS

    ################## | Référence de comparaison MD5 |

    Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
    Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
    Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataLocalTempiTunesHelper.vbe
    Md5 : E4332D4E396A69533553966AD2836584 -> E:iTunesHelper.vbe
    Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Comparaison MD5 |

    Présent! Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
    Présent! Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
    Présent! Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataLocalTempiTunesHelper.vbe
    Présent! Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Présent! Md5 : E4332D4E396A69533553966AD2836584 -> E:iTunesHelper.vbe

    ################## | Registre |

    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1
    Présent! HKUS-1-5-21-28175745-856189450-3141033118-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8314

    hello , relance usbfix , clique sur suppression puis poste le rapport en découlant

    ensuite change tes mots de passe ils ont été volés par l’infection :)

  • Auriane
    Post count: 0

    Voila le rapport. Je vais aller changer mes mots de passe

    ############################## | UsbFix V 7.152 | [Suppression]

    Utilisateur: aurianep (Administrateur) # AURIANE
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 21:07:11 | 01/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X200CA)
    CPU: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    RAM -> [Total : 3982 | Free : 1943]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 31.0.1650.57

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: McAfee Anti-Virus et Anti-Spyware [(!) Disabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 186 Go (131 Go libre(s) – 70%) [OS] # NTFS
    D: -> Disque fixe # 258 Go (173 Go libre(s) – 67%) [Data] # NTFS
    E: -> Disque amovible # 8 Go (8 Go libre(s) – 99%) [NOLIMIT] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1348 |ParentID: 768)
    Stoppé! C:Program FilesMcAfeeMSCMcAPExe.exe (ID: 428 |ParentID: 768)
    Stoppé! C:windowssystem32mfevtps.exe (ID: 2492 |ParentID: 768)
    Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 1420 |ParentID: 768)
    Stoppé! C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe (ID: 3860 |ParentID: 768)
    Stoppé! C:Program FilesCommon FilesMcAfeeAMCoremcshield.exe (ID: 3204 |ParentID: 768)
    Stoppé! c:PROGRA~1mcafee.comagentMcUpdate.exe (ID: 980 |ParentID: 3860)
    Stoppé! c:PROGRA~1mcafeemscmcupdmgr.exe (ID: 3120 |ParentID: 864)
    Stoppé! c:PROGRA~1mcafeemqsqcshm.exe (ID: 3536 |ParentID: 864)
    Stoppé! C:PROGRA~1McAfeeMSCMcInfo.exe (ID: 3728 |ParentID: 3860)
    Stoppé! C:Program FilesCommon FilesMcAfeePlatformmcuicnt.exe (ID: 7588 |ParentID: 2800)
    Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 6632 |ParentID: 5864)
    Stoppé! C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID: 6416 |ParentID: 768)
    Stoppé! C:Windowsexplorer.exe (ID: 8116 |ParentID: 2532)
    Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1796 |ParentID: 768)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 2200 |ParentID: 768)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7900 |ParentID: 884)
    Stoppé! C:Windowssystem32DllHost.exe (ID: 3600 |ParentID: 864)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 8084 |ParentID: 768)
    Stoppé! C:Windowssystem32FBAgent.exe (ID: 1636 |ParentID: 768)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5624 |ParentID: 768)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5732 |ParentID: 7292)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6352 |ParentID: 5732)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2508 |ParentID: 5732)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7032 |ParentID: 5732)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6316 |ParentID: 5732)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7208 |ParentID: 5732)
    Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweLiveComm.exe (ID: 6388 |ParentID: 864)
    Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 6976 |ParentID: 864)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7864 |ParentID: 5732)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [Iminent] – C:Program Files (x86)IminentIminent.exe /warmup “F77F87E5-A6BD-4922-A530-EDF63D7E9F8C”
    04 – HKLMSOFTWARE | Run : [IminentMessenger] – C:Program Files (x86)IminentIminent.Messengers.exe
    04 – HKLMSOFTWARE | Run : [DivXMediaServer] – C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
    04 – HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
    04 – HKLMSOFTWAREwow6432Node | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [Iminent] – C:Program Files (x86)IminentIminent.exe /warmup “F77F87E5-A6BD-4922-A530-EDF63D7E9F8C”
    04 – HKLMSOFTWAREwow6432Node | Run : [IminentMessenger] – C:Program Files (x86)IminentIminent.Messengers.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [DivXMediaServer] – C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-28175745-856189450-3141033118-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersaurianepAppDataLocalTempiTunesHelper.vbe”

    ################## | Recherche générique |

    Supprimé! C:UsersaurianepAppDataLocalTempiTunesHelper.vbe
    Supprimé! C:UsersaurianepAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Supprimé! E:iTunesHelper.vbe
    Supprimé! C:ProgramDataSetStretch.VBS

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
    Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
    Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataLocalTempiTunesHelper.vbe
    Md5 : E4332D4E396A69533553966AD2836584 -> E:iTunesHelper.vbe
    Md5 : E4332D4E396A69533553966AD2836584 -> C:UsersaurianepAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Comparaison MD5 |

    ################## | Registre |

    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
    Supprimé! HKUS-1-5-21-28175745-856189450-3141033118-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

    ################## | Listing |

    [05/10/2013 – 14:43:33 | SHD ] C:$Recycle.Bin
    [08/08/2013 – 10:36:55 | D ] C:AsusVibeData
    [26/04/2013 – 09:05:33 | SD ] C:Boot
    [26/07/2012 – 04:44:30 | RAS | 398156] C:bootmgr
    [02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
    [26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
    [14/11/2013 – 13:24:04 | N | 0] C:END
    [08/08/2013 – 10:36:42 | D ] C:eSupport
    [26/11/2013 – 21:15:20 | ASH | 3340218368] C:hiberfil.sys
    [08/08/2013 – 10:23:07 | D ] C:Intel
    [26/11/2013 – 21:15:23 | ASH | 4294967296] C:pagefile.sys
    [26/07/2012 – 08:33:46 | D ] C:PerfLogs
    [29/11/2013 – 19:03:52 | D ] C:Program Files
    [29/11/2013 – 19:03:52 | D ] C:Program Files (x86)
    [01/12/2013 – 21:09:08 | D ] C:ProgramData
    [06/10/2013 – 20:45:00 | D ] C:sources
    [26/11/2013 – 21:15:23 | ASH | 268435456] C:swapfile.sys
    [28/11/2013 – 11:12:55 | SHD ] C:System Volume Information
    [01/12/2013 – 21:08:55 | D ] C:UsbFix
    [01/12/2013 – 21:09:12 | A | 8243] C:UsbFix [Clean 3] AURIANE.txt
    [01/12/2013 – 20:48:07 | N | 12866] C:UsbFix [Scan 1] AURIANE.txt
    [30/09/2013 – 08:45:54 | RD ] C:Users
    [01/12/2013 – 20:39:43 | D ] C:Windows
    [17/06/2013 – 02:10:18 | N | 6293504] C:X200CA.BIN
    [06/06/2013 – 03:09:25 | N | 6293504] C:X200CAP.BIN
    [02/10/2013 – 19:34:41 | SHD ] D:$RECYCLE.BIN
    [09/10/2013 – 07:34:11 | D ] D:18fd397672e019d53a
    [14/10/2013 – 16:13:53 | D ] D:Documents
    [19/11/2013 – 12:50:53 | D ] D:Films
    [08/08/2013 – 10:16:22 | SHD ] D:System Volume Information
    [19/11/2013 – 12:51:30 | D ] D:Séries

    ################## | Vaccin |

    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8314

    ok je vois en plus que tes navigateurs sont infectés

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

Le sujet ‘désinfection USBfix’ est fermé à de nouvelles réponses.