fichiers sur clé usb transformés en raccourcis 2013-09-30T18:08:50+00:00

SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité fichiers sur clé usb transformés en raccourcis

10 sujets de 1 à 10 (sur un total de 10)
  • Auteur
    Messages
  • TERESA
    Participant
    Nombre d'articles : 4

    Voilà ce que j’ai :

    Spoiler for 13dr3ndo

    ############################## | UsbFix V 7.140 | [Suppression]

    Utilisateur: Famille Ben (Administrateur) # FAMILLEBEN-PC
    Mis à jour le 30/09/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:13:01 | 30/09/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Acer (JE51_MV)
    CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    RAM -> [Total : 4026 | Free : 1855]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
    WB: Windows Internet Explorer 9.0.8112.16421

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 453 Go (84 Go libre(s) – 19%) [Acer] # NTFS
    D: -> Disque fixe # 100 Mo (85 Mo libre(s) – 85%) [Réservé au système] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    HKLMSOFTWARE | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    HKLMSOFTWAREwow6432Node | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWAREwow6432Node | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [nBHfBEux] – wscript.exe //B “C:UsersFAMILL~1AppDataLocalTempnBHfBEux.vbs”
    HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [EPSON SX125 Series] – C:Windowssystem32spoolDRIVERSx643E_IATIGGE.EXE /FU “C:WindowsTEMPE_S9EE.tmp” /EF “HKCU”
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1340 |ParentID 612)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID 1460 |ParentID 612)
    Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID 1596 |ParentID 612)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID 1636 |ParentID 612)
    Stoppé! C:Program Files (x86)AcerRegistrationGREGsvc.exe (ID 1688 |ParentID 612)
    Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID 1724 |ParentID 612)
    Stoppé! C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe (ID 1760 |ParentID 612)
    Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID 1864 |ParentID 612)
    Stoppé! C:Windowssystem32taskhost.exe (ID 1980 |ParentID 612)
    Stoppé! C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID 1204 |ParentID 612)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 1392 |ParentID 612)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 384 |ParentID 1392)
    Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 2904 |ParentID 2684)
    Stoppé! C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe (ID 2980 |ParentID 2684)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID 2996 |ParentID 2684)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID 3052 |ParentID 2684)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID 3060 |ParentID 2684)
    Stoppé! C:Windowssystem32igfxsrvc.exe (ID 2364 |ParentID 776)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2344 |ParentID 2684)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID 2316 |ParentID 2684)
    Stoppé! C:WindowsSystem32wscript.exe (ID 2612 |ParentID 2684)
    Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 2648 |ParentID 2684)
    Stoppé! C:Windowssystem32igfxext.exe (ID 2816 |ParentID 776)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3188 |ParentID 612)
    Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 3264 |ParentID 2344)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID 3352 |ParentID 1636)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3504 |ParentID 612)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 4012 |ParentID 2704)
    Stoppé! C:Program Files (x86)Launch ManagerLManager.exe (ID 3180 |ParentID 2704)
    Stoppé! C:Program Files (x86)EgisTec IPSPmmUpdate.exe (ID 512 |ParentID 2704)
    Stoppé! C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe (ID 2204 |ParentID 2704)
    Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 676 |ParentID 2704)
    Stoppé! C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID 2436 |ParentID 3180)
    Stoppé! C:Program Files (x86)Launch ManagerLMworker.exe (ID 2196 |ParentID 1596)
    Stoppé! C:Program Files (x86)EgisTec IPSEgisUpdate.exe (ID 3208 |ParentID 2328)
    Stoppé! C:Windowssystem32DllHost.exe (ID 4268 |ParentID 776)
    Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID 4600 |ParentID 612)
    Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID 4648 |ParentID 612)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 4772 |ParentID 612)
    Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 2792 |ParentID 2684)
    Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 2556 |ParentID 2792)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 2760 |ParentID 2556)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 3612 |ParentID 2760)
    Stoppé! C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.EXE (ID 2212 |ParentID 612)
    Stoppé! C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50STB.EXE (ID 2464 |ParentID 612)
    Stoppé! C:Program Files (x86)Microsoft OfficeOffice12MSPUB.EXE (ID 3144 |ParentID 2684)
    Stoppé! C:Windowssplwow64.exe (ID 4516 |ParentID 3144)
    Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID 4948 |ParentID 2884)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID 4568 |ParentID 1008)
    Stoppé! C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0mswinext.exe (ID 5196 |ParentID 3492)
    Stoppé! C:WindowsSysWOW64werfault.exe (ID 2576 |ParentID 4956)
    Stoppé! C:Program Files (x86)Microsoft OfficeOffice12MSPUB.EXE (ID 3212 |ParentID 2684)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5804 |ParentID 2684)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4300 |ParentID 5804)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6016 |ParentID 5804)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4704 |ParentID 5804)
    Stoppé! C:Program Files (x86)Common FilesAdobeUpdater6Adobe_Updater.exe (ID 5208 |ParentID 5144)
    Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSCServerSCServer.exe (ID 5632 |ParentID 776)
    Stoppé! C:Windowssystem32taskhost.exe (ID 4868 |ParentID 612)

    ################## | Éléments infectieux |

    Supprimé! F:nBHfBEux.vbs
    Supprimé! C:UsersFAMILL~1AppDataLocalTempnBHfBEux.vbs
    Supprimé! C:UsersFamille BenAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupnBHfBEux.vbs
    Supprimé! F:élèves points 3 et 4.lnk
    Supprimé! F:RECETTES.lnk
    Supprimé! F:Nouveau dossier.lnk
    Supprimé! F:Nouveau dossier (2).lnk
    Supprimé! C:BackupteresaAppDataLocalTempnBHfBEux.vbs
    Supprimé! C:BackupteresaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupnBHfBEux.vbs

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|nBHfBEux

    ################## | Listing |

    [30/09/2013 – 06:57:12 | SHD ] C:$Recycle.Bin
    [17/06/2013 – 10:17:29 | N | 23924] C:AdwCleaner[R1].txt
    [17/06/2013 – 10:36:13 | N | 451] C:AdwCleaner[S1].txt
    [25/06/2013 – 20:06:28 | N | 0] C:autoexec.bat
    [30/09/2013 – 19:30:18 | RASHD ] C:Autorun.inf
    [30/09/2013 – 13:15:39 | D ] C:Backup
    [29/05/2012 – 23:45:31 | D ] C:book
    [22/11/2010 – 14:13:52 | SHD ] C:Boot
    [14/07/2009 – 03:38:58 | RASH | 383562] C:bootmgr
    [22/11/2010 – 14:13:54 | RASH | 8192] C:BOOTSECT.BAK
    [30/09/2013 – 17:38:26 | SHD ] C:Config.Msi
    [14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
    [23/05/2013 – 12:26:16 | D ] C:drivers
    [29/09/2013 – 11:11:52 | N | 9] C:END
    [30/09/2013 – 18:52:04 | ASH | 3166146560] C:hiberfil.sys
    [22/11/2010 – 14:39:44 | D ] C:Intel
    [02/06/2012 – 22:56:40 | N | 40] C:log.txt
    [17/03/2013 – 15:59:47 | RHD ] C:MSOCache
    [30/09/2013 – 06:57:00 | D ] C:OEM
    [30/09/2013 – 18:52:09 | ASH | 4221530112] C:pagefile.sys
    [14/07/2009 – 05:20:08 | D ] C:PerfLogs
    [30/09/2013 – 16:50:22 | D ] C:Program Files
    [30/09/2013 – 19:02:19 | D ] C:Program Files (x86)
    [30/09/2013 – 19:04:05 | HD ] C:ProgramData
    [30/09/2013 – 06:54:38 | SHD ] C:Recovery
    [22/11/2010 – 14:47:03 | N | 2264] C:RHDSetup.log
    [30/09/2013 – 19:03:15 | SHD ] C:System Volume Information
    [30/09/2013 – 20:13:51 | D ] C:UsbFix
    [30/09/2013 – 20:14:12 | A | 11613] C:UsbFix [Clean 1] FAMILLEBEN-PC.txt
    [30/09/2013 – 19:34:28 | N | 10801] C:UsbFix [Scan 3] FAMILLEBEN-PC.txt
    [30/09/2013 – 19:37:21 | N | 11421] C:UsbFix [Scan 4] FAMILLEBEN-PC.txt
    [26/07/2012 – 09:44:21 | N | 413] C:user.js
    [30/09/2013 – 06:54:45 | RD ] C:Users
    [30/09/2013 – 11:49:33 | D ] C:Windows
    [30/09/2013 – 06:57:12 | SHD ] D:$RECYCLE.BIN
    [30/09/2013 – 19:30:20 | RASHD ] D:Autorun.inf
    [03/03/2013 – 18:39:31 | N | 369] D:INTENSO (G) – Raccourci.lnk
    [29/05/2012 – 23:39:47 | SHD ] D:System Volume Information
    [29/09/2013 – 10:38:12 | N | 127972] F:élèves points 3 et 4.pdf
    [29/09/2013 – 10:41:24 | N | 522920] F:RECETTES.pdf
    [29/09/2013 – 12:53:50 | D ] F:Nouveau dossier
    [29/09/2013 – 12:53:56 | D ] F:Nouveau dossier (2)

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:13dr3ndo]

    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Bonjour et bienvenue :)

    Bien pour commencer fait ceci stp ;) :

    • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    ++

    TERESA
    Participant
    Nombre d'articles : 4

    voilà ce que j’ai :

    Spoiler for 1gj5tova

    ############################## | UsbFix V 7.140 | [Suppression]

    Utilisateur: Famille Ben (Administrateur) # FAMILLEBEN-PC
    Mis à jour le 30/09/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:13:01 | 30/09/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Acer (JE51_MV)
    CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    RAM -> [Total : 4026 | Free : 1855]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
    WB: Windows Internet Explorer 9.0.8112.16421

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 453 Go (84 Go libre(s) – 19%) [Acer] # NTFS
    D: -> Disque fixe # 100 Mo (85 Mo libre(s) – 85%) [Réservé au système] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    HKLMSOFTWARE | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    HKLMSOFTWAREwow6432Node | Run : [Norton Online Backup] – C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWAREwow6432Node | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [nBHfBEux] – wscript.exe //B “C:UsersFAMILL~1AppDataLocalTempnBHfBEux.vbs”
    HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    HKUS-1-5-21-3935719060-3070481686-271069799-1001SOFTWARE | Run : [EPSON SX125 Series] – C:Windowssystem32spoolDRIVERSx643E_IATIGGE.EXE /FU “C:WindowsTEMPE_S9EE.tmp” /EF “HKCU”
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1340 |ParentID 612)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID 1460 |ParentID 612)
    Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID 1596 |ParentID 612)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID 1636 |ParentID 612)
    Stoppé! C:Program Files (x86)AcerRegistrationGREGsvc.exe (ID 1688 |ParentID 612)
    Stoppé! C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe (ID 1724 |ParentID 612)
    Stoppé! C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe (ID 1760 |ParentID 612)
    Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID 1864 |ParentID 612)
    Stoppé! C:Windowssystem32taskhost.exe (ID 1980 |ParentID 612)
    Stoppé! C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID 1204 |ParentID 612)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 1392 |ParentID 612)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 384 |ParentID 1392)
    Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 2904 |ParentID 2684)
    Stoppé! C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe (ID 2980 |ParentID 2684)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID 2996 |ParentID 2684)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID 3052 |ParentID 2684)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID 3060 |ParentID 2684)
    Stoppé! C:Windowssystem32igfxsrvc.exe (ID 2364 |ParentID 776)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2344 |ParentID 2684)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID 2316 |ParentID 2684)
    Stoppé! C:WindowsSystem32wscript.exe (ID 2612 |ParentID 2684)
    Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 2648 |ParentID 2684)
    Stoppé! C:Windowssystem32igfxext.exe (ID 2816 |ParentID 776)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3188 |ParentID 612)
    Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 3264 |ParentID 2344)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID 3352 |ParentID 1636)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3504 |ParentID 612)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 4012 |ParentID 2704)
    Stoppé! C:Program Files (x86)Launch ManagerLManager.exe (ID 3180 |ParentID 2704)
    Stoppé! C:Program Files (x86)EgisTec IPSPmmUpdate.exe (ID 512 |ParentID 2704)
    Stoppé! C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe (ID 2204 |ParentID 2704)
    Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 676 |ParentID 2704)
    Stoppé! C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID 2436 |ParentID 3180)
    Stoppé! C:Program Files (x86)Launch ManagerLMworker.exe (ID 2196 |ParentID 1596)
    Stoppé! C:Program Files (x86)EgisTec IPSEgisUpdate.exe (ID 3208 |ParentID 2328)
    Stoppé! C:Windowssystem32DllHost.exe (ID 4268 |ParentID 776)
    Stoppé! C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID 4600 |ParentID 612)
    Stoppé! C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe (ID 4648 |ParentID 612)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 4772 |ParentID 612)
    Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 2792 |ParentID 2684)
    Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 2556 |ParentID 2792)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 2760 |ParentID 2556)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 3612 |ParentID 2760)
    Stoppé! C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.EXE (ID 2212 |ParentID 612)
    Stoppé! C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50STB.EXE (ID 2464 |ParentID 612)
    Stoppé! C:Program Files (x86)Microsoft OfficeOffice12MSPUB.EXE (ID 3144 |ParentID 2684)
    Stoppé! C:Windowssplwow64.exe (ID 4516 |ParentID 3144)
    Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID 4948 |ParentID 2884)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID 4568 |ParentID 1008)
    Stoppé! C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0mswinext.exe (ID 5196 |ParentID 3492)
    Stoppé! C:WindowsSysWOW64werfault.exe (ID 2576 |ParentID 4956)
    Stoppé! C:Program Files (x86)Microsoft OfficeOffice12MSPUB.EXE (ID 3212 |ParentID 2684)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5804 |ParentID 2684)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4300 |ParentID 5804)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6016 |ParentID 5804)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4704 |ParentID 5804)
    Stoppé! C:Program Files (x86)Common FilesAdobeUpdater6Adobe_Updater.exe (ID 5208 |ParentID 5144)
    Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSCServerSCServer.exe (ID 5632 |ParentID 776)
    Stoppé! C:Windowssystem32taskhost.exe (ID 4868 |ParentID 612)

    ################## | Éléments infectieux |

    Supprimé! F:nBHfBEux.vbs
    Supprimé! C:UsersFAMILL~1AppDataLocalTempnBHfBEux.vbs
    Supprimé! C:UsersFamille BenAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupnBHfBEux.vbs
    Supprimé! F:élèves points 3 et 4.lnk
    Supprimé! F:RECETTES.lnk
    Supprimé! F:Nouveau dossier.lnk
    Supprimé! F:Nouveau dossier (2).lnk
    Supprimé! C:BackupteresaAppDataLocalTempnBHfBEux.vbs
    Supprimé! C:BackupteresaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupnBHfBEux.vbs

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|nBHfBEux

    ################## | Listing |

    [30/09/2013 – 06:57:12 | SHD ] C:$Recycle.Bin
    [17/06/2013 – 10:17:29 | N | 23924] C:AdwCleaner[R1].txt
    [17/06/2013 – 10:36:13 | N | 451] C:AdwCleaner[S1].txt
    [25/06/2013 – 20:06:28 | N | 0] C:autoexec.bat
    [30/09/2013 – 19:30:18 | RASHD ] C:Autorun.inf
    [30/09/2013 – 13:15:39 | D ] C:Backup
    [29/05/2012 – 23:45:31 | D ] C:book
    [22/11/2010 – 14:13:52 | SHD ] C:Boot
    [14/07/2009 – 03:38:58 | RASH | 383562] C:bootmgr
    [22/11/2010 – 14:13:54 | RASH | 8192] C:BOOTSECT.BAK
    [30/09/2013 – 17:38:26 | SHD ] C:Config.Msi
    [14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
    [23/05/2013 – 12:26:16 | D ] C:drivers
    [29/09/2013 – 11:11:52 | N | 9] C:END
    [30/09/2013 – 18:52:04 | ASH | 3166146560] C:hiberfil.sys
    [22/11/2010 – 14:39:44 | D ] C:Intel
    [02/06/2012 – 22:56:40 | N | 40] C:log.txt
    [17/03/2013 – 15:59:47 | RHD ] C:MSOCache
    [30/09/2013 – 06:57:00 | D ] C:OEM
    [30/09/2013 – 18:52:09 | ASH | 4221530112] C:pagefile.sys
    [14/07/2009 – 05:20:08 | D ] C:PerfLogs
    [30/09/2013 – 16:50:22 | D ] C:Program Files
    [30/09/2013 – 19:02:19 | D ] C:Program Files (x86)
    [30/09/2013 – 19:04:05 | HD ] C:ProgramData
    [30/09/2013 – 06:54:38 | SHD ] C:Recovery
    [22/11/2010 – 14:47:03 | N | 2264] C:RHDSetup.log
    [30/09/2013 – 19:03:15 | SHD ] C:System Volume Information
    [30/09/2013 – 20:13:51 | D ] C:UsbFix
    [30/09/2013 – 20:14:12 | A | 11613] C:UsbFix [Clean 1] FAMILLEBEN-PC.txt
    [30/09/2013 – 19:34:28 | N | 10801] C:UsbFix [Scan 3] FAMILLEBEN-PC.txt
    [30/09/2013 – 19:37:21 | N | 11421] C:UsbFix [Scan 4] FAMILLEBEN-PC.txt
    [26/07/2012 – 09:44:21 | N | 413] C:user.js
    [30/09/2013 – 06:54:45 | RD ] C:Users
    [30/09/2013 – 11:49:33 | D ] C:Windows
    [30/09/2013 – 06:57:12 | SHD ] D:$RECYCLE.BIN
    [30/09/2013 – 19:30:20 | RASHD ] D:Autorun.inf
    [03/03/2013 – 18:39:31 | N | 369] D:INTENSO (G) – Raccourci.lnk
    [29/05/2012 – 23:39:47 | SHD ] D:System Volume Information
    [29/09/2013 – 10:38:12 | N | 127972] F:élèves points 3 et 4.pdf
    [29/09/2013 – 10:41:24 | N | 522920] F:RECETTES.pdf
    [29/09/2013 – 12:53:50 | D ] F:Nouveau dossier
    [29/09/2013 – 12:53:56 | D ] F:Nouveau dossier (2)

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1gj5tova]

    TERESA
    Participant
    Nombre d'articles : 4

    Suis super contente d’avoir enfin retrouvé mes dossiers sains et saufs, ouffffffffffffff !!!!!! UN ENOOOOOOOOOOOOOOOOOOOOOOOORME MERCI :bravo1: :content: :merci2:

    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Bonsoir,

    Ravis d’avoir pu t’aider :)

    Si tu le souhaites tu as notre page facebook pour nous faire connaitre autour de toi ;)

    [pagefan:51m3i26p][/pagefan:51m3i26p]

    ++

    TERESA
    Participant
    Nombre d'articles : 4

    encore merci et pas de soucis, je publie sur mon facebook, si ça peut aider d’autres personnes ….. super !!! :super:

    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Bonsoir,

    C’est super de ta part ;)

    Amicalement l’équipe du forum.

    Alhan
    Nombre d'articles : 0

    Bonjour à tous,

    voilà j’ai attrapé le même virus qui me pourri la vie….

    Est-ce que quelqu’un pourrait me le dénicher?

    voici mon rapport,

    ############################## | UsbFix V 7.139 | [Recherche]

    Utilisateur: Alhan (Administrateur) # ALHAN-PC
    Mis à jour le 29/09/2013 par El Desaparecido – Team SosVirus
    Lancé à 09:37:48 | 04/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (N71Jq)
    CPU: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
    RAM -> [Total : 4021 | Free : 2127]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
    WB: Windows Internet Explorer 8.0.7600.16385

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Avira Desktop [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 681 Go (141 Go libre(s) – 21%) [OS] # NTFS
    D: -> Disque fixe # 298 Go (8 Go libre(s) – 3%) [] # NTFS
    E: -> CD-ROM
    F: -> Disque fixe # 298 Go (70 Go libre(s) – 23%) [] # NTFS
    G: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [STORE N GO] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID 472 |ParentID 460)
    C:Windowssystem32wininit.exe (ID 536 |ParentID 460)
    C:Windowssystem32csrss.exe (ID 556 |ParentID 544)
    C:Windowssystem32services.exe (ID 592 |ParentID 536)
    C:Windowssystem32lsass.exe (ID 620 |ParentID 536)
    C:Windowssystem32lsm.exe (ID 628 |ParentID 536)
    C:Windowssystem32svchost.exe (ID 724 |ParentID 592)
    C:Windowssystem32winlogon.exe (ID 792 |ParentID 544)
    C:Windowssystem32svchost.exe (ID 852 |ParentID 592)
    C:Windowssystem32atiesrxx.exe (ID 912 |ParentID 592)
    C:WindowsSystem32svchost.exe (ID 972 |ParentID 592)
    C:WindowsSystem32svchost.exe (ID 1012 |ParentID 592)
    C:Windowssystem32svchost.exe (ID 144 |ParentID 592)
    C:Windowssystem32svchost.exe (ID 164 |ParentID 592)
    C:Windowssystem32svchost.exe (ID 1104 |ParentID 592)
    C:Windowssystem32atieclxx.exe (ID 1264 |ParentID 912)
    C:Windowssystem32FBAgent.exe (ID 1368 |ParentID 592)
    C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe (ID 1392 |ParentID 592)
    C:Program FilesATKGFNEXGFNEXSrv.exe (ID 1432 |ParentID 592)
    C:WindowsSystem32spoolsv.exe (ID 1528 |ParentID 592)
    C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 1592 |ParentID 592)
    C:Windowssystem32svchost.exe (ID 1624 |ParentID 592)
    C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 1728 |ParentID 592)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1764 |ParentID 592)
    C:Program FilesBonjourmDNSResponder.exe (ID 1936 |ParentID 592)
    C:Windowssystem32svchost.exe (ID 1984 |ParentID 592)
    C:WindowsSysWOW64svchost.exe (ID 2012 |ParentID 592)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 2040 |ParentID 592)
    C:Program Filesma-config.comMaConfigAgent.exe (ID 1644 |ParentID 592)
    C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe (ID 432 |ParentID 592)
    C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe (ID 2056 |ParentID 592)
    C:WindowsSystem32svchost.exe (ID 2076 |ParentID 592)
    C:WindowsSystem32svchost.exe (ID 2164 |ParentID 592)
    C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID 2204 |ParentID 592)
    C:Windowssystem32svchost.exe (ID 2308 |ParentID 592)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2384 |ParentID 592)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2724 |ParentID 2384)
    C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 3048 |ParentID 1728)
    C:Windowssystem32svchost.exe (ID 3588 |ParentID 592)
    C:Windowssystem32svchost.exe (ID 3712 |ParentID 592)
    C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe (ID 3676 |ParentID 2056)
    C:Windowssystem32Dwm.exe (ID 1828 |ParentID 1012)
    C:Windowssystem32taskhost.exe (ID 2524 |ParentID 592)
    C:WindowsExplorer.EXE (ID 3868 |ParentID 3768)
    C:Program Files (x86)ASUSATK HotkeyHControl.exe (ID 3616 |ParentID 1392)
    C:Windowssystem32taskeng.exe (ID 1584 |ParentID 144)
    C:Windowssystem32wbemwmiprvse.exe (ID 3512 |ParentID 724)
    C:Program Files (x86)ASUSASUS Live UpdateALU.exe (ID 3692 |ParentID 1584)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID 1044 |ParentID 1584)
    C:Program Files (x86)ASUSSmartLogonsensorsrv.exe (ID 2808 |ParentID 1584)
    C:Program FilesP4GBatteryLife.exe (ID 3816 |ParentID 1584)
    C:Program Files (x86)ASUSControlDeckControlDeckStartUp.exe (ID 3420 |ParentID 1584)
    C:Program Files (x86)ASUSATK HotkeyATKOSD.exe (ID 3976 |ParentID 3616)
    C:WindowsSysWOW64ACEngSvr.exe (ID 3268 |ParentID 724)
    C:Program Files (x86)ASUSATK HotkeyWDC.exe (ID 3436 |ParentID 3616)
    C:Program FilesElantechETDCtrl.exe (ID 452 |ParentID 3868)
    C:Program Files (x86)ASUSASUS WebStorageSERVICEAsusWSService.exe (ID 3404 |ParentID 3868)
    C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe (ID 3972 |ParentID 3868)
    C:WindowsSystem32wscript.exe (ID 3960 |ParentID 3868)
    C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe (ID 4012 |ParentID 3868)
    C:Program FilesSRS LabsSRS Premium Sound Control PanelSRSPremiumPanel_64.exe (ID 3480 |ParentID 3868)
    C:Windowssystem32wbemwmiprvse.exe (ID 3652 |ParentID 724)
    C:Program Files (x86)ASUSATK HotkeyHControlUser.exe (ID 4000 |ParentID 3096)
    C:Program Files (x86)ASUSATK MediaDMedia.exe (ID 2444 |ParentID 3096)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2336 |ParentID 1188)
    C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe (ID 3628 |ParentID 3096)
    C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe (ID 3640 |ParentID 3096)
    C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 3856 |ParentID 3096)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 3768 |ParentID 3096)
    C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 1572 |ParentID 3096)
    C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe (ID 2980 |ParentID 3096)
    C:Program Files (x86)iTunesiTunesHelper.exe (ID 560 |ParentID 3096)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 4208 |ParentID 2336)
    C:Program FilesiPodbiniPodService.exe (ID 4908 |ParentID 592)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID 660 |ParentID 592)
    C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe (ID 4364 |ParentID 4012)
    C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe (ID 4100 |ParentID 724)
    C:windowsIntel(TM)7z.exe (ID 4576 |ParentID 4556)
    C:WindowsAsScrPro.exe (ID 4712 |ParentID 1368)
    C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe (ID 4528 |ParentID 724)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 5080 |ParentID 1368)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 4168 |ParentID 592)
    C:Program Files (x86)Microsoft OfficeOffice12WINWORD.EXE (ID 5488 |ParentID 3868)
    C:Windowssplwow64.exe (ID 5656 |ParentID 5488)
    C:Program Files (x86)MicrosoftOffice LiveOfficeLiveSignIn.exe (ID 5800 |ParentID 724)
    C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe (ID 3820 |ParentID 3768)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5228 |ParentID 3868)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3356 |ParentID 5228)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 748 |ParentID 5228)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4812 |ParentID 5228)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4588 |ParentID 5228)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5612 |ParentID 5228)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5848 |ParentID 5228)
    C:WindowsSystem32svchost.exe (ID 5296 |ParentID 592)
    C:Windowssystem32WUDFHost.exe (ID 4552 |ParentID 1012)
    C:UsbFixGo.exe (ID 4124 |ParentID 5888)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
    HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
    HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
    HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
    HKLMSOFTWARE | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
    HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
    HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    HKLMSOFTWARE | Run : [Intel(TM)7z] – “C:windowsIntel(TM)7z.exe”
    HKLMSOFTWAREwow6432Node | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
    HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
    HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
    HKLMSOFTWAREwow6432Node | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
    HKLMSOFTWAREwow6432Node | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
    HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
    HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    HKLMSOFTWAREwow6432Node | Run : [Intel(TM)7z] – “C:windowsIntel(TM)7z.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-21-2351134466-4085927225-1477360203-1000SOFTWARE | Run : [Facebook Update] – “C:UsersAlhanAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-21-2351134466-4085927225-1477360203-1000SOFTWARE | Run : [A7KGEquN] – wscript.exe //B “C:UsersAlhanAppDataLocalTempA7KGEquN.vbs”

    ################## | Éléments infectieux |

    Présent! G:A7KGEquN.vbs
    Présent! C:UsersAlhanAppDataLocalTempA7KGEquN.vbs
    Présent! C:UsersAlhanAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupA7KGEquN.vbs
    Présent! G:Autorun.inf.lnk
    Présent! G:P04-1708.lnk
    Présent! C:UsersPublic9eimmD.vbe
    Présent! C:UsersPublic9stiemD.VBE
    Présent! C:UsersPublicIntel(R)Graph.exe
    Présent! C:UsersAlhanAppDataLocalTempiiiii9.hta

    ################## | Registre |

    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|A7KGEquN
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|A7KGEquN
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|A7KGEquN
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableRegistryTools

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    Anonyme
    Nombre d'articles : 0

    Hello Alhan,

    Il faut que tu ouvres ton propre sujet en cliquant sur “Nouveau” dans le forum Virus-Sécurité

    Alhan
    Nombre d'articles : 0

    ok merci

10 sujets de 1 à 10 (sur un total de 10)
  • Vous devez être connecté pour répondre à ce sujet.