SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité mes fichiers USB et ma carte SD transformé en raccourci

2 sujets de 1 à 2 (sur un total de 2)
  • Auteur
    Messages
  • donia
    Nombre d'articles : 0

    ############################## | UsbFix V 7.155 | [Recherche]

    Utilisateur: Donia (Administrateur) # PC-DONIA
    Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 02:20:26 | 23/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X550CA)
    CPU: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
    RAM -> [Total : 6030 | Free : 3949]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16750
    WB: Google Chrome : 31.0.1650.63
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: McAfee Anti-Virus et Anti-Spyware [(!) Disabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 373 Go (249 Go libre(s) – 67%) [OS] # NTFS
    D: -> Disque fixe # 538 Go (537 Go libre(s) – 100%) [DATA] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> Disque amovible # 7 Go (2 Go libre(s) – 23%) [NIKON D3100] # FAT32
    H: -> Disque amovible # 15 Go (5 Go libre(s) – 36%) [DONIA BEN B] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 708 |ParentID: 696)
    C:Windowssystem32wininit.exe (ID: 764 |ParentID: 696)
    C:Windowssystem32csrss.exe (ID: 780 |ParentID: 772)
    C:Windowssystem32winlogon.exe (ID: 824 |ParentID: 772)
    C:Windowssystem32services.exe (ID: 864 |ParentID: 764)
    C:Windowssystem32lsass.exe (ID: 872 |ParentID: 764)
    C:Windowssystem32svchost.exe (ID: 980 |ParentID: 864)
    C:Windowssystem32svchost.exe (ID: 332 |ParentID: 864)
    C:WindowsSystem32svchost.exe (ID: 448 |ParentID: 864)
    C:Windowssystem32dwm.exe (ID: 628 |ParentID: 824)
    C:Windowssystem32svchost.exe (ID: 660 |ParentID: 864)
    C:Windowssystem32svchost.exe (ID: 620 |ParentID: 864)
    C:WindowsSystem32svchost.exe (ID: 912 |ParentID: 864)
    C:Windowssystem32svchost.exe (ID: 1152 |ParentID: 864)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1260 |ParentID: 864)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1356 |ParentID: 864)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1384 |ParentID: 864)
    C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1504 |ParentID: 864)
    C:WindowsSystem32spoolsv.exe (ID: 1716 |ParentID: 864)
    C:Windowssystem32svchost.exe (ID: 1744 |ParentID: 864)
    C:Windowssystem32svchost.exe (ID: 1772 |ParentID: 864)
    C:Program FilesSUPERAntiSpywareSASCORE64.EXE (ID: 1888 |ParentID: 864)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1924 |ParentID: 864)
    C:Program Files (x86)ASUSSplendidColorUService.exe (ID: 2044 |ParentID: 864)
    C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID: 1028 |ParentID: 864)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID: 1092 |ParentID: 864)
    C:Program FilesASUSP4GBatteryLife.exe (ID: 1108 |ParentID: 864)
    C:Windowssystem32taskhostex.exe (ID: 996 |ParentID: 864)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 968 |ParentID: 1260)
    C:WindowsExplorer.EXE (ID: 1072 |ParentID: 960)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1832 |ParentID: 864)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 2628 |ParentID: 968)
    C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe (ID: 2692 |ParentID: 864)
    C:WindowsSystem32igfxtray.exe (ID: 2912 |ParentID: 1072)
    C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSWinService.exe (ID: 2940 |ParentID: 864)
    C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe (ID: 2960 |ParentID: 2692)
    C:WindowsSystem32hkcmd.exe (ID: 3004 |ParentID: 1072)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2152 |ParentID: 1072)
    C:Program FilesBonjourmDNSResponder.exe (ID: 2504 |ParentID: 864)
    C:Windowssystem32dashost.exe (ID: 1412 |ParentID: 912)
    C:Windowssystem32dmwu.exe (ID: 2572 |ParentID: 864)
    C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe (ID: 2800 |ParentID: 864)
    C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 1932 |ParentID: 864)
    C:Program FilesInteliCLS ClientHeciServer.exe (ID: 3064 |ParentID: 864)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 3052 |ParentID: 864)
    C:Program FilesMcAfeeMSCMcAPExe.exe (ID: 2784 |ParentID: 864)
    C:windowssystem32mfevtps.exe (ID: 2436 |ParentID: 864)
    C:Windowssystem32svchost.exe (ID: 3104 |ParentID: 864)
    C:Program FilesCommon FilesMcAfeeAMCoremcshield.exe (ID: 3216 |ParentID: 864)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3276 |ParentID: 3244)
    C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 3316 |ParentID: 864)
    C:Program FilesCommon FilesMcAfeePlatformMcSvcHostMcSvHost.exe (ID: 3492 |ParentID: 864)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3880 |ParentID: 3276)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4040 |ParentID: 980)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4048 |ParentID: 980)
    C:Windowssystem32SearchIndexer.exe (ID: 2008 |ParentID: 864)
    C:Windowssystem32svchost.exe (ID: 4352 |ParentID: 864)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4440 |ParentID: 3276)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4752 |ParentID: 3276)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4844 |ParentID: 3276)
    C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweLiveComm.exe (ID: 4852 |ParentID: 980)
    C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 5032 |ParentID: 2508)
    C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 5048 |ParentID: 2112)
    C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 2520 |ParentID: 1072)
    C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe (ID: 4832 |ParentID: 1072)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 5732 |ParentID: 3364)
    C:WindowsSystem32RuntimeBroker.exe (ID: 5776 |ParentID: 980)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID: 5912 |ParentID: 1788)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID: 1972 |ParentID: 1788)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID: 5148 |ParentID: 5912)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID: 5680 |ParentID: 1972)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID: 2608 |ParentID: 5912)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID: 5752 |ParentID: 1972)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4144 |ParentID: 3276)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (ID: 1788 |ParentID: 1972)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 440 |ParentID: 864)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5568 |ParentID: 864)
    C:Windowssystem32igfxpers.exe (ID: 2072 |ParentID: 4764)
    C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe (ID: 5320 |ParentID: 864)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 4684 |ParentID: 864)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (ID: 5548 |ParentID: 1788)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6452 |ParentID: 3276)
    C:Program FilesCommon FilesMcAfeePlatformmcuicnt.exe (ID: 6808 |ParentID: 5740)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5576 |ParentID: 3276)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6460 |ParentID: 3276)
    c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe (ID: 4496 |ParentID: 980)
    C:Program FilesCommon FilesMcAfeePlatformCoremchost.exe (ID: 6324 |ParentID: 3492)
    C:WindowsSystem32WUDFHost.exe (ID: 6748 |ParentID: 912)
    C:Program FilesCommon FilesMcAfeePlatformCoremchost.exe (ID: 2672 |ParentID: 3492)
    C:UsbFixGo.exe (ID: 1132 |ParentID: 6272)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSPanel.exe /S
    04 – HKLMSOFTWARE | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
    04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate961c6129-80c4-46f0-9c03-912b1d90048d.exe /check
    04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSPanel.exe /S
    04 – HKLMSOFTWAREwow6432Node | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
    04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate961c6129-80c4-46f0-9c03-912b1d90048d.exe /check
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-3898148998-3337265062-558374295-1001SOFTWARE | Run : [AdobeBridge] –
    04 – HKUS-1-5-21-3898148998-3337265062-558374295-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-21-3898148998-3337265062-558374295-1001SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersDoniaAppDataLocalAkamainetsession_win.exe”
    04 – HKUS-1-5-21-3898148998-3337265062-558374295-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersDoniaAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-21-3898148998-3337265062-558374295-1001SOFTWARE | Run : [SUPERAntiSpyware] – C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

    ################## | Recherche générique |

    Présent! C:UsersAll UsersSetStretch.VBS
    Présent! C:ProgramDataSetStretch.VBS
    Présent! C:UsersDoniaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Présent! C:UsersDoniaAppDataLocalTempiTunesHelper.vbe
    Présent! G:trzCDF.tmp
    Présent! H:trzD7C8.tmp
    Présent! H:trzB37A.tmp
    Présent! H:trz8C0D.tmp

    ################## | Référence de comparaison MD5 |

    Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
    Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
    Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:UsersDoniaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:UsersDoniaAppDataLocalTempiTunesHelper.vbe

    ################## | Comparaison MD5 |

    Présent! Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
    Présent! Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
    Présent! Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:UsersDoniaAppDataLocalTempiTunesHelper.vbe
    Présent! Md5 : A839A88B09657202186AF9CC39FD4AF9 -> C:UsersDoniaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Registre |

    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
    Présent! HKUS-1-5-21-3898148998-3337265062-558374295-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |



    MERCI DE VOTRE AIDE !! j

    g3n-h@ckm@ng3n-h@ckm@n
    Moderator
    Nombre d'articles : 8251

    salut :) ^^

    branche tout ce qui peut se brancher à tes ports usb puis relance usbfix , clique sur suppression , puis donne le rapport obtenu , suite à cela , change immédiatement tous tes mots de passe ils ont été volés

2 sujets de 1 à 2 (sur un total de 2)
  • Vous devez être connecté pour répondre à ce sujet.