mon pc et mes clé usb sont infectés 2014-08-03T18:19:20+00:00
  • Auteur
    Messages
  • husseinjohn10
    Post count: 0

    ############################## | UsbFix V 7.177 | [Recherche]

    Utilisateur: Ouzin Gueye (Administrateur) # HUSSEIN
    Mis à jour le 29/07/2014 par El Desaparecido – SosVirus
    Lancé à 18:01:47 | 03/08/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: Acer (VA50_HC_HR)
    CPU: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
    RAM -> [Total : 3932 Mo | Free : 2241 Mo]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Mozilla Firefox : 31.0

    ################## | Security Information |

    AV: ESET Smart Security 7.0 [(!) Désactivé |A jour]
    AS: Windows Defender [Actif |A jour]
    AS: ESET Smart Security 7.0 [(!) Désactivé |A jour]
    FW: Pare-feu personnel d’ESET [Actif]
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 250 Go (142 Go libre(s) – 57%) [Acer] # NTFS
    D: -> Disque fixe # 216 Go (213 Go libre(s) – 99%) […] # NTFS
    I: -> Disque amovible # 4 Go (1 Go libre(s) – 32%) [] # FAT32

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [SuperCopier2.exe] C:Program Files (x86)SuperCopier2SuperCopier2.exe
    04 – HKCU..Run : [Google Update] “C:UsersOuzin GueyeAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKCU..Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:Program Files (x86)Common FilesNeroLibNMBgMonitor.exe”
    04 – HKCU..Run : [KiesTrayAgent] C:Program Files (x86)SamsungKies/KiesTrayAgent.exe
    04 – HKCU..Run : [Software Informer] “C:Program Files (x86)Software Informersoftinfo.exe” -autorun
    04 – HKCU..Run : [Live Downloader] C:Program Files (x86)Live Downloaderlive_downloader.exe
    04 – HKCU..Run : [DriverFinder] C:Program Files (x86)DriverFinderDriverFinder.exe
    04 – HKCU..Run : [Viber] “C:UsersOuzin GueyeAppDataLocalViberViber.exe” StartMinimized
    04 – HKCU..Run : [Optimizer Pro] C:Program Files (x86)Optimizer ProOptProLauncher.exe
    04 – HKCU..Run : [Skype] “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
    04 – HKCU..Run : [iTunesHelper] wscript.exe //B “C:UsersOUZING~1AppDataLocalTempiTunesHelper.vbe”
    04 – HKLM..Run : [USB3MON] “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
    04 – HKLM..Run : [NBKeyScan] “C:Program Files (x86)NeroNero8Nero BackItUpNBKeyScan.exe”
    04 – HKLM..Run : [LManager] C:Program Files (x86)Launch ManagerLManager.exe
    04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [PWRISOVM.EXE] C:Program Files (x86)PowerISOPWRISOVM.EXE -startup
    04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [iTunesHelper] “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLM..PoliciesExplorerrun : [Updates] “C:system32SystemProtection.exe” /e:VBScript.Encode “C:kernelr00t3r”
    04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [RtHDVBg_Dolby] C:Program FilesRealtekAudioHDARAVBg64.exe /FORPCEE4
    04 – [x64] HKLM..Run : [Broadcom Wireless Manager UI] C:Program FilesBroadcomBroadcom 802.11 Network AdapterWLTRAY.exe
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
    04 – [x64] HKLM..Run : [iTunesHelper] wscript.exe //B “C:UsersOUZING~1AppDataLocalTempiTunesHelper.vbe”
    04 – [x64] HKLM..Run : [egui] “C:Program FilesESETESET Smart Securityegui.exe” /hide /waitservice
    04 – [x64] HKLM..PoliciesExplorerrun : [Updates] “C:system32SystemProtection.exe” /e:VBScript.Encode “C:kernelr00t3r”
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [SuperCopier2.exe] C:Program Files (x86)SuperCopier2SuperCopier2.exe
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [Google Update] “C:UsersOuzin GueyeAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:Program Files (x86)Common FilesNeroLibNMBgMonitor.exe”
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [KiesTrayAgent] C:Program Files (x86)SamsungKies/KiesTrayAgent.exe
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [Software Informer] “C:Program Files (x86)Software Informersoftinfo.exe” -autorun
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [Live Downloader] C:Program Files (x86)Live Downloaderlive_downloader.exe
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [DriverFinder] C:Program Files (x86)DriverFinderDriverFinder.exe
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [Viber] “C:UsersOuzin GueyeAppDataLocalViberViber.exe” StartMinimized
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [Optimizer Pro] C:Program Files (x86)Optimizer ProOptProLauncher.exe
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [AdobeBridge]
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [Skype] “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
    04 – HKUS-1-5-21-256383493-3377169826-1319847585-1000..Run : [iTunesHelper] wscript.exe //B “C:UsersOUZING~1AppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! C:UsersOUZING~1AppDataLocalTemptp.vbe
    Présent! C:kernellpt1
    Présent! C:kernel
    Présent! C:UsersOuzin GueyeAppDataLocalTemptp.vbe

    ################## | Registre |

    Présent! [x64] HKLMSoftwareiTunesHelper
    Présent! HKLMSYSTEMCurrentControlSetServicessystem
    Présent! HKLMSYSTEMControlSet001Servicessystem
    Présent! HKLMSYSTEMControlSet002Servicessystem
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbpsvc.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsemngr.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsermngr.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsersafeguard.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbundlesweetimsetup.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionscltmngsvc.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta babylon.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta tb.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta2.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltainstaller.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltasetup.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltatb.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltatb_2501-c733154b.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdprotectsvc.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsiminentsetup.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotectedsearch.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsrjatydimofu.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotection.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotector.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssnapdo.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst32.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst64.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssweetimsetup.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionstbdelta.exetoolbar783881609.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsutiljumpflip.exe
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Updates
    Présent! [x64] HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Updates

    ################## | UsbFix – Information |

    Info : Comment supprimer l’infection des raccourcis sur USB ? (Video)
    Info : L’infection des raccourcis USB, c’est quoi ?

    ################## | Hijack |

    Hijacked! [SH] I:ess_nt64_fra.msi
    Hijacked! [SHD] I:FOUND.000

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

Le sujet ‘mon pc et mes clé usb sont infectés’ est fermé à de nouvelles réponses.