Rapport de recherche usbfix 2013-12-22T19:34:08+00:00

Dépannage Informatique : Rapport de recherche usbfix

  • Auteur
    Messages
  • the-blues-6
    Nombre d'articles : 0

    Mes périphériques ont été infectés par un virus qui a caché mes fichiers et certain ont été transformés en raccourcis.
    Voicis le rapport de recherche de USbfix :

    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: Maxime (Administrateur) # PC-MAXIME
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:17:09 | 22/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: SAMSUNG ELECTRONICS CO., LTD. (NP350E7C-S09FR)
    CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
    RAM -> [Total : 3987 | Free : 1768]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
    WB: Windows Internet Explorer : 11.0.9600.16476
    WB: Google Chrome : 31.0.1650.63
    WB: Mozilla Firefox : 26.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Windows Defender [Enabled | Updated]
    AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 441 Go (228 Go libre(s) – 52%) [] # NTFS
    D: -> CD-ROM
    E: -> Disque amovible # 4 Go (3 Go libre(s) – 79%) [Transcend] # FAT32
    G: -> Disque amovible # 4 Go (928 Mo libre(s) – 25%) [GROS MINET] # FAT32

    ################## | Processus Actif |

    C:WINDOWSsystem32wininit.exe (ID: 632 |ParentID: 560)
    C:WINDOWSsystem32lsass.exe (ID: 728 |ParentID: 632)
    C:WINDOWSsystem32svchost.exe (ID: 792 |ParentID: 720)
    C:WINDOWSsystem32svchost.exe (ID: 844 |ParentID: 720)
    C:WINDOWSsystem32atiesrxx.exe (ID: 308 |ParentID: 720)
    C:WINDOWSSystem32svchost.exe (ID: 356 |ParentID: 720)
    C:WINDOWSsystem32svchost.exe (ID: 580 |ParentID: 720)
    C:WINDOWSsystem32svchost.exe (ID: 540 |ParentID: 720)
    C:WINDOWSSystem32svchost.exe (ID: 300 |ParentID: 720)
    C:WINDOWSsystem32svchost.exe (ID: 1164 |ParentID: 720)
    C:WINDOWSSystem32spoolsv.exe (ID: 1264 |ParentID: 720)
    C:WINDOWSsystem32svchost.exe (ID: 1308 |ParentID: 720)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1424 |ParentID: 720)
    C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1444 |ParentID: 720)
    C:WINDOWSSysWow64IntelCpHeciSvc.exe (ID: 1468 |ParentID: 720)
    C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1520 |ParentID: 720)
    C:WINDOWSsystem32dashost.exe (ID: 1544 |ParentID: 300)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1580 |ParentID: 720)
    C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 1696 |ParentID: 720)
    C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID: 1760 |ParentID: 720)
    C:WINDOWSsystem32svchost.exe (ID: 1628 |ParentID: 720)
    C:WINDOWSSystem32msdtc.exe (ID: 2696 |ParentID: 720)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 2324 |ParentID: 720)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 1296 |ParentID: 720)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3000 |ParentID: 720)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 3028 |ParentID: 720)
    C:WINDOWSsystem32DllHost.exe (ID: 2364 |ParentID: 792)
    C:WINDOWSsystem32svchost.exe (ID: 2456 |ParentID: 720)
    C:WINDOWSsystem32SearchIndexer.exe (ID: 1888 |ParentID: 720)
    C:WINDOWSSystem32svchost.exe (ID: 4956 |ParentID: 720)
    C:WINDOWSsystem32DllHost.exe (ID: 3672 |ParentID: 792)
    C:WINDOWSMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 3552 |ParentID: 720)
    C:WindowsSystem32WUDFHost.exe (ID: 5052 |ParentID: 300)
    C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (ID: 2052 |ParentID: 720)
    C:Program Files (x86)Common FilesMicrosoft SharedPhone ToolsCoreCon11.0BinIpOverUsbSvc.exe (ID: 5956 |ParentID: 720)
    C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 3456 |ParentID: 720)
    C:WINDOWSsystem32svchost.exe (ID: 4020 |ParentID: 720)
    C:WINDOWSsystem32wbemwmiprvse.exe (ID: 6232 |ParentID: 792)
    C:WINDOWSSystem32WinLogon.exe (ID: 3580 |ParentID: 6812)
    C:WINDOWSSystem32dwm.exe (ID: 3484 |ParentID: 3580)
    C:WINDOWSsystem32atieclxx.exe (ID: 4196 |ParentID: 308)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 6148 |ParentID: 580)
    c:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe (ID: 4428 |ParentID: 580)
    c:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe (ID: 2976 |ParentID: 580)
    C:WINDOWSsystem32taskhostex.exe (ID: 5372 |ParentID: 580)
    C:WindowsSystem32skydrive.exe (ID: 3116 |ParentID: 792)
    C:Program Files (x86)SamsungSW UpdateSWMAgent.exe (ID: 1112 |ParentID: 580)
    C:WindowsSystem32igfxtray.exe (ID: 1020 |ParentID: 5360)
    C:WINDOWSsystem32igfxsrvc.exe (ID: 2500 |ParentID: 792)
    C:WindowsSystem32hkcmd.exe (ID: 3332 |ParentID: 5360)
    C:WindowsSystem32igfxpers.exe (ID: 3632 |ParentID: 5360)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2648 |ParentID: 5360)
    C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID: 5364 |ParentID: 5360)
    C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 5448 |ParentID: 5360)
    C:UsersMaximeAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 884 |ParentID: 5360)
    C:Program FilesMicrosoft OfficeOffice14MSOSYNC.EXE (ID: 6752 |ParentID: 5360)
    C:Program FilesMicrosoft OfficeOffice14ONENOTEM.EXE (ID: 6000 |ParentID: 5360)
    C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 6192 |ParentID: 6520)
    C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe (ID: 5904 |ParentID: 6520)
    C:Program Files (x86)AdobeAcrobat 10.0Acrobatacrotray.exe (ID: 6172 |ParentID: 6520)
    C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXRCV.exe (ID: 2340 |ParentID: 6520)
    C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXSTM.exe (ID: 5336 |ParentID: 6520)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 6240 |ParentID: 6520)
    C:Program FilesSamsungS AgentCommonAgent.exe (ID: 6216 |ParentID: 580)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 6956 |ParentID: 6176)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 5804 |ParentID: 5276)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 5020 |ParentID: 6956)
    C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 2628 |ParentID: 4648)
    C:Program FilesSamsungSupport CenterGuaranaAgent.exe (ID: 1776 |ParentID: 6216)
    C:WindowsSystem32WWAHost.exe (ID: 6984 |ParentID: 792)
    C:WindowsSystem32RuntimeBroker.exe (ID: 4016 |ParentID: 792)
    C:WINDOWSWinStoreWSHost.exe (ID: 3040 |ParentID: 792)
    C:WindowsSystem32SettingSyncHost.exe (ID: 6776 |ParentID: 792)
    C:WindowsSystem32WUDFHost.exe (ID: 5292 |ParentID: 300)
    C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe (ID: 2140 |ParentID: 660)
    C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 5932 |ParentID: 5360)
    C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 4640 |ParentID: 5932)
    C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 3356 |ParentID: 4640)
    C:windowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 4544 |ParentID: 3356)
    C:Program Files (x86)AdobeAdobe Illustrator CS6Support FilesContentsWindowsIllustrator.exe (ID: 2236 |ParentID: 5360)
    C:Program Files (x86)Common FilesAdobeOOBEPDAppcorePDApp.exe (ID: 5476 |ParentID: 2236)
    C:WINDOWSsplwow64.exe (ID: 4168 |ParentID: 2236)
    C:WINDOWSsystem32wbemwmiprvse.exe (ID: 3500 |ParentID: 792)
    C:WINDOWSexplorer.exe (ID: 5936 |ParentID: 3580)
    C:UsbFixGo.exe (ID: 6084 |ParentID: 4392)
    C:WINDOWSsystem32taskeng.exe (ID: 5420 |ParentID: 580)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWARE | Run : [CLMLServer_For_P2G8] – “C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
    04 – HKLMSOFTWARE | Run : [CLVirtualDrive] – “C:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
    04 – HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [Adobe Acrobat Speed Launcher] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrobat_sl.exe”
    04 – HKLMSOFTWARE | Run : [Acrobat Assistant 8.0] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrotray.exe”
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [FUFAXRCV] – “C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXRCV.exe”
    04 – HKLMSOFTWARE | Run : [FUFAXSTM] – “C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXSTM.exe”
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [CLMLServer_For_P2G8] – “C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [CLVirtualDrive] – “C:Program Files (x86)CyberLinkPower2Go8VirtualDrive.exe” /R
    04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Acrobat Speed Launcher] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrobat_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Acrobat Assistant 8.0] – “C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrotray.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [FUFAXRCV] – “C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXRCV.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [FUFAXSTM] – “C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXSTM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-2678595623-4148133582-4009595467-1001SOFTWARE | Run : [Spotify Web Helper] – “C:UsersMaximeAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
    04 – HKUS-1-5-21-2678595623-4148133582-4009595467-1001SOFTWARE | Run : [OfficeSyncProcess] – “C:Program FilesMicrosoft OfficeOffice14MSOSYNC.EXE”
    04 – HKUS-1-5-21-2678595623-4148133582-4009595467-1001SOFTWARE | Run : [EPSON BX305 Series] – C:windowssystem32spoolDRIVERSx643E_IATIGJE.EXE /FU “C:windowsTEMPE_S9C70.tmp” /EF “HKCU”

    ################## | Recherche générique |

    Présent! E:Volume typo .lnk
    Présent! E:Flyer gd .lnk
    Présent! E:Chaplin .lnk
    Présent! E:Autres .lnk
    Présent! E:Shadow .lnk
    Présent! E:livre gd vs gd .lnk
    Présent! E:Metamorphose .lnk
    Présent! E:bodoni bauer .lnk
    Présent! E:livre .lnk
    Présent! E:museum .lnk
    Présent! E:TravauxAffiches .lnk
    Présent! E:AUTORUN_ .lnk
    Présent! E:présentation Batory .lnk
    Présent! E:dossier typo .lnk
    Présent! E: .lnk
    Présent! E:AUTORUN.INF
    Présent! E:AUTORUN_.INF
    Présent! G:AUTORUN.INF

    ################## | Registre |

    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsermngr.exe
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltainstaller.exe
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsermngr.exe
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltainstaller.exe

    ################## | Vaccin |

    E:AUTORUN_.INF -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • the-blues-6
    Nombre d'articles : 0

    Merci d’avance pour votre aide !!

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8362

    bonjour fais suppression puis poste le rapport

Le sujet ‘Rapport de recherche usbfix’ est fermé à de nouvelles réponses.