virus disck dur 2013-10-22T18:50:39+00:00
  • Auteur
    Messages
  • djamel
    Nombre d'articles : 0

    ############################## | UsbFix V 7.145 | [Recherche]

    Utilisateur: Afs erdogan (Administrateur) # AFSERDOGAN-HP
    Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 18:54:26 | 22/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (166B)
    CPU: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
    RAM -> [Total : 3894 | Free : 1820]
    Bios: Insyde
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16721

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Kaspersky Internet Security [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 450 Go (317 Go libre(s) – 70%) [] # NTFS
    D: -> Disque fixe # 16 Go (2 Go libre(s) – 12%) [RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> Disque fixe # 99 Mo (85 Mo libre(s) – 85%) [HP_TOOLS] # FAT32
    G: -> Disque amovible # 15 Go (15 Go libre(s) – 96%) [AFS AFS] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID 544 |ParentID 504)
    C:Windowssystem32wininit.exe (ID 744 |ParentID 504)
    C:Windowssystem32csrss.exe (ID 764 |ParentID 752)
    C:Windowssystem32services.exe (ID 804 |ParentID 744)
    C:Windowssystem32lsass.exe (ID 828 |ParentID 744)
    C:Windowssystem32lsm.exe (ID 836 |ParentID 744)
    C:Windowssystem32svchost.exe (ID 940 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 1012 |ParentID 804)
    C:Windowssystem32atiesrxx.exe (ID 452 |ParentID 804)
    C:Windowssystem32winlogon.exe (ID 580 |ParentID 752)
    C:WindowsSystem32svchost.exe (ID 612 |ParentID 804)
    C:WindowsSystem32svchost.exe (ID 656 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 684 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 888 |ParentID 804)
    C:Program FilesIDTWDMSTacSV64.exe (ID 884 |ParentID 804)
    C:WindowsservicingTrustedInstaller.exe (ID 1196 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 1324 |ParentID 804)
    C:Windowssystem32WLANExt.exe (ID 1424 |ParentID 656)
    C:Windowssystem32conhost.exe (ID 1432 |ParentID 544)
    C:WindowsSystem32spoolsv.exe (ID 1508 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 1536 |ParentID 804)
    C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe (ID 1620 |ParentID 804)
    C:Program Files (x86)AutodeskContent ServiceConnect.Service.ContentService.exe (ID 1668 |ParentID 804)
    C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012avp.exe (ID 1948 |ParentID 804)
    C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID 1996 |ParentID 804)
    C:WindowsSysWOW64ezSharedSvcHost.exe (ID 1208 |ParentID 804)
    C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (ID 1436 |ParentID 804)
    C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID 1892 |ParentID 804)
    C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID 2120 |ParentID 804)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 2156 |ParentID 804)
    C:Program FilesAutodesk3ds Max 2012mentalimagessatelliteraysat_3dsmax2012_64server.exe (ID 2180 |ParentID 804)
    c:Program Files (x86)Microsoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe (ID 2208 |ParentID 804)
    C:Program Files (x86)PDF Completepdfsvc.exe (ID 2244 |ParentID 804)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID 2672 |ParentID 804)
    c:Program Files (x86)Microsoft SQL Server90Sharedsqlbrowser.exe (ID 2732 |ParentID 804)
    c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (ID 2768 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 2828 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 2852 |ParentID 804)
    C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.0.12ToolbarUpdater.exe (ID 2960 |ParentID 804)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3000 |ParentID 804)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID 3036 |ParentID 804)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2084 |ParentID 3000)
    C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.0.12loggingserver.exe (ID 3104 |ParentID 2960)
    C:Windowssystem32conhost.exe (ID 3112 |ParentID 544)
    C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID 3124 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 3356 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 3504 |ParentID 804)
    C:Windowssystem32svchost.exe (ID 3560 |ParentID 804)
    C:Windowssystem32atieclxx.exe (ID 4768 |ParentID 452)
    C:Windowssystem32taskhost.exe (ID 4984 |ParentID 804)
    C:Windowssystem32Dwm.exe (ID 1268 |ParentID 656)
    C:WindowsExplorer.EXE (ID 4020 |ParentID 5060)
    C:WindowsSystem32igfxtray.exe (ID 4100 |ParentID 4020)
    C:WindowsSystem32hkcmd.exe (ID 4696 |ParentID 4020)
    C:WindowsSystem32igfxpers.exe (ID 4680 |ParentID 4020)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 4848 |ParentID 4020)
    C:Program FilesIDTWDMsttray64.exe (ID 4640 |ParentID 4020)
    C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID 3880 |ParentID 4020)
    C:WindowsSystem32WUDFHost.exe (ID 4676 |ParentID 656)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 2540 |ParentID 4848)
    C:Program FilesWindows Sidebarsidebar.exe (ID 1960 |ParentID 4020)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID 908 |ParentID 4020)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 4736 |ParentID 432)
    C:Windowssystem32SearchIndexer.exe (ID 4948 |ParentID 804)
    C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe (ID 1572 |ParentID 432)
    C:Program Files (x86)PictureMoverBinPictureMover.exe (ID 4920 |ParentID 4020)
    C:Program Files (x86)Ask.comUpdaterUpdater.exe (ID 4336 |ParentID 432)
    C:Program Files (x86)AVG Secure Searchvprot.exe (ID 3592 |ParentID 432)
    C:Windowssystem32svchost.exe (ID 4520 |ParentID 804)
    C:Windowssystem32taskeng.exe (ID 1676 |ParentID 888)
    C:Program Files (x86)BrowserCompanionBCHelper.exe (ID 3964 |ParentID 432)
    C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (ID 524 |ParentID 1676)
    C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe (ID 5512 |ParentID 432)
    C:WindowsSysWOW64RunDll32.exe (ID 5532 |ParentID 908)
    C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012avp.exe (ID 5588 |ParentID 432)
    C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (ID 5636 |ParentID 432)
    C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID 5644 |ParentID 940)
    C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID 5668 |ParentID 432)
    C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe (ID 5888 |ParentID 5644)
    C:Windowssystem32wbemwmiprvse.exe (ID 5928 |ParentID 940)
    C:Windowssystem32wbemwmiprvse.exe (ID 6084 |ParentID 940)
    C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID 4472 |ParentID 804)
    C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID 5944 |ParentID 804)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2704 |ParentID 1224)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPrivacyIconClient.exe (ID 1548 |ParentID 4656)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID 5600 |ParentID 804)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 5884 |ParentID 804)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 6408 |ParentID 804)
    C:Program Files (x86)NeroUpdateNASvc.exe (ID 6492 |ParentID 804)
    C:Windowssystem32sppsvc.exe (ID 6652 |ParentID 804)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID 2492 |ParentID 804)
    C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 6212 |ParentID 804)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 5472 |ParentID 2704)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID 6888 |ParentID 5032)
    C:Windowssystem32taskeng.exe (ID 600 |ParentID 888)
    C:UsbFixGo.exe (ID 6160 |ParentID 6704)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    HKLMSOFTWARE | Run : [IMSS] – “C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe”
    HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
    HKLMSOFTWARE | Run : [] –
    HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
    HKLMSOFTWARE | Run : [DATAMNGR] – C:PROGRA~2SEARCH~1DatamngrDATAMN~1.EXE
    HKLMSOFTWARE | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    HKLMSOFTWARE | Run : [Browser companion helper] – C:Program Files (x86)BrowserCompanionBCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
    HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWARE | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
    HKLMSOFTWARE | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
    HKLMSOFTWARE | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012avp.exe”
    HKLMSOFTWARE | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    HKLMSOFTWAREwow6432Node | Run : [IMSS] – “C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe”
    HKLMSOFTWAREwow6432Node | Run : [Microsoft Default Manager] – “C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
    HKLMSOFTWAREwow6432Node | Run : [] –
    HKLMSOFTWAREwow6432Node | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
    HKLMSOFTWAREwow6432Node | Run : [DATAMNGR] – C:PROGRA~2SEARCH~1DatamngrDATAMN~1.EXE
    HKLMSOFTWAREwow6432Node | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    HKLMSOFTWAREwow6432Node | Run : [Browser companion helper] – C:Program Files (x86)BrowserCompanionBCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
    HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWAREwow6432Node | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
    HKLMSOFTWAREwow6432Node | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
    HKLMSOFTWAREwow6432Node | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-328482170-698208354-2614779597-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    HKUS-1-5-21-328482170-698208354-2614779597-1000SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    HKUS-1-5-21-328482170-698208354-2614779597-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    HKUS-1-5-21-328482170-698208354-2614779597-1000SOFTWARE | Run : [EPSON SX218 Series] – C:Windowssystem32spoolDRIVERSx643E_IATIGDE.EXE /FU “C:WindowsTEMPE_SC7A3.tmp” /EF “HKCU”
    HKUS-1-5-21-328482170-698208354-2614779597-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Éléments infectieux |

    Présent! G:AFS AFS (16GB).lnk
    Présent! D:desktop.ini
    Présent! G:AutoRun.inf
    Présent! G:desktop.ini

    ################## | Registre |

    Présent! HKUS-1-5-21-328482170-698208354-2614779597-1000SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
    HKCU….ExplorerMountPoints2{26ca7945-4f10-11e1-b267-cc52aff40f22}
    ShellAutoRunCommand = G:HPLauncher.exe

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Anonyme
    Nombre d'articles : 0

    Bonjour ,Bonsoir ,Merci ,s’il vous plait ….

    Tu connais ?

    Merci de prendre connaissance de la charte du site : reglement-charte-forum-sosvirus-t334.html

    [hr:2pbjeic5]

    • Exécute UsbFix
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

Le sujet ‘virus disck dur’ est fermé à de nouvelles réponses.