Répondre à : virus clé usb qui crée des raccourcis 2016-09-08T13:14:09+00:00
Photo du profil de ardnonoardnono
Participant
Nombre d'articles : 3

Bonjour,

J’ai fais suppression, il n’a pas bloqué à 14%. Il a donc redémarrer mais il a dû rencontrer une erreur car j’ai trouvé 0xc000021a à la fin du redémarrage quand il y a l’écran bleu. Et puis quand j’ai ouvert ma session tout était fermé même usbfix du coup je n’ai pas pu prendre de rapport à la fin de la suppression donc j’ai relancé usbfix et fais une recherche et voici à nouveau le rapport :
Que m’indique t-il? Y a t-il toujours un virus?
Bien à vous.

############################## | UsbFix V 7.149 | [Recherche]

Utilisateur: ard (Administrateur) # ARD
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 11:51:37 | 06/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (18FC)
CPU: Intel(R) Core(TM) i3-2375M CPU @ 1.50GHz
RAM -> [Total : 8082 | Free : 4988]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 905 Go (847 Go libre(s) – 94%) [] # NTFS
D: -> Disque fixe # 26 Go (3 Go libre(s) – 12%) [RECOVERY] # NTFS
E: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [STORE N GO] # FAT32

################## | Référence de comparaison MD5 |

Md5 : 00ce86006366a1dcc8c6d4ab09eec175 -> C:UsersardAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : DENIED -> C:UsersardAppDataLocalTempiTunesHelper.vbe
Md5 : DENIED -> E:iTunesHelper.vbe
Md5 : 00ce86006366a1dcc8c6d4ab09eec175 -> C:UsersardAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : DENIED -> C:UsersardAppDataLocalTempiTunesHelper.vbe
Md5 : 00ce86006366a1dcc8c6d4ab09eec175 -> E:iTunesHelper.vbe

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 952 |ParentID: 944)
C:Windowssystem32csrss.exe (ID: 1000 |ParentID: 992)
C:Windowssystem32wininit.exe (ID: 1008 |ParentID: 944)
C:Windowssystem32winlogon.exe (ID: 540 |ParentID: 992)
C:Windowssystem32services.exe (ID: 268 |ParentID: 1008)
C:Windowssystem32lsass.exe (ID: 944 |ParentID: 1008)
C:Windowssystem32svchost.exe (ID: 1120 |ParentID: 268)
C:Program FilesBitdefenderBitdefendervsserv.exe (ID: 1160 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 1456 |ParentID: 268)
C:Windowssystem32dwm.exe (ID: 1592 |ParentID: 540)
C:WindowsSystem32svchost.exe (ID: 1608 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 1676 |ParentID: 268)
C:WindowsservicingTrustedInstaller.exe (ID: 1708 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 1732 |ParentID: 268)
C:WindowsSystem32svchost.exe (ID: 1784 |ParentID: 268)
C:Program FilesIDTWDMSTacSV64.exe (ID: 1836 |ParentID: 268)
C:Windowssystem32Hpservice.exe (ID: 1520 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 2020 |ParentID: 268)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1572 |ParentID: 268)
C:WindowsSystem32spoolsv.exe (ID: 2376 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 2416 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 2560 |ParentID: 268)
C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 2600 |ParentID: 268)
C:Program FilesBonjourmDNSResponder.exe (ID: 2624 |ParentID: 268)
C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 2676 |ParentID: 268)
C:Program FilesInteliCLS ClientHeciServer.exe (ID: 2768 |ParentID: 268)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 2792 |ParentID: 268)
C:Program FilesBitdefenderBitdefenderupdatesrv.exe (ID: 2916 |ParentID: 268)
C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID: 2948 |ParentID: 268)
C:Program FilesBitdefenderBitdefender SafeBoxsafeboxservice.exe (ID: 3060 |ParentID: 268)
C:Windowssystem32msiexec.exe (ID: 3180 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 3396 |ParentID: 268)
C:Windowssystem32svchost.exe (ID: 3904 |ParentID: 268)
C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 2876 |ParentID: 268)
C:Program Files (x86)Hewlett-PackardHP Connected RemoteHPConnectedRemoteService.exe (ID: 3120 |ParentID: 268)
C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 1524 |ParentID: 268)
C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 3488 |ParentID: 268)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 3216 |ParentID: 268)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3272 |ParentID: 268)
C:Windowssystem32SearchIndexer.exe (ID: 2444 |ParentID: 268)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 2468 |ParentID: 268)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2880 |ParentID: 268)
C:Windowssystem32wbemwmiprvse.exe (ID: 1504 |ParentID: 1120)
C:Windowssystem32taskhostex.exe (ID: 4752 |ParentID: 268)
C:Windowssystem32taskeng.exe (ID: 4832 |ParentID: 1676)
C:WindowsExplorer.EXE (ID: 4912 |ParentID: 4808)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 4164 |ParentID: 268)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 2820 |ParentID: 1100)
C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID: 5036 |ParentID: 1784)
C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweLiveComm.exe (ID: 5064 |ParentID: 1120)
C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe (ID: 5032 |ParentID: 5036)
C:WindowsSystem32RuntimeBroker.exe (ID: 4140 |ParentID: 1120)
C:Windowssystem32wbemwmiprvse.exe (ID: 4556 |ParentID: 1120)
C:WindowsSystem32hkcmd.exe (ID: 1644 |ParentID: 4912)
C:WindowsSystem32igfxpers.exe (ID: 4012 |ParentID: 4912)
C:Program FilesIDTWDMsttray64.exe (ID: 2912 |ParentID: 4912)
C:Program FilesBitdefenderBitdefenderbdagent.exe (ID: 2224 |ParentID: 4912)
C:Program FilesBitdefenderBitdefenderpmbxag.exe (ID: 5356 |ParentID: 4912)
C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (ID: 5396 |ParentID: 268)
C:Program FilesBitdefenderBitdefenderantispam32bdapppassmgr.exe (ID: 5412 |ParentID: 4912)
C:WindowsSystem32wscript.exe (ID: 5428 |ParentID: 4912)
C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 5588 |ParentID: 5444)
C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID: 5616 |ParentID: 5444)
C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe (ID: 5728 |ParentID: 5444)
C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 5756 |ParentID: 268)
C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 5804 |ParentID: 5444)
C:Program Files (x86)Hewlett-PackardHP Connected RemoteHPConnectedRemoteUser.exe (ID: 6076 |ParentID: 3120)
C:WindowsSysWOW64ctfmon.exe (ID: 5552 |ParentID: 5804)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5632 |ParentID: 5404)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5712 |ParentID: 5632)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1864 |ParentID: 5632)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2124 |ParentID: 5632)
C:Program Files (x86)Bluetooth SuiteBtTray.exe (ID: 3132 |ParentID: 2388)
C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 5572 |ParentID: 2388)
C:Program Files (x86)Bluetooth SuiteActivateDesktop.exe (ID: 2252 |ParentID: 5572)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6360 |ParentID: 5632)
C:Windowswinsxsamd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79TiWorker.exe (ID: 6588 |ParentID: 1120)
C:UsbFixGo.exe (ID: 6568 |ParentID: 6240)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWARE | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-4118091808-3289621584-846348440-1001SOFTWARE | Run : [Fnac Cloud] – C:Program Files (x86)Pack FnacFnac CloudFnacCloud.exe
04 – HKUS-1-5-21-4118091808-3289621584-846348440-1001SOFTWARE | Run : [Bitdefender Wallet Agent] – “C:Program FilesBitdefenderBitdefenderpmbxag.exe”
04 – HKUS-1-5-21-4118091808-3289621584-846348440-1001SOFTWARE | Run : [Bitdefender Agent de l’application Wallet] – “C:Program FilesBitdefenderBitdefenderantispam32bdapppassmgr.exe”
04 – HKUS-1-5-21-4118091808-3289621584-846348440-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersardAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-18SOFTWARE | Run : [Bitdefender Wallet Agent] – “C:Program FilesBitdefenderBitdefenderpmbxag.exe”
04 – HKUS-1-5-18SOFTWARE | Run : [Bitdefender Wallet] – “C:Program FilesBitdefenderBitdefenderpwdmanui.exe” –hidden –nowizard
04 – HKUS-1-5-18SOFTWARE | Run : [Bitdefender Agent de l’application Wallet] – “C:Program FilesBitdefenderBitdefenderantispam32bdapppassmgr.exe”

################## | Recherche générique |

Présent! C:UsersardAppDataLocalTempiTunesHelper.vbe
Présent! C:UsersardAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! E:iTunesHelper.vbe
Présent! E:Plaquette-FEAWEB6-WEB.lnk

################## | Comparaison MD5 |

################## | Registre |

Présent! HKUS-1-5-21-4118091808-3289621584-846348440-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |