Répondre à : raccourci sur usb 2016-09-08T13:16:53+00:00
londonc
Participant
Post count: 12

voila j’ai arreter malwares alors :p

voila le rapport de suppression de usbfix :)

[spoiler:3qr5zhgb]############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Ji (Administrateur) # JIMMY
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 19:18:27 | 11/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (N76VB)
CPU: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
RAM -> [Total : 12174 | Free : 10115]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Protection antivirus et antispyware McAfee [(!) Disabled | Updated]
AS: Windows Defender : 4.3.0215.0
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 186 Go (80 Go libre(s) – 43%) [OS] # NTFS
D: -> Disque fixe # 258 Go (258 Go libre(s) – 100%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [] # FAT32
G: -> Disque amovible # 2 Go (885 Mo libre(s) – 47%) [] # FAT

################## | Processus Stoppés |

Stoppé! C:Windowsexplorer.exe (ID: 1472 |ParentID: 584)
Stoppé! C:Windowssystem32ctfmon.exe (ID: 1608 |ParentID: 1472)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1168 |ParentID: 744)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe (ID: 1556 |ParentID: 632)
Stoppé! C:Program FilesInternet ExplorerIEXPLORE.EXE (ID: 1828 |ParentID: 1368)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 1388 |ParentID: 1828)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 1260 |ParentID: 744)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 2388 |ParentID: 1828)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWARE | Run : [ASUS InstantKey] – C:Program Files (x86)ASUSASUS Instant KeyIkey_start.exe
04 – HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [mobilegeni daemon] – C:Program Files (x86)MobogenieDaemonProcess.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWAREwow6432Node | Run : [ASUS InstantKey] – C:Program Files (x86)ASUSASUS Instant KeyIkey_start.exe
04 – HKLMSOFTWAREwow6432Node | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [mcpltui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWAREwow6432Node | Run : [mobilegeni daemon] – C:Program Files (x86)MobogenieDaemonProcess.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWARE | RunOnce : [Malwarebytes Anti-Malware (cleanup)] – rundll32.exe “C:ProgramDataMalwarebytesMalwarebytes' Anti-Malwarecleanup.dll”,ProcessCleanupScript
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [Malwarebytes Anti-Malware (cleanup)] – rundll32.exe “C:ProgramDataMalwarebytesMalwarebytes' Anti-Malwarecleanup.dll”,ProcessCleanupScript
04 – HKLMSOFTWARE | PoliciesExplorerrun : [BtvStack] – “C:Program Files (x86)Bluetooth SuiteBtvStack.exe”
04 – HKUS-1-5-21-2507398300-1829493256-101368009-1002SOFTWARE | Run : [Comrade.exe] – C:Program Files (x86)GameSpyComradeComrade.exe
04 – HKUS-1-5-21-2507398300-1829493256-101368009-1002SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersJiAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-2507398300-1829493256-101368009-1002SOFTWARE | Run : [AdobeBridge] –
04 – HKUS-1-5-21-2507398300-1829493256-101368009-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersJiAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-2507398300-1829493256-101368009-1002SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe

################## | Recherche générique |

Supprimé! C:UsersJiAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersJiAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! G:iTunesHelper.vbe
Supprimé! F:bansky03.lnk
Supprimé! F:ChromeSetup(1).lnk
Supprimé! G:.lnk
Supprimé! G:maison.lnk
Supprimé! G:maison3D.lnk
Supprimé! G:P1270062.lnk
Supprimé! G:SuperbikerMettetEnd.lnk
Supprimé! G:P1270053.lnk
Supprimé! G:P1270054.lnk
Supprimé! G:P1270055.lnk
Supprimé! G:Keithharringfin.lnk
Supprimé! G:Affiche.lnk
Supprimé! G:P1270063.lnk
Supprimé! G:1-affiche-enfant.lnk
Supprimé! G:P1270064.lnk
Supprimé! G:P1270065.lnk
Supprimé! G:P1270066.lnk
Supprimé! G:P1270067.lnk
Supprimé! G:P1270068.lnk
Supprimé! G:1-affiche-original.lnk
Supprimé! G:formulairesjim.lnk
Supprimé! G:1-affiche-paquet.lnk
Supprimé! G:1-affiche-texte.lnk
Supprimé! G:P1270069.lnk
Supprimé! G:6-acropole.lnk
Supprimé! G:P1270070.lnk
Supprimé! G:P1270071.lnk
Supprimé! G:exAcropoleManip.lnk
Supprimé! G:exAcropole.lnk
Supprimé! G:Initialisation compte tech.lnk
Supprimé! G:Connexion au réseau wifietudiantprotect.lnk
Supprimé! G:P1270072.lnk
Supprimé! G:P1270073.lnk
Supprimé! G:P1270074.lnk
Supprimé! G:P1270036.lnk
Supprimé! G:P1270037.lnk
Supprimé! G:P1270038.lnk
Supprimé! G:P1270039.lnk
Supprimé! G:P1270040.lnk
Supprimé! G:P1270041.lnk
Supprimé! G:P1270042.lnk
Supprimé! G:P1270043.lnk
Supprimé! G:P1270044.lnk
Supprimé! G:P1270045.lnk
Supprimé! G:P1270046.lnk
Supprimé! G:P1270047.lnk
Supprimé! G:P1270048.lnk
Supprimé! G:P1270049.lnk
Supprimé! G:P1270050.lnk
Supprimé! G:Projet Info.lnk
Supprimé! G:P1270051.lnk
Supprimé! G:P1270056.lnk
Supprimé! G:P1270057.lnk
Supprimé! G:P1270058.lnk
Supprimé! G:P1270059.lnk
Supprimé! G:P1270060.lnk
Supprimé! G:P1270061.lnk
Supprimé! G:P1270028.lnk
Supprimé! G:P1270029.lnk
Supprimé! G:P1270030.lnk
Supprimé! G:P1270031.lnk
Supprimé! G:P1270032.lnk
Supprimé! G:P1270033.lnk
Supprimé! G:P1270034.lnk
Supprimé! G:P1270035.lnk
Supprimé! G:.Trashes.lnk
Supprimé! G:Future Signal.lnk
Supprimé! G:.Spotlight-V100.lnk
Supprimé! G:Jimmy.lnk
Supprimé! G:Keyboard.lnk
Supprimé! G:.mayaSwatches.lnk
Supprimé! G:Noirdésirfin.lnk
Supprimé! G:Massive.lnk
Supprimé! G:2191-Jimmy Havenith.lnk
Supprimé! C:ProgramDataSetStretch.VBS
Supprimé! C:UsersJiAppDataLocalTempWindowsInstaller-KB893803-v2-x86.exe
Supprimé! C:WindowsTasksUpdaterEX.job

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:UsersAll UsersSetStretch.VBS
Md5 : E1E37E7138B0593E29B2F92A453749CB -> C:ProgramDataSetStretch.VBS
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersJiAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:UsersJiAppDataLocalTempiTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> F:iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> G:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-2507398300-1829493256-101368009-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[05/10/2013 – 12:35:00 | SHD ] C:$Recycle.Bin
[11/11/2013 – 19:15:58 | D ] C:AdwCleaner
[07/10/2013 – 18:10:10 | D ] C:Autodesk
[27/11/2012 – 14:00:09 | SHD ] C:Boot
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
[26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
[01/05/2013 – 22:16:38 | D ] C:eSupport
[11/11/2013 – 18:23:50 | ASH | 10212122624] C:hiberfil.sys
[01/05/2013 – 21:57:56 | D ] C:Intel
[28/01/2013 – 03:38:34 | N | 6293504] C:N76VB.BIN
[11/11/2013 – 18:23:50 | ASH | 1811939328] C:pagefile.sys
[26/07/2012 – 08:33:46 | HD ] C:PerfLogs
[20/10/2013 – 11:11:10 | D ] C:Program Files
[11/11/2013 – 16:54:37 | D ] C:Program Files (x86)
[11/11/2013 – 19:21:17 | HD ] C:ProgramData
[04/10/2013 – 12:28:10 | D ] C:sources
[11/11/2013 – 18:23:52 | ASH | 268435456] C:swapfile.sys
[08/11/2013 – 08:33:18 | SHD ] C:System Volume Information
[11/11/2013 – 19:21:14 | D ] C:UsbFix
[11/11/2013 – 19:21:19 | A | 10884] C:UsbFix [Clean 2] JIMMY.txt
[07/11/2013 – 19:07:11 | N | 14242] C:UsbFix [Scan 1] JIMMY.txt
[11/11/2013 – 17:53:30 | N | 13625] C:UsbFix [Scan 2] JIMMY.txt
[11/11/2013 – 18:30:16 | N | 11318] C:UsbFix [Scan 3] JIMMY.txt
[30/09/2013 – 13:29:18 | RD ] C:Users
[11/11/2013 – 18:23:50 | D ] C:Windows
[30/09/2013 – 13:33:56 | SHD ] D:$RECYCLE.BIN
[01/12/2006 – 22:37:14 | N | 904704] D:msdia80.dll
[01/05/2013 – 21:54:06 | SHD ] D:System Volume Information
[20/10/2013 – 21:44:22 | N | 137093] F:bansky03.jpg
[07/11/2013 – 14:45:52 | N | 819184] F:ChromeSetup(1).exe
[29/12/2012 – 12:45:08 | SH | 4096] G:._.Trashes
[24/10/2013 – 10:21:56 | N | 205488] G:maison.mb
[29/12/2012 – 12:45:08 | SHD ] G:.Trashes
[15/09/2013 – 18:33:38 | D ] G:Future Signal
[29/12/2012 – 12:45:10 | SHD ] G:.Spotlight-V100
[17/10/2013 – 10:22:56 | N | 101864] G:maison3D.mb
[20/09/2013 – 15:33:48 | D ] G:Jimmy
[18/10/2013 – 09:20:02 | N | 93433] G:._SuperbikerMettetEnd.psd
[16/10/2013 – 22:28:30 | N | 2370234] G:P1270062.JPG
[18/10/2013 – 09:20:02 | N | 1611740] G:SuperbikerMettetEnd.psd
[18/10/2013 – 09:22:52 | N | 1117435] G:Noirdésirfin.psd
[17/10/2013 – 23:16:54 | N | 17583974] G:Keithharringfin.psd
[18/10/2013 – 09:22:54 | N | 85482] G:._Noirdésirfin.psd
[24/10/2013 – 22:20:38 | N | 1845722] G:Affiche.psd
[18/10/2013 – 10:21:56 | N | 61691] G:._Affiche.psd
[16/10/2013 – 22:28:34 | N | 2447917] G:P1270063.JPG
[04/10/2013 – 10:23:16 | N | 76541] G:._Exercice1jimmy.psd
[07/10/2013 – 20:42:44 | D ] G:Keyboard
[24/10/2013 – 22:21:38 | N | 1554462] G:1-affiche-enfant.psd
[18/10/2013 – 10:22:52 | N | 110235] G:._1-affiche-enfant.psd
[16/10/2013 – 22:28:42 | N | 2376235] G:P1270064.JPG
[17/10/2013 – 01:04:44 | N | 2318312] G:P1270065.JPG
[17/10/2013 – 01:04:50 | N | 2416743] G:P1270066.JPG
[17/10/2013 – 01:04:54 | N | 2457786] G:P1270067.JPG
[17/10/2013 – 01:05:24 | N | 2210479] G:P1270068.JPG
[20/08/2009 – 16:44:22 | N | 185703] G:1-affiche-original.jpg
[18/10/2013 – 15:32:28 | N | 2389] G:formulairesjim.html
[20/08/2009 – 16:43:58 | N | 1682768] G:1-affiche-paquet.psd
[18/10/2013 – 15:32:40 | N | 4096] G:._formulairesjim.html
[20/08/2009 – 16:43:50 | N | 622380] G:1-affiche-texte.psd
[24/10/2013 – 10:21:56 | D ] G:.mayaSwatches
[17/10/2013 – 01:05:26 | N | 2035614] G:P1270069.JPG
[12/10/2011 – 10:38:48 | N | 1459889] G:6-acropole.PSD
[17/10/2013 – 01:05:32 | N | 1939157] G:P1270070.JPG
[17/10/2013 – 01:05:34 | N | 2370314] G:P1270071.JPG
[24/10/2013 – 23:21:06 | N | 1478192] G:exAcropoleManip.psd
[24/10/2013 – 23:20:48 | N | 3360833] G:exAcropole.psd
[24/10/2013 – 23:39:06 | N | 23854] G:Initialisation compte tech.pdf
[24/10/2013 – 23:42:10 | N | 793856] G:Connexion au réseau wifietudiantprotect.pdf
[17/10/2013 – 01:05:36 | N | 1944755] G:P1270072.JPG
[17/10/2013 – 08:53:08 | N | 1723012] G:P1270073.JPG
[17/10/2013 – 08:53:20 | N | 2426787] G:P1270074.JPG
[16/10/2013 – 20:46:06 | N | 2133410] G:P1270036.JPG
[16/10/2013 – 20:46:22 | N | 2489389] G:P1270037.JPG
[16/10/2013 – 20:46:24 | N | 2457664] G:P1270038.JPG
[16/10/2013 – 20:46:28 | N | 2442726] G:P1270039.JPG
[16/10/2013 – 20:52:50 | N | 2439234] G:P1270040.JPG
[16/10/2013 – 20:52:54 | N | 2389700] G:P1270041.JPG
[16/10/2013 – 21:01:54 | N | 2457893] G:P1270042.JPG
[16/10/2013 – 21:02:00 | N | 2427230] G:P1270043.JPG
[16/10/2013 – 21:02:06 | N | 2326352] G:P1270044.JPG
[16/10/2013 – 21:02:16 | N | 2507455] G:P1270045.JPG
[16/10/2013 – 21:02:54 | N | 2429261] G:P1270046.JPG
[16/10/2013 – 21:03:06 | N | 2489988] G:P1270047.JPG
[16/10/2013 – 21:04:50 | N | 2165087] G:P1270048.JPG
[16/10/2013 – 21:04:56 | N | 2366749] G:P1270049.JPG
[16/10/2013 – 22:08:08 | N | 2119968] G:P1270050.JPG
[16/10/2013 – 22:08:42 | N | 2296915] G:P1270051.JPG
[16/10/2013 – 22:26:42 | N | 2145738] G:P1270052.JPG
[16/10/2013 – 22:27:00 | N | 1988521] G:P1270053.JPG
[16/10/2013 – 22:27:12 | N | 2492126] G:P1270054.JPG
[16/10/2013 – 22:27:16 | N | 2471437] G:P1270055.JPG
[16/10/2013 – 22:27:22 | N | 2407150] G:P1270056.JPG
[16/10/2013 – 22:27:28 | N | 2455158] G:P1270057.JPG
[16/10/2013 – 22:27:36 | N | 1797699] G:P1270058.JPG
[16/10/2013 – 22:27:52 | N | 2341415] G:P1270059.JPG
[16/10/2013 – 22:27:56 | N | 1952392] G:P1270060.JPG
[16/10/2013 – 22:28:16 | N | 1971457] G:P1270061.JPG
[16/10/2013 – 20:28:18 | N | 2353104] G:P1270028.JPG
[16/10/2013 – 20:28:22 | N | 2521324] G:P1270029.JPG
[16/10/2013 – 20:28:28 | N | 2413126] G:P1270030.JPG
[16/10/2013 – 20:28:48 | N | 2219159] G:P1270031.JPG
[07/12/2012 – 10:34:26 | D ] G:Projet Info
[16/10/2013 – 20:28:52 | N | 2278010] G:P1270032.JPG
[16/10/2013 – 20:28:56 | N | 2333485] G:P1270033.JPG
[16/10/2013 – 20:29:02 | N | 2093358] G:P1270034.JPG
[16/10/2013 – 20:29:20 | N | 2311284] G:P1270035.JPG
[08/01/2013 – 17:17:32 | D ] G:Massive
[11/11/2013 – 18:22:42 | N | 0] G:P1270052.lnk
[07/11/2013 – 08:28:52 | D ] G:2191-Jimmy Havenith

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:3qr5zhgb]