Répondre à : clé usb infecté voila le rapport aidez moi 2016-09-08T13:41:26+00:00
Photo du profil de iyed65iyed65
Participant
Post count: 1

@iyed65 wrote:

############################## | UsbFix V 7.171 | [Recherche]

Utilisateur: iyed (Administrateur) # TAHAR
Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
Lancé à 04:26:38 | 19/05/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Dell Inc. (0TFXK9)
CPU: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
RAM -> [Total : 3036 Mo| Free : 2172 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 8 Professionnel (6.2.9200 32-Bit)
WB: Windows Internet Explorer : 10.0.9200.16897
WB: Google Chrome : 34.0.1847.131
WB: Mozilla Firefox : 29.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Windows Defender [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C: (%SystemDrive%) -> Disque fixe # 98 Go (25 Go libre(s) – 26%) [] # NTFS
D: -> Disque fixe # 200 Go (119 Go libre(s) – 59%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 2 Go (1 Go libre(s) – 58%) [TAHERGRASSI] # FAT32

################## | Processus Actif |

C:WindowsSystem32smss.exe (ID: 288|ParentID: 4|Système)
C:WindowsSystem32wininit.exe (ID: 496|ParentID: 400)
C:WindowsSystem32services.exe (ID: 564|ParentID: 496)
C:WindowsSystem32winlogon.exe (ID: 592|ParentID: 488)
C:WindowsSystem32lsass.exe (ID: 600|ParentID: 496)
C:WindowsSystem32svchost.exe (ID: 704|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 744|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 804|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 928|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 948|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 984|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 1216|ParentID: 564)
C:WindowsSystem32spoolsv.exe (ID: 1536|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 1564|ParentID: 564)
C:WindowsSystem32AdminService.exe (ID: 1708|ParentID: 564)
C:Program FilesMovies ToolbarDatamngrDatamngrCoordinator.exe (ID: 1756|ParentID: 564)
C:Program FilesMovies ToolbarDatamngrDatamngrCoordinator.exe (ID: 1876|ParentID: 1756)
C:Program FilesSoftwareUpdaterUpdaterService.exe (ID: 1956|ParentID: 564)
C:WindowsSystem32svchost.exe (ID: 2044|ParentID: 564)
C:UsersiyedAppDataLocalTorchUpdateTorchCrashHandler.exe (ID: 492|ParentID: 564)
C:Program FilesWindows DefenderMsMpEng.exe (ID: 760|ParentID: 564)
C:WindowsSystem32taskhostex.exe (ID: 576|ParentID: 564|Aucun)
C:Windowsexplorer.exe (ID: 1740|ParentID: 1456|Aucun)
C:WindowsSystem32svchost.exe (ID: 2928|ParentID: 564)
C:WindowsSystem32SearchIndexer.exe (ID: 2968|ParentID: 564)
C:Program FilesDivXDivX UpdateDivXUpdate.exe (ID: 3756|ParentID: 1740|Aucun)
C:UsersiyedAppDataLocalFilesFrog Update Checkerupdate_checker.exe (ID: 3980|ParentID: 564|Aucun)
C:UsersiyedAppDataLocalApps2.0JBW9VEAD.9625Q46QRY0.MP7dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2cDellSystemDetect.exe (ID: 3988|ParentID: 3864|Aucun)
C:Program FilesDell Digital DeliveryDeliveryService.exe (ID: 3716|ParentID: 564)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1332|ParentID: 564)
C:WindowsSystem32taskeng.exe (ID: 3152|ParentID: 948)
C:Program FilesInternet Download ManagerIDMan.exe (ID: 1964|ParentID: 1740|Aucun)
C:Program FilesInternet Download ManagerIEMonitor.exe (ID: 2772|ParentID: 1964|Aucun)
C:WindowsSystem32audiodg.exe (ID: 2784|ParentID: 804)
C:UsbFixUsbFix.exe (ID: 3680|ParentID: 2480|Aucun)

################## | Autorun |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [IDMan] C:Program FilesInternet Download ManagerIDMan.exe /onboot
04 – HKCU..Run : [Facebook Update] “C:UsersiyedAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKCU..Run : [uTorrent] “C:UsersiyedAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
04 – HKCU..Run : [NextLive] C:Windowssystem32rundll32.exe “C:UsersiyedAppDataRoamingnewnext.menengine.dll”,EntryPoint -m l
04 – HKCU..Run : [UpdateChecker] C:UsersiyedAppDataLocalPopajarUpdateCheckerUpdateCheckerApp.exe
04 – HKCU..Run : [DellSystemDetect] C:UsersiyedAppDataRoamingMicrosoftWindowsStart MenuProgramsDellDell System Detect.appref-ms
04 – HKCU..Run : [iLivid] “C:UsersiyedAppDataLocaliLividiLivid.exe” -autorun
04 – HKCU..Run : [ACEStream] C:UsersiyedAppDataRoamingACEStreamengineace_engine.exe
04 – HKLM..Run : [mobilegeni daemon] C:Program FilesMobogenieDaemonProcess.exe
04 – HKLM..Run : [YTDownloader] “C:Program FilesYTDownloaderYTDownloader.exe” /boot
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [DivXUpdate] “C:Program FilesDivXDivX UpdateDivXUpdate.exe” /CHECKNOW
04 – HKLM..RunOnce : [network_pubdirecte_1] “C:UsersiyedAppDataLocalTempBI_RunOnce.exe” /initurl http://d3jsbkpsgh9q55.cloudfront.net/init/N8NpZ9zWy/:uid:” onclick=”window.open(this.href);return false;? /affid “-” /id “0” /name ” ” /uniqid N8NpZ9zWy /uuid 4C4C4544-0053-3810-8032-CAC04F515131 /biosserial JS82QQ1 /biosversion DELL – 27da0b1a /csname Vostro 1015
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [IDMan] C:Program FilesInternet Download ManagerIDMan.exe /onboot
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [Facebook Update] “C:UsersiyedAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [uTorrent] “C:UsersiyedAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [NextLive] C:Windowssystem32rundll32.exe “C:UsersiyedAppDataRoamingnewnext.menengine.dll”,EntryPoint -m l
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [UpdateChecker] C:UsersiyedAppDataLocalPopajarUpdateCheckerUpdateCheckerApp.exe
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [DellSystemDetect] C:UsersiyedAppDataRoamingMicrosoftWindowsStart MenuProgramsDellDell System Detect.appref-ms
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [iLivid] “C:UsersiyedAppDataLocaliLividiLivid.exe” -autorun
04 – HKUS-1-5-21-803005294-362569602-2448286538-1001..Run : [ACEStream] C:UsersiyedAppDataRoamingACEStreamengineace_engine.exe

################## | Recherche générique |

Présent! D:avast! Free Antivirus.lnk
Présent! D:CrystalDiskInfo.lnk
Présent! D:WinZip.lnk
Présent! F:TAHERGRASSI (2GB).lnk
Présent! F:128_Derniere_Danse_-_Indila_(Mashup_R)_(2014)_[_¡_Daniel_Dj_!_]_-_sc_kiwimp3.lnk

################## | Registre |

Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbpsvc.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsersafeguard.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsdprotectsvc.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsjumpflip
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotectedsearch.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchinstaller.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotection.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotector.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchsettings.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchsettings64.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssnapdo.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst32.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst64.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsumbrella.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsutiljumpflip.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsvolaro
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsvonteera
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionswebsteroids.exe
Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionswebsteroidsservice.exe

################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |