Voici le premier rapport, j'attaque le second:
############################## | UsbFix V 7.145 | [Recherche]
Utilisateur: michael (Administrateur) # MSI
Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à 11:37:57 | 28/10/2013
Site Web:
http://www.usbfix.net/" onclick="window.open(this.href);return false;
Forum :
http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware:
http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact:
http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;
PC: Micro-Star International Co., Ltd. (MS-1756)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
RAM -> [Total : 8081 | Free : 5578]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16721
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 545 Go (369 Go libre(s) - 68%) [OS_Install] # NTFS
D:\ -> Disque fixe # 134 Go (134 Go libre(s) - 100%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 15 Go (8 Go libre(s) - 56%) [USB20FD] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID 476 |ParentID 424)
C:\Windows\system32\wininit.exe (ID 552 |ParentID 424)
C:\Windows\system32\csrss.exe (ID 572 |ParentID 564)
C:\Windows\system32\winlogon.exe (ID 624 |ParentID 564)
C:\Windows\system32\services.exe (ID 664 |ParentID 552)
C:\Windows\system32\lsass.exe (ID 712 |ParentID 552)
C:\Windows\system32\svchost.exe (ID 820 |ParentID 664)
C:\Windows\system32\nvvsvc.exe (ID 856 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 900 |ParentID 664)
C:\Windows\System32\svchost.exe (ID 968 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 996 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 124 |ParentID 664)
C:\Windows\system32\dwm.exe (ID 568 |ParentID 624)
C:\Windows\System32\svchost.exe (ID 840 |ParentID 664)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1060 |ParentID 856)
C:\Windows\system32\nvvsvc.exe (ID 1072 |ParentID 856)
C:\Windows\system32\svchost.exe (ID 1164 |ParentID 664)
C:\Windows\System32\spoolsv.exe (ID 1520 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 1548 |ParentID 664)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (ID 1724 |ParentID 664)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID 1788 |ParentID 664)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 1840 |ParentID 664)
C:\Windows\system32\dashost.exe (ID 1852 |ParentID 840)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID 1904 |ParentID 664)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 1972 |ParentID 664)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID 1996 |ParentID 664)
C:\Program Files (x86)\SCM\MSIService.exe (ID 2020 |ParentID 664)
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (ID 2040 |ParentID 664)
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID 1148 |ParentID 664)
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe (ID 1612 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 2116 |ParentID 664)
C:\Program Files\Windows Defender\MsMpEng.exe (ID 2192 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 2816 |ParentID 664)
C:\Windows\system32\svchost.exe (ID 2944 |ParentID 664)
C:\Windows\System32\WUDFHost.exe (ID 2956 |ParentID 840)
C:\Windows\System32\WUDFHost.exe (ID 2772 |ParentID 840)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID 4020 |ParentID 1996)
C:\Windows\system32\taskhostex.exe (ID 4056 |ParentID 664)
C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (ID 3264 |ParentID 664)
C:\Windows\Explorer.EXE (ID 3388 |ParentID 3248)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (ID 3324 |ParentID 820)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID 3172 |ParentID 1060)
C:\Windows\system32\SearchIndexer.exe (ID 3484 |ParentID 664)
C:\Windows\System32\igfxtray.exe (ID 4524 |ParentID 3388)
C:\Windows\System32\hkcmd.exe (ID 4764 |ParentID 3388)
C:\Windows\System32\igfxpers.exe (ID 4316 |ParentID 3388)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 4720 |ParentID 3388)
C:\Program Files\Elantech\ETDCtrl.exe (ID 2596 |ParentID 3388)
C:\Windows\System32\rundll32.exe (ID 4188 |ParentID 3388)
C:\Windows\System32\RuntimeBroker.exe (ID 4608 |ParentID 820)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID 4360 |ParentID 2596)
C:\Windows\System32\rundll32.exe (ID 4504 |ParentID 3388)
C:\Program Files (x86)\Steam\Steam.exe (ID 1124 |ParentID 3388)
C:\Program Files (x86)\Overwolf\Overwolf.exe (ID 4708 |ParentID 3388)
C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe (ID 3288 |ParentID 3388)
C:\Program Files\WinZip\WZQKPICK32.EXE (ID 4940 |ParentID 3388)
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (ID 4196 |ParentID 4660)
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (ID 4752 |ParentID 4660)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (ID 4388 |ParentID 664)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID 4036 |ParentID 4660)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4676 |ParentID 4660)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID 4168 |ParentID 4660)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (ID 4312 |ParentID 664)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ID 5452 |ParentID 664)
C:\Windows\SysWOW64\explorer.exe (ID 5284 |ParentID 6020)
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (ID 6064 |ParentID 4708)
C:\Users\Public\iAStorIcon.exe (ID 6104 |ParentID 6020)
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe (ID 3236 |ParentID 4708)
C:\Program Files (x86)\MixVibes\Drivers\U-MIX CONTROL PRO\umcp-volume-panel.exe (ID 3256 |ParentID 3388)
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (ID 5140 |ParentID 3388)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID 5464 |ParentID 4260)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 2096 |ParentID 664)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 4384 |ParentID 664)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (ID 312 |ParentID 664)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 3456 |ParentID 664)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 2500 |ParentID 664)
C:\Program Files\WindowsApps\Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe\glcnd.exe (ID 2856 |ParentID 820)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2884 |ParentID 4856)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3000 |ParentID 2884)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5864 |ParentID 2884)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4636 |ParentID 2884)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5000 |ParentID 2884)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2996 |ParentID 2884)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1384 |ParentID 2884)
C:\UsbFix\Go.exe (ID 356 |ParentID 6040)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4872 |ParentID 820)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE | Run : [THX Audio Control Panel] - "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
HKLM\SOFTWARE | Run : [UpdReg] - C:\Windows\UpdReg.EXE
HKLM\SOFTWARE | Run : [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE\wow6432Node | Run : [THX Audio Control Panel] - "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
HKLM\SOFTWARE\wow6432Node | Run : [UpdReg] - C:\Windows\UpdReg.EXE
HKLM\SOFTWARE\wow6432Node | Run : [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-21-1309738982-2199200788-1016268891-1002\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-1309738982-2199200788-1016268891-1002\SOFTWARE | Run : [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1309738982-2199200788-1016268891-1002\SOFTWARE | Run : [8jusched] - C:\Users\Public\jusched.exe
################## | à‰léments infectieux |
Présent! C:\Users\michael\AppData\Roaming\94372403\ak.tmp
Présent! C:\Users\michael\AppData\Roaming\94372403
Présent! C:\Users\Public\jusched.exe
Présent! C:\Users\michael\AppData\Roaming\michael-wchelper.dll
Présent! C:\Users\michael\AppData\Local\Temp\michael7
Présent! C:\Users\michael\AppData\Local\Temp\michael8
################## | Registre |
################## | Vaccin |
C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F |
http://www.usbfix.net" onclick="window.open(this.href);return false; -
http://www.sosvirus.net" onclick="window.open(this.href);return false; |