- jeu. 14 mars 2013 17:01
#1771
Bonjour, ma clé USB est infectée et tous mes dossiers sont cryptés. J'ai téléchargé USBFix et procéder à une analyse, voilà le rapport obtenu :
############################## | UsbFix V 7.115 | [Recherche]
Utilisateur: Romain (Administrateur) # CP9
Mis à jour le 08/03/2013 par El Desaparecido
Lancé à 16:50:45 | 14/03/2013
Site Web: https://sosvirus.org/index.php
Contact: contact@sosvirus.org
PC: Hewlett-Packard (G5429fr) (x64-based PC)
CPU: Intel(R) Core(TM) i5-2400S CPU @ 2.50GHz (2501)
RAM -> [Total : 4077 | Free : 2228]
BIOS: BIOS Date: 08/23/2011 CUP_711.rom Ver: 7.11
BOOT: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 919 Go (748 Go libre(s) - 81%) [OS] # NTFS
D:\ -> Disque fixe # 12 Go (1 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (4 Go libre(s) - 96%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (452)
C:\Windows\system32\wininit.exe (516)
C:\Windows\system32\csrss.exe (552)
C:\Windows\system32\services.exe (576)
C:\Windows\system32\lsass.exe (600)
C:\Windows\system32\lsm.exe (608)
C:\Windows\system32\winlogon.exe (664)
C:\Windows\system32\svchost.exe (752)
C:\Windows\system32\svchost.exe (820)
C:\Windows\system32\atiesrxx.exe (896)
C:\Windows\System32\svchost.exe (964)
C:\Windows\System32\svchost.exe (996)
C:\Windows\system32\svchost.exe (124)
C:\Windows\system32\svchost.exe (356)
C:\Windows\system32\svchost.exe (1092)
C:\Windows\System32\spoolsv.exe (1232)
C:\Windows\system32\svchost.exe (1292)
C:\Windows\system32\atieclxx.exe (1428)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1456)
C:\Windows\system32\taskhost.exe (1632)
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (1756)
C:\Windows\system32\Dwm.exe (1792)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (1840)
C:\Windows\system32\svchost.exe (1900)
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1924)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (2032)
C:\Windows\Explorer.EXE (1120)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (1012)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (1748)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2384)
C:\Windows\system32\svchost.exe (2440)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2512)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2588)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2644)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (2792)
C:\Windows\System32\WUDFHost.exe (3064)
C:\Windows\system32\svchost.exe (3120)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (3328)
C:\Program Files (x86)\Skype\Phone\Skype.exe (3352)
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (3372)
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (3388)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (3560)
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (3600)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3608)
C:\Windows\system32\SearchIndexer.exe (4056)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (2536)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4144)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (4236)
C:\Program Files (x86)\Steam\steam.exe (4940)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (4204)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2520)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4476)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (2780)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (3096)
C:\Windows\System32\svchost.exe (4392)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (3224)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (1272)
C:\Windows\system32\wbem\wmiprvse.exe (1228)
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (4452)
C:\Windows\system32\taskeng.exe (4344)
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe (4984)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (2672)
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (3800)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4228)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2712)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3344)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2428)
C:\UsbFix\Go.exe (2524)
################## | à‰léments infectieux |
################## | Registre |
################## | Mountpoints2 |
################## | Vaccin |
C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://sosvirus.org |
############################## | UsbFix V 7.115 | [Recherche]
Utilisateur: Romain (Administrateur) # CP9
Mis à jour le 08/03/2013 par El Desaparecido
Lancé à 16:50:45 | 14/03/2013
Site Web: https://sosvirus.org/index.php
Contact: contact@sosvirus.org
PC: Hewlett-Packard (G5429fr) (x64-based PC)
CPU: Intel(R) Core(TM) i5-2400S CPU @ 2.50GHz (2501)
RAM -> [Total : 4077 | Free : 2228]
BIOS: BIOS Date: 08/23/2011 CUP_711.rom Ver: 7.11
BOOT: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 919 Go (748 Go libre(s) - 81%) [OS] # NTFS
D:\ -> Disque fixe # 12 Go (1 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (4 Go libre(s) - 96%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (452)
C:\Windows\system32\wininit.exe (516)
C:\Windows\system32\csrss.exe (552)
C:\Windows\system32\services.exe (576)
C:\Windows\system32\lsass.exe (600)
C:\Windows\system32\lsm.exe (608)
C:\Windows\system32\winlogon.exe (664)
C:\Windows\system32\svchost.exe (752)
C:\Windows\system32\svchost.exe (820)
C:\Windows\system32\atiesrxx.exe (896)
C:\Windows\System32\svchost.exe (964)
C:\Windows\System32\svchost.exe (996)
C:\Windows\system32\svchost.exe (124)
C:\Windows\system32\svchost.exe (356)
C:\Windows\system32\svchost.exe (1092)
C:\Windows\System32\spoolsv.exe (1232)
C:\Windows\system32\svchost.exe (1292)
C:\Windows\system32\atieclxx.exe (1428)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1456)
C:\Windows\system32\taskhost.exe (1632)
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (1756)
C:\Windows\system32\Dwm.exe (1792)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (1840)
C:\Windows\system32\svchost.exe (1900)
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1924)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (2032)
C:\Windows\Explorer.EXE (1120)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (1012)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (1748)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2384)
C:\Windows\system32\svchost.exe (2440)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2512)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2588)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2644)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (2792)
C:\Windows\System32\WUDFHost.exe (3064)
C:\Windows\system32\svchost.exe (3120)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (3328)
C:\Program Files (x86)\Skype\Phone\Skype.exe (3352)
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (3372)
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (3388)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (3560)
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (3600)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3608)
C:\Windows\system32\SearchIndexer.exe (4056)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (2536)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4144)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (4236)
C:\Program Files (x86)\Steam\steam.exe (4940)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (4204)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2520)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4476)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (2780)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (3096)
C:\Windows\System32\svchost.exe (4392)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (3224)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (1272)
C:\Windows\system32\wbem\wmiprvse.exe (1228)
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (4452)
C:\Windows\system32\taskeng.exe (4344)
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe (4984)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (2672)
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (3800)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4228)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2712)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3344)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2428)
C:\UsbFix\Go.exe (2524)
################## | à‰léments infectieux |
################## | Registre |
################## | Mountpoints2 |
################## | Vaccin |
C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://sosvirus.org |