Voila le premier rapport de USB FIX
############################## | UsbFix V 7.125 | [Recherche]
Utilisateur: JAMAL (Administrateur) # JAMAL-PC
Mis à jour le 01/05/2013 par El Desaparecido
Lancé à 15:52:58 | 05/05/2013
Site Web:
https://sosvirus.org/
Upload Malware:
https://upload.sosvirus.org/
Contact:
contact@sosvirus.org
PC: SAMSUNG ELECTRONICS CO., LTD. (300E4C/300E5C/300E7C) (x64-based PC)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz (2400)
RAM -> [Total : 3878 | Free : 2446]
BIOS: Phoenix BIOS SC-T v2.2 P07RAC
BOOT: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16540
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 466 Go (422 Go libre(s) - 91%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [] # FAT32
F:\ -> Disque amovible # 8 Go (7 Go libre(s) - 99%) [JAMAL] # FAT32
G:\ -> Disque amovible # 8 Go (8 Go libre(s) - 100%) [WINDOWS 8] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (484)
C:\Windows\system32\wininit.exe (592)
C:\Windows\system32\csrss.exe (616)
C:\Windows\system32\services.exe (656)
C:\Windows\system32\lsass.exe (672)
C:\Windows\system32\lsm.exe (680)
C:\Windows\system32\svchost.exe (780)
C:\Windows\system32\svchost.exe (868)
C:\Windows\system32\winlogon.exe (900)
C:\Windows\System32\svchost.exe (996)
C:\Windows\System32\svchost.exe (332)
C:\Windows\system32\svchost.exe (500)
C:\Windows\system32\svchost.exe (516)
C:\Windows\system32\svchost.exe (1124)
C:\Windows\System32\spoolsv.exe (1320)
C:\Windows\system32\svchost.exe (1360)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1456)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (1484)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (1544)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (1584)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (1612)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1684)
C:\Windows\system32\taskhost.exe (1804)
C:\Windows\system32\Dwm.exe (1928)
C:\Windows\Explorer.EXE (1936)
C:\Windows\system32\taskeng.exe (1080)
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (1192)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2088)
C:\Windows\System32\WScript.exe (2124)
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (2252)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2260)
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (2756)
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (2764)
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (2772)
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (2780)
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (2996)
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (3020)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2196)
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (676)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2604)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3108)
C:\Windows\system32\wbem\wmiprvse.exe (3128)
C:\Windows\system32\igfxext.exe (3488)
C:\Windows\system32\igfxsrvc.exe (3852)
C:\Windows\system32\SearchIndexer.exe (3684)
C:\Windows\system32\svchost.exe (3660)
C:\Windows\system32\svchost.exe (3700)
C:\Program Files\Samsung\S Agent\CommonAgent.exe (4512)
C:\Windows\system32\svchost.exe (5116)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4340)
C:\Windows\System32\svchost.exe (4792)
C:\Windows\system32\DllHost.exe (2244)
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (1800)
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (2032)
C:\Program Files\Elantech\ETDCtrl.exe (3744)
C:\Windows\system32\hkcmd.exe (1680)
C:\Windows\system32\igfxpers.exe (1260)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4404)
C:\Program Files\Elantech\ETDCtrlHelper.exe (4912)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (4152)
C:\Windows\System32\svchost.exe (2896)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (3764)
C:\Windows\system32\AUDIODG.EXE (3896)
C:\Windows\System32\WUDFHost.exe (1336)
C:\Windows\system32\wbem\wmiprvse.exe (1148)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4424)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5024)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1220)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2704)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2616)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (808)
C:\UsbFix\Go.exe (496)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [YouCam Service] - "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [YouCam Service] - "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-490415892-1811223108-1763876914-1000\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-490415892-1811223108-1763876914-1000\SOFTWARE | Run : [Facebook.vbs] - "C:\Users\JAMAL\AppData\Local\Temp\Facebook.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | à‰léments infectieux |
Présent! E:\demande d'ajout de qualif B777.jpg.lnk
Présent! E:\Nouveau dossier.lnk
Présent! E:\autorun.inf.lnk
Présent! F:\doc jamal.lnk
Présent! F:\Nouveau dossier.lnk
Présent! F:\autorun.inf.lnk
Présent! C:\Users\JAMAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
Présent! C:\Users\JAMAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Présent! C:\Users\JAMAL\AppData\Local\Temp\Facebook.vbs
Présent! C:\Users\JAMAL\AppData\Local\Temp\System
Présent! E:\autorun.inf
Présent! E:\Facebook.vbs
Présent! F:\autorun.inf
Présent! F:\Facebook.vbs
Présent! G:\Facebook.vbs
################## | Registre |
Présent! HKCU|njq8
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Facebook.vbs
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{cb686b31-a16f-11e2-811d-806e6f6e6963}
Shell\AutoRun\Command = D:\SecSWMgrGuide.exe
################## | Vaccin |
C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F |
https://sosvirus.org |