Rapport de recherche USBfix 2013-11-26T08:45:46+00:00

Dépannage Informatique : Rapport de recherche USBfix

  • Auteur
    Messages
  • acera8
    Participant
    Nombre d'articles : 0

    Bonjour,

    Voici le rapport de recherche que j’ai eu sur USBfix. Ma clé usb est infecté depuis que j’ai été dans un copy shop. Que dois-je faire ?

    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: Mathieu (Administrateur) # MATHIEU-PC
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 09:23:24 | 26/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: SAMSUNG ELECTRONICS CO., LTD. (SAMSUNG_NP1234567890)
    CPU: AMD A6-4455M APU with Radeon(tm) HD Graphics
    RAM -> [Total : 3547 | Free : 2032]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 31.0.1650.57

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 443 Go (361 Go libre(s) – 81%) [] # NTFS
    D: -> Disque amovible # 247 Mo (132 Mo libre(s) – 53%) [USB DISK] # FAT

    ################## | Processus Actif |

    C:windowssystem32csrss.exe (ID: 576 |ParentID: 568)
    C:windowssystem32wininit.exe (ID: 640 |ParentID: 568)
    C:windowssystem32csrss.exe (ID: 664 |ParentID: 648)
    C:windowssystem32services.exe (ID: 696 |ParentID: 640)
    C:windowssystem32lsass.exe (ID: 720 |ParentID: 640)
    C:windowssystem32lsm.exe (ID: 728 |ParentID: 640)
    C:windowssystem32svchost.exe (ID: 824 |ParentID: 696)
    C:windowssystem32winlogon.exe (ID: 896 |ParentID: 648)
    C:windowssystem32svchost.exe (ID: 960 |ParentID: 696)
    C:windowssystem32atiesrxx.exe (ID: 1004 |ParentID: 696)
    C:windowsSystem32svchost.exe (ID: 360 |ParentID: 696)
    C:windowsSystem32svchost.exe (ID: 376 |ParentID: 696)
    C:windowssystem32svchost.exe (ID: 1028 |ParentID: 696)
    C:windowssystem32svchost.exe (ID: 1052 |ParentID: 696)
    C:windowssystem32svchost.exe (ID: 1216 |ParentID: 696)
    C:windowssystem32atieclxx.exe (ID: 1408 |ParentID: 1004)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1416 |ParentID: 696)
    C:windowsSystem32spoolsv.exe (ID: 1616 |ParentID: 696)
    C:windowssystem32svchost.exe (ID: 1668 |ParentID: 696)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1828 |ParentID: 696)
    C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1860 |ParentID: 696)
    C:Program Files (x86)SamsungEasy SettingsSamsungDeviceConfiguration.exe (ID: 1992 |ParentID: 696)
    C:windowssystem32svchost.exe (ID: 2024 |ParentID: 696)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 1976 |ParentID: 696)
    C:Program Files (x86)SoftwareUpdaterUpdaterService.exe (ID: 2188 |ParentID: 696)
    C:windowssystem32taskhost.exe (ID: 2292 |ParentID: 696)
    C:windowssystem32Dwm.exe (ID: 2516 |ParentID: 376)
    C:windowsExplorer.EXE (ID: 2524 |ParentID: 2368)
    C:windowssystem32svchost.exe (ID: 2852 |ParentID: 696)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2936 |ParentID: 696)
    C:windowssystem32taskeng.exe (ID: 2964 |ParentID: 1052)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2240 |ParentID: 2524)
    C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 2820 |ParentID: 2524)
    C:Program Files (x86)Bluetooth SuiteAthBtTray.exe (ID: 2656 |ParentID: 2524)
    C:Program FilesElantechETDCtrl.exe (ID: 1112 |ParentID: 2524)
    C:Program Files (x86)SamsungEasy Software ManagerSWMAgent.exe (ID: 552 |ParentID: 2964)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 1388 |ParentID: 2524)
    C:WindowsSystem32wscript.exe (ID: 352 |ParentID: 2524)
    C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe (ID: 3220 |ParentID: 2524)
    C:Program Files (x86)Ask.comUpdaterUpdater.exe (ID: 3544 |ParentID: 1328)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3596 |ParentID: 1328)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3604 |ParentID: 1328)
    C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 3648 |ParentID: 696)
    C:windowssystem32SearchIndexer.exe (ID: 3836 |ParentID: 696)
    C:windowssystem32taskeng.exe (ID: 3972 |ParentID: 1052)
    C:Program Files (x86)SamsungEasy SettingsSmartSetting.exe (ID: 3528 |ParentID: 2964)
    C:Program Files (x86)SamsungEasy SettingsMovieColorEnhancer.exe (ID: 3584 |ParentID: 3972)
    C:Program Files (x86)SamsungEasy Settingsdmhkcore.exe (ID: 2956 |ParentID: 2964)
    C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (ID: 3496 |ParentID: 3972)
    C:Program Files (x86)SamsungEasy SettingsEasySpeedUpManager.exe (ID: 2980 |ParentID: 2964)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 4060 |ParentID: 696)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4336 |ParentID: 4060)
    C:windowssystem32wbemwmiprvse.exe (ID: 4408 |ParentID: 824)
    C:Program FilesElantechETDCtrlHelper.exe (ID: 4472 |ParentID: 1112)
    C:Program FilesSamsungEasy Support CenterSamoyedAgent.exe (ID: 4988 |ParentID: 2964)
    C:Program Files (x86)Common Filesmicrosoft sharedvirtualization handlercvh.exe (ID: 568 |ParentID: 4880)
    C:Program Files (x86)Common Filesmicrosoft sharedvirtualization handlerOfficeVirt.exe (ID: 4840 |ParentID: 568)
    C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 560 |ParentID: 696)
    C:Program Files (x86)SamsungSamsung Recovery Solution 5WCScheduler.exe (ID: 1800 |ParentID: 2964)
    C:windowsSystem32svchost.exe (ID: 3940 |ParentID: 696)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4656 |ParentID: 696)
    C:windowssystem32wbemwmiprvse.exe (ID: 3060 |ParentID: 824)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 148 |ParentID: 3856)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 2548 |ParentID: 148)
    C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 4324 |ParentID: 696)
    C:Program Files (x86)MicrosoftBingBar7.2.241.0SeaPort.exe (ID: 792 |ParentID: 696)
    C:windowssystem32taskeng.exe (ID: 4012 |ParentID: 1052)
    C:windowssystem32svchost.exe (ID: 2140 |ParentID: 696)
    C:windowsservicingTrustedInstaller.exe (ID: 5888 |ParentID: 696)
    C:windowssystem32vssvc.exe (ID: 4400 |ParentID: 696)
    C:windowsSystem32svchost.exe (ID: 5564 |ParentID: 696)
    C:UsbFixGo.exe (ID: 5376 |ParentID: 6108)
    C:windowssystem32taskhost.exe (ID: 2172 |ParentID: 696)
    C:windowsSystem32WUDFHost.exe (ID: 4040 |ParentID: 376)
    C:windowssystem32SearchProtocolHost.exe (ID: 4484 |ParentID: 3836)
    C:windowssystem32SearchFilterHost.exe (ID: 5752 |ParentID: 3836)
    \?C:windowssystem32wbemWMIADAP.EXE (ID: 5924 |ParentID: 1052)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate95d86805-8d3c-495d-aab7-3bf0c9332cc5.exe /check
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [ApnUpdater] – “C:Program Files (x86)Ask.comUpdaterUpdater.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate95d86805-8d3c-495d-aab7-3bf0c9332cc5.exe /check
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-3520410495-254977392-370578606-1000SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-21-3520410495-254977392-370578606-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-3520410495-254977392-370578606-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersMathieuAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! C:UsersMathieuAppDataRoamingBabMaint.exe
    Présent! C:UsersMathieuAppDataLocalTempiTunesHelper.vbe
    Présent! C:UsersMathieuAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Présent! D:iTunesHelper.vbe
    Présent! D:Classeur1.lnk
    Présent! D:Echauffement à sec.lnk
    Présent! D:$AVG.lnk
    Présent! D:Autorun.inf.lnk

    ################## | Référence de comparaison MD5 |

    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersMathieuAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersMathieuAppDataLocalTempiTunesHelper.vbe
    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> D:iTunesHelper.vbe
    Md5 : 6380FE132BEE54B9CF4701CAEDF5ADB9 -> C:UsersMathieuAppDataRoamingBabMaint.exe
    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersMathieuAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Comparaison MD5 |

    Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersMathieuAppDataLocalTempiTunesHelper.vbe
    Présent! Md5 : 6380FE132BEE54B9CF4701CAEDF5ADB9 -> C:UsersMathieuAppDataRoamingBabMaint.exe
    Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersMathieuAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> D:iTunesHelper.vbe

    ################## | Registre |

    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1
    Présent! HKUS-1-5-21-3520410495-254977392-370578606-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8422

    salut relance usbfix , clique sur suppression et poste le rapport c:usbfix[clean 1]

Le sujet ‘Rapport de recherche USBfix’ est fermé à de nouvelles réponses.