nanoushka
Nombre d'articles : 0

Coucou , désolée du retard : journée de travail !

Voici le 1er rapport:
############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: acer (Administrateur) # PC-DE-ACER
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 18:33:00 | 19/12/2013

Site Web : http://www.usbfix.net » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Acer, Inc. (Makalu )
CPU: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
RAM -> [Total : 3066 | Free : 1120]
Bios: Acer
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 144 Go (24 Go libre(s) – 17%) [ACER] # NTFS
D: -> Disque fixe # 140 Go (120 Go libre(s) – 85%) [DATA] # NTFS
E: -> Disque fixe # 932 Go (588 Go libre(s) – 63%) [] # NTFS
F: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 548 |ParentID: 536)
C:Windowssystem32wininit.exe (ID: 600 |ParentID: 536)
C:Windowssystem32csrss.exe (ID: 612 |ParentID: 592)
C:Program FilesAVGAVG9avgchsvx.exe (ID: 624 |ParentID: 600)
C:Program FilesAVGAVG9avgrsx.exe (ID: 632 |ParentID: 600)
C:Windowssystem32services.exe (ID: 696 |ParentID: 600)
C:Windowssystem32lsass.exe (ID: 712 |ParentID: 600)
C:Windowssystem32lsm.exe (ID: 720 |ParentID: 600)
C:Program FilesAVGAVG9avgcsrvx.exe (ID: 808 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 876 |ParentID: 696)
C:Windowssystem32nvvsvc.exe (ID: 1064 |ParentID: 696)
C:Windowssystem32svchost.exe (ID: 1096 |ParentID: 696)
C:WindowsSystem32svchost.exe (ID: 1204 |ParentID: 696)
C:WindowsSystem32svchost.exe (ID: 1228 |ParentID: 696)
C:Windowssystem32svchost.exe (ID: 1240 |ParentID: 696)
C:Windowssystem32winlogon.exe (ID: 1308 |ParentID: 592)
C:Windowssystem32svchost.exe (ID: 1388 |ParentID: 696)
C:Windowssystem32SLsvc.exe (ID: 1412 |ParentID: 696)
C:Windowssystem32svchost.exe (ID: 1468 |ParentID: 696)
C:Windowssystem32svchost.exe (ID: 1640 |ParentID: 696)
C:Windowssystem32rundll32.exe (ID: 1760 |ParentID: 1064)
C:Program FilesCommon FilesSPBAupeksvr.exe (ID: 1844 |ParentID: 1440)
C:Program FilesAcerAcer Bio ProtectionCompPtcVUI.exe (ID: 512 |ParentID: 1440)
C:WindowsSystem32spoolsv.exe (ID: 856 |ParentID: 696)
C:Program FilesAVGAVG9Identity ProtectionAgentBinAVGIDSAgent.exe (ID: 996 |ParentID: 696)
C:Windowssystem32WLANExt.exe (ID: 616 |ParentID: 1228)
C:Windowssystem32taskeng.exe (ID: 1836 |ParentID: 1240)
C:Windowssystem32Dwm.exe (ID: 1972 |ParentID: 1228)
C:WindowsExplorer.EXE (ID: 232 |ParentID: 1532)
C:Windowssystem32svchost.exe (ID: 2388 |ParentID: 696)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 2592 |ParentID: 696)
C:Program FilesAVGAVG9avgwdsvc.exe (ID: 2636 |ParentID: 696)
C:Windowssystem32svchost.exe (ID: 2648 |ParentID: 696)
C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe (ID: 2660 |ParentID: 696)
C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe (ID: 2684 |ParentID: 696)
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe (ID: 2704 |ParentID: 696)
C:Program FilesAcerEmpowering TechnologyServiceETService.exe (ID: 2812 |ParentID: 696)
C:Program FilesAVGAVG9avgam.exe (ID: 2984 |ParentID: 2636)
C:Program FilesAVGAVG9avgnsx.exe (ID: 3008 |ParentID: 2636)
C:Program FilesIntelWiFibinEvtEng.exe (ID: 3076 |ParentID: 696)
C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 3216 |ParentID: 696)
C:Program FilesAcerAcer Bio ProtectionBASVC.exe (ID: 3324 |ParentID: 696)
C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 3396 |ParentID: 696)
C:AcerMobility CenterMobilityService.exe (ID: 3428 |ParentID: 696)
C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe (ID: 3548 |ParentID: 696)
C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe (ID: 3624 |ParentID: 696)
C:Windowssystem32svchost.exe (ID: 3648 |ParentID: 696)
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (ID: 3684 |ParentID: 696)
C:Program FilesCyberlinkShared filesRichVideo.exe (ID: 3700 |ParentID: 696)
C:Program FilesAcerAcer VCMRS_Service.exe (ID: 3732 |ParentID: 696)
C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 3752 |ParentID: 696)
C:Windowssystem32svchost.exe (ID: 3844 |ParentID: 696)
C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.2.0ToolbarUpdater.exe (ID: 3892 |ParentID: 696)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3964 |ParentID: 696)
C:Windowssystem32SearchIndexer.exe (ID: 3996 |ParentID: 696)
C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.2.0loggingserver.exe (ID: 4012 |ParentID: 3892)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4056 |ParentID: 3964)
C:Windowssystem32DRIVERSxaudio.exe (ID: 1648 |ParentID: 696)
C:Program FilesAVGAVG9avgemc.exe (ID: 2084 |ParentID: 696)
C:Program FilesAVGAVG9avgcsrvx.exe (ID: 1476 |ParentID: 2084)
C:Windowssystem32wbemwmiprvse.exe (ID: 1420 |ParentID: 876)
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe (ID: 1152 |ParentID: 232)
C:WindowsRtHDVCpl.exe (ID: 2608 |ParentID: 232)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3664 |ParentID: 232)
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe (ID: 1632 |ParentID: 232)
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe (ID: 1824 |ParentID: 232)
C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe (ID: 1508 |ParentID: 232)
C:WindowsSystem32rundll32.exe (ID: 2600 |ParentID: 232)
C:WindowsPLFSetI.exe (ID: 4284 |ParentID: 232)
C:Windowssystem32wbemwmiprvse.exe (ID: 4392 |ParentID: 876)
C:Program FilesLaunch ManagerQtZgAcer.EXE (ID: 4480 |ParentID: 232)
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe (ID: 4496 |ParentID: 232)
C:Program FilesAcerAcer Bio ProtectionPdtWzd.exe (ID: 4504 |ParentID: 232)
C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeArcadeDeluxeAgent.exe (ID: 4540 |ParentID: 232)
C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe (ID: 4584 |ParentID: 232)
C:Program FilesAcer Arcade DeluxePlayMoviePMVService.exe (ID: 4596 |ParentID: 232)
C:Program FilesAVGAVG9avgtray.exe (ID: 4700 |ParentID: 232)
C:Windowssystem32wbemunsecapp.exe (ID: 4752 |ParentID: 876)
C:Program FilesAVG Secure Searchvprot.exe (ID: 4784 |ParentID: 232)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 4968 |ParentID: 232)
C:Windowsehomeehtray.exe (ID: 5096 |ParentID: 232)
C:Program FilesInternet Download ManagerIDMan.exe (ID: 5108 |ParentID: 232)
C:Program FilesWindows Sidebarsidebar.exe (ID: 5152 |ParentID: 232)
C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 5188 |ParentID: 232)
C:Program FilesAcerAcer VCMAcerVCM.exe (ID: 5260 |ParentID: 232)
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 5280 |ParentID: 232)
C:UsersacerAppDataLocalTempRtkBtMnt.exe (ID: 5392 |ParentID: 2608)
C:Windowsehomeehmsas.exe (ID: 5468 |ParentID: 876)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5704 |ParentID: 696)
C:Program FilesAVGAVG9Identity Protectionagentbinavgidsmonitor.exe (ID: 1692 |ParentID: 4700)
C:Windowssystem32svchost.exe (ID: 5644 |ParentID: 696)
C:Program FilesAcerAcer VCMacp2HID.exe (ID: 5840 |ParentID: 5260)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3228 |ParentID: 3664)
C:UsbFixGo.exe (ID: 1740 |ParentID: 5288)
C:Program FilesAVGAVG9avgcsrvx.exe (ID: 176 |ParentID: 3008)
C:Program FilesMozilla Firefoxfirefox.exe (ID: 4796 |ParentID: 232)
C:WindowsservicingTrustedInstaller.exe (ID: 312 |ParentID: 696)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 4020 |ParentID: 4796)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 3276 |ParentID: 4020)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 5224 |ParentID: 3276)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [IAAnotif] – C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
04 – HKLMSOFTWARE | Run : [RtHDVCpl] – RtHDVCpl.exe
04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [eDataSecurity Loader] – C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
04 – HKLMSOFTWARE | Run : [eAudio] – « C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe »
04 – HKLMSOFTWARE | Run : [BkupTray] – « C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe »
04 – HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
04 – HKLMSOFTWARE | Run : [NvMediaCenter] – RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
04 – HKLMSOFTWARE | Run : [PLFSetI] – C:WindowsPLFSetI.exe
04 – HKLMSOFTWARE | Run : [LManager] – C:PROGRA~1LAUNCH~1QtZgAcer.EXE
04 – HKLMSOFTWARE | Run : [ePower_DMC] – C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
04 – HKLMSOFTWARE | Run : [ZPdtWzdVitaKey MC3000] – « C:Program FilesAcerAcer Bio ProtectionPdtWzd.exe » show
04 – HKLMSOFTWARE | Run : [ArcadeDeluxeAgent] – « C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeArcadeDeluxeAgent.exe »
04 – HKLMSOFTWARE | Run : [CLMLServer] – « C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe »
04 – HKLMSOFTWARE | Run : [PlayMovie] – « C:Program FilesAcer Arcade DeluxePlayMoviePMVService.exe »
04 – HKLMSOFTWARE | Run : [WarReg_PopUp] – C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
04 – HKLMSOFTWARE | Run : [Skytel] – Skytel.exe
04 – HKLMSOFTWARE | Run : [AVG9_TRAY] – C:PROGRA~1AVGAVG9avgtray.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe »
04 – HKLMSOFTWARE | Run : [vProt] – « C:Program FilesAVG Secure Searchvprot.exe »
04 – HKLMSOFTWARE | Run : [BCSSync] – « C:Program FilesMicrosoft OfficeOffice14BCSSync.exe » /DelayServices
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – « C:Program FilesCommon FilesJavaJava Updatejusched.exe »
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-1101297403-149900660-2789787620-1000SOFTWARE | Run : [ehTray.exe] – C:WindowsehomeehTray.exe
04 – HKUS-1-5-21-1101297403-149900660-2789787620-1000SOFTWARE | Run : [IDMan] – C:Program FilesInternet Download ManagerIDMan.exe /onboot
04 – HKUS-1-5-21-1101297403-149900660-2789787620-1000SOFTWARE | Run : [Updater] – wscript.exe //B « C:UsersacerAppDataRoamingUpdater.vbe »
04 – HKUS-1-5-21-1101297403-149900660-2789787620-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-1101297403-149900660-2789787620-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe

################## | Recherche générique |

Présent! C:UsersacerAppDataRoamingUpdater.vbe
Présent! C:UsersacerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupUpdater.vbe
Présent! C:Windowssystem32acer.exe
Présent! C:Windowssystem32acer.scr
Présent! C:UsersacerAppDataLocalTempRtkBtMnt.exe

################## | Référence de comparaison MD5 |

Md5 : 2C939780378C39AD990C7A2F7D76A55D -> C:UsersacerAppDataRoamingUpdater.vbe
Md5 : 2C939780378C39AD990C7A2F7D76A55D -> C:UsersacerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupUpdater.vbe
Md5 : D5F8193EE7BC39A443039A956A4BCD53 -> C:Windowssystem32acer.exe
Md5 : 6FA7D775C16782A7AAE9CA9AE0F458CE -> C:Windowssystem32acer.scr

################## | Comparaison MD5 |

Présent! Md5 : 2C939780378C39AD990C7A2F7D76A55D -> C:UsersacerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupUpdater.vbe
Présent! Md5 : 2C939780378C39AD990C7A2F7D76A55D -> C:UsersacerAppDataRoamingUpdater.vbe
Présent! Md5 : D5F8193EE7BC39A443039A956A4BCD53 -> C:WindowsSystem32acer.exe
Présent! Md5 : 6FA7D775C16782A7AAE9CA9AE0F458CE -> C:WindowsSystem32acer.scr

################## | Registre |

Présent! HKUS-1-5-21-1101297403-149900660-2789787620-1000SoftwareMicrosoftWindowsCurrentVersionRun|Updater
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Updater
Présent! HKUS-1-5-21-1101297403-149900660-2789787620-1000SoftwareMicrosoftWindowsCurrentVersionRun|Updater
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Updater

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |