Répondre à : clé usb et surement PC infecté par sergelelama.vbs 2016-09-08T13:23:07+00:00
levenez
Nombre d'articles : 0

Voila le rapport:
############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: laetitia (Administrateur) # PC-DE-LAETITIA
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 15:07:39 | 03/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (30D9)
CPU: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
RAM -> [Total : 2037 | Free : 976]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 142 Go (20 Go libre(s) – 14%) [] # NTFS
D: -> Disque fixe # 7 Go (2 Go libre(s) – 34%) [PRESARIO_RP] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (884 Mo libre(s) – 23%) [] # FAT32
G: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 556 |ParentID: 544)
C:Windowssystem32wininit.exe (ID: 600 |ParentID: 544)
C:Windowssystem32csrss.exe (ID: 612 |ParentID: 592)
C:Windowssystem32services.exe (ID: 648 |ParentID: 600)
C:Windowssystem32winlogon.exe (ID: 680 |ParentID: 592)
C:Windowssystem32lsass.exe (ID: 704 |ParentID: 600)
C:Windowssystem32lsm.exe (ID: 716 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 872 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 932 |ParentID: 648)
c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 976 |ParentID: 648)
C:WindowsSystem32svchost.exe (ID: 1160 |ParentID: 648)
C:WindowsSystem32svchost.exe (ID: 1188 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 1204 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 1308 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 1368 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 1592 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 1848 |ParentID: 648)
C:Windowssystem32Dwm.exe (ID: 616 |ParentID: 1188)
C:Windowssystem32svchost.exe (ID: 2744 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 2784 |ParentID: 648)
C:WindowsSystem32svchost.exe (ID: 2828 |ParentID: 648)
C:Windowssystem32svchost.exe (ID: 3932 |ParentID: 648)
C:Windowssystem32SearchIndexer.exe (ID: 4060 |ParentID: 648)
C:Windowssystem32taskeng.exe (ID: 3264 |ParentID: 1204)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2160 |ParentID: 648)
C:Windowssystem32taskeng.exe (ID: 388 |ParentID: 1204)
C:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 2716 |ParentID: 648)
C:WindowsSystem32spoolsv.exe (ID: 3292 |ParentID: 648)
C:Windowssystem32SLsvc.exe (ID: 2252 |ParentID: 648)
C:WindowsSystem32rundll32.exe (ID: 1888 |ParentID: 2192)
C:WindowsExplorer.exe (ID: 3904 |ParentID: 3448)
C:Windowssystem32wbemunsecapp.exe (ID: 2452 |ParentID: 872)
C:Windowssystem32wbemwmiprvse.exe (ID: 896 |ParentID: 872)
C:WindowsSystem32WUDFHost.exe (ID: 3048 |ParentID: 1188)
c:Program FilesMicrosoft Security ClientMpCmdRun.exe (ID: 3340 |ParentID: 1632)
c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 3032 |ParentID: 648)
C:UsbFixGo.exe (ID: 3532 |ParentID: 3220)
C:Windowssystem32wbemwmiprvse.exe (ID: 2192 |ParentID: 872)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [WAWifiMessage] – %ProgramFiles%Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – %ProgramFiles%Hewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [EEventManager] – “C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe”
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
04 – HKLMSOFTWARE | Run : [AdobeCS4ServiceManager] – “C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Sweetpacks Communicator] – C:Program FilesSweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [MSC] – “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-2231712444-2337188415-3891921931-1000SOFTWARE | Run : [EPSON SX125 Series] – C:Windowssystem32spoolDRIVERSW32X863E_FATIGGE.EXE /FU “C:WindowsTEMPE_S9394.tmp” /EF “HKCU”
04 – HKUS-1-5-21-2231712444-2337188415-3891921931-1000SOFTWARE | Run : [EPSON Stylus SX400 Series] – C:Windowssystem32spoolDRIVERSW32X863E_FATIEGE.EXE /FU “C:WindowsTEMPE_SEA6F.tmp” /EF “HKCU”
04 – HKUS-1-5-21-2231712444-2337188415-3891921931-1000SOFTWARE | Run : [cacaoweb] – “C:UserslaetitiaAppDataRoamingcacaowebcacaoweb.exe” -noplayer

################## | Recherche générique |

Présent! C:UserslaetitiaAppDataRoamingPowerPacket Utility.exe
Présent! F:RunClubSanDisk.exe
Présent! F:RunClubSanDisk.lnk
Présent! F:RunSanDiskSecureAccess_Win.lnk
Présent! F:BOOTEX.lnk
Présent! F:WD_Discovery_v1.lnk
Présent! F:~$Classeur1.lnk
Présent! F:~$stat2.lnk
Présent! F:.lnk
Présent! F:club_application.lnk
Présent! F:SanDiskSecureAccess.lnk
Présent! F:Master 1 Ecologie.lnk
Présent! F:Jean.lnk
Présent! F:CCF STATS.lnk
Présent! D:desktop.ini

################## | Référence de comparaison MD5 |

Md5 : E16DE25D632BAFCECFEE5597113CFED9 -> C:UserslaetitiaAppDataRoamingPowerPacket Utility.exe

################## | Comparaison MD5 |

Présent! Md5 : E16DE25D632BAFCECFEE5597113CFED9 -> C:UserslaetitiaAppDataRoamingPowerPacket Utility.exe

################## | Registre |

Présent! HKLMSoftwareMicrosoftSecurity Center|UacDisableNotify -> 1

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |