Répondre à : Rapport usbfix contaminé ? 2016-09-08T13:01:24+00:00
life
Participant
Nombre d'articles : 16

Merci 🙂

Je maintiens difficilement la connexion 🙁 voilà le rapport je viens de m’apercevoir qu’il y a des infections mais pour la plupart comme celui de l’imprimante ou endnote.. ça viens de sources supposées être sures !!

[spoiler:1yrsih9r]############################## | UsbFix V 7.129 | [Recherche]

Utilisateur: admin (Administrateur) # ADMIN-PC
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 12:10:25 | 14/07/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/upload-malware-pour-analyse-t489.html” onclick=”window.open(this.href);return false;
Contact: contact@sosvirus.net

PC: Dell Inc. (Inspiron N5110) (x64-based PC)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (2201)
RAM -> [Total : 8099 | Free : 5707]
BIOS: BIOS Date: 08/03/12 11:06:40 Ver: 04.06.04
BOOT: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 8.0.7601.17514

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2013 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 249 Go (203 Go libre(s) – 81%) [] # NTFS
D: -> Disque fixe # 225 Go (224 Go libre(s) – 100%) [] # NTFS
E: -> Disque fixe # 225 Go (83 Go libre(s) – 37%) [] # NTFS
F: -> CD-ROM
H: -> Disque amovible # 7 Go (979 Mo libre(s) – 13%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (584)
C:Windowssystem32wininit.exe (756)
C:Windowssystem32csrss.exe (776)
C:Windowssystem32services.exe (824)
C:Windowssystem32lsass.exe (840)
C:Windowssystem32lsm.exe (848)
C:Windowssystem32svchost.exe (960)
C:Windowssystem32winlogon.exe (984)
C:Program Files (x86)Common FilesCOMODOlauncher_service.exe (324)
C:Windowssystem32nvvsvc.exe (372)
C:Windowssystem32svchost.exe (496)
C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe (648)
C:Windowssystem32svchost.exe (1032)
C:WindowsSystem32svchost.exe (1072)
C:WindowsSystem32svchost.exe (1108)
C:Windowssystem32svchost.exe (1156)
C:Program FilesIDTWDMSTacSV64.exe (1208)
C:Windowssystem32svchost.exe (1352)
C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (1488)
C:Windowssystem32nvvsvc.exe (1504)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (1640)
C:Windowssystem32Dwm.exe (1740)
C:WindowsExplorer.EXE (1792)
C:WindowsSystem32spoolsv.exe (1992)
C:Windowssystem32svchost.exe (2020)
C:Windowssystem32taskhost.exe (1428)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (1968)
C:Program FilesIDTWDMAESTSr64.exe (1872)
C:Program Files (x86)IntelBluetoothdevmonsrv.exe (2096)
C:Windowssystem32svchost.exe (2140)
C:Program Files (x86)ComodoDragondragon_updater.exe (2252)
C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe (2316)
C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (2492)
C:Windowssystem32svchost.exe (2524)
C:Program Files (x86)MobiconnectAssistantServices.exe (2572)
C:Program Files (x86)IntelBluetoothobexsrv.exe (2608)
C:Windowssystem32WUDFHost.exe (3040)
C:Program FilesIDTWDMsttray64.exe (1664)
C:Program FilesCOMODOCOMODO Internet Securitycavwp.exe (3160)
C:Windowssystem32svchost.exe (3512)
C:Windowssystem32SearchIndexer.exe (3752)
C:Program FilesDellQuickSetquickset.exe (3800)
C:WindowsSystem32igfxpers.exe (3820)
C:WindowsSystem32igfxtray.exe (3840)
C:WindowsSystem32hkcmd.exe (3848)
C:Windowssystem32wbemwmiprvse.exe (3884)
C:Program FilesCOMODOCOMODO Internet SecurityCisTray.exe (4412)
C:WindowsSystem32rundll32.exe (4420)
C:Program Files (x86)IntelBluetoothBleServicesCtrl.exe (4452)
C:Program FilesDellTPadApoint.exe (4472)
C:Program FilesWindows Sidebarsidebar.exe (4480)
C:Program Files (x86)IntelBluetoothmediasrv.exe (4660)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (4772)
C:Program Files (x86)IntelBluetoothBTPlayerCtrl.exe (5064)
C:Program Files (x86)MobiconnectUIExec.exe (5072)
C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe (5088)
C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe (4116)
C:Program Files (x86)MobiconnectCancelAutoPlay_byt.exe (2916)
C:Windowssystem32CNAB4RPD.EXE (4408)
C:Program FilesCOMODOCOMODO Internet Securitycis.exe (4016)
C:Program FilesDellTPadApMsgFwd.exe (2568)
C:Program FilesDellTPadHidFind.exe (4788)
C:Program FilesDellTPadApntex.exe (4936)
C:Windowssystem32conhost.exe (1452)
C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (2292)
C:WindowsSystem32svchost.exe (4760)
C:Program Files (x86)ComodoGeekBuddyunit_manager.exe (4672)
C:Program Files (x86)ComodoGeekBuddyunit.exe (2884)
C:Windowssystem32taskeng.exe (476)
C:UsersadminAppDataLocalGoogleUpdateGoogleUpdate.exe (3616)
C:UsersadminAppDataLocalGoogleUpdateGoogleUpdate.exe (4228)
C:UsersadminAppDataLocalAkamainetsession_win.exe (2984)
C:UsersadminAppDataLocalAkamainetsession_win.exe (5764)
C:Windowssystem32taskeng.exe (992)
\?C:Windowssystem32wbemWMIADAP.EXE (6068)
C:Windowssystem32SearchProtocolHost.exe (5772)
C:Windowssystem32SearchFilterHost.exe (6108)
C:Windowssystem32wbemwmiprvse.exe (2500)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (3860)
C:UsbFixGo.exe (5232)

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [UIExec] – “C:Program Files (x86)MobiconnectUIExec.exe”
HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWARE | Run : [gbrspcontrol] – “C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe” -controlservice -slave
HKLMSOFTWARE | Run : [CancelAutoPlay_byt] – “C:Program Files (x86)MobiconnectCancelAutoPlay_byt.exe” run
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [UIExec] – “C:Program Files (x86)MobiconnectUIExec.exe”
HKLMSOFTWAREwow6432Node | Run : [NUSB3MON] – “C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [gbrspcontrol] – “C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe” -controlservice -slave
HKLMSOFTWAREwow6432Node | Run : [CancelAutoPlay_byt] – “C:Program Files (x86)MobiconnectCancelAutoPlay_byt.exe” run
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2731497875-2976103420-1071163880-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-2731497875-2976103420-1071163880-1000SOFTWARE | Run : [Google Update] – “C:UsersadminAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-2731497875-2976103420-1071163880-1000SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersadminAppDataLocalAkamainetsession_win.exe”
HKUS-1-5-21-2731497875-2976103420-1071163880-1001SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2731497875-2976103420-1071163880-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /nosplash /minimized
HKUS-1-5-21-2731497875-2976103420-1071163880-1001SOFTWARE | Run : [Google Update] – “C:UsersadminAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-2731497875-2976103420-1071163880-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-2731497875-2976103420-1071163880-1001SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Eléments infectieux |

Présent! C:UsersadminN5110A11.EXE
Présent! H:RunClubSanDisk.exe
Présent! H:RunSanDiskSecureAccess_Win.exe
Présent! H:LBP2900_R113_V310_Win_x64_EN_7.exe
Présent! H:EndNote_PC.exe
Présent! H:LOL TOP 5.lnk
Présent! H:Dell_Download_Manager_Setup.exe
Présent! H:avast_free_antivirus_setup.exe
Présent! C:UsersadminAppDataLocalTemppyl73B8.tmp.exe
Présent! C:UsersadminAppDataLocalTemppylC8D.tmp.exe
Présent! H:0 (2).jpg
Présent! H:05.jpg
Présent! H:01.jpg
Présent! H:02.jpg
Présent! H:03.jpg
Présent! H:04.jpg
Présent! H:0.jpg

################## | Registre |

################## | Mountpoints2 |

HKCU….ExplorerMountPoints2{e835f62f-952f-11e2-bd12-4c80930d08d0}
ShellAutoRunCommand = J:AutoRun.exe

HKCU….ExplorerMountPoints2{e835f637-952f-11e2-bd12-4c80930d08d0}
ShellAutoRunCommand = L:AutoRun.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1yrsih9r]