Répondre à : Virus disque dur externe (icones = raccourcis) 2016-09-08T13:02:19+00:00
draydan
Participant
Nombre d'articles : 38

Ok, voila le rapport : [spoiler:39ob4y21]############################## | UsbFix V 7.129 | [Recherche]

Utilisateur: dan (Administrateur) # DANBEN-PC
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 18:20:27 | 28/07/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: LENOVO (1168) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz (3101)
RAM -> [Total : 8152 | Free : 6093]
BIOS: ESKT20A
BOOT: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16635

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: AVG Anti-Virus 2013 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 1837 Go (915 Go libre(s) – 50%) [Windows8_OS] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 233 Go (233 Go libre(s) – 100%) [SAMSUNG DAN] # NTFS
F: -> CD-ROM

################## | Processus Actif |

C:PROGRA~2AVGAVG2013avgrsa.exe (456)
C:Program Files (x86)AVGAVG2013avgcsrva.exe (524)
C:WINDOWSsystem32csrss.exe (804)
C:WINDOWSsystem32wininit.exe (888)
C:WINDOWSsystem32csrss.exe (904)
C:WINDOWSsystem32winlogon.exe (960)
C:WINDOWSsystem32services.exe (984)
C:WINDOWSsystem32lsass.exe (992)
C:WINDOWSsystem32svchost.exe (764)
C:Program Files (x86)IObitAdvanced SystemCare Ultimateascsvc.exe (908)
C:WINDOWSsystem32svchost.exe (1224)
C:WINDOWSsystem32dwm.exe (1296)
C:WINDOWSsystem32atiesrxx.exe (1380)
C:WINDOWSSystem32svchost.exe (1432)
C:WINDOWSsystem32svchost.exe (1460)
C:WINDOWSsystem32svchost.exe (1500)
C:WINDOWSsystem32atieclxx.exe (1556)
C:WINDOWSSystem32svchost.exe (1576)
C:Program FilesClassic ShellClassicShellService.exe (1684)
C:WINDOWSsystem32svchost.exe (1728)
C:WINDOWSSystem32spoolsv.exe (1956)
C:WINDOWSsystem32svchost.exe (2024)
C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe (1128)
C:Program Files (x86)Ad-Aware AntivirusAdAwareService.exe (1988)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (2052)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (2148)
C:Program Files (x86)AVGAVG2013avgidsagent.exe (2200)
C:Program Files (x86)AVGAVG2013avgwdsvc.exe (2228)
C:Program FilesBonjourmDNSResponder.exe (2264)
C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50STB.EXE (2304)
C:WINDOWSsystem32dashost.exe (2316)
C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.EXE (2348)
C:Program FilesInteliCLS ClientHeciServer.exe (2376)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (2404)
C:Program FilesLenovoPower Control SwitchLenovoCOMSvc.exe (2432)
C:Program Filesma-config.comMaConfigAgent.exe (2464)
C:Program Files (x86)NeroNero8Nero BackItUpNBService.exe (2488)
C:Program Files (x86)PDF ArchitectHelperService.exe (2676)
C:Program Files (x86)RealNetworksRealDownloaderrndlresolversvc.exe (2832)
C:Program Files (x86)AVGAVG2013avgnsa.exe (2852)
C:Program Files (x86)AVGAVG2013avgemca.exe (2888)
C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe (2896)
C:Program Files (x86)IObitStart Menu 8StartMenuServices.exe (3228)
C:WINDOWSsystem32svchost.exe (3272)
C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe (3304)
C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe (3624)
C:WINDOWSsystem32svchost.exe (3936)
C:WINDOWSsystem32taskhostex.exe (4348)
C:Program FilesClassic ShellClassicStartMenu.exe (4356)
C:WINDOWSsystem32svchost.exe (4472)
C:WINDOWSSystem32svchost.exe (4524)
C:Program Files (x86)AVGAVG2013avgcsrva.exe (4972)
C:WINDOWSExplorer.EXE (4760)
C:Program Files (x86)IObitStart Menu 8StartMenu8.exe (4832)
C:Program Files (x86)IObitStart Menu 8StartMenu_Hook.exe (5124)
C:Program Files (x86)IObitStart Menu 8InstallServices64.exe (5160)
C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbweLiveComm.exe (5240)
C:WINDOWSsystem32SearchIndexer.exe (5648)
C:WINDOWSsystem32SearchProtocolHost.exe (5728)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (5884)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (5988)
C:WindowsSystem32RuntimeBroker.exe (4652)
C:Program FilesRealtekAudioHDARAVCpl64.exe (5860)
C:WINDOWSsystem32DllHost.exe (3368)
C:WindowsSysWOW64UMonit.exe (6244)
C:Program FilesFreeMi UPnP Media ServerFreeMi UPnP Media Server.exe (6296)
C:Program Files (x86)Internet Download ManagerIDMan.exe (6308)
C:Program Files (x86)Internet Download ManagerIEMonitor.exe (6536)
C:Program Files (x86)Common FilesNeroLibNMBgMonitor.exe (6852)
C:Program Files (x86)Common FilesNeroLibNMIndexingService.exe (6876)
C:Program Files (x86)Common FilesNeroLibNMIndexStoreSvr.exe (6908)
C:WindowsSystem32spooldriversx643E_IATIGGE.EXE (6928)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (6976)
C:Program Files (x86)Micro ApplicationLauncherMA.exe (7040)
C:Program Files (x86)LenovoLenovo Silver Silk Wireless Keyboardskd8861.exe (7164)
C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe (6284)
C:Program FilesLenovoPower Control SwitchLitModeSwitch.exe (6488)
C:Program FilesLenovoPower Control SwitchLitModeCtrl.exe (6716)
C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (6916)
C:Program Files (x86)iTunesiTunesHelper.exe (6668)
C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe (1360)
C:Program Files (x86)AVGAVG2013avgui.exe (6780)
C:Program FilesiPodbiniPodService.exe (6792)
C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe (7184)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (7316)
C:PROGRA~2AD-AWA~1AdAware.exe (7324)
C:Program Files (x86)Ad-Aware AntivirusSBAMSvc.exe (7464)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (6456)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (3608)
C:Program FilesWindows Media Playerwmpnetwk.exe (1520)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (5592)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (5844)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (7484)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (1544)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (4092)
C:WINDOWSsystem32taskhost.exe (436)
C:WINDOWSsystem32SearchFilterHost.exe (7208)
C:UsbFixGo.exe (5324)
C:WINDOWSsystem32wbemwmiprvse.exe (3100)

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [Lenovo Silver Silk Wireless Keyboard] – C:Program Files (x86)LenovoLenovo Silver Silk Wireless Keyboardskd8861.exe
HKLMSOFTWARE | Run : [CLMLServer] – “C:Program Files (x86)LenovoPower2GoCLMLSvc.exe”
HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
HKLMSOFTWARE | Run : [ModeSwitch] – “C:Program FilesLenovoPower Control SwitchLitModeSwitch.exe” /AutoRun
HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [dldtmon.exe] – “C:Program Files (x86) (x86)Dell V305dldtmon.exe”
HKLMSOFTWARE | Run : [dldtamon] – “C:Program Files (x86) (x86)Dell V305dldtamon.exe”
HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerUpdaterealsched.exe” -osboot
HKLMSOFTWARE | Run : [iTunesHelper] – c:program files (x86)itunesituneshelper.exe
HKLMSOFTWARE | Run : [APSDaemon] – c:program files (x86)common filesappleapple application supportapsdaemon.exe
HKLMSOFTWARE | Run : [BCSSync] – “c:program files (x86)microsoft officeoffice14bcssync.exe” /delayservices
HKLMSOFTWARE | Run : [NBKeyScan] – “C:Program Files (x86)NeroNero8Nero BackItUpNBKeyScan.exe”
HKLMSOFTWARE | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
HKLMSOFTWARE | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2013avgui.exe” /TRAYONLY
HKLMSOFTWARE | Run : [SDTray] – “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
HKLMSOFTWARE | Run : [Ad-Aware Antivirus] – “C:Program Files (x86)Ad-Aware AntivirusAdAwareLauncher” –windows-run
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [Lenovo Silver Silk Wireless Keyboard] – C:Program Files (x86)LenovoLenovo Silver Silk Wireless Keyboardskd8861.exe
HKLMSOFTWAREwow6432Node | Run : [CLMLServer] – “C:Program Files (x86)LenovoPower2GoCLMLSvc.exe”
HKLMSOFTWAREwow6432Node | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)LenovoPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)LenovoPowerDVD10PDVD10Serv.exe”
HKLMSOFTWAREwow6432Node | Run : [ModeSwitch] – “C:Program FilesLenovoPower Control SwitchLitModeSwitch.exe” /AutoRun
HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [dldtmon.exe] – “C:Program Files (x86) (x86)Dell V305dldtmon.exe”
HKLMSOFTWAREwow6432Node | Run : [dldtamon] – “C:Program Files (x86) (x86)Dell V305dldtamon.exe”
HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerUpdaterealsched.exe” -osboot
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – c:program files (x86)itunesituneshelper.exe
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – c:program files (x86)common filesappleapple application supportapsdaemon.exe
HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “c:program files (x86)microsoft officeoffice14bcssync.exe” /delayservices
HKLMSOFTWAREwow6432Node | Run : [NBKeyScan] – “C:Program Files (x86)NeroNero8Nero BackItUpNBKeyScan.exe”
HKLMSOFTWAREwow6432Node | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
HKLMSOFTWAREwow6432Node | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2013avgui.exe” /TRAYONLY
HKLMSOFTWAREwow6432Node | Run : [SDTray] – “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
HKLMSOFTWAREwow6432Node | Run : [Ad-Aware Antivirus] – “C:Program Files (x86)Ad-Aware AntivirusAdAwareLauncher” –windows-run
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [Xvid] – C:Program Files (x86)XvidCheckUpdate.exe
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [FreeMi UPnP Media Server] – C:Program FilesFreeMi UPnP Media ServerFreeMi UPnP Media Server.exe
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [IDMan] – C:Program Files (x86)Internet Download ManagerIDMan.exe /onboot
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [Skype] – “c:program files (x86)skypephoneskype.exe” /minimized /regrun
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [Advanced SystemCare Ultimate] – “C:Program Files (x86)IObitAdvanced SystemCare UltimateASCTray.exe” /AutoStart
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] – “C:Program Files (x86)Common FilesNeroLibNMBgMonitor.exe”
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [Facebook Update] – “C:UsersdanAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [EPSON SX125 Series] – C:WINDOWSsystem32spoolDRIVERSx643E_IATIGGE.EXE /FU “C:WINDOWSTEMPE_SC51F.tmp” /EF “HKCU”
HKUS-1-5-21-1492962219-184763394-522556990-1001SOFTWARE | Run : [SmileboxTray] – “C:UsersdanAppDataRoamingSmileboxSmileboxTray.exe”

################## | Éléments infectieux |

Présent! D:EPSETUP.EXE
Présent! D:AUTORUN.INF
Présent! F:AUTORUN.INF
Présent! F:autorun.exe
Présent! F:Autorun.ini

################## | Registre |

################## | Mountpoints2 |

HKCU….ExplorerMountPoints2{19cbedfe-aeac-11e2-be6d-eca86b335ff7}
ShellAutoRunCommand = “F:AUTORUN.EXE”

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:39ob4y21]