Répondre à : clé usb infectée 2016-09-08T13:08:22+00:00
ilema
Post count: 0

[spoiler:29mn0y66]############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Amélie (Administrateur) # PC-DE-AMÉLIE
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 21:29:12 | 08/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (F5SL )
CPU: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
RAM -> [Total : 3071 | Free : 1080]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (59 Go libre(s) – 40%) [VistaOS] # NTFS
D: -> Disque fixe # 139 Go (53 Go libre(s) – 38%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (2 Go libre(s) – 48%) [USB AMÉLIE] # FAT32
H: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 620 |ParentID 608)
C:Windowssystem32wininit.exe (ID 680 |ParentID 608)
C:Windowssystem32csrss.exe (ID 692 |ParentID 672)
C:Windowssystem32services.exe (ID 732 |ParentID 680)
C:Windowssystem32lsass.exe (ID 748 |ParentID 680)
C:Windowssystem32lsm.exe (ID 756 |ParentID 680)
C:Windowssystem32winlogon.exe (ID 792 |ParentID 672)
C:Windowssystem32svchost.exe (ID 952 |ParentID 732)
C:Windowssystem32svchost.exe (ID 1028 |ParentID 732)
C:WindowsSystem32svchost.exe (ID 1088 |ParentID 732)
C:Windowssystem32Ati2evxx.exe (ID 1176 |ParentID 732)
C:WindowsSystem32svchost.exe (ID 1196 |ParentID 732)
C:WindowsSystem32svchost.exe (ID 1292 |ParentID 732)
C:Windowssystem32svchost.exe (ID 1308 |ParentID 732)
C:Windowssystem32svchost.exe (ID 1416 |ParentID 732)
C:Windowssystem32SLsvc.exe (ID 1444 |ParentID 732)
C:Windowssystem32svchost.exe (ID 1504 |ParentID 732)
C:Windowssystem32Ati2evxx.exe (ID 1552 |ParentID 1176)
C:Windowssystem32svchost.exe (ID 1840 |ParentID 732)
C:Windowssystem32Dwm.exe (ID 1960 |ParentID 1292)
C:WindowsExplorer.EXE (ID 1980 |ParentID 1920)
C:Program FilesASUSASUS Data Security ManagerADSMSrv.exe (ID 2016 |ParentID 732)
C:Program FilesATK HotkeyASLDRSrv.exe (ID 200 |ParentID 732)
C:Program FilesATKGFNEXGFNEXSrv.exe (ID 276 |ParentID 732)
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID 320 |ParentID 732)
C:WindowsSystem32spoolsv.exe (ID 1320 |ParentID 732)
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (ID 1536 |ParentID 732)
C:Windowssystem32taskeng.exe (ID 1580 |ParentID 1308)
C:Windowssystem32taskeng.exe (ID 1888 |ParentID 1308)
C:Program FilesATK HotkeyHcontrol.exe (ID 2036 |ParentID 200)
C:Program FilesATKOSD2ATKOSD2.exe (ID 844 |ParentID 200)
C:Program FilesWireless Console 2wcourier.exe (ID 600 |ParentID 200)
C:Program FilesP4GBatteryLife.exe (ID 596 |ParentID 200)
C:Program FilesASUSSplendidACMON.exe (ID 1724 |ParentID 200)
C:Windowssystem32taskeng.exe (ID 2124 |ParentID 1308)
C:Program FilesASUSASUS Live UpdateALU.exe (ID 2256 |ParentID 2124)
C:Windowssystem32svchost.exe (ID 2272 |ParentID 732)
C:WindowsSystem32ACEngSvr.exe (ID 2344 |ParentID 952)
C:Program FilesATK HotkeyATKOSD.exe (ID 2560 |ParentID 2036)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID 2748 |ParentID 732)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 2772 |ParentID 732)
C:Program FilesATK HotkeyKBFiltr.exe (ID 2816 |ParentID 2036)
C:Program FilesBonjourmDNSResponder.exe (ID 2852 |ParentID 732)
C:Windowssystem32svchost.exe (ID 2908 |ParentID 732)
C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID 2924 |ParentID 732)
C:WindowsSystem32svchost.exe (ID 2980 |ParentID 732)
C:WindowsSystem32svchost.exe (ID 3016 |ParentID 732)
C:Windowssystem32svchost.exe (ID 3048 |ParentID 732)
C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe (ID 3128 |ParentID 732)
C:Windowssystem32svchost.exe (ID 3176 |ParentID 732)
C:WindowsSystem32svchost.exe (ID 3252 |ParentID 732)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3288 |ParentID 732)
C:Windowssystem32SearchIndexer.exe (ID 3356 |ParentID 732)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 3500 |ParentID 3288)
C:PROGRA~1SearchProtectMainbinCltMngSvc.exe (ID 3588 |ParentID 732)
C:PROGRA~1SearchProtectSearchProtectbincltmng.exe (ID 3800 |ParentID 3588)
C:PROGRA~1SearchProtectUIbincltmngui.exe (ID 3820 |ParentID 3588)
C:WindowsSystem32WUDFHost.exe (ID 1752 |ParentID 1292)
C:Windowssystem32wbemwmiprvse.exe (ID 308 |ParentID 952)
C:WindowsSystem32alg.exe (ID 4840 |ParentID 732)
C:Program FilesWindows DefenderMSASCui.exe (ID 5152 |ParentID 1980)
C:WindowsRtHDVCpl.exe (ID 5380 |ParentID 1980)
C:Program FilesMotorolaSMSERIALsm56hlpr.exe (ID 5404 |ParentID 1980)
C:Program FilesWindows Media Playerwmpnscfg.exe (ID 5520 |ParentID 1980)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 5528 |ParentID 1980)
C:Program FilesASUSATK MediaDMedia.exe (ID 5544 |ParentID 1980)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 5640 |ParentID 732)
C:WindowsSystem32ASUSTPE.exe (ID 5648 |ParentID 1980)
C:Program FilesP4PP4P.exe (ID 5668 |ParentID 1980)
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (ID 5676 |ParentID 5216)
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID 5684 |ParentID 5240)
C:WindowsASScrPro.exe (ID 5764 |ParentID 1980)
C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID 5868 |ParentID 1980)
C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID 6080 |ParentID 1980)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID 6096 |ParentID 1980)
C:Program FilesiTunesiTunesHelper.exe (ID 6104 |ParentID 1980)
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID 6132 |ParentID 1980)
C:UsersAmélieProgram FilesDNAbtdna.exe (ID 6140 |ParentID 1980)
C:Program FilesOrangeMailNotifierMailNotifier.exe (ID 4172 |ParentID 1980)
C:Program FilesMyTomTom 3MyTomTomSA.exe (ID 2668 |ParentID 1980)
C:Program FilesSkypePhoneSkype.exe (ID 2088 |ParentID 1980)
C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID 4244 |ParentID 1980)
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe (ID 5792 |ParentID 732)
C:Program FilesiPodbiniPodService.exe (ID 3448 |ParentID 732)
C:Windowssystem32svchost.exe (ID 1920 |ParentID 732)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 3760 |ParentID 5528)
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID 3064 |ParentID 5684)
C:Program FilesHPDigital ImagingbinhpqSTE08.exe (ID 5984 |ParentID 4244)
C:Program FilesHPDigital Imagingbinhpqbam08.exe (ID 3668 |ParentID 952)
C:Program FilesHPDigital Imagingbinhpqgpc01.exe (ID 3284 |ParentID 952)
C:Windowssystem32wbemunsecapp.exe (ID 5136 |ParentID 952)
C:Windowssystem32wbemwmiprvse.exe (ID 4120 |ParentID 952)
C:Program FilesMozilla Firefoxfirefox.exe (ID 6816 |ParentID 3152)
C:Program FilesMozilla Firefoxplugin-container.exe (ID 7312 |ParentID 6816)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 7436 |ParentID 7312)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 7456 |ParentID 7436)
C:WindowsSystem32mobsync.exe (ID 6172 |ParentID 952)
C:Program FilesMozilla Firefoxplugin-container.exe (ID 3724 |ParentID 6816)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 7648 |ParentID 3724)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 6436 |ParentID 7648)
C:Windowssystem32SearchProtocolHost.exe (ID 8116 |ParentID 3356)
C:Windowssystem32SearchFilterHost.exe (ID 8180 |ParentID 3356)
C:UsbFixGo.exe (ID 500 |ParentID 6888)

################## | Regedit Run |

HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
HKLMSOFTWARE | Run : [ccApp] – “C:Program FilesCommon FilesSymantec SharedccApp.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe”
HKLMSOFTWARE | Run : [RtHDVCpl] – RtHDVCpl.exe
HKLMSOFTWARE | Run : [SMSERIAL] – C:Program FilesMotorolaSMSERIALsm56hlpr.exe
HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program FilesASUSATK MediaDMEDIA.EXE
HKLMSOFTWARE | Run : [ASUSTPE] – C:Windowssystem32ASUSTPE.exe
HKLMSOFTWARE | Run : [PowerForPhone] – “C:Program FilesP4PP4P.exe”
HKLMSOFTWARE | Run : [ASUS Camera ScreenSaver] – C:WindowsASScrProlog.exe
HKLMSOFTWARE | Run : [ASUS Screen Saver Protector] – C:WindowsASScrPro.exe
HKLMSOFTWARE | Run : [SpeedTouch USB Diagnostics] – “C:Program FilesThomsonSpeedTouch USBDragdiag.exe” /icon
HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [Skytel] – Skytel.exe
HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
HKLMSOFTWARE | Run : [hpqSRMon] – C:Program FilesHPDigital ImagingbinhpqSRMon.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [RocketDock] – “C:Program FilesRocketDockRocketDock.exe”
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [BitTorrent DNA] – “C:UsersAmélieProgram FilesDNAbtdna.exe”
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [Livestation] – C:Program FilesLivestationLivestation.exe -startup
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [AlcoholAutomount] – “C:Program FilesAlcohol SoftAlcohol 52axcmd.exe” /automount
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [MailNotifier] – C:Program FilesOrangeMailNotifierMailNotifier.exe
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [MyTomTomSA.exe] – “C:Program FilesMyTomTom 3MyTomTomSA.exe”
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-3658133358-2679343384-159820468-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
HKUS-1-5-19SOFTWARE | RunOnce : [] –
HKUS-1-5-20SOFTWARE | RunOnce : [] –
HKUS-1-5-18SOFTWARE | RunOnce : [] –

################## | Éléments infectieux |

Présent! C:UsersAMLIE~1AppDataLocalTemputt51B5.tmp.exe
Présent! C:UsersAMLIE~1AppDataLocalTemputtDD88.tmp.exe

################## | Registre |

Présent! HKLMSoftwarePoliciesMicrosoftWindows NTSystemRestore|DisableConfig
Présent! HKLMSoftwarePoliciesMicrosoftWindows NTSystemRestore|DisableSR
HKCU….ExplorerMountPoints2{1a53499f-232d-11e0-8223-00221577b14a}
ShellAutoRunCommand = F:Startme.exe

HKCU….ExplorerMountPoints2{27f505ba-d8b5-11dd-abdf-00221577b14a}
ShellAutoRunCommand = H:EmDesk.exe
ShellEmDeskCommand = H:EmDesk.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:29mn0y66]