Répondre à : Transformation de fichiers en raccourcis ! 2016-09-08T13:08:31+00:00
bennmanga
Participant
Nombre d'articles : 18

Voilà mon rapport ! [spoiler:2g0mbnsy]############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Ben (Administrateur) # BENMANGA
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 18:16:53 | 09/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (M5A78L)
CPU: AMD Phenom(tm) II X4 955 Processor
RAM -> [Total : 4094 | Free : 1242]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus 2014 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 931 Go (156 Go libre(s) – 17%) [] # NTFS
D: -> Disque fixe # 60 Go (40 Go libre(s) – 66%) [ACER] # FAT32
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 8 Go (2 Go libre(s) – 23%) [Intenso] # FAT32
H: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 436 |ParentID 428)
C:Windowssystem32wininit.exe (ID 508 |ParentID 428)
C:Windowssystem32csrss.exe (ID 544 |ParentID 524)
C:Windowssystem32services.exe (ID 568 |ParentID 508)
C:Windowssystem32lsass.exe (ID 588 |ParentID 508)
C:Windowssystem32lsm.exe (ID 596 |ParentID 508)
C:Windowssystem32winlogon.exe (ID 664 |ParentID 524)
C:Windowssystem32svchost.exe (ID 748 |ParentID 568)
C:Windowssystem32svchost.exe (ID 828 |ParentID 568)
C:Windowssystem32atiesrxx.exe (ID 916 |ParentID 568)
C:WindowsSystem32svchost.exe (ID 952 |ParentID 568)
C:WindowsSystem32svchost.exe (ID 992 |ParentID 568)
C:Windowssystem32svchost.exe (ID 116 |ParentID 568)
C:Windowssystem32svchost.exe (ID 304 |ParentID 568)
C:Program FilesTabletPenWTabletServiceCon.exe (ID 1068 |ParentID 568)
C:Windowssystem32svchost.exe (ID 1128 |ParentID 568)
C:Windowssystem32atieclxx.exe (ID 1272 |ParentID 916)
C:WindowsSystem32spoolsv.exe (ID 1436 |ParentID 568)
C:Windowssystem32svchost.exe (ID 1464 |ParentID 568)
C:WindowsSysWOW64svchost.exe (ID 1572 |ParentID 568)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID 1592 |ParentID 568)
C:Program Files (x86)ASUSAsSysCtrlService1.00.02AsSysCtrlService.exe (ID 1680 |ParentID 568)
C:Program Files (x86)Freenetbinwrapper-windows-x86-32.exe (ID 1856 |ParentID 568)
C:Windowssystem32conhost.exe (ID 1884 |ParentID 436)
C:WindowsSystem32svchost.exe (ID 1892 |ParentID 568)
C:WindowsSystem32svchost.exe (ID 1948 |ParentID 568)
C:WindowsSysWOW64PnkBstrA.exe (ID 1988 |ParentID 568)
C:Windowssystem32taskhost.exe (ID 1056 |ParentID 568)
C:Windowssystem32Dwm.exe (ID 1536 |ParentID 992)
C:Windowssystem32taskeng.exe (ID 1364 |ParentID 304)
C:WindowsExplorer.EXE (ID 1848 |ParentID 1212)
C:Program Files (x86)ASUSEPU-4 EngineFourEngine.exe (ID 2016 |ParentID 1364)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 2292 |ParentID 1848)
C:Windowsvsnp2std.exe (ID 2304 |ParentID 1848)
C:Windowssystem32svchost.exe (ID 2544 |ParentID 568)
C:Program FilesMicrosoft Xbox 360 AccessoriesXBoxStat.exe (ID 2560 |ParentID 1848)
C:WindowsSystem32DriversWTSRV.EXE (ID 2620 |ParentID 568)
C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe (ID 2732 |ParentID 1848)
C:UsersBenAppDataLocalAkamainetsession_win.exe (ID 2752 |ParentID 1848)
C:UsersBenAppDataLocalAkamainetsession_win.exe (ID 2800 |ParentID 2752)
C:WindowsSystem32wscript.exe (ID 2920 |ParentID 1848)
C:Program FilesASUSTurbo KeyTurboKey.exe (ID 3008 |ParentID 2928)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 2840 |ParentID 2928)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2968 |ParentID 2316)
C:Jeuxhamachi-2.exe (ID 3288 |ParentID 568)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 3696 |ParentID 2968)
C:Windowssystem32wbemwmiprvse.exe (ID 3916 |ParentID 748)
C:JeuxLMIGuardianSvc.exe (ID 4008 |ParentID 3288)
C:WindowsSysWOW64java.exe (ID 4544 |ParentID 1856)
C:Program Files (x86)ATI TechnologiesHydraVisionHydraDM.exe (ID 3128 |ParentID 3696)
C:Windowssystem32SearchIndexer.exe (ID 4676 |ParentID 568)
C:Windowssystem32svchost.exe (ID 3228 |ParentID 568)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 1796 |ParentID 568)
C:Windowssystem32svchost.exe (ID 5172 |ParentID 568)
C:Program FilesTabletPenPen_TabletUser.exe (ID 5316 |ParentID 1068)
C:Program FilesTabletPenWacomHost.exe (ID 5332 |ParentID 1068)
C:Program FilesTabletPenPen_TouchUser.exe (ID 5536 |ParentID 1068)
C:Program FilesTabletPenPen_Tablet.exe (ID 5660 |ParentID 5332)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 1628 |ParentID 568)
C:WindowsSystem32svchost.exe (ID 5608 |ParentID 568)
C:Windowssystem32DllHost.exe (ID 5808 |ParentID 748)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 216 |ParentID 1848)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6108 |ParentID 216)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3896 |ParentID 216)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2984 |ParentID 216)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3068 |ParentID 216)
C:Program Files (x86)Common FilesAdobeUpdater6Adobe_Updater.exe (ID 1396 |ParentID 1160)
C:Program Files (x86)AVGAVG2014avgwdsvc.exe (ID 1832 |ParentID 568)
C:Program FilesWindows Sidebarsidebar.exe (ID 6320 |ParentID 568)
C:Program Files (x86)AVGAVG2014avgnsa.exe (ID 7088 |ParentID 1832)
C:Program Files (x86)AVGAVG2014avgcsrva.exe (ID 5472 |ParentID 7088)
C:Program Files (x86)AVGAVG2014avgui.exe (ID 5388 |ParentID 6292)
C:Program Files (x86)AVGAVG2014avgcfgex.exe (ID 408 |ParentID 5388)
C:Program Files (x86)AVGAVG2014avgidsagent.exe (ID 7100 |ParentID 568)
C:Program Files (x86)AVGAVG2014avgrsa.exe (ID 6464 |ParentID 1832)
C:Program Files (x86)AVGAVG2014avgcsrva.exe (ID 6520 |ParentID 6464)
C:Program Files (x86)AVGAVG2014avgcsrva.exe (ID 3984 |ParentID 1832)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3140 |ParentID 568)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 4088 |ParentID 3140)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6016 |ParentID 216)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 1724 |ParentID 216)
C:WindowsSystem32WUDFHost.exe (ID 1956 |ParentID 992)
C:UsbFixGo.exe (ID 3892 |ParentID 1848)
C:Windowssystem32DllHost.exe (ID 1744 |ParentID 748)

################## | Regedit Run |

HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Turbo Key] – “C:Program FilesASUSTurbo KeyTurboKey.exe”
HKLMSOFTWARE | Run : [AdobeCS4ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [WTClient] – WTClient.exe
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [LogMeIn Hamachi Ui] – “C:Jeuxhamachi-2-ui.exe” –auto-start
HKLMSOFTWARE | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Turbo Key] – “C:Program FilesASUSTurbo KeyTurboKey.exe”
HKLMSOFTWAREwow6432Node | Run : [AdobeCS4ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [WTClient] – WTClient.exe
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [LogMeIn Hamachi Ui] – “C:Jeuxhamachi-2-ui.exe” –auto-start
HKLMSOFTWAREwow6432Node | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [uTorrent] – “C:Program Files (x86)uTorrentuTorrent.exe” /MINIMIZED
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Pando Media Booster] – C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersBenAppDataLocalAkamainetsession_win.exe”
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Steam] – “C:Program Files (x86)SteamSteam.exe” -silent
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Facebook Update] – “C:UsersBenAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Clownfish] – “C:Program Files (x86)ClownfishClownfish.exe”
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [HydraVisionDesktopManager] – “C:Program Files (x86)ATI TechnologiesHydraVisionHydraDM.exe”
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-1097147635-3363988166-1689558142-1000SOFTWARE | Run : [Activator] – wscript.exe //B “C:UsersBenAppDataLocalTempActivator.vbs”
HKUS-1-5-21-1097147635-3363988166-1689558142-1007SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-1097147635-3363988166-1689558142-1007SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Éléments infectieux |

Présent! H:Activator.vbs
Présent! G:$AVG.lnk
Présent! G:Liste SH1.lnk
Présent! G:Book1.lnk
Présent! G:Liste SH1 XL.lnk
Présent! G:6323130983.lnk
Présent! G:6391226688.lnk
Présent! G:6319616950.lnk
Présent! G:111 V3.lnk
Présent! G:111 Sceau.lnk
Présent! G:2013-04-07 Photos Tunisie G.lnk
Présent! G:Autres.lnk
Présent! G:Eur.lnk
Présent! G:Belgocontrol.lnk
Présent! G:Photos Nokia C5.lnk
Présent! G:Cours.lnk
Présent! C:UsersBenAppDataLocalTemputtB08F.tmp.exe
Présent! C:UsersBenAppDataLocalTemputtD624.tmp.exe
Présent! C:UsersBenAppDataLocalTemputtF318.tmp.exe
Présent! C:UsersBenAppDataLocalTemputtF8E.tmp.exe
Présent! C:UsersBenAppDataLocalTemp7za.exe

################## | Registre |

Présent! HKUS-1-5-21-1097147635-3363988166-1689558142-1000SoftwareMicrosoftWindowsCurrentVersionRun|Activator
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Activator
Présent! HKUS-1-5-21-1097147635-3363988166-1689558142-1000SoftwareMicrosoftWindowsCurrentVersionRun|Activator
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Activator
HKCU….ExplorerMountPoints2{764f4e02-c034-11e0-963f-f46d044776c5}
ShellAutoRunCommand = F:Setup.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2g0mbnsy]