Répondre à : Je suis tout vérolé…. 2016-09-08T13:08:34+00:00
Arsouille Slick
Participant
Nombre d'articles : 10

Voilà pour le rapport.

Merci H.A.W.X, bon courage pour ton boulot ! 😉
[spoiler:11yb9myc]############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Arsouille Slick (Administrateur) # ARSOUILLESLICK
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 21:55:35 | 09/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0YXXJJ)
CPU: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
RAM -> [Total : 3959 | Free : 1742]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 581 Go (337 Go libre(s) – 58%) [OS] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [] # FAT32
G: -> Disque amovible # 961 Mo (961 Mo libre(s) – 100%) [] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 440 |ParentID 424)
C:Windowssystem32wininit.exe (ID 512 |ParentID 424)
C:Windowssystem32services.exe (ID 580 |ParentID 512)
C:Windowssystem32lsass.exe (ID 596 |ParentID 512)
C:Windowssystem32lsm.exe (ID 604 |ParentID 512)
C:Windowssystem32svchost.exe (ID 760 |ParentID 580)
C:Program Files (x86)Common FilesCOMODOlauncher_service.exe (ID 832 |ParentID 580)
C:Windowssystem32svchost.exe (ID 868 |ParentID 580)
C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe (ID 916 |ParentID 580)
C:Windowssystem32svchost.exe (ID 996 |ParentID 580)
C:Windowssystem32atiesrxx.exe (ID 284 |ParentID 580)
C:WindowsSystem32svchost.exe (ID 452 |ParentID 580)
C:WindowsSystem32svchost.exe (ID 444 |ParentID 580)
C:Windowssystem32svchost.exe (ID 520 |ParentID 580)
C:Windowssystem32svchost.exe (ID 120 |ParentID 580)
C:Program FilesIDTWDMSTacSV64.exe (ID 1064 |ParentID 580)
C:Windowssystem32WLANExt.exe (ID 1504 |ParentID 444)
C:Windowssystem32conhost.exe (ID 1512 |ParentID 440)
C:WindowsSystem32spoolsv.exe (ID 1668 |ParentID 580)
C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 1696 |ParentID 580)
C:Windowssystem32svchost.exe (ID 1720 |ParentID 580)
C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ID 1836 |ParentID 580)
C:Program Files (x86)AdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe (ID 1860 |ParentID 580)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1952 |ParentID 580)
C:Program FilesIDTWDMAESTSr64.exe (ID 2000 |ParentID 580)
C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 2036 |ParentID 580)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 524 |ParentID 580)
C:Program FilesBonjourmDNSResponder.exe (ID 1368 |ParentID 580)
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID 1520 |ParentID 580)
C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe (ID 1792 |ParentID 580)
C:Program Files (x86)LogMeIn Hamachihamachi-2.exe (ID 1980 |ParentID 580)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 2076 |ParentID 580)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (ID 2116 |ParentID 580)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (ID 2200 |ParentID 580)
C:Program Files (x86)NewTech InfosystemsBackup Now EZBackupNowEZSvr.exe (ID 2240 |ParentID 580)
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (ID 2300 |ParentID 580)
C:Program Files (x86)Dell DataSafe Local Backupsftservice.EXE (ID 2560 |ParentID 580)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID 2584 |ParentID 580)
C:Windowssystem32svchost.exe (ID 2644 |ParentID 580)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2692 |ParentID 580)
C:Program FilesIntelWiFibinEvtEng.exe (ID 2736 |ParentID 580)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2780 |ParentID 2692)
C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID 3008 |ParentID 580)
C:Windowssystem32wbemunsecapp.exe (ID 1424 |ParentID 760)
C:Windowssystem32wbemwmiprvse.exe (ID 3080 |ParentID 760)
C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID 3560 |ParentID 580)
C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 4060 |ParentID 2036)
C:Windowssystem32svchost.exe (ID 2604 |ParentID 580)
C:WindowsSystem32WUDFHost.exe (ID 3700 |ParentID 444)
C:Windowssystem32wbemwmiprvse.exe (ID 3100 |ParentID 760)
C:Windowssystem32svchost.exe (ID 5212 |ParentID 580)
C:Windowssystem32SearchIndexer.exe (ID 4012 |ParentID 580)
C:Program FilesiPodbiniPodService.exe (ID 4472 |ParentID 580)
C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 5568 |ParentID 580)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 5456 |ParentID 580)
C:WindowsSystem32svchost.exe (ID 6408 |ParentID 580)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 7084 |ParentID 580)
C:Windowssystem32csrss.exe (ID 7348 |ParentID 9544)
C:Windowssystem32winlogon.exe (ID 7524 |ParentID 9544)
C:Windowssystem32atieclxx.exe (ID 6024 |ParentID 284)
C:Windowssystem32taskhost.exe (ID 9400 |ParentID 580)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (ID 6920 |ParentID 2200)
C:Windowssystem32Dwm.exe (ID 6716 |ParentID 444)
C:WindowsExplorer.EXE (ID 6276 |ParentID 6272)
C:Program FilesIDTWDMsttray64.exe (ID 5016 |ParentID 6276)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 3624 |ParentID 6276)
C:Program FilesDellQuickSetquickset.exe (ID 1176 |ParentID 6276)
C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe (ID 1044 |ParentID 6276)
C:Program FilesCOMODOCOMODO Internet Securitycfp.exe (ID 8900 |ParentID 6276)
C:UsersArsouille SlickAppDataLocalFacebookUpdateFacebookUpdate.exe (ID 9164 |ParentID 6276)
C:UsersArsouille SlickAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID 6188 |ParentID 6276)
C:WindowsSystem32wscript.exe (ID 5908 |ParentID 6276)
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID 3680 |ParentID 6276)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 9240 |ParentID 3624)
C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 8148 |ParentID 2508)
C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe (ID 6612 |ParentID 2508)
C:Windowssystem32wbemunsecapp.exe (ID 9592 |ParentID 760)
C:Program Files (x86)Dell DataSafe Local BackupTOASTER.EXE (ID 9192 |ParentID 2560)
C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exe (ID 3368 |ParentID 884)
C:Program Files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXE (ID 940 |ParentID 2560)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 5216 |ParentID 9388)
C:Program Files (x86)AdobePhotoshop Elements 6.0apdproxy.exe (ID 5228 |ParentID 2508)
C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe (ID 5584 |ParentID 2508)
C:Program Files (x86)COMODOGeekBuddyunit_manager.exe (ID 8548 |ParentID 832)
C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe (ID 8324 |ParentID 2508)
C:Program Files (x86)FreecorderFLVSrvc.exe (ID 9556 |ParentID 2508)
C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID 6712 |ParentID 5508)
C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID 7248 |ParentID 6712)
C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe (ID 9420 |ParentID 2508)
C:Program Files (x86)Common FilesArcSoftConnection ServiceBinArcCon.ac (ID 8372 |ParentID 8324)
C:Program Files (x86)COMODOGeekBuddyunit.exe (ID 6288 |ParentID 8548)
C:Program Files (x86)NewTech InfosystemsBackup Now EZBackupNowEZtray.exe (ID 8868 |ParentID 2508)
C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe (ID 9760 |ParentID 2508)
C:Program Files (x86)iTunesiTunesHelper.exe (ID 1072 |ParentID 2508)
C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 9484 |ParentID 2508)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 1556 |ParentID 2508)
C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe (ID 6960 |ParentID 2508)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 6548 |ParentID 5216)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 8112 |ParentID 6276)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5628 |ParentID 8112)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7544 |ParentID 8112)
C:Program Files (x86)XnViewxnview.exe (ID 3900 |ParentID 6276)
C:Program Files (x86)AdobePhotoshop CSPhotoshop.exe (ID 10180 |ParentID 6276)
C:Windowssplwow64.exe (ID 8028 |ParentID 10180)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6984 |ParentID 8112)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7444 |ParentID 8112)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 7792 |ParentID 8112)
C:UsbFixGo.exe (ID 7456 |ParentID 8252)
c:program fileswindows defenderMpCmdRun.exe (ID 8452 |ParentID 6628)

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Adobe Photo Downloader] – “C:Program Files (x86)AdobePhotoshop Elements 6.0apdproxy.exe”
HKLMSOFTWARE | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
HKLMSOFTWARE | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
HKLMSOFTWARE | Run : [Freecorder FLV Service] – “C:Program Files (x86)FreecorderFLVSrvc.exe” /run
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWARE | Run : [BackupNowEZtray] – “C:Program Files (x86)NewTech InfosystemsBackup Now EZBackupNowEZtray.exe” -k
HKLMSOFTWARE | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [tvncontrol] – “C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe” -controlservice -slave
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Photo Downloader] – “C:Program Files (x86)AdobePhotoshop Elements 6.0apdproxy.exe”
HKLMSOFTWAREwow6432Node | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
HKLMSOFTWAREwow6432Node | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
HKLMSOFTWAREwow6432Node | Run : [Freecorder FLV Service] – “C:Program Files (x86)FreecorderFLVSrvc.exe” /run
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [DivXUpdate] – “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
HKLMSOFTWAREwow6432Node | Run : [BackupNowEZtray] – “C:Program Files (x86)NewTech InfosystemsBackup Now EZBackupNowEZtray.exe” -k
HKLMSOFTWAREwow6432Node | Run : [LogMeIn Hamachi Ui] – “C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe” –auto-start
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [tvncontrol] – “C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe” -controlservice -slave
HKLMSOFTWARE | RunOnce : [“C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”] – “C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [“C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”] – “C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [EPSON Stylus DX4000 Series] – C:Windowssystem32spoolDRIVERSx643E_FATIBEE.EXE /FU “C:WindowsTEMPE_S4F0C.tmp” /EF “HKCU”
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [Facebook Update] – “C:UsersArsouille SlickAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [Media Finder] – “C:Program Files (x86)Media FinderMF.exe” /opentotray
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsersArsouille SlickAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-996638935-1206935677-1497400228-1000SOFTWARE | Run : [mhH5Vwcp] – wscript.exe //B “C:UsersARSOUI~1AppDataLocalTempmhH5Vwcp.vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Éléments infectieux |

Présent! E:mhH5Vwcp.vbs
Présent! G:mhH5Vwcp.vbs
Présent! C:UsersARSOUI~1AppDataLocalTempmhH5Vwcp.vbs
Présent! C:UsersArsouille SlickAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmhH5Vwcp.vbs
Présent! C:UsersArsouille SlickAppDataLocalTempmhH5Vwcp.vbs
Présent! C:UsersBénédicte Le RouxAppDataLocalTempmhH5Vwcp.vbs
Présent! C:UsersBénédicte Le RouxAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmhH5Vwcp.vbs

################## | Registre |

Présent! HKUS-1-5-21-996638935-1206935677-1497400228-1000SoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Présent! HKUS-1-5-21-996638935-1206935677-1497400228-1000SoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Présent! HKUS-1-5-21-996638935-1206935677-1497400228-1000SoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Présent! HKUS-1-5-21-996638935-1206935677-1497400228-1000SoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|mhH5Vwcp
HKCU….ExplorerMountPoints2{2531fb7a-4f3f-11e1-b0f0-bf7c4a783d88}
ShellAutoRunCommand = E:LaunchU3.exe -a

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:11yb9myc]