Répondre à : Virus transforme les fichiers sur clé USB en raccourcis 2016-09-08T13:09:36+00:00
Photo du profil de Nico.EsnNico.Esn
Participant
Post count: 1

Voilà le rapport :

[spoiler:aw949j86]############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Nicolas Es (Administrateur) # NICOLASES-PC
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 22:44:34 | 15/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (X75VD)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 3980 | Free : 1261]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 279 Go (189 Go libre(s) – 68%) [OS] # NTFS
D: -> Disque fixe # 394 Go (299 Go libre(s) – 76%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 2 Go (2 Go libre(s) – 100%) [ESNAULT D] # FAT
G: -> Disque amovible # 981 Mo (980 Mo libre(s) – 100%) [ESNAULT DAM] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 608 |ParentID 576)
C:Windowssystem32csrss.exe (ID 696 |ParentID 688)
C:Windowssystem32wininit.exe (ID 704 |ParentID 576)
C:Windowssystem32winlogon.exe (ID 744 |ParentID 688)
C:Windowssystem32services.exe (ID 800 |ParentID 704)
C:Windowssystem32lsass.exe (ID 808 |ParentID 704)
C:Windowssystem32lsm.exe (ID 816 |ParentID 704)
C:Windowssystem32svchost.exe (ID 912 |ParentID 800)
C:Windowssystem32nvvsvc.exe (ID 1004 |ParentID 800)
C:Windowssystem32svchost.exe (ID 368 |ParentID 800)
C:WindowsSystem32svchost.exe (ID 636 |ParentID 800)
C:WindowsSystem32svchost.exe (ID 688 |ParentID 800)
C:Windowssystem32svchost.exe (ID 900 |ParentID 800)
C:Windowssystem32svchost.exe (ID 616 |ParentID 800)
C:Windowssystem32svchost.exe (ID 1236 |ParentID 800)
C:Windowssystem32WLANExt.exe (ID 1408 |ParentID 688)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID 1416 |ParentID 800)
C:Windowssystem32conhost.exe (ID 1428 |ParentID 608)
C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID 1448 |ParentID 1004)
C:Windowssystem32nvvsvc.exe (ID 1456 |ParentID 1004)
C:WindowsSYSTEM32WISPTIS.EXE (ID 1468 |ParentID 688)
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID 1624 |ParentID 800)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1656 |ParentID 800)
C:WindowsSystem32spoolsv.exe (ID 1892 |ParentID 800)
C:Windowssystem32svchost.exe (ID 1920 |ParentID 800)
C:Windowssystem32svchost.exe (ID 1944 |ParentID 800)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1068 |ParentID 800)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1196 |ParentID 800)
C:Program Files (x86)ASUSInstantOn for NBInsOnSrv.exe (ID 1332 |ParentID 800)
C:Program FilesBonjourmDNSResponder.exe (ID 1580 |ParentID 800)
C:Program Files (x86)firebirdfirebird_2_1binfbguard.exe (ID 1740 |ParentID 800)
C:WindowsSysWOW64svchost.exe (ID 2020 |ParentID 800)
C:Program FilesInteliCLS ClientHeciServer.exe (ID 1076 |ParentID 800)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID 2056 |ParentID 800)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID 2092 |ParentID 800)
C:WindowsSystem32svchost.exe (ID 2124 |ParentID 800)
C:Program Files (x86)PDF ArchitectHelperService.exe (ID 2180 |ParentID 800)
C:Program Files (x86)PDF ArchitectConversionService.exe (ID 2248 |ParentID 800)
C:WindowsSystem32svchost.exe (ID 2284 |ParentID 800)
C:Windowssystem32viakaraokesrv.exe (ID 2340 |ParentID 800)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2388 |ParentID 800)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2588 |ParentID 2388)
C:Windowssystem32svchost.exe (ID 2780 |ParentID 800)
C:Program Files (x86)firebirdfirebird_2_1binfbserver.exe (ID 2820 |ParentID 800)
C:Windowssystem32svchost.exe (ID 2988 |ParentID 800)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 3820 |ParentID 800)
C:WindowsSystem32svchost.exe (ID 1644 |ParentID 800)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 1732 |ParentID 800)
C:Windowssystem32SearchIndexer.exe (ID 1536 |ParentID 800)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 4016 |ParentID 800)
C:Windowssystem32taskhost.exe (ID 3364 |ParentID 800)
C:Windowssystem32Dwm.exe (ID 2228 |ParentID 688)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID 2208 |ParentID 1416)
C:WindowsExplorer.EXE (ID 3868 |ParentID 1704)
C:Program Files (x86)ASUSInstantOn for NBInsOnWMI.exe (ID 2324 |ParentID 1332)
C:WindowsSYSTEM32WISPTIS.EXE (ID 3656 |ParentID 688)
C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID 3248 |ParentID 688)
C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe (ID 2612 |ParentID 3248)
C:Windowssystem32taskeng.exe (ID 2560 |ParentID 616)
C:Windowssystem32taskeng.exe (ID 3584 |ParentID 616)
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID 4092 |ParentID 2208)
C:Program FilesASUSP4GBatteryLife.exe (ID 1156 |ParentID 2560)
C:Program Files (x86)ASUSFaceLogonsensorsrv.exe (ID 3128 |ParentID 2560)
C:Program Files (x86)ASUSASUS Virtual TouchQuickGesturex86QuickGesture.exe (ID 2756 |ParentID 2560)
C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID 1824 |ParentID 2560)
C:Program Files (x86)ASUSASUS Virtual TouchQuickGesturex64QuickGesture64.exe (ID 3000 |ParentID 2560)
C:Program Files (x86)ASUSWireless Console 3wcourier.exe (ID 3064 |ParentID 2560)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID 1180 |ParentID 2208)
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID 2860 |ParentID 2208)
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID 4152 |ParentID 3584)
C:WindowsSystem32hkcmd.exe (ID 4232 |ParentID 3868)
C:Program FilesElantechETDCtrl.exe (ID 4824 |ParentID 3868)
C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe (ID 4912 |ParentID 3868)
C:Program Files (x86)ASUSSplendidACMON.exe (ID 4948 |ParentID 3868)
C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (ID 4988 |ParentID 3868)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 5004 |ParentID 3868)
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe (ID 2100 |ParentID 3868)
C:Program FilesElantechETDCtrlHelper.exe (ID 4216 |ParentID 4824)
C:WindowsSysWOW64ACEngSvr.exe (ID 4436 |ParentID 912)
C:Program FilesElantechETDGesture.exe (ID 4384 |ParentID 4824)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 5256 |ParentID 5004)
C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe (ID 5272 |ParentID 5048)
C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe (ID 5300 |ParentID 5048)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 5308 |ParentID 5048)
C:UsersNicolas EsAppDataRoamingDropboxbinDropbox.exe (ID 5508 |ParentID 3868)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 5708 |ParentID 5004)
C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID 5716 |ParentID 1448)
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID 5744 |ParentID 5048)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe (ID 5812 |ParentID 5048)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 5868 |ParentID 5048)
C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID 5884 |ParentID 5048)
C:Program Files (x86)iTunesiTunesHelper.exe (ID 5892 |ParentID 5048)
C:Windowssystem32wbemwmiprvse.exe (ID 5124 |ParentID 912)
C:Program FilesiPodbiniPodService.exe (ID 5412 |ParentID 800)
C:WindowsSystem32svchost.exe (ID 5444 |ParentID 800)
C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe (ID 3660 |ParentID 2100)
C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe (ID 6152 |ParentID 912)
C:PROGRA~2HPDIGITA~1binhpqgpc01.exe (ID 6212 |ParentID 912)
C:Windowssystem32DllHost.exe (ID 6872 |ParentID 912)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 7324 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 7440 |ParentID 5004)
C:Program FilesCommon FilesMicrosoft SharedInkInputPersonalization.exe (ID 4576 |ParentID 800)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 6912 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 4876 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 5880 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 7536 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 7916 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe (ID 6628 |ParentID 7440)
C:Windowssystem32wuauclt.exe (ID 5580 |ParentID 616)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 2656 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 6104 |ParentID 5004)
C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe (ID 4540 |ParentID 5004)
C:Windowssystem32SearchProtocolHost.exe (ID 6280 |ParentID 1536)
C:Windowssystem32SearchFilterHost.exe (ID 1404 |ParentID 1536)
C:WindowsSystem32WUDFHost.exe (ID 7984 |ParentID 688)
C:UsbFixGo.exe (ID 4068 |ParentID 7844)
C:Windowssystem32wbemwmiprvse.exe (ID 6112 |ParentID 912)

################## | Regedit Run |

HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
HKLMSOFTWARE | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWARE | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
HKLMSOFTWAREwow6432Node | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-3460357917-1506867768-932676556-1001SOFTWARE | Run : [Google Update] – “C:UsersNicolas EsAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-3460357917-1506867768-932676556-1001SOFTWARE | Run : [iCloudServices] – C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
HKUS-1-5-21-3460357917-1506867768-932676556-1001SOFTWARE | Run : [GoogleChromeAutoLaunch_41271F1C9FA0A7B1DDE1C1824A77F5AF] – “C:UsersNicolas EsAppDataLocalGoogleChromeApplicationchrome.exe” –no-startup-window
HKUS-1-5-21-3460357917-1506867768-932676556-1001SOFTWARE | Run : [bEWm2wMR] – wscript.exe //B “C:UsersNICOLA~1AppDataLocalTempbEWm2wMR.vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Éléments infectieux |

Présent! F:Road Map for the first lab class September 30.lnk
Présent! F:TD informatique.lnk

################## | Registre |

HKCU….ExplorerMountPoints2G
ShellAutoRunCommand = G:LaunchU3.exe -a

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:aw949j86]