Répondre à : Rapport usbfix 2016-09-08T13:11:44+00:00
groownsfeld
Nombre d'articles : 0

Et voici le rapport de USBFix beta:

Spoiler for 29l17e6h

############################## | UsbFix V 7.146 | [Recherche]

Utilisateur: Lucas (Administrateur) # VAIO
Mis à jour le 27/10/2013 par El Desaparecido – Team SosVirus
Lancé à 19:09:12 | 27/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
RAM -> [Total : 4063 | Free : 1600]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 12.0
WB: Safari : 534.57.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 455 Go (19 Go libre(s) – 4%) [] # NTFS
F: -> CD-ROM
G: -> CD-ROM
H: -> CD-ROM
I: -> Disque amovible # 4 Go (2 Go libre(s) – 65%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 488 |ParentID: 408)
C:Windowssystem32csrss.exe (ID: 552 |ParentID: 544)
C:Windowssystem32wininit.exe (ID: 560 |ParentID: 408)
C:Windowssystem32services.exe (ID: 608 |ParentID: 560)
C:Windowssystem32lsass.exe (ID: 624 |ParentID: 560)
C:Windowssystem32lsm.exe (ID: 636 |ParentID: 560)
C:Windowssystem32winlogon.exe (ID: 664 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 776 |ParentID: 608)
C:Windowssystem32nvvsvc.exe (ID: 836 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 876 |ParentID: 608)
C:WindowsSystem32svchost.exe (ID: 976 |ParentID: 608)
C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 328 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 360 |ParentID: 608)
C:WindowsSystem32svchost.exe (ID: 1088 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 1116 |ParentID: 608)
C:WindowsSystem32spoolsv.exe (ID: 1296 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 1328 |ParentID: 608)
C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe (ID: 1396 |ParentID: 608)
C:Windowssystem32nvvsvc.exe (ID: 1476 |ParentID: 836)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1608 |ParentID: 608)
C:Program FilesBonjourmDNSResponder.exe (ID: 1680 |ParentID: 608)
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 1712 |ParentID: 608)
C:Windowssystem32taskhost.exe (ID: 2008 |ParentID: 608)
C:Windowssystem32Dwm.exe (ID: 860 |ParentID: 1012)
C:WindowsExplorer.EXE (ID: 1380 |ParentID: 1200)
C:WindowsSysWOW64svchost.exe (ID: 1840 |ParentID: 608)
C:WindowsSystem32svchost.exe (ID: 1928 |ParentID: 608)
C:WindowsSystem32svchost.exe (ID: 792 |ParentID: 608)
C:WindowsSysWOW64PnkBstrA.exe (ID: 2068 |ParentID: 608)
C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe (ID: 2188 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 2248 |ParentID: 608)
C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe (ID: 2300 |ParentID: 608)
C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe (ID: 2356 |ParentID: 608)
C:Program FilesSonyVAIO Power ManagementSPMService.exe (ID: 2384 |ParentID: 608)
C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe (ID: 2428 |ParentID: 608)
C:WindowsSysWOW64DllHost.exe (ID: 2456 |ParentID: 776)
C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe (ID: 2472 |ParentID: 608)
C:Program FilesSonyVAIO Smart NetworkVSNService.exe (ID: 2528 |ParentID: 608)
C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe (ID: 2552 |ParentID: 608)
C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe (ID: 2596 |ParentID: 608)
C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDFMEWDFME.exe (ID: 2684 |ParentID: 608)
C:Program Files (x86)SonyVAIO Event ServiceVESMgrSub.exe (ID: 2760 |ParentID: 2356)
C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDSC.exe (ID: 2904 |ParentID: 608)
C:Program FilesSonyVAIO Smart NetworkVSNClient.exe (ID: 2988 |ParentID: 2528)
C:WindowsSystem32svchost.exe (ID: 3056 |ParentID: 608)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2128 |ParentID: 608)
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 1228 |ParentID: 608)
C:Program FilesSonyVAIO Power ManagementSPMgr.exe (ID: 2352 |ParentID: 3004)
C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe (ID: 3176 |ParentID: 608)
C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe (ID: 3240 |ParentID: 608)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3272 |ParentID: 2128)
C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe (ID: 3472 |ParentID: 608)
C:Windowssystem32taskeng.exe (ID: 3568 |ParentID: 360)
C:Program FilesSonyVAIO Update 4VAIOUpdt.exe (ID: 3600 |ParentID: 3568)
C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe (ID: 3744 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 3836 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 2712 |ParentID: 608)
C:WindowsSystem32WUDFHost.exe (ID: 1236 |ParentID: 1012)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (ID: 4184 |ParentID: 608)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (ID: 4400 |ParentID: 608)
C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (ID: 4480 |ParentID: 4400)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 4608 |ParentID: 1380)
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (ID: 4620 |ParentID: 1380)
C:Windowsadapter.exe (ID: 4652 |ParentID: 1380)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4684 |ParentID: 4608)
C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (ID: 4748 |ParentID: 1380)
C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (ID: 4824 |ParentID: 1380)
C:Windowssystem32NOTEPAD.EXE (ID: 4260 |ParentID: 1380)
C:Windowssystem32SearchIndexer.exe (ID: 4468 |ParentID: 608)
C:WindowsSysWOW64explorer.exe (ID: 4328 |ParentID: 4700)
C:UsersPubliciAStorIcon.exe (ID: 4884 |ParentID: 4700)
C:WindowsSysWOW64explorer.exe (ID: 1964 |ParentID: 4920)
C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe (ID: 4272 |ParentID: 4920)
C:Program Files (x86)Common FilesAppleInternet ServicesAPSDaemon.exe (ID: 5540 |ParentID: 776)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1804 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 1640 |ParentID: 608)
C:Windowssystem32svchost.exe (ID: 2892 |ParentID: 608)
C:Program Files (x86)OpenOffice.org 3programswriter.exe (ID: 1452 |ParentID: 1380)
C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 5180 |ParentID: 1452)
C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 5228 |ParentID: 5180)
C:Windowssplwow64.exe (ID: 5188 |ParentID: 5228)
C:Program FilesInternet ExplorerIEXPLORE.EXE (ID: 3036 |ParentID: 4336)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 4032 |ParentID: 3036)
C:Windowssystem32taskhost.exe (ID: 5752 |ParentID: 608)
C:WindowssysWOW64wbemwmiprvse.exe (ID: 2844 |ParentID: 776)
C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 3924 |ParentID: 776)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 3640 |ParentID: 3036)
C:Program Files (x86)ZHPDiagZHPDiag.exe (ID: 4528 |ParentID: 5488)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 1932 |ParentID: 3036)
C:Windowssystem32taskhost.exe (ID: 6584 |ParentID: 608)
C:Windowssystem32taskeng.exe (ID: 5892 |ParentID: 360)
C:Windowssystem32SearchProtocolHost.exe (ID: 3364 |ParentID: 4468)
C:Windowssystem32SearchFilterHost.exe (ID: 732 |ParentID: 4468)
C:UsbFixGo.exe (ID: 3552 |ParentID: 2792)
C:Windowssystem32wbemwmiprvse.exe (ID: 5660 |ParentID: 776)

################## | Regedit Run |

HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [jusched7] – C:UsersLucasAppDataRoamingPublicjusched.exe
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [jusched7] – C:UsersLucasAppDataRoamingPublicjusched.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKLMSOFTWARE | PoliciesExplorerrun : [37364] – C:PROGRA~3LOCALS~1Tempmscuiu.exe
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [adapter] – C:Windowsadapter.exe
HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [iCloudServices] – C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [ApplePhotoStreams] – C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [8jusched] – C:UsersLucasAppDataRoamingPublicjusched.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersLucasAppDataRoamingPublicjusched.exe

################## | Référence de comparaison MD5 |

Md5 : e89028d8068170e606aa0996d457aaa3 -> C:UsersPublicjusched.exe

################## | Recherche générique |

Présent! C:UsersLucasAppDataRoamingD48191F4ak.tmp
Présent! C:UsersLucasAppDataRoamingD48191F4
Présent! C:UsersPubliciAStorIcon.exe
Présent! C:UsersPublicjusched.exe
Présent! C:UsersLucasAppDataRoamingLucas-wchelper.dll
Présent! C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5z1z.lnk
Présent! C:UsersLucasAppDataLocalTempLucas7
Présent! C:UsersLucasAppDataLocalTempLucas8

################## | Comparaison MD5 |

################## | Registre |

Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 0
Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1
Présent! HKUS-1-5-21-2381913200-3018708405-1333756505-1000SoftwareMicrosoftWindowsCurrentVersionRun|8jusched
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|8jusched

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:29l17e6h]