SnideMICA
Participant
Nombre d'articles : 3

Voici le premier rapport, j’attaque le second:

############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: michael (Administrateur) # MSI
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 11:37:57 | 28/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Micro-Star International Co., Ltd. (MS-1756)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
RAM -> [Total : 8081 | Free : 5578]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 545 Go (369 Go libre(s) – 68%) [OS_Install] # NTFS
D: -> Disque fixe # 134 Go (134 Go libre(s) – 100%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 15 Go (8 Go libre(s) – 56%) [USB20FD] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 476 |ParentID 424)
C:Windowssystem32wininit.exe (ID 552 |ParentID 424)
C:Windowssystem32csrss.exe (ID 572 |ParentID 564)
C:Windowssystem32winlogon.exe (ID 624 |ParentID 564)
C:Windowssystem32services.exe (ID 664 |ParentID 552)
C:Windowssystem32lsass.exe (ID 712 |ParentID 552)
C:Windowssystem32svchost.exe (ID 820 |ParentID 664)
C:Windowssystem32nvvsvc.exe (ID 856 |ParentID 664)
C:Windowssystem32svchost.exe (ID 900 |ParentID 664)
C:WindowsSystem32svchost.exe (ID 968 |ParentID 664)
C:Windowssystem32svchost.exe (ID 996 |ParentID 664)
C:Windowssystem32svchost.exe (ID 124 |ParentID 664)
C:Windowssystem32dwm.exe (ID 568 |ParentID 624)
C:WindowsSystem32svchost.exe (ID 840 |ParentID 664)
C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID 1060 |ParentID 856)
C:Windowssystem32nvvsvc.exe (ID 1072 |ParentID 856)
C:Windowssystem32svchost.exe (ID 1164 |ParentID 664)
C:WindowsSystem32spoolsv.exe (ID 1520 |ParentID 664)
C:Windowssystem32svchost.exe (ID 1548 |ParentID 664)
C:Program Files (x86)AskPartnerNetworkToolbarapnmcp.exe (ID 1724 |ParentID 664)
C:Program Files (x86)BonjourmDNSResponder.exe (ID 1788 |ParentID 664)
C:Program FilesInteliCLS ClientHeciServer.exe (ID 1840 |ParentID 664)
C:Windowssystem32dashost.exe (ID 1852 |ParentID 840)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID 1904 |ParentID 664)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe (ID 1972 |ParentID 664)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe (ID 1996 |ParentID 664)
C:Program Files (x86)SCMMSIService.exe (ID 2020 |ParentID 664)
C:Program Files (x86)MSISuper-ChargerChargeService.exe (ID 2040 |ParentID 664)
C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID 1148 |ParentID 664)
C:Program FilesQualcomm AtherosKiller Network ManagerBFNService.exe (ID 1612 |ParentID 664)
C:Windowssystem32svchost.exe (ID 2116 |ParentID 664)
C:Program FilesWindows DefenderMsMpEng.exe (ID 2192 |ParentID 664)
C:Windowssystem32svchost.exe (ID 2816 |ParentID 664)
C:Windowssystem32svchost.exe (ID 2944 |ParentID 664)
C:WindowsSystem32WUDFHost.exe (ID 2956 |ParentID 840)
C:WindowsSystem32WUDFHost.exe (ID 2772 |ParentID 840)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe (ID 4020 |ParentID 1996)
C:Windowssystem32taskhostex.exe (ID 4056 |ParentID 664)
C:Program Files (x86)GoforFilesGFFUpdater.exe (ID 3264 |ParentID 664)
C:WindowsExplorer.EXE (ID 3388 |ParentID 3248)
C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweLiveComm.exe (ID 3324 |ParentID 820)
C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID 3172 |ParentID 1060)
C:Windowssystem32SearchIndexer.exe (ID 3484 |ParentID 664)
C:WindowsSystem32igfxtray.exe (ID 4524 |ParentID 3388)
C:WindowsSystem32hkcmd.exe (ID 4764 |ParentID 3388)
C:WindowsSystem32igfxpers.exe (ID 4316 |ParentID 3388)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 4720 |ParentID 3388)
C:Program FilesElantechETDCtrl.exe (ID 2596 |ParentID 3388)
C:WindowsSystem32rundll32.exe (ID 4188 |ParentID 3388)
C:WindowsSystem32RuntimeBroker.exe (ID 4608 |ParentID 820)
C:Program FilesElantechETDCtrlHelper.exe (ID 4360 |ParentID 2596)
C:WindowsSystem32rundll32.exe (ID 4504 |ParentID 3388)
C:Program Files (x86)SteamSteam.exe (ID 1124 |ParentID 3388)
C:Program Files (x86)OverwolfOverwolf.exe (ID 4708 |ParentID 3388)
C:Program FilesQualcomm AtherosKiller Network ManagerKillerNetManager.exe (ID 3288 |ParentID 3388)
C:Program FilesWinZipWZQKPICK32.EXE (ID 4940 |ParentID 3388)
C:Program Files (x86)CreativeTHX TruStudio ProTHXAudioCPTHXAudio.exe (ID 4196 |ParentID 4660)
C:Program Files (x86)MSISuper-ChargerSuper-Charger.exe (ID 4752 |ParentID 4660)
C:Program Files (x86)IntelBluetoothdevmonsrv.exe (ID 4388 |ParentID 664)
C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID 4036 |ParentID 4660)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 4676 |ParentID 4660)
C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe (ID 4168 |ParentID 4660)
C:Program Files (x86)IntelBluetoothobexsrv.exe (ID 4312 |ParentID 664)
C:Program Files (x86)Common FilesSteamSteamService.exe (ID 5452 |ParentID 664)
C:WindowsSysWOW64explorer.exe (ID 5284 |ParentID 6020)
C:Program Files (x86)Common FilesOverwolfOverwolfHelper.exe (ID 6064 |ParentID 4708)
C:UsersPubliciAStorIcon.exe (ID 6104 |ParentID 6020)
C:Program Files (x86)Common FilesOverwolfOverwolfHelper64.exe (ID 3236 |ParentID 4708)
C:Program Files (x86)MixVibesDriversU-MIX CONTROL PROumcp-volume-panel.exe (ID 3256 |ParentID 3388)
C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID 5140 |ParentID 3388)
C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 5464 |ParentID 4260)
C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 2096 |ParentID 664)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 4384 |ParentID 664)
C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID 312 |ParentID 664)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 3456 |ParentID 664)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 2500 |ParentID 664)
C:Program FilesWindowsAppsMicrosoft.Reader_6.2.8516.0_x64__8wekyb3d8bbweglcnd.exe (ID 2856 |ParentID 820)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2884 |ParentID 4856)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3000 |ParentID 2884)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5864 |ParentID 2884)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4636 |ParentID 2884)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5000 |ParentID 2884)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2996 |ParentID 2884)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 1384 |ParentID 2884)
C:UsbFixGo.exe (ID 356 |ParentID 6040)
C:Windowssystem32wbemwmiprvse.exe (ID 4872 |ParentID 820)

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
HKLMSOFTWARE | Run : [THX Audio Control Panel] – “C:Program Files (x86)CreativeTHX TruStudio ProTHXAudioCPTHXAudio.exe” /r
HKLMSOFTWARE | Run : [UpdReg] – C:WindowsUpdReg.EXE
HKLMSOFTWARE | Run : [Super-Charger] – C:Program Files (x86)MSISuper-ChargerSuper-Charger.exe
HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe “C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe” 60
HKLMSOFTWAREwow6432Node | Run : [THX Audio Control Panel] – “C:Program Files (x86)CreativeTHX TruStudio ProTHXAudioCPTHXAudio.exe” /r
HKLMSOFTWAREwow6432Node | Run : [UpdReg] – C:WindowsUpdReg.EXE
HKLMSOFTWAREwow6432Node | Run : [Super-Charger] – C:Program Files (x86)MSISuper-ChargerSuper-Charger.exe
HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [ApnTBMon] – “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
HKUS-1-5-21-1309738982-2199200788-1016268891-1002SOFTWARE | Run : [Steam] – “C:Program Files (x86)SteamSteam.exe” -silent
HKUS-1-5-21-1309738982-2199200788-1016268891-1002SOFTWARE | Run : [Overwolf] – C:Program Files (x86)OverwolfOverwolf.exe -silent
HKUS-1-5-21-1309738982-2199200788-1016268891-1002SOFTWARE | Run : [8jusched] – C:UsersPublicjusched.exe

################## | Éléments infectieux |

Présent! C:UsersmichaelAppDataRoaming94372403ak.tmp
Présent! C:UsersmichaelAppDataRoaming94372403
Présent! C:UsersPublicjusched.exe
Présent! C:UsersmichaelAppDataRoamingmichael-wchelper.dll
Présent! C:UsersmichaelAppDataLocalTempmichael7
Présent! C:UsersmichaelAppDataLocalTempmichael8

################## | Registre |

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |