Répondre à : TROJAN et divers virus 2016-09-08T13:13:07+00:00
scrollkidd
Participant
Nombre d'articles : 17

Voici le rapport USBFIX :

############################## | UsbFix V 7.147 | [Recherche]

Utilisateur: Gregoire (Administrateur) # SEVENCPU
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 20:38:46 | 31/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (P6T)
CPU: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
RAM -> [Total : 6134 | Free : 3986]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0
WB: Safari : 534.50

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 140 Go (33 Go libre(s) – 23%) [Velociraptor_A] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 17 Go (10 Go libre(s) – 60%) [] # NTFS
F: -> Disque fixe # 144 Go (23 Go libre(s) – 16%) [Sam_2] # NTFS
G: -> Disque fixe # 140 Go (9 Go libre(s) – 6%) [Velociraptor_B] # NTFS
H: -> Disque fixe # 137 Go (24 Go libre(s) – 17%) [Sam_3] # NTFS
I: -> Disque fixe # 466 Go (34 Go libre(s) – 7%) [Samsung F1_A] # NTFS
J: -> Disque amovible # 2 Go (791 Mo libre(s) – 40%) [] # FAT
L: -> Disque fixe # 466 Go (128 Go libre(s) – 28%) [LACIE RiKiKi] # NTFS

################## | Référence de comparaison MD5 |

Md5 : e89028d8068170e606aa0996d457aaa3 -> C:UsersPublicjusched.exe

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 428 |ParentID: 408)
C:Windowssystem32wininit.exe (ID: 500 |ParentID: 408)
C:Windowssystem32csrss.exe (ID: 524 |ParentID: 508)
C:Windowssystem32services.exe (ID: 556 |ParentID: 500)
C:Windowssystem32lsass.exe (ID: 572 |ParentID: 500)
C:Windowssystem32lsm.exe (ID: 580 |ParentID: 500)
C:Windowssystem32svchost.exe (ID: 684 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 772 |ParentID: 556)
C:Windowssystem32atiesrxx.exe (ID: 832 |ParentID: 556)
C:Windowssystem32winlogon.exe (ID: 880 |ParentID: 508)
C:WindowsSystem32svchost.exe (ID: 920 |ParentID: 556)
C:WindowsSystem32svchost.exe (ID: 956 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 1004 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 152 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 1140 |ParentID: 556)
C:Windowssystem32atieclxx.exe (ID: 1248 |ParentID: 832)
C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1348 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 1372 |ParentID: 556)
C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1556 |ParentID: 556)
C:Program Files (x86)CDBurnerXPNMSAccessU.exe (ID: 1664 |ParentID: 556)
C:WindowsSysWOW64PnkBstrA.exe (ID: 1708 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 1800 |ParentID: 556)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1840 |ParentID: 556)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1904 |ParentID: 1840)
C:Windowssystem32taskhost.exe (ID: 976 |ParentID: 556)
C:Windowssystem32Dwm.exe (ID: 1108 |ParentID: 956)
C:WindowsExplorer.EXE (ID: 1052 |ParentID: 1684)
C:Program Files (x86)RazerDeathAdderrazerhid.exe (ID: 2388 |ParentID: 2240)
C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe (ID: 2396 |ParentID: 2240)
C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 2440 |ParentID: 2240)
C:Program Files (x86)RazerDeathAdderrazertra.exe (ID: 2460 |ParentID: 2388)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 2484 |ParentID: 2432)
C:Program Files (x86)RazerDeathAdderrazerofa.exe (ID: 2524 |ParentID: 2388)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 2628 |ParentID: 2484)
C:WindowsSysWOW64explorer.exe (ID: 2804 |ParentID: 2708)
C:WindowsSysWOW64explorer.exe (ID: 2820 |ParentID: 2716)
C:WindowsSysWOW64explorer.exe (ID: 2828 |ParentID: 2724)
C:WindowsSysWOW64explorer.exe (ID: 2844 |ParentID: 2756)
C:UsersPublicjusched.exe (ID: 3284 |ParentID: 2708)
C:UsersPublicjusched.exe (ID: 3292 |ParentID: 2756)
C:UsersPublicjusched.exe (ID: 3608 |ParentID: 2716)
C:UsersPublicjusched.exe (ID: 3836 |ParentID: 2724)
C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 4252 |ParentID: 1556)
C:Windowssystem32SearchIndexer.exe (ID: 4452 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 4664 |ParentID: 556)
C:Windowssystem32taskmgr.exe (ID: 3424 |ParentID: 880)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 2112 |ParentID: 556)
C:Windowssystem32svchost.exe (ID: 3008 |ParentID: 556)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 1072 |ParentID: 1052)
C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 3184 |ParentID: 1072)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 2944 |ParentID: 3184)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 4808 |ParentID: 2944)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 736 |ParentID: 556)
C:Windowssystem32wbemwmiprvse.exe (ID: 5204 |ParentID: 684)
C:UsbFixGo.exe (ID: 5356 |ParentID: 4504)

################## | Regedit Run |

HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [DeathAdder] – C:Program Files (x86)RazerDeathAdderrazerhid.exe
HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [jusched7] – C:UsersPublicjusched.exe
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [DeathAdder] – C:Program Files (x86)RazerDeathAdderrazerhid.exe
HKLMSOFTWAREwow6432Node | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [jusched7] – C:UsersPublicjusched.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKLMSOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersPublicjusched.exe
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2841560078-4150325420-3540864128-1001SOFTWARE | Run : [8jusched] – C:UsersPublicjusched.exe
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-2841560078-4150325420-3540864128-1001SOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersPublicjusched.exe

################## | Recherche générique |

Présent! C:UsersGregoireAppDataRoaming3140000ak.tmp
Présent! C:UsersGregoireAppDataRoaming3140000
Présent! C:UsersGregoireAppDataRoaming3180000ak.tmp
Présent! C:UsersGregoireAppDataRoaming3180000
Présent! C:UsersGregoireAppDataRoaming4100000ak.tmp
Présent! C:UsersGregoireAppDataRoaming4100000
Présent! C:UsersPublicjusched.exe
Présent! C:UsersGregoireAppDataRoamingGregoire-wchelper.dll
Présent! C:UsersGregoireAppDataLocalTempGregoire7
Présent! C:UsersGregoireAppDataLocalTempGregoire8

################## | Comparaison MD5 |

################## | Registre |

Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 0
Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 0
Présent! HKUS-1-5-21-2841560078-4150325420-3540864128-1001SoftwareMicrosoftWindowsCurrentVersionRun|8jusched
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|8jusched

################## | Vaccin |

J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Bonne soirée et :merci2: