bedeurm
Participant
Nombre d'articles : 2

voilà le second rapport :

############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: Maud2 (Administrateur) # MAUD2-PC
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 21:40:17 | 07/11/2013

Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (1015CX)
CPU: Intel(R) Atom(TM) CPU N2600 @ 1.60GHz
RAM -> [Total : 1012 | Free : 65]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 100 Go (70 Go libre(s) – 70%) [] # NTFS
D: -> Disque fixe # 183 Go (183 Go libre(s) – 100%) [] # NTFS
E: -> Disque amovible # 29 Go (29 Go libre(s) – 100%) [USB DISK] # FAT32

################## | Référence de comparaison MD5 |

Md5 : eb5c8607637efbd57dab7e3a875a0c35 -> C:UsersMaud2AppDataLocalTempupdate.exe

################## | Processus Stoppés |

Stoppé! C:windowsSystem32spoolsv.exe (ID: 1492 |ParentID: 616)
Stoppé! C:Program FilesASUSInstantOn for EPCInsOnSrv.exe (ID: 1764 |ParentID: 616)
Stoppé! C:windowssystem32AsusService.exe (ID: 1812 |ParentID: 616)
Stoppé! C:Program FilesMicrosoft Application Virtualization Clientsftvsa.exe (ID: 1132 |ParentID: 616)
Stoppé! C:ExpressGateUtilVAWinService.exe (ID: 2084 |ParentID: 616)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2144 |ParentID: 616)
Stoppé! C:Program FilesMicrosoft Application Virtualization Clientsftlist.exe (ID: 2192 |ParentID: 616)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2292 |ParentID: 2144)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2876 |ParentID: 616)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 3092 |ParentID: 616)
Stoppé! C:Program FilesMicrosoftBingBar7.1.391.0SeaPort.exe (ID: 3184 |ParentID: 616)
Stoppé! C:windowssystem32taskhost.exe (ID: 1228 |ParentID: 616)
Stoppé! C:Program FilesASUSInstantOn for EPCInsOnWMI.exe (ID: 764 |ParentID: 1764)
Stoppé! C:windowsExplorer.EXE (ID: 812 |ParentID: 3344)
Stoppé! C:windowssystem32wuauclt.exe (ID: 428 |ParentID: 1080)
Stoppé! C:Program FilesAsusEee DockingEee Docking.exe (ID: 3380 |ParentID: 812)
Stoppé! C:Program FilesASUSSHESuperHybridEngine.exe (ID: 3580 |ParentID: 1812)
Stoppé! C:Program FilesASUSHotkeyServiceHotKeyMon.exe (ID: 3512 |ParentID: 1812)
Stoppé! C:Program FilesASUSHotkeyServiceHotkeyService.exe (ID: 796 |ParentID: 1812)
Stoppé! C:Program FilesAsusLiveUpdateLiveUpdate.exe (ID: 1620 |ParentID: 1812)
Stoppé! C:Program FilesASUSCapsHookCapsHook.exe (ID: 3204 |ParentID: 1812)
Stoppé! C:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 1360 |ParentID: 616)
Stoppé! C:ExpressGateUtilVAWinAgent.exe (ID: 3228 |ParentID: 812)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 3476 |ParentID: 812)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3560 |ParentID: 812)
Stoppé! C:windowssystem32igfxsrvc.exe (ID: 2660 |ParentID: 788)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2600 |ParentID: 812)
Stoppé! C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 468 |ParentID: 812)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2360 |ParentID: 788)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3364 |ParentID: 2360)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4764 |ParentID: 616)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5188 |ParentID: 812)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5636 |ParentID: 5188)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5704 |ParentID: 5188)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1740 |ParentID: 5188)
Stoppé! C:Program FilesTrend MicroAMSPcoreServiceShell.exe (ID: 4044 |ParentID: 616)
Stoppé! C:Program FilesTrend MicroUniClientUiFrmWrkuiWatchDog.exe (ID: 4108 |ParentID: 4044)
Stoppé! C:windowssystem32conhost.exe (ID: 3528 |ParentID: 520)
Stoppé! C:Program FilesTrend MicroAMSPcoreFrameworkHost.exe (ID: 3912 |ParentID: 4044)
Stoppé! C:windowssystem32conhost.exe (ID: 5096 |ParentID: 520)
Stoppé! C:Program FilesTrend MicroUniClientUiFrmWrkuiSeAgnt.exe (ID: 3172 |ParentID: 4108)
Stoppé! C:windowssystem32taskhost.exe (ID: 5296 |ParentID: 616)
Stoppé! C:windowsSystem32WUDFHost.exe (ID: 5408 |ParentID: 996)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3716 |ParentID: 5188)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7576 |ParentID: 5188)
Stoppé! C:windowssystem32NOTEPAD.EXE (ID: 6900 |ParentID: 7964)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5920 |ParentID: 5188)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [GfxServiceInstall] – C:windowssystem32GfxCUIServiceInstall.vbs
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – « C:Program FilesAdobeReader 9.0ReaderReader_sl.exe »
04 – HKLMSOFTWARE | Run : [HotkeyMon] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotKeyMon.exe
04 – HKLMSOFTWARE | Run : [HotkeyService] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotkeyService.exe
04 – HKLMSOFTWARE | Run : [SuperHybridEngine] – AsusSender.exe C:Program FilesASUSSHESuperHybridEngine.exe
04 – HKLMSOFTWARE | Run : [LiveUpdate] – AsusSender.exe C:Program FilesAsusLiveUpdateLiveUpdate.exe auto
04 – HKLMSOFTWARE | Run : [CapsHook] – AsusSender.exe C:Program FilesASUSCapsHookCapsHook.exe
04 – HKLMSOFTWARE | Run : [Eee Docking] – C:Program FilesASUSEee DockingEee Docking.exe autorun
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program FilesASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [Trend Micro Titanium] – C:Program FilesTrend MicroTitaniumUIFrameworkuiWinMgr.exe -set Silent « 1 » SplashURL «  »
04 – HKLMSOFTWARE | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [ASUSPRP] – C:Program FilesASUSAPRPAPRP.EXE
04 – HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe »
04 – HKLMSOFTWARE | Run : [Trend Micro Client Framework] – « C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe »
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3816237900-3157751228-3069552734-1000SOFTWARE | Run : [Facebook Update] – « C:UsersMaud2AppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! E:FISC3Data.lnk
Supprimé! E:anglais d’affaire.lnk
Supprimé! E:Fiscalité européenne.lnk
Supprimé! E:UsbFix [Scan 1] PC0000.lnk
Supprimé! E:analyse delhaize.lnk
Supprimé! E:anglais.lnk
Supprimé! E:stage.lnk
Supprimé! E:BOBSchoolEdition2013-2014-50.lnk
Supprimé! E:ecole.lnk
Supprimé! C:UsersMaud2AppDataLocalTempUpdate.exe

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 5

################## | Listing |

[12/07/2013 – 19:37:31 | SHD ] C:$RECYCLE.BIN
[16/07/2013 – 15:34:14 | D ] C:AsusVibeData
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[01/08/2012 – 05:43:26 | SHD ] C:Boot
[20/11/2010 – 13:40:08 | RASH | 383786] C:bootmgr
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[31/03/2012 – 03:27:07 | D ] C:ExpressGateUtil
[22/09/2013 – 19:19:53 | D ] C:HannaH-Acad
[22/09/2013 – 19:19:19 | N | 6270188] C:HannaH-Acad.zip
[07/11/2013 – 20:00:56 | ASH | 795820032] C:hiberfil.sys
[30/03/2012 – 23:44:09 | D ] C:Intel
[29/07/2013 – 12:35:22 | RHD ] C:MSOCache
[07/11/2013 – 21:26:10 | ASH | 1342177280] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[12/09/2013 – 11:07:31 | N | 1372] C:preference.xml
[07/11/2013 – 20:54:05 | D ] C:Program Files
[07/11/2013 – 20:21:39 | HD ] C:ProgramData
[12/07/2013 – 19:29:51 | SHD ] C:Recovery
[30/03/2012 – 23:46:23 | N | 2049] C:RHDSetup.log
[30/08/2011 – 21:00:22 | N | 1083] C:setup.iss
[07/11/2013 – 20:56:22 | SHD ] C:System Volume Information
[07/11/2013 – 20:37:41 | D ] C:temp
[07/11/2013 – 21:49:46 | D ] C:UsbFix
[07/11/2013 – 21:49:50 | A | 9745] C:UsbFix [Clean 3] MAUD2-PC.txt
[07/11/2013 – 20:24:41 | N | 8734] C:UsbFix [Scan 1] MAUD2-PC.txt
[07/11/2013 – 21:33:26 | N | 9842] C:UsbFix [Scan 2] MAUD2-PC.txt
[12/07/2013 – 19:31:52 | RD ] C:Users
[22/10/2013 – 17:24:07 | D ] C:Windows
[12/07/2013 – 19:34:05 | SHD ] D:$RECYCLE.BIN
[13/07/2013 – 10:30:38 | SHD ] D:System Volume Information
[06/11/2013 – 17:07:10 | D ] E:analyse delhaize
[06/11/2013 – 17:07:16 | D ] E:anglais
[06/11/2013 – 17:07:16 | D ] E:anglais d’affaire
[06/11/2013 – 17:07:18 | D ] E:stage
[18/10/2013 – 11:13:30 | N | 329224] E:FISC3Data.Zip
[06/11/2013 – 17:07:22 | D ] E:BOBSchoolEdition2013-2014-50
[06/11/2013 – 17:07:24 | D ] E:Fiscalité Européenne
[16/10/2013 – 18:36:00 | N | 22035] E:Fiscalité européenne.docx
[06/11/2013 – 17:08:46 | D ] E:ecole
[06/11/2013 – 17:27:46 | N | 8343] E:UsbFix [Scan 1] PC0000.txt
[06/11/2013 – 17:44:42 | RASHD ] E:Autorun.inf

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |