Répondre à : clé usb et pc infectés 2016-09-08T13:26:11+00:00
nonomajor
Post count: 0

Voilà, j’ai téléchargé la version demandée et voici le rapport :

############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: Utilisateur (Administrateur) # UTILISATEUR-HP
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 21:39:23 | 19/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (338B)
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
RAM -> [Total : 3894 | Free : 2229]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 22.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET NOD32 Antivirus 6.0 [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 684 Go (584 Go libre(s) – 85%) [] # NTFS
D: -> Disque fixe # 15 Go (2 Go libre(s) – 11%) [RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 99 Mo (84 Mo libre(s) – 85%) [HP_TOOLS] # FAT32
H: -> Disque amovible # 15 Go (6 Go libre(s) – 43%) [NONO] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 452 |ParentID: 412)
C:Windowssystem32wininit.exe (ID: 624 |ParentID: 412)
C:Windowssystem32csrss.exe (ID: 644 |ParentID: 632)
C:Windowssystem32services.exe (ID: 684 |ParentID: 624)
C:Windowssystem32lsass.exe (ID: 704 |ParentID: 624)
C:Windowssystem32lsm.exe (ID: 712 |ParentID: 624)
C:Windowssystem32svchost.exe (ID: 816 |ParentID: 684)
C:Windowssystem32svchost.exe (ID: 916 |ParentID: 684)
C:WindowsSystem32svchost.exe (ID: 976 |ParentID: 684)
C:WindowsSystem32svchost.exe (ID: 1008 |ParentID: 684)
C:Windowssystem32svchost.exe (ID: 296 |ParentID: 684)
C:Windowssystem32svchost.exe (ID: 368 |ParentID: 684)
C:Windowssystem32winlogon.exe (ID: 472 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 1128 |ParentID: 684)
C:Windowssystem32svchost.exe (ID: 1532 |ParentID: 684)
C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe (ID: 1680 |ParentID: 684)
C:Windowssystem32Dwm.exe (ID: 2088 |ParentID: 1008)
C:Program FilesESETESET NOD32 Antivirusegui.exe (ID: 3688 |ParentID: 2216)
C:Windowssystem32svchost.exe (ID: 4460 |ParentID: 684)
C:Windowssystem32svchost.exe (ID: 4888 |ParentID: 684)
C:WindowsSystem32svchost.exe (ID: 4544 |ParentID: 684)
C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID: 5392 |ParentID: 684)
C:Windowsexplorer.exe (ID: 5204 |ParentID: 472)
C:WindowsSystem32rundll32.exe (ID: 4644 |ParentID: 816)
C:Windowssystem32SearchIndexer.exe (ID: 5852 |ParentID: 684)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3220 |ParentID: 684)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1912 |ParentID: 684)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1696 |ParentID: 1912)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 5728 |ParentID: 684)
C:Windowssystem32DllHost.exe (ID: 1736 |ParentID: 816)
C:WindowsSystem32spoolsv.exe (ID: 4652 |ParentID: 684)
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 5736 |ParentID: 684)
C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 892 |ParentID: 684)
C:Program FilesInternet Exploreriexplore.exe (ID: 1156 |ParentID: 5204)
C:Windowssystem32taskeng.exe (ID: 5912 |ParentID: 368)
C:Program FilesInternet Exploreriexplore.exe (ID: 5416 |ParentID: 5204)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 1400 |ParentID: 5416)
C:Windowssystem32MacromedFlashFlashUtil64_11_9_900_170_ActiveX.exe (ID: 3012 |ParentID: 816)
C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 2556 |ParentID: 5416)
C:Windowssystem32SearchProtocolHost.exe (ID: 2180 |ParentID: 5852)
C:UsbFixGo.exe (ID: 2060 |ParentID: 4032)
C:WindowsSystem32WUDFHost.exe (ID: 2288 |ParentID: 1008)
C:Windowssystem32wbemwmiprvse.exe (ID: 1232 |ParentID: 816)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [IMSS] – “C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe”
04 – HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWARE | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
04 – HKLMSOFTWARE | Run : [HPConnectionManager] – C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWAREwow6432Node | Run : [IMSS] – “C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HPConnectionManager] – C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-376333598-1572624100-3799582411-1001SOFTWARE | Run : [Spotify Web Helper] – “C:UsersUtilisateurAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-376333598-1572624100-3799582411-1001SOFTWARE | Run : [FreeCT] – C:Program Files (x86)FreeCountdownTimerFreeCountdownTimer.exe -autorun
04 – HKUS-1-5-21-376333598-1572624100-3799582411-1001SOFTWARE | Run : [Spotify] – “C:UsersUtilisateurAppDataRoamingSpotifyspotify.exe” /uri spotify:autostart
04 – HKUS-1-5-21-376333598-1572624100-3799582411-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-376333598-1572624100-3799582411-1001SOFTWARE | Run : [Facebook Update] – “C:UsersUtilisateurAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

################## | Registre |

Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|EnableShellExecuteHooks -> 1

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |