Rebarg
Participant
Nombre d'articles : 18

Bonjour j’ai une autre clé contaminée.
Voila le rapport qui a suivi la recherche:

############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: Leborgne Léa (Administrateur) # PC-PORTABLE
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 11:14:08 | 26/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Aspire V5-431)
CPU: Intel(R) Celeron(R) CPU 887 @ 1.50GHz
RAM -> [Total : 3890 | Free : 2823]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 452 Go (326 Go libre(s) – 72%) [ACER] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [BUREAU IDF] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 548 |ParentID: 540)
C:Windowssystem32wininit.exe (ID: 612 |ParentID: 540)
C:Windowssystem32csrss.exe (ID: 620 |ParentID: 604)
C:Windowssystem32winlogon.exe (ID: 676 |ParentID: 604)
C:Windowssystem32services.exe (ID: 708 |ParentID: 612)
C:Windowssystem32lsass.exe (ID: 716 |ParentID: 612)
C:Windowssystem32svchost.exe (ID: 804 |ParentID: 708)
C:Windowssystem32svchost.exe (ID: 876 |ParentID: 708)
C:WindowsSystem32svchost.exe (ID: 932 |ParentID: 708)
C:Windowssystem32dwm.exe (ID: 976 |ParentID: 676)
C:Windowssystem32svchost.exe (ID: 996 |ParentID: 708)
C:Windowssystem32svchost.exe (ID: 304 |ParentID: 708)
C:WindowsSystem32svchost.exe (ID: 560 |ParentID: 708)
C:Windowssystem32svchost.exe (ID: 1060 |ParentID: 708)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1192 |ParentID: 708)
C:Windowssystem32svchost.exe (ID: 1708 |ParentID: 708)
C:Windowssystem32svchost.exe (ID: 2760 |ParentID: 708)
C:Windowssystem32wbemwmiprvse.exe (ID: 2076 |ParentID: 804)
C:Windowssystem32svchost.exe (ID: 2812 |ParentID: 708)
C:Windowssystem32wbemunsecapp.exe (ID: 3080 |ParentID: 804)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4436 |ParentID: 4172)
C:Windowssystem32wbemunsecapp.exe (ID: 4676 |ParentID: 804)
C:Program FilesInteliCLS ClientHeciServer.exe (ID: 4520 |ParentID: 708)
C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 4808 |ParentID: 708)
C:WindowsRfBtnSvc64.exe (ID: 4864 |ParentID: 708)
C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 4064 |ParentID: 4808)
C:WindowsSystem32spoolsv.exe (ID: 2380 |ParentID: 708)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 4672 |ParentID: 708)
C:Windowssystem32SearchIndexer.exe (ID: 40 |ParentID: 708)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 5468 |ParentID: 708)
C:Windowssystem32taskeng.exe (ID: 1812 |ParentID: 996)
C:WindowsExplorer.exe (ID: 4768 |ParentID: 5308)
C:Program Files (x86)Launch ManagerLManager.exe (ID: 4952 |ParentID: 5268)
C:Windowssystem32DllHost.exe (ID: 4944 |ParentID: 804)
C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID: 5664 |ParentID: 4952)
C:Windowssystem32igfxext.exe (ID: 3844 |ParentID: 804)
C:Program Files (x86)OpenOffice.org 3programswriter.exe (ID: 5996 |ParentID: 5308)
C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 1832 |ParentID: 5996)
C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 5104 |ParentID: 1832)
C:Windowssplwow64.exe (ID: 4916 |ParentID: 5104)
C:UsbFixGo.exe (ID: 4560 |ParentID: 5804)
C:WindowsSystem32WUDFHost.exe (ID: 1452 |ParentID: 560)
C:Windowssystem32wbemwmiprvse.exe (ID: 5964 |ParentID: 804)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Dolby Advanced Audio v2] – “C:Dolby PCEE4pcee4.exe” -autostart
04 – HKLMSOFTWARE | Run : [LManager] –
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatefde81f11-5184-4c25-8773-79738c12d5e3.exe /check
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [Dolby Advanced Audio v2] – “C:Dolby PCEE4pcee4.exe” -autostart
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] –
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatefde81f11-5184-4c25-8773-79738c12d5e3.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-3298860840-3667466644-4245066167-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-3298860840-3667466644-4245066167-1001SOFTWARE | Run : [Spotify Web Helper] – “C:Program Files (x86)SpotifyDataSpotifyWebHelper.exe”
04 – HKUS-1-5-21-3298860840-3667466644-4245066167-1001SOFTWARE | Run : [RocketDock] – “C:UsersLeborgne LéaDownloadsRocketDockRocketDock.exe”
04 – HKUS-1-5-21-3298860840-3667466644-4245066167-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-20SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-18SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}

################## | Recherche générique |

################## | Registre |

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |