Répondre à : worm sur disque dur 2016-09-08T13:35:53+00:00
Antoine83
Participant
Nombre d'articles : 51

Bonjour,

Voici le résultat de la recherche d’USBFix :

############################## | UsbFix V 7.169 | [Recherche]

Utilisateur: ASUS (Administrateur) # PC-ASUS
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 08:59:36 | 23/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (F5N )
CPU: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
RAM -> [Total : 1919 Mo| Free : 681 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-Bit)
WB: Windows Internet Explorer : 7.0.6000.16982
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0
WB: Safari : 534.57.2

SC: Security Center [Enabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 116 Go (49 Go libre(s) – 42%) [VistaOS] # NTFS
D: -> Disque fixe # 109 Go (13 Go libre(s) – 12%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 273 Go (157 Go libre(s) – 58%) [] # NTFS
G: -> Disque fixe # 182 Go (182 Go libre(s) – 100%) [] # NTFS
H: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 552 |ParentID: 540)
C:Windowssystem32wininit.exe (ID: 604 |ParentID: 540)
C:Windowssystem32csrss.exe (ID: 616 |ParentID: 596)
C:Windowssystem32services.exe (ID: 652 |ParentID: 604)
C:Windowssystem32lsass.exe (ID: 668 |ParentID: 604)
C:Windowssystem32lsm.exe (ID: 676 |ParentID: 604)
C:Windowssystem32winlogon.exe (ID: 752 |ParentID: 596)
C:Windowssystem32svchost.exe (ID: 856 |ParentID: 652)
C:Windowssystem32svchost.exe (ID: 924 |ParentID: 652)
C:WindowsSystem32svchost.exe (ID: 960 |ParentID: 652)
C:WindowsSystem32svchost.exe (ID: 1096 |ParentID: 652)
C:WindowsSystem32svchost.exe (ID: 1148 |ParentID: 652)
C:Windowssystem32svchost.exe (ID: 1164 |ParentID: 652)
C:Windowssystem32AUDIODG.EXE (ID: 1244 |ParentID: 1096)
C:Windowssystem32SLsvc.exe (ID: 1292 |ParentID: 652)
C:Windowssystem32svchost.exe (ID: 1364 |ParentID: 652)
C:Windowssystem32svchost.exe (ID: 1572 |ParentID: 652)
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (ID: 1728 |ParentID: 652)
C:Windowssystem32Dwm.exe (ID: 1764 |ParentID: 1148)
C:WindowsExplorer.EXE (ID: 1792 |ParentID: 1748)
C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe (ID: 1836 |ParentID: 652)
C:Program FilesATK HotkeyASLDRSrv.exe (ID: 1924 |ParentID: 652)
C:Program FilesATKGFNEXGFNEXSrv.exe (ID: 1944 |ParentID: 652)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1956 |ParentID: 652)
C:Program FilesWinZipperwinzipersvc.exe (ID: 344 |ParentID: 652)
C:ProgramDataWPMwprotectmanager.exe (ID: 468 |ParentID: 652)
C:Windowssystem32taskeng.exe (ID: 1328 |ParentID: 1164)
C:WindowsSystem32spoolsv.exe (ID: 1448 |ParentID: 652)
C:Program FilesATK HotkeyHcontrol.exe (ID: 1512 |ParentID: 1924)
C:Program FilesATKOSD2ATKOSD2.exe (ID: 1628 |ParentID: 1924)
C:Program FilesWireless Console 2wcourier.exe (ID: 724 |ParentID: 1924)
C:Program FilesP4GBatteryLife.exe (ID: 1020 |ParentID: 1924)
C:Windowssystem32svchost.exe (ID: 1596 |ParentID: 652)
C:Program FilesGoogleUpdateGoogleUpdate.exe (ID: 1384 |ParentID: 1328)
C:Program FilesDuuquUpdateDuuquUpdate.exe (ID: 712 |ParentID: 1328)
C:Windowssystem32taskeng.exe (ID: 1600 |ParentID: 1164)
C:Program FilesATK HotkeyATKOSD.exe (ID: 2280 |ParentID: 1512)
C:Program FilesATK HotkeyKBFiltr.exe (ID: 2356 |ParentID: 1512)
C:Program FilesCommon FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe (ID: 2556 |ParentID: 652)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 2572 |ParentID: 652)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2588 |ParentID: 652)
C:Program FilesBonjourmDNSResponder.exe (ID: 2620 |ParentID: 652)
C:Windowssystem32svchost.exe (ID: 2644 |ParentID: 652)
C:ProgramDataDatacardServiceHWDeviceService.exe (ID: 2716 |ParentID: 652)
C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 2768 |ParentID: 652)
C:ProgramDataDatacardServiceDCSHelper.exe (ID: 2860 |ParentID: 2716)
C:ProgramDataMTN Pocket InternetOnlineUpdateouc.exe (ID: 3148 |ParentID: 2788)
C:Windowssystem32svchost.exe (ID: 3168 |ParentID: 652)
C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 3320 |ParentID: 652)
C:Program FilesASUSNB ProbeSPMspmgr.exe (ID: 3452 |ParentID: 652)
C:Windowssystem32svchost.exe (ID: 3472 |ParentID: 652)
C:WindowsSystem32StkCSrv.exe (ID: 3540 |ParentID: 652)
C:WindowsSystem32svchost.exe (ID: 3600 |ParentID: 652)
C:Windowssystem32SearchIndexer.exe (ID: 3620 |ParentID: 652)
C:Program FilesWindows DefenderMSASCui.exe (ID: 3384 |ParentID: 1792)
C:WindowsSystem32rundll32.exe (ID: 2272 |ParentID: 1792)
C:Windowssystem32wbemwmiprvse.exe (ID: 3116 |ParentID: 856)
C:Windowssystem32wbemunsecapp.exe (ID: 1324 |ParentID: 856)
C:WindowsRtHDVCpl.exe (ID: 4184 |ParentID: 1792)
C:Program FilesMotorolaSMSERIALsm56hlpr.exe (ID: 4280 |ParentID: 1792)
C:Program FilesASUSATK MediaDMedia.exe (ID: 4312 |ParentID: 1792)
C:WindowsSystem32rundll32.exe (ID: 4416 |ParentID: 196)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 4880 |ParentID: 1792)
C:WindowsASScrPro.exe (ID: 4992 |ParentID: 1792)
C:Program FilesPowerForPhonePowerForPhone.exe (ID: 5080 |ParentID: 1792)
C:Program FilesCommon FilesSymantec SharedccApp.exe (ID: 5160 |ParentID: 1792)
C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe (ID: 5216 |ParentID: 1792)
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 5224 |ParentID: 1792)
C:Program FilesiTunesiTunesHelper.exe (ID: 5240 |ParentID: 1792)
C:Program FilesFrameFoxExtensionsInternetExplorerframefox.exe (ID: 5292 |ParentID: 1792)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 5312 |ParentID: 1792)
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe (ID: 5320 |ParentID: 1792)
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 5332 |ParentID: 1792)
C:WindowsSystem32spooldriversw32x863E_FATIHJE.EXE (ID: 5556 |ParentID: 1792)
C:Windowsehomeehtray.exe (ID: 5564 |ParentID: 1792)
C:Program FilesSkypePhoneSkype.exe (ID: 5572 |ParentID: 1792)
C:WindowsSystem32WScript.exe (ID: 5580 |ParentID: 1792)
C:Windowsehomeehmsas.exe (ID: 5704 |ParentID: 856)
C:UsersASUSAppDataRoamingDropboxbinDropbox.exe (ID: 5716 |ParentID: 1792)
C:Program FilesiPodbiniPodService.exe (ID: 5908 |ParentID: 652)
C:Windowssystem32wbemwmiprvse.exe (ID: 4252 |ParentID: 856)
C:Program FilesMozilla Firefoxfirefox.exe (ID: 5176 |ParentID: 1792)
C:Windowssystem32WUDFHost.exe (ID: 5472 |ParentID: 1148)
C:Windowssystem32taskeng.exe (ID: 2916 |ParentID: 1164)
C:Windowssystem32SearchProtocolHost.exe (ID: 5524 |ParentID: 3620)
C:Windowssystem32taskeng.exe (ID: 2124 |ParentID: 1164)
C:Windowssystem32NOTEPAD.EXE (ID: 5684 |ParentID: 4044)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 6076 |ParentID: 5176)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_12_0_0_77.exe (ID: 496 |ParentID: 6076)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_12_0_0_77.exe (ID: 1752 |ParentID: 496)
C:ProgramDataMTN Pocket InternetOnlineUpdateLiveUpd.exe (ID: 4244 |ParentID: 996)
C:Windowssystem32SearchFilterHost.exe (ID: 4808 |ParentID: 3620)

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKCU..Run : [EPSON SX130 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATIHJE.EXE /FU “C:WindowsTEMPE_SD820.tmp” /EF “HKCU”
04 – HKCU..Run : [ehTray.exe] C:WindowsehomeehTray.exe
04 – HKCU..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKCU..Run : [Bubble Dock] “C:UsersASUSAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup
04 – HKCU..Run : [41a] C:UsersASUSAppDataRoaming57bb541a.js
04 – HKLM..Run : [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLM..Run : [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
04 – HKLM..Run : [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
04 – HKLM..Run : [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
04 – HKLM..Run : [RtHDVCpl] RtHDVCpl.exe
04 – HKLM..Run : [Skytel] Skytel.exe
04 – HKLM..Run : [SMSERIAL] C:Program FilesMotorolaSMSERIALsm56hlpr.exe
04 – HKLM..Run : [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLM..Run : [ASUS Camera ScreenSaver] C:WindowsASScrProlog.exe
04 – HKLM..Run : [ASUS Screen Saver Protector] C:WindowsASScrPro.exe
04 – HKLM..Run : [PowerForPhone] C:Program FilesPowerForPhonePowerForPhone.exe
04 – HKLM..Run : [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
04 – HKLM..Run : [ccApp] “C:Program FilesCommon FilesSymantec SharedccApp.exe”
04 – HKLM..Run : [EEventManager] “C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLM..Run : [FrameFox Extensions] C:Program FilesFrameFoxExtensionsInternetExplorerframefox.exe
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..Run : [GrooveMonitor] “C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe”
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-1455361060-3865099847-914009229-1000..Run : [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-1455361060-3865099847-914009229-1000..Run : [EPSON SX130 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATIHJE.EXE /FU “C:WindowsTEMPE_SD820.tmp” /EF “HKCU”
04 – HKUS-1-5-21-1455361060-3865099847-914009229-1000..Run : [ehTray.exe] C:WindowsehomeehTray.exe
04 – HKUS-1-5-21-1455361060-3865099847-914009229-1000..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-1455361060-3865099847-914009229-1000..Run : [Bubble Dock] “C:UsersASUSAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup
04 – HKUS-1-5-21-1455361060-3865099847-914009229-1000..Run : [41a] C:UsersASUSAppDataRoaming57bb541a.js

################## | Recherche générique |

Présent! F:$RECYCLE.BIN.lnk
Présent! F:72727.lnk
Présent! F:Autorun.inf.lnk
Présent! F:Elise.lnk
Présent! F:System Volume Information.lnk
Présent! F:Séries (copie).lnk
Présent! G:$RECYCLE.BIN.lnk
Présent! G:72727.lnk
Présent! G:Autorun.inf.lnk
Présent! G:System Volume Information.lnk
Présent! C:UsersASUSAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup1717.js

################## | Registre |

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Merci de votre réactivité et bonne journée