Répondre à : virus win32 analyse pc 2016-09-08T13:38:11+00:00
Anonyme
Nombre d'articles : 17

Je reviens de mon week end:
j’ai commencé par shorcut https://antimalware.top/www/?a=d&i=cIRoJsBoDh” onclick=”window.open(this.href);return false;
usbfix : [spoiler:d0nf86sz]############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: user (Administrateur) # USER-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 20:52:28 | 04/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (M5A97)
CPU: AMD FX(tm)-6100 Six-Core Processor
RAM -> [Total : 8138 Mo| Free : 5743 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17041
WB: Mozilla Firefox : 29.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Internet Security [(!) Disabled | Updated]
AS: avast! Internet Security [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: avast! Internet Security [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 488 Go (412 Go libre(s) – 84%) [] # NTFS
D: -> CD-ROM
I: -> Disque fixe # 443 Go (163 Go libre(s) – 37%) [Nouveau nom] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 512 |ParentID: 480)
C:Windowssystem32csrss.exe (ID: 592 |ParentID: 584)
C:Windowssystem32wininit.exe (ID: 600 |ParentID: 480)
C:Windowssystem32winlogon.exe (ID: 648 |ParentID: 584)
C:Windowssystem32services.exe (ID: 704 |ParentID: 600)
C:Windowssystem32lsass.exe (ID: 720 |ParentID: 600)
C:Windowssystem32lsm.exe (ID: 728 |ParentID: 600)
C:Windowssystem32svchost.exe (ID: 836 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 940 |ParentID: 704)
C:Windowssystem32atiesrxx.exe (ID: 1016 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 308 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 416 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 520 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 596 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 1132 |ParentID: 704)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1196 |ParentID: 704)
C:Windowssystem32atieclxx.exe (ID: 1260 |ParentID: 1016)
C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1384 |ParentID: 704)
C:Windowssystem32Dwm.exe (ID: 1492 |ParentID: 416)
C:WindowsExplorer.EXE (ID: 1556 |ParentID: 1484)
C:WindowsSystem32spoolsv.exe (ID: 1720 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 1752 |ParentID: 704)
C:Windowssystem32taskhost.exe (ID: 1784 |ParentID: 704)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1924 |ParentID: 704)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1980 |ParentID: 704)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 444 |ParentID: 704)
C:Windowssystem32taskeng.exe (ID: 1208 |ParentID: 596)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 1336 |ParentID: 1208)
C:Program FilesBonjourmDNSResponder.exe (ID: 1916 |ParentID: 704)
C:Program Files (x86)FileZilla ServerFileZilla Server.exe (ID: 1416 |ParentID: 704)
C:WindowsSystem32rundll32.exe (ID: 1424 |ParentID: 1556)
C:Program Files (x86)GarminANT AgentANT Agent.exe (ID: 2068 |ParentID: 1556)
C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (ID: 2080 |ParentID: 1556)
C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (ID: 2088 |ParentID: 1556)
C:Program Files (x86)GarminExpress TrayExpressTray.exe (ID: 2096 |ParentID: 1556)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2236 |ParentID: 2112)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 2288 |ParentID: 2196)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 2344 |ParentID: 2112)
C:Program Files (x86)iTunesiTunesHelper.exe (ID: 2544 |ParentID: 2112)
C:Program Files (x86)AdobeAcrobat 8.0Acrobatacrotray.exe (ID: 2564 |ParentID: 2112)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 2840 |ParentID: 2288)
C:Program Files (x86)Malwarebytesmbamscheduler.exe (ID: 2608 |ParentID: 704)
C:Program Files (x86)Malwarebytesmbamservice.exe (ID: 2144 |ParentID: 704)
C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGmdm.exe (ID: 3140 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 3192 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 3292 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 3316 |ParentID: 704)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3412 |ParentID: 704)
C:Program Files (x86)Malwarebytesmbam.exe (ID: 3432 |ParentID: 2144)
C:Program Files (x86)Xerox CorporationXDA Litebinxda.service.exe (ID: 3496 |ParentID: 704)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3516 |ParentID: 3412)
C:Program Files (x86)GarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe (ID: 936 |ParentID: 704)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 4836 |ParentID: 704)
C:Program FilesiPodbiniPodService.exe (ID: 3608 |ParentID: 704)
C:Windowssystem32SearchIndexer.exe (ID: 5112 |ParentID: 704)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 1524 |ParentID: 704)
C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (ID: 5552 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 5752 |ParentID: 704)
C:Windowssystem32svchost.exe (ID: 5180 |ParentID: 704)
C:WindowsSystem32WUDFHost.exe (ID: 6060 |ParentID: 416)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4172 |ParentID: 1556)
C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 2056 |ParentID: 4172)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 5200 |ParentID: 2056)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 4104 |ParentID: 5200)
C:Windowssystem32taskeng.exe (ID: 5268 |ParentID: 596)
C:Windowssystem32svchost.exe (ID: 2784 |ParentID: 704)
C:Windowssystem32sppsvc.exe (ID: 5628 |ParentID: 704)
C:WindowsSystem32svchost.exe (ID: 4992 |ParentID: 704)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4772 |ParentID: 704)
C:Windowssystem32wbemwmiprvse.exe (ID: 5308 |ParentID: 836)
C:Windowssystem32SearchProtocolHost.exe (ID: 5292 |ParentID: 5112)
C:Windowssystem32SearchFilterHost.exe (ID: 3340 |ParentID: 5112)

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3207308708-1096619542-1493018149-1000Software….Mountpoints2{5f9adcb7-5637-11e1-9c36-5404a648837a}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [ANT Agent] C:Program Files (x86)GarminANT AgentANT Agent.exe
04 – HKCU..Run : [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
04 – HKCU..Run : [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
04 – HKCU..Run : [GarminExpressTrayApp] “C:Program Files (x86)GarminExpress TrayExpressTray.exe”
04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [avast] “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [FileZilla Server Interface] “C:Program Files (x86)FileZilla ServerFileZilla Server Interface.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [DSCRun] “C:Program Files (x86)Xerox CorporationXDA LitebinXda.Shell.exe” hide
04 – HKLM..Run : [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLM..Run : [iTunesHelper] “C:Program Files (x86)iTunesiTunesHelper.exe”
04 – HKLM..Run : [Acrobat Assistant 8.0] “C:Program Files (x86)AdobeAcrobat 8.0AcrobatAcrotray.exe”
04 – HKLM..Run : []
04 – HKLM..Run : [Adobe_ID0EYTHM] C:PROGRA~2COMMON~1AdobeADOBEV~1ServerbinVERSIO~2.EXE
04 – HKLM..RunOnce : []
04 – [x64] HKLM..Run : [XeroxEndeavorBackgroundTask] rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [ANT Agent] C:Program Files (x86)GarminANT AgentANT Agent.exe
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
04 – HKUS-1-5-21-3207308708-1096619542-1493018149-1000..Run : [GarminExpressTrayApp] “C:Program Files (x86)GarminExpress TrayExpressTray.exe”
04 – HKUS-1-5-18..Run : [GarminExpressTrayApp] “C:Program Files (x86)GarminExpress TrayExpressTray.exe”
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[10/03/2014 – 12:48:40 | SHD] – C:$Recycle.Bin
[02/05/2014 – 21:00:48 | D] – C:AdwCleaner
[04/05/2014 – 19:57:52 | D] – C:Config.Msi
[08/07/2013 – 11:35:45 | N | 6 Ko | FF1A659F6812C49FD4C20804560B3264] – C:DIAL Communication Framework Setup Log.txt
[08/07/2013 – 11:35:50 | N | 13 Ko | 7B5142C6A4E3D65413BF34BB4B8FAFAE] – C:DIALux Setup Information.txt
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[19/04/2012 – 18:21:13 | D] – C:Hager
[04/05/2014 – 20:44:00 | ASH | 6250320 Ko] – C:hiberfil.sys
[07/02/2014 – 12:23:24 | D] – C:IDE
[22/05/2012 – 19:33:36 | D] – C:IEPlugin_h264
[18/02/2014 – 19:39:16 | D] – C:LEG
[07/02/2014 – 12:21:25 | RHD] – C:MSOCache
[04/05/2014 – 20:44:04 | ASH | 8333764 Ko] – C:pagefile.sys
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[02/05/2014 – 21:27:17 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[30/04/2014 – 12:08:23 | D] – C:Program Files
[04/05/2014 – 20:38:54 | D] – C:Program Files (x86)
[04/05/2014 – 19:49:39 | D] – C:ProgramData
[02/02/2012 – 18:51:17 | SHD] – C:Recovery
[02/02/2012 – 19:04:59 | N | 2 Ko] – C:RHDSetup.log
[30/04/2014 – 16:29:20 | D] – C:SCAN
[04/05/2014 – 20:43:00 | D] – C:Shortcut_Module
[04/05/2014 – 20:43:04 | N | 97 Ko | 93D9EBDF9E8BC4D5DF1F3ABE1038E9A2] – C:Shortcut_Module_04_05_2014_20_43_04.txt
[04/05/2014 – 19:52:37 | SHD] – C:System Volume Information
[04/05/2014 – 20:43:00 | D] – C:temp
[19/03/2014 – 11:35:25 | N | 2 Ko] – C:temp.log
[04/05/2014 – 20:52:22 | D] – C:UsbFix
[02/05/2014 – 18:17:25 | N | 14 Ko | 4D55E763E6F34290C164BB2BF5E71EB9] – C:UsbFix [Clean 2] USER-PC.txt
[04/05/2014 – 20:52:57 | A | 11 Ko | C80AB7382EC89BB6EAAF2E4ED8F4BE23] – C:UsbFix [Clean 4] USER-PC.txt
[12/03/2013 – 10:54:20 | D] – C:Users
[02/05/2014 – 18:12:11 | D] – C:Windows
[30/10/2012 – 19:25:20 | SHD] – I:$RECYCLE.BIN
[09/03/2014 – 13:47:27 | D] – I:2011-08-13 002
[09/03/2014 – 13:47:31 | D] – I:2011-08-14 002
[09/03/2014 – 13:48:02 | D] – I:2011-08-15 001
[09/03/2014 – 13:47:01 | D] – I:2011-08-16 001
[09/03/2014 – 13:47:03 | D] – I:2011-08-17 001
[09/03/2014 – 13:47:18 | D] – I:2011-08-19 001
[09/03/2014 – 13:48:38 | D] – I:2011-08-19 002
[09/03/2014 – 13:48:38 | D] – I:2011-08-20 001
[06/05/2012 – 13:51:35 | D] – I:jeux wii
[09/03/2014 – 13:51:49 | D] – I:karao selec
[09/03/2014 – 13:56:09 | D] – I:KARAOKE
[09/03/2014 – 13:49:15 | D] – I:Noel 2013
[09/03/2014 – 13:49:27 | D] – I:soirée raclette
[02/02/2012 – 19:14:27 | SHD] – I:System Volume Information

################## | Vaccin |

I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:d0nf86sz]