Répondre à : disque dur externe infecté 2016-09-08T13:38:45+00:00
totos55
Participant
Post count: 3

J’avais oublié le rapport

totos55
############################## | UsbFix V 7.169 | [Recherche]

Utilisateur: william (Administrateur) # PC-DE-WILLIAM
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 07:22:22 | 06/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Intel Corporation (DG45FC)
CPU: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
RAM -> [Total : 1993 Mo| Free : 607 Mo]
Bios: Intel Corp.
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 7.0.6002.18005
WB: Mozilla Firefox : 28.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Avira Desktop [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]
AS: Malwarebytes’ Anti-Malware : 1.70.0009

C: (%systemdrive%) -> Disque fixe # 244 Go (127 Go libre(s) – 52%) [] # NTFS
D: -> Disque fixe # 222 Go (133 Go libre(s) – 60%) [Nouveau nom] # NTFS
E: -> CD-ROM
J: -> Disque fixe # 76 Go (33 Go libre(s) – 43%) [DISQUE EXT] # NTFS

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 544 |ParentID: 532)
C:Windowssystem32wininit.exe (ID: 592 |ParentID: 532)
C:Windowssystem32csrss.exe (ID: 600 |ParentID: 584)
C:Windowssystem32services.exe (ID: 640 |ParentID: 592)
C:Windowssystem32lsass.exe (ID: 652 |ParentID: 592)
C:Windowssystem32lsm.exe (ID: 660 |ParentID: 592)
C:Windowssystem32winlogon.exe (ID: 808 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 872 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 940 |ParentID: 640)
C:WindowsSystem32svchost.exe (ID: 976 |ParentID: 640)
C:WindowsSystem32svchost.exe (ID: 1044 |ParentID: 640)
C:WindowsSystem32svchost.exe (ID: 1072 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 1104 |ParentID: 640)
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_a6dd3134STacSV.exe (ID: 1128 |ParentID: 640)
C:Windowssystem32SLsvc.exe (ID: 1456 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 1488 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 1616 |ParentID: 640)
C:Windowssystem32WLANExt.exe (ID: 1772 |ParentID: 1072)
C:WindowsSystem32spoolsv.exe (ID: 1844 |ParentID: 640)
C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1888 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 1952 |ParentID: 640)
C:Windowssystem32taskeng.exe (ID: 2016 |ParentID: 1104)
C:Windowssystem32Dwm.exe (ID: 2040 |ParentID: 1072)
C:WindowsExplorer.EXE (ID: 780 |ParentID: 1988)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1272 |ParentID: 640)
C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 1588 |ParentID: 640)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1936 |ParentID: 640)
C:Program FilesCommon FilesMAGIX ServicesDatabasebinFABS.exe (ID: 512 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 2064 |ParentID: 640)
C:Program FilesNeroUpdateNASvc.exe (ID: 2088 |ParentID: 640)
C:WindowsSystem32svchost.exe (ID: 2124 |ParentID: 640)
C:Program FilesSonyPlayMemories HomePMBDeviceInfoProvider.exe (ID: 2192 |ParentID: 640)
C:WindowsSystem32svchost.exe (ID: 2228 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 2248 |ParentID: 640)
C:Program FilesOvislinkCommonRaRegistry.exe (ID: 2316 |ParentID: 640)
C:Windowssystem32svchost.exe (ID: 2400 |ParentID: 640)
C:Program FilesTeamViewerVersion7TeamViewer_Service.exe (ID: 2416 |ParentID: 640)
C:WindowsSystem32svchost.exe (ID: 2448 |ParentID: 640)
C:Windowssystem32SearchIndexer.exe (ID: 2468 |ParentID: 640)
C:WindowsSystem32WUDFHost.exe (ID: 2680 |ParentID: 1072)
C:Windowssystem32wbemwmiprvse.exe (ID: 2812 |ParentID: 872)
C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 3208 |ParentID: 1588)
C:Windowssystem32taskeng.exe (ID: 3552 |ParentID: 1104)
C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 2796 |ParentID: 780)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2704 |ParentID: 780)
C:Program FilesIDTWDMsttray.exe (ID: 2676 |ParentID: 780)
C:Program FilesWindows Sidebarsidebar.exe (ID: 1196 |ParentID: 780)
C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 1192 |ParentID: 780)
C:Program FilesMyDrive ConnectMyDriveConnect.exe (ID: 2560 |ParentID: 780)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2528 |ParentID: 640)
C:UserswilliamAppDataRoamingDropboxbinDropbox.exe (ID: 2584 |ParentID: 780)
C:Windowssystem32WerCon.exe (ID: 176 |ParentID: 2104)
C:Windowssystem32wbemunsecapp.exe (ID: 3392 |ParentID: 872)
C:Windowssystem32svchost.exe (ID: 3436 |ParentID: 640)
C:Program FilesMozilla Firefoxfirefox.exe (ID: 1924 |ParentID: 780)
C:Windowssystem32taskeng.exe (ID: 904 |ParentID: 1104)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 3836 |ParentID: 1924)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 3580 |ParentID: 3836)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 2216 |ParentID: 3580)
C:Windowssystem32taskeng.exe (ID: 3488 |ParentID: 1104)
C:WindowsSystem32mobsync.exe (ID: 2544 |ParentID: 872)
C:Windowssystem32wbemwmiprvse.exe (ID: 5468 |ParentID: 872)

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKCU..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKCU..Run : [MyDriveConnect.exe] “C:Program FilesMyDrive ConnectMyDriveConnect.exe”
04 – HKLM..Run : [hpqSRMon]
04 – HKLM..Run : [avgnt] “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [SysTrayApp] %ProgramFiles%IDTWDMsttray.exe
04 – HKLM..Run : [QuickTime Task] “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe /boot
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-508051804-762217577-4222620189-1000..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-508051804-762217577-4222620189-1000..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKUS-1-5-21-508051804-762217577-4222620189-1000..Run : [MyDriveConnect.exe] “C:Program FilesMyDrive ConnectMyDriveConnect.exe”

################## | Recherche générique |

################## | Registre |

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |