Répondre à : INFECTION DE MA CLE USB PAR LE ITUNES HELPER VBE 2016-09-08T13:14:14+00:00
keyne
Participant
Nombre d'articles : 2

j’ai telecharger UsbFix et rechercher en mode sans échec! voici le rapport

############################## | UsbFix V 7.147 | [Recherche]

Utilisateur: STEPHANIE (Administrateur) # STEPHANIE-PC
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 10:39:28 | 06/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (1225B)
CPU: AMD C-60 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3692 | Free : 2491]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 100 Go (46 Go libre(s) – 46%) [] # NTFS
D: -> Disque fixe # 351 Go (350 Go libre(s) – 100%) [] # NTFS
E: -> Disque amovible # 960 Mo (33 Mo libre(s) – 3%) [] # FAT32
F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [USB] # FAT32

################## | Processus Actif |

C:windowssystem32csrss.exe (ID: 312 |ParentID: 280)
C:windowssystem32wininit.exe (ID: 348 |ParentID: 280)
C:windowssystem32csrss.exe (ID: 360 |ParentID: 340)
C:windowssystem32winlogon.exe (ID: 404 |ParentID: 340)
C:windowssystem32services.exe (ID: 440 |ParentID: 348)
C:windowssystem32lsass.exe (ID: 456 |ParentID: 348)
C:windowssystem32lsm.exe (ID: 464 |ParentID: 348)
C:windowssystem32svchost.exe (ID: 568 |ParentID: 440)
C:windowssystem32svchost.exe (ID: 644 |ParentID: 440)
C:windowsSystem32svchost.exe (ID: 708 |ParentID: 440)
C:windowssystem32svchost.exe (ID: 776 |ParentID: 440)
C:windowssystem32svchost.exe (ID: 828 |ParentID: 440)
C:windowssystem32svchost.exe (ID: 868 |ParentID: 440)
C:windowssystem32svchost.exe (ID: 940 |ParentID: 440)
C:windowssystem32svchost.exe (ID: 1004 |ParentID: 440)
C:windowssystem32svchost.exe (ID: 1040 |ParentID: 440)
C:windowsexplorer.exe (ID: 2972 |ParentID: 404)
C:windowssystem32ctfmon.exe (ID: 2968 |ParentID: 2972)
C:UsersSTEPHANIEAppDataLocalPokkiEnginepokki.exe (ID: 2580 |ParentID: 2972)
C:windowssystem32DllHost.exe (ID: 2340 |ParentID: 568)
C:UsersSTEPHANIEAppDataLocalPokkiEnginepokki.exe (ID: 2544 |ParentID: 2580)
C:windowshelppane.exe (ID: 2712 |ParentID: 568)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1456 |ParentID: 2972)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 640 |ParentID: 1456)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1952 |ParentID: 1456)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2512 |ParentID: 1456)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2772 |ParentID: 1456)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1560 |ParentID: 1456)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1824 |ParentID: 1456)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1792 |ParentID: 1456)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1776 |ParentID: 1456)
C:UsbFixGo.exe (ID: 1380 |ParentID: 1108)
C:UsbFixGo.exe (ID: 2604 |ParentID: 1692)
C:windowssystem32wbemwmiprvse.exe (ID: 2420 |ParentID: 568)

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [HotkeyMon] – AsusSender.exe C:Program Files (x86)ASUSHotkeyServiceHotKeyMon.exe
HKLMSOFTWARE | Run : [HotkeyService] – AsusSender.exe C:Program Files (x86)ASUSHotkeyServiceHotkeyService.exe
HKLMSOFTWARE | Run : [SuperHybridEngine] – AsusSender.exe C:Program Files (x86)ASUSSHESuperHybridEngine.exe
HKLMSOFTWARE | Run : [CapsHook] – AsusSender.exe C:Program Files (x86)ASUSCapsHookCapsHook.exe
HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
HKLMSOFTWARE | Run : [ASUS Smart Camera] – C:Program Files (x86)ASUSASUS Smart CameraSmartCamera.exe
HKLMSOFTWARE | Run : [ASUSPRP] – C:Program Files (x86)ASUSAPRPAPRP.EXE
HKLMSOFTWARE | Run : [iSeriesCharge] – AsusSender.exe C:Program Files (x86)ASUSUSBChargeSettingiSeriesCharge.exe
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [HotkeyMon] – AsusSender.exe C:Program Files (x86)ASUSHotkeyServiceHotKeyMon.exe
HKLMSOFTWAREwow6432Node | Run : [HotkeyService] – AsusSender.exe C:Program Files (x86)ASUSHotkeyServiceHotkeyService.exe
HKLMSOFTWAREwow6432Node | Run : [SuperHybridEngine] – AsusSender.exe C:Program Files (x86)ASUSSHESuperHybridEngine.exe
HKLMSOFTWAREwow6432Node | Run : [CapsHook] – AsusSender.exe C:Program Files (x86)ASUSCapsHookCapsHook.exe
HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
HKLMSOFTWAREwow6432Node | Run : [ASUS Smart Camera] – C:Program Files (x86)ASUSASUS Smart CameraSmartCamera.exe
HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – C:Program Files (x86)ASUSAPRPAPRP.EXE
HKLMSOFTWAREwow6432Node | Run : [iSeriesCharge] – AsusSender.exe C:Program Files (x86)ASUSUSBChargeSettingiSeriesCharge.exe
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-4155339842-3117879339-513255179-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-4155339842-3117879339-513255179-1001SOFTWARE | Run : [Facebook Update] – “C:UsersSTEPHANIEAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-4155339842-3117879339-513255179-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-4155339842-3117879339-513255179-1001SOFTWARE | Run : [Pokki] – C:windowssystem32rundll32.exe “%LOCALAPPDATA%PokkiEngineLaunchDeskband.dll”,RunLaunchDeskband
HKUS-1-5-21-4155339842-3117879339-513255179-1001SOFTWARE | Run : [VoipConnect] – “C:Program Files (x86)VoipConnect.comVoipConnectvoipconnect.exe” -nosplash -minimized
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

################## | Registre |

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |