Répondre à : Virus usb 2016-09-08T13:25:57+00:00
geneb25
Participant
Nombre d'articles : 8

Re,

Comme prévu, me revoilà! :hello:

D’avance merci de votre aide

Ci-dessous le rapport de usbfix:

############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: manon (Administrateur) # MANON-TOSH
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 22:08:14 | 18/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (KSWAA)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
RAM -> [Total : 3933 | Free : 2576]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Mozilla Firefox : 25.0.1
WB: Safari : 534.57.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (23 Go libre(s) – 15%) [WINDOWS] # NTFS
D: -> Disque fixe # 149 Go (142 Go libre(s) – 95%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (5 Go libre(s) – 72%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 432 |ParentID: 424)
C:Windowssystem32wininit.exe (ID: 484 |ParentID: 424)
C:Windowssystem32csrss.exe (ID: 496 |ParentID: 476)
C:Windowssystem32services.exe (ID: 544 |ParentID: 484)
C:Windowssystem32lsass.exe (ID: 568 |ParentID: 484)
C:Windowssystem32lsm.exe (ID: 576 |ParentID: 484)
C:Windowssystem32winlogon.exe (ID: 616 |ParentID: 476)
C:Windowssystem32svchost.exe (ID: 700 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 784 |ParentID: 544)
C:WindowsSystem32svchost.exe (ID: 876 |ParentID: 544)
C:WindowsSystem32svchost.exe (ID: 916 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 944 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 980 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 800 |ParentID: 544)
C:WindowsSystem32spoolsv.exe (ID: 1124 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 1156 |ParentID: 544)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1240 |ParentID: 544)
C:Windowssystem32Dwm.exe (ID: 1436 |ParentID: 916)
C:WindowsExplorer.EXE (ID: 1460 |ParentID: 1428)
C:Windowssystem32taskhost.exe (ID: 1476 |ParentID: 544)
C:Windowssystem32taskeng.exe (ID: 1508 |ParentID: 980)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1592 |ParentID: 544)
C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe (ID: 1608 |ParentID: 1508)
C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe (ID: 1664 |ParentID: 1508)
C:Windowssystem32svchost.exe (ID: 1832 |ParentID: 544)
C:Program Files (x86)Toshiba TEMPROTemproSvc.exe (ID: 1876 |ParentID: 544)
C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID: 1968 |ParentID: 1460)
C:Program FilesTOSHIBABulletinBoardTosNcCore.exe (ID: 1976 |ParentID: 1460)
C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID: 1984 |ParentID: 1460)
C:WindowsSystem32igfxtray.exe (ID: 1996 |ParentID: 1460)
C:WindowsSystem32hkcmd.exe (ID: 2004 |ParentID: 1460)
C:WindowsSystem32igfxpers.exe (ID: 2016 |ParentID: 1460)
C:Windowssystem32igfxsrvc.exe (ID: 1176 |ParentID: 700)
C:Program FilesTOSHIBASmoothViewSmoothView.exe (ID: 964 |ParentID: 1460)
C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID: 1208 |ParentID: 1460)
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 1892 |ParentID: 1460)
C:Program FilesTOSHIBATECOTEco.exe (ID: 2060 |ParentID: 1460)
C:Program Files (x86)TOSHIBAToshiba Online Product InformationTOPI.exe (ID: 2140 |ParentID: 1460)
C:UsersmanonAppDataRoamingDropboxbinDropbox.exe (ID: 2172 |ParentID: 1460)
C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE (ID: 2180 |ParentID: 1460)
C:Windowssystem32igfxext.exe (ID: 2400 |ParentID: 700)
C:Windowssystem32TODDSrv.exe (ID: 2992 |ParentID: 544)
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID: 3032 |ParentID: 544)
C:Program FilesTOSHIBATECOTecoService.exe (ID: 3060 |ParentID: 544)
C:WindowsSystem32svchost.exe (ID: 2280 |ParentID: 544)
C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID: 2252 |ParentID: 1508)
C:Windowssystem32wbemwmiprvse.exe (ID: 3092 |ParentID: 700)
C:Windowssystem32SearchIndexer.exe (ID: 3316 |ParentID: 544)
C:Windowssystem32svchost.exe (ID: 3632 |ParentID: 544)
C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID: 3724 |ParentID: 2252)
C:Windowssystem32svchost.exe (ID: 3824 |ParentID: 544)
C:WindowsSystem32svchost.exe (ID: 732 |ParentID: 544)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4364 |ParentID: 544)
C:Windowssystem32wbemwmiprvse.exe (ID: 4776 |ParentID: 700)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID: 3516 |ParentID: 544)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID: 3508 |ParentID: 1956)
C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID: 2768 |ParentID: 544)
C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID: 148 |ParentID: 2092)
C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID: 1396 |ParentID: 544)
C:Program Files (x86)TOSHIBAConfigFreeCFProcSRVC.exe (ID: 2916 |ParentID: 544)
C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID: 1168 |ParentID: 544)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 1960 |ParentID: 1460)
C:WindowsservicingTrustedInstaller.exe (ID: 4104 |ParentID: 544)
C:Windowssystem32wuauclt.exe (ID: 612 |ParentID: 980)
C:WindowsSystem32WUDFHost.exe (ID: 4968 |ParentID: 916)
C:UsbFixGo.exe (ID: 1716 |ParentID: 4764)
C:Windowssystem32SearchProtocolHost.exe (ID: 2088 |ParentID: 3316)
C:Windowssystem32SearchFilterHost.exe (ID: 4160 |ParentID: 3316)
C:Windowssystem32taskeng.exe (ID: 3812 |ParentID: 980)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLMSOFTWARE | Run : [HWSetup] – “C:Program FilesTOSHIBAUtilitiesHWSetup.exe” hwSetUP
04 – HKLMSOFTWARE | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SVPWUTIL] – C:Program Files (x86)TOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
04 – HKLMSOFTWAREwow6432Node | Run : [HWSetup] – “C:Program FilesTOSHIBAUtilitiesHWSetup.exe” hwSetUP
04 – HKLMSOFTWAREwow6432Node | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1693259841-3922508296-1710566763-1001SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBAToshiba Online Product Informationtopi.exe
04 – HKUS-1-5-21-1693259841-3922508296-1710566763-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersmanonAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-18SOFTWARE | Run : [TOSHIBA Online Product Information] – C:Program Files (x86)TOSHIBAToshiba Online Product Informationtopi.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! C:UsersmanonAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! C:UsersmanonAppDataLocalTempiTunesHelper.vbe
Présent! F:iTunesHelper.vbe
Présent! F:Autorun.inf.lnk
Présent! F:a recup.lnk

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersmanonAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersmanonAppDataLocalTempiTunesHelper.vbe
Md5 : AD627CFED7817A7474E50D99C3E47DA8 -> F:iTunesHelper.vbe

################## | Comparaison MD5 |

Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersmanonAppDataLocalTempiTunesHelper.vbe
Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersmanonAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! Md5 : AD627CFED7817A7474E50D99C3E47DA8 -> F:iTunesHelper.vbe

################## | Registre |

Présent! HKUS-1-5-21-1693259841-3922508296-1710566763-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |