Répondre à : Virus USB 2016-09-08T13:28:22+00:00
Photo du profil de TIPHAINETIPHAINE
Participant
Post count: 16

C’est bon USB fix a terminé sa recherche !! :D

Voici son rapport :

############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: asus (Administrateur) # ADMIN-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 17:37:30 | 05/01/2014

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (1015BXO)
CPU: AMD C-50 Processor
RAM -> [Total : 749 | Free : 222]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16750

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 100 Go (67 Go libre(s) – 67%) [] # NTFS
D: -> Disque fixe # 183 Go (165 Go libre(s) – 90%) [] # NTFS
E: -> Disque amovible # 984 Mo (917 Mo libre(s) – 93%) [USB] # FAT

################## | Processus Actif |

C:windowssystem32csrss.exe (ID: 480 |ParentID: 432)
C:windowssystem32wininit.exe (ID: 552 |ParentID: 432)
C:windowssystem32csrss.exe (ID: 560 |ParentID: 544)
C:windowssystem32services.exe (ID: 608 |ParentID: 552)
C:windowssystem32winlogon.exe (ID: 640 |ParentID: 544)
C:windowssystem32lsass.exe (ID: 652 |ParentID: 552)
C:windowssystem32lsm.exe (ID: 680 |ParentID: 552)
C:windowssystem32svchost.exe (ID: 776 |ParentID: 608)
C:windowssystem32svchost.exe (ID: 864 |ParentID: 608)
C:windowssystem32atiesrxx.exe (ID: 912 |ParentID: 608)
C:windowsSystem32svchost.exe (ID: 996 |ParentID: 608)
C:windowsSystem32svchost.exe (ID: 1048 |ParentID: 608)
C:windowssystem32svchost.exe (ID: 1092 |ParentID: 608)
C:windowssystem32svchost.exe (ID: 1124 |ParentID: 608)
C:windowssystem32atieclxx.exe (ID: 1288 |ParentID: 912)
C:windowssystem32svchost.exe (ID: 1368 |ParentID: 608)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1548 |ParentID: 608)
C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1656 |ParentID: 608)
C:windowssystem32Dwm.exe (ID: 1840 |ParentID: 1048)
C:windowsExplorer.EXE (ID: 1924 |ParentID: 1792)
C:windowsSystem32spoolsv.exe (ID: 1944 |ParentID: 608)
C:windowssystem32taskhost.exe (ID: 1992 |ParentID: 608)
C:windowssystem32svchost.exe (ID: 2020 |ParentID: 608)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1320 |ParentID: 608)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1564 |ParentID: 608)
C:Program FilesCommon FilesInstantOnInsOnSrv.exe (ID: 1752 |ParentID: 608)
C:windowssystem32AsusService.exe (ID: 1748 |ParentID: 608)
C:Program FilesBonjourmDNSResponder.exe (ID: 1724 |ParentID: 608)
C:Program FilesCommon FilesInstantOnInsOnWMI.exe (ID: 1892 |ParentID: 1752)
C:Program FilesSecurity Administratornewlock.exe (ID: 2068 |ParentID: 608)
C:Program FilesMicrosoft SQL ServerMSSQL10.SQLEXPRESSMSSQLBinnsqlservr.exe (ID: 2148 |ParentID: 608)
C:Program FilesMicrosoftBingBarSeaPort.EXE (ID: 2208 |ParentID: 608)
C:Program FilesMicrosoft Application Virtualization Clientsftvsa.exe (ID: 2476 |ParentID: 608)
C:Program FilesShareMousesmService.exe (ID: 2552 |ParentID: 608)
C:Program FilesShareMousesharemouse.exe (ID: 2592 |ParentID: 2552)
C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 2600 |ParentID: 608)
C:Program FilesShareMousesharemouse.exe (ID: 2612 |ParentID: 2552)
C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (ID: 2752 |ParentID: 608)
C:windowssystem32svchost.exe (ID: 2784 |ParentID: 608)
C:Program FilesTrend MicroTitaniumTiMiniService.exe (ID: 2828 |ParentID: 608)
C:Program FilesTrend MicroTitaniumTiResumeSrv.exe (ID: 2924 |ParentID: 2828)
C:windowssystem32conhost.exe (ID: 2932 |ParentID: 480)
C:ExpressGateUtilVAWinService.exe (ID: 2948 |ParentID: 608)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3000 |ParentID: 608)
C:Program FilesMicrosoft Application Virtualization Clientsftlist.exe (ID: 3064 |ParentID: 608)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3152 |ParentID: 3000)
C:WindowsSystem32wscript.exe (ID: 3396 |ParentID: 1924)
C:Program FilesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 3880 |ParentID: 608)
C:windowssystem32wbemwmiprvse.exe (ID: 3264 |ParentID: 776)
C:windowssystem32SearchIndexer.exe (ID: 3700 |ParentID: 608)
C:windowssystem32svchost.exe (ID: 3628 |ParentID: 608)
C:windowssystem32svchost.exe (ID: 2572 |ParentID: 608)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4636 |ParentID: 608)
C:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 5608 |ParentID: 608)
C:windowssystem32sppsvc.exe (ID: 6100 |ParentID: 608)
C:windowsservicingTrustedInstaller.exe (ID: 3116 |ParentID: 608)
C:windowssystem32taskeng.exe (ID: 5056 |ParentID: 1124)
C:UsersasusAppDataLocalGoogleUpdateGoogleUpdate.exe (ID: 2768 |ParentID: 5056)
C:windowsSystem32WUDFHost.exe (ID: 5820 |ParentID: 1048)
C:UsbFixGo.exe (ID: 4412 |ParentID: 1300)
C:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 1488 |ParentID: 5608)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Trend Micro Client Framework] – “C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-219032517-490203943-621970992-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersasusAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! C:UsersasusAppDataLocalTempiTunesHelper.vbe
Présent! C:UsersasusAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! E:iTunesHelper.vbe
Présent! C:UsersasusAppDataLocalTempLanceur.vbs

################## | Référence de comparaison MD5 |

Md5 : 5B6E07F008D5D7AA2DB48D767A4EA6A1 -> C:UsersasusAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 5B6E07F008D5D7AA2DB48D767A4EA6A1 -> C:UsersasusAppDataLocalTempiTunesHelper.vbe
Md5 : 67EB1322395D41DDDC9045B4EEF2309D -> C:UsersasusAppDataLocalTempLanceur.vbs
Md5 : 5B6E07F008D5D7AA2DB48D767A4EA6A1 -> E:iTunesHelper.vbe
Md5 : 5B6E07F008D5D7AA2DB48D767A4EA6A1 -> C:UsersasusAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

################## | Comparaison MD5 |

Présent! Md5 : 5B6E07F008D5D7AA2DB48D767A4EA6A1 -> C:UsersasusAppDataLocalTempiTunesHelper.vbe
Présent! Md5 : 67EB1322395D41DDDC9045B4EEF2309D -> C:UsersasusAppDataLocalTempLanceur.vbs
Présent! Md5 : 5B6E07F008D5D7AA2DB48D767A4EA6A1 -> C:UsersasusAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Présent! Md5 : 5B6E07F008D5D7AA2DB48D767A4EA6A1 -> E:iTunesHelper.vbe

################## | Registre |

Présent! HKUS-1-5-21-219032517-490203943-621970992-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Merci d’avance ! :)