Clé usb infectée 2014-08-16T11:50:47+00:00
  • Auteur
    Messages
  • Photo du profil de pic4273pic4273
    Participant
    Post count: 0

    BONJOUR J AI UN PROBLEME SUR MA CLE USB SVP

    ############################## | UsbFix V 7.178 | [Nettoyage]

    Utilisateur: CHAIMA (Administrateur) # CHAIMA-HP
    Mis à jour le 08/08/2014 par El Desaparecido – SosVirus
    Lancé à 21:40:13 | 15/08/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: Hewlett-Packard (1604)
    CPU: AMD Athlon(tm) II P320 Dual-Core Processor
    GC: AMD M880G with ATI Mobility Radeon HD 4250
    RAM -> [Total : 2811 Mo | Free : 843 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Google Chrome : 36.0.1985.125
    WB: Mozilla Firefox : 31.0
    WB: Safari : 534.55.3

    ################## | Security Information |

    AV: avast! Antivirus [Actif |(!) Non à jour]
    AS: avast! Antivirus [Actif |(!) Non à jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    FW: avast! Antivirus [(!) Désactivé]
    FW: Windows Firewall [(!) Désactivé]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: -> Disque fixe # 281 Go (57 Go libre(s) – 20%) [] # NTFS
    D: -> Disque fixe # 17 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
    H: -> Disque amovible # 4 Go (745 Mo libre(s) – 19%) [] # FAT32

    ################## | Autorun |

    ################## | Recherche générique |

    Supprimé! C:UsersCHAIMAAppDataRoaming844354531531.exe
    Supprimé! H:2014.lnk
    Supprimé! H:AutoRun.lnk
    Supprimé! H:[www.lnk
    Supprimé! H:~$lahmar.lnk
    Supprimé! H:~$2014.lnk
    Supprimé! H:.lnk
    Supprimé! H:Sytvsm.lnk
    Supprimé! H:~$Année 2013 tnt nation.lnk
    Supprimé! H:~$VOITURE213.lnk
    Supprimé! H:~$2014 tnt.lnk
    Supprimé! H:DEMO FACTURE.lnk
    Supprimé! H:BILAN 30092014.lnk
    Supprimé! H:Avast! Premier 8.0.1489.300-SpeedSoft.lnk
    Supprimé! H:.Trashes.lnk
    Supprimé! H:.fseventsd.lnk
    Supprimé! H:.Spotlight-V100.lnk
    Supprimé! C:WindowsMicrosoft.NETFrameworkv2.0.50727cvtres.exe

    (!) Fichiers temporaires supprimés. (1590.66918373108 MB)

    ################## | Registre |

    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|EnableShellExecuteHooks -> 0
    Supprimé! HKCUSoftwareVB and VBA Program SettingsINSTALL
    Supprimé! HKCUSoftwareVB and VBA Program SettingsSrvID
    Supprimé! HKLMSYSTEMControlSet001servicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList|C:UsersCHAIMAAppDataRoaming844354531531.exe
    Supprimé! HKLMSYSTEMControlSet002servicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList|C:UsersCHAIMAAppDataRoaming844354531531.exe
    Supprimé! HKLMSYSTEMControlSet001servicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList|C:WindowsMicrosoft.NETFrameworkv2.0.50727cvtres.exe
    Supprimé! HKLMSYSTEMControlSet002servicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList|C:WindowsMicrosoft.NETFrameworkv2.0.50727cvtres.exe

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKCU..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKCU..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKCU..Run : [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe
    04 – HKCU..Run : [Google Update] “C:UsersCHAIMAAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKCU..Run : [Allmyapps] “C:UsersCHAIMAAppDataRoamingAllmyappsAllmyapps.exe” startup
    04 – HKCU..Run : [Allmyapps Update] “C:UsersCHAIMAAppDataRoamingAllmyappsAllmyappsUpdater.exe” check startup
    04 – HKCU..Run : [4864864354] C:UsersCHAIMAAppDataRoaming844354531531.exe
    04 – HKCU..Run : [lollipop] “c:userschaimaappdatalocallollipoplollipop.exe” lollipop
    04 – HKLM..Run : [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLM..Run : [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe
    04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLM..Run : [vspdfprsrv.exe] C:Program Files (x86)PDF Pro 10vspdfprsrv.exe –background
    04 – HKLM..Run : [iTunesHelper] “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLM..Run : [4864864354] C:UsersCHAIMAAppDataRoaming844354531531.exe
    04 – HKLM..Run : [PsaStart] 0APPddcbinpsastart.exe 0APPddcbinpsaagent.exe
    04 – HKLM..Run : [fst_fr_134] “C:Program Files (x86)fst_fr_134fst_fr_134.exe”
    04 – HKLM..Run : [Iminent] C:Program Files (x86)IminentIminent.exe /warmup “F77F87E5-A6BD-4922-A530-EDF63D7E9F8C”
    04 – HKLM..Run : [IminentMessenger] C:Program Files (x86)IminentIminent.Messengers.exe
    04 – HKLM..Run : [avast] “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    04 – HKLM..Run : [Boxore Client] C:Program Files (x86)BoxoreBoxoreClientboxore.exe
    04 – HKLM..RunOnce : [upfst_fr_134.exe] C:UsersCHAIMAAppDataLocalfst_fr_134upfst_fr_134.exe -runonce
    04 – HKLM..RunOnce : [SPUpdSentinel] “C:Program Files (x86)Common FilesUmbrellaUmbrella206_bkp.exe” -SERVICEARGS=c -HKLMRunOnce=1
    04 – HKLM..PoliciesExplorerrun : [4864864354] C:UsersCHAIMAAppDataRoaming844354531531.exe
    04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
    04 – [x64] HKLM..Run : [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
    04 – [x64] HKLM..Run : [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
    04 – [x64] HKLM..PoliciesExplorerrun : [4864864354] C:UsersCHAIMAAppDataRoaming844354531531.exe
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [Google Update] “C:UsersCHAIMAAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [Allmyapps] “C:UsersCHAIMAAppDataRoamingAllmyappsAllmyapps.exe” startup
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [Allmyapps Update] “C:UsersCHAIMAAppDataRoamingAllmyappsAllmyappsUpdater.exe” check startup
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [4864864354] C:UsersCHAIMAAppDataRoaming844354531531.exe
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1000..Run : [lollipop] “c:userschaimaappdatalocallollipoplollipop.exe” lollipop
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [Google Update] “C:UsersCHAIMAAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [Allmyapps] “C:UsersCHAIMAAppDataRoamingAllmyappsAllmyapps.exe” startup
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [Allmyapps Update] “C:UsersCHAIMAAppDataRoamingAllmyappsAllmyappsUpdater.exe” check startup
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [4864864354] C:UsersIbtisameAppDataRoaming844354531531.exe
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [Bitdefender Wallet Agent] “C:Program FilesBitdefenderBitdefenderpmbxag.exe”
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [Bitdefender Wallet] “C:Program FilesBitdefenderBitdefenderpwdmanui.exe” –hidden –nowizard
    04 – HKUS-1-5-21-2347925159-1103078289-2455849278-1001..Run : [Bitdefender Wallet Application Agent] “C:Program FilesBitdefenderBitdefenderantispam32bdapppassmgr.exe”
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | UsbFix – Information |

    Info : Comment supprimer l’infection des raccourcis sur USB ? (Video)
    Info : L’infection des raccourcis USB, c’est quoi ?

    ################## | Hijack |

    Restauré! [D] H:DEMO FACTURE
    Restauré! [N] H:2014.xlsx
    Restauré! [D] H:BILAN 30092014
    Restauré! [D] H:Avast! Premier 8.0.1489.300-SpeedSoft
    Restauré! [N] H:[www.Cpasbien.com] Act.of.Valor.2012.FRENCH.BRRiP.XviD-AUTOPSiE.avi
    Restauré! [N] H:~$lahmar.xlsx
    Restauré! [N] H:~$Année 2013 tnt nation.xlsx
    Restauré! [N] H:~$2014.xlsx
    Restauré! [N] H:~$VOITURE213.xlsx
    Restauré! [N] H:~$2014 tnt.xlsx

    ################## | C: – Disque Fixe (NTFS) |

    [22/03/2014 – 17:10:09 | A | 1 Ko] – C:IS_PP2000.txt
    [30/04/2014 – 09:08:36 | A | 34 Ko] – C:bdlog.txt
    [15/08/2014 – 04:48:15 | ASH | 2158772 Ko] – C:hiberfil.sys
    [15/08/2014 – 04:48:18 | ASH | 2878364 Ko] – C:pagefile.sys
    [18/01/2011 – 19:09:19 | D] – C:SYSTEM.SAV
    [27/07/2014 – 14:27:53 | D] – C:Config.Msi
    [22/03/2014 – 16:01:25 | A | 0 Ko] – C:setup.log
    [22/03/2014 – 17:07:28 | A | 0 Ko] – C:TraceInstPC.log
    [02/11/2009 – 14:22:26 | A | 95 Ko] – C:Note Before Insatllation.doc
    [21/04/2012 – 01:08:17 | SHD] – C:$Recycle.Bin
    [11/02/2014 – 02:15:08 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [13/07/2010 – 09:35:23 | SHD] – C:boot
    [04/12/2010 – 02:09:45 | D] – C:HP
    [18/01/2011 – 19:08:35 | SHD] – C:Recovery
    [27/02/2011 – 07:55:46 | RHD] – C:MSOCache
    [11/11/2011 – 19:13:25 | D] – C:7390bf6210a4c2136203a9a4
    [20/03/2012 – 12:25:28 | D] – C:Sun
    [21/04/2012 – 08:15:32 | D] – C:games
    [21/04/2012 – 08:38:36 | D] – C:Macromedia
    [24/12/2012 – 14:24:56 | D] – C:sn0wbreeze
    [14/02/2013 – 11:24:31 | D] – C:SwSetup
    [01/02/2014 – 11:52:14 | D] – C:PDF Pro 10
    [11/02/2014 – 13:28:09 | D] – C:AdwCleaner
    [11/02/2014 – 14:02:34 | D] – C:SymCache
    [09/03/2014 – 19:28:43 | D] – C:ACTIA
    [13/03/2014 – 17:53:51 | D] – C:ADSecurity
    [17/03/2014 – 12:37:36 | D] – C:ADCDTEMP
    [22/03/2014 – 15:14:31 | D] – C:TMP
    [22/03/2014 – 16:11:45 | D] – C:APPLIC
    [22/03/2014 – 18:35:03 | D] – C:APP
    [26/03/2014 – 00:02:24 | A | 0 Ko] – C:END
    [04/04/2014 – 23:53:41 | D] – C:AWRoot
    [30/04/2014 – 09:20:35 | RD] – C:Program Files
    [23/07/2014 – 17:01:26 | D] – C:temp
    [25/07/2014 – 16:34:47 | RD] – C:Users
    [03/08/2014 – 02:29:50 | SHD] – C:System Volume Information
    [04/08/2014 – 12:47:00 | D] – C:Program Files (x86)
    [15/08/2014 – 04:45:34 | D] – C:Windows
    [15/08/2014 – 04:51:15 | HD] – C:ProgramData
    [15/08/2014 – 21:39:40 | D] – C:UsbFix

    ################## | D: – Disque Fixe (NTFS) |

    [18/01/2011 – 19:13:56 | D] – D:system.sav
    [04/12/2010 – 12:06:17 | N | 0 Ko] – D:RPCONFIG.LOG
    [04/12/2010 – 12:06:24 | N | 14 Ko] – D:DeployRp.log
    [15/08/2012 – 05:38:44 | A | 0 Ko] – D:Microsoft Office Démarrer en un clic 2010 (Protégé) (Q) – Raccourci.lnk
    [18/01/2011 – 19:13:56 | N | 0 Ko] – D:language.ini
    [18/01/2011 – 19:13:56 | N | 0 Ko] – D:BT_COMPAQ.FLG
    [04/12/2010 – 11:51:37 | N | 0 Ko] – D:CSP.DAT
    [18/01/2011 – 19:13:43 | N | 0 Ko] – D:HP_WSD.dat
    [15/06/2011 – 15:21:39 | SHD] – D:$RECYCLE.BIN
    [14/07/2009 – 20:39:00 | ASH | 375 Ko] – D:bootmgr
    [18/01/2011 – 19:13:56 | SHD] – D:boot
    [18/01/2011 – 19:13:56 | D] – D:hp
    [18/01/2011 – 19:13:56 | SHD] – D:preload
    [19/01/2011 – 03:03:27 | SHD] – D:System Volume Information
    [02/08/2012 – 02:05:20 | D] – D:Billel
    [20/05/2013 – 14:42:01 | SD] – D:Recovery

    ################## | H: – Disque USB (FAT32) |

    [06/05/2013 – 11:16:52 | N | 0 Ko] – H:~$lahmar.xlsx
    [07/06/2013 – 09:08:12 | N | 0 Ko] – H:~$Année 2013 tnt nation.xlsx
    [11/11/2013 – 11:04:10 | N | 0 Ko] – H:~$VOITURE213.xlsx
    [04/12/2013 – 20:28:36 | N | 0 Ko] – H:~$2014 tnt.xlsx
    [07/08/2014 – 00:42:28 | N | 0 Ko] – H:~$2014.xlsx
    [07/08/2014 – 01:30:18 | N | 180 Ko] – H:2014.xlsx
    [07/05/2013 – 10:31:36 | SH | 4 Ko] – H:._.Trashes
    [07/05/2013 – 10:31:36 | SHD] – H:.Trashes
    [07/05/2013 – 10:31:38 | SHD] – H:.Spotlight-V100
    [07/05/2013 – 10:31:36 | SHD] – H:.fseventsd
    [13/07/2014 – 13:45:02 | N | 716452 Ko] – H:[www.Cpasbien.com] Act.of.Valor.2012.FRENCH.BRRiP.XviD-AUTOPSiE.avi
    [28/04/2014 – 22:27:46 | D] – H:Avast! Premier 8.0.1489.300-SpeedSoft
    [02/01/2014 – 12:14:36 | D] – H:BILAN 30092014
    [02/01/2014 – 16:18:16 | D] – H:DEMO FACTURE

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

Le sujet ‘Clé usb infectée’ est fermé à de nouvelles réponses.