Virus clé USB raccourci 2013-10-06T12:31:22+00:00
  • Auteur
    Messages
  • Photo du profil de Anonyme
    Post count: 0

    Bonjour,

    Comme beaucoup j’ai attrapé le virus qui fait des raccourci sur la clé USB. Je viens donc ici en cherchant de l’aide. Je vous transmets le rapport de USBFIX :

    [spoiler:3q1yesxc]############################## | UsbFix V 7.143 | [Recherche]

    Utilisateur: Greg (Administrateur) # LECARPENTIER-HP
    Mis à jour le 05/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 13:18:23 | 06/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Foxconn (2ABF)
    CPU: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
    RAM -> [Total : 6125 | Free : 3747]
    Bios: AMI
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16686

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 1385 Go (781 Go libre(s) – 56%) [OS] # NTFS
    D: -> Disque fixe # 12 Go (1 Go libre(s) – 12%) [HP_RECOVERY] # NTFS
    E: -> CD-ROM
    G: -> CD-ROM
    H: -> CD-ROM
    I: -> Disque amovible # 7 Go (1 Go libre(s) – 16%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID 528 |ParentID 516)
    C:Windowssystem32wininit.exe (ID 600 |ParentID 516)
    C:Windowssystem32csrss.exe (ID 624 |ParentID 608)
    C:Windowssystem32services.exe (ID 656 |ParentID 600)
    C:Windowssystem32lsass.exe (ID 676 |ParentID 600)
    C:Windowssystem32lsm.exe (ID 684 |ParentID 600)
    C:Windowssystem32svchost.exe (ID 788 |ParentID 656)
    C:PROGRA~1ENIGMA~1SPYHUN~1SH4SER~1.EXE (ID 864 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 900 |ParentID 656)
    C:Windowssystem32atiesrxx.exe (ID 956 |ParentID 656)
    C:Windowssystem32winlogon.exe (ID 996 |ParentID 608)
    C:WindowsSystem32svchost.exe (ID 316 |ParentID 656)
    C:WindowsSystem32svchost.exe (ID 488 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 516 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 804 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 1196 |ParentID 656)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1252 |ParentID 656)
    C:WindowsSystem32spoolsv.exe (ID 1380 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 1436 |ParentID 656)
    C:WindowsSysWOW64svchost.exe (ID 1540 |ParentID 656)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1560 |ParentID 656)
    C:Program Files (x86)Canal+CANAL+ CANALSAT A LA DEMANDEVODCanalPlus.VOD.exe (ID 1632 |ParentID 656)
    C:WindowsSysWOW64ezSharedSvcHost.exe (ID 1692 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 1840 |ParentID 656)
    C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (ID 1864 |ParentID 656)
    C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (ID 1924 |ParentID 656)
    C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (ID 1952 |ParentID 656)
    C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (ID 1164 |ParentID 656)
    C:Program Files (x86)PDF Completepdfsvc.exe (ID 1804 |ParentID 656)
    C:Windowssystem32atieclxx.exe (ID 2240 |ParentID 956)
    C:WindowsSysWOW64PnkBstrA.exe (ID 2368 |ParentID 656)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID 2660 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 2720 |ParentID 656)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2764 |ParentID 656)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID 2852 |ParentID 656)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2948 |ParentID 2764)
    C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID 2344 |ParentID 656)
    C:Windowssystem32svchost.exe (ID 3468 |ParentID 656)
    C:WindowsSystem32WUDFHost.exe (ID 3884 |ParentID 488)
    C:Windowssystem32taskhost.exe (ID 3172 |ParentID 656)
    C:Windowssystem32Dwm.exe (ID 1816 |ParentID 488)
    C:WindowsExplorer.EXE (ID 3064 |ParentID 1504)
    C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (ID 3248 |ParentID 1164)
    C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe (ID 2324 |ParentID 3064)
    C:Program FilesLogitechSetPointPSetPoint.exe (ID 3000 |ParentID 3064)
    C:Windowssystem32SearchIndexer.exe (ID 2060 |ParentID 656)
    C:UsersGregAppDataLocalAkamainetsession_win.exe (ID 4016 |ParentID 3064)
    C:Program Files (x86)SamsungSamsung New PC StudioNPSAgent.exe (ID 2544 |ParentID 3064)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID 4060 |ParentID 656)
    C:UsersGregAppDataLocalAkamainetsession_win.exe (ID 4048 |ParentID 4016)
    C:Program Files (x86)SamsungKiesKies.exe (ID 3052 |ParentID 3064)
    C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe (ID 3376 |ParentID 3064)
    C:WindowsSystem32wscript.exe (ID 1412 |ParentID 3064)
    C:Program FilesCommon FilesLogiShrdKHAL3KHALMNPR.EXE (ID 3728 |ParentID 3000)
    C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID 1916 |ParentID 1416)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 3432 |ParentID 1416)
    C:Program Files (x86)MagicDiscMagicDisc.exe (ID 3212 |ParentID 3064)
    C:Program Files (x86)iTunesiTunesHelper.exe (ID 3500 |ParentID 1416)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2804 |ParentID 3824)
    C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID 4116 |ParentID 1416)
    C:Program FilesiPodbiniPodService.exe (ID 4160 |ParentID 656)
    C:Program FilesLogitechSetPointGSetPointII.exe (ID 4208 |ParentID 3000)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 4300 |ParentID 1416)
    C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID 4440 |ParentID 3056)
    C:Program Files (x86)Canal+CANAL+ CANALSAT A LA DEMANDECANAL+ CANALSAT A LA DEMANDE.EXE (ID 4448 |ParentID 4368)
    C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID 4668 |ParentID 4440)
    C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe (ID 2064 |ParentID 656)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 1748 |ParentID 2804)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 4808 |ParentID 656)
    C:WindowsSystem32svchost.exe (ID 4112 |ParentID 656)
    C:Windowssystem32wbemwmiprvse.exe (ID 4184 |ParentID 788)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 5464 |ParentID 656)
    C:Windowssystem32wuauclt.exe (ID 5864 |ParentID 804)
    C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 5944 |ParentID 3064)
    C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 3628 |ParentID 5944)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 2116 |ParentID 3628)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe (ID 5520 |ParentID 2116)
    C:Windowssystem32SearchProtocolHost.exe (ID 4128 |ParentID 2060)
    C:Windowssystem32SearchFilterHost.exe (ID 5308 |ParentID 2060)
    C:UsbFixGo.exe (ID 3664 |ParentID 3816)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [HP Software Update] – c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWARE | Run : [] –
    HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWARE | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
    HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWARE | Run : [AdobeCS5.5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe” -launchedbylogin
    HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    HKLMSOFTWARE | Run : [NPSStartup] –
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWARE | Run : [CANAL+ CANALSAT A LA DEMANDE] – “C:Program Files (x86)Canal+CANAL+ CANALSAT A LA DEMANDELauncher.exe”
    HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWAREwow6432Node | Run : [] –
    HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWAREwow6432Node | Run : [PDF Complete] – C:Program Files (x86)PDF Completepdfsty.exe
    HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWAREwow6432Node | Run : [AdobeCS5.5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe” -launchedbylogin
    HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    HKLMSOFTWAREwow6432Node | Run : [NPSStartup] –
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWAREwow6432Node | Run : [CANAL+ CANALSAT A LA DEMANDE] – “C:Program Files (x86)Canal+CANAL+ CANALSAT A LA DEMANDELauncher.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2056760632-1295808649-3715446150-1007SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersGregAppDataLocalAkamainetsession_win.exe”
    HKUS-1-5-21-2056760632-1295808649-3715446150-1007SOFTWARE | Run : [AutoStartNPSAgent] – C:Program Files (x86)SamsungSamsung New PC StudioNPSAgent.exe
    HKUS-1-5-21-2056760632-1295808649-3715446150-1007SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
    HKUS-1-5-21-2056760632-1295808649-3715446150-1007SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
    HKUS-1-5-21-2056760632-1295808649-3715446150-1007SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    HKUS-1-5-21-2056760632-1295808649-3715446150-1007SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    HKUS-1-5-21-2056760632-1295808649-3715446150-1007SOFTWARE | Run : [yg6cTtSK] – wscript.exe //B “C:UsersGregAppDataLocalTempyg6cTtSK.vbs”
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Éléments infectieux |

    Présent! I:yg6cTtSK.vbs
    Présent! C:UsersGregAppDataLocalTempyg6cTtSK.vbs
    Présent! C:UsersGregAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupyg6cTtSK.vbs
    Présent! I:RunClubSanDisk.lnk
    Présent! I:RunSanDiskSecureAccess_Win.lnk
    Présent! I:Olympus.lnk
    Présent! I:SanDiskSecureAccess.lnk
    Présent! I:club_application.lnk
    Présent! I:LOST.DIR.lnk
    Présent! I:Eleves.lnk
    Présent! I:Game.Of.Thrones.S01.VOSTFR.HDTV.XviD-PTN.lnk
    Présent! I:My Vaults.lnk
    Présent! I:Personnel.lnk
    Présent! I:Lycée.lnk
    Présent! C:UsersLoïcAppDataLocalTempbEWm2wMR.vbs
    Présent! C:UsersLoïcAppDataLocalTempyg6cTtSK.vbs
    Présent! C:UsersLoïcAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupbEWm2wMR.vbs
    Présent! C:UsersLoïcAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupyg6cTtSK.vbs

    ################## | Registre |

    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|yg6cTtSK
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|yg6cTtSK
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|yg6cTtSK
    HKCU….ExplorerMountPoints2I
    ShellAutoRunCommand = I:LaunchU3.exe -a

    HKCU….ExplorerMountPoints2{e525d61b-1df2-11e3-899e-2c27d7375670}
    ShellAutoRunCommand = I:setup.exe

    HKCU….ExplorerMountPoints2{eacdecab-1def-11e3-a2c8-2c27d7375670}
    ShellAutoRunCommand = I:setup.exe

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:3q1yesxc]

    En espérant que vous pourrez m’aider,

    inharz

  • Anonyme
    Post count: 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    • Relance UsbFix.
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta prochaine réponse

Le sujet ‘Virus clé USB raccourci’ est fermé à de nouvelles réponses.