virus sur clé usb 2012-11-27T19:08:42+00:00
  • Auteur
    Messages
  • Anonyme
    Post count: 0

    [mod=”El Desaparecido”:1zu1tt8p]Hello amyget, merci d'ouvrir ton propre sujet
    Un minimum d'explications et de courtoisie sont aussi les bienvenue..[/mod:1zu1tt8p]

  • amyget
    Post count: 0

    USBFix
    [spoiler:1bcteyqg]############################## | UsbFix V 7.100 | [Suppression]

    Utilisateur: XP (Administrateur) # XP-D809F029B708
    Mis à jour le 11/11/2012 par El Desaparecido
    Lancé à 17:51:50 | 29/11/2012

    Site Web: https://www.usb-antivirus.com/fr/
    Contact: https://www.sosvirus.net/contact/

    PC: Acer (AOA150) (X86-based PC
    CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (1596)
    RAM -> [Total : 1012 | Free : 211]
    BIOS: InsydeH2O Version v0.3305
    BOOT: Normal boot

    OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
    WB: Windows Internet Explorer 6.0.2900.5512

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 49 Go (37 Go libre(s) – 76%) [] # NTFS
    D: -> Disque fixe # 100 Go (99 Go libre(s) – 98%) [] # NTFS
    E: -> Disque amovible # 8 Go (8 Go libre(s) – 100%) [AMY PERSO] # FAT32

    ################## | Processus Actif |

    C:WINDOWSSystem32smss.exe (1140)
    C:WINDOWSsystem32winlogon.exe (1220)
    C:WINDOWSsystem32services.exe (1264)
    C:WINDOWSsystem32lsass.exe (1276)
    C:WINDOWSsystem32svchost.exe (1440)
    C:WINDOWSSystem32svchost.exe (1588)
    C:WINDOWSsystem32spoolsv.exe (1468)
    C:WINDOWSsystem32svchost.exe (1660)
    C:WINDOWSExplorer.EXE (2308)
    C:Program FilesInternet Exploreriexplore.exe (2364)
    C:WINDOWSRTHDCPL.EXE (2788)
    C:Program FilesAlwil SoftwareAvast5avastUI.exe (2796)
    C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe (2920)
    C:WINDOWSsystem32ctfmon.exe (3000)
    C:Program FilesWindows LiveMessengermsnmsgr.exe (3068)
    D:Program FilesStylerStyler.exe (724)
    C:DOCUME~1XPLOCALS~1TempRtkBtMnt.exe (712)
    C:Program FilesSkypePhoneSkype.exe (3572)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3900)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3028)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2916)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3304)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3772)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2144)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (1572)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2340)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2828)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (312)
    C:WINDOWSsystem32notepad.exe (2344)
    C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (2532)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3644)
    C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3736)
    C:UsbFixGo.exe (3792)

    ################## | Processus Stoppés |

    Stoppé! C:WINDOWSsystem32spoolsv.exe (1468)
    Stoppé! C:WINDOWSExplorer.EXE (2308)
    Stoppé! C:Program FilesInternet Exploreriexplore.exe (2364)
    Stoppé! C:WINDOWSRTHDCPL.EXE (2788)
    Stoppé! C:Program FilesAlwil SoftwareAvast5avastUI.exe (2796)
    Stoppé! C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe (2920)
    Stoppé! C:WINDOWSsystem32ctfmon.exe (3000)
    Stoppé! C:Program FilesWindows LiveMessengermsnmsgr.exe (3068)
    Stoppé! D:Program FilesStylerStyler.exe (724)
    Stoppé! C:DOCUME~1XPLOCALS~1TempRtkBtMnt.exe (712)
    Stoppé! C:Program FilesSkypePhoneSkype.exe (3572)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3900)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3028)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2916)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3304)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3772)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2144)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (1572)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2340)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (2828)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (312)
    Stoppé! C:WINDOWSsystem32notepad.exe (2344)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (2532)
    Stoppé! C:Documents and SettingsXPLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (3644)

    ################## | Éléments infectieux |

    Supprimé! C:DOCUME~1XPLOCALS~1Tempose00000.exe
    Supprimé! C:DOCUME~1XPLOCALS~1TempTomsDownloader9277.exe
    Supprimé! C:DOCUME~1XPLOCALS~1TempRtkBtMnt.exe
    Supprimé! E:\RECYCLERS-8-1-88-5145440102-3335436823-783217735-8005NgjGWSgI.exe
    Supprimé! C:RecyclerS-1-5-21-1960408961-436374069-527237240-1003
    Supprimé! D:RecyclerS-1-5-21-1960408961-436374069-527237240-1003
    Supprimé! E:RecyclerS-8-1-88-5145440102-3335436823-783217735-8005*.cpl
    Supprimé! E:RecyclerS-8-1-88-5145440102-3335436823-783217735-8005
    Supprimé! E:autorun.inf
    Supprimé! E:trz29C.tmp

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Mountpoints2 |

    ################## | Listing |

    [08/01/2003 – 15:39:53 | N | 0] C:AUTOEXEC.BAT
    [08/01/2003 – 16:19:09 | N | 212] C:boot.ini
    [28/08/2001 – 13:00:00 | N | 4952] C:Bootfont.bin
    [16/11/2012 – 20:28:09 | D ] C:Config.Msi
    [08/01/2003 – 15:39:53 | N | 0] C:CONFIG.SYS
    [08/01/2003 – 15:49:34 | D ] C:Documents and Settings
    [08/01/2003 – 16:16:57 | D ] C:Intel
    [08/01/2003 – 15:39:53 | N | 0] C:IO.SYS
    [08/01/2003 – 15:39:53 | N | 0] C:MSDOS.SYS
    [08/01/2003 – 16:03:51 | RHD ] C:MSOCache
    [13/04/2008 – 08:43:04 | N | 47564] C:NTDETECT.COM
    [13/04/2008 – 10:31:52 | N | 252240] C:ntldr
    [29/11/2012 – 10:27:46 | ASH | 1585446912] C:pagefile.sys
    [27/11/2012 – 13:29:46 | D ] C:Program Files
    [29/11/2012 – 17:57:13 | SHD ] C:RECYCLER
    [08/01/2003 – 15:48:51 | SHD ] C:System Volume Information
    [29/11/2012 – 17:57:13 | D ] C:UsbFix
    [29/11/2012 – 18:01:29 | A | 6109] C:UsbFix.txt
    [20/11/2012 – 18:01:04 | D ] C:WINDOWS
    [23/06/2011 – 22:00:58 | N | 346766] D:5-FICHE COMPENSATION.pdf
    [22/11/2011 – 02:17:32 | N | 83412050] D:20111115 140816.m4a
    [01/09/2011 – 18:04:20 | N | 11426] D:3249.pdf
    [23/06/2011 – 21:58:08 | N | 7560984] D:756629823.pdf
    [17/06/2011 – 11:35:01 | N | 1843254] D:admiseeeeeeeee.bmp
    [23/06/2011 – 21:57:30 | N | 8394] D:aides_20humaines.pdf
    [20/06/2011 – 16:32:20 | N | 111936] D:ALG_Comment_remplir_formulaire_long_sejour_v2010-07-07c.pdf
    [29/11/2012 – 15:43:54 | D ] D:amy mémoire
    [16/08/2011 – 17:23:38 | N | 19959] D:attestation d'acceptation.pdf
    [16/08/2011 – 12:56:12 | N | 220647] D:attestation sur l'honneur.jpg
    [21/10/2011 – 15:31:28 | D ] D:avnir
    [24/06/2011 – 15:40:45 | N | 30558] D:cartedesejour.pdf
    [29/06/2011 – 18:59:36 | N | 19174] D:complement_de_dossier_2011_alger.pdf
    [23/09/2011 – 19:50:00 | N | 151552] D:devis personnalisé-Kahina OUADI.doc
    [19/10/2011 – 08:32:05 | N | 152291] D:devis-16862.pdf
    [25/11/2012 – 12:27:07 | D ] D:Downloads
    [14/03/2011 – 20:13:58 | D ] D:films
    [30/10/2011 – 18:14:50 | D ] D:For Amy
    [20/06/2011 – 16:29:49 | N | 48970] D:formulaire_LS.pdf
    [26/06/2011 – 17:26:52 | N | 133183] D:get_file.pdf
    [17/06/2011 – 12:59:46 | N | 1826192] D:guide_inscriptions_1112.pdf
    [26/07/2011 – 19:58:53 | N | 47616] D:Kahina.doc
    [17/06/2011 – 17:10:03 | D ] D:my docs
    [13/07/2011 – 19:08:10 | D ] D:PAPA
    [16/08/2011 – 12:57:50 | N | 90433] D:passeport.jpg
    [16/08/2011 – 13:00:36 | N | 134626] D:Passeport1.jpg
    [16/08/2011 – 13:02:08 | N | 139817] D:Passeport2.jpg
    [16/08/2011 – 12:59:16 | N | 78831] D:Photo 019.jpg
    [23/06/2011 – 21:52:18 | N | 1224938] D:plan-daide1.jpg
    [23/06/2011 – 21:59:38 | N | 238992] D:plaquette info aidants.pdf
    [09/01/2003 – 16:34:20 | D ] D:Program Files
    [21/06/2012 – 14:57:02 | N | 345] D:Raccourci (2) vers Mes documents.lnk
    [21/06/2012 – 14:56:52 | N | 345] D:Raccourci vers Mes documents.lnk
    [29/11/2012 – 17:57:13 | SHD ] D:RECYCLER
    [23/10/2011 – 23:02:10 | N | 81983523] D:risk20111021 093512.m4a
    [31/07/2011 – 14:29:43 | N | 89115] D:short_stay_application_form_fr.pdf
    [08/02/2011 – 17:50:44 | N | 24064] D:Société Gle.doc
    [17/06/2011 – 12:07:17 | N | 226414] D:SyllabusM1Strat2010-2011.pdf
    [23/06/2011 – 21:58:42 | N | 13710] D:synth_c3_a8se_20des_20interventions.pdf
    [14/03/2011 – 21:20:45 | SHD ] D:System Volume Information
    [29/10/2011 – 18:53:54 | ASH | 109056] D:Thumbs.db
    [28/10/2011 – 09:55:02 | N | 284] D:T_cpte_04015_002279U_du_17-10-2011_au_27-10-2011.xls
    [16/08/2011 – 13:03:32 | N | 140312] D:Visa.jpg
    [03/07/2011 – 18:22:04 | N | 11476] D:????? ??? ??????.docx
    [29/11/2012 – 16:42:08 | D ] E:RECYCLER
    [29/11/2012 – 17:50:22 | N | 672] E:Copy of Shortcut to (1).lnk
    [29/11/2012 – 17:50:22 | N | 726] E:Copy of Shortcut to (2).lnk
    [29/11/2012 – 17:50:22 | N | 946] E:Copy of Shortcut to (3).lnk
    [29/11/2012 – 17:50:22 | N | 873] E:Copy of Shortcut to (4).lnk

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | Upload |

    Veuillez envoyer le fichier: C:UsbFix_Upload_Me_XP-D809F029B708.zip
    http://eldesaparecido.com/upload.php” onclick=”window.open(this.href);return false;
    Merci de votre contribution.

    ################## | E.O.F |[/spoiler:1bcteyqg]

  • Anonyme
    Post count: 0

    Hello,

    Ok ça marche, je passe ton sujet en résolu.

    Bonne fin de semaine.

  • Anonyme
    Post count: 0

    Re,

    je n’ai pas copier le rapport au moment de la suppression mais tout les éléments infectieux étaient éradiqués ,
    j’ai également vaccinée ma clé et fait un scan avec avast tout été OK.
    Merci de votre aide ^^

  • Anonyme
    Post count: 0

    Hello,

    :welcome:

    Relance UsbFix avec ta clé branchée et choisi suppression. Ensuitepost le rapport dans ta prochaine réponse.

  • xerxesIII
    Participant
    Post count: 0

    Bonjour à tous,
    Je pense avoir contracté un virus sur ma clé USB depuis un ordinateur de mon lycée
    je poste donc le rapport de recherche comme demandé.[spoiler:3vd5k102]############################## | UsbFix V 7.100 | [Recherche]

    Utilisateur: alex_one (Administrateur) # PC-DE-ALEXANDRE
    Mis à jour le 11/11/2012 par El Desaparecido
    Lancé à 20:04:16 | 27/11/2012

    Site Web: https://www.usb-antivirus.com/fr/
    Contact: https://www.sosvirus.net/contact/

    PC: Packard Bell (EasyNote LJ65 ) (X86-based PC
    CPU: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz (2100)
    RAM -> [Total : 3069 | Free : 1669]
    BIOS: InsydeH2O Version V1.04
    BOOT: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-Bit) # Service Pack 1
    WB: Windows Internet Explorer 7.0.6001.18000

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 453 Go (281 Go libre(s) – 62%) [OS] # NTFS
    D: -> CD-ROM
    E: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [Lexar] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (580)
    C:Windowssystem32wininit.exe (632)
    C:Windowssystem32csrss.exe (644)
    C:Windowssystem32services.exe (684)
    C:Windowssystem32lsass.exe (696)
    C:Windowssystem32lsm.exe (708)
    C:Windowssystem32svchost.exe (876)
    C:Windowssystem32nvvsvc.exe (936)
    C:Windowssystem32svchost.exe (968)
    C:WindowsSystem32svchost.exe (1008)
    C:WindowsSystem32svchost.exe (1056)
    C:WindowsSystem32svchost.exe (1092)
    C:Windowssystem32svchost.exe (1108)
    C:Windowssystem32winlogon.exe (1184)
    C:Windowssystem32SLsvc.exe (1320)
    C:Windowssystem32svchost.exe (1364)
    C:Windowssystem32nvvsvc.exe (1528)
    C:Windowssystem32Dwm.exe (1816)
    C:WindowsExplorer.EXE (1840)
    C:Windowssystem32svchost.exe (1916)
    C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (188)
    C:WindowsSystem32spoolsv.exe (512)
    C:Windowssystem32taskeng.exe (12)
    C:Windowssystem32svchost.exe (676)
    C:Windowssystem32taskeng.exe (1116)
    C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe (1928)
    C:WindowsSystem32svchost.exe (1584)
    C:Program FilesMicrosoftBingBarSeaPort.EXE (272)
    C:Windowssystem32svchost.exe (1276)
    C:Program FilesPACKARD BELLPackard Bell PowerSave SolutionePowerSvc.exe (1080)
    C:Program FilesNeroNero8Nero BackItUpNBService.exe (2184)
    C:Program FilesNewTech InfosystemsPackard Bell MyBackupIScheduleSvc.exe (2244)
    C:Windowssystem32IoctlSvc.exe (2652)
    C:Windowssystem32PnkBstrA.exe (2672)
    C:Windowssystem32svchost.exe (2704)
    C:Windowssystem32svchost.exe (2768)
    C:WindowsSystem32svchost.exe (2812)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (2872)
    C:Windowssystem32SearchIndexer.exe (2908)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (3196)
    C:WindowsSystem32alg.exe (3444)
    C:Program FilesWindows DefenderMSASCui.exe (3480)
    C:Windowssystem32wbemunsecapp.exe (3996)
    C:Windowssystem32wbemwmiprvse.exe (4064)
    C:Program FilesRealtekAudioHDARtHDVCpl.exe (2236)
    C:Program FilesAlwil SoftwareAvast5AvastUI.exe (1372)
    C:Program FilesPACKARD BELLPackard Bell PowerSave SolutionePowerTray.exe (1716)
    C:Program FilesWindows iLivid ToolbarDatamngrdatamngrUI.exe (2620)
    C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe (1600)
    C:Program FilesPACKARD BELLPackard Bell PowerSave SolutionePowerEvent.exe (1476)
    C:Usersalex_oneAppDataLocalTempRtkBtMnt.exe (1560)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (3676)
    C:Program FilesAsk.comUpdaterUpdater.exe (3724)
    C:Program FilesPACKARD BELLSetUpMyPCSmpSys.exe (3248)
    C:Program FilesSFRKit9props.exe (3756)
    C:Program FilesSpybot – Search & DestroyTeaTimer.exe (3028)
    C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (2844)
    C:Windowssystem32wbemwmiprvse.exe (3068)
    C:Windowssystem32wuauclt.exe (2792)
    C:Windowssystem32taskeng.exe (4008)
    C:Windowssystem32conime.exe (5000)
    C:Usersalex_oneAppDataRoamingGameRangerGameRangerGameRanger.exe (5992)
    C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe (5228)
    C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe (5260)
    C:Program FilesInternet Explorerieuser.exe (3652)
    C:Program FilesInternet Exploreriexplore.exe (4196)
    C:Windowssystem32MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe (4380)
    C:Windowssystem32WUDFHost.exe (5420)
    C:Program FilesMozilla Firefoxfirefox.exe (5212)
    \?C:Windowssystem32wbemWMIADAP.EXE (5336)
    C:UsbFixGo.exe (5452)

    ################## | Éléments infectieux |

    Présent! C:Usersalex_oneAppDataLocalTempCln4497.tmp
    Présent! C:Usersalex_oneAppDataLocalTempCln8FC1.tmp
    Présent! C:Usersalex_oneAppDataLocalTempClnB361.tmp
    Présent! C:Usersalex_oneAppDataLocalTempham25A8.tmp
    Présent! C:Usersalex_oneAppDataLocalTempRtkBtMnt.exe
    Présent! C:Usersalex_oneAppDataLocalTempwlsetup-cvr.exe
    Présent! C:Windowssystem32temp
    Présent! C:Usersalex_oneAppDataLocalTemp7za.exe
    Présent! C:Usersalex_oneAppDataLocalTempOB.exe

    ################## | Registre |

    ################## | Mountpoints2 |

    HKCU….ExplorerMountPoints2F
    ShellAutoRunCommand = F:LaunchU3.exe -a

    HKCU….ExplorerMountPoints2{ab227cbd-e4f0-11df-89ca-00235a9a9d63}
    ShellAutoRunCommand = E:LaunchU3.exe -a

    HKCU….ExplorerMountPoints2{eac5fc73-0cce-11df-9335-00235a9a9d63}
    ShellAutoRunCommand = C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs image.jpg

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F |[/spoiler:3vd5k102]Merci de votre aide

Le sujet ‘virus sur clé usb’ est fermé à de nouvelles réponses.