Répondre à : Clef USB infectée 2016-09-08T13:05:57+00:00
Stephane
Participant
Post count: 6

Merci pour te pencher sur mon problème :)

Alors j’ai relancé USBfix et lancé suppression (apparemment il a trouvé tous les raccourcis malicieux!)

[spoiler:11vdzbm1]############################## | UsbFix V 7.134 | [Suppression]

Utilisateur: Stephane (Administrateur) # STEPHANE-PC
Mis à jour le 06/09/2013 par El Desaparecido
Lancé à 14:34:26 | 14/09/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://wwww.sosvirus.net/contact_eldesaparecido.php” onclick=”window.open(this.href);return false;

PC: Gigabyte Technology Co., Ltd. (G31M-ES2L) (x64-based PC)
CPU: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz (2600)
RAM -> [Total : 4085 | Free : 2261]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Microsoft Windows 8 Professionnel avec Media Center (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16688

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 60 Go (26 Go libre(s) – 43%) [] # NTFS
D: -> Disque fixe # 406 Go (306 Go libre(s) – 75%) [Données] # NTFS
E: -> CD-ROM
J: -> Disque fixe # 931 Go (373 Go libre(s) – 40%) [Séries] # NTFS
M: -> Disque amovible # 30 Go (8 Go libre(s) – 27%) [ASPIRINE] # FAT32

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-2336812399-1731229822-2358142557-1001SOFTWARE | Run : [SkyDrive] – “C:UsersStephaneAppDataLocalMicrosoftSkyDriveSkyDrive.exe” /background
HKUS-1-5-21-2336812399-1731229822-2358142557-1001SOFTWARE | Run : [44A055D50C91D88E167AF0F93D8BE6A7764CC2A5._service_run] – “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –type=service
HKUS-1-5-21-2336812399-1731229822-2358142557-1001SOFTWARE | RunOnce : [Uninstall C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2003.1112amd64] – C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2003.1112amd64”
HKUS-1-5-21-2336812399-1731229822-2358142557-1001SOFTWARE | RunOnce : [Uninstall C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2006.0314amd64] – C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2006.0314amd64”
HKUS-1-5-21-2336812399-1731229822-2358142557-1001SOFTWARE | RunOnce : [Uninstall C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2010.0530amd64] – C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2010.0530amd64”
HKUS-1-5-21-2336812399-1731229822-2358142557-1001SOFTWARE | RunOnce : [Uninstall C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2011.0627amd64] – C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersStephaneAppDataLocalMicrosoftSkyDrive17.0.2011.0627amd64”

################## | Processus Stoppés |

Stoppé! C:WindowsSystem32spoolsv.exe (1136)
Stoppé! C:Windowssystem32dashost.exe (1380)
Stoppé! C:Program FilesWindows DefenderMsMpEng.exe (1532)
Stoppé! C:WindowsSystem32WUDFHost.exe (2484)
Stoppé! C:Windowssystem32SearchIndexer.exe (812)
Stoppé! C:Windowssystem32taskhostex.exe (4660)
Stoppé! C:WindowsExplorer.EXE (2440)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweLiveComm.exe (4444)
Stoppé! C:Windowssystem32wwahost.exe (2272)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (900)
Stoppé! C:Program FilesLogitechSetPointPSetPoint.exe (5072)
Stoppé! C:UsersStephaneAppDataLocalMicrosoftSkyDriveSkyDrive.exe (2784)
Stoppé! C:Program FilesCommon FilesLogiShrdKHAL3KHALMNPR.EXE (2464)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (532)
Stoppé! D:PortableAppsPortableAppsuTorrentPortableuTorrentPortable.exe (2604)
Stoppé! D:PortableAppsPortableAppsuTorrentPortableAppuTorrentuTorrent.exe (2416)
Stoppé! C:PROGRA~1COMMON~1MICROS~1OFFICE15CSISYN~1.EXE (2804)
Stoppé! D:LiberKeyLiberKeyToolsLiberKeyPortabilizerLiberKeyPortabilizer.exe (1420)
Stoppé! D:LiberKeyAppsRocketDockAppRocketDockRocketDock.exe (2576)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (3156)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (4196)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (5048)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (3968)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (1516)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (4960)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (5088)

################## | Éléments infectieux |

Supprimé! M:autorun.lnk
Supprimé! M:3c fete fin année.lnk
Supprimé! M:divers.lnk
Supprimé! M:declarationSpotStudio.lnk
Supprimé! M:xpsp3_5512.lnk
Supprimé! M:rld-motogp13.lnk
Supprimé! M:Install_PRNserveur_FR2400503.lnk
Supprimé! M:Install_PRNclient_FR2400503.lnk
Supprimé! M:Install_PRNnet_FR2400503.lnk
Supprimé! M:LiberKey.lnk
Supprimé! M:Recycled.lnk
Supprimé! C:UsersStephaneAppDataLocalPUTTY.RND
Supprimé! M:autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

################## | Listing |

[02/02/2013 – 17:16:03 | SHD ] C:$Recycle.Bin
[04/11/2012 – 18:24:25 | D ] C:$SysReset
[04/11/2012 – 14:38:38 | D ] C:$WINDOWS.~BT
[26/07/2012 – 05:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 16:30:55 | N | 1] C:BOOTNXT
[13/09/2013 – 22:20:40 | D ] C:Config.Msi
[26/07/2012 – 09:22:08 | SHD ] C:Documents and Settings
[13/09/2013 – 22:20:41 | ASH | 3427155968] C:hiberfil.sys
[29/12/2012 – 04:25:42 | RHD ] C:MSOCache
[13/09/2013 – 22:20:59 | ASH | 738197504] C:pagefile.sys
[26/07/2012 – 09:33:46 | D ] C:PerfLogs
[16/04/2013 – 00:29:09 | D ] C:Program Files
[12/09/2013 – 03:10:27 | D ] C:Program Files (x86)
[11/09/2013 – 21:43:33 | HD ] C:ProgramData
[04/11/2012 – 16:44:17 | SHD ] C:Recovery
[13/09/2013 – 22:20:59 | ASH | 268435456] C:swapfile.sys
[11/09/2013 – 16:59:07 | SHD ] C:System Volume Information
[14/09/2013 – 14:36:09 | D ] C:UsbFix
[14/09/2013 – 14:36:26 | A | 6447] C:UsbFix [Clean 2] STEPHANE-PC.txt
[14/09/2013 – 13:50:36 | N | 5675] C:UsbFix [Scan 1] STEPHANE-PC.txt
[28/05/2013 – 01:12:21 | D ] C:Users
[14/09/2013 – 02:12:02 | D ] C:WebApps
[18/08/2013 – 18:10:02 | D ] C:Windows
[02/11/2012 – 19:59:45 | SHD ] D:$RECYCLE.BIN
[14/09/2013 – 02:13:02 | D ] D:AndroidApps
[04/01/2013 – 04:49:34 | D ] D:Applications Portables
[19/02/2013 – 23:31:48 | D ] D:Divers
[04/08/2013 – 18:21:25 | D ] D:Documents
[04/01/2013 – 03:46:58 | D ] D:LiberKey
[11/09/2013 – 15:12:22 | D ] D:Logiciels
[14/09/2013 – 13:17:43 | D ] D:Musiques
[19/02/2013 – 23:30:22 | D ] D:Panier à merdes
[08/09/2013 – 13:47:28 | D ] D:Photos
[23/12/2012 – 20:17:18 | D ] D:PortableApps
[14/09/2013 – 14:35:06 | D ] D:Skydrive
[19/08/2013 – 17:11:17 | D ] D:SkyDriveTemp
[26/11/2012 – 21:02:07 | SHD ] D:System Volume Information
[14/09/2013 – 13:48:50 | D ] D:Téléchargements
[28/08/2013 – 14:54:41 | D ] D:Vidéos
[22/05/2013 – 00:48:33 | D ] J:$$Alphas
[22/05/2013 – 00:10:40 | SHD ] J:$RECYCLE.BIN
[21/05/2013 – 07:13:56 | D ] J:Arrow
[06/07/2013 – 23:13:33 | D ] J:Avatar – The legend of Korra
[02/06/2013 – 23:44:43 | D ] J:Baby Daddy
[21/05/2013 – 07:21:42 | D ] J:Beauty and the Beast
[21/05/2013 – 07:33:09 | D ] J:Being Human
[20/07/2013 – 20:58:23 | D ] J:Bones
[01/09/2013 – 20:27:39 | D ] J:Breaking Bad
[21/05/2013 – 19:02:22 | D ] J:Bref
[21/05/2013 – 19:12:53 | D ] J:Californication
[21/05/2013 – 19:20:14 | D ] J:Continuum
[20/07/2013 – 01:54:58 | D ] J:Defiance
[20/07/2013 – 01:52:02 | D ] J:Dexter
[21/05/2013 – 20:05:34 | D ] J:Game of Thrones
[21/05/2013 – 20:57:39 | D ] J:Grey's Anatomy
[21/05/2013 – 21:09:50 | D ] J:Grimm
[21/05/2013 – 21:25:11 | D ] J:Lost girl
[21/05/2013 – 21:31:11 | D ] J:Misfits
[21/05/2013 – 21:44:39 | D ] J:Modern Family
[21/05/2013 – 21:51:08 | D ] J:New Girl
[21/05/2013 – 21:59:57 | D ] J:Once Upon A Time
[01/09/2013 – 19:25:43 | D ] J:Orphan Black
[16/06/2013 – 20:22:04 | D ] J:Pretty Little Liars
[21/05/2013 – 22:27:56 | D ] J:Private Practice
[22/08/2013 – 04:22:55 | D ] J:Revenge
[21/05/2013 – 22:37:16 | D ] J:Revolution 2012
[21/05/2013 – 22:53:50 | D ] J:Skins
[18/08/2013 – 03:43:30 | D ] J:Suits
[27/05/2013 – 00:16:30 | SHD ] J:System Volume Information
[05/06/2013 – 23:50:32 | D ] J:Teen Wolf
[03/06/2013 – 00:02:24 | D ] J:The listener
[21/05/2013 – 23:46:10 | D ] J:The Mentalist
[22/05/2013 – 00:09:11 | D ] J:The Vampire Diaries
[22/05/2013 – 00:20:03 | D ] J:The Walking Dead
[20/07/2013 – 02:57:12 | D ] J:True Blood
[07/09/2013 – 03:36:27 | D ] J:Under The Dome
[22/05/2013 – 00:47:20 | D ] J:Utopia
[14/03/2012 – 14:08:48 | D ] M:LiberKey
[24/06/2013 – 13:18:00 | N | 614042105] M:3c fete fin année.m4v
[18/06/2013 – 11:02:48 | N | 54757] M:declarationSpotStudio.pdf
[08/05/2013 – 14:46:20 | D ] M:divers
[07/08/2013 – 23:18:30 | N | 390365184] M:xpsp3_5512.080413-2113_fr_x86fre_spcd.iso
[12/08/2013 – 13:43:40 | N | 0] M:rld-motogp13.iso
[26/08/2013 – 11:21:12 | N | 39788296] M:Install_PRNserveur_FR2400503.exe
[26/08/2013 – 11:23:26 | N | 61358288] M:Install_PRNclient_FR2400503.exe
[26/08/2013 – 11:23:40 | N | 42478024] M:Install_PRNnet_FR2400503.exe
[05/10/2012 – 18:45:36 | D ] M:Recycled

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
M:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:11vdzbm1]