Répondre à : fichiers sur clé usb transformés en raccourcis 2016-09-08T13:07:42+00:00
Alhan
Post count: 0

Bonjour à tous,

voilà j’ai attrapé le même virus qui me pourri la vie….

Est-ce que quelqu’un pourrait me le dénicher?

voici mon rapport,

############################## | UsbFix V 7.139 | [Recherche]

Utilisateur: Alhan (Administrateur) # ALHAN-PC
Mis à jour le 29/09/2013 par El Desaparecido – Team SosVirus
Lancé à 09:37:48 | 04/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (N71Jq)
CPU: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
RAM -> [Total : 4021 | Free : 2127]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 681 Go (141 Go libre(s) – 21%) [OS] # NTFS
D: -> Disque fixe # 298 Go (8 Go libre(s) – 3%) [] # NTFS
E: -> CD-ROM
F: -> Disque fixe # 298 Go (70 Go libre(s) – 23%) [] # NTFS
G: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [STORE N GO] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 472 |ParentID 460)
C:Windowssystem32wininit.exe (ID 536 |ParentID 460)
C:Windowssystem32csrss.exe (ID 556 |ParentID 544)
C:Windowssystem32services.exe (ID 592 |ParentID 536)
C:Windowssystem32lsass.exe (ID 620 |ParentID 536)
C:Windowssystem32lsm.exe (ID 628 |ParentID 536)
C:Windowssystem32svchost.exe (ID 724 |ParentID 592)
C:Windowssystem32winlogon.exe (ID 792 |ParentID 544)
C:Windowssystem32svchost.exe (ID 852 |ParentID 592)
C:Windowssystem32atiesrxx.exe (ID 912 |ParentID 592)
C:WindowsSystem32svchost.exe (ID 972 |ParentID 592)
C:WindowsSystem32svchost.exe (ID 1012 |ParentID 592)
C:Windowssystem32svchost.exe (ID 144 |ParentID 592)
C:Windowssystem32svchost.exe (ID 164 |ParentID 592)
C:Windowssystem32svchost.exe (ID 1104 |ParentID 592)
C:Windowssystem32atieclxx.exe (ID 1264 |ParentID 912)
C:Windowssystem32FBAgent.exe (ID 1368 |ParentID 592)
C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe (ID 1392 |ParentID 592)
C:Program FilesATKGFNEXGFNEXSrv.exe (ID 1432 |ParentID 592)
C:WindowsSystem32spoolsv.exe (ID 1528 |ParentID 592)
C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 1592 |ParentID 592)
C:Windowssystem32svchost.exe (ID 1624 |ParentID 592)
C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 1728 |ParentID 592)
C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1764 |ParentID 592)
C:Program FilesBonjourmDNSResponder.exe (ID 1936 |ParentID 592)
C:Windowssystem32svchost.exe (ID 1984 |ParentID 592)
C:WindowsSysWOW64svchost.exe (ID 2012 |ParentID 592)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 2040 |ParentID 592)
C:Program Filesma-config.comMaConfigAgent.exe (ID 1644 |ParentID 592)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe (ID 432 |ParentID 592)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe (ID 2056 |ParentID 592)
C:WindowsSystem32svchost.exe (ID 2076 |ParentID 592)
C:WindowsSystem32svchost.exe (ID 2164 |ParentID 592)
C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID 2204 |ParentID 592)
C:Windowssystem32svchost.exe (ID 2308 |ParentID 592)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2384 |ParentID 592)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2724 |ParentID 2384)
C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 3048 |ParentID 1728)
C:Windowssystem32svchost.exe (ID 3588 |ParentID 592)
C:Windowssystem32svchost.exe (ID 3712 |ParentID 592)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe (ID 3676 |ParentID 2056)
C:Windowssystem32Dwm.exe (ID 1828 |ParentID 1012)
C:Windowssystem32taskhost.exe (ID 2524 |ParentID 592)
C:WindowsExplorer.EXE (ID 3868 |ParentID 3768)
C:Program Files (x86)ASUSATK HotkeyHControl.exe (ID 3616 |ParentID 1392)
C:Windowssystem32taskeng.exe (ID 1584 |ParentID 144)
C:Windowssystem32wbemwmiprvse.exe (ID 3512 |ParentID 724)
C:Program Files (x86)ASUSASUS Live UpdateALU.exe (ID 3692 |ParentID 1584)
C:Program Files (x86)ASUSSplendidACMON.exe (ID 1044 |ParentID 1584)
C:Program Files (x86)ASUSSmartLogonsensorsrv.exe (ID 2808 |ParentID 1584)
C:Program FilesP4GBatteryLife.exe (ID 3816 |ParentID 1584)
C:Program Files (x86)ASUSControlDeckControlDeckStartUp.exe (ID 3420 |ParentID 1584)
C:Program Files (x86)ASUSATK HotkeyATKOSD.exe (ID 3976 |ParentID 3616)
C:WindowsSysWOW64ACEngSvr.exe (ID 3268 |ParentID 724)
C:Program Files (x86)ASUSATK HotkeyWDC.exe (ID 3436 |ParentID 3616)
C:Program FilesElantechETDCtrl.exe (ID 452 |ParentID 3868)
C:Program Files (x86)ASUSASUS WebStorageSERVICEAsusWSService.exe (ID 3404 |ParentID 3868)
C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe (ID 3972 |ParentID 3868)
C:WindowsSystem32wscript.exe (ID 3960 |ParentID 3868)
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe (ID 4012 |ParentID 3868)
C:Program FilesSRS LabsSRS Premium Sound Control PanelSRSPremiumPanel_64.exe (ID 3480 |ParentID 3868)
C:Windowssystem32wbemwmiprvse.exe (ID 3652 |ParentID 724)
C:Program Files (x86)ASUSATK HotkeyHControlUser.exe (ID 4000 |ParentID 3096)
C:Program Files (x86)ASUSATK MediaDMedia.exe (ID 2444 |ParentID 3096)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2336 |ParentID 1188)
C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe (ID 3628 |ParentID 3096)
C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe (ID 3640 |ParentID 3096)
C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 3856 |ParentID 3096)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 3768 |ParentID 3096)
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 1572 |ParentID 3096)
C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe (ID 2980 |ParentID 3096)
C:Program Files (x86)iTunesiTunesHelper.exe (ID 560 |ParentID 3096)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 4208 |ParentID 2336)
C:Program FilesiPodbiniPodService.exe (ID 4908 |ParentID 592)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 660 |ParentID 592)
C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe (ID 4364 |ParentID 4012)
C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe (ID 4100 |ParentID 724)
C:windowsIntel(TM)7z.exe (ID 4576 |ParentID 4556)
C:WindowsAsScrPro.exe (ID 4712 |ParentID 1368)
C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe (ID 4528 |ParentID 724)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 5080 |ParentID 1368)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 4168 |ParentID 592)
C:Program Files (x86)Microsoft OfficeOffice12WINWORD.EXE (ID 5488 |ParentID 3868)
C:Windowssplwow64.exe (ID 5656 |ParentID 5488)
C:Program Files (x86)MicrosoftOffice LiveOfficeLiveSignIn.exe (ID 5800 |ParentID 724)
C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe (ID 3820 |ParentID 3768)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5228 |ParentID 3868)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3356 |ParentID 5228)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 748 |ParentID 5228)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4812 |ParentID 5228)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4588 |ParentID 5228)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5612 |ParentID 5228)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5848 |ParentID 5228)
C:WindowsSystem32svchost.exe (ID 5296 |ParentID 592)
C:Windowssystem32WUDFHost.exe (ID 4552 |ParentID 1012)
C:UsbFixGo.exe (ID 4124 |ParentID 5888)

################## | Regedit Run |

HKLMSOFTWARE | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWARE | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [Intel(TM)7z] – “C:windowsIntel(TM)7z.exe”
HKLMSOFTWAREwow6432Node | Run : [UpdatePSTShortCut] – “C:Program Files (x86)CyberlinkDVD SuiteMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberlinkDVD Suite” UpdateWithCreateOnce “SoftwareCyberLinkPowerStarter”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK HotkeyHControlUser.exe
HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK MediaDMedia.exe
HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATKOSD2ATKOSD2.exe
HKLMSOFTWAREwow6432Node | Run : [NUSB3MON] – “C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWAREwow6432Node | Run : [Setwallpaper] – c:programdataSetWallpaper.cmd
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [Intel(TM)7z] – “C:windowsIntel(TM)7z.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-2351134466-4085927225-1477360203-1000SOFTWARE | Run : [Facebook Update] – “C:UsersAlhanAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-2351134466-4085927225-1477360203-1000SOFTWARE | Run : [A7KGEquN] – wscript.exe //B “C:UsersAlhanAppDataLocalTempA7KGEquN.vbs”

################## | Éléments infectieux |

Présent! G:A7KGEquN.vbs
Présent! C:UsersAlhanAppDataLocalTempA7KGEquN.vbs
Présent! C:UsersAlhanAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupA7KGEquN.vbs
Présent! G:Autorun.inf.lnk
Présent! G:P04-1708.lnk
Présent! C:UsersPublic9eimmD.vbe
Présent! C:UsersPublic9stiemD.VBE
Présent! C:UsersPublicIntel(R)Graph.exe
Présent! C:UsersAlhanAppDataLocalTempiiiii9.hta

################## | Registre |

Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|A7KGEquN
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|A7KGEquN
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|A7KGEquN
Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableRegistryTools

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |