alphaz76
Participant
Nombre d'articles : 3

Voici la réponse,
Tout fonctionne bien, les fichiers apparaissent normalement sauf qu’en connectant ma clé usb à un autre ordinateur, le problème s’est reproduit. J’ai donc effectué la manipulation de nouveau mais en ne connectant pas ma clé à autre ordinateur. Le problème sur les fichiers ne s’est pas reproduit.

Je pense que l’infection vient de cet ordinateur. Quelles sont les solutions pour résoudre ce problème?

Merci pour le coup de main !!!
[spoiler:1cl45aev]############################## | UsbFix V 7.143 | [Suppression]

Utilisateur: SILLY (Administrateur) # PC-SILLY
Mis à jour le 05/10/2013 par El Desaparecido – Team SosVirus
Lancé à 10:04:03 | 08/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (X301A1)
CPU: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
RAM -> [Total : 3982 | Free : 1430]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16688

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 186 Go (140 Go libre(s) – 75%) [OS] # NTFS
D: -> Disque fixe # 258 Go (254 Go libre(s) – 98%) [Data] # NTFS
E: -> Disque amovible # 4 Go (106 Mo libre(s) – 3%) [] # FAT32
F: -> Disque amovible # 7 Go (878 Mo libre(s) – 12%) [USB SILLY] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe /S
HKLMSOFTWARE | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe /S
HKLMSOFTWAREwow6432Node | Run : [mcui_exe] – “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-2566191483-477399686-1909292678-1001SOFTWARE | Run : [gka37TCr] – wscript.exe //B “C:UsersSILLYAppDataLocalTempgka37TCr.vbs”
HKUS-1-5-21-2566191483-477399686-1909292678-1001SOFTWARE | Run : [BrowserChoice] – “C:WindowsBrowserChoicebrowserchoice.exe” /run

################## | Processus Stoppés |

Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID 1212 |ParentID 700)
Stoppé! C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID 1312 |ParentID 700)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1512 |ParentID 700)
Stoppé! C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe (ID 1736 |ParentID 700)
Stoppé! C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID 1780 |ParentID 700)
Stoppé! C:Windowssystem32dashost.exe (ID 1824 |ParentID 604)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID 1880 |ParentID 700)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID 1944 |ParentID 700)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 1388 |ParentID 700)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID 3708 |ParentID 700)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 3804 |ParentID 700)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 712 |ParentID 700)
Stoppé! C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID 3564 |ParentID 700)
Stoppé! C:Windowssystem32taskhostex.exe (ID 5960 |ParentID 700)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID 5268 |ParentID 1212)
Stoppé! C:Program FilesASUSP4GBatteryLife.exe (ID 3976 |ParentID 700)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID 4712 |ParentID 5268)
Stoppé! C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID 540 |ParentID 424)
Stoppé! C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID 2960 |ParentID 3324)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 2896 |ParentID 3232)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 1600 |ParentID 3232)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 4824 |ParentID 3232)
Stoppé! C:Program Files (x86)ASUSSplendidACMON.exe (ID 904 |ParentID 3232)
Stoppé! C:WindowsSystem32wscript.exe (ID 3424 |ParentID 3232)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4544 |ParentID 6140)
Stoppé! C:UsersSILLYAppDataRoamingDropboxbinDropbox.exe (ID 5812 |ParentID 3232)
Stoppé! C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe (ID 5528 |ParentID 700)
Stoppé! C:WindowsSysWOW64ACEngSvr.exe (ID 1188 |ParentID 796)
Stoppé! C:Windowssystem32igfxpers.exe (ID 4396 |ParentID 5236)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID 4864 |ParentID 2180)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID 3852 |ParentID 4864)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID 3236 |ParentID 4864)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (ID 2784 |ParentID 4812)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 4764 |ParentID 5280)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 6176 |ParentID 3232)
Stoppé! C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe (ID 7288 |ParentID 1736)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID 9692 |ParentID 11284)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID 9000 |ParentID 9524)
Stoppé! C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe (ID 12660 |ParentID 9000)
Stoppé! C:WindowsSystem32MacromedFlashFlashUtil_ActiveX.exe (ID 8784 |ParentID 796)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 6968 |ParentID 9000)
Stoppé! C:Program FilesMicrosoft OfficeOffice15POWERPNT.EXE (ID 16720 |ParentID 9524)
Stoppé! C:Program FilesMicrosoft OfficeOffice15POWERPNT.EXE (ID 6312 |ParentID 16720)
Stoppé! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (ID 12788 |ParentID 9692)
Stoppé! C:WindowsSysWOW64ctfmon.exe (ID 3168 |ParentID 4544)
Stoppé! C:Windowssystem32DllHost.exe (ID 12664 |ParentID 796)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 13684 |ParentID 9000)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 2060 |ParentID 604)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 16904 |ParentID 700)

################## | Éléments infectieux |

Supprimé! E:gka37TCr.vbs
Supprimé! F:gka37TCr.vbs
Supprimé! C:UsersSILLYAppDataLocalTempgka37TCr.vbs
Supprimé! C:UsersSILLYAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupgka37TCr.vbs
Supprimé! E:Blackberry.lnk
Supprimé! E:audiobooks.lnk
Supprimé! E:camera.lnk
Supprimé! E:documents.lnk
Supprimé! E:music.lnk
Supprimé! E:pictures.lnk
Supprimé! E:podcasts.lnk
Supprimé! E:ringtones.lnk
Supprimé! E:videos.lnk
Supprimé! E:voicenotes.lnk
Supprimé! E:app_world.lnk
Supprimé! F:.lnk
Supprimé! F:.Trashes.lnk
Supprimé! F:.Spotlight-V100.lnk
Supprimé! F:.fseventsd.lnk
Supprimé! F:TOUT.lnk
Supprimé! F:ASUS.lnk
Supprimé! F:System Volume Information.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! F:Contrat -Reconnaissance Dette.lnk
Supprimé! F:Reconnaissance_de_dette.lnk
Supprimé! F:Facture.lnk
Supprimé! F:Facture 13-01.lnk
Supprimé! C:ProgramDataSetStretch.VBS

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|gka37TCr
Supprimé! HKCU….ExplorerMountPoints2{c87767e8-2166-11e3-be73-74d02b77e0d8}

################## | Listing |

[06/10/2013 – 17:55:09 | SHD ] C:$Recycle.Bin
[19/09/2013 – 23:10:06 | D ] C:$WINDOWS.~BT
[27/11/2012 – 15:00:09 | SHD ] C:Boot
[26/07/2012 – 05:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 16:30:55 | N | 1] C:BOOTNXT
[01/10/2013 – 14:43:53 | SHD ] C:Config.Msi
[26/07/2012 – 09:22:08 | SHD ] C:Documents and Settings
[22/05/2013 – 08:24:08 | D ] C:eSupport
[01/10/2013 – 14:43:56 | ASH | 3340075008] C:hiberfil.sys
[22/05/2013 – 08:07:58 | D ] C:Intel
[19/09/2013 – 23:22:00 | RHD ] C:MSOCache
[06/10/2013 – 17:52:17 | ASH | 2043043840] C:pagefile.sys
[26/07/2012 – 09:33:46 | HD ] C:PerfLogs
[01/10/2013 – 14:45:03 | D ] C:Program Files
[01/10/2013 – 14:49:10 | D ] C:Program Files (x86)
[08/10/2013 – 10:10:49 | HD ] C:ProgramData
[19/09/2013 – 22:05:24 | D ] C:sources
[01/10/2013 – 14:43:56 | ASH | 268435456] C:swapfile.sys
[07/10/2013 – 16:33:27 | SHD ] C:System Volume Information
[08/10/2013 – 10:10:53 | D ] C:UsbFix
[08/10/2013 – 10:11:19 | A | 9458] C:UsbFix [Clean 1] PC-SILLY.txt
[07/10/2013 – 16:02:36 | N | 9647] C:UsbFix [Scan 1] PC-SILLY.txt
[20/09/2013 – 00:16:04 | RD ] C:Users
[30/09/2013 – 08:54:22 | D ] C:Windows
[03/12/2012 – 09:12:26 | N | 6293504] C:X301A.BIN
[03/12/2012 – 11:09:34 | N | 6293504] C:X301A1.BIN
[03/12/2012 – 11:10:08 | N | 6293504] C:X401A1.BIN
[03/12/2012 – 14:15:38 | N | 6293504] C:X501A.BIN
[03/12/2012 – 14:15:30 | N | 6293504] C:X501A1.BIN
[20/09/2013 – 00:20:24 | SHD ] D:$RECYCLE.BIN
[05/10/2013 – 19:34:16 | D ] D:bLACKBERRY
[01/10/2013 – 12:46:54 | D ] D:CODES
[07/10/2013 – 11:55:41 | D ] D:HIRA CONSULTING
[25/09/2013 – 15:15:23 | D ] D:Plan Loire
[19/09/2013 – 17:16:51 | SHD ] D:System Volume Information
[05/10/2013 – 20:51:46 | D ] E:Blackberry
[19/01/2012 – 22:05:06 | D ] E:audiobooks
[05/10/2013 – 20:40:42 | D ] E:camera
[05/10/2013 – 20:40:44 | D ] E:documents
[05/10/2013 – 20:46:46 | D ] E:music
[05/10/2013 – 20:47:20 | D ] E:pictures
[25/11/2012 – 02:16:16 | D ] E:podcasts
[19/01/2012 – 22:05:04 | D ] E:ringtones
[05/10/2013 – 20:47:24 | D ] E:videos
[05/10/2013 – 20:47:26 | D ] E:voicenotes
[05/10/2013 – 20:47:26 | D ] E:app_world
[26/08/2013 – 19:11:04 | SH | 4096] F:._.Trashes
[26/08/2013 – 19:11:04 | SHD ] F:.Trashes
[26/08/2013 – 19:11:04 | SHD ] F:.Spotlight-V100
[26/08/2013 – 19:11:04 | D ] F:.fseventsd
[18/09/2013 – 15:10:12 | D ] F:TOUT
[18/09/2013 – 15:10:52 | D ] F:ASUS
[19/09/2013 – 17:39:54 | SHD ] F:System Volume Information
[01/10/2013 – 21:57:32 | D ] F:Contrat -Reconnaissance Dette
[01/10/2013 – 22:43:02 | N | 13054] F:Reconnaissance_de_dette.docx
[01/10/2013 – 23:02:04 | N | 18367] F:Facture.docx
[01/10/2013 – 23:20:28 | N | 23182] F:Facture 13-01.docx

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false;[/spoiler:1cl45aev]