Répondre à : infection usb 2016-09-08T13:15:57+00:00
ana
Nombre d'articles : 0

Super ! Merci beaucoup…
Je veux bien de l’aide pour voir si mon pc n’est pas infecté…quand j’ai vu que ma clé usb avait un souci j’ai fais un scan avec avast et malwarebytes qui ne trouvent rien, mais bon, on ne sait jamais !

Voici le rapport :

Spoiler for h0rhxp8l

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Anaïs (Administrateur) # ANA
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 11:16:45 | 10/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Pentium(R) CPU B980 @ 2.40GHz
RAM -> [Total : 3973 | Free : 2156]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.0215.0
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 436 Go (332 Go libre(s) – 76%) [] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [PUBLIC] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1332 |ParentID: 800)
Stoppé! C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1444 |ParentID: 800)
Stoppé! C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 14140 |ParentID: 16148)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 8752 |ParentID: 800)
Stoppé! C:Windowsexplorer.exe (ID: 10828 |ParentID: 23184)
Stoppé! C:Windowssystem32DllHost.exe (ID: 8280 |ParentID: 900)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 12080 |ParentID: 800)
Stoppé! C:Program Files (x86)SonyVAIO Control CenterVESMgr.exe (ID: 11992 |ParentID: 800)
Stoppé! C:Program Files (x86)SonyVAIO Control CenterVESMgrSub.exe (ID: 13084 |ParentID: 11992)
Stoppé! C:Program Files (x86)SonyVAIO Control CenterVESMgrSub.exe (ID: 18172 |ParentID: 11992)
Stoppé! C:WindowsSysWOW64DllHost.exe (ID: 9376 |ParentID: 900)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 12580 |ParentID: 800)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 12760 |ParentID: 800)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 21292 |ParentID: 10828)
Stoppé! C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 22008 |ParentID: 800)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweLiveComm.exe (ID: 8800 |ParentID: 900)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 22824 |ParentID: 900)
Stoppé! C:Program Files (x86)OpenOffice.org 3programswriter.exe (ID: 23560 |ParentID: 12488)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 12844 |ParentID: 23560)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 15268 |ParentID: 12844)
Stoppé! C:Windowssplwow64.exe (ID: 23904 |ParentID: 15268)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 21364 |ParentID: 21292)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 2884 |ParentID: 21364)
Stoppé! C:Windowssystem32taskhost.exe (ID: 25616 |ParentID: 800)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
04 – HKLMSOFTWARE | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “c:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “c:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Intel AppUp(SM) center] – “C:Program Files (x86)IntelIntelAppStorebinismagent.exe” –domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-2335262312-3982579292-4274114522-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-2335262312-3982579292-4274114522-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersANAS~1AppDataLocalTempiTunesHelper.vbe”

################## | Recherche générique |

Supprimé! C:UsersANAS~1AppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersAnaïsAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! F:CV (anglais).lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersAnaïsAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:UsersANAS~1AppDataLocalTempiTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> F:iTunesHelper.vbe

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-2335262312-3982579292-4274114522-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-2335262312-3982579292-4274114522-1001Software….Mountpoints2{a6c87121-334d-11e3-be8c-a41731cb865a}
Supprimé! HKUS-1-5-21-2335262312-3982579292-4274114522-1001Software….Mountpoints2{b274fc5f-1aeb-11e3-be89-a41731cb865a}

################## | Listing |

[06/06/2013 – 00:10:09 | SHD ] C:$Recycle.Bin
[06/06/2013 – 13:48:50 | D ] C:$SysReset
[10/11/2013 – 11:07:43 | N | 94] C:.~lock.UsbFix [Scan 1] ANA.txt#
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
[03/11/2013 – 13:18:40 | SHD ] C:Config.Msi
[22/06/2013 – 00:00:35 | D ] C:Documentation
[26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
[12/11/2012 – 15:41:28 | N | 122842] C:firecore.log
[16/08/2013 – 23:50:38 | D ] C:found.000
[28/10/2013 – 20:40:51 | ASH | 3333021696] C:hiberfil.sys
[12/11/2012 – 15:01:44 | D ] C:Intel
[07/11/2013 – 01:10:19 | ASH | 1423220736] C:pagefile.sys
[26/07/2012 – 08:33:46 | D ] C:PerfLogs
[11/09/2013 – 15:20:50 | D ] C:Program Files
[07/11/2013 – 16:52:38 | D ] C:Program Files (x86)
[11/09/2013 – 15:20:34 | HD ] C:ProgramData
[12/11/2012 – 15:07:14 | N | 2227] C:RHDSetup.log
[22/03/2013 – 10:44:32 | D ] C:Sounds
[12/11/2012 – 14:52:27 | D ] C:sources
[28/10/2013 – 20:41:40 | ASH | 268435456] C:swapfile.sys
[09/11/2013 – 19:01:53 | SHD ] C:System Volume Information
[03/11/2013 – 13:18:45 | D ] C:Update
[10/11/2013 – 11:23:13 | D ] C:UsbFix
[10/11/2013 – 11:23:24 | A | 7561] C:UsbFix [Clean 2] ANA.txt
[10/11/2013 – 11:07:27 | N | 10129] C:UsbFix [Scan 1] ANA.txt
[05/06/2013 – 23:56:01 | RD ] C:Users
[17/10/2013 – 00:19:20 | D ] C:Windows
[06/06/2013 – 14:21:08 | D ] C:Windows.old
[07/08/2013 – 13:36:20 | N | 21504] F:CV (anglais).doc

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:h0rhxp8l]