Répondre à : Clé USB infecté 2016-09-08T13:19:02+00:00
Ambre_
Post count: 0

Ahh d’accord Merci :D Est-ce fini n’aurais-plus ce virus ou je dois essayer d’etre plus prudente ? Merci beaucoup pour les conseils :)
[spoiler:w5xwq7n9]############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: user (Administrateur) # AMBRE-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 21:05:05 | 18/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0D8H24)
CPU: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
RAM -> [Total : 3510 | Free : 2530]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Mozilla Firefox : 11.0
WB: Safari : 534.50

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET Smart Security 4.2 [Enabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 233 Go (81 Go libre(s) – 35%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (7 Go libre(s) – 99%) [KINGSTON] # FAT32
F: -> CD-ROM
G: -> Disque amovible # 7 Go (4 Go libre(s) – 59%) [STORE N GO] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesESETESET Smart Securityekrn.exe (ID: 2884 |ParentID: 604)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 6836 |ParentID: 740)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4128 |ParentID: 940)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4196 |ParentID: 940)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5200 |ParentID: 604)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 2416 |ParentID: 604)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 4000 |ParentID: 604)
Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 5656 |ParentID: 4752)
Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 8172 |ParentID: 5472)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 5664 |ParentID: 740)
Stoppé! C:Windowsexplorer.exe (ID: 7340 |ParentID: 4300)
Stoppé! C:Windowssystem32taskhost.exe (ID: 7044 |ParentID: 604)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:Program FilesDellDW WLAN CardWLTRAY.exe
04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesDellTPadApoint.exe
04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
04 – HKLMSOFTWARE | Run : [WavXMgr] – C:Program FilesWave Systems CorpServices ManagerDocmgrbinWavXDocMgr.exe
04 – HKLMSOFTWARE | Run : [USCService] – C:Program FilesDellDell ControlPointSecurity ManagerBcmDeviceAndTaskStatusService.exe
04 – HKLMSOFTWARE | Run : [egui] – “C:Program FilesESETESET Smart Securityegui.exe” /hide /waitservice
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [Acrobat Assistant 8.0] – “C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe”
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [WirelessManager] – C:Program FilesDellDell Mobile Broadband ManagerWirelessManager.exe
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program FilesDAEMON Tools Litedaemon.exe” -autorun
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [USB Safely Remove] – C:Program FilesUSB Safely RemoveUSBSafelyRemove.exe /startup
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [Google Update] – “C:UsersuserAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [OfficeSyncProcess] – “C:Program FilesMicrosoft OfficeOffice14MSOSYNC.EXE”
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [Facebook Update] – “C:UsersuserAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [uTorrent] – “C:Program FilesuTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [MobileDocuments] – C:Program FilesCommon FilesAppleInternet Servicesubd.exe
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [Pando Media Booster] – C:Program FilesPando NetworksMedia BoosterPMB.exe
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [help.vbs] – “C:UsersuserAppDataLocalTemphelp.vbs”
04 – HKUS-1-5-21-2021029097-932641941-3252056027-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersuserAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersuserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuphelp.vbs
Supprimé! C:UsersuserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! E:iTunesHelper.vbe
Supprimé! G:help.vbs
Supprimé! G:iTunesHelper.vbe
Supprimé! G:help.lnk
Supprimé! G:.lnk
Supprimé! G:Glee.lnk
Supprimé! G:The.lnk
Supprimé! G:.Trashes.lnk
Supprimé! G:.Spotlight-V100.lnk
Supprimé! G:A Imprimer.lnk
Supprimé! G:.TemporaryItems.lnk
Supprimé! G:Nouveau dossier.lnk
Supprimé! G:._.Trashes.lnk
Supprimé! G:a;.lnk
Supprimé! G:Nouveau dossier (2).lnk
Supprimé! G:._.TemporaryItems.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:UsersuserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : B560AB0E59274CA4AEA3F6E47B77F320 -> C:UsersuserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuphelp.vbs
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> E:iTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> G:iTunesHelper.vbe
Md5 : B560AB0E59274CA4AEA3F6E47B77F320 -> G:help.vbs
Md5 : B560AB0E59274CA4AEA3F6E47B77F320 -> G:help.vbs

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 1
Supprimé! HKUS-1-5-21-2021029097-932641941-3252056027-1000SoftwareMicrosoftWindowsCurrentVersionRun|help.vbs
Supprimé! HKUS-1-5-21-2021029097-932641941-3252056027-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-2021029097-932641941-3252056027-1000Software….Mountpoints2{b5b4f1e9-0cea-11e3-aa54-1c659dac1a85}

################## | Listing |

[14/02/2011 – 15:59:06 | SHD ] C:$Recycle.Bin
[13/09/2012 – 02:24:46 | D ] C:0ea6d36ff1de4db04
[15/02/2012 – 22:43:05 | D ] C:802dba77efcd7c0d00
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[04/09/2011 – 15:02:48 | SHD ] C:Boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[14/02/2011 – 16:51:50 | RASH | 8192] C:BOOTSECT.BAK
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/02/2011 – 17:47:44 | D ] C:dell
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[15/02/2011 – 14:29:18 | D ] C:drvrtmp
[29/10/2013 – 20:40:21 | D ] C:found.000
[18/11/2013 – 16:33:36 | ASH | 2760241152] C:hiberfil.sys
[14/02/2011 – 17:29:35 | D ] C:Intel
[18/02/2011 – 20:53:24 | RHD ] C:MSOCache
[18/11/2013 – 16:33:39 | ASH | 3680325632] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[10/06/2013 – 18:09:20 | D ] C:Program Files
[23/02/2013 – 14:45:51 | HD ] C:ProgramData
[14/02/2011 – 15:58:51 | SHD ] C:Recovery
[24/01/2013 – 07:52:55 | D ] C:Riot Games
[18/11/2013 – 14:11:57 | SHD ] C:System Volume Information
[18/11/2013 – 21:06:23 | D ] C:UsbFix
[18/11/2013 – 21:06:26 | A | 9394] C:UsbFix [Clean 2] AMBRE-PC.txt
[18/11/2013 – 16:48:54 | N | 15820] C:UsbFix [Scan 1] AMBRE-PC.txt
[18/11/2013 – 17:00:00 | N | 11163] C:UsbFix [Scan 2] AMBRE-PC.txt
[22/01/2012 – 16:35:34 | D ] C:Users
[01/06/2013 – 13:47:58 | D ] C:Windows
[06/10/2013 – 18:40:46 | SH | 4096] G:._.Trashes
[06/10/2013 – 18:40:46 | SHD ] G:.Trashes
[06/10/2013 – 17:36:36 | N | 365097392] G:Glee.S05E02.FASTSUB.VOSTFR.HDTV.XviD-MiND.avi
[06/10/2013 – 18:40:48 | SHD ] G:.Spotlight-V100
[11/11/2013 – 14:23:46 | D ] G:A Imprimer
[06/10/2013 – 18:16:32 | N | 613755429] G:The.Big.Bang.Theory.S07E03.FASTSUB.VOSTFR.720p.HDTV.x264-ADDiCTiON.mkv
[04/11/2013 – 13:51:00 | SHD ] G:.TemporaryItems
[04/11/2013 – 13:51:00 | SH | 4096] G:._.TemporaryItems
[18/11/2013 – 15:31:48 | D ] G:Nouveau dossier
[18/11/2013 – 15:43:16 | D ] G:a;
[18/11/2013 – 15:44:10 | D ] G:Nouveau dossier (2)

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:w5xwq7n9]