Répondre à : virus clé usb 2016-09-08T13:24:44+00:00
tfaaon
Participant
Post count: 11

déjà, merci pour votre réponse ultra rapide. J’ai fait la suppression via USBfix.

[spoiler:2jklgnsp]############################## | UsbFix V 7.153 | [Suppression]

Utilisateur: PC (Administrateur) # PC-6995EE6C811F
Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
Lancé à 16:31:46 | 11/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (30C0)
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
RAM -> [Total : 2039 | Free : 1517]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 26.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 49 Go (19 Go libre(s) – 39%) [] # NTFS
D: -> Disque fixe # 63 Go (58 Go libre(s) – 92%) [] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 4 Go (336 Mo libre(s) – 9%) [MINI SDCARD] # FAT32
H: -> Disque fixe # 466 Go (323 Go libre(s) – 69%) [Disque Dur Antoine] # NTFS
I: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [ADUPREZ KEY] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1832 |ParentID: 788)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 1256 |ParentID: 764)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 1928 |ParentID: 788)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 2532 |ParentID: 1928)
Stoppé! C:WINDOWSsystem32dllhost.exe (ID: 2484 |ParentID: 788)
Stoppé! C:WINDOWSsystem32spoolsv.exe (ID: 2012 |ParentID: 788)
Stoppé! C:Program FilesSpybot – Search & Destroy 2SDFSSvc.exe (ID: 2516 |ParentID: 788)
Stoppé! C:Program FilesSpybot – Search & Destroy 2SDUpdSvc.exe (ID: 3956 |ParentID: 788)
Stoppé! C:WINDOWSExplorer.exe (ID: 2160 |ParentID: 992)
Stoppé! C:WINDOWSsystem32ctfmon.exe (ID: 1396 |ParentID: 640)
Stoppé! C:WINDOWSsystem32wscntfy.exe (ID: 848 |ParentID: 1144)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:WINDOWSsystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:WINDOWSsystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:WINDOWSsystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [flashmemory] – wscript.exe //B “C:DOCUME~1PCLOCALS~1Tempflashmemory.vbe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWARE | RunOnce : [Malwarebytes Anti-Malware] – C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe /install /silent
04 – HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-21-1177238915-1417001333-16420491-1003SOFTWARE | Run : [ctfmon.exe] – C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-21-1177238915-1417001333-16420491-1003SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program FilesDAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-1177238915-1417001333-16420491-1003SOFTWARE | Run : [flashmemory] – wscript.exe //B “C:DOCUME~1PCLOCALS~1Tempflashmemory.vbe”
04 – HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Recherche générique |

Supprimé! C:DOCUME~1PCLOCALS~1Tempflashmemory.vbe
Supprimé! C:Documents and SettingsPCMenu DémarrerProgrammesDémarrageflashmemory.vbe
Supprimé! G:flashmemory.vbe
Supprimé! I:flashmemory.vbe
Supprimé! D:install.exe
Supprimé! G:.lnk
Supprimé! G:pmp_usb.lnk
Supprimé! G:system.lnk
Supprimé! G:Images.lnk
Supprimé! G:Private.lnk
Supprimé! G:Sounds.lnk
Supprimé! G:Games.lnk
Supprimé! G:Installs.lnk
Supprimé! G:Others.lnk
Supprimé! G:Videos.lnk
Supprimé! G:Music.lnk
Supprimé! G:.Trashes.lnk
Supprimé! G:.Spotlight-V100.lnk
Supprimé! G:Recycled.lnk
Supprimé! C:DOCUME~1PCLOCALS~1Tempavgnt.exe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 84AC7437BCDAA82C1D2C918409ABFD3B -> C:Documents and SettingsPCMenu DémarrerProgrammesDémarrageflashmemory.vbe
Md5 : 84AC7437BCDAA82C1D2C918409ABFD3B -> C:DOCUME~1PCLOCALS~1Tempflashmemory.vbe
Md5 : E09ED2D509D5C40DCF39E095D0397DD5 -> G:flashmemory.vbe
Md5 : 84AC7437BCDAA82C1D2C918409ABFD3B -> I:flashmemory.vbe

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

Supprimé! HKLMSoftwareflashmemory
Supprimé! HKUS-1-5-21-1177238915-1417001333-16420491-1003SoftwareMicrosoftWindowsCurrentVersionRun|flashmemory
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|flashmemory

################## | Listing |

[11/12/2013 – 15:15:13 | N | 6 Ko] – C:UsbFix [Scan 1] PC-6995EE6C811F.txt
[11/12/2013 – 15:17:27 | N | 6 Ko] – C:UsbFix [Listing 1] PC-6995EE6C811F.txt
[11/12/2013 – 15:29:14 | N | 6 Ko] – C:UsbFix [Scan 2] PC-6995EE6C811F.txt
[11/12/2013 – 16:48:29 | A | 5 Ko] – C:UsbFix [Clean 2] PC-6995EE6C811F.txt
[16/05/2012 – 10:58:48 | N | 0 Ko] – C:CONFIG.SYS
[16/05/2012 – 10:58:48 | N | 0 Ko] – C:MSDOS.SYS
[16/05/2012 – 10:58:48 | N | 0 Ko] – C:IO.SYS
[11/12/2013 – 14:53:13 | ASH | 3145728 Ko] – C:pagefile.sys
[11/12/2013 – 14:12:47 | D] – C:Config.Msi
[16/05/2012 – 14:20:01 | N | 253 Ko] – C:intel_chipset.log
[16/05/2012 – 14:43:37 | N | 0 Ko] – C:hpqlb.log
[16/05/2012 – 10:52:56 | ASH | 0 Ko] – C:boot.ini
[14/04/2008 – 18:00:00 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] – C:NTDETECT.COM
[14/04/2008 – 18:00:00 | N | 5 Ko] – C:Bootfont.bin
[11/12/2013 – 16:10:48 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[16/05/2012 – 10:58:48 | A | 0 Ko] – C:AUTOEXEC.BAT
[14/04/2008 – 18:00:00 | RASH | 246 Ko] – C:ntldr
[16/05/2012 – 11:03:07 | SHD] – C:System Volume Information
[16/05/2012 – 11:03:48 | D] – C:Documents and Settings
[16/05/2012 – 14:20:32 | D] – C:Intel
[14/02/2013 – 19:29:46 | RHD] – C:MSOCache
[08/04/2013 – 10:41:41 | D] – C:Output
[15/04/2013 – 20:46:11 | D] – C:SWSetup
[11/12/2013 – 14:54:42 | D] – C:WINDOWS
[11/12/2013 – 16:05:00 | D] – C:Program Files
[11/12/2013 – 16:37:37 | D] – C:UsbFix
[11/12/2013 – 16:48:25 | SHD] – C:RECYCLER
[07/11/2007 – 08:00:40 | N | 0 Ko] – D:eula.1041.txt
[07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1028.txt
[07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1031.txt
[07/11/2007 – 08:00:40 | N | 10 Ko] – D:eula.1033.txt
[07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1036.txt
[07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1040.txt
[07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.2052.txt
[07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1042.txt
[07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.3082.txt
[11/12/2013 – 14:53:13 | ASH | 3145728 Ko] – D:pagefile.sys
[07/11/2007 – 08:12:28 | N | 228 Ko] – D:VC_RED.MSI
[07/11/2007 – 08:00:40 | N | 1 Ko] – D:install.ini
[07/11/2007 – 08:00:40 | N | 1 Ko] – D:globdata.ini
[11/12/2013 – 15:29:12 | RASHD] – D:Autorun.inf
[07/11/2007 – 08:03:18 | N | 94 Ko] – D:install.res.1031.dll
[07/11/2007 – 08:03:18 | N | 95 Ko] – D:install.res.1036.dll
[07/11/2007 – 08:03:18 | N | 93 Ko] – D:install.res.1040.dll
[07/11/2007 – 08:03:18 | N | 80 Ko] – D:install.res.1041.dll
[07/11/2007 – 08:03:18 | N | 78 Ko] – D:install.res.1042.dll
[07/11/2007 – 08:03:18 | N | 74 Ko] – D:install.res.2052.dll
[07/11/2007 – 08:03:18 | N | 94 Ko] – D:install.res.3082.dll
[07/11/2007 – 08:03:18 | N | 75 Ko] – D:install.res.1028.dll
[07/11/2007 – 08:03:18 | N | 89 Ko] – D:install.res.1033.dll
[07/11/2007 – 08:09:22 | N | 1409 Ko] – D:VC_RED.cab
[07/11/2007 – 08:00:40 | N | 6 Ko] – D:vcredist.bmp
[06/02/2013 – 21:56:49 | SHD] – D:RECYCLER
[08/12/2013 – 02:15:54 | D] – D:Program Files
[11/12/2013 – 15:09:39 | SHD] – D:System Volume Information
[22/08/2011 – 15:29:20 | SHD] – G:.Trashes
[22/08/2011 – 15:29:20 | N | 4 Ko] – G:._.Trashes
[22/08/2011 – 15:29:22 | D] – G:.Spotlight-V100
[10/11/2011 – 18:33:48 | N | 0 Ko] – G:pmp_usb.ini
[11/12/2013 – 15:29:14 | RASHD] – G:Autorun.inf
[31/10/2010 – 11:57:20 | D] – G:Sounds
[31/10/2010 – 11:57:46 | D] – G:Images
[31/10/2010 – 23:34:26 | D] – G:Music
[29/03/2012 – 22:50:34 | N | 0 Ko] – G:qf
[13/11/2012 – 23:33:12 | SHD] – G:system
[27/03/2013 – 14:17:20 | D] – G:Games
[21/09/2013 – 19:46:48 | D] – G:Recycled
[24/11/2013 – 23:56:26 | D] – G:Private
[25/11/2013 – 02:13:22 | D] – G:Others
[25/11/2013 – 02:13:22 | D] – G:Videos
[25/11/2013 – 02:13:22 | D] – G:Installs
[06/12/2011 – 21:58:18 | N | 0 Ko] – H:pmp_usb.ini
[11/12/2013 – 15:29:13 | RASHD] – H:Autorun.inf
[30/12/2012 – 23:38:32 | SHD] – H:$RECYCLE.BIN
[24/12/2011 – 15:48:59 | D] – H:EB-16.12.2011
[11/02/2011 – 15:46:11 | D] – H:Kaamelott
[17/02/2011 – 20:19:02 | D] – H:Playlists
[16/04/2011 – 10:50:40 | D] – H:Photos famille Duprez
[23/05/2012 – 15:06:21 | D] – H:Sauvegarde PC Dell
[20/02/2013 – 16:59:36 | SHD] – H:System Volume Information
[27/02/2013 – 11:07:48 | SHD] – H:RECYCLER
[06/11/2013 – 15:46:06 | D] – H:Logiciel utiles et autres
[06/12/2013 – 22:49:23 | D] – H:Musique Antoine
[11/12/2013 – 15:29:14 | RASHD] – I:Autorun.inf

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2jklgnsp]