Répondre à : Infection par trojan clicker asx et vbs agent worm 2016-09-08T13:11:32+00:00
sasori
Participant
Nombre d'articles : 21

Merci beaucoup H.A.W.X de ton aide, :content:

voilà le rapport de usbfix (ça a mis du temps, mais le voilà ^^ )

Spoiler for 1s8bv9mg

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Administrateur (Administrateur) # P6000
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 17:31:40 | 26/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: MICRO-STAR INTERNATIONAL CO., LTD (MS-6577)
CPU: Intel(R) Celeron(R) CPU 2.00GHz
RAM -> [Total : 767 | Free : 200]
Bios: Phoenix Technologies, LTD
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 30 Go (8 Go libre(s) – 28%) [] # NTFS
D: -> CD-ROM
E: -> CD-ROM
F: -> Disque fixe # 19 Go (8 Go libre(s) – 43%) [VOL1] # NTFS
G: -> Disque fixe # 7 Go (6 Go libre(s) – 99%) [] # NTFS
I: -> Disque amovible # 2 Go (1 Go libre(s) – 70%) [] # FAT

################## | Regedit Run |

HKLMSOFTWARE | Run : [MSC] – “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
HKLMSOFTWARE | Run : [COMODO Internet Security] – C:Program FilesCOMODOCOMODO Internet Securitycistray.exe
HKLMSOFTWARE | RunOnce : [] –

################## | Processus Stoppés |

Stoppé! C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 4036 |ParentID 528)
Stoppé! C:WINDOWSsystem32spoolsv.exe (ID 3408 |ParentID 528)
Stoppé! C:WINDOWSExplorer.exe (ID 2884 |ParentID 3028)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 2528 |ParentID 2884)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 444 |ParentID 2528)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 2740 |ParentID 2528)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 3116 |ParentID 2528)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 3644 |ParentID 2528)
Stoppé! C:WINDOWSsystem32NOTEPAD.EXE (ID 1972 |ParentID 2884)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID 1148 |ParentID 2528)

################## | Éléments infectieux |

Supprimé! I:LECLERC.lnk
Supprimé! I:divers.lnk
Supprimé! I:.Trashes.lnk
Supprimé! I:Recycled.lnk
Supprimé! I:MAILS GAGNANTS.lnk
Supprimé! I:MESCONURS.lnk
Supprimé! I:COMMANDES.lnk
Supprimé! I:br.lnk
Supprimé! I:lr.lnk
Supprimé! I:DC-2421116.lnk
Supprimé! I:A IMPRIMER FACTURE AUCHAN 502027078.lnk
Supprimé! I:bons de reduction modif.lnk
Supprimé! I:securite sociale.lnk
Supprimé! I:.fseventsd.lnk
Supprimé! I:.Spotlight-V100.lnk
Supprimé! I:BR.lnk
Supprimé! I:BUSINESS PM BONCOIN.lnk
Supprimé! I:A FAIRE PM.lnk
Supprimé! I:BONS DE COMMANDE DRIVE.lnk
Supprimé! I:MAILS GAGNANTS 2013.lnk
Supprimé! I:Autorun.inf.lnk
Supprimé! I:MAIL GAGNANTS.lnk
Supprimé! I:VOYAGES COREE 052009.lnk
Supprimé! I:DOSSIER PAPIERS.lnk
Supprimé! I:POUR BB A IMPRIMER.lnk
Supprimé! I:a faire e commerce.lnk
Supprimé! I:IMPOTS DOC.lnk
Supprimé! I:FACTURES ODR N.lnk
Supprimé! I:PRISE EN CHARGE OPTIQUE.lnk
Supprimé! I:BONS REDUCTION A IMPRIMER.lnk
Supprimé! I:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[09/07/2013 – 06:00:33 | D ] C:a93bf98fa1084aad38fa
[25/10/2013 – 17:08:14 | D ] C:AdwCleaner
[07/09/2005 – 18:06:02 | N | 0] C:AUTOEXEC.BAT
[26/10/2013 – 16:40:56 | RASHD ] C:Autorun.inf
[21/09/2013 – 00:08:26 | N | 212] C:boot.ini
[05/08/2004 – 14:00:00 | N | 4952] C:Bootfont.bin
[21/12/2006 – 15:34:14 | N | 398] C:chater.log
[19/10/2013 – 00:29:48 | HD ] C:Config.Msi
[07/09/2005 – 18:06:02 | N | 0] C:CONFIG.SYS
[21/02/2013 – 23:09:24 | N | 0] C:DBS.TXT
[09/07/2013 – 22:56:48 | D ] C:Documents and Settings
[09/09/2005 – 16:25:36 | N | 4096] C:gvpcfg.bin
[07/09/2005 – 18:06:02 | N | 0] C:IO.SYS
[31/01/2006 – 14:35:59 | N | 1108] C:MKDEMSG.LOG
[31/01/2006 – 14:29:16 | N | 1024] C:MKDEWE.TRN
[07/09/2005 – 18:06:02 | N | 0] C:MSDOS.SYS
[05/08/2004 – 14:00:00 | N | 47564] C:NTDETECT.COM
[06/10/2008 – 10:02:19 | N | 252240] C:ntldr
[25/10/2013 – 17:10:04 | ASH | 1205862400] C:pagefile.sys
[22/09/2013 – 13:40:10 | D ] C:photo
[26/10/2013 – 15:27:15 | D ] C:Program Files
[26/01/2013 – 15:42:01 | D ] C:QUARANTINE
[02/03/2007 – 15:05:20 | SHD ] C:RECYCLER
[01/09/2013 – 16:13:41 | | 21724] C:Report 2013-09-01 16.08.21.txt
[06/09/2013 – 16:02:20 | | 16875] C:Report 2013-09-06 15.59.01.txt
[21/10/2013 – 16:53:50 | | 6524] C:Report 2013-10-21 16.52.42.txt
[21/10/2013 – 17:45:47 | | 17427] C:Report 2013-10-21 17.42.54.txt
[24/10/2013 – 13:27:32 | | 16984] C:Report 2013-10-24 13.26.27.txt
[26/10/2013 – 15:01:12 | | 17697] C:Report 2013-10-26 14.57.29.txt
[26/10/2013 – 00:46:52 | SHD ] C:System Volume Information
[28/01/2013 – 01:40:34 | D ] C:Temp
[21/11/2006 – 19:59:40 | N | 0] C:uniq
[26/10/2013 – 18:03:19 | D ] C:UsbFix
[21/10/2013 – 17:39:31 | | 8436] C:UsbFix [Clean 1] P6000.txt
[22/10/2013 – 13:35:55 | | 7055] C:UsbFix [Clean 2] P6000.txt
[25/10/2013 – 15:37:21 | | 7234] C:UsbFix [Clean 3] P6000.txt
[26/10/2013 – 16:33:21 | | 6493] C:UsbFix [Clean 4] P6000.txt
[26/10/2013 – 18:22:43 | A | 5560] C:UsbFix [Clean 5] P6000.txt
[21/10/2013 – 17:19:59 | | 5640] C:UsbFix [Scan 1] P6000.txt
[22/10/2013 – 13:10:16 | | 2841] C:UsbFix [Scan 2] P6000.txt
[25/10/2013 – 15:06:36 | | 3198] C:UsbFix [Scan 3] P6000.txt
[26/10/2013 – 17:27:58 | | 4550] C:UsbFix [Scan 4] P6000.txt
[09/09/2005 – 16:25:36 | N | 25165824] C:VIRTPART.DAT
[17/08/2013 – 18:25:52 | D ] C:VTRoot
[26/10/2013 – 14:04:41 | D ] C:WINDOWS
[11/06/2010 – 16:23:51 | N | 8306] C:winzip.log
[09/06/2013 – 00:19:40 | D ] C:Zic
[26/10/2013 – 16:41:01 | RASHD ] F:Autorun.inf
[28/01/2013 – 01:59:29 | D ] F:HotFixInstaller
[22/08/2009 – 03:10:37 | D ] F:i386
[26/06/2010 – 19:00:20 | D ] F:NDP20SP2-KB976576
[29/01/2013 – 14:16:59 | D ] F:Nouveau dossier
[20/07/2013 – 11:57:12 | D ] F:Program Files
[02/03/2007 – 15:11:55 | SHD ] F:RECYCLER
[28/10/2008 – 15:45:05 | D ] F:spuninst
[26/10/2013 – 00:46:53 | SHD ] F:System Volume Information
[20/10/2013 – 00:28:54 | D ] F:Téléchargements
[26/10/2013 – 16:41:02 | RASHD ] G:Autorun.inf
[28/01/2013 – 18:22:36 | SHD ] G:RECYCLER
[26/10/2013 – 00:46:53 | SHD ] G:System Volume Information
[30/09/2013 – 23:17:47 | RASH | 2344024] G:Thumbs.db
[14/04/2013 – 14:38:28 | N | 3094] I:LECLERC.txt
[10/03/2013 – 15:40:18 | D ] I:b modif
[11/12/2011 – 16:46:02 | D ] I:securite sociale
[22/11/2011 – 16:01:44 | SHD ] I:.Trashes
[22/11/2011 – 16:01:44 | D ] I:.fseventsd
[24/05/2013 – 18:19:18 | D ] I:Recycled
[21/11/2011 – 18:20:42 | D ] I:COMMANDES
[22/11/2011 – 16:01:46 | SHD ] I:.Spotlight-V100
[15/09/2013 – 15:48:06 | D ] I:BONS R
[17/07/2013 – 10:52:18 | D ] I:BUSINESS
[17/07/2013 – 18:45:04 | D ] I:A FAIRE PM
[10/03/2013 – 15:39:34 | D ] I:BONS DE COMMANDE DRIVE
[08/05/2013 – 00:34:46 | D ] I:MAILS GAGNANTS 2013
[26/10/2013 – 16:41:06 | RASHD ] I:Autorun.inf
[04/06/2013 – 22:28:44 | D ] I:divers
[11/05/2013 – 00:55:00 | N | 404] I:MAILS GAGNANTS.txt
[08/05/2013 – 00:50:04 | D ] I:MAIL GAGNANTS SANS CODE
[14/12/2009 – 23:26:40 | D ] I:VOYAGES COREE 052009
[24/05/2013 – 20:16:50 | N | 58865] I:MES CS.txt
[26/05/2013 – 23:22:26 | N | 25914] I:bons reduction.txt
[24/03/2013 – 22:37:34 | D ] I:DOSSIER PAPIERS AVOCAT CONTRE ESCROC
[23/07/2013 – 22:12:32 | D ] I:POUR BB A IMPRIMER
[17/07/2013 – 18:49:02 | D ] I:a faire e commerce
[12/05/2013 – 14:17:12 | N | 11189] I:lr.txt
[23/07/2013 – 22:14:08 | D ] I:IMPOTS DOC
[23/07/2013 – 22:13:30 | D ] I:FACTURES ODR CHAT POUR ROYAL CANIN
[17/09/2013 – 14:56:38 | N | 969971] I:DC-2421116.pdf
[27/07/2013 – 14:13:34 | N | 37058] I:A IMPRIMER.pdf
[07/12/2011 – 18:27:44 | D ] I:PRISE EN CHARGE OPTIQUE
[28/05/2013 – 23:12:44 | D ] I:B A IMPRIMER

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1s8bv9mg]