Répondre à : Virus transforme fichiers en raccourci et usbfix bloqué 2016-09-08T13:13:34+00:00
Formaldehyyde
Participant
Nombre d'articles : 11

TADAA!

[spoiler:1fpijmq8]############################## | UsbFix V 7.148 | [Deletion]

User: Audrey (Administrator) # AUDREY-HP
Updated 01/11/2013 by El Desaparecido – Team SosVirus
Started at 17:28:11 | 03/11/2013

Website: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (1611)
CPU: AMD E-350 Processor
RAM -> [Total : 3578 | Free : 2131]
Bios: Hewlett-Packard
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: BitDefender Antivirus [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Fixed drive # 447 Gb (208 Mb free – 47%) [] # NTFS
D: -> Fixed drive # 15 Gb (2 Mb free – 10%) [RECOVERY] # NTFS
E: -> Fixed drive # 4 Gb (1 Mb free – 28%) [HP_TOOLS] # FAT32
F: -> Removable drive # 2 Gb (2 Mb free – 97%) [] # FAT

################## | Reference of comparison MD5 |

Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic8i7asystemmD.vbe
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic97asystemD.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9eimmD.vbe
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9emmD.vbe
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9stemD.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublic9stiemD.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublicsysfftem7.VBE
Md5 : b7019418d79d26cef0d0ea8c04a39337 -> C:UsersPublicsystefm34.vbe
Md5 : aed4faf279abf7d7605e81707be3ce64 -> C:UsersAudreyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : bcdef9a6d179f4c587f9b742de82eef0 -> C:UsersAudreyAppDataLocalTempflashmemory.vbe
Md5 : bcdef9a6d179f4c587f9b742de82eef0 -> C:UsersAudreyAppDataLocalTempiTunesHelper.vbe
Md5 : c9b8fa51c889f97dc5c4deb274b1fbf2 -> C:UsersAudreyAppDataLocalTempNj99.vbs
Md5 : DENIED -> F:iTunesHelper.vbe

################## | Stopped processes |

Stopped! C:WindowsExplorer.EXE (ID: 1416 |ParentID: 1408)
Stopped! C:Windowssystem32ctfmon.exe (ID: 1488 |ParentID: 1416)
Stopped! C:Windowssystem32DllHost.exe (ID: 1724 |ParentID: 624)
Stopped! C:UsersAudreyAppDataLocalGoogleChromeApplicationchrome.exe (ID: 348 |ParentID: 1416)
Stopped! C:UsersAudreyAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1632 |ParentID: 348)
Stopped! C:UsersAudreyAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1892 |ParentID: 348)
Stopped! C:WindowsSystem32wscript.exe (ID: 2056 |ParentID: 3236)

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [BTMTrayAgent] – rundll32.exe “C:Program FilesMotorolaBluetoothbtmshell.dll”,TrayApp
HKLMSOFTWARE | Run : [HPQuickWebProxy] – “C:Program FilesHewlett-PackardHP QuickWebhpqwutils.exe”
HKLMSOFTWARE | Run : [HPConnectionManager] – C:Program FilesHewlett-PackardHP Connection ManagerHPCMDelayStart.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program FilesHewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program FilesEasyBits For KidsezRecover.exe
HKLMSOFTWARE | Run : [HPOSD] – C:Program FilesHewlett-PackardHP On Screen DisplayHPOSD.exe
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersAudreyAppDataLocalTempiTunesHelper.vbe”
HKLMSOFTWARE | Run : [Genie TimeLine Tray] – C:Program FilesGenie-SoftGenie TimelineGSTimeLineAgent.exe -auto
HKLMSOFTWARE | Run : [GrooveMonitor] – “C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
HKLMSOFTWARE | Run : [bdruninstaller] – “C:Program FilesCommon FilesBitdefenderSetupInformationdownloadersetuplauncher.exe” /run:”C:Program FilesCommon FilesBitdefenderSetupInformationdownloadersetupdownloader.exe” /args:”/after_restart”
HKLMSOFTWARE | Run : [BitDefender Antiphishing Helper] – “C:Program FilesBitDefenderBitDefender 2011ieshow.exe”
HKLMSOFTWARE | Run : [BDAgent] – “C:Program FilesBitDefenderBitDefender 2011bdagent.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [Google Update] – “C:UsersAudreyAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [Facebook Update] – “C:UsersAudreyAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [LaCie Desktop Manager Startup] – “C:Program FilesLaCieDesktop ManagerLaCieDesktopManagerStatusItem.exe”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [MSa2emHR] – wscript.exe //B “C:UsersAudreyAppDataLocalTempMSa2emHR.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [qAuPnVQM] – wscript.exe //B “C:UsersAudreyAppDataLocalTempqAuPnVQM.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [LU86st0c] – wscript.exe //B “C:UsersAudreyAppDataLocalTempLU86st0c.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [G9zxsaPJ] – wscript.exe //B “C:UsersAudreyAppDataLocalTempG9zxsaPJ.vbs”
HKUS-1-5-21-1190468337-140412576-3729368624-1002SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersAudreyAppDataLocalTempiTunesHelper.vbe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Generic Research |

Deleted ! F:iTunesHelper.vbe
Deleted ! C:UsersAudreyAppDataLocalTempiTunesHelper.vbe
Deleted ! C:UsersAudreyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Deleted ! F:Autorun.inf.lnk
Deleted ! F:BitDefender.lnk
Deleted ! F:Usbfix.lnk
Deleted ! C:UsersPublic8i7asystemmD.vbe
Deleted ! C:UsersPublic97asystemD.VBE
Deleted ! C:UsersPublic9eimmD.vbe
Deleted ! C:UsersPublic9emmD.vbe
Deleted ! C:UsersPublic9stemD.VBE
Deleted ! C:UsersPublic9stiemD.VBE
Deleted ! C:UsersPublicsysfftem7.VBE
Deleted ! C:UsersPublicsystefm34.vbe
Deleted ! C:UsersPublic9iaD12_Loading.zip
Deleted ! C:UsersPublicD7_Loading.zip
Deleted ! C:UsersAudreyAppDataLocalTempIntel(R)s7.exe.tmp
Deleted ! C:UsersAudreyAppDataLocalTempMusiques.pif
Deleted ! C:UsersAudreyAppDataLocalTemputt19CA.tmp.exe
Deleted ! C:UsersAudreyAppDataLocalTemputtA558.tmp.exe
Deleted ! C:UsersAudreyAppDataLocalTemputtEDD3.tmp.exe
Deleted ! C:UsersAudreyAppDataLocalTempflashmemory.vbe
Deleted ! C:UsersAudreyAppDataLocalTempNj99.vbs
Deleted ! C:UsersAudreyAppDataLocalTemp1477.hta
Deleted ! C:UsersAudreyAppDataLocalTemp7777i.hta
Deleted ! C:UsersAudreyAppDataLocalTemp77u.hta
Deleted ! C:UsersAudreyAppDataLocalTemp97.hta
Deleted ! C:UsersAudreyAppDataLocalTempDC7.hta
Deleted ! C:UsersAudreyAppDataLocalTempdcyyt.hta
Deleted ! C:UsersAudreyAppDataLocalTempddddddddddd.hta
Deleted ! C:UsersAudreyAppDataLocalTempHY.hta
Deleted ! C:UsersAudreyAppDataLocalTempiiiii9.hta
Deleted ! C:UsersAudreyAppDataLocalTempiiiiiiiiiiiiz7.hta
Deleted ! C:UsersAudreyAppDataLocalTempsssssssssi.hta
Deleted ! C:UsersAudreyAppDataLocalTempzzzz7.hta
Deleted ! C:UsersAudreyAppDataLocalTempzzzzzzzzzzzz5.hta
Deleted ! D:desktop.ini

(!) Temporary files deleted.

################## | Comparison MD5 |

################## | Registry |

Deleted ! HKUS-1-5-21-1190468337-140412576-3729368624-1002SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Deleted ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[23/10/2011 – 15:00:29 | SHD ] C:$Recycle.Bin
[02/11/2013 – 15:47:21 | D ] C:AdwCleaner
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[01/11/2013 – 07:10:24 | D ] C:Backup_2013-10-31 221024
[03/11/2013 – 03:21:15 | N | 5299] C:bdlog.txt
[23/04/2011 – 03:54:33 | SHD ] C:boot
[20/11/2010 – 22:29:06 | RASH | 383786] C:bootmgr
[02/10/2013 – 20:53:53 | N | 3408] C:bootsqm.dat
[02/11/2013 – 14:37:26 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[12/11/2011 – 15:44:40 | D ] C:extensions
[03/11/2013 – 16:29:32 | ASH | 2813775872] C:hiberfil.sys
[25/06/2011 – 20:25:54 | D ] C:HP
[13/11/2011 – 17:24:45 | RHD ] C:MSOCache
[03/11/2013 – 16:29:38 | ASH | 3751702528] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[02/11/2013 – 16:42:45 | N | 0] C:PhysicalDisk0_MBR.bin
[02/11/2013 – 16:12:05 | D ] C:Program Files
[02/11/2013 – 15:46:09 | HD ] C:ProgramData
[23/10/2011 – 14:46:22 | SHD ] C:Recovery
[01/11/2013 – 14:10:53 | D ] C:rsit
[24/04/2012 – 12:04:08 | D ] C:SphinxME
[27/11/2012 – 21:19:40 | D ] C:SWSetup
[02/11/2013 – 11:30:08 | SHD ] C:System Volume Information
[23/10/2011 – 14:46:28 | D ] C:SYSTEM.SAV
[03/11/2013 – 17:36:59 | D ] C:UsbFix
[03/11/2013 – 17:40:24 | A | 10294] C:UsbFix [Clean 1] AUDREY-HP.txt
[03/11/2013 – 16:52:44 | N | 11000] C:UsbFix [Scan 1] AUDREY-HP.txt
[23/10/2011 – 14:44:31 | RD ] C:Users
[01/11/2013 – 18:59:33 | D ] C:Windows
[01/11/2013 – 07:10:36 | D ] C:_Exception1
[23/10/2011 – 15:00:29 | SHD ] D:$RECYCLE.BIN
[23/10/2011 – 15:00:23 | RASHD ] D:boot
[14/07/2009 – 19:39:00 | RASH | 383562] D:bootmgr
[23/10/2011 – 15:00:23 | D ] D:FactoryUpdate
[23/10/2011 – 15:00:23 | D ] D:hp
[06/02/2012 – 21:17:17 | N | 19] D:HPSF_Rep.txt
[05/11/2012 – 14:02:46 | N | 8] D:HP_WSD.dat
[23/10/2011 – 15:00:23 | RSHD ] D:preload
[17/01/2013 – 18:54:39 | RSD ] D:recovery
[23/10/2011 – 15:00:23 | D ] D:RM_Reserve
[30/12/2012 – 19:01:01 | SHD ] D:System Volume Information
[05/11/2012 – 14:02:48 | N | 8] E:HP_WSD.dat
[25/06/2011 – 21:07:50 | D ] E:Hewlett-Packard
[25/06/2011 – 21:34:28 | SHD ] E:$RECYCLE.BIN
[06/02/2012 – 21:17:18 | N | 19] E:HPSF_Rep.txt
[01/11/2013 – 18:06:50 | SHD ] F:Autorun.inf
[01/11/2013 – 18:07:54 | D ] F:BitDefender
[01/11/2013 – 18:08:50 | D ] F:Usbfix

################## | Vaccin |

F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1fpijmq8]