Répondre à : infection usb 2016-09-08T13:14:45+00:00
Photo du profil de kemindarkemindar
Participant
Nombre d'articles : 5

bonjour et merci pour l’aide[spoiler:o73p3omh]############################## | UsbFix V 7.147 | [Suppression]

Utilisateur: BOUKAR (Administrateur) # BOUKAR-PC
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 17:56:17 | 08/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: eMachines (eMachines E727 )
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
RAM -> [Total : 1978 | Free : 1147]
Bios: eMachines
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Bitdefender Antivirus [Enabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 98 Go (68 Go libre(s) – 70%) [] # NTFS
D: -> Disque fixe # 135 Go (72 Go libre(s) – 53%) [Disque local D] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 1017 Mo (654 Mo libre(s) – 64%) [] # FAT32

################## | Référence de comparaison MD5 |

Md5 : 82e9c70e199c1dea0eacaab3009c2ca8 -> G:boube_488_Encrypte.vbs

################## | Processus Stoppés |

Stoppé! C:Program FilesBitdefenderBitdefender 2013vsserv.exe (ID: 864 |ParentID: 560)
Stoppé! C:Program FilesWebrootWRSA.exe (ID: 2492 |ParentID: 1076)
Stoppé! C:Program FilesBitdefenderBitdefender 2013updatesrv.exe (ID: 3088 |ParentID: 560)
Stoppé! C:Program FilesBitdefenderBitdefender SafeBoxsafeboxservice.exe (ID: 3156 |ParentID: 560)
Stoppé! C:Program FilesBitdefenderBitdefender 2013bdagent.exe (ID: 2392 |ParentID: 2804)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 5944 |ParentID: 744)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1924 |ParentID: 560)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4644 |ParentID: 560)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3420 |ParentID: 560)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 5044 |ParentID: 560)
Stoppé! C:WindowsExplorer.exe (ID: 5680 |ParentID: 2892)
Stoppé! C:Program FilesWebrootWRSA.exe (ID: 740 |ParentID: 560)
Stoppé! C:Windowssystem32taskeng.exe (ID: 1612 |ParentID: 1420)
Stoppé! C:Program FilesGoogleUpdateGoogleUpdate.exe (ID: 828 |ParentID: 1612)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5904 |ParentID: 1364)
Stoppé! C:Program FilesGoogleUpdateGoogleUpdate.exe (ID: 3300 |ParentID: 560)

################## | Regedit Run |

HKLMSOFTWARE | Run : [WRSVC] – “C:Program FilesWebrootWRSA.exe” -ul
HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
HKLMSOFTWARE | Run : [Airtel_Niger Wave ModemListener] – C:Program FilesAirtel Mobile InternetBackgroundServiceModemListener.exe start
HKLMSOFTWARE | Run : [DivXMediaServer] – C:Program FilesDivXDivX Media ServerDivXMediaServer.exe
HKLMSOFTWARE | Run : [Bdagent] – C:Program FilesBitdefenderBitdefender 2013bdagent.exe
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1058560510-3056961422-3931124200-1000SOFTWARE | Run : [Software Informer] – “C:Program FilesSoftware Informersoftinfo.exe” -autorun
HKUS-1-5-21-1058560510-3056961422-3931124200-1000SOFTWARE | Run : [ultracopier] – “C:Program FilesSupercopiersupercopier.exe”
HKUS-1-5-21-1058560510-3056961422-3931124200-1000SOFTWARE | Run : [IDMan] – C:Program FilesInternet Download ManagerIDMan.exe /onboot
HKUS-1-5-21-1058560510-3056961422-3931124200-1000SOFTWARE | Run : [Advanced SystemCare 7] – “C:Program FilesIObitAdvanced SystemCare 7ASCTray.exe” /Auto
HKUS-1-5-18SOFTWARE | Run : [Bitdefender Wallet Agent] – “C:Program FilesBitdefenderBitdefenderpmbxag.exe”
HKUS-1-5-18SOFTWARE | Run : [Bitdefender Wallet] – “C:Program FilesBitdefenderBitdefenderpwdmanui.exe” –hidden –nowizard
HKUS-1-5-18SOFTWARE | Run : [Bitdefender Agent de l'application Wallet] – “C:Program FilesBitdefenderBitdefenderbdapppassmgr.exe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! G:Autorun.inf.lnk
Supprimé! G:PDFMatePDFConverterPro171.lnk
Supprimé! G:calibre-1.lnk
Supprimé! G:NAV-TW-21.lnk
Supprimé! G:Norton_Removal_Tool.lnk
Supprimé! G:OODiskImage6ProfessionalEnu.lnk
Supprimé! G:Setup.lnk
Supprimé! G:tenorshare-pdf-converter-trial.lnk
Supprimé! G:usbfix.lnk
Supprimé! G:utorrent.lnk
Supprimé! G:bitdefender_tsecurity.lnk
Supprimé! G:HardDriveInspector419.lnk
Supprimé! G:ExtPortFor.lnk
Supprimé! G:ExtPortCel.lnk

(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |

Supprimé! Md5 : 82E9C70E199C1DEA0EACAAB3009C2CA8 -> G:boube_488_Encrypte.vbs

################## | Registre |

################## | Listing |

[01/11/2013 – 16:40:30 | SHD ] C:$Recycle.Bin
[27/10/2013 – 19:15:29 | D ] C:AllMySongs Database
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[07/11/2013 – 21:09:28 | N | 1808] C:bdlog.txt
[07/11/2013 – 19:33:12 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[08/11/2013 – 07:41:28 | ASH | 1555537920] C:hiberfil.sys
[26/10/2013 – 14:52:16 | D ] C:Intel
[07/09/2012 – 16:23:50 | RHD ] C:MSOCache
[07/09/2013 – 21:28:14 | D ] C:OEM
[08/11/2013 – 07:41:31 | ASH | 2074054656] C:pagefile.sys
[09/10/2013 – 10:13:08 | D ] C:PDFToWordConverter
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[08/11/2013 – 07:41:27 | D ] C:Program Files
[07/11/2013 – 19:37:23 | HD ] C:ProgramData
[01/11/2013 – 16:39:30 | SHD ] C:Recovery
[03/11/2013 – 16:44:52 | SHD ] C:System Volume Information
[08/11/2013 – 17:57:25 | D ] C:UsbFix
[08/11/2013 – 17:51:49 | N | 10776] C:UsbFix [Clean 13] BOUKAR-PC.txt
[08/11/2013 – 17:59:28 | A | 6494] C:UsbFix [Clean 14] BOUKAR-PC.txt
[07/11/2013 – 13:45:19 | N | 9875] C:UsbFix [Clean 9] BOUKAR-PC.txt
[07/11/2013 – 20:55:14 | N | 9067] C:UsbFix [Scan 1] BOUKAR-PC.txt
[01/11/2013 – 16:40:19 | RD ] C:Users
[07/11/2013 – 12:49:04 | D ] C:Windows
[01/11/2013 – 16:40:30 | SHD ] D:$RECYCLE.BIN
[06/11/2013 – 17:10:11 | D ] D:calibre
[01/11/2013 – 10:23:42 | D ] D:Documents
[04/11/2013 – 17:11:49 | D ] D:Dossier Telechargement
[07/11/2013 – 20:31:34 | D ] D:Downloads
[06/11/2013 – 10:00:23 | D ] D:Drivers Backup
[17/10/2013 – 11:24:50 | D ] D:Firefox
[05/11/2013 – 13:06:34 | D ] D:hacks
[06/11/2013 – 11:18:51 | D ] D:iSkysoft
[26/11/2012 – 08:23:03 | N | 528] D:MediaID.bin
[01/11/2013 – 09:53:58 | D ] D:MLO 2010 – French
[05/08/2013 – 09:13:21 | N | 79] D:Nouveau document texte.txt
[01/11/2013 – 10:31:09 | D ] D:pdfm
[18/08/2013 – 19:53:15 | D ] D:restaureg5
[09/09/2013 – 09:55:30 | D ] D:Réciteurs Coran
[25/10/2013 – 17:44:44 | N | 76157] D:SUIVI AIRTEL & ORANGE MONEY.xlsx
[01/11/2013 – 15:30:12 | SHD ] D:System Volume Information
[09/10/2013 – 14:25:46 | D ] D:telechargements
[09/09/2013 – 09:55:11 | D ] D:Ubuntu
[04/11/2013 – 17:16:09 | D ] D:utorrent
[30/10/2013 – 11:51:36 | N | 46876485] G:PDFMatePDFConverterPro171.zip
[28/10/2013 – 16:38:16 | N | 53259776] G:calibre-1.8.0.msi
[01/11/2013 – 09:28:56 | N | 218966928] G:NAV-TW-21.1.0-EN-US.exe
[27/10/2013 – 13:23:24 | N | 869456] G:Norton_Removal_Tool.exe
[30/10/2013 – 13:15:08 | N | 24103680] G:OODiskImage6ProfessionalEnu.exe
[27/10/2013 – 13:21:36 | N | 549376] G:Setup.exe
[27/10/2013 – 18:06:58 | N | 12687719] G:tenorshare-pdf-converter-trial.exe
[31/10/2013 – 17:23:52 | N | 1176238] G:usbfix.exe
[28/10/2013 – 10:12:36 | N | 1272656] G:utorrent.exe
[01/11/2013 – 09:50:46 | N | 7159160] G:bitdefender_tsecurity.exe
[01/11/2013 – 19:04:54 | SHD ] G:Autorun.inf
[04/11/2013 – 11:24:18 | N | 9800594] G:HardDriveInspector419.zip
[07/11/2013 – 17:56:40 | N | 1743075] G:ExtPortFor.Txt
[07/11/2013 – 17:57:58 | N | 1482915] G:ExtPortCel.Txt

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:o73p3omh]