Répondre à : Virus qui transforme les fichiers et dossiers en raccoursi 2016-09-08T13:23:20+00:00
imbelhassen
Participant
Nombre d'articles : 5

salut, voici le rapport

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: M.B.P.K (Administrateur) # MBPK-PC
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 19:58:31 | 04/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (024DTD)
CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
RAM -> [Total : 2999 | Free : 1857]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 27.0.1453.110
WB: Mozilla Firefox : 23.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes’ Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 98 Go (7 Go libre(s) – 7%) [] # NTFS
D: -> Disque fixe # 368 Go (6 Go libre(s) – 2%) [] # NTFS
E: -> CD-ROM
G: -> CD-ROM
H: -> Disque amovible # 4 Go (4 Go libre(s) – 99%) [MBPK] # NTFS
I: -> Disque amovible # 8 Go (8 Go libre(s) – 100%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesDellDW WLAN CardWLTRYSVC.EXE (ID: 1288 |ParentID: 456)
Stoppé! C:Program FilesDellDW WLAN Cardbcmwltry.exe (ID: 1320 |ParentID: 1288)
Stoppé! C:Windowssystem32WLANExt.exe (ID: 1336 |ParentID: 836)
Stoppé! C:Windowssystem32conhost.exe (ID: 1348 |ParentID: 340)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1488 |ParentID: 456)
Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1544 |ParentID: 456)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 1704 |ParentID: 456)
Stoppé! C:Program FilesAskPartnerNetworkToolbarapnmcp.exe (ID: 1760 |ParentID: 456)
Stoppé! c:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 1788 |ParentID: 456)
Stoppé! C:Program FilesDefaultTabDefaultTabSearch.exe (ID: 1824 |ParentID: 456)
Stoppé! C:UsersM.B.P.KAppDataRoamingDefaultTabDefaultTabDTUpdate.exe (ID: 1860 |ParentID: 456)
Stoppé! C:Program FilesYuna SoftwareMessenger Plus! for SkypeMsgPlusForSkypeService.exe (ID: 1936 |ParentID: 456)
Stoppé! C:Program FilesDiVaptonupdateDiVapton.exe (ID: 296 |ParentID: 456)
Stoppé! C:WindowsExplorer.EXE (ID: 2136 |ParentID: 364)
Stoppé! C:Windowssystem32taskhost.exe (ID: 2164 |ParentID: 456)
Stoppé! C:Program FilesDiVaptonbinutilDiVapton.exe (ID: 2344 |ParentID: 456)
Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe (ID: 2436 |ParentID: 456)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2568 |ParentID: 456)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2720 |ParentID: 2568)
Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.1.2loggingserver.exe (ID: 2872 |ParentID: 2436)
Stoppé! C:Windowssystem32conhost.exe (ID: 2880 |ParentID: 340)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2960 |ParentID: 912)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 3072 |ParentID: 1704)
Stoppé! C:Program FilesHide My IPHideMyIpSrv.exe (ID: 3280 |ParentID: 456)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 4064 |ParentID: 584)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 1528 |ParentID: 836)
Stoppé! C:Program FilesDellDW WLAN CardWLTRAY.EXE (ID: 4208 |ParentID: 2136)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 4220 |ParentID: 2136)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 4228 |ParentID: 2136)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 4272 |ParentID: 2136)
Stoppé! C:Program FilesDellTPadApoint.exe (ID: 4300 |ParentID: 2136)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 4364 |ParentID: 2136)
Stoppé! C:UsersM.B.P.KAppDataLocalFilesFrog Update Checkerupdate_checker.exe (ID: 4396 |ParentID: 2960)
Stoppé! C:Program FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe (ID: 4440 |ParentID: 2136)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID: 4576 |ParentID: 2136)
Stoppé! C:Program FilesuTorrentuTorrent.exe (ID: 4600 |ParentID: 2136)
Stoppé! C:UsersM.B.P.KAppDataLocalSmartbarApplicationSmartbar.exe (ID: 4608 |ParentID: 2136)
Stoppé! C:WindowsSystem32wscript.exe (ID: 4636 |ParentID: 2136)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 4644 |ParentID: 2136)
Stoppé! C:Program FilesEla-SalatySalaty.exe (ID: 4652 |ParentID: 2136)
Stoppé! C:Program FilesYuna SoftwareMessenger Plus! for SkypeMessenger Plus! for Skype.exe (ID: 4920 |ParentID: 1936)
Stoppé! C:Program FilesDellTPadApMsgFwd.exe (ID: 5048 |ParentID: 4300)
Stoppé! C:Program FilesDellTPadHidFind.exe (ID: 5140 |ParentID: 4300)
Stoppé! C:Program FilesDellTPadApntex.exe (ID: 5192 |ParentID: 5132)
Stoppé! C:Windowssystem32conhost.exe (ID: 5324 |ParentID: 416)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5708 |ParentID: 456)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4428 |ParentID: 456)
Stoppé! c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID: 4552 |ParentID: 584)
Stoppé! c:Program FilesWIDCOMMBluetooth SoftwareBluetooth Headset Helper.exe (ID: 1748 |ParentID: 4644)
Stoppé! C:Windowssystem32wuauclt.exe (ID: 6584 |ParentID: 912)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:Program FilesDellDW WLAN CardWLTRAY.exe
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesDellTPadApoint.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [MessengerPlusForSkypeService] – “C:Program FilesYuna SoftwareMessenger Plus! for SkypeMsgPlusForSkypeService.exe”
04 – HKLMSOFTWARE | Run : [ApnTBMon] – “C:Program FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3081505728-2598319419-1924830722-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-3081505728-2598319419-1924830722-1000SOFTWARE | Run : [ccleaner] – “C:Program FilesCCleanerCCleaner.exe” /AUTO
04 – HKUS-1-5-21-3081505728-2598319419-1924830722-1000SOFTWARE | Run : [uTorrent] – “C:Program FilesuTorrentuTorrent.exe” /MINIMIZED
04 – HKUS-1-5-21-3081505728-2598319419-1924830722-1000SOFTWARE | Run : [Browser Infrastructure Helper] – C:UsersM.B.P.KAppDataLocalSmartbarApplicationSmartbar.exe startup
04 – HKUS-1-5-21-3081505728-2598319419-1924830722-1000SOFTWARE | Run : [winlog] – wscript.exe //B “C:UsersM.B.P.KAppDataRoamingwinlog.vbs”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersM.B.P.KAppDataRoamingwinlog.vbs
Supprimé! C:UsersM.B.P.KAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwinlog.vbs
Supprimé! H:winlog.vbs
Supprimé! I:winlog.vbs
Supprimé! H:Nouveau dossier.lnk
Supprimé! C:UsersM.B.P.KAppDataRoamingLogs.dat
Supprimé! C:UsersMBP~1.KAppDataLocalTempavgnt.exe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UsersM.B.P.KAppDataRoamingwinlog.vbs
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UsersM.B.P.KAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwinlog.vbs
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> H:winlog.vbs
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> I:winlog.vbs
Md5 : 3C389536216B305FAA58A666F3EDF2C4 -> C:UsersM.B.P.KAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwinlog.vbs

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 1
Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyMusic -> 1
Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyPics -> 1
Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowPrinters -> 1
Supprimé! HKUS-1-5-21-3081505728-2598319419-1924830722-1000SoftwareMicrosoftWindowsCurrentVersionRun|winlog
Supprimé! HKUS-1-5-21-3081505728-2598319419-1924830722-1000Software….Mountpoints2{6847f95f-45f8-11e3-9cbf-642737cf7e52}

################## | Listing |

[07/09/2013 – 17:31:18 | SHD ] C:$Recycle.Bin
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[07/01/2013 – 12:05:25 | D ] C:Dell
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[04/12/2013 – 16:41:46 | ASH | 2358259712] C:hiberfil.sys
[07/01/2013 – 13:07:27 | D ] C:Intel
[11/01/2013 – 19:30:58 | N | 0] C:IO.SYS
[11/01/2013 – 19:30:58 | N | 0] C:MSDOS.SYS
[07/01/2013 – 18:37:38 | RHD ] C:MSOCache
[04/12/2013 – 16:41:53 | ASH | 3144347648] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[03/12/2013 – 22:29:07 | D ] C:Program Files
[03/12/2013 – 22:29:09 | HD ] C:ProgramData
[07/01/2013 – 12:02:33 | SHD ] C:Recovery
[02/09/2013 – 13:31:51 | D ] C:Spacekace
[04/12/2013 – 17:29:47 | SHD ] C:System Volume Information
[04/12/2013 – 20:03:07 | D ] C:UsbFix
[04/12/2013 – 20:03:08 | A | 10199] C:UsbFix [Clean 1] MBPK-PC.txt
[26/03/2013 – 02:00:55 | N | 41] C:user.js
[13/08/2013 – 16:37:24 | RD ] C:Users
[04/12/2013 – 16:44:38 | D ] C:Windows
[07/01/2013 – 12:02:58 | SHD ] D:$RECYCLE.BIN
[15/10/2013 – 09:12:01 | N | 4294755806] D:20131015_083832.mp4
[15/10/2013 – 09:24:30 | N | 1461616689] D:20131015_091306.mp4
[28/07/2013 – 17:35:02 | D ] D:A DOCUMENT
[28/06/2011 – 09:09:12 | N | 6504003] D:AAA.mp4
[08/01/2013 – 21:06:56 | D ] D:Catia R19
[06/07/2013 – 18:24:36 | D ] D:Divers
[30/11/2013 – 20:11:57 | D ] D:Downloads
[24/11/2013 – 14:09:11 | D ] D:M.B.P.K
[05/11/2013 – 16:25:59 | D ] D:Marketing
[31/10/2013 – 12:59:59 | D ] D:Media
[10/01/2013 – 12:10:57 | D ] D:Mes Sites Web
[06/01/2013 – 16:17:55 | SHD ] D:System Volume Information
[16/03/2013 – 08:19:19 | D ] D:WING CHUN
[28/03/2013 – 18:01:36 | D ] D:Z Windows 7
[02/12/2013 – 21:51:48 | D ] H:Nouveau dossier

################## | Vaccin |

H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |