Infection W32.Mabezat.B

Bonjour,
Je viens de consulter le site pour une infection au virus W32.Mabezat.B, j'ai exécuté la premiere etape de résolution du probléme avec usbfix et voici le rapport d'analyse:


############################# | UsbFix V6.075 |

User : coin (Users) # SERVER
Update on 19/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16.31.48 | 21/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : Norton 360 3.0.0.134 [ Enabled | Updated ]
FW : Norton 360[ Enabled ]3.0.0.134

A:\ -> Disco floppy, 3,5 pollici
C:\ -> Disco rigido locale # 33,91 Go (8,48 Go free) # NTFS
D:\ -> Disco rigido locale # 33,91 Go (744,73 Mo free) [Dati] # NTFS
E:\ -> Disco CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 1164
C:\WINDOWS\system32\csrss.exe 1216
C:\WINDOWS\system32\winlogon.exe 1248
C:\WINDOWS\system32\services.exe 1292
C:\WINDOWS\system32\lsass.exe 1304
C:\WINDOWS\system32\svchost.exe 1444
C:\WINDOWS\system32\svchost.exe 1504
C:\WINDOWS\System32\svchost.exe 1548
C:\WINDOWS\system32\svchost.exe 1604
C:\WINDOWS\System32\svchost.exe 1816
C:\WINDOWS\System32\svchost.exe 1852
C:\WINDOWS\system32\spoolsv.exe 268
C:\WINDOWS\System32\svchost.exe 340
C:\PROGRA~1\Iomega\System32\AppServices.exe 420
C:\Programmi\Java\jre6\bin\jqs.exe 436
C:\Programmi\Norton 360\Engine\3.5.2.11\ccSvcHst.exe 468
C:\WINDOWS\System32\nvsvc32.exe 740
c:\ora817\BIN\TNSLSNR.exe 788
c:\ora817\bin\ORACLE.EXE 124
C:\WINDOWS\system32\HPZipm12.exe 572
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe 492
C:\WINDOWS\System32\svchost.exe 640
C:\WINDOWS\System32\TSIRCSRV.EXE 700
C:\Programmi\Iomega\AutoDisk\ADService.exe 1584
C:\WINDOWS\System32\alg.exe 2332
C:\Programmi\Norton 360\Engine\3.5.2.11\ccSvcHst.exe 3376
C:\WINDOWS\Explorer.EXE 3524
C:\WINDOWS\vsnp325.exe 3856
C:\WINDOWS\System32\svchost.exe 864
C:\Programmi\Opera\opera.exe 1040
C:\WINDOWS\system32\wbem\wmiprvse.exe 2432

################## | Elements infectieux |

C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\autorun.ini
C:\WINDOWS\System32\nansy.jpg
C:\Documents and Settings\coin\Desktop\files Autoroute M'Saken Sfax\divers\ROBOT\ARCHE\CRACK.exe
D:\Documents and Settings\coin\Desktop\files\divers\ROBOT\ARCHE\CRACK.exe
D:\Partition NTFS r‚cup‚r‚e1\Documents and Settings\Propri‚taire\Mes documents\logiciel\dico\cordial 2005 pro\Keygen\keygen.exe
C:\hifdmgt.com
D:\hifdmgt.com

################## | Registre |

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FrameWorkService"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "FrameWorkService"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Pubnet"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"
[HKLM\SOFTWARE\Classes\CLSID\MADOWN]
[HKCR\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1}]
[HKCR\CLSID\MADOWN]
[HKLM\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
[HKLM\software\microsoft\shared tools\msconfig\startupreg\FrameWorkService]
[HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]
[HKLM\SYSTEM\ControlSet001\Services\AVPsys]
[HKLM\SYSTEM\ControlSet003\Services\AVPsys]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{046e2ee7-3306-11de-be45-00110a000339}
Shell\AutoRun\command =G:\j.cmd
Shell\open\Command =G:\j.cmd

HKCU\..\..\Explorer\MountPoints2\{046e2ee8-3306-11de-be45-00110a000339}
Shell\AutoRun\command =H:\j.cmd
Shell\open\Command =H:\j.cmd

HKCU\..\..\Explorer\MountPoints2\{2ea50cc6-3976-11da-b8ca-00110a000339}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{35afd068-a1f5-11da-b96c-00110a000339}
Shell\AutoRun\command =1.exe

HKCU\..\..\Explorer\MountPoints2\{39cc2adf-b89e-11de-befe-000e2ec19f2c}
Shell\AutoRun\command =22yj2fy1.exe
Shell\open\Command =22yj2fy1.exe

HKCU\..\..\Explorer\MountPoints2\{4a5afb32-b21f-11dd-bda3-00110a000339}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs

HKCU\..\..\Explorer\MountPoints2\{5978a44d-bc2f-11db-baf5-00110a000339}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{5c1a6644-cbcc-11db-bb1b-00110a000339}
Shell\Auto\command =F:\Cn911.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

HKCU\..\..\Explorer\MountPoints2\{698dbd18-c096-11da-b9ac-00110a000339}
Shell\AutoRun\command =1.exe

HKCU\..\..\Explorer\MountPoints2\{6a702928-f082-11de-bf64-000e2ec19f2c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe

HKCU\..\..\Explorer\MountPoints2\{73ffb14c-5747-11de-be5e-00110a000339}
Shell\AutoRun\command =F:\0w.com
Shell\explore\Command =F:\0w.com
Shell\open\Command =F:\0w.com

HKCU\..\..\Explorer\MountPoints2\{7ba946c1-a612-11db-bad4-00110a000339}
Shell\AutoRun\command =1.exe

HKCU\..\..\Explorer\MountPoints2\{82084832-0290-11df-bf7e-000e2ec19f2c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BoAbUd.EXE

HKCU\..\..\Explorer\MountPoints2\{86a2b3d2-0517-11dc-bb6b-00110a000339}
Shell\Auto\command =F:\Cn911.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

HKCU\..\..\Explorer\MountPoints2\{a19d2c3c-cb83-11da-b9b9-00110a000339}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{b29fd9a9-ef5a-11dc-bca7-00110a000339}
Shell\Auto\command =Cn911.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

HKCU\..\..\Explorer\MountPoints2\{cf39be3c-58e0-11da-b8f1-00110a000339}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{d031d1c4-514c-11dc-bbce-00110a000339}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

HKCU\..\..\Explorer\MountPoints2\{d858f6d2-fc72-11da-ba02-00110a000339}
Shell\AutoRun\command =1.exe

HKCU\..\..\Explorer\MountPoints2\{d8e30b02-616d-11de-be6a-00110a000339}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe

HKCU\..\..\Explorer\MountPoints2\{e9474a05-f767-11dd-bdff-00110a000339}
Shell\AUtOpLay\COMmand =F:\ghrv.exe
Shell\AutoRun\command =F:\ghrv.exe
Shell\Explore\ComMand =F:\ghrv.exe
Shell\OpEn\COMmand =F:\ghrv.exe

HKCU\..\..\Explorer\MountPoints2\{f13f9da8-3e56-11de-be4b-00110a000339}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe

################## | ! Fin du rapport # UsbFix V6.075 ! |

Est ce que je dois éxécuter la deuxieme option de résolution du probléme

Merci de votre aide