- dim. 1 juin 2014 23:53#152930
############################## | UsbFix V 7.171 | [Nettoyage]
Utilisateur: loic (Administrateur) # SIMONPA0-HP
Mis à jour le 18/05/2014 par El Desaparecido - SosVirus
Lancé à 23:38:10 | 01/06/2014
Site Web :
Changelog :
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact :
PC: Foxconn (2ABF)
CPU: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
RAM -> [Total : 4077 Mo| Free : 1734 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Google Chrome : 23.0.1271.97
WB: Mozilla Firefox : 29.0.1
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | (!) Outdated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%SystemDrive%) -> Disque fixe # 454 Go (359 Go libre(s) - 79%) [OS] # NTFS
D:\ -> Disque fixe # 12 Go (1 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 77%) [STORE N GO] # FAT32
################## | Processus Stoppés |
C:\Windows\System32\atiesrxx.exe (ID: 936|ParentID: 636)
C:\Windows\System32\atieclxx.exe (ID: 1296|ParentID: 936|Système)
C:\Windows\System32\taskeng.exe (ID: 1528|ParentID: 764|Système)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1700|ParentID: 636|Système)
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (ID: 1924|ParentID: 636|Système)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 1104|ParentID: 636|Système)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1596|ParentID: 636|Système)
C:\Windows\SysWOW64\PnkBstrA.exe (ID: 1364|ParentID: 636|Système)
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (ID: 1688|ParentID: 636|Système)
C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (ID: 496|ParentID: 636|Système)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2304|ParentID: 636|Système)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2384|ParentID: 636|Système)
C:\Windows\System32\taskhost.exe (ID: 2716|ParentID: 636|loic)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID: 3116|ParentID: 1528|Système)
C:\Windows\explorer.exe (ID: 3208|ParentID: 3184|loic)
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ID: 3752|ParentID: 636|Système)
C:\Windows\System32\SearchIndexer.exe (ID: 3816|ParentID: 636|Système)
C:\Windows\System32\rundll32.exe (ID: 3836|ParentID: 804|loic)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (ID: 4448|ParentID: 3208|loic)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4460|ParentID: 3208|loic)
C:\Program Files (x86)\Steam\Steam.exe (ID: 4548|ParentID: 3208|loic)
C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (ID: 4564|ParentID: 3208|loic)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 4952|ParentID: 3208|loic)
C:\Program Files (x86)\Razer\Core\RazerCore.exe (ID: 4980|ParentID: 3208|loic)
C:\Windows\System32\wscript.exe (ID: 5024|ParentID: 3208|loic)
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (ID: 4524|ParentID: 3208|loic)
C:\Windows\System32\rundll32.exe (ID: 4000|ParentID: 3208|loic)
C:\Windows\System32\rundll32.exe (ID: 4644|ParentID: 3208|loic)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (ID: 980|ParentID: 5032|loic)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 5168|ParentID: 5032|loic)
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (ID: 5428|ParentID: 1688|loic)
C:\Windows\System32\wbem\unsecapp.exe (ID: 268|ParentID: 804|loic)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 2436|ParentID: 4284|loic)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 3472|ParentID: 2436|loic)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ID: 4092|ParentID: 636|Système)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (ID: 1708|ParentID: 636|Système)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 3808|ParentID: 636|Système)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 6364|ParentID: 636|Système)
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (ID: 35332|ParentID: 4988|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 49488|ParentID: 3208|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 47364|ParentID: 49488|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 42968|ParentID: 49488|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 42964|ParentID: 49488|loic)
C:\Windows\System32\WUDFHost.exe (ID: 50396|ParentID: 388|SERVICE LOCAL)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 52240|ParentID: 49488|loic)
C:\Windows\System32\spoolsv.exe (ID: 52412|ParentID: 636|Système)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 51640|ParentID: 636|SERVICE Rà‰SEAU)
C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (ID: 51336|ParentID: 4564|loic)
################## | Autorun |
F:\Nouveau dossier (3).lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Photos baptême.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\A-P.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\HDA.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\MP3 Rocket.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Anglais euro.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Autorun.inf.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Dream job.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Nouveau dossier.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Nouveau dossier (2).lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Notes creches.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\diapo svt euro.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\svt euro 2.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\rihanna.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\SVT Euro.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Photos crèche.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\diapo.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Outback adventurer.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Collage.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Colllage 3 films.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Collage Mistinguett et Joséphine Baker.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Mistinguett et Joséphine Baker.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\_disk_id.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
################## | Recherche générique |
Supprimé! C:\Users\loic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Berzerk.vbe
Supprimé! C:\Users\loic\AppData\Local\Temp\Berzerk.vbe
Supprimé! F:\Berzerk.vbe
Supprimé! F:\_disk_id.lnk
Supprimé! F:\.lnk
Supprimé! F:\diapo.lnk
Supprimé! F:\Notes creches.lnk
Supprimé! F:\diapo svt euro.lnk
Supprimé! F:\svt euro 2.lnk
Supprimé! F:\rihanna.lnk
Supprimé! F:\SVT Euro.lnk
Supprimé! F:\Photos crèche.lnk
Supprimé! F:\Anglais euro.lnk
Supprimé! F:\A-P.lnk
Supprimé! F:\MP3 Rocket.lnk
Supprimé! F:\HDA.lnk
Supprimé! F:\Dream job.lnk
Supprimé! F:\Photos baptême.lnk
Supprimé! F:\Nouveau dossier (2).lnk
Supprimé! F:\Nouveau dossier (3).lnk
Supprimé! F:\Outback adventurer.lnk
Supprimé! F:\Collage.lnk
Supprimé! F:\Colllage 3 films.lnk
Supprimé! F:\Collage Mistinguett et Joséphine Baker.lnk
Supprimé! F:\Mistinguett et Joséphine Baker.lnk
Supprimé! F:\Nouveau dossier.lnk
Supprimé! F:\Autorun.inf.lnk
Supprimé! C:\Users\Public\sdelevURL.tmp
Supprimé! C:\Users\Anne-Gaà«lle.simonpa0-HP\AppData\Local\Temp\Berzerk.vbe
Supprimé! C:\Users\Anne-Gaà«lle.simonpa0-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Berzerk.vbe
Supprimé! C:\Users\simonpa0\AppData\Local\Temp\Berzerk.vbe
Supprimé! C:\Users\simonpa0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Berzerk.vbe
(!) Fichiers temporaires supprimés.
################## | Registre |
Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 0
Supprimé! HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\Software\Microsoft\Windows\CurrentVersion\Run|Berzerk
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKCU\..\Run : [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1894D6NV05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
04 - HKCU\..\Run : [{3E75652D-99B1-417E-B163-BEF33CAD3F16}] "C:\Users\loic\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{3E75652D-99B1-417E-B163-BEF33CAD3F16}"
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [RazerGameBooster] C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
04 - [x64] HKLM\..\Run : [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
04 - [x64] HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1894D6NV05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [{3E75652D-99B1-417E-B163-BEF33CAD3F16}] "C:\Users\loic\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{3E75652D-99B1-417E-B163-BEF33CAD3F16}"
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |
[12/09/2012 - 17:20:21 | N | 0 Ko] - C:\log.txt
[01/06/2014 - 13:06:36 | ASH | 3131064 Ko] - C:\hiberfil.sys
[01/06/2014 - 13:06:38 | ASH | 4174752 Ko] - C:\pagefile.sys
[01/11/2011 - 18:04:06 | D] - C:\SYSTEM.SAV
[28/05/2014 - 11:45:32 | D] - C:\Config.Msi
[29/09/2013 - 15:58:03 | N | 1 Ko] - C:\LoLRADS_EUW.lnk
[27/08/2012 - 14:56:18 | N | 2 Ko] - C:\user.js
[23/05/2014 - 21:53:54 | SHD] - C:\$RECYCLE.BIN
[11/02/2011 - 19:00:42 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[11/02/2011 - 21:24:35 | SHD] - C:\Recovery
[02/09/2011 - 02:08:09 | D] - C:\hp
[02/09/2011 - 03:14:07 | N | 0 Ko] - C:\OS
[23/02/2012 - 17:31:18 | D] - C:\GameData
[20/10/2012 - 12:11:23 | D] - C:\Ptp
[29/09/2013 - 17:36:36 | D] - C:\Riot Games
[15/12/2013 - 18:09:29 | D] - C:\148c1569a9666aeb7365ce0afe
[06/02/2014 - 22:40:02 | D] - C:\swsetup
[20/05/2014 - 22:21:34 | N | 0 Ko] - C:\END
[20/05/2014 - 23:44:18 | D] - C:\Program Files
[21/05/2014 - 12:44:54 | D] - C:\Program Files (x86)
[22/05/2014 - 18:13:15 | HD] - C:\ProgramData
[23/05/2014 - 21:53:36 | D] - C:\Users
[26/05/2014 - 17:48:03 | D] - C:\Windows
[28/05/2014 - 20:29:18 | SHD] - C:\System Volume Information
[01/06/2014 - 23:05:50 | D] - C:\UsbFix
################## | D:\ - Disque Fixe (NTFS) |
[18/01/2012 - 14:09:51 | N | 0 Ko] - D:\HPSF_Rep.txt
[02/09/2011 - 03:47:24 | N | 0 Ko] - D:\RPCONFIG.LOG
[02/09/2011 - 03:47:25 | N | 13 Ko] - D:\DeployRp.log
[01/11/2011 - 17:48:09 | N | 0 Ko] - D:\language.ini
[01/11/2011 - 17:48:20 | N | 0 Ko] - D:\BT_HP.FLG
[02/09/2011 - 03:39:55 | N | 0 Ko] - D:\CSP.DAT
[12/12/2012 - 14:01:14 | N | 0 Ko] - D:\HP_WSD.dat
[23/05/2014 - 21:53:54 | SHD] - D:\$RECYCLE.BIN
[20/11/2010 - 08:40:07 | ASH | 375 Ko] - D:\bootmgr
[01/11/2011 - 17:48:20 | SHD] - D:\boot
[01/11/2011 - 17:48:21 | SHD] - D:\preload
[01/11/2011 - 17:48:21 | SD] - D:\Recovery
[27/12/2011 - 19:39:43 | D] - D:\hp
[20/02/2012 - 14:20:36 | SHD] - D:\System Volume Information
################## | F:\ - Disque USB (FAT32) |
[21/05/2014 - 16:56:46 | N | 99941 Ko] - F:\Outback adventurer.wmv
[21/05/2014 - 16:55:12 | N | 12 Ko] - F:\Outback adventurer.wlmp
[23/03/2014 - 17:53:20 | N | 5168 Ko] - F:\svt euro 2.ppt
[04/09/2012 - 20:11:12 | N | 0 Ko] - F:\_disk_id.pod
[21/05/2014 - 18:07:06 | N | 1048 Ko] - F:\Collage.png
[21/05/2014 - 18:14:18 | N | 883 Ko] - F:\Colllage 3 films.png
[23/05/2014 - 19:08:26 | N | 1215 Ko] - F:\Collage Mistinguett et Joséphine Baker.png
[04/02/2014 - 08:36:36 | N | 0 Ko] - F:\.~lock.Anne-Gaà«lle et Noémie.odt#
[20/03/2014 - 19:40:26 | N | 11122 Ko] - F:\diapo.odp
[21/03/2014 - 15:36:02 | N | 10904 Ko] - F:\diapo svt euro.odp
[01/06/2014 - 23:38:20 | N | 0 Ko] - F:\Musique.lnk
[20/03/2014 - 19:17:04 | N | 16 Ko] - F:\Notes creches.docx
[07/04/2014 - 21:34:40 | N | 56 Ko] - F:\rihanna.docx
[25/05/2014 - 12:11:40 | N | 27 Ko] - F:\Mistinguett et Joséphine Baker.doc
[01/01/1980 - 00:00:00 | N | 0 Ko] - F:\.cm0012
[17/10/2013 - 16:57:22 | D] - F:\SVT Euro
[05/12/2013 - 21:40:44 | D] - F:\Musique
[09/03/2014 - 13:39:40 | D] - F:\Photos crèche
[09/03/2014 - 13:42:22 | D] - F:\Anglais euro
[09/03/2014 - 13:42:38 | D] - F:\A-P
[24/03/2014 - 23:09:16 | D] - F:\MP3 Rocket
[14/05/2014 - 19:04:10 | D] - F:\HDA
[20/05/2014 - 20:04:22 | D] - F:\Dream job
[20/05/2014 - 23:18:28 | D] - F:\Nouveau dossier
[20/05/2014 - 23:18:38 | D] - F:\Nouveau dossier (2)
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.sosvirus.net/ | |
Utilisateur: loic (Administrateur) # SIMONPA0-HP
Mis à jour le 18/05/2014 par El Desaparecido - SosVirus
Lancé à 23:38:10 | 01/06/2014
Site Web :
Changelog :
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact :
PC: Foxconn (2ABF)
CPU: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
RAM -> [Total : 4077 Mo| Free : 1734 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Google Chrome : 23.0.1271.97
WB: Mozilla Firefox : 29.0.1
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | (!) Outdated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%SystemDrive%) -> Disque fixe # 454 Go (359 Go libre(s) - 79%) [OS] # NTFS
D:\ -> Disque fixe # 12 Go (1 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 77%) [STORE N GO] # FAT32
################## | Processus Stoppés |
C:\Windows\System32\atiesrxx.exe (ID: 936|ParentID: 636)
C:\Windows\System32\atieclxx.exe (ID: 1296|ParentID: 936|Système)
C:\Windows\System32\taskeng.exe (ID: 1528|ParentID: 764|Système)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1700|ParentID: 636|Système)
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (ID: 1924|ParentID: 636|Système)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 1104|ParentID: 636|Système)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1596|ParentID: 636|Système)
C:\Windows\SysWOW64\PnkBstrA.exe (ID: 1364|ParentID: 636|Système)
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (ID: 1688|ParentID: 636|Système)
C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (ID: 496|ParentID: 636|Système)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2304|ParentID: 636|Système)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2384|ParentID: 636|Système)
C:\Windows\System32\taskhost.exe (ID: 2716|ParentID: 636|loic)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID: 3116|ParentID: 1528|Système)
C:\Windows\explorer.exe (ID: 3208|ParentID: 3184|loic)
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ID: 3752|ParentID: 636|Système)
C:\Windows\System32\SearchIndexer.exe (ID: 3816|ParentID: 636|Système)
C:\Windows\System32\rundll32.exe (ID: 3836|ParentID: 804|loic)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (ID: 4448|ParentID: 3208|loic)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4460|ParentID: 3208|loic)
C:\Program Files (x86)\Steam\Steam.exe (ID: 4548|ParentID: 3208|loic)
C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (ID: 4564|ParentID: 3208|loic)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 4952|ParentID: 3208|loic)
C:\Program Files (x86)\Razer\Core\RazerCore.exe (ID: 4980|ParentID: 3208|loic)
C:\Windows\System32\wscript.exe (ID: 5024|ParentID: 3208|loic)
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (ID: 4524|ParentID: 3208|loic)
C:\Windows\System32\rundll32.exe (ID: 4000|ParentID: 3208|loic)
C:\Windows\System32\rundll32.exe (ID: 4644|ParentID: 3208|loic)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (ID: 980|ParentID: 5032|loic)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 5168|ParentID: 5032|loic)
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (ID: 5428|ParentID: 1688|loic)
C:\Windows\System32\wbem\unsecapp.exe (ID: 268|ParentID: 804|loic)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 2436|ParentID: 4284|loic)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 3472|ParentID: 2436|loic)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ID: 4092|ParentID: 636|Système)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (ID: 1708|ParentID: 636|Système)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 3808|ParentID: 636|Système)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 6364|ParentID: 636|Système)
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (ID: 35332|ParentID: 4988|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 49488|ParentID: 3208|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 47364|ParentID: 49488|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 42968|ParentID: 49488|loic)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 42964|ParentID: 49488|loic)
C:\Windows\System32\WUDFHost.exe (ID: 50396|ParentID: 388|SERVICE LOCAL)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 52240|ParentID: 49488|loic)
C:\Windows\System32\spoolsv.exe (ID: 52412|ParentID: 636|Système)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 51640|ParentID: 636|SERVICE Rà‰SEAU)
C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (ID: 51336|ParentID: 4564|loic)
################## | Autorun |
F:\Nouveau dossier (3).lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Photos baptême.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\A-P.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\HDA.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\MP3 Rocket.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Anglais euro.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Autorun.inf.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Dream job.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Nouveau dossier.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Nouveau dossier (2).lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Notes creches.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\diapo svt euro.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\svt euro 2.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\rihanna.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\SVT Euro.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Photos crèche.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\diapo.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Outback adventurer.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Collage.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Colllage 3 films.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Collage Mistinguett et Joséphine Baker.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\Mistinguett et Joséphine Baker.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
F:\_disk_id.lnk -> F:\Berzerk.vbe - (SHA1: 02907D1E88CE6E2D0175F368FE74DBF1AB88D0D1)
################## | Recherche générique |
Supprimé! C:\Users\loic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Berzerk.vbe
Supprimé! C:\Users\loic\AppData\Local\Temp\Berzerk.vbe
Supprimé! F:\Berzerk.vbe
Supprimé! F:\_disk_id.lnk
Supprimé! F:\.lnk
Supprimé! F:\diapo.lnk
Supprimé! F:\Notes creches.lnk
Supprimé! F:\diapo svt euro.lnk
Supprimé! F:\svt euro 2.lnk
Supprimé! F:\rihanna.lnk
Supprimé! F:\SVT Euro.lnk
Supprimé! F:\Photos crèche.lnk
Supprimé! F:\Anglais euro.lnk
Supprimé! F:\A-P.lnk
Supprimé! F:\MP3 Rocket.lnk
Supprimé! F:\HDA.lnk
Supprimé! F:\Dream job.lnk
Supprimé! F:\Photos baptême.lnk
Supprimé! F:\Nouveau dossier (2).lnk
Supprimé! F:\Nouveau dossier (3).lnk
Supprimé! F:\Outback adventurer.lnk
Supprimé! F:\Collage.lnk
Supprimé! F:\Colllage 3 films.lnk
Supprimé! F:\Collage Mistinguett et Joséphine Baker.lnk
Supprimé! F:\Mistinguett et Joséphine Baker.lnk
Supprimé! F:\Nouveau dossier.lnk
Supprimé! F:\Autorun.inf.lnk
Supprimé! C:\Users\Public\sdelevURL.tmp
Supprimé! C:\Users\Anne-Gaà«lle.simonpa0-HP\AppData\Local\Temp\Berzerk.vbe
Supprimé! C:\Users\Anne-Gaà«lle.simonpa0-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Berzerk.vbe
Supprimé! C:\Users\simonpa0\AppData\Local\Temp\Berzerk.vbe
Supprimé! C:\Users\simonpa0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Berzerk.vbe
(!) Fichiers temporaires supprimés.
################## | Registre |
Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 0
Supprimé! HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\Software\Microsoft\Windows\CurrentVersion\Run|Berzerk
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKCU\..\Run : [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1894D6NV05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
04 - HKCU\..\Run : [{3E75652D-99B1-417E-B163-BEF33CAD3F16}] "C:\Users\loic\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{3E75652D-99B1-417E-B163-BEF33CAD3F16}"
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [RazerGameBooster] C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
04 - [x64] HKLM\..\Run : [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
04 - [x64] HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1894D6NV05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [{3E75652D-99B1-417E-B163-BEF33CAD3F16}] "C:\Users\loic\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{3E75652D-99B1-417E-B163-BEF33CAD3F16}"
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1077695886-3228060871-3104564884-1003\..\Run : [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |
[12/09/2012 - 17:20:21 | N | 0 Ko] - C:\log.txt
[01/06/2014 - 13:06:36 | ASH | 3131064 Ko] - C:\hiberfil.sys
[01/06/2014 - 13:06:38 | ASH | 4174752 Ko] - C:\pagefile.sys
[01/11/2011 - 18:04:06 | D] - C:\SYSTEM.SAV
[28/05/2014 - 11:45:32 | D] - C:\Config.Msi
[29/09/2013 - 15:58:03 | N | 1 Ko] - C:\LoLRADS_EUW.lnk
[27/08/2012 - 14:56:18 | N | 2 Ko] - C:\user.js
[23/05/2014 - 21:53:54 | SHD] - C:\$RECYCLE.BIN
[11/02/2011 - 19:00:42 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[11/02/2011 - 21:24:35 | SHD] - C:\Recovery
[02/09/2011 - 02:08:09 | D] - C:\hp
[02/09/2011 - 03:14:07 | N | 0 Ko] - C:\OS
[23/02/2012 - 17:31:18 | D] - C:\GameData
[20/10/2012 - 12:11:23 | D] - C:\Ptp
[29/09/2013 - 17:36:36 | D] - C:\Riot Games
[15/12/2013 - 18:09:29 | D] - C:\148c1569a9666aeb7365ce0afe
[06/02/2014 - 22:40:02 | D] - C:\swsetup
[20/05/2014 - 22:21:34 | N | 0 Ko] - C:\END
[20/05/2014 - 23:44:18 | D] - C:\Program Files
[21/05/2014 - 12:44:54 | D] - C:\Program Files (x86)
[22/05/2014 - 18:13:15 | HD] - C:\ProgramData
[23/05/2014 - 21:53:36 | D] - C:\Users
[26/05/2014 - 17:48:03 | D] - C:\Windows
[28/05/2014 - 20:29:18 | SHD] - C:\System Volume Information
[01/06/2014 - 23:05:50 | D] - C:\UsbFix
################## | D:\ - Disque Fixe (NTFS) |
[18/01/2012 - 14:09:51 | N | 0 Ko] - D:\HPSF_Rep.txt
[02/09/2011 - 03:47:24 | N | 0 Ko] - D:\RPCONFIG.LOG
[02/09/2011 - 03:47:25 | N | 13 Ko] - D:\DeployRp.log
[01/11/2011 - 17:48:09 | N | 0 Ko] - D:\language.ini
[01/11/2011 - 17:48:20 | N | 0 Ko] - D:\BT_HP.FLG
[02/09/2011 - 03:39:55 | N | 0 Ko] - D:\CSP.DAT
[12/12/2012 - 14:01:14 | N | 0 Ko] - D:\HP_WSD.dat
[23/05/2014 - 21:53:54 | SHD] - D:\$RECYCLE.BIN
[20/11/2010 - 08:40:07 | ASH | 375 Ko] - D:\bootmgr
[01/11/2011 - 17:48:20 | SHD] - D:\boot
[01/11/2011 - 17:48:21 | SHD] - D:\preload
[01/11/2011 - 17:48:21 | SD] - D:\Recovery
[27/12/2011 - 19:39:43 | D] - D:\hp
[20/02/2012 - 14:20:36 | SHD] - D:\System Volume Information
################## | F:\ - Disque USB (FAT32) |
[21/05/2014 - 16:56:46 | N | 99941 Ko] - F:\Outback adventurer.wmv
[21/05/2014 - 16:55:12 | N | 12 Ko] - F:\Outback adventurer.wlmp
[23/03/2014 - 17:53:20 | N | 5168 Ko] - F:\svt euro 2.ppt
[04/09/2012 - 20:11:12 | N | 0 Ko] - F:\_disk_id.pod
[21/05/2014 - 18:07:06 | N | 1048 Ko] - F:\Collage.png
[21/05/2014 - 18:14:18 | N | 883 Ko] - F:\Colllage 3 films.png
[23/05/2014 - 19:08:26 | N | 1215 Ko] - F:\Collage Mistinguett et Joséphine Baker.png
[04/02/2014 - 08:36:36 | N | 0 Ko] - F:\.~lock.Anne-Gaà«lle et Noémie.odt#
[20/03/2014 - 19:40:26 | N | 11122 Ko] - F:\diapo.odp
[21/03/2014 - 15:36:02 | N | 10904 Ko] - F:\diapo svt euro.odp
[01/06/2014 - 23:38:20 | N | 0 Ko] - F:\Musique.lnk
[20/03/2014 - 19:17:04 | N | 16 Ko] - F:\Notes creches.docx
[07/04/2014 - 21:34:40 | N | 56 Ko] - F:\rihanna.docx
[25/05/2014 - 12:11:40 | N | 27 Ko] - F:\Mistinguett et Joséphine Baker.doc
[01/01/1980 - 00:00:00 | N | 0 Ko] - F:\.cm0012
[17/10/2013 - 16:57:22 | D] - F:\SVT Euro
[05/12/2013 - 21:40:44 | D] - F:\Musique
[09/03/2014 - 13:39:40 | D] - F:\Photos crèche
[09/03/2014 - 13:42:22 | D] - F:\Anglais euro
[09/03/2014 - 13:42:38 | D] - F:\A-P
[24/03/2014 - 23:09:16 | D] - F:\MP3 Rocket
[14/05/2014 - 19:04:10 | D] - F:\HDA
[20/05/2014 - 20:04:22 | D] - F:\Dream job
[20/05/2014 - 23:18:28 | D] - F:\Nouveau dossier
[20/05/2014 - 23:18:38 | D] - F:\Nouveau dossier (2)
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.sosvirus.net/ | |
dans l'attente....