mickahmed
Participant
Nombre d'articles : 20

rhoooo tu m’as fais peur lool
ok je ferais ça tout de suite :)

[hr:1qd4w9kw]

PS: la clé infecté c’est la F:
[spoiler:1qd4w9kw]############################## | UsbFix V 7.133 | [Suppression]

Utilisateur: Seyma (Administrateur) # SEYMA-PC
Mis à jour le 27/08/2013 par El Desaparecido
Lancé à 23:05:41 | 01/09/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/viewtopic.php?f=6&t=489” onclick=”window.open(this.href);return false;
Contact: eldesaparecido@sosvirus.net

PC: LENOVO (IdeaPad Z580 ) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (2501)
RAM -> [Total : 6007 | Free : 3694]
BIOS: Phoenix BIOS SC-T v2.2
BOOT: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Internet Security [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 488 Go (444 Go libre(s) – 91%) [] # NTFS
D: -> Disque fixe # 443 Go (424 Go libre(s) – 96%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 964 Mo (963 Mo libre(s) – 100%) [SEYMOUTA] # FAT

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Denzi] – C:Program Files (x86)DenziDenzi.exe
HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [Denzi] – C:Program Files (x86)DenziDenzi.exe
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2007743307-614289416-151527787-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-2007743307-614289416-151527787-1000SOFTWARE | Run : [Facebook Update] – “C:UsersSeymaAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-2007743307-614289416-151527787-1000SOFTWARE | Run : [Media Finder] – “C:Program Files (x86)Media FinderMedia Finder.exe” /opentotray
HKUS-1-5-21-2007743307-614289416-151527787-1000SOFTWARE | Run : [Bubble Dock] – “C:UsersSeymaAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup
HKUS-1-5-21-2007743307-614289416-151527787-1001SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-21-2007743307-614289416-151527787-1001SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (692)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (1504)
Stoppé! C:Windowssystem32nvvsvc.exe (1512)
Stoppé! C:WindowsSystem32spoolsv.exe (1572)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (1736)
Stoppé! C:Windowssystem32taskhost.exe (1884)
Stoppé! C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (2000)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (1776)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (2116)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (3052)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (2052)
Stoppé! C:Program FilesMy Lockboxmylbx.exe (3408)
Stoppé! C:Windowssystem32SearchIndexer.exe (3420)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (3764)
Stoppé! C:UsersSeymaAppDataLocalFacebookMessenger2.1.4814.0FacebookMessenger.exe (3872)
Stoppé! C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (3948)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (4368)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (4540)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (4616)
Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (4748)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (4944)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (4104)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (4596)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (168)
Stoppé! C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013klwtblfs.exe (4720)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (4324)
Stoppé! C:Windowssystem32WUDFHost.exe (6140)

################## | Éléments infectieux |

Supprimé! C:UsersSeymaAppDataRoamingdotNetFx40_Full_setup.exe
Supprimé! F:méthodologie NOUVEAU.lnk
Supprimé! F:Nitro PDF.lnk
Supprimé! F:OUM KALTHOUM.lnk
Supprimé! F:RECONNAISSANCE.lnk
Supprimé! F:studio hollywood_DVD -4444.lnk
Supprimé! F:0.lnk
Supprimé! F:De Mauro.lnk
Supprimé! F:DVD.lnk
Supprimé! F:FOND 3.lnk
Supprimé! F:INTRODUCTION.lnk
Supprimé! F:6887.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

Supprimé! HKCU….ExplorerMountPoints2{7191c648-8064-11e2-bf7b-806e6f6e6963}

################## | Listing |

[26/04/2013 – 09:45:17 | SHD ] C:$Recycle.Bin
[26/02/2013 – 23:32:13 | SHD ] C:Boot
[14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
[26/02/2013 – 23:32:15 | N | 8192] C:BOOTSECT.BAK
[24/03/2013 – 10:16:15 | D ] C:components
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[28/02/2013 – 16:01:23 | D ] C:DRIVERS
[26/02/2013 – 23:42:06 | N | 204528] C:grldr
[01/09/2013 – 22:56:20 | ASH | 4724396032] C:hiberfil.sys
[07/03/2013 – 20:49:57 | D ] C:IDE
[27/02/2013 – 02:54:51 | D ] C:Intel
[07/03/2013 – 20:48:19 | RHD ] C:MSOCache
[27/02/2013 – 02:06:41 | D ] C:NVIDIA
[01/09/2013 – 22:56:23 | ASH | 6299197440] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[28/06/2013 – 09:11:10 | D ] C:Program Files
[01/08/2013 – 22:30:44 | D ] C:Program Files (x86)
[29/08/2013 – 22:49:33 | HD ] C:ProgramData
[26/02/2013 – 23:38:46 | SHD ] C:Recovery
[30/08/2013 – 20:21:23 | SHD ] C:System Volume Information
[01/09/2013 – 23:07:20 | D ] C:UsbFix
[01/09/2013 – 23:07:44 | A | 6821] C:UsbFix [Clean 1] SEYMA-PC.txt
[01/09/2013 – 22:53:57 | N | 7614] C:UsbFix [Scan 2] SEYMA-PC.txt
[27/02/2013 – 03:01:51 | D ] C:Users
[01/09/2013 – 22:58:07 | D ] C:Windows
[26/04/2013 – 09:45:17 | SHD ] D:$RECYCLE.BIN
[16/06/2013 – 21:59:42 | D ] D:Enseignement
[16/06/2013 – 21:59:42 | D ] D:Kaspersky
[16/06/2013 – 21:59:43 | D ] D:Mariage Walid
[07/07/2013 – 14:22:01 | D ] D:My love
[18/04/2013 – 15:40:00 | T | 1421648] D:numérisation0048.jpg
[28/06/2013 – 09:26:29 | D ] D:seyma toshiba
[15/07/2013 – 10:41:15 | D ] D:SFR
[27/02/2013 – 02:15:13 | SHD ] D:System Volume Information
[19/06/2013 – 23:35:48 | D ] D:Voyage
[21/03/2013 – 16:08:26 | N | 16384] F:WALID

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)[/spoiler:1qd4w9kw]