wahiba01
Nombre d'articles : 0

merci bcp pour votre aide
[spoiler:bxz8kbhj]############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: wahiba (Administrateur) # WAHIBA-PC
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 19:49:12 | 08/10/2013

Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Dell Inc. (0G8TPV)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
RAM -> [Total : 3963 | Free : 1481]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 8.0.7601.17514

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 219 Go (95 Go libre(s) – 43%) [] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 173 Go (148 Go libre(s) – 86%) [] # NTFS
F: -> Disque amovible # 4 Go (4 Go libre(s) – 95%) [W@H!B@] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
HKLMSOFTWARE | Run : [GrooveMonitor] – « C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe »
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
HKLMSOFTWAREwow6432Node | Run : [avast] – « C:Program FilesAVAST SoftwareAvastavastUI.exe » /nogui
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
HKLMSOFTWAREwow6432Node | Run : [GrooveMonitor] – « C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe »
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1098367603-1629518233-2555471626-1000SOFTWARE | Run : [Facebook Update] – « C:UserswahibaAppDataLocalFacebookUpdateFacebookUpdate.exe » /c /nocrashserver
HKUS-1-5-21-1098367603-1629518233-2555471626-1000SOFTWARE | Run : [ApacheTomcatMonitor7.0_Tomcat7] – « C:Program FilesApache Software FoundationTomcat 7.0binTomcat7w.exe » //MS//Tomcat7
HKUS-1-5-21-1098367603-1629518233-2555471626-1000SOFTWARE | Run : [IDMan] – C:Program Files (x86)Internet Download ManagerIDMan.exe /onboot
HKUS-1-5-21-1098367603-1629518233-2555471626-1000SOFTWARE | Run : [aljazeera-sport+2] – wscript.exe //B « C:UserswahibaAppDataLocalTempaljazeera-sport+2.vbs »
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32WLANExt.exe (ID 1216 |ParentID 992)
Stoppé! C:Windowssystem32conhost.exe (ID 1224 |ParentID 420)
Stoppé! C:Program FilesDellDW WLAN CardWLTRYSVC.EXE (ID 1300 |ParentID 608)
Stoppé! C:Program FilesDellDW WLAN Cardbcmwltry.exe (ID 1324 |ParentID 1300)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1344 |ParentID 608)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1612 |ParentID 608)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1728 |ParentID 608)
Stoppé! c:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID 1748 |ParentID 608)
Stoppé! C:ProgramDataDatacardServiceHWDeviceService64.exe (ID 1792 |ParentID 608)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID 1860 |ParentID 608)
Stoppé! C:Windowssystem32taskhost.exe (ID 1228 |ParentID 608)
Stoppé! C:ProgramDataDatacardServiceDCSHelper.exe (ID 2076 |ParentID 1792)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 2168 |ParentID 1716)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 2232 |ParentID 1716)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 2260 |ParentID 1716)
Stoppé! C:Program FilesDellDW WLAN CardWLTRAY.EXE (ID 2276 |ParentID 1716)
Stoppé! C:Program Files (x86)Internet Download ManagerIDMan.exe (ID 2848 |ParentID 1716)
Stoppé! C:ProgramDataMobileBrServmbbservice.exe (ID 2992 |ParentID 608)
Stoppé! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID 2316 |ParentID 1716)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID 2708 |ParentID 2760)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 1252 |ParentID 2856)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 1032 |ParentID 2856)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID 360 |ParentID 2708)
Stoppé! C:Program Files (x86)Internet Download ManagerIEMonitor.exe (ID 956 |ParentID 2848)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 3100 |ParentID 2856)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3256 |ParentID 608)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3816 |ParentID 608)
Stoppé! C:WindowsSysWOW64RunDll32.exe (ID 3960 |ParentID 2316)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 3336 |ParentID 1716)
Stoppé! C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 844 |ParentID 2268)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 1892 |ParentID 3336)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_94.exe (ID 2904 |ParentID 1892)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_94.exe (ID 3004 |ParentID 2904)
Stoppé! C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 4532 |ParentID 608)
Stoppé! C:Program Files (x86)RealtekRealtek USB 2.0 Card ReaderRIconMan.exe (ID 4700 |ParentID 608)
Stoppé! C:Windowssystem32WUDFHost.exe (ID 2744 |ParentID 992)
Stoppé! C:WindowsSystem32wscript.exe (ID 752 |ParentID 5076)
Stoppé! C:Program FilesSMPlayersmplayer.exe (ID 5872 |ParentID 1716)
Stoppé! C:Program FilesWinRARWinRAR.exe (ID 5536 |ParentID 2848)
Stoppé! C:Program FilesSMPlayermplayermplayer.exe (ID 5584 |ParentID 5872)
Stoppé! C:Windowssystem32conhost.exe (ID 4172 |ParentID 544)
Stoppé! C:Windowssystem32taskeng.exe (ID 5300 |ParentID 124)

################## | Éléments infectieux |

Supprimé! F:aljazeera-sport+2.vbs
Supprimé! C:UserswahibaAppDataLocalTempaljazeera-sport+2.vbs
Supprimé! C:UserswahibaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupaljazeera-sport+2.vbs
Supprimé! F:c01CreatingaWebPage(Press-Optimized).lnk
Supprimé! F:belhmar.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1098367603-1629518233-2555471626-1000SoftwareMicrosoftWindowsCurrentVersionRun|aljazeera-sport+2
Supprimé! HKCU….ExplorerMountPoints2F
Supprimé! HKCU….ExplorerMountPoints2{213fb933-d4df-11e2-8960-806e6f6e6963}
Supprimé! HKCU….ExplorerMountPoints2{269906fa-b963-11e2-9d43-e0db558de827}
Supprimé! HKCU….ExplorerMountPoints2{53643db8-9bb5-11e2-ba79-82d72047bd98}
Supprimé! HKCU….ExplorerMountPoints2{9befb9e0-a287-11e2-a06d-e0db558de827}
Supprimé! HKCU….ExplorerMountPoints2{9befba1b-a287-11e2-a06d-001e101f7fb6}
Supprimé! HKCU….ExplorerMountPoints2{a2e9fb61-a35f-11e2-89b6-e0db558de827}
Supprimé! HKCU….ExplorerMountPoints2{b0c7e550-ceab-11e2-8cdf-e0db558de827}
Supprimé! HKCU….ExplorerMountPoints2{b0dca08e-e58b-11e2-9be6-e0db558de827}

################## | Listing |

[25/05/2013 – 23:51:42 | SHD ] C:$Recycle.Bin
[01/10/2013 – 10:02:29 | SHD ] C:Config.Msi
[04/04/2013 – 17:11:42 | D ] C:dell
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[08/10/2013 – 17:31:41 | ASH | 3116236800] C:hiberfil.sys
[02/04/2013 – 21:22:29 | D ] C:Intel
[11/04/2013 – 11:26:42 | D ] C:jboss-seam-2.2.0.GA
[07/04/2013 – 15:31:05 | RHD ] C:MSOCache
[19/06/2013 – 15:00:35 | D ] C:MVS
[08/10/2013 – 17:31:43 | ASH | 4154986496] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[30/09/2013 – 11:00:22 | D ] C:Program Files
[30/09/2013 – 10:59:57 | D ] C:Program Files (x86)
[30/09/2013 – 13:30:17 | HD ] C:ProgramData
[02/04/2013 – 19:54:14 | SHD ] C:Recovery
[04/06/2013 – 12:40:42 | D ] C:Selenium RC
[07/10/2013 – 13:47:42 | SHD ] C:System Volume Information
[08/10/2013 – 19:51:10 | D ] C:UsbFix
[08/10/2013 – 19:52:05 | A | 8758] C:UsbFix [Clean 2] WAHIBA-PC.txt
[08/10/2013 – 19:32:25 | N | 10844] C:UsbFix [Scan 2] WAHIBA-PC.txt
[25/05/2013 – 23:51:38 | RD ] C:Users
[12/05/2013 – 16:39:58 | D ] C:wamp
[30/09/2013 – 10:47:03 | D ] C:Windows
[25/05/2013 – 23:51:42 | SHD ] E:$RECYCLE.BIN
[13/09/2013 – 00:16:54 | D ] E:Ar.3D.2011.Ul
[03/05/2013 – 23:46:16 | N | 3688929] E:CHAPITRE 3 – JCL.pdf
[08/09/2013 – 23:24:47 | D ] E:MQL_M2
[28/05/2013 – 10:55:42 | D ] E:pc poste
[13/08/2013 – 01:16:54 | D ] E:pc-wahiba
[09/05/2013 – 12:27:33 | D ] E:Safe.Haven.2013.FRENCH.DVDRip XviD-TMB
[04/04/2013 – 00:35:22 | SHD ] E:System Volume Information
[03/04/2010 – 19:33:31 | N | 2088501] E:VS_EXPBSLN_x64_fra.CAB
[03/04/2010 – 19:35:56 | N | 555008] E:VS_EXPBSLN_x64_fra.MSI
[13/08/2013 – 01:13:49 | D ] E:wahiba tof
[04/04/2013 – 08:30:21 | N | 536870912] E:WinPEpge.sys
[21/04/2013 – 01:18:08 | N | 733986816] E:[www.Cpasbien.me] The.Impossible.2012.FRENCH.BRRip.XviD-TMB.avi
[10/12/2012 – 12:59:36 | N | 1545761] F:c01CreatingaWebPage(Press-Optimized).pdf
[08/10/2013 – 18:24:40 | D ] F:belhmar

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:bxz8kbhj]