layedjiby
Nombre d'articles : 0

############################## | UsbFix V 7.147 | [Suppression]

Utilisateur: Mohamed Cheikhna (Administrateur) # MRTC303
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:08:07 | 31/10/2013

Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

PC: Dell Inc. (0C27VV)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
RAM -> [Total : 3548 | Free : 2549]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: McAfee VirusScan Enterprise [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 173 Go (105 Go libre(s) – 61%) [] # NTFS
D: -> Disque fixe # 293 Go (289 Go libre(s) – 99%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 2 Go (476 Mo libre(s) – 25%) [] # FAT

################## | Référence de comparaison MD5 |

Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> C:UsersMohamed CheikhnaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupprovide.vbe
Md5 : DENIED -> C:UsersMOHAME~1AppDataLocalTempprovide.vbe
Md5 : f676753ef04ca68ad64972bbf6101010 -> C:UsersMOHAME~1AppDataLocalTemp1.exe
Md5 : f676753ef04ca68ad64972bbf6101010 -> C:UsersMOHAME~1AppDataLocalTemp1.exe
Md5 : e9fa8afbe203ab0cb58b27e34fa416b0 -> C:UsersMOHAME~1AppDataLocalTemp42.exe
Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> F:provide.vbe

################## | Processus Stoppés |

Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1412 |ParentID: 540)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1528 |ParentID: 540)
Stoppé! C:Program FilesJustSAMItAgentsrvany.exe (ID: 1592 |ParentID: 540)
Stoppé! D:LotusNotesnsd.exe (ID: 1668 |ParentID: 540)
Stoppé! C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe (ID: 1700 |ParentID: 540)
Stoppé! C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe (ID: 1740 |ParentID: 540)
Stoppé! C:Windowssystem32mfevtps.exe (ID: 1772 |ParentID: 540)
Stoppé! C:Program FilesMcAfeeVirusScan Enterprisemfeann.exe (ID: 1904 |ParentID: 1740)
Stoppé! C:Windowssystem32conhost.exe (ID: 1912 |ParentID: 432)
Stoppé! C:Program FilesTeamViewerVersion6TeamViewer_Service.exe (ID: 1980 |ParentID: 540)
Stoppé! C:Program FilesExpressobinMonServiceUDisk.exe (ID: 112 |ParentID: 540)
Stoppé! C:Program FilesMcAfeeCommon FrameworknaPrdMgr.exe (ID: 424 |ParentID: 704)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 404 |ParentID: 540)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3660 |ParentID: 540)
Stoppé! C:Windowssystem32taskhost.exe (ID: 3944 |ParentID: 540)
Stoppé! C:WindowsExplorer.EXE (ID: 4048 |ParentID: 4016)
Stoppé! C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe (ID: 2592 |ParentID: 4048)
Stoppé! C:Program FilesAnalog DevicesCoresmax4pnp.exe (ID: 2612 |ParentID: 4048)
Stoppé! C:WindowsSystem32wscript.exe (ID: 2652 |ParentID: 4048)
Stoppé! C:Program FilesMcAfeeCommon FrameworkMcTray.exe (ID: 3072 |ParentID: 2592)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 1876 |ParentID: 4048)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3868 |ParentID: 932)
Stoppé! C:Program FilesMicrosoftBingBar7.2.241.0SeaPort.exe (ID: 3776 |ParentID: 540)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2852 |ParentID: 540)
Stoppé! C:Program FilesMcAfeeVirusScan Enterprisemcconsol.exe (ID: 1060 |ParentID: 3072)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 4152 |ParentID: 4172)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 5128 |ParentID: 4152)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 2984 |ParentID: 4152)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 5336 |ParentID: 4152)
Stoppé! C:Program FilesMcAfeeCommon FrameworkMcScript_InUse.exe (ID: 4376 |ParentID: 1700)
Stoppé! C:Windowssystem32conhost.exe (ID: 4708 |ParentID: 432)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5596 |ParentID: 992)
Stoppé! C:Windowssystem32taskhost.exe (ID: 2896 |ParentID: 540)
Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 1892 |ParentID: 540)

################## | Regedit Run |

HKLMSOFTWARE | Run : [BCSSync] – « C:Program FilesMicrosoft OfficeOffice14BCSSync.exe » /DelayServices
HKLMSOFTWARE | Run : [McAfeeUpdaterUI] – « C:Program FilesMcAfeeCommon Frameworkudaterui.exe » /StartedFromRunKey
HKLMSOFTWARE | Run : [ShStatEXE] – « C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE » /STANDALONE
HKLMSOFTWARE | Run : [SoundMAXPnP] – C:Program FilesAnalog DevicesCoresmax4pnp.exe
HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe »
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-2618677412-1337136455-4030967592-1000SOFTWARE | Run : [{17677031-3D9B-264E-1172-1431536824BD}] – C:UsersMohamed CheikhnaAppDataRoamingjavaexplorer.exe
HKUS-1-5-21-2618677412-1337136455-4030967592-1000SOFTWARE | Run : [provide] – wscript.exe //B « C:UsersMOHAME~1AppDataLocalTempprovide.vbe »
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – « C:WindowsSystem32SPReviewSPReview.exe » /sp:1 /errorfwlink: »http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Recherche générique |

Supprimé! F:provide.vbe
Supprimé! C:UsersMOHAME~1AppDataLocalTempprovide.vbe
Supprimé! C:UsersMohamed CheikhnaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupprovide.vbe
Supprimé! F:myqesc.lnk
Supprimé! F:ujeten.lnk
Supprimé! F:notes.lnk
Supprimé! F:IMG_1017.lnk
Supprimé! F:IMG_1008.lnk
Supprimé! F:IMG_1009.lnk
Supprimé! F:IMG_1010.lnk
Supprimé! F:IMG_1014.lnk
Supprimé! F:ID Kane Doc3.lnk
Supprimé! F:Youssou Ndour live a londre.lnk
Supprimé! F:Concert Youssou ndour a L’UCAD.lnk
Supprimé! F:odia.lnk
Supprimé! F:LDR_MRTO.lnk
Supprimé! F:~$Situation Kaedi.lnk
Supprimé! F:Situation Kaedi.lnk
Supprimé! F:show.lnk
Supprimé! F:show3.lnk
Supprimé! F:UsbFix.lnk
Supprimé! F:Notes Allclient install.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! C:UsersMohamed CheikhnaAppDataRoamingjava
Supprimé! C:UsersMOHAME~1AppDataLocalTemp1.exe
Supprimé! C:UsersMOHAME~1AppDataLocalTemp42.exe
Non supprimé ! E:SETUP.EXE
Non supprimé ! E:AUTORUN.INF

(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |

Supprimé! Md5 : E9FA8AFBE203AB0CB58B27E34FA416B0 -> C:UsersMohamed CheikhnaAppDataLocalTempMEMO + PAYEMENT.exe
Supprimé! Md5 : E9FA8AFBE203AB0CB58B27E34FA416B0 -> C:UsersMohamed CheikhnaAppDataLocalTempMymusic.exe
Supprimé! Md5 : E9FA8AFBE203AB0CB58B27E34FA416B0 -> C:UsersMohamed CheikhnaAppDataLocalTempOudio.exe
Supprimé! Md5 : E9FA8AFBE203AB0CB58B27E34FA416B0 -> C:UsersMohamed CheikhnaAppDataLocalTempRapport de sy.exe
Supprimé! Md5 : E9FA8AFBE203AB0CB58B27E34FA416B0 -> C:UsersMohamed CheikhnaAppDataLocalTempworld vision programs.exe
Supprimé! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:UsersMohamed CheikhnaDesktopbureau datadoc Mohamed cheikhnaSAOUDA LYprovide.vbe
Supprimé! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:UsersMohamed CheikhnaDesktopbureau dataSAOUDA LYprovide.vbe

################## | Registre |

Supprimé! HKUS-1-5-21-2618677412-1337136455-4030967592-1000SoftwareMicrosoftWindowsCurrentVersionRun|provide
Supprimé! HKUS-1-5-21-2618677412-1337136455-4030967592-1000Software….Mountpoints2{01d768ed-ad82-11e2-82bb-14feb5e791ef}
Supprimé! HKUS-1-5-21-2618677412-1337136455-4030967592-1000Software….Mountpoints2{37037bd1-523c-11e1-8f78-14feb5e791ef}
Supprimé! HKUS-1-5-21-2618677412-1337136455-4030967592-1000Software….Mountpoints2{ae51b247-2611-11e0-b1bf-806e6f6e6963}

################## | Listing |

[22/01/2011 – 10:56:31 | SHD ] C:$Recycle.Bin
[08/02/2012 – 10:25:50 | D ] C:agentzip
[10/06/2009 – 21:42:20 | N | 24] C:autoexec.bat
[24/06/2013 – 11:09:57 | N | 1050759] C:backup_mcafeeupdt
[29/10/2013 – 07:59:31 | SHD ] C:Config.Msi
[10/06/2009 – 21:42:20 | N | 10] C:config.sys
[14/07/2009 – 04:53:55 | SHD ] C:Documents and Settings
[31/10/2013 – 09:31:22 | ASH | 2789941248] C:hiberfil.sys
[22/02/2012 – 13:11:27 | D ] C:Lotus
[31/10/2013 – 12:05:12 | N | 282770] C:mcafeeupdt
[24/01/2012 – 12:33:49 | RHD ] C:MSOCache
[31/10/2013 – 09:31:28 | ASH | 3719921664] C:pagefile.sys
[14/07/2009 – 02:37:05 | D ] C:PerfLogs
[30/10/2013 – 15:59:03 | D ] C:Program Files
[08/11/2012 – 12:01:32 | HD ] C:ProgramData
[04/07/2013 – 15:17:39 | D ] C:Quarantine
[22/01/2011 – 10:56:19 | SHD ] C:Recovery
[30/10/2013 – 15:46:18 | SHD ] C:System Volume Information
[31/10/2013 – 12:09:33 | D ] C:UsbFix
[31/10/2013 – 12:10:57 | A | 9457] C:UsbFix [Clean 4] MRTC303.txt
[31/10/2013 – 09:50:26 | N | 9834] C:UsbFix [Scan 1] MRTC303.txt
[31/10/2013 – 10:09:03 | N | 10596] C:UsbFix [Scan 2] MRTC303.txt
[31/10/2013 – 10:32:26 | N | 9925] C:UsbFix [Scan 3] MRTC303.txt
[22/01/2011 – 10:56:24 | RD ] C:Users
[24/07/2013 – 13:02:34 | D ] C:Windows
[30/04/2013 – 12:30:39 | N | 0] C:_agent.txt
[30/04/2013 – 12:30:39 | N | 0] C:_organization.txt
[22/01/2011 – 10:56:31 | SHD ] D:$RECYCLE.BIN
[21/01/2011 – 12:50:50 | D ] D:Lotus
[22/01/2011 – 09:04:03 | SHD ] D:System Volume Information
[21/01/2011 – 12:49:17 | D ] D:Temp
[09/12/2007 – 07:00:46 | R | 64] E:AUTORUN.INF
[09/10/2009 – 11:42:10 | R | 103816] E:setup.exe
[01/12/2009 – 09:48:02 | D ] E:SOFTWARE
[01/09/2013 – 19:29:22 | N | 130787] F:myqesc.exe
[01/09/2013 – 21:56:36 | N | 103140] F:ujeten.exe
[28/04/2013 – 09:04:40 | D ] F:Notes Allclient install
[07/10/2013 – 12:51:44 | N | 9364] F:notes.ini
[06/10/2013 – 18:49:22 | N | 2195493] F:IMG_1017.JPG
[06/10/2013 – 18:47:32 | N | 2211977] F:IMG_1008.JPG
[06/10/2013 – 18:47:42 | N | 2209982] F:IMG_1009.JPG
[06/10/2013 – 18:47:50 | N | 2242461] F:IMG_1010.JPG
[06/10/2013 – 18:48:32 | N | 2635433] F:IMG_1014.JPG
[08/10/2013 – 14:18:52 | N | 51262] F:ID Kane Doc3.docx
[10/10/2011 – 18:18:36 | N | 574271645] F:Youssou Ndour live a londre.FLV
[10/10/2011 – 16:41:18 | N | 172993852] F:Concert Youssou ndour a L’UCAD.FLV
[05/09/2013 – 11:03:58 | N | 6299] F:odia.id
[10/10/2013 – 13:46:14 | N | 20971520] F:LDR_MRTO.nsf
[13/10/2013 – 11:28:38 | N | 165] F:~$Situation Kaedi.xlsx
[13/10/2013 – 11:31:30 | N | 17889] F:Situation Kaedi.xlsx
[11/12/2010 – 17:36:08 | N | 18] F:show.bat
[11/12/2010 – 16:36:08 | N | 18] F:show3.bat
[31/10/2013 – 09:30:44 | N | 1176238] F:UsbFix.exe
[31/10/2013 – 09:46:02 | SHD ] F:Autorun.inf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |