Répondre à : machine infectée raccourcis sur les fichiers et clés Usb 2016-09-08T13:19:21+00:00
Photo du profil de aminataaminata
Participant
Post count: 2

############################## | UsbFix V 7.147 | [Suppression]

Utilisateur: Aminata Ba (Administrateur) # MRTC1002
Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
Lancé à 05:24:08 | 19/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0C27VV)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
RAM -> [Total : 3548 | Free : 1055]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 23.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: McAfee VirusScan Enterprise [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 173 Go (110 Go libre(s) – 63%) [] # NTFS
D: -> Disque fixe # 293 Go (276 Go libre(s) – 94%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (493 Mo libre(s) – 13%) [] # FAT32
H: -> Disque amovible # 2 Go (1 Go libre(s) – 74%) [ ANNA DISCK] # FAT

################## | Référence de comparaison MD5 |

Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> C:UsersAminata BaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupprovide.vbe
Md5 : DENIED -> C:UsersAMINAT~1AppDataLocalTempprovide.vbe
Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> F:provide.vbe
Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> H:provide.vbe

################## | Processus Stoppés |

Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1544 |ParentID: 548)
Stoppé! C:WindowsExplorer.EXE (ID: 1868 |ParentID: 1736)
Stoppé! C:SunSystems4UTILSsrvany.exe (ID: 1884 |ParentID: 548)
Stoppé! C:SunSystems4ServerCCITCP2.exe (ID: 1948 |ParentID: 1884)
Stoppé! C:Program FilesMovies ToolbarDatamngrDatamngrCoordinator.exe (ID: 1956 |ParentID: 548)
Stoppé! C:Windowssystem32conhost.exe (ID: 1964 |ParentID: 432)
Stoppé! C:Windowssystem32taskhost.exe (ID: 2004 |ParentID: 548)
Stoppé! C:Program FilesMovies ToolbarDatamngrDatamngrCoordinator.exe (ID: 624 |ParentID: 1956)
Stoppé! C:Program FilesMovies ToolbarDatamngrDatamngrUI.exe (ID: 540 |ParentID: 1956)
Stoppé! C:ProgramDataExpressoOnlineUpdateouc.exe (ID: 312 |ParentID: 380)
Stoppé! C:ProgramDataDatacardServiceHWDeviceService.exe (ID: 1312 |ParentID: 548)
Stoppé! C:Program FilesJustSAMItAgentsrvany.exe (ID: 1684 |ParentID: 548)
Stoppé! C:ProgramDataDatacardServiceDCSHelper.exe (ID: 1732 |ParentID: 1312)
Stoppé! d:lotusnotesSUService.exe (ID: 1752 |ParentID: 548)
Stoppé! d:lotusnotesnsd.exe (ID: 2060 |ParentID: 548)
Stoppé! C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe (ID: 2096 |ParentID: 548)
Stoppé! C:Program FilesMcAfeeCommon FrameworkUdaterUI.exe (ID: 2104 |ParentID: 1868)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 2216 |ParentID: 1868)
Stoppé! C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe (ID: 2272 |ParentID: 548)
Stoppé! C:Windowssystem32mfevtps.exe (ID: 2312 |ParentID: 548)
Stoppé! C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe (ID: 2332 |ParentID: 548)
Stoppé! C:Program FilesMcAfeeVirusScan Enterprisemfeann.exe (ID: 2364 |ParentID: 2272)
Stoppé! C:Windowssystem32conhost.exe (ID: 2372 |ParentID: 432)
Stoppé! C:Program FilesMcAfeeCommon FrameworknaPrdMgr.exe (ID: 2648 |ParentID: 756)
Stoppé! C:Program FilesVideoDownloadConverter_4zbar1.bin4zSrchMn.exe (ID: 2656 |ParentID: 1868)
Stoppé! C:Program FilesVideoDownloadConverter_4zbar1.bin4zbrmon.exe (ID: 2672 |ParentID: 1868)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2680 |ParentID: 1868)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID: 2724 |ParentID: 1868)
Stoppé! C:UsersAminata BaAppDataLocaliLividiLivid.exe (ID: 2740 |ParentID: 1868)
Stoppé! C:WindowsSystem32wscript.exe (ID: 2756 |ParentID: 1868)
Stoppé! C:Program FilesMcAfeeCommon FrameworkMcTray.exe (ID: 3156 |ParentID: 2104)
Stoppé! d:lotusnotesntmulti.exe (ID: 3356 |ParentID: 548)
Stoppé! C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 3516 |ParentID: 548)
Stoppé! C:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe (ID: 3744 |ParentID: 548)
Stoppé! C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (ID: 3772 |ParentID: 548)
Stoppé! C:SunSystems4UTILSsrvany.exe (ID: 3920 |ParentID: 548)
Stoppé! C:SunSystems4ServerSSMASTER.exe (ID: 4004 |ParentID: 3920)
Stoppé! C:Program FilesTeamViewerVersion8TeamViewer_Service.exe (ID: 4040 |ParentID: 548)
Stoppé! C:UsersAminata BaAppDataLocalTorchUpdateTorchCrashHandler.exe (ID: 2396 |ParentID: 548)
Stoppé! C:Program FilesExpressobinMonServiceUDisk.exe (ID: 2576 |ParentID: 548)
Stoppé! C:PROGRA~1VIDEOD~2bar1.bin4zbarsvc.exe (ID: 3368 |ParentID: 548)
Stoppé! C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 3720 |ParentID: 548)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5204 |ParentID: 548)
Stoppé! C:WindowsSystem32alg.exe (ID: 5628 |ParentID: 548)
Stoppé! C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 5644 |ParentID: 6016)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 5616 |ParentID: 548)
Stoppé! C:Program FilesMicrosoftBingBar7.2.241.0SeaPort.exe (ID: 5868 |ParentID: 548)
Stoppé! C:Program FilesAdobeReader 9.0ReaderAcroRd32.exe (ID: 3248 |ParentID: 1868)
Stoppé! C:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (ID: 3812 |ParentID: 1868)
Stoppé! C:Windowssystem32LogonUI.exe (ID: 7472 |ParentID: 588)
Stoppé! D:lotusnotesNLNOTES.EXE (ID: 4904 |ParentID: 4744)
Stoppé! D:lotusnotesframeworkrcpeclipsepluginscom.ibm.rcp.base_6.2.3.20110915-1350win32x86notes2.exe (ID: 5248 |ParentID: 7048)
Stoppé! D:lotusnotesntaskldr.EXE (ID: 8036 |ParentID: 4904)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5652 |ParentID: 992)
Stoppé! C:Program FilesjZipjZip.exe (ID: 7408 |ParentID: 4904)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejucheck.exe (ID: 4248 |ParentID: 2680)
Stoppé! C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 6212 |ParentID: 756)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3612 |ParentID: 1868)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 8116 |ParentID: 3612)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1904 |ParentID: 3612)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1248 |ParentID: 3612)
Stoppé! C:Program FilesMcAfeeVirusScan Enterprisemcconsol.exe (ID: 1260 |ParentID: 3156)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 4808 |ParentID: 1868)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID: 5788 |ParentID: 4808)
Stoppé! C:Windowssystem32MacromedFlashFlashUtil32_11_9_900_117_ActiveX.exe (ID: 8096 |ParentID: 756)
Stoppé! C:Program FilesBabylonBabylon-ProBabylon.exe (ID: 8928 |ParentID: 3212)
Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4448 |ParentID: 3612)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 6688 |ParentID: 5204)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 5872 |ParentID: 5204)

################## | Regedit Run |

HKLMSOFTWARE | Run : [McAfeeUpdaterUI] – “C:Program FilesMcAfeeCommon Frameworkudaterui.exe” /StartedFromRunKey
HKLMSOFTWARE | Run : [ShStatEXE] – “C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE” /STANDALONE
HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [VideoDownloadConverter Search Scope Monitor] – “C:PROGRA~1VIDEOD~2bar1.bin4zsrchmn.exe” /m=2 /w /h
HKLMSOFTWARE | Run : [VideoDownloadConverter_4z Browser Plugin Loader] – C:PROGRA~1VIDEOD~2bar1.bin4zbrmon.exe
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [Babylon Client] – C:Program FilesBabylonBabylon-ProBabylon.exe -AutoStart
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-4016989911-3843796895-1440007713-1000SOFTWARE | Run : [uTorrent] – C:Program FilesuTorrentuTorrent.exe /MINIMIZED
HKUS-1-5-21-4016989911-3843796895-1440007713-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-4016989911-3843796895-1440007713-1000SOFTWARE | Run : [iLivid] – “C:UsersAminata BaAppDataLocaliLividiLivid.exe” -autorun
HKUS-1-5-21-4016989911-3843796895-1440007713-1000SOFTWARE | Run : [provide] – wscript.exe //B “C:UsersAMINAT~1AppDataLocalTempprovide.vbe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Recherche générique |

Supprimé! F:provide.vbe
Supprimé! H:provide.vbe
Supprimé! C:UsersAMINAT~1AppDataLocalTempprovide.vbe
Supprimé! C:UsersAminata BaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupprovide.vbe
Supprimé! F:UsbFix.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! F:Nouveau dossier.lnk
Supprimé! H:~$JV.lnk
Supprimé! H:LOYER CSN.lnk
Supprimé! H:SAVING BASE BOGHE AOUT 13.lnk
Supprimé! H:CV JUILLET 13 FY13 -F.lnk
Supprimé! H:sans-titre.lnk
Supprimé! H:SUIVI BANK FY 13 2013.lnk
Supprimé! H:croki.lnk
Supprimé! H:1378631909_2[1].lnk
Supprimé! H:PL PROPOSITION.lnk
Supprimé! H:cimg5662.lnk
Supprimé! H:JV.lnk
Supprimé! H:Maison & Déco 3D – talibe par TALIBE10.lnk
Supprimé! H:Anna.lnk
Supprimé! H:Anna1.lnk
Supprimé! H:JV LOYER BASE.lnk
Supprimé! H:~$SALAIRE BASE BOGHE JUILLET 2013.lnk
Supprimé! H:Snapshot_2012-11-23-09-04-10.lnk
Supprimé! H:Snapshot_2012-11-23-09-04-16.lnk
Supprimé! H:Snapshot_2012-11-23-09-04-22.lnk
Supprimé! H:PCBASE BOGHE FY 13 – – Copie – Copie – Copie.lnk
Supprimé! H:~$SAVING BASE BOGHE AOUT 13.lnk
Supprimé! H:~$SUIVI BANK FY 13 2013.lnk
Supprimé! H:~WRL0002.lnk
Supprimé! H:~$CV51-81.lnk
Supprimé! H:~$CV AVRIL 1.lnk
Supprimé! H:~$SUIVI BANK FY 13 (Enregistré automatiquement).lnk
Supprimé! H:~$JV MAI.lnk
Supprimé! H:ANB.lnk
Supprimé! H:Images.lnk
Supprimé! H:Nouveau dossier (7).lnk
Supprimé! H:Nouveau dossier (6).lnk
Supprimé! H:Nouveau dossier.lnk
Supprimé! H:Nouveau dossier (2).lnk
Supprimé! H:CV51-81.lnk
Supprimé! H:Nouveau dossier (3).lnk
Supprimé! H:CV OCTOBRE 1-50.lnk
Supprimé! H:~$COMPLEMENT JV MAI.lnk
Supprimé! H:~$CV OCTOBRE 82-100.lnk
Supprimé! H:CV OCTOBRE 82-100.lnk
Supprimé! H:CV 80-100.lnk
Supprimé! H:~$CV 80-100.lnk
Supprimé! H:plm – Copie.lnk
Supprimé! C:UsersAMINAT~1AppDataLocalTempiet876C.tmp.exe

(!) Fichiers temporaires supprimés.
################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000SoftwareMicrosoftWindowsCurrentVersionRun|provide
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{082c9a34-1a63-11e3-a215-14feb5e7d100}
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{0e718ab8-1932-11e3-932e-14feb5e7d100}
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{5581381c-1b45-11e3-a265-14feb5e7d100}
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{8d46b944-1bf3-11e3-8b34-14feb5e7d100}
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{9816508d-55ac-11e1-95dc-14feb5e7d100}
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{bc99e014-7238-11e2-8b19-14feb5e7d100}
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{d142341e-e144-11e1-81c6-14feb5e7d100}
Supprimé! HKUS-1-5-21-4016989911-3843796895-1440007713-1000Software….Mountpoints2{dd99a94d-1a7d-11e3-b3af-14feb5e7d100}

################## | Listing |

[12/02/2012 – 01:36:08 | SHD ] C:$Recycle.Bin
[13/02/2012 – 01:49:54 | D ] C:agentzip
[10/06/2009 – 10:42:20 | N | 24] C:autoexec.bat
[19/09/2013 – 17:19:12 | N | 1050009] C:backup_mcafeeupdt
[14/11/2013 – 03:27:48 | SHD ] C:Config.Msi
[10/06/2009 – 10:42:20 | N | 10] C:config.sys
[13/07/2009 – 17:53:55 | SHD ] C:Documents and Settings
[17/11/2013 – 22:14:51 | ASH | 2789941248] C:hiberfil.sys
[26/01/2013 – 11:02:43 | D ] C:HP LJP2015 PCL6
[13/02/2013 – 05:27:11 | D ] C:kyocera FS 202 4020 3920
[17/03/2013 – 00:11:25 | D ] C:lotusold2
[19/11/2013 – 03:25:07 | N | 171389] C:mcafeeupdt
[17/03/2013 – 01:37:34 | D ] C:mon lotus
[12/02/2012 – 22:39:10 | RHD ] C:MSOCache
[24/03/2012 – 23:19:52 | N | 221782] C:P1005.log
[17/11/2013 – 22:14:54 | ASH | 3719921664] C:pagefile.sys
[13/07/2009 – 15:37:05 | D ] C:PerfLogs
[19/11/2013 – 01:43:59 | D ] C:Program Files
[19/11/2013 – 01:47:56 | HD ] C:ProgramData
[07/11/2013 – 01:59:12 | D ] C:Quarantine
[12/02/2012 – 01:35:59 | SHD ] C:Recovery
[28/04/2013 – 20:52:50 | N | 44363970] C:SABF-MRT.BAK
[28/04/2013 – 20:51:16 | N | 182703306] C:SALF-MRT.BAK
[13/02/2013 – 05:24:10 | D ] C:serialisation FY13
[28/04/2013 – 20:44:46 | N | 1919447] C:SSRF-MRT.BAK
[13/02/2013 – 05:26:38 | D ] C:SUN CD ROM
[13/02/2012 – 22:54:42 | D ] C:SunSystems4
[17/11/2013 – 22:15:07 | N | 83670] C:SUService.log
[14/11/2013 – 03:01:29 | SHD ] C:System Volume Information
[17/03/2013 – 00:18:13 | D ] C:Temp
[19/11/2013 – 05:30:31 | D ] C:UsbFix
[19/11/2013 – 05:31:55 | A | 14894] C:UsbFix [Clean 1] MRTC1002.txt
[19/11/2013 – 02:09:40 | N | 14429] C:UsbFix [Scan 1] MRTC1002.txt
[12/02/2012 – 01:36:03 | RD ] C:Users
[13/02/2013 – 05:30:53 | D ] C:usr
[13/02/2013 – 05:31:54 | D ] C:Vision5
[30/10/2013 – 06:06:59 | D ] C:Windows
[12/02/2012 – 01:36:08 | SHD ] D:$RECYCLE.BIN
[17/03/2013 – 06:33:37 | SHD ] D:Config.Msi
[17/04/2013 – 06:04:54 | N | 117845] D:JVB.ndf
[17/04/2013 – 06:04:50 | N | 1007] D:JVB.vlb
[17/03/2013 – 06:39:57 | D ] D:lotus
[17/03/2013 – 01:38:04 | D ] D:Lotusold
[12/02/2012 – 08:03:16 | SHD ] D:System Volume Information
[17/03/2013 – 06:38:41 | D ] D:Temp
[19/11/2013 – 11:18:08 | SHD ] F:Autorun.inf
[19/11/2013 – 12:41:22 | D ] F:Nouveau dossier
[31/10/2013 – 09:30:44 | N | 1176238] F:UsbFix.exe
[17/09/2013 – 04:36:58 | N | 150631] H:SAVING BASE BOGHE AOUT 13.xlsx
[08/10/2013 – 22:34:18 | D ] H:ANB
[09/09/2013 – 18:58:10 | N | 98734] H:cimg5662.jpg
[12/02/2013 – 16:45:18 | N | 1576448] H:CV JUILLET 13 FY13 -F.xls
[03/09/2013 – 15:14:24 | D ] H:Images
[05/09/2013 – 19:09:00 | D ] H:Nouveau dossier (7)
[07/09/2013 – 19:55:50 | N | 392335] H:sans-titre.png
[18/09/2013 – 12:17:46 | N | 29446292] H:SUIVI BANK FY 13 2013.xlsx
[08/09/2013 – 02:00:00 | N | 78028] H:1378631909_2[1].png
[14/09/2013 – 00:19:40 | N | 256879] H:PL PROPOSITION.png
[05/02/2013 – 13:08:16 | N | 166400] H:LOYER CSN.doc
[08/09/2013 – 09:09:30 | N | 193794] H:Maison & Déco 3D – talibe par TALIBE10.jpg
[08/09/2013 – 09:11:06 | N | 79972] H:Maison & Déco 3D – talibe par TALIBE102
[09/09/2013 – 12:57:08 | N | 150381] H:Anna.pdf
[09/09/2013 – 15:48:50 | N | 149485] H:Anna1.pdf
[10/09/2013 – 23:28:22 | N | 15639] H:croki.png
[03/09/2013 – 19:23:50 | D ] H:Nouveau dossier (6)
[25/07/2013 – 15:16:44 | D ] H:Nouveau dossier
[13/10/2013 – 05:08:46 | N | 1544704] H:JV LOYER BASE.xls
[18/07/2013 – 12:49:44 | N | 165] H:~$SALAIRE BASE BOGHE JUILLET 2013.xlsx
[09/09/2013 – 18:18:54 | N | 175669] H:Snapshot_2012-11-23-09-04-10.png
[09/09/2013 – 18:18:54 | N | 196092] H:Snapshot_2012-11-23-09-04-16.png
[09/09/2013 – 18:18:46 | N | 181030] H:Snapshot_2012-11-23-09-04-22.png
[13/10/2013 – 05:37:50 | N | 165] H:~$JV.xlsx
[13/10/2013 – 05:38:00 | N | 78960] H:JV.xlsx
[16/07/2013 – 15:55:48 | N | 606720] H:PCBASE BOGHE FY 13 – – Copie – Copie – Copie.xls
[17/09/2013 – 16:47:20 | N | 165] H:~$SAVING BASE BOGHE AOUT 13.xlsx
[17/09/2013 – 22:32:08 | N | 165] H:~$SUIVI BANK FY 13 2013.xlsx
[10/11/2013 – 05:00:16 | D ] H:Nouveau dossier (2)
[11/04/2013 – 10:34:58 | N | 164352] H:~WRL0002.tmp
[10/11/2013 – 05:03:38 | D ] H:Nouveau dossier (3)
[10/11/2013 – 05:09:46 | N | 106456] H:CV OCTOBRE 1-50.xlsx
[12/11/2013 – 06:49:22 | N | 91115] H:CV51-81.xlsx
[17/11/2013 – 01:49:16 | N | 86743] H:CV 80-100.xlsx
[14/11/2013 – 06:14:20 | N | 86377] H:CV OCTOBRE 82-100.xlsx
[09/11/2013 – 00:29:40 | N | 321501] H:plm – Copie.png
[21/04/2013 – 08:20:56 | N | 165] H:~$CV AVRIL 1.xlsx
[02/06/2013 – 11:57:58 | N | 165] H:~$SUIVI BANK FY 13 (Enregistré automatiquement).xlsx
[06/06/2013 – 11:19:20 | N | 165] H:~$JV MAI.xlsx
[12/06/2013 – 11:49:34 | N | 165] H:~$COMPLEMENT JV MAI.xlsx

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |