Merci de ton aide.
Citation :############################## | UsbFix V 7.162 | [deletion]
User: Mehdi (Psychologue) (Administrator) # MEHDI
Updated 27/01/2014 by El Desaparecido - Team SosVirus
Started at 09:25:14 | 13/02/2014
Website :
http://www.en.usbfix.netChangelog :
http://www.usbfix.net/maj/Support :
http://www.sosvirus.net/Upload Malware :
http://www.sosvirus.net/upload_malware.phpContact :
http://www.en.usbfix.net/contact/PC: ASUSTek Computer INC. (NODUSM3)
CPU: AMD Athlon(tm) 64 Processor 3500+
RAM -> [total : 446 Mo| Free : 139 Mo]
Bios: Phoenix Technologies, LTD
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 26.0
SC: Security Center [enabled]
WU: Windows Update [enabled]
FW: Windows FireWall [enabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001
C
![:\](https://static.telecharger.01net.com/generated/merged/flat/design/smilies/ohwell.gif ":\")
(%systemdrive%) -> Fixed drive # 142 Gb (114 Mb free - 80%) [presario] # NTFS
D
-> Fixed drive # 7 Gb (1 Mb free - 16%) [presario_rp] # FAT32
E
-> CD-ROM
J
-> Removable drive # 4 Gb (3 Mb free - 89%) [clÉ USB 4GO] # FAT32
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (ID: 708 |ParentID: 4)
C:\WINDOWS\system32\csrss.exe (ID: 840 |ParentID: 708)
C:\WINDOWS\system32\winlogon.exe (ID: 1068 |ParentID: 708)
C:\WINDOWS\system32\services.exe (ID: 1128 |ParentID: 1068)
C:\WINDOWS\system32\lsass.exe (ID: 1156 |ParentID: 1068)
C:\WINDOWS\system32\svchost.exe (ID: 1372 |ParentID: 1128)
C:\WINDOWS\system32\svchost.exe (ID: 1436 |ParentID: 1128)
C:\WINDOWS\System32\svchost.exe (ID: 1556 |ParentID: 1128)
C:\WINDOWS\system32\svchost.exe (ID: 1640 |ParentID: 1128)
C:\WINDOWS\system32\svchost.exe (ID: 1732 |ParentID: 1128)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1816 |ParentID: 1128)
C:\WINDOWS\system32\spoolsv.exe (ID: 300 |ParentID: 1128)
C:\WINDOWS\arservice.exe (ID: 1716 |ParentID: 1128)
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (ID: 1976 |ParentID: 1556)
C:\WINDOWS\Explorer.EXE (ID: 140 |ParentID: 1980)
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (ID: 324 |ParentID: 1128)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (ID: 504 |ParentID: 1128)
C:\WINDOWS\eHome\ehRecvr.exe (ID: 644 |ParentID: 1128)
C:\WINDOWS\eHome\ehSched.exe (ID: 672 |ParentID: 1128)
C:\WINDOWS\eHome\ehRec.exe (ID: 724 |ParentID: 1372)
C:\Program Files\RIFT Technologies\InstallClick Connector\installclick.exe (ID: 776 |ParentID: 1128)
C:\Program Files\RIFT Technologies\InstallClick Connector\installclick-connector.exe (ID: 800 |ParentID: 776)
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (ID: 820 |ParentID: 1128)
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe (ID: 1652 |ParentID: 1128)
C:\WINDOWS\system32\nvsvc32.exe (ID: 1888 |ParentID: 1128)
C:\WINDOWS\system32\svchost.exe (ID: 1940 |ParentID: 1128)
C:\WINDOWS\ehome\mcrdsvc.exe (ID: 516 |ParentID: 1128)
C:\WINDOWS\system32\wuauclt.exe (ID: 2096 |ParentID: 1556)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 3272 |ParentID: 1372)
################## | Regedit Run |
04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [google Update] "C:\Documents and Settings\Mehdi (Psychologue)\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
04 - HKLM\..\Run : [ehtray] C:\WINDOWS\ehome\ehtray.exe
04 - HKLM\..\Run : [rthdcpl] RTHDCPL.EXE
04 - HKLM\..\Run : [nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\Run : [hpdj Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [hpbootop] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
04 - HKLM\..\Run : [avastui.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-298658248-549518735-2477505221-1008\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-298658248-549518735-2477505221-1008\..\Run : [google Update] "C:\Documents and Settings\Mehdi (Psychologue)\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
################## | Generic Research |
Deleted ! C:\WINDOWS\install.exe
(!) Temporary files deleted.
################## | Registry |
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
################## | Listing |
[29/10/2013 - 08:41:00 | D] - C:\61d62357b322c1f9fca0
[24/10/2013 - 11:56:48 | D] - C:\981b029fe90a5c8187
[12/12/2013 - 09:48:00 | D] - C:\AdwCleaner
[10/10/2005 - 12:34:04 | AH | 0 Ko] - C:\AUTOEXEC.BAT
[08/12/2006 - 15:56:15 | N | 0 Ko] - C:\BOOT.BAK
[23/04/2013 - 09:04:58 | RASH | 0 Ko] - C:\boot.ini
[09/08/2004 - 22:00:00 | N | 5 Ko] - C:\Bootfont.bin
[08/12/2006 - 16:00:25 | D] - C:\cmdcons
[09/08/2004 - 22:00:00 | N | 257 Ko] - C:\cmldr
[15/11/2005 - 03:22:08 | D] - C:\CMPNENTS
[13/02/2014 - 09:19:53 | D] - C:\Config.Msi
[10/10/2005 - 12:34:04 | N | 0 Ko] - C:\CONFIG.SYS
[28/11/2013 - 08:50:53 | N | 1 Ko | 88D6F2D1C71773321073E83EAC299050] - C:\DelFix.txt
[14/08/2012 - 07:35:02 | D] - C:\Documents and Settings
[14/05/2013 - 10:38:28 | D] - C:\e2f8aaea1bccd5e3bfc690
[13/02/2014 - 09:24:17 | ASH | 457268 Ko] - C:\hiberfil.sys
[08/01/2007 - 20:56:27 | D] - C:\hp
[11/02/2014 - 09:01:38 | N | 125 Ko] - C:\hpfr6500.log
[10/10/2005 - 12:34:04 | RASH | 0 Ko] - C:\IO.SYS
[13/02/2014 - 09:24:43 | N | 0 Ko | DEC849C4FBBE6B3D821D497901759541] - C:\log2.txt
[10/10/2005 - 12:34:04 | RASH | 0 Ko] - C:\MSDOS.SYS
[08/12/2006 - 16:07:28 | RHD] - C:\MSOCache
[09/08/2004 - 22:00:00 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM
[23/08/2012 - 09:12:09 | RASH | 246 Ko] - C:\ntldr
[13/02/2014 - 09:24:16 | ASH | 688128 Ko] - C:\pagefile.sys
[09/01/2014 - 08:38:45 | D] - C:\Program Files
[23/04/2013 - 09:00:56 | D] - C:\Python22
[03/09/2013 - 09:59:57 | SHD] - C:\RECYCLER
[28/08/2012 - 10:06:22 | SHD] - C:\System Volume Information
[19/09/2006 - 14:25:51 | D] - C:\system.sav
[29/10/2013 - 10:24:44 | D] - C:\temp
[28/01/2014 - 08:58:49 | D] - C:\UsbFix
[13/02/2014 - 09:25:40 | A | 7 Ko | B2322C6CA988C4F56EE54931501753EE] - C:\UsbFix [clean 2] MEHDI.txt
[28/01/2014 - 08:59:35 | N | 6 Ko | 72E874C7FF91FCEB2DABD7F54D2C7F70] - C:\UsbFix [scan 1] MEHDI.txt
[13/02/2014 - 09:25:30 | D] - C:\WINDOWS
[22/10/2013 - 11:58:50 | N | 0 Ko] - C:\~WRD0667.tmp
[27/07/2001 - 08:07:38 | SH | 0 Ko] - D:\AUTOEXEC.BAT
[30/04/2004 - 00:01:14 | N | 0 Ko] - D:\Autorun.inf
[09/01/2002 - 18:52:30 | SH | 0 Ko] - D:\BOOT.INI
[10/12/2005 - 03:00:14 | D] - D:\cmdcons
[16/08/2001 - 11:26:26 | N | 232 Ko] - D:\CMLDR
[28/07/2001 - 06:07:38 | N | 0 Ko] - D:\CONFIG.SYS
[24/05/2005 - 20:48:26 | SH | 0 Ko] - D:\Desktop.ini
[10/09/2002 - 02:21:08 | N | 8 Ko] - D:\Folder.htt
[17/06/2001 - 09:31:08 | N | 0 Ko] - D:\GRAPH
[25/01/2002 - 02:21:24 | N | 0 Ko] - D:\GRAPH16
[29/11/2004 - 21:01:50 | N | 72 Ko | 6C487182578D1253831725A7CDC606C3] - D:\Info.exe
[28/07/2001 - 06:07:38 | SH | 0 Ko] - D:\IO.SYS
[17/08/2006 - 07:21:10 | D] - D:\MiniNT
[28/07/2001 - 06:07:38 | SH | 0 Ko] - D:\MSDOS.SYS
[25/07/2001 - 22:00:00 | N | 44 Ko | 1D8A88961544A20F98632D852434ABB3] - D:\NTDETECT.COM
[25/07/2001 - 22:00:00 | SH | 218 Ko] - D:\NTLDR
[10/12/2005 - 06:02:48 | SHD] - D:\PRELOAD
[02/03/2003 - 22:46:06 | SH | 109 Ko] - D:\protect.ed
[19/09/2006 - 09:41:00 | N | 0 Ko] - D:\SAVEFILE.DIR
[02/03/2003 - 22:41:48 | N | 86 Ko] - D:\Warning.bmp
[19/09/2006 - 09:41:38 | D] - D:\I386
[17/08/2006 - 07:11:46 | D] - D:\HP
[19/09/2006 - 09:45:48 | D] - D:\TOOLS
[23/11/2011 - 21:39:38 | N | 1 Ko] - D:\MASTER.LOG
[17/08/2001 - 00:32:24 | N | 0 Ko] - D:\Ntfs
[23/05/2001 - 13:19:06 | N | 0 Ko] - D:\Svga
[18/08/2001 - 00:00:00 | N | 0 Ko] - D:\Win51
[21/01/2001 - 23:00:00 | N | 0 Ko] - D:\Win51.b2
[25/07/2001 - 00:00:00 | N | 0 Ko] - D:\Win51.rc1
[25/07/2001 - 05:47:04 | N | 0 Ko] - D:\Win51.rc2
[18/08/2001 - 00:00:00 | N | 0 Ko] - D:\Win51ic
[19/03/2001 - 23:00:00 | N | 0 Ko] - D:\Win51ic.b2
[25/07/2001 - 00:00:00 | N | 0 Ko] - D:\Win51ic.rc1
[25/07/2001 - 00:00:00 | N | 0 Ko] - D:\Win51ic.rc2
[17/08/2001 - 00:00:00 | N | 0 Ko] - D:\Win51ip
[21/01/2001 - 23:00:00 | N | 0 Ko] - D:\Win51ip.b2
[25/07/2001 - 05:47:04 | N | 0 Ko] - D:\Win51ip.rc2
[16/08/2001 - 22:17:02 | N | 0 Ko] - D:\Winbom.ini
[19/09/2006 - 10:05:14 | N | 0 Ko] - D:\BLOCK.RIN
[19/09/2006 - 10:09:22 | N | 0 Ko] - D:\USER
[19/09/2006 - 10:09:22 | D] - D:\Réinstallation Système
[08/12/2006 - 15:59:26 | SHD] - D:\System Volume Information
[08/01/2007 - 20:56:24 | D] - D:\Recycled
[23/11/2011 - 21:39:52 | N | 0 Ko] - D:\RCBoot.sys
[17/12/2013 - 14:55:18 | D] - J:\FOUND.000
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F |
http://www.usbfix.net -
http://www.sosvirus.net |
À noter qu'un virus a été détecté lors de l'analyse. Et, petite nouveauté, un fichier "FOUND" est apparu sur la clef, avec à l'intérieur 1854 fichiers .CHK ! De toute évidence, ces 1854 fichiers correspondent aux fichiers qui existaient avant sur ma clef. Seulement, maintenant, avec cette extension, je ne peux plus les lire. Comment faire machine arrière et sauver mes fichiers ?
Encore merci.
nos newsletters
Lisez 01net pour 2,25 € / n° seulement
