Virus qui attaque la clé
piwo
Messages postés
124
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je suis sous windows 7 et lorsque je branche une clé usb tous les dossier et fichier sont transformé je pense par un virus. voici le rapport hijackthis. merci d avance pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:21, on 29/06/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
F:\Windows\system32\taskhost.exe
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\ProgramData\DatacardService\DCSHelper.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\C&E\OSD\osd.exe
F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe
F:\Program Files\Alwil Software\Avast5\AvastUI.exe
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
F:\Users\Nchegeh\biotu.exe
F:\Program Files\RALINK\Common\RaUI.exe
F:\Program Files\MTN Internet\MTN Internet.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
F:\Windows\system32\SearchFilterHost.exe
F:\Windows\explorer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - F:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OSD] F:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [MMReminderService] F:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [avast] "F:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] F:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [JustVoip] "F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Google Update] "F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KiesTrayAgent] F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [biotu] F:\Users\Nchegeh\biotu.exe /r
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = F:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - F:\Users\Nchegeh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - F:\Users\Nchegeh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - F:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{25424945-B4AB-45D3-8EF6-4F2D1A62257B}: NameServer = 196.202.236.210 210.80.58.66
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! Antivirus - AVAST Software - F:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - F:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CDROM_Detect - Unknown owner - F:\Program Files\CDMA-1XDO\C+WEject.exe
O23 - Service: DCService.exe - Unknown owner - F:\ProgramData\DatacardService\DCService.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - F:\Windows\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - F:\Windows\system32\FsUsbExService.Exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe
O23 - Service: OracleOraDb11g_home1ClrAgent - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: Oracle ORCL VSS Writer Service (OracleVssWriterORCL) - Unknown owner - d:\app\nchegeh\product\11.2.0\dbhome_1\bin\OraVSSW.exe
O23 - Service: OsdService - Unknown owner - F:\Program Files\C&E\OSD\OsdService\OsdService.exe
O23 - Service: UDisk Monitor - Unknown owner - F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
je suis sous windows 7 et lorsque je branche une clé usb tous les dossier et fichier sont transformé je pense par un virus. voici le rapport hijackthis. merci d avance pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:21, on 29/06/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
F:\Windows\system32\taskhost.exe
F:\Windows\system32\Dwm.exe
F:\Windows\Explorer.EXE
F:\ProgramData\DatacardService\DCSHelper.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\C&E\OSD\osd.exe
F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe
F:\Program Files\Alwil Software\Avast5\AvastUI.exe
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
F:\Users\Nchegeh\biotu.exe
F:\Program Files\RALINK\Common\RaUI.exe
F:\Program Files\MTN Internet\MTN Internet.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
F:\Windows\system32\SearchFilterHost.exe
F:\Windows\explorer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - F:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OSD] F:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [MMReminderService] F:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [avast] "F:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] F:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [JustVoip] "F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Google Update] "F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KiesTrayAgent] F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [biotu] F:\Users\Nchegeh\biotu.exe /r
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = F:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - F:\Users\Nchegeh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - F:\Users\Nchegeh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - F:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{25424945-B4AB-45D3-8EF6-4F2D1A62257B}: NameServer = 196.202.236.210 210.80.58.66
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! Antivirus - AVAST Software - F:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - F:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CDROM_Detect - Unknown owner - F:\Program Files\CDMA-1XDO\C+WEject.exe
O23 - Service: DCService.exe - Unknown owner - F:\ProgramData\DatacardService\DCService.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - F:\Windows\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - F:\Windows\system32\FsUsbExService.Exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe
O23 - Service: OracleOraDb11g_home1ClrAgent - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe
O23 - Service: OracleOraDb11g_home1TNSListener - Oracle Corporation - D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE
O23 - Service: Oracle ORCL VSS Writer Service (OracleVssWriterORCL) - Unknown owner - d:\app\nchegeh\product\11.2.0\dbhome_1\bin\OraVSSW.exe
O23 - Service: OsdService - Unknown owner - F:\Program Files\C&E\OSD\OsdService\OsdService.exe
O23 - Service: UDisk Monitor - Unknown owner - F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
A voir également:
- Virus qui attaque la clé
- Clé usb non détectée - Guide
- Clé windows 8 - Guide
- Clé usb - Accueil - Stockage
- Formater clé usb - Guide
- Virus mcafee - Accueil - Piratage
12 réponses
Bonjour piwo
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge et installe UsbFix de El Desaparecido , C_XX & Chimay8
Ici http://eldesaparecido.com/usbfix.html
Ou si problème
http://general-changelog-team.fr/telechargements/logiciels/viewdownload/80-outils-de-el-desaparecido/32-usbfix
Tutoriel de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Clic droit "Exécuter en tant qu'administrateur" sur le raccourci UsbFix présent sur ton bureau.
# Choisi Recherche
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
@+
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge et installe UsbFix de El Desaparecido , C_XX & Chimay8
Ici http://eldesaparecido.com/usbfix.html
Ou si problème
http://general-changelog-team.fr/telechargements/logiciels/viewdownload/80-outils-de-el-desaparecido/32-usbfix
Tutoriel de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Clic droit "Exécuter en tant qu'administrateur" sur le raccourci UsbFix présent sur ton bureau.
# Choisi Recherche
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
@+
voici le rapport usbfix
############################## | UsbFix V 7.091 | [Research]
User: Nchegeh (Administrator) # NCHEGEH-PC
Updated 28/06/2012 by El Desaparecido
Started at 17:47:41 | 29/06/2012
Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com
PC: OEM (671) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz (2000)
RAM -> [Total : 1917 | Free : 874]
BIOS: Ver 1.00PARTTBLR
BOOT: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ -> Fixed drive # 100 Mb (29 Mb free - 29%) [no space] # NTFS
D:\ -> Fixed drive # 78 Gb (60 Mb free - 77%) [] # NTFS
E:\ -> CD-ROM
F:\ (%systemdrive%) -> Fixed drive # 71 Gb (31 Mb free - 44%) [] # NTFS
G:\ -> CD-ROM
H:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [] # FAT
I:\ -> Removable drive # 4 Gb (1 Mb free - 29%) [PIWO] # FAT32
J:\ -> Removable drive # 4 Gb (4 Mb free - 97%) [CLEUSB] # FAT32
################## | Active Processes |
F:\Windows\system32\csrss.exe (416)
F:\Windows\system32\wininit.exe (472)
F:\Windows\system32\csrss.exe (484)
F:\Windows\system32\services.exe (536)
F:\Windows\system32\lsass.exe (552)
F:\Windows\system32\lsm.exe (560)
F:\Windows\system32\winlogon.exe (692)
F:\Windows\system32\svchost.exe (700)
F:\Windows\system32\svchost.exe (800)
F:\Windows\System32\svchost.exe (852)
F:\Windows\System32\svchost.exe (908)
F:\Windows\system32\svchost.exe (940)
F:\Windows\system32\svchost.exe (1124)
F:\Windows\system32\svchost.exe (1260)
F:\Windows\system32\svchost.exe (1384)
F:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1412)
F:\Windows\System32\spoolsv.exe (1796)
F:\Windows\system32\taskhost.exe (1852)
F:\Windows\system32\Dwm.exe (1912)
F:\Windows\Explorer.EXE (1940)
F:\Program Files\Bonjour\mDNSResponder.exe (2044)
F:\Program Files\CDMA-1XDO\C+WEject.exe (428)
F:\ProgramData\DatacardService\DCService.exe (468)
F:\Windows\system32\dgdersvc.exe (1160)
F:\ProgramData\DatacardService\DCSHelper.exe (1296)
F:\Windows\system32\FsUsbExService.Exe (504)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe (2036)
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1028)
F:\Program Files\C&E\OSD\osd.exe (556)
F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (2060)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe (2088)
F:\Program Files\Alwil Software\Avast5\AvastUI.exe (2136)
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (2148)
F:\Windows\system32\conhost.exe (2156)
F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe (2304)
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (2372)
F:\Users\Nchegeh\biotu.exe (2396)
F:\Program Files\RALINK\Common\RaUI.exe (2440)
D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe (2892)
F:\Windows\system32\cmd.exe (2924)
D:\app\Nchegeh\product\11.2.0\dbhome_1\perl\bin\perl.exe (2940)
d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE (2956)
D:\app\Nchegeh\product\11.2.0\dbhome_1\jdk\bin\java.exe (3128)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\emagent.exe (3164)
F:\Windows\system32\svchost.exe (3224)
F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe (3300)
F:\Windows\system32\wbem\wmiprvse.exe (2932)
F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (196)
F:\Windows\system32\SearchIndexer.exe (3660)
F:\Windows\system32\svchost.exe (1312)
F:\Windows\system32\svchost.exe (1896)
F:\Windows\system32\WUDFHost.exe (4596)
F:\Program Files\MTN Internet\MTN Internet.exe (3924)
F:\Program Files\Mozilla Firefox\firefox.exe (4276)
F:\Program Files\Mozilla Firefox\plugin-container.exe (5656)
F:\Windows\system32\taskeng.exe (5212)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (6008)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (4148)
F:\Windows\explorer.exe (4044)
F:\Windows\system32\wbem\wmiprvse.exe (4088)
F:\Windows\system32\wbem\WmiApSrv.exe (5352)
F:\UsbFix\Go.exe (5648)
################## | Files # Infected Folders |
Found ! F:\Users\Nchegeh\biotu.exe
Found ! H:\biotu.exe
Found ! H:\FOUND.000.exe
Found ! H:\AUTORUN.INF.exe
Found ! H:\Secret.exe
Found ! H:\Sexy.exe
Found ! H:\Porn.exe
Found ! H:\Passwords.exe
Found ! G:\AutoRun.exe
Found ! G:\AUTORUN.INF
Found ! H:\AUTORUN.INF
Found ! H:\Porn.exe
Found ! H:\Secret.exe
Found ! H:\sexy.exe
Found ! H:\x.mpeg
Found ! H:\biotu.exe
################## | Registry |
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|biotu
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{42f16c27-b94e-11e1-a4f9-00030d99fcfd}
Shell\AutoRun\Command = G:\Setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{99fb1703-be18-11e1-8592-00030d99fcfd}
Shell\AutoRun\Command = G:\Setup.exe /Auto
HKCU\.\.\.\.\Explorer\MountPoints2\{bbbf9829-bed6-11e1-b9ee-00030d99fcfd}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{bbbf9841-bed6-11e1-b9ee-00030d99fcfd}
Shell\AutoRun\Command = G:\AutoRun.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
############################## | UsbFix V 7.091 | [Research]
User: Nchegeh (Administrator) # NCHEGEH-PC
Updated 28/06/2012 by El Desaparecido
Started at 17:47:41 | 29/06/2012
Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com
PC: OEM (671) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz (2000)
RAM -> [Total : 1917 | Free : 874]
BIOS: Ver 1.00PARTTBLR
BOOT: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ -> Fixed drive # 100 Mb (29 Mb free - 29%) [no space] # NTFS
D:\ -> Fixed drive # 78 Gb (60 Mb free - 77%) [] # NTFS
E:\ -> CD-ROM
F:\ (%systemdrive%) -> Fixed drive # 71 Gb (31 Mb free - 44%) [] # NTFS
G:\ -> CD-ROM
H:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [] # FAT
I:\ -> Removable drive # 4 Gb (1 Mb free - 29%) [PIWO] # FAT32
J:\ -> Removable drive # 4 Gb (4 Mb free - 97%) [CLEUSB] # FAT32
################## | Active Processes |
F:\Windows\system32\csrss.exe (416)
F:\Windows\system32\wininit.exe (472)
F:\Windows\system32\csrss.exe (484)
F:\Windows\system32\services.exe (536)
F:\Windows\system32\lsass.exe (552)
F:\Windows\system32\lsm.exe (560)
F:\Windows\system32\winlogon.exe (692)
F:\Windows\system32\svchost.exe (700)
F:\Windows\system32\svchost.exe (800)
F:\Windows\System32\svchost.exe (852)
F:\Windows\System32\svchost.exe (908)
F:\Windows\system32\svchost.exe (940)
F:\Windows\system32\svchost.exe (1124)
F:\Windows\system32\svchost.exe (1260)
F:\Windows\system32\svchost.exe (1384)
F:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1412)
F:\Windows\System32\spoolsv.exe (1796)
F:\Windows\system32\taskhost.exe (1852)
F:\Windows\system32\Dwm.exe (1912)
F:\Windows\Explorer.EXE (1940)
F:\Program Files\Bonjour\mDNSResponder.exe (2044)
F:\Program Files\CDMA-1XDO\C+WEject.exe (428)
F:\ProgramData\DatacardService\DCService.exe (468)
F:\Windows\system32\dgdersvc.exe (1160)
F:\ProgramData\DatacardService\DCSHelper.exe (1296)
F:\Windows\system32\FsUsbExService.Exe (504)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe (2036)
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1028)
F:\Program Files\C&E\OSD\osd.exe (556)
F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (2060)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe (2088)
F:\Program Files\Alwil Software\Avast5\AvastUI.exe (2136)
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (2148)
F:\Windows\system32\conhost.exe (2156)
F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe (2304)
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (2372)
F:\Users\Nchegeh\biotu.exe (2396)
F:\Program Files\RALINK\Common\RaUI.exe (2440)
D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe (2892)
F:\Windows\system32\cmd.exe (2924)
D:\app\Nchegeh\product\11.2.0\dbhome_1\perl\bin\perl.exe (2940)
d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE (2956)
D:\app\Nchegeh\product\11.2.0\dbhome_1\jdk\bin\java.exe (3128)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\emagent.exe (3164)
F:\Windows\system32\svchost.exe (3224)
F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe (3300)
F:\Windows\system32\wbem\wmiprvse.exe (2932)
F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (196)
F:\Windows\system32\SearchIndexer.exe (3660)
F:\Windows\system32\svchost.exe (1312)
F:\Windows\system32\svchost.exe (1896)
F:\Windows\system32\WUDFHost.exe (4596)
F:\Program Files\MTN Internet\MTN Internet.exe (3924)
F:\Program Files\Mozilla Firefox\firefox.exe (4276)
F:\Program Files\Mozilla Firefox\plugin-container.exe (5656)
F:\Windows\system32\taskeng.exe (5212)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (6008)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (4148)
F:\Windows\explorer.exe (4044)
F:\Windows\system32\wbem\wmiprvse.exe (4088)
F:\Windows\system32\wbem\WmiApSrv.exe (5352)
F:\UsbFix\Go.exe (5648)
################## | Files # Infected Folders |
Found ! F:\Users\Nchegeh\biotu.exe
Found ! H:\biotu.exe
Found ! H:\FOUND.000.exe
Found ! H:\AUTORUN.INF.exe
Found ! H:\Secret.exe
Found ! H:\Sexy.exe
Found ! H:\Porn.exe
Found ! H:\Passwords.exe
Found ! G:\AutoRun.exe
Found ! G:\AUTORUN.INF
Found ! H:\AUTORUN.INF
Found ! H:\Porn.exe
Found ! H:\Secret.exe
Found ! H:\sexy.exe
Found ! H:\x.mpeg
Found ! H:\biotu.exe
################## | Registry |
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|biotu
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{42f16c27-b94e-11e1-a4f9-00030d99fcfd}
Shell\AutoRun\Command = G:\Setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{99fb1703-be18-11e1-8592-00030d99fcfd}
Shell\AutoRun\Command = G:\Setup.exe /Auto
HKCU\.\.\.\.\Explorer\MountPoints2\{bbbf9829-bed6-11e1-b9ee-00030d99fcfd}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{bbbf9841-bed6-11e1-b9ee-00030d99fcfd}
Shell\AutoRun\Command = G:\AutoRun.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Clic droit"exécuter en temps qu'administrateur" sur le raccourci UsbFix présent sur ton bureau
# choisi Suppression
# Ton bureau disparaîtra et le pc redémarrera.
# Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
@+
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Clic droit"exécuter en temps qu'administrateur" sur le raccourci UsbFix présent sur ton bureau
# choisi Suppression
# Ton bureau disparaîtra et le pc redémarrera.
# Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
@+
############################## | UsbFix V 7.091 | [Deletion]
User: Nchegeh (Administrator) # NCHEGEH-PC
Updated 28/06/2012 by El Desaparecido
Started at 18:05:08 | 29/06/2012
Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com
PC: OEM (671) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz (2000)
RAM -> [Total : 1917 | Free : 670]
BIOS: Ver 1.00PARTTBLR
BOOT: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ -> Fixed drive # 100 Mb (29 Mb free - 29%) [no space] # NTFS
D:\ -> Fixed drive # 78 Gb (60 Mb free - 77%) [] # NTFS
E:\ -> CD-ROM
F:\ (%systemdrive%) -> Fixed drive # 71 Gb (31 Mb free - 44%) [] # NTFS
G:\ -> CD-ROM
H:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [] # FAT
I:\ -> Removable drive # 4 Gb (1 Mb free - 29%) [PIWO] # FAT32
J:\ -> Removable drive # 4 Gb (4 Mb free - 97%) [CLEUSB] # FAT32
################## | Active Processes |
F:\Windows\system32\csrss.exe (416)
F:\Windows\system32\wininit.exe (472)
F:\Windows\system32\csrss.exe (484)
F:\Windows\system32\services.exe (536)
F:\Windows\system32\lsass.exe (552)
F:\Windows\system32\lsm.exe (560)
F:\Windows\system32\winlogon.exe (692)
F:\Windows\system32\svchost.exe (700)
F:\Windows\system32\svchost.exe (800)
F:\Windows\System32\svchost.exe (852)
F:\Windows\System32\svchost.exe (908)
F:\Windows\system32\svchost.exe (940)
F:\Windows\system32\svchost.exe (1124)
F:\Windows\system32\svchost.exe (1260)
F:\Windows\system32\svchost.exe (1384)
F:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1412)
F:\Windows\System32\spoolsv.exe (1796)
F:\Windows\system32\taskhost.exe (1852)
F:\Windows\system32\Dwm.exe (1912)
F:\Windows\Explorer.EXE (1940)
F:\Program Files\Bonjour\mDNSResponder.exe (2044)
F:\Program Files\CDMA-1XDO\C+WEject.exe (428)
F:\ProgramData\DatacardService\DCService.exe (468)
F:\Windows\system32\dgdersvc.exe (1160)
F:\ProgramData\DatacardService\DCSHelper.exe (1296)
F:\Windows\system32\FsUsbExService.Exe (504)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe (2036)
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1028)
F:\Program Files\C&E\OSD\osd.exe (556)
F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (2060)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe (2088)
F:\Program Files\Alwil Software\Avast5\AvastUI.exe (2136)
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (2148)
F:\Windows\system32\conhost.exe (2156)
F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe (2304)
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (2372)
F:\Users\Nchegeh\biotu.exe (2396)
F:\Program Files\RALINK\Common\RaUI.exe (2440)
D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe (2892)
F:\Windows\system32\cmd.exe (2924)
D:\app\Nchegeh\product\11.2.0\dbhome_1\perl\bin\perl.exe (2940)
d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE (2956)
D:\app\Nchegeh\product\11.2.0\dbhome_1\jdk\bin\java.exe (3128)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\emagent.exe (3164)
F:\Windows\system32\svchost.exe (3224)
F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe (3300)
F:\Windows\system32\wbem\wmiprvse.exe (2932)
F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (196)
F:\Windows\system32\SearchIndexer.exe (3660)
F:\Windows\system32\svchost.exe (1312)
F:\Windows\system32\svchost.exe (1896)
F:\Windows\system32\WUDFHost.exe (4596)
F:\Program Files\MTN Internet\MTN Internet.exe (3924)
F:\Program Files\Mozilla Firefox\firefox.exe (4276)
F:\Program Files\Mozilla Firefox\plugin-container.exe (5656)
F:\Windows\system32\taskeng.exe (5212)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (6008)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (4148)
F:\Windows\explorer.exe (4044)
F:\Windows\system32\wbem\wmiprvse.exe (5316)
F:\Windows\system32\wbem\WmiApSrv.exe (5368)
F:\UsbFix\Go.exe (5128)
################## | Stopped processes |
Stopped! F:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1412)
Stopped! F:\Windows\System32\spoolsv.exe (1796)
Stopped! F:\Windows\system32\taskhost.exe (1852)
Stopped! F:\Windows\Explorer.EXE (1940)
Stopped! F:\Program Files\Bonjour\mDNSResponder.exe (2044)
Stopped! F:\Program Files\CDMA-1XDO\C+WEject.exe (428)
Stopped! F:\ProgramData\DatacardService\DCService.exe (468)
Stopped! F:\Windows\system32\dgdersvc.exe (1160)
Stopped! F:\ProgramData\DatacardService\DCSHelper.exe (1296)
Stopped! F:\Windows\system32\FsUsbExService.Exe (504)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe (2036)
Stopped! F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1028)
Stopped! F:\Program Files\C&E\OSD\osd.exe (556)
Stopped! F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (2060)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe (2088)
Stopped! F:\Program Files\Alwil Software\Avast5\AvastUI.exe (2136)
Stopped! F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (2148)
Stopped! F:\Windows\system32\conhost.exe (2156)
Stopped! F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe (2304)
Stopped! F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (2372)
Stopped! F:\Users\Nchegeh\biotu.exe (2396)
Stopped! F:\Program Files\RALINK\Common\RaUI.exe (2440)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe (2892)
Stopped! F:\Windows\system32\cmd.exe (2924)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\perl\bin\perl.exe (2940)
Stopped! d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE (2956)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\jdk\bin\java.exe (3128)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\emagent.exe (3164)
Stopped! F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe (3300)
Stopped! F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (196)
Stopped! F:\Windows\system32\SearchIndexer.exe (3660)
Stopped! F:\Windows\system32\WUDFHost.exe (4596)
Stopped! F:\Program Files\MTN Internet\MTN Internet.exe (3924)
Stopped! F:\Program Files\Mozilla Firefox\firefox.exe (4276)
Stopped! F:\Program Files\Mozilla Firefox\plugin-container.exe (5656)
Stopped! F:\Windows\system32\taskeng.exe (5212)
Stopped! F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (6008)
Stopped! F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (4148)
Stopped! F:\Windows\system32\wbem\WmiApSrv.exe (5368)
################## | Files # Infected Folders |
Deleted ! F:\Users\Nchegeh\biotu.exe
Deleted ! H:\biotu.exe
Deleted ! H:\FOUND.000.exe
Deleted ! H:\AUTORUN.INF.exe
Deleted ! H:\Secret.exe
Deleted ! H:\Sexy.exe
Deleted ! H:\Porn.exe
Deleted ! H:\Passwords.exe
Deleted ! I:\.Trash-1000.lnk
Deleted ! J:\biotu.exe
Deleted ! J:\dossier_pb.exe
Deleted ! J:\ADM1.exe
Deleted ! J:\Secret.exe
Not deleted ! G:\AutoRun.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-3010109809-4198346132-2582637159-1000
Deleted ! C:\Recycler\S-1-5-21-746137067-1580818891-725345543-1003
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-3010109809-4198346132-2582637159-1000
Deleted ! D:\Recycler\S-1-5-21-746137067-1580818891-725345543-1003
Deleted ! F:\$RECYCLE.BIN\S-1-5-21-3010109809-4198346132-2582637159-1000
Deleted ! F:\Recycler\S-1-5-21-746137067-1580818891-725345543-1003
Not deleted ! G:\AUTORUN.INF
Not deleted ! H:\AUTORUN.INF
Deleted ! H:\x.mpeg
Deleted ! I:\autorun.inf
Deleted ! I:\x.mpeg
Deleted ! J:\x.mpeg
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|biotu
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{42f16c27-b94e-11e1-a4f9-00030d99fcfd}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{99fb1703-be18-11e1-8592-00030d99fcfd}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{bbbf9841-bed6-11e1-b9ee-00030d99fcfd}
################## | Listing |
[29/06/2012 - 18:08:06 | SHD ] C:\$RECYCLE.BIN
[23/06/2011 - 19:44:17 | N | 87] C:\Audio.log
[27/08/2010 - 03:05:47 | N | 0] C:\AUTOEXEC.BAT
[23/06/2011 - 00:58:49 | SHD ] C:\Boot
[27/08/2010 - 02:56:34 | N | 211] C:\Boot.BAK
[23/06/2011 - 00:58:49 | N | 355] C:\Boot.ini.saved
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[23/06/2011 - 00:58:50 | N | 8192] C:\BOOTSECT.BAK
[23/06/2011 - 02:40:10 | N | 193] C:\CardRdr.log
[27/08/2010 - 03:05:47 | N | 0] C:\CONFIG.SYS
[27/08/2010 - 03:05:47 | N | 0] C:\IO.SYS
[23/06/2011 - 02:39:34 | N | 86] C:\lan.log
[28/06/2012 - 21:06:29 | D ] C:\LearnKey
[24/06/2012 - 14:15:01 | D ] C:\Marco Polo Turbo Vocabulary Tutor
[27/08/2010 - 03:05:47 | N | 0] C:\MSDOS.SYS
[24/11/2009 - 07:58:26 | N | 631] C:\NetworkCfg.xml
[04/08/2004 - 00:38:34 | N | 47564] C:\NTDETECT.COM
[04/08/2004 - 00:59:34 | N | 250032] C:\ntldr
[26/08/2010 - 19:01:18 | D ] C:\Program Files
[01/09/2010 - 23:50:07 | SHD ] C:\RECYCLER
[23/06/2011 - 19:44:17 | N | 140] C:\RHDSetup.log
[27/08/2010 - 03:18:52 | SHD ] C:\System Volume Information
[29/06/2012 - 18:04:52 | D ] C:\TEMP
[26/08/2010 - 19:03:17 | N | 163] C:\vga.log
[29/06/2012 - 18:08:06 | SHD ] D:\$RECYCLE.BIN
[02/09/2010 - 05:30:32 | D ] D:\4edf883dbc9f5082a145a3f99ce309
[24/06/2011 - 20:01:13 | D ] D:\7bf8236ef8350d0de56c3d8a
[26/02/2011 - 06:45:50 | D ] D:\9d1d32a48e88b1d6f13a0ef2f9c9
[09/07/2009 - 22:09:30 | N | 24906] D:\agree.rtf
[24/06/2012 - 21:36:49 | D ] D:\app
[09/07/2009 - 22:09:30 | N | 16] D:\app.ini
[28/03/2011 - 00:53:51 | D ] D:\b372fd92e1c869a050bde0c5
[28/06/2012 - 20:42:20 | D ] D:\database
[28/06/2012 - 20:42:06 | D ] D:\graphics
[28/06/2012 - 20:42:06 | D ] D:\help
[09/07/2009 - 22:09:46 | N | 3624960] D:\MasterExam.exe
[26/06/2012 - 20:30:47 | D ] D:\n
[23/06/2012 - 06:07:23 | D ] D:\oracle
[01/09/2010 - 23:50:08 | SHD ] D:\RECYCLER
[27/08/2010 - 03:18:52 | SHD ] D:\System Volume Information
[27/12/2006 - 05:22:06 | D ] D:\windows stuff
[09/07/2009 - 22:09:46 | N | 614] D:\WS_FTP.LOG
[13/09/2010 - 23:02:42 | D ] F:\$AVG
[29/06/2012 - 18:08:06 | SHD ] F:\$Recycle.Bin
[23/06/2011 - 20:30:51 | N | 2006] F:\aqua_bitmap.cpp
[10/06/2009 - 23:42:20 | N | 24] F:\autoexec.bat
[28/08/2010 - 17:11:06 | D ] F:\Bewerberquiz
[27/07/2007 - 10:28:44 | N | 13458] F:\Bewerberquiz.chm
[25/06/2012 - 21:33:17 | D ] F:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] F:\config.sys
[14/07/2009 - 06:53:55 | SHD ] F:\Documents and Settings
[03/08/2007 - 11:41:42 | N | 85691] F:\EH_Bachelor.chm
[12/02/2004 - 19:36:48 | N | 766] F:\EH_Bachelor.ico
[28/08/2010 - 17:14:17 | N | 41734] F:\EH_Bachelor.isu
[27/07/2007 - 14:04:22 | N | 19800] F:\Formatvorlagen.chm
[29/06/2012 - 15:51:30 | ASH | 1507725312] F:\hiberfil.sys
[03/08/2007 - 11:43:04 | N | 12692] F:\Hoerdialoge.chm
[28/08/2010 - 17:11:08 | D ] F:\mct
[28/08/2010 - 17:11:06 | D ] F:\MEDIA
[28/08/2010 - 17:11:10 | D ] F:\mp3
[26/08/2010 - 19:26:46 | RHD ] F:\MSOCache
[27/07/2007 - 12:35:00 | N | 14628] F:\Multiple-Choice-Tests.chm
[29/06/2012 - 15:51:30 | ASH | 2010300416] F:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] F:\PerfLogs
[29/06/2012 - 17:02:57 | D ] F:\Program Files
[25/06/2012 - 21:31:13 | HD ] F:\ProgramData
[27/07/2007 - 14:26:34 | N | 22908] F:\Rechner.chm
[23/06/2011 - 01:12:27 | SHD ] F:\Recovery
[27/08/2010 - 03:28:15 | SHD ] F:\RECYCLER
[28/08/2010 - 17:11:13 | D ] F:\rtf
[26/03/2007 - 10:26:46 | N | 13078] F:\Service.chm
[29/06/2012 - 16:22:29 | SHD ] F:\System Volume Information
[12/06/2011 - 00:09:23 | D ] F:\Temp
[29/06/2012 - 18:08:06 | D ] F:\UsbFix
[29/06/2012 - 18:05:33 | A | 12030] F:\UsbFix.txt
[23/06/2011 - 01:13:47 | D ] F:\Users
[20/10/2010 - 09:22:18 | D ] F:\video
[26/07/2007 - 15:55:56 | N | 13074] F:\Videotraining.chm
[28/06/2012 - 20:42:05 | D ] F:\Windows
[23/06/2011 - 00:52:03 | D ] F:\Windows.old
[10/05/2010 - 05:48:36 | R | 126976] G:\AutoRun.exe
[12/08/2010 - 04:01:50 | R | 47] G:\AUTORUN.INF
[16/08/2010 - 04:42:15 | D ] G:\MTN Internet
[12/08/2010 - 03:57:33 | R | 493246] G:\Startup.ico
[13/08/2010 - 01:58:49 | R | 1413] G:\SysConfig.dat
[13/09/2009 - 05:40:27 | R | 94] G:\autorun.sh
[20/12/2009 - 03:41:45 | R | 4793] G:\install_linux
[16/08/2010 - 04:42:16 | D ] G:\Linux
[27/02/2012 - 19:36:08 | D ] H:\FOUND.000
[08/01/2012 - 15:09:12 | H | 16] H:\AUTORUN.INF
[18/11/2011 - 09:04:12 | N | 0] H:\ymsgr1100_2014_us.exe
[27/02/2012 - 19:36:12 | N | 1530] H:\BOOTEX.LOG
[28/04/2012 - 07:35:02 | N | 28460200] H:\R69636.EXE
[28/09/2009 - 11:09:22 | N | 560749] I:\Samsung_710S_CHB7707L=Compaq_V700.pdf
[29/08/2010 - 17:42:10 | N | 3230078] I:\injection-essence_Miard.pdf
[02/01/2012 - 19:31:46 | D ] I:\.Trash-1000
[05/09/2011 - 15:20:58 | N | 36769] I:\Annonce concours BEAC.pdf
[13/12/2011 - 18:45:24 | D ] I:\asus
[29/08/2010 - 17:28:32 | N | 372308] I:\le circuit electrique.pdf
[27/09/2011 - 15:10:52 | N | 588279] I:\BlueFTP.zip
[03/10/2009 - 18:02:54 | N | 139563] I:\Compaq Monitor Inf Win98.rar
[18/10/2009 - 11:04:50 | N | 180599] I:\COMPAQ2.pdf
[15/10/2009 - 15:35:52 | N | 213755] I:\Compaq_140.djvu
[29/08/2010 - 17:10:32 | N | 200820] I:\le moteur diesel.pdf
[08/12/2010 - 21:59:08 | N | 51712] I:\cv canada.doc
[06/10/2011 - 20:24:20 | N | 47104] I:\cv piwo.doc
[14/01/2010 - 11:01:30 | D ] I:\microemulator-2.0.4
[14/01/2010 - 11:01:30 | D ] I:\microemulator-2.0.4 (2)
[09/04/2012 - 19:06:36 | N | 329233] I:\tutorial.pdf
[29/08/2010 - 16:18:38 | N | 1723039] I:\manuel_freins.pdf
[21/04/2012 - 14:36:58 | D ] I:\futura
[13/12/2011 - 18:47:24 | D ] I:\download
[13/12/2011 - 18:59:50 | D ] I:\drivers
[13/12/2011 - 18:59:52 | D ] I:\Flyback_files
[03/10/2009 - 18:59:00 | N | 7791904] I:\free-3gp-converter_1.0-1_i386.deb
[13/12/2011 - 19:00:34 | D ] I:\fujitsu
[10/09/2008 - 06:05:16 | D ] I:\office 2003
[10/09/2008 - 06:08:14 | D ] I:\Tap'Touche 2.0 (E)
[19/04/2012 - 18:07:22 | D ] I:\avast
[27/06/2010 - 11:15:52 | N | 83710] I:\mXqzzvw.pdf
[22/06/2010 - 16:03:08 | N | 56932] I:\mXyzxrtt.pdf
[10/01/2005 - 18:47:02 | N | 2949093] I:\Photo 006.jpg
[13/12/2011 - 19:12:24 | D ] I:\lampe_files
[10/01/2005 - 18:47:02 | N | 1839889] I:\Photo 007.jpg
[13/12/2011 - 19:12:44 | D ] I:\MANUALS
[08/07/2011 - 18:00:50 | D ] I:\kof2003
[10/01/2005 - 18:47:04 | N | 3260955] I:\Photo 008.jpg
[13/12/2011 - 19:15:08 | D ] I:\Nouveau dossier
[13/12/2011 - 19:15:18 | D ] I:\Nouveau dossier (2)
[03/10/2009 - 09:11:48 | N | 1098028] I:\NT68P61AU
[27/07/2009 - 09:47:12 | N | 1207605] I:\Numériser0004.jpg
[22/11/2011 - 12:03:48 | N | 415274] I:\Opmin65hui202-fox.jar
[03/12/2011 - 13:27:50 | N | 413675] I:\Opmin65hui202-fox.zip
[03/12/2011 - 13:50:02 | N | 355154] I:\Ovi083HUI200b4.jar
[11/10/2009 - 14:45:50 | N | 96308] I:\p1033.pdf
[13/12/2011 - 19:22:26 | D ] I:\panasp70
[09/09/2011 - 15:23:20 | N | 575877] I:\panasp70.zip
[13/12/2011 - 19:22:28 | D ] I:\printthread.php_files
[13/12/2011 - 19:22:28 | D ] I:\s910
[14/06/2001 - 02:30:26 | N | 0] I:\Demarrer.txt
[13/10/2009 - 22:37:34 | N | 97631] I:\Test_de_la_lampe.pdf
[29/08/2010 - 16:34:40 | N | 2033697] I:\Poster_Lohr.pdf
[13/12/2011 - 19:25:50 | D ] I:\Tout sur le surf gratuit au Cameroun1_files
[13/12/2011 - 19:25:54 | D ] I:\Tout sur le surf gratuit au Cameroun_files
[31/08/2011 - 15:36:48 | N | 3986538] I:\tpe_television.pdf
[03/12/2011 - 14:00:54 | N | 475898] I:\UC803Full
[03/12/2011 - 14:05:02 | N | 171548] I:\UC80Mini
[10/09/2008 - 05:53:42 | D ] I:\cours de maintenance
[21/12/2010 - 05:52:54 | D ] I:\Jet Audio v7.0.5.3040 Plus VX
[09/06/2012 - 19:25:18 | D ] I:\huawei
[29/08/2010 - 17:54:00 | N | 167038] I:\TI80MM2_01.pdf
[09/04/2012 - 19:12:18 | N | 1310767] I:\ToadForOracle_BeginnersGuide.pdf
[10/01/2005 - 01:48:06 | D ] I:\hp compact d530
[09/06/2012 - 18:27:34 | N | 170656] I:\arrete-ministeriel.pdf
[09/06/2012 - 19:05:52 | D ] I:\jar samsung
[09/06/2012 - 18:30:16 | N | 35148] I:\domaines-12-16.pdf
[09/06/2012 - 19:38:32 | D ] I:\mtn
[17/12/2011 - 19:54:20 | D ] I:\diam's
[17/12/2011 - 19:47:16 | D ] I:\Rihanna - Loud [2010-MP3-Cov][Bubanee]
[17/12/2011 - 19:52:56 | D ] I:\trey songz
[17/12/2011 - 19:53:10 | D ] I:\usher
[17/12/2011 - 19:53:46 | D ] I:\Usher - Raymond V. Raymond (Full Album) 2010
[17/12/2011 - 19:53:14 | D ] I:\x-maleya
[17/12/2011 - 19:53:14 | D ] I:\zaho
[22/12/2011 - 07:43:16 | D ] I:\FALLY IPUPA
[09/04/2012 - 18:55:28 | N | 406865] I:\datasheet1.pdf
[09/04/2012 - 18:58:16 | N | 586926] I:\datasheet3.pdf
[09/10/2009 - 14:40:46 | D ] I:\Zuma_s_Revenge
[22/12/2011 - 08:14:24 | D ] I:\KOFFI
[09/04/2012 - 19:02:24 | N | 409653] I:\datasheet4.pdf
[21/04/2012 - 14:19:10 | N | 43608] I:\voici la méthode de dépannage des frigos américains Samsung.pdf
[21/04/2012 - 14:23:10 | N | 32521] I:\tec_dep_03.pdf
[21/04/2012 - 14:24:26 | N | 44313] I:\Tester_Mosfet_P&N.pdf
[21/04/2012 - 14:25:50 | N | 217036] I:\Utilisation_multimetre_01.pdf
[21/04/2012 - 14:27:20 | N | 216940] I:\R3652_R3483_chassis_EM2.pdf
[21/04/2012 - 14:34:44 | N | 1235376] I:\Mesures_BU.pdf
[21/04/2012 - 14:35:54 | N | 408795] I:\Decharge_condensateur_tete.pdf
[21/04/2012 - 14:37:18 | N | 527563] I:\Techniques de dépannages écrans plats.pdf
[21/04/2012 - 14:49:56 | N | 1664036] I:\atv31_programming_manual_fr_v1.pdf
[21/04/2012 - 15:11:20 | N | 227328] I:\bestandsliste_diverse.doc
[02/02/2012 - 19:35:44 | D ] I:\maj avast 6
[04/01/2012 - 17:24:04 | D ] I:\apps
[09/01/2012 - 17:48:24 | N | 54424] I:\learnenglish-podcasts-elementary-03-12-support-pack.pdf
[09/01/2012 - 17:47:48 | N | 43752] I:\learnenglish-podcasts-elementary-03-12-transcript.pdf
[09/01/2012 - 17:52:40 | N | 53841] I:\learnenglish-podcasts-elementary-03-10-support-pack.pdf
[09/01/2012 - 17:53:50 | N | 43941] I:\learnenglish-podcasts-elementary-03-10-transcript.pdf
[09/01/2012 - 17:45:24 | N | 56637] I:\learnenglish-podcasts-elementary-03-11-support-pack.pdf
[09/01/2012 - 17:46:26 | N | 43441] I:\learnenglish-podcasts-elementary-03-11-transcript.pdf
[23/04/2011 - 11:32:12 | D ] I:\Dictionnaire bilingue Hachette
[29/08/2010 - 16:24:38 | N | 2548786] I:\ab_manual-f.pdf
[29/08/2010 - 18:04:08 | N | 300601] I:\ballumage.pdf
[29/08/2010 - 17:24:08 | N | 178072] I:\BL 3 FT 3.pdf
[29/08/2010 - 17:29:04 | N | 11881] I:\circuitelecvoiture.pdf
[29/08/2010 - 18:06:28 | N | 2019757] I:\Cours10.pdf
[29/08/2010 - 17:04:08 | N | 4031457] I:\Cours13.pdf
[29/08/2010 - 17:53:02 | N | 1724351] I:\diesel.pdf
[29/08/2010 - 16:40:58 | N | 340103] I:\freinage-hydraulique-citroen.pdf
[29/08/2010 - 17:37:18 | N | 4169667] I:\generalites de l'injection essence.pdf
[29/08/2010 - 17:56:42 | N | 1187739] I:\inj_k.pdf
[03/02/2012 - 00:43:36 | N | 65536] I:\cv xavier.doc
[03/02/2012 - 23:35:04 | N | 11808] I:\lettre de motivation.docx
[05/02/2012 - 19:29:12 | N | 50688] I:\carte de visite.pub
[11/02/2012 - 15:33:20 | D ] I:\free-mtn-du-dimanche-6-12h-t625_files
[11/02/2012 - 15:35:52 | N | 2891] I:\UCBrowser_V7.8.0.95_BB4.2_pf160_(Build11080311).jad
[04/02/2012 - 12:04:04 | N | 399330] I:\shM332HUI202dzebb.jar
[11/02/2012 - 15:40:16 | N | 213717] I:\shmessenger_317_mod-330877.jar
[11/02/2012 - 15:53:04 | N | 3826463] I:\BSCJartoALXSetup1_31.zip
[16/01/2008 - 15:19:50 | D ] I:\BSC - JAR 2 ALX 1_3
[14/01/2010 - 17:13:24 | N | 1643696] I:\microemulator-2.0.4.zip
[16/02/2011 - 23:20:26 | N | 330214] I:\openjdk-6-jre_6b18-1.8.3-2~lenny1_ia64.deb
[21/03/2012 - 15:54:52 | D ] I:\piwo
[07/04/2012 - 19:59:44 | D ] I:\interface odb
[09/04/2012 - 18:35:32 | N | 130048] I:\QUART TV2K.pdf
[09/04/2012 - 18:40:58 | N | 272649] I:\0dpfjkrclli7xto7oxxsrczx9o3y.pdf
[09/04/2012 - 18:45:16 | N | 374968] I:\CD00144872.pdf
[09/04/2012 - 18:51:34 | N | 125004] I:\0gdqo90sxy1aue0huoajk8cz76fy.pdf
[09/04/2012 - 18:53:24 | N | 24954] I:\datasheet.pdf
[27/06/2012 - 12:27:04 | D ] J:\script27juin_2012
[16/05/2012 - 15:07:02 | N | 184508] J:\Microsoft.dat
[28/12/2008 - 18:43:08 | N | 18] J:\Afficher.bat
[10/01/2005 - 13:50:56 | D ] J:\dossier_pb
[25/06/2012 - 11:48:54 | D ] J:\ADM1
[20/06/2012 - 11:38:00 | N | 146811] J:\mer20_les13.LST
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | Upload |
Please send the file: F:\UsbFix_Upload_Me_NCHEGEH-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.
################## | E.O.F |
User: Nchegeh (Administrator) # NCHEGEH-PC
Updated 28/06/2012 by El Desaparecido
Started at 18:05:08 | 29/06/2012
Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com
PC: OEM (671) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz (2000)
RAM -> [Total : 1917 | Free : 670]
BIOS: Ver 1.00PARTTBLR
BOOT: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ -> Fixed drive # 100 Mb (29 Mb free - 29%) [no space] # NTFS
D:\ -> Fixed drive # 78 Gb (60 Mb free - 77%) [] # NTFS
E:\ -> CD-ROM
F:\ (%systemdrive%) -> Fixed drive # 71 Gb (31 Mb free - 44%) [] # NTFS
G:\ -> CD-ROM
H:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [] # FAT
I:\ -> Removable drive # 4 Gb (1 Mb free - 29%) [PIWO] # FAT32
J:\ -> Removable drive # 4 Gb (4 Mb free - 97%) [CLEUSB] # FAT32
################## | Active Processes |
F:\Windows\system32\csrss.exe (416)
F:\Windows\system32\wininit.exe (472)
F:\Windows\system32\csrss.exe (484)
F:\Windows\system32\services.exe (536)
F:\Windows\system32\lsass.exe (552)
F:\Windows\system32\lsm.exe (560)
F:\Windows\system32\winlogon.exe (692)
F:\Windows\system32\svchost.exe (700)
F:\Windows\system32\svchost.exe (800)
F:\Windows\System32\svchost.exe (852)
F:\Windows\System32\svchost.exe (908)
F:\Windows\system32\svchost.exe (940)
F:\Windows\system32\svchost.exe (1124)
F:\Windows\system32\svchost.exe (1260)
F:\Windows\system32\svchost.exe (1384)
F:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1412)
F:\Windows\System32\spoolsv.exe (1796)
F:\Windows\system32\taskhost.exe (1852)
F:\Windows\system32\Dwm.exe (1912)
F:\Windows\Explorer.EXE (1940)
F:\Program Files\Bonjour\mDNSResponder.exe (2044)
F:\Program Files\CDMA-1XDO\C+WEject.exe (428)
F:\ProgramData\DatacardService\DCService.exe (468)
F:\Windows\system32\dgdersvc.exe (1160)
F:\ProgramData\DatacardService\DCSHelper.exe (1296)
F:\Windows\system32\FsUsbExService.Exe (504)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe (2036)
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1028)
F:\Program Files\C&E\OSD\osd.exe (556)
F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (2060)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe (2088)
F:\Program Files\Alwil Software\Avast5\AvastUI.exe (2136)
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (2148)
F:\Windows\system32\conhost.exe (2156)
F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe (2304)
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (2372)
F:\Users\Nchegeh\biotu.exe (2396)
F:\Program Files\RALINK\Common\RaUI.exe (2440)
D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe (2892)
F:\Windows\system32\cmd.exe (2924)
D:\app\Nchegeh\product\11.2.0\dbhome_1\perl\bin\perl.exe (2940)
d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE (2956)
D:\app\Nchegeh\product\11.2.0\dbhome_1\jdk\bin\java.exe (3128)
D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\emagent.exe (3164)
F:\Windows\system32\svchost.exe (3224)
F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe (3300)
F:\Windows\system32\wbem\wmiprvse.exe (2932)
F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (196)
F:\Windows\system32\SearchIndexer.exe (3660)
F:\Windows\system32\svchost.exe (1312)
F:\Windows\system32\svchost.exe (1896)
F:\Windows\system32\WUDFHost.exe (4596)
F:\Program Files\MTN Internet\MTN Internet.exe (3924)
F:\Program Files\Mozilla Firefox\firefox.exe (4276)
F:\Program Files\Mozilla Firefox\plugin-container.exe (5656)
F:\Windows\system32\taskeng.exe (5212)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (6008)
F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (4148)
F:\Windows\explorer.exe (4044)
F:\Windows\system32\wbem\wmiprvse.exe (5316)
F:\Windows\system32\wbem\WmiApSrv.exe (5368)
F:\UsbFix\Go.exe (5128)
################## | Stopped processes |
Stopped! F:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1412)
Stopped! F:\Windows\System32\spoolsv.exe (1796)
Stopped! F:\Windows\system32\taskhost.exe (1852)
Stopped! F:\Windows\Explorer.EXE (1940)
Stopped! F:\Program Files\Bonjour\mDNSResponder.exe (2044)
Stopped! F:\Program Files\CDMA-1XDO\C+WEject.exe (428)
Stopped! F:\ProgramData\DatacardService\DCService.exe (468)
Stopped! F:\Windows\system32\dgdersvc.exe (1160)
Stopped! F:\ProgramData\DatacardService\DCSHelper.exe (1296)
Stopped! F:\Windows\system32\FsUsbExService.Exe (504)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\nmesrvc.exe (2036)
Stopped! F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1028)
Stopped! F:\Program Files\C&E\OSD\osd.exe (556)
Stopped! F:\Program Files\Mindjet\MindManager 7\MmReminderService.exe (2060)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\omtsreco.exe (2088)
Stopped! F:\Program Files\Alwil Software\Avast5\AvastUI.exe (2136)
Stopped! F:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (2148)
Stopped! F:\Windows\system32\conhost.exe (2156)
Stopped! F:\Program Files\JustVoip.com\JustVoip\JustVoip.exe (2304)
Stopped! F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (2372)
Stopped! F:\Users\Nchegeh\biotu.exe (2396)
Stopped! F:\Program Files\RALINK\Common\RaUI.exe (2440)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe (2892)
Stopped! F:\Windows\system32\cmd.exe (2924)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\perl\bin\perl.exe (2940)
Stopped! d:\app\nchegeh\product\11.2.0\dbhome_1\bin\ORACLE.EXE (2956)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\jdk\bin\java.exe (3128)
Stopped! D:\app\Nchegeh\product\11.2.0\dbhome_1\bin\emagent.exe (3164)
Stopped! F:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe (3300)
Stopped! F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (196)
Stopped! F:\Windows\system32\SearchIndexer.exe (3660)
Stopped! F:\Windows\system32\WUDFHost.exe (4596)
Stopped! F:\Program Files\MTN Internet\MTN Internet.exe (3924)
Stopped! F:\Program Files\Mozilla Firefox\firefox.exe (4276)
Stopped! F:\Program Files\Mozilla Firefox\plugin-container.exe (5656)
Stopped! F:\Windows\system32\taskeng.exe (5212)
Stopped! F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (6008)
Stopped! F:\Users\Nchegeh\AppData\Local\Google\Update\GoogleUpdate.exe (4148)
Stopped! F:\Windows\system32\wbem\WmiApSrv.exe (5368)
################## | Files # Infected Folders |
Deleted ! F:\Users\Nchegeh\biotu.exe
Deleted ! H:\biotu.exe
Deleted ! H:\FOUND.000.exe
Deleted ! H:\AUTORUN.INF.exe
Deleted ! H:\Secret.exe
Deleted ! H:\Sexy.exe
Deleted ! H:\Porn.exe
Deleted ! H:\Passwords.exe
Deleted ! I:\.Trash-1000.lnk
Deleted ! J:\biotu.exe
Deleted ! J:\dossier_pb.exe
Deleted ! J:\ADM1.exe
Deleted ! J:\Secret.exe
Not deleted ! G:\AutoRun.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-3010109809-4198346132-2582637159-1000
Deleted ! C:\Recycler\S-1-5-21-746137067-1580818891-725345543-1003
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-3010109809-4198346132-2582637159-1000
Deleted ! D:\Recycler\S-1-5-21-746137067-1580818891-725345543-1003
Deleted ! F:\$RECYCLE.BIN\S-1-5-21-3010109809-4198346132-2582637159-1000
Deleted ! F:\Recycler\S-1-5-21-746137067-1580818891-725345543-1003
Not deleted ! G:\AUTORUN.INF
Not deleted ! H:\AUTORUN.INF
Deleted ! H:\x.mpeg
Deleted ! I:\autorun.inf
Deleted ! I:\x.mpeg
Deleted ! J:\x.mpeg
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|biotu
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{42f16c27-b94e-11e1-a4f9-00030d99fcfd}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{99fb1703-be18-11e1-8592-00030d99fcfd}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{bbbf9841-bed6-11e1-b9ee-00030d99fcfd}
################## | Listing |
[29/06/2012 - 18:08:06 | SHD ] C:\$RECYCLE.BIN
[23/06/2011 - 19:44:17 | N | 87] C:\Audio.log
[27/08/2010 - 03:05:47 | N | 0] C:\AUTOEXEC.BAT
[23/06/2011 - 00:58:49 | SHD ] C:\Boot
[27/08/2010 - 02:56:34 | N | 211] C:\Boot.BAK
[23/06/2011 - 00:58:49 | N | 355] C:\Boot.ini.saved
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[23/06/2011 - 00:58:50 | N | 8192] C:\BOOTSECT.BAK
[23/06/2011 - 02:40:10 | N | 193] C:\CardRdr.log
[27/08/2010 - 03:05:47 | N | 0] C:\CONFIG.SYS
[27/08/2010 - 03:05:47 | N | 0] C:\IO.SYS
[23/06/2011 - 02:39:34 | N | 86] C:\lan.log
[28/06/2012 - 21:06:29 | D ] C:\LearnKey
[24/06/2012 - 14:15:01 | D ] C:\Marco Polo Turbo Vocabulary Tutor
[27/08/2010 - 03:05:47 | N | 0] C:\MSDOS.SYS
[24/11/2009 - 07:58:26 | N | 631] C:\NetworkCfg.xml
[04/08/2004 - 00:38:34 | N | 47564] C:\NTDETECT.COM
[04/08/2004 - 00:59:34 | N | 250032] C:\ntldr
[26/08/2010 - 19:01:18 | D ] C:\Program Files
[01/09/2010 - 23:50:07 | SHD ] C:\RECYCLER
[23/06/2011 - 19:44:17 | N | 140] C:\RHDSetup.log
[27/08/2010 - 03:18:52 | SHD ] C:\System Volume Information
[29/06/2012 - 18:04:52 | D ] C:\TEMP
[26/08/2010 - 19:03:17 | N | 163] C:\vga.log
[29/06/2012 - 18:08:06 | SHD ] D:\$RECYCLE.BIN
[02/09/2010 - 05:30:32 | D ] D:\4edf883dbc9f5082a145a3f99ce309
[24/06/2011 - 20:01:13 | D ] D:\7bf8236ef8350d0de56c3d8a
[26/02/2011 - 06:45:50 | D ] D:\9d1d32a48e88b1d6f13a0ef2f9c9
[09/07/2009 - 22:09:30 | N | 24906] D:\agree.rtf
[24/06/2012 - 21:36:49 | D ] D:\app
[09/07/2009 - 22:09:30 | N | 16] D:\app.ini
[28/03/2011 - 00:53:51 | D ] D:\b372fd92e1c869a050bde0c5
[28/06/2012 - 20:42:20 | D ] D:\database
[28/06/2012 - 20:42:06 | D ] D:\graphics
[28/06/2012 - 20:42:06 | D ] D:\help
[09/07/2009 - 22:09:46 | N | 3624960] D:\MasterExam.exe
[26/06/2012 - 20:30:47 | D ] D:\n
[23/06/2012 - 06:07:23 | D ] D:\oracle
[01/09/2010 - 23:50:08 | SHD ] D:\RECYCLER
[27/08/2010 - 03:18:52 | SHD ] D:\System Volume Information
[27/12/2006 - 05:22:06 | D ] D:\windows stuff
[09/07/2009 - 22:09:46 | N | 614] D:\WS_FTP.LOG
[13/09/2010 - 23:02:42 | D ] F:\$AVG
[29/06/2012 - 18:08:06 | SHD ] F:\$Recycle.Bin
[23/06/2011 - 20:30:51 | N | 2006] F:\aqua_bitmap.cpp
[10/06/2009 - 23:42:20 | N | 24] F:\autoexec.bat
[28/08/2010 - 17:11:06 | D ] F:\Bewerberquiz
[27/07/2007 - 10:28:44 | N | 13458] F:\Bewerberquiz.chm
[25/06/2012 - 21:33:17 | D ] F:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] F:\config.sys
[14/07/2009 - 06:53:55 | SHD ] F:\Documents and Settings
[03/08/2007 - 11:41:42 | N | 85691] F:\EH_Bachelor.chm
[12/02/2004 - 19:36:48 | N | 766] F:\EH_Bachelor.ico
[28/08/2010 - 17:14:17 | N | 41734] F:\EH_Bachelor.isu
[27/07/2007 - 14:04:22 | N | 19800] F:\Formatvorlagen.chm
[29/06/2012 - 15:51:30 | ASH | 1507725312] F:\hiberfil.sys
[03/08/2007 - 11:43:04 | N | 12692] F:\Hoerdialoge.chm
[28/08/2010 - 17:11:08 | D ] F:\mct
[28/08/2010 - 17:11:06 | D ] F:\MEDIA
[28/08/2010 - 17:11:10 | D ] F:\mp3
[26/08/2010 - 19:26:46 | RHD ] F:\MSOCache
[27/07/2007 - 12:35:00 | N | 14628] F:\Multiple-Choice-Tests.chm
[29/06/2012 - 15:51:30 | ASH | 2010300416] F:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] F:\PerfLogs
[29/06/2012 - 17:02:57 | D ] F:\Program Files
[25/06/2012 - 21:31:13 | HD ] F:\ProgramData
[27/07/2007 - 14:26:34 | N | 22908] F:\Rechner.chm
[23/06/2011 - 01:12:27 | SHD ] F:\Recovery
[27/08/2010 - 03:28:15 | SHD ] F:\RECYCLER
[28/08/2010 - 17:11:13 | D ] F:\rtf
[26/03/2007 - 10:26:46 | N | 13078] F:\Service.chm
[29/06/2012 - 16:22:29 | SHD ] F:\System Volume Information
[12/06/2011 - 00:09:23 | D ] F:\Temp
[29/06/2012 - 18:08:06 | D ] F:\UsbFix
[29/06/2012 - 18:05:33 | A | 12030] F:\UsbFix.txt
[23/06/2011 - 01:13:47 | D ] F:\Users
[20/10/2010 - 09:22:18 | D ] F:\video
[26/07/2007 - 15:55:56 | N | 13074] F:\Videotraining.chm
[28/06/2012 - 20:42:05 | D ] F:\Windows
[23/06/2011 - 00:52:03 | D ] F:\Windows.old
[10/05/2010 - 05:48:36 | R | 126976] G:\AutoRun.exe
[12/08/2010 - 04:01:50 | R | 47] G:\AUTORUN.INF
[16/08/2010 - 04:42:15 | D ] G:\MTN Internet
[12/08/2010 - 03:57:33 | R | 493246] G:\Startup.ico
[13/08/2010 - 01:58:49 | R | 1413] G:\SysConfig.dat
[13/09/2009 - 05:40:27 | R | 94] G:\autorun.sh
[20/12/2009 - 03:41:45 | R | 4793] G:\install_linux
[16/08/2010 - 04:42:16 | D ] G:\Linux
[27/02/2012 - 19:36:08 | D ] H:\FOUND.000
[08/01/2012 - 15:09:12 | H | 16] H:\AUTORUN.INF
[18/11/2011 - 09:04:12 | N | 0] H:\ymsgr1100_2014_us.exe
[27/02/2012 - 19:36:12 | N | 1530] H:\BOOTEX.LOG
[28/04/2012 - 07:35:02 | N | 28460200] H:\R69636.EXE
[28/09/2009 - 11:09:22 | N | 560749] I:\Samsung_710S_CHB7707L=Compaq_V700.pdf
[29/08/2010 - 17:42:10 | N | 3230078] I:\injection-essence_Miard.pdf
[02/01/2012 - 19:31:46 | D ] I:\.Trash-1000
[05/09/2011 - 15:20:58 | N | 36769] I:\Annonce concours BEAC.pdf
[13/12/2011 - 18:45:24 | D ] I:\asus
[29/08/2010 - 17:28:32 | N | 372308] I:\le circuit electrique.pdf
[27/09/2011 - 15:10:52 | N | 588279] I:\BlueFTP.zip
[03/10/2009 - 18:02:54 | N | 139563] I:\Compaq Monitor Inf Win98.rar
[18/10/2009 - 11:04:50 | N | 180599] I:\COMPAQ2.pdf
[15/10/2009 - 15:35:52 | N | 213755] I:\Compaq_140.djvu
[29/08/2010 - 17:10:32 | N | 200820] I:\le moteur diesel.pdf
[08/12/2010 - 21:59:08 | N | 51712] I:\cv canada.doc
[06/10/2011 - 20:24:20 | N | 47104] I:\cv piwo.doc
[14/01/2010 - 11:01:30 | D ] I:\microemulator-2.0.4
[14/01/2010 - 11:01:30 | D ] I:\microemulator-2.0.4 (2)
[09/04/2012 - 19:06:36 | N | 329233] I:\tutorial.pdf
[29/08/2010 - 16:18:38 | N | 1723039] I:\manuel_freins.pdf
[21/04/2012 - 14:36:58 | D ] I:\futura
[13/12/2011 - 18:47:24 | D ] I:\download
[13/12/2011 - 18:59:50 | D ] I:\drivers
[13/12/2011 - 18:59:52 | D ] I:\Flyback_files
[03/10/2009 - 18:59:00 | N | 7791904] I:\free-3gp-converter_1.0-1_i386.deb
[13/12/2011 - 19:00:34 | D ] I:\fujitsu
[10/09/2008 - 06:05:16 | D ] I:\office 2003
[10/09/2008 - 06:08:14 | D ] I:\Tap'Touche 2.0 (E)
[19/04/2012 - 18:07:22 | D ] I:\avast
[27/06/2010 - 11:15:52 | N | 83710] I:\mXqzzvw.pdf
[22/06/2010 - 16:03:08 | N | 56932] I:\mXyzxrtt.pdf
[10/01/2005 - 18:47:02 | N | 2949093] I:\Photo 006.jpg
[13/12/2011 - 19:12:24 | D ] I:\lampe_files
[10/01/2005 - 18:47:02 | N | 1839889] I:\Photo 007.jpg
[13/12/2011 - 19:12:44 | D ] I:\MANUALS
[08/07/2011 - 18:00:50 | D ] I:\kof2003
[10/01/2005 - 18:47:04 | N | 3260955] I:\Photo 008.jpg
[13/12/2011 - 19:15:08 | D ] I:\Nouveau dossier
[13/12/2011 - 19:15:18 | D ] I:\Nouveau dossier (2)
[03/10/2009 - 09:11:48 | N | 1098028] I:\NT68P61AU
[27/07/2009 - 09:47:12 | N | 1207605] I:\Numériser0004.jpg
[22/11/2011 - 12:03:48 | N | 415274] I:\Opmin65hui202-fox.jar
[03/12/2011 - 13:27:50 | N | 413675] I:\Opmin65hui202-fox.zip
[03/12/2011 - 13:50:02 | N | 355154] I:\Ovi083HUI200b4.jar
[11/10/2009 - 14:45:50 | N | 96308] I:\p1033.pdf
[13/12/2011 - 19:22:26 | D ] I:\panasp70
[09/09/2011 - 15:23:20 | N | 575877] I:\panasp70.zip
[13/12/2011 - 19:22:28 | D ] I:\printthread.php_files
[13/12/2011 - 19:22:28 | D ] I:\s910
[14/06/2001 - 02:30:26 | N | 0] I:\Demarrer.txt
[13/10/2009 - 22:37:34 | N | 97631] I:\Test_de_la_lampe.pdf
[29/08/2010 - 16:34:40 | N | 2033697] I:\Poster_Lohr.pdf
[13/12/2011 - 19:25:50 | D ] I:\Tout sur le surf gratuit au Cameroun1_files
[13/12/2011 - 19:25:54 | D ] I:\Tout sur le surf gratuit au Cameroun_files
[31/08/2011 - 15:36:48 | N | 3986538] I:\tpe_television.pdf
[03/12/2011 - 14:00:54 | N | 475898] I:\UC803Full
[03/12/2011 - 14:05:02 | N | 171548] I:\UC80Mini
[10/09/2008 - 05:53:42 | D ] I:\cours de maintenance
[21/12/2010 - 05:52:54 | D ] I:\Jet Audio v7.0.5.3040 Plus VX
[09/06/2012 - 19:25:18 | D ] I:\huawei
[29/08/2010 - 17:54:00 | N | 167038] I:\TI80MM2_01.pdf
[09/04/2012 - 19:12:18 | N | 1310767] I:\ToadForOracle_BeginnersGuide.pdf
[10/01/2005 - 01:48:06 | D ] I:\hp compact d530
[09/06/2012 - 18:27:34 | N | 170656] I:\arrete-ministeriel.pdf
[09/06/2012 - 19:05:52 | D ] I:\jar samsung
[09/06/2012 - 18:30:16 | N | 35148] I:\domaines-12-16.pdf
[09/06/2012 - 19:38:32 | D ] I:\mtn
[17/12/2011 - 19:54:20 | D ] I:\diam's
[17/12/2011 - 19:47:16 | D ] I:\Rihanna - Loud [2010-MP3-Cov][Bubanee]
[17/12/2011 - 19:52:56 | D ] I:\trey songz
[17/12/2011 - 19:53:10 | D ] I:\usher
[17/12/2011 - 19:53:46 | D ] I:\Usher - Raymond V. Raymond (Full Album) 2010
[17/12/2011 - 19:53:14 | D ] I:\x-maleya
[17/12/2011 - 19:53:14 | D ] I:\zaho
[22/12/2011 - 07:43:16 | D ] I:\FALLY IPUPA
[09/04/2012 - 18:55:28 | N | 406865] I:\datasheet1.pdf
[09/04/2012 - 18:58:16 | N | 586926] I:\datasheet3.pdf
[09/10/2009 - 14:40:46 | D ] I:\Zuma_s_Revenge
[22/12/2011 - 08:14:24 | D ] I:\KOFFI
[09/04/2012 - 19:02:24 | N | 409653] I:\datasheet4.pdf
[21/04/2012 - 14:19:10 | N | 43608] I:\voici la méthode de dépannage des frigos américains Samsung.pdf
[21/04/2012 - 14:23:10 | N | 32521] I:\tec_dep_03.pdf
[21/04/2012 - 14:24:26 | N | 44313] I:\Tester_Mosfet_P&N.pdf
[21/04/2012 - 14:25:50 | N | 217036] I:\Utilisation_multimetre_01.pdf
[21/04/2012 - 14:27:20 | N | 216940] I:\R3652_R3483_chassis_EM2.pdf
[21/04/2012 - 14:34:44 | N | 1235376] I:\Mesures_BU.pdf
[21/04/2012 - 14:35:54 | N | 408795] I:\Decharge_condensateur_tete.pdf
[21/04/2012 - 14:37:18 | N | 527563] I:\Techniques de dépannages écrans plats.pdf
[21/04/2012 - 14:49:56 | N | 1664036] I:\atv31_programming_manual_fr_v1.pdf
[21/04/2012 - 15:11:20 | N | 227328] I:\bestandsliste_diverse.doc
[02/02/2012 - 19:35:44 | D ] I:\maj avast 6
[04/01/2012 - 17:24:04 | D ] I:\apps
[09/01/2012 - 17:48:24 | N | 54424] I:\learnenglish-podcasts-elementary-03-12-support-pack.pdf
[09/01/2012 - 17:47:48 | N | 43752] I:\learnenglish-podcasts-elementary-03-12-transcript.pdf
[09/01/2012 - 17:52:40 | N | 53841] I:\learnenglish-podcasts-elementary-03-10-support-pack.pdf
[09/01/2012 - 17:53:50 | N | 43941] I:\learnenglish-podcasts-elementary-03-10-transcript.pdf
[09/01/2012 - 17:45:24 | N | 56637] I:\learnenglish-podcasts-elementary-03-11-support-pack.pdf
[09/01/2012 - 17:46:26 | N | 43441] I:\learnenglish-podcasts-elementary-03-11-transcript.pdf
[23/04/2011 - 11:32:12 | D ] I:\Dictionnaire bilingue Hachette
[29/08/2010 - 16:24:38 | N | 2548786] I:\ab_manual-f.pdf
[29/08/2010 - 18:04:08 | N | 300601] I:\ballumage.pdf
[29/08/2010 - 17:24:08 | N | 178072] I:\BL 3 FT 3.pdf
[29/08/2010 - 17:29:04 | N | 11881] I:\circuitelecvoiture.pdf
[29/08/2010 - 18:06:28 | N | 2019757] I:\Cours10.pdf
[29/08/2010 - 17:04:08 | N | 4031457] I:\Cours13.pdf
[29/08/2010 - 17:53:02 | N | 1724351] I:\diesel.pdf
[29/08/2010 - 16:40:58 | N | 340103] I:\freinage-hydraulique-citroen.pdf
[29/08/2010 - 17:37:18 | N | 4169667] I:\generalites de l'injection essence.pdf
[29/08/2010 - 17:56:42 | N | 1187739] I:\inj_k.pdf
[03/02/2012 - 00:43:36 | N | 65536] I:\cv xavier.doc
[03/02/2012 - 23:35:04 | N | 11808] I:\lettre de motivation.docx
[05/02/2012 - 19:29:12 | N | 50688] I:\carte de visite.pub
[11/02/2012 - 15:33:20 | D ] I:\free-mtn-du-dimanche-6-12h-t625_files
[11/02/2012 - 15:35:52 | N | 2891] I:\UCBrowser_V7.8.0.95_BB4.2_pf160_(Build11080311).jad
[04/02/2012 - 12:04:04 | N | 399330] I:\shM332HUI202dzebb.jar
[11/02/2012 - 15:40:16 | N | 213717] I:\shmessenger_317_mod-330877.jar
[11/02/2012 - 15:53:04 | N | 3826463] I:\BSCJartoALXSetup1_31.zip
[16/01/2008 - 15:19:50 | D ] I:\BSC - JAR 2 ALX 1_3
[14/01/2010 - 17:13:24 | N | 1643696] I:\microemulator-2.0.4.zip
[16/02/2011 - 23:20:26 | N | 330214] I:\openjdk-6-jre_6b18-1.8.3-2~lenny1_ia64.deb
[21/03/2012 - 15:54:52 | D ] I:\piwo
[07/04/2012 - 19:59:44 | D ] I:\interface odb
[09/04/2012 - 18:35:32 | N | 130048] I:\QUART TV2K.pdf
[09/04/2012 - 18:40:58 | N | 272649] I:\0dpfjkrclli7xto7oxxsrczx9o3y.pdf
[09/04/2012 - 18:45:16 | N | 374968] I:\CD00144872.pdf
[09/04/2012 - 18:51:34 | N | 125004] I:\0gdqo90sxy1aue0huoajk8cz76fy.pdf
[09/04/2012 - 18:53:24 | N | 24954] I:\datasheet.pdf
[27/06/2012 - 12:27:04 | D ] J:\script27juin_2012
[16/05/2012 - 15:07:02 | N | 184508] J:\Microsoft.dat
[28/12/2008 - 18:43:08 | N | 18] J:\Afficher.bat
[10/01/2005 - 13:50:56 | D ] J:\dossier_pb
[25/06/2012 - 11:48:54 | D ] J:\ADM1
[20/06/2012 - 11:38:00 | N | 146811] J:\mer20_les13.LST
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | Upload |
Please send the file: F:\UsbFix_Upload_Me_NCHEGEH-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.
################## | E.O.F |
je retrouve maintenant tous dans ma clé. merci a vous et a ccm. pouvez vous m indiqué comment cela fonctionne. comme ça prochainement je me debrouille seul. merci
Re
1)Envoie ce fichier comme demandé:
Please send the file: F:\UsbFix_Upload_Me_NCHEGEH-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.
2)Je te propose de faire une anlyse plus complète de ton PC
Pour cela:
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Serveur N°2
Ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
https://www.cjoint.com/
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
1)Envoie ce fichier comme demandé:
Please send the file: F:\UsbFix_Upload_Me_NCHEGEH-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.
2)Je te propose de faire une anlyse plus complète de ton PC
Pour cela:
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Serveur N°2
Ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
https://www.cjoint.com/
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
Re
1)Met à jour Windows via Windows Update
2)Met à jour Firefox (version 13.0.1)
3)Tu habites ou?
Au Cameroun?
4)Installe Adobe flash player
5)Installe Java
@+
1)Met à jour Windows via Windows Update
2)Met à jour Firefox (version 13.0.1)
3)Tu habites ou?
Au Cameroun?
4)Installe Adobe flash player
5)Installe Java
@+
