############################## | UsbFix V 7.123 | [Suppression] Utilisateur: Remy (Administrateur) # PC-DE-REMY Mis à jour le 19/04/2013 par El Desaparecido Lancé à 22:27:33 | 22/04/2013 Site Web: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: Acer (Aspire 7720Z ) (X86-based PC) CPU: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz (1733) RAM -> [Total : 2037 | Free : 854] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Antivirus [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 112 Go (3 Go libre(s) - 3%) [ACER] # NTFS D:\ -> Disque fixe # 111 Go (111 Go libre(s) - 100%) [DATA] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [USB DISK] # FAT32 ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe HKLM\SOFTWARE | Run : [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe HKLM\SOFTWARE | Run : [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe HKLM\SOFTWARE | Run : [eAudio] - "C:\Acer\Empowering Technology\eAudio\eAudio.exe" HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1369183909-2135498852-2888394407-1000\SOFTWARE | Run : [Acer Tour Reminder] - HKU\S-1-5-21-1369183909-2135498852-2888394407-1000\SOFTWARE | Run : [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe ################## | Processus Stoppés | Stoppé! C:\Windows\system32\SLsvc.exe (1324) Stoppé! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1800) Stoppé! C:\Windows\System32\spoolsv.exe (1944) Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1060) Stoppé! C:\Acer\ALaunch\ALaunchSvc.exe (2116) Stoppé! C:\Windows\system32\taskeng.exe (2196) Stoppé! C:\Program Files\Google\Update\GoogleUpdate.exe (2272) Stoppé! C:\Windows\system32\taskeng.exe (2280) Stoppé! C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (2640) Stoppé! C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (2676) Stoppé! C:\Program Files\Windows Defender\MSASCui.exe (2708) Stoppé! C:\Windows\RtHDVCpl.exe (2812) Stoppé! C:\Acer\Empowering Technology\eNet\eNet Service.exe (2820) Stoppé! C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (2884) Stoppé! C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (2928) Stoppé! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2992) Stoppé! C:\Program Files\ma-config.com\MaConfigAgent.exe (3036) Stoppé! C:\Acer\Empowering Technology\eAudio\eAudio.exe (3056) Stoppé! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3064) Stoppé! C:\Acer\Mobility Center\MobilityService.exe (3224) Stoppé! C:\Windows\System32\hkcmd.exe (3260) Stoppé! C:\Windows\System32\igfxpers.exe (3304) Stoppé! C:\Program Files\CyberLink\Shared Files\RichVideo.exe (3412) Stoppé! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3444) Stoppé! C:\Program Files\Windows Media Player\wmpnscfg.exe (3456) Stoppé! C:\Windows\system32\igfxsrvc.exe (3596) Stoppé! C:\Users\Remy\AppData\Local\Temp\RtkBtMnt.exe (3848) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2492) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1568) Stoppé! C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (1708) Stoppé! C:\Windows\system32\SearchIndexer.exe (2976) Stoppé! C:\Windows\system32\DRIVERS\xaudio.exe (3320) Stoppé! C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (3364) Stoppé! C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (3744) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (4260) Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (4428) Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (4780) Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (5472) Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (6112) Stoppé! C:\Windows\System32\WUDFHost.exe (5744) Stoppé! C:\Windows\system32\conime.exe (2536) Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (5912) ################## | Éléments infectieux | Supprimé! C:\Users\Remy\AppData\Local\Temp\RtkBtMnt.exe (!) Fichiers temporaires supprimés. ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{24c52b68-a88a-11de-bf03-eb2d4957fa45} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{8ff29acc-8ea3-11de-9b2e-ad631709f71e} ################## | Listing | [11/07/2012 - 01:22:51 | SHD ] C:\$RECYCLE.BIN [10/08/2007 - 09:34:33 | N | 3380] C:\-20070810.log [24/04/2008 - 19:10:43 | D ] C:\Acer [22/04/2013 - 18:29:10 | N | 15231] C:\AdwCleaner[R1].txt [22/04/2013 - 21:13:59 | N | 14997] C:\AdwCleaner[S1].txt [18/09/2006 - 23:43:36 | N | 24] C:\autoexec.bat [10/08/2007 - 16:40:27 | D ] C:\Book [01/07/2011 - 07:44:28 | SHD ] C:\Boot [11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr [10/08/2007 - 16:43:42 | N | 8192] C:\BOOTSECT.BAK [21/04/2013 - 21:27:24 | D ] C:\Config.Msi [18/09/2006 - 23:43:37 | N | 10] C:\config.sys [02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings [23/02/2008 - 15:44:21 | D ] C:\DRV [22/04/2013 - 21:17:18 | ASH | 2137063424] C:\hiberfil.sys [10/08/2007 - 08:25:09 | D ] C:\Intel [16/08/2005 - 09:49:12 | N | 40960] C:\junction.exe [29/11/2006 - 17:35:22 | N | 512] C:\MDR.iss [10/08/2007 - 09:52:33 | RHD ] C:\MSOCache [19/04/2013 - 14:29:44 | D ] C:\MyWorks [22/04/2013 - 21:17:16 | ASH | 2450857984] C:\pagefile.sys [27/06/2008 - 19:53:20 | D ] C:\PerfLogs [21/04/2013 - 21:24:30 | N | 512] C:\PhysicalDisk0_MBR.bin [22/04/2013 - 21:13:46 | D ] C:\Program Files [22/04/2013 - 21:13:45 | HD ] C:\ProgramData [10/08/2007 - 08:32:22 | N | 420] C:\RHDSetup.log [23/05/2008 - 18:16:18 | N | 159] C:\Setup.log [22/04/2013 - 18:52:51 | SHD ] C:\System Volume Information [12/07/2008 - 02:24:04 | N | 632890] C:\SystemEvent.log [22/04/2013 - 22:29:07 | D ] C:\UsbFix [22/04/2013 - 22:29:25 | A | 7311] C:\UsbFix [Clean 1] PC-DE-REMY.txt [22/04/2013 - 21:26:51 | N | 6769] C:\UsbFix [Scan 1] PC-DE-REMY.txt [24/04/2008 - 19:09:02 | D ] C:\Users [24/04/2008 - 19:10:11 | N | 1147844] C:\vcredist_x86.log [22/04/2013 - 21:13:49 | D ] C:\Windows [12/07/2008 - 02:23:18 | N | 32004] C:\WinSSEvent.log [21/04/2013 - 21:24:32 | D ] C:\ZHP [24/04/2008 - 19:10:33 | SHD ] D:\$RECYCLE.BIN [23/02/2008 - 06:13:23 | D ] D:\erData [23/02/2008 - 06:02:19 | SHD ] D:\System Volume Information [27/03/2013 - 17:19:10 | RASHD ] F:\Autorun.inf ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.org |