############################## | UsbFix V 7.128 | [Suppression] Utilisateur: Barrot (Administrateur) # BARROT-PC Mis à jour le 20/06/2013 par El Desaparecido Lancé à 03:50:51 | 22/06/2013 Site Web: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/forum-virus-securite/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Acer (Aspire M3900) (x64-based PC) CPU: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz (3003) RAM -> [Total : 4095 | Free : 2357] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16618 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Internet Security [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 456 Go (93 Go libre(s) - 20%) [Acer] # NTFS D:\ -> Disque fixe # 456 Go (39 Go libre(s) - 9%) [DATA] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 7 Go (4 Go libre(s) - 54%) [CAROLE&PHIL] # FAT32 ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" HKLM\SOFTWARE | Run : [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe HKLM\SOFTWARE | Run : [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe HKLM\SOFTWARE | Run : [MDS_Menu] - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" HKLM\SOFTWARE | Run : [ArcadeMovieService] - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" HKLM\SOFTWARE | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" 196609 HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" HKLM\SOFTWARE\wow6432Node | Run : [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe HKLM\SOFTWARE\wow6432Node | Run : [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe HKLM\SOFTWARE\wow6432Node | Run : [MDS_Menu] - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" HKLM\SOFTWARE\wow6432Node | Run : [ArcadeMovieService] - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" HKLM\SOFTWARE\wow6432Node | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" 196609 HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2321249593-2777871323-1087615088-1001\SOFTWARE | Run : [msnmsgr] - ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Processus Stoppés | Stoppé! C:\Windows\system32\nvvsvc.exe (924) Stoppé! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (948) Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1356) Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1412) Stoppé! C:\Windows\system32\nvvsvc.exe (1432) Stoppé! C:\Program Files\AVAST Software\Avast\afwServ.exe (1444) Stoppé! C:\Windows\System32\spoolsv.exe (1920) Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1136) Stoppé! C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (1456) Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1504) Stoppé! C:\Windows\system32\taskhost.exe (2228) Stoppé! C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (2764) Stoppé! C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (2824) Stoppé! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (3052) Stoppé! C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (2396) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2692) Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2788) Stoppé! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (556) Stoppé! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2756) Stoppé! C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (3332) Stoppé! C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (3344) Stoppé! C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (3400) Stoppé! C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (3500) Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3540) Stoppé! C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3772) Stoppé! C:\Windows\system32\SearchIndexer.exe (3924) Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4048) Stoppé! C:\Windows\System32\WUDFHost.exe (3212) Stoppé! C:\Windows\System32\WUDFHost.exe (3300) Stoppé! C:\Windows\system32\DeviceDisplayObjectProvider.exe (2936) Stoppé! C:\Windows\system32\DXPServer.exe (3248) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (4576) Stoppé! C:\Windows\system32\msiexec.exe (4976) Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (2680) Stoppé! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (3712) Stoppé! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (4560) Stoppé! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (4168) ################## | Éléments infectieux | (!) Fichiers temporaires supprimés. ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{f4688339-5adc-11e1-a86a-1078d29e0203} ################## | Listing | [05/02/2012 - 19:46:32 | SHD ] C:\$Recycle.Bin [03/02/2012 - 03:19:13 | D ] C:\book [27/08/2010 - 10:24:59 | N | 8192] C:\BOOTSECT.BAK [22/06/2013 - 03:48:04 | D ] C:\Config.Msi [17/05/2013 - 01:37:11 | N | 246] C:\DelFix.txt [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings [22/06/2013 - 03:13:22 | ASH | 3220549632] C:\hiberfil.sys [27/08/2010 - 09:32:19 | D ] C:\Intel [23/09/2012 - 11:08:12 | RHD ] C:\MSOCache [11/05/2012 - 03:19:09 | D ] C:\MyWinLockerData [10/03/2013 - 06:53:51 | D ] C:\OEM [22/06/2013 - 03:13:27 | ASH | 4294066176] C:\pagefile.sys [14/07/2009 - 05:20:08 | D ] C:\PerfLogs [22/06/2013 - 03:20:36 | N | 512] C:\PhysicalDisk0_MBR.bin [18/06/2013 - 23:54:03 | D ] C:\Program Files [19/06/2013 - 17:50:56 | D ] C:\Program Files (x86) [19/06/2013 - 17:33:17 | HD ] C:\ProgramData [29/03/2013 - 01:54:58 | N | 28876] C:\PureRa.txt [03/02/2012 - 03:50:42 | SHD ] C:\Recovery [22/06/2013 - 03:47:02 | SHD ] C:\System Volume Information [22/06/2013 - 03:52:53 | D ] C:\UsbFix [22/06/2013 - 03:53:10 | A | 7948] C:\UsbFix [Clean 2] BARROT-PC.txt [03/02/2012 - 06:14:31 | D ] C:\Users [20/06/2013 - 19:55:27 | D ] C:\Windows [22/06/2013 - 03:17:33 | D ] C:\ZHP [28/03/2012 - 01:20:21 | SHD ] D:\$RECYCLE.BIN [28/02/2013 - 16:24:41 | D ] D:\1-Casey [28/02/2013 - 16:25:03 | D ] D:\2-Tom [28/02/2013 - 16:25:21 | D ] D:\3-K [28/02/2013 - 16:25:34 | D ] D:\4-Phil [11/03/2013 - 22:06:33 | N | 31552] D:\588.PNG [02/02/2012 - 04:01:22 | RASHD ] D:\Autorun.inf [25/04/2013 - 19:54:34 | N | 954966] D:\Capture.PNG 22.PNG [17/04/2013 - 19:36:02 | N | 532875] D:\DSC02034.JPG [12/04/2013 - 17:04:05 | N | 472195] D:\DSC02046 (2).JPG [17/04/2013 - 19:37:31 | N | 1762819] D:\DSC02046.JPG [13/04/2013 - 02:36:53 | N | 143975] D:\DSC_0012-1.jpg [28/02/2013 - 16:22:43 | D ] D:\Films [28/02/2013 - 17:12:35 | D ] D:\Films Renews [12/01/2013 - 22:29:08 | N | 382282] D:\MidiLibre Tom.PNG [31/05/2013 - 16:51:33 | D ] D:\Musique [05/06/2013 - 21:55:45 | D ] D:\Photos+ Vidéos Famille [10/10/2007 - 15:53:45 | SHD ] D:\System Volume Information [01/05/2013 - 01:27:58 | D ] D:\Toons Karaoké [20/06/2013 - 00:05:58 | N | 181833152] F:\Aux Frontieres Du Temps documentaire complet science.avi [18/06/2013 - 21:51:42 | N | 241261168] F:\DOCUMENTAIRE LES CATHARES Inquisition hérésie.FLV.avi [01/01/1980 - 00:00:00 | N | 21] F:\.cm0013 [09/05/2013 - 15:46:52 | N | 1236860946] F:\Annika.Bengtzon.4.Le.loup.rouge.[emule-island.ru].avi [20/06/2013 - 06:32:58 | N | 425311954] F:\OVNIS,UFOs De 1945 à 2012 Tout ce que nous Savons.avi [20/06/2013 - 15:35:46 | N | 143389194] F:\Ovnis Classé secret-défense.avi [26/03/2013 - 06:06:56 | N | 735183688] F:\Guns.Girls.and.Gambling.2011.FRENCH.DVDRip.XviD-TMB-By.eMulik.[emule-island.ru].avi [26/04/2013 - 20:46:24 | N | 733794304] F:\Holly.Rollers.2010.TRUEFRENCH.DVDRiP.XviD-AUTOPSiE.By.Phoenix.[emule-island.ru].avi ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.net |