############################## | UsbFix V 7.130 | [Deletion]

User: Administrateur (Administrator) # BE15B
Updated 20/08/2013 by El Desaparecido
Started at 08:40:55 | 25/04/2014

Website: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net

PC: System manufacturer (System Product Name) (x64-based PC)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
CPU: Processeur Intel(R) Pentium(R) III Xeon (3006)
RAM -> [Total : 4095 | Free : 3133]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft(R) Windows(R) XP Professionnel Edition x64 (5.2.3790 64-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.3790.1830

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 233 Gb (49 Mb free - 21%) [] # NTFS
D:\ -> Removable drive # 15 Gb (5 Mb free - 35%) [KINGSTON] # FAT32
E:\ -> Removable drive # 7 Gb (3 Mb free - 41%) [] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [Device Detector] - DevDetect.exe -autorun
HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-19\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe

################## | Stopped processes |

Stopped! C:\WINDOWS\explorer.exe (1836)

################## | Files # Infected Folders |

Not deleted ! X:\autorun.inf
Not deleted ! X:\snkb0pt\desktop.ini
Not deleted ! X:\snkb0pt\snkb0pt.exe
Not deleted ! X:\snkb0pt
Not deleted ! Y:\autorun.inf
Not deleted ! Y:\snkb0pt\desktop.ini
Not deleted ! Y:\snkb0pt\snkb0pt.exe
Not deleted ! Y:\snkb0pt
Not deleted ! Z:\autorun.inf
Not deleted ! Z:\snkb0pt\desktop.ini
Not deleted ! Z:\snkb0pt\snkb0pt.exe
Not deleted ! Z:\snkb0pt

(!) Temporary files deleted.

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[23/04/2014 - 12:05:23 | D ] 	C:\0201E14a-CN
[07/10/2013 - 13:13:53 | N | 4358316] 	C:\5Za01300
[22/11/2010 - 15:21:01 | D ] 	C:\841a925b9e1a01b75d0eff7b62
[23/04/2014 - 14:00:58 | D ] 	C:\AdwCleaner
[11/03/2009 - 16:03:12 | N | 0] 	C:\AUTOEXEC.BAT
[25/04/2014 - 08:40:18 | RASHD ] 	C:\Autorun.inf
[11/03/2009 - 15:58:56 | N | 213] 	C:\boot.ini
[03/09/2012 - 14:41:30 | D ] 	C:\Brother
[11/03/2009 - 16:03:12 | N | 0] 	C:\CONFIG.SYS
[15/12/2009 - 14:33:24 | D ] 	C:\Crack
[02/04/2014 - 15:20:24 | D ] 	C:\CT
[24/04/2014 - 13:56:05 | N | 120] 	C:\Documents
[04/04/2014 - 10:45:54 | D ] 	C:\Documents and Settings
[02/08/2013 - 13:43:25 | N | 1203391] 	C:\eof.txt
[09/03/2011 - 10:56:43 | D ] 	C:\GTI
[11/03/2009 - 16:34:23 | D ] 	C:\Intel
[11/03/2009 - 16:03:12 | N | 0] 	C:\IO.SYS
[02/12/2006 - 00:37:14 | N | 904704] 	C:\msdia80.dll
[11/03/2009 - 16:03:12 | N | 0] 	C:\MSDOS.SYS
[06/02/2013 - 10:46:19 | RHD ] 	C:\MSOCache
[18/02/2007 - 14:00:00 | N | 47772] 	C:\NTDETECT.COM
[18/02/2007 - 14:00:00 | N | 297072] 	C:\ntldr
[24/04/2014 - 11:23:02 | ASH | 6439305216] 	C:\pagefile.sys
[04/04/2014 - 11:34:47 | D ] 	C:\Program Files
[24/04/2014 - 11:59:23 | D ] 	C:\Program Files (x86)
[06/02/2013 - 10:25:48 | SHD ] 	C:\RECYCLER
[04/04/2014 - 11:44:09 | D ] 	C:\SolidWorks Data
[21/02/2014 - 09:47:45 | D ] 	C:\SUIVI BEST CN
[13/03/2009 - 10:46:16 | D ] 	C:\System
[11/03/2009 - 16:06:41 | SHD ] 	C:\System Volume Information
[18/04/2014 - 12:22:52 | D ] 	C:\temp
[25/04/2014 - 08:41:34 | D ] 	C:\UsbFix
[17/04/2014 - 18:27:46 | N | 6919] 	C:\UsbFix [Clean 10] BE15B.txt
[18/04/2014 - 07:40:01 | N | 6469] 	C:\UsbFix [Clean 11] BE15B.txt
[21/04/2014 - 17:45:18 | N | 7828] 	C:\UsbFix [Clean 12] BE15B.txt
[24/04/2014 - 10:01:27 | N | 7251] 	C:\UsbFix [Clean 13] BE15B.txt
[24/04/2014 - 11:52:27 | N | 8385] 	C:\UsbFix [Clean 14] BE15B.txt
[23/04/2014 - 12:28:46 | N | 9850] 	C:\UsbFix [Clean 15] BE15B.txt
[23/04/2014 - 13:51:23 | N | 9015] 	C:\UsbFix [Clean 16] BE15B.txt
[23/04/2014 - 13:55:06 | N | 9498] 	C:\UsbFix [Clean 17] BE15B.txt
[24/04/2014 - 10:06:09 | N | 11746] 	C:\UsbFix [Clean 18] BE15B.txt
[24/04/2014 - 11:57:10 | N | 12750] 	C:\UsbFix [Clean 19] BE15B.txt
[15/11/2013 - 19:06:50 | N | 6735] 	C:\UsbFix [Clean 1] BE15B.txt
[24/04/2014 - 11:58:27 | N | 11816] 	C:\UsbFix [Clean 20] BE15B.txt
[25/04/2014 - 08:15:14 | N | 14310] 	C:\UsbFix [Clean 21] BE15B.txt
[25/04/2014 - 08:16:33 | N | 14116] 	C:\UsbFix [Clean 22] BE15B.txt
[25/04/2014 - 08:17:52 | N | 14185] 	C:\UsbFix [Clean 23] BE15B.txt
[25/04/2014 - 08:40:18 | N | 15026] 	C:\UsbFix [Clean 24] BE15B.txt
[25/04/2014 - 08:41:47 | A | 6505] 	C:\UsbFix [Clean 25] BE15B.txt
[07/01/2014 - 19:41:11 | N | 8325] 	C:\UsbFix [Clean 2] BE15B.txt
[07/02/2014 - 19:05:26 | N | 5965] 	C:\UsbFix [Clean 3] BE15B.txt
[12/03/2014 - 17:07:30 | N | 3561] 	C:\UsbFix [Clean 4] BE15B.txt
[12/03/2014 - 17:44:23 | N | 6348] 	C:\UsbFix [Clean 5] BE15B.txt
[02/04/2014 - 12:50:32 | N | 7818] 	C:\UsbFix [Clean 6] BE15B.txt
[09/04/2014 - 17:17:45 | N | 8119] 	C:\UsbFix [Clean 7] BE15B.txt
[11/04/2014 - 13:53:25 | N | 8709] 	C:\UsbFix [Clean 8] BE15B.txt
[11/04/2014 - 17:45:54 | N | 8500] 	C:\UsbFix [Clean 9] BE15B.txt
[18/04/2014 - 07:38:28 | N | 4382] 	C:\UsbFix [Scan 1] BE15B.txt
[23/04/2014 - 13:56:50 | N | 4093] 	C:\UsbFix [Scan 2] BE15B.txt
[24/04/2014 - 14:11:39 | N | 4142] 	C:\UsbFix [Scan 3] BE15B.txt
[24/04/2014 - 14:12:35 | N | 4285] 	C:\UsbFix [Scan 4] BE15B.txt
[24/04/2014 - 14:43:31 | N | 4499] 	C:\UsbFix [Scan 5] BE15B.txt
[02/04/2014 - 15:20:24 | D ] 	C:\WINDOWS
[20/01/2014 - 21:17:54 | N | 4096] 	D:\._.Trashes
[09/07/2012 - 10:49:36 | N | 1642866] 	D:\IMG_4249.JPG
[02/01/2014 - 14:38:46 | D ] 	D:\CN
[05/02/2014 - 11:27:38 | D ] 	D:\DOSSIER ICPE - VERITAS
[31/01/2014 - 07:50:00 | N | 4096] 	D:\._Plaque porte.pptx
[20/01/2014 - 21:17:54 | HD ] 	D:\.Trashes
[20/01/2014 - 21:17:54 | D ] 	D:\.Spotlight-V100
[20/01/2014 - 21:17:54 | D ] 	D:\.fseventsd
[09/07/2012 - 10:49:38 | N | 1661286] 	D:\IMG_4250.JPG
[24/09/2012 - 15:11:02 | N | 1448491] 	D:\33.jpg
[20/01/2014 - 22:04:28 | N | 294] 	D:\.apdisk
[19/09/2002 - 11:30:34 | N | 589014] 	D:\minicats interieur004.JPG
[31/01/2014 - 07:50:00 | N | 4096] 	D:\._Plaque porte BE.pptx
[10/01/2003 - 11:27:42 | N | 27651] 	D:\minicats interieur006.JPG
[28/02/2009 - 10:33:30 | N | 1505458] 	D:\P1060354.JPG
[06/02/2014 - 15:01:58 | N | 2564714] 	D:\Toit complet V3.IGS
[04/02/2014 - 14:15:56 | N | 1893052] 	D:\Toit complet V1.IGS
[06/02/2014 - 15:09:34 | SHD ] 	D:\System Volume Information
[22/11/2010 - 18:33:16 | N | 179987] 	D:\NV01M01eP02.pdf
[26/02/2014 - 22:18:54 | D ] 	D:\Gallerie
[17/03/2014 - 10:06:38 | N | 961431] 	D:\Plaque porte BE.pptx
[07/02/2014 - 15:14:54 | N | 149874] 	D:\Plaque porte BE 07-02-2014.jpg
[26/02/2014 - 22:53:44 | D ] 	D:\.TemporaryItems
[26/02/2014 - 22:53:44 | N | 4096] 	D:\._.TemporaryItems
[26/02/2014 - 23:56:48 | D ] 	D:\PSA
[26/02/2014 - 23:57:04 | D ] 	D:\One gallerie
[26/02/2014 - 23:57:04 | D ] 	D:\AIRPOD GALLERIE
[21/11/2011 - 16:59:32 | N | 38912] 	D:\CALCULA ACV COMP.xls
[18/03/2014 - 10:37:24 | D ] 	D:\Iphone Cyril
[19/03/2014 - 13:41:00 | N | 4709160] 	D:\IMG_1370.MOV
[07/03/2014 - 17:03:04 | N | 1524825] 	D:\Plaque porte.pptx
[17/03/2014 - 09:40:10 | N | 147791] 	D:\Plaque porte BE 1703-2014.jpg
[19/03/2014 - 13:41:16 | N | 719546] 	D:\photo1.JPG
[19/03/2014 - 13:41:44 | N | 781713] 	D:\photo2.JPG
[19/03/2014 - 13:41:56 | N | 673344] 	D:\photo3.JPG
[19/03/2014 - 13:42:16 | N | 633342] 	D:\photo.JPG
[19/03/2014 - 18:13:06 | D ] 	D:\Dessin GN 53
[19/03/2014 - 22:12:32 | N | 4096] 	D:\._IMG_1370.MOV
[21/03/2014 - 12:18:36 | N | 213592] 	D:\Valorisation du Groupe MDI Anglais.docx
[21/03/2014 - 17:26:20 | N | 47377] 	D:\trumptus.docx
[27/03/2014 - 15:41:02 | D ] 	D:\Egypt
[27/03/2014 - 17:59:26 | N | 6729216] 	D:\MASTER LICENCE TUK TUK.ppt
[25/04/2014 - 08:40:20 | RASHD ] 	D:\Autorun.inf
[27/03/2014 - 18:00:52 | N | 1971389] 	D:\MASTER LICENCE TUK TUK.pdf
[24/04/2014 - 15:30:36 | N | 2191] 	D:\RKreport[0]_S_04242014_152823.txt
[22/01/2014 - 12:53:50 | D ] 	D:\MDI
[30/01/2014 - 11:46:50 | D ] 	D:\Textes
[31/01/2014 - 16:51:16 | N | 147975] 	D:\Plaque porte BE.jpg
[04/02/2014 - 17:49:04 | N | 14014825] 	D:\bak_040214.txt
[05/02/2014 - 08:05:30 | D ] 	D:\Pointeurse etc
[09/07/2012 - 10:49:26 | N | 1660995] 	D:\IMG_4247.JPG
[09/07/2012 - 16:40:58 | N | 1238155] 	D:\IMG_4248.jpg
[14/10/2013 - 20:33:00 | HD ] 	E:\.Trashes
[02/04/2014 - 19:07:28 | D ] 	E:\.fseventsd
[03/12/2013 - 19:56:20 | D ] 	E:\MDI
[04/04/2014 - 10:38:18 | N | 86421] 	E:\AGL_001.TXT
[14/10/2013 - 20:33:00 | N | 4096] 	E:\._.Trashes
[14/10/2013 - 20:33:02 | D ] 	E:\.Spotlight-V100
[14/10/2013 - 20:35:36 | D ] 	E:\.TemporaryItems
[14/10/2013 - 20:35:36 | N | 4096] 	E:\._.TemporaryItems
[14/10/2013 - 20:35:36 | N | 293] 	E:\.apdisk
[14/10/2013 - 20:35:36 | N | 4096] 	E:\._.apdisk
[04/11/2013 - 12:13:28 | D ] 	E:\CN
[04/04/2014 - 10:25:34 | N | 44942] 	E:\AGL_001a.TXT
[25/04/2014 - 08:40:20 | RASHD ] 	E:\Autorun.inf
[14/04/2014 - 16:49:17 | D ] 	X:\Membres BEST
[11/02/2014 - 12:21:10 | D ] 	X:\21P04
[04/04/2014 - 14:15:01 | D ] 	X:\snkb0pt
[20/02/2014 - 18:37:59 | A | 6312960] 	X:\suivi journalier.xls
[03/04/2007 - 14:46:19 |  | 1723] 	X:\eaglerc.usr
[20/10/2009 - 13:17:02 | A | 11520054] 	X:\Came fantome.bmp
[14/10/2009 - 19:49:35 | A | 6436047] 	X:\Analyse comparative - dossier - Annexes.pdf
[25/03/2014 - 10:29:55 | D ] 	X:\Bibliotheque
[28/02/2014 - 10:22:31 | D ] 	X:\44P08
[27/02/2014 - 18:28:06 | D ] 	X:\44P13
[07/09/2012 - 11:54:03 | D ] 	X:\R&D sur serveur-be (Serveur-be) (2)
[11/04/2013 - 15:24:12 | D ] 	X:\Informatique
[18/10/2013 - 18:28:18 | D ] 	X:\20P07
[07/09/2012 - 11:54:03 | D ] 	X:\R&D sur serveur-be (Serveur-be)
[29/08/2013 - 13:30:30 | D ] 	X:\organisation
[24/01/2014 - 11:11:05 | D ] 	X:\04R02
[29/11/2013 - 16:04:03 | D ] 	X:\Programmes
[24/04/2014 - 11:44:22 | A | 4228] 	X:\autorun.inf
[24/04/2014 - 11:44:22 |  | 1527] 	X:\..lnk
[24/04/2014 - 11:44:23 |  | 1529] 	X:\...lnk
[24/04/2014 - 11:44:23 |  | 1549] 	X:\Membres BEST.lnk
[24/04/2014 - 11:44:23 |  | 1535] 	X:\21P04.lnk
[24/04/2014 - 11:44:24 |  | 1549] 	X:\Bibliotheque.lnk
[24/04/2014 - 11:44:25 |  | 1535] 	X:\44P08.lnk
[24/04/2014 - 11:44:25 |  | 1535] 	X:\44P13.lnk
[24/04/2014 - 11:44:25 |  | 1595] 	X:\R&D sur serveur-be (Serveur-be) (2).lnk
[24/04/2014 - 11:44:26 |  | 1549] 	X:\Informatique.lnk
[24/04/2014 - 11:44:26 |  | 1535] 	X:\20P07.lnk
[24/04/2014 - 11:44:26 |  | 1587] 	X:\R&D sur serveur-be (Serveur-be).lnk
[24/04/2014 - 11:44:26 |  | 1549] 	X:\organisation.lnk
[24/04/2014 - 11:44:26 |  | 1535] 	X:\04R02.lnk
[24/04/2014 - 11:44:27 |  | 1545] 	X:\Programmes.lnk
[14/04/2014 - 16:49:17 | D ] 	Y:\Membres BEST
[11/02/2014 - 12:21:10 | D ] 	Y:\21P04
[04/04/2014 - 14:15:01 | D ] 	Y:\snkb0pt
[20/02/2014 - 18:37:59 | A | 6312960] 	Y:\suivi journalier.xls
[03/04/2007 - 14:46:19 |  | 1723] 	Y:\eaglerc.usr
[20/10/2009 - 13:17:02 | A | 11520054] 	Y:\Came fantome.bmp
[14/10/2009 - 19:49:35 | A | 6436047] 	Y:\Analyse comparative - dossier - Annexes.pdf
[25/03/2014 - 10:29:55 | D ] 	Y:\Bibliotheque
[28/02/2014 - 10:22:31 | D ] 	Y:\44P08
[27/02/2014 - 18:28:06 | D ] 	Y:\44P13
[07/09/2012 - 11:54:03 | D ] 	Y:\R&D sur serveur-be (Serveur-be) (2)
[11/04/2013 - 15:24:12 | D ] 	Y:\Informatique
[18/10/2013 - 18:28:18 | D ] 	Y:\20P07
[07/09/2012 - 11:54:03 | D ] 	Y:\R&D sur serveur-be (Serveur-be)
[29/08/2013 - 13:30:30 | D ] 	Y:\organisation
[24/01/2014 - 11:11:05 | D ] 	Y:\04R02
[29/11/2013 - 16:04:03 | D ] 	Y:\Programmes
[24/04/2014 - 11:44:22 | A | 4228] 	Y:\autorun.inf
[24/04/2014 - 11:44:22 |  | 1527] 	Y:\..lnk
[24/04/2014 - 11:44:23 |  | 1529] 	Y:\...lnk
[24/04/2014 - 11:44:23 |  | 1549] 	Y:\Membres BEST.lnk
[24/04/2014 - 11:44:23 |  | 1535] 	Y:\21P04.lnk
[24/04/2014 - 11:44:24 |  | 1549] 	Y:\Bibliotheque.lnk
[24/04/2014 - 11:44:25 |  | 1535] 	Y:\44P08.lnk
[24/04/2014 - 11:44:25 |  | 1535] 	Y:\44P13.lnk
[24/04/2014 - 11:44:25 |  | 1595] 	Y:\R&D sur serveur-be (Serveur-be) (2).lnk
[24/04/2014 - 11:44:26 |  | 1549] 	Y:\Informatique.lnk
[24/04/2014 - 11:44:26 |  | 1535] 	Y:\20P07.lnk
[24/04/2014 - 11:44:26 |  | 1587] 	Y:\R&D sur serveur-be (Serveur-be).lnk
[24/04/2014 - 11:44:26 |  | 1549] 	Y:\organisation.lnk
[24/04/2014 - 11:44:26 |  | 1535] 	Y:\04R02.lnk
[24/04/2014 - 11:44:27 |  | 1545] 	Y:\Programmes.lnk
[17/02/2014 - 15:32:58 | D ] 	Z:\Etudes Composants
[20/12/2013 - 14:30:33 | D ] 	Z:\snkb0pt
[24/01/2014 - 10:41:43 | D ] 	Z:\Etudes Produits
[24/04/2014 - 11:44:10 | A | 1717] 	Z:\autorun.inf
[24/04/2014 - 11:44:13 | A | 1527] 	Z:\..lnk
[24/04/2014 - 11:44:14 | A | 1529] 	Z:\...lnk
[24/04/2014 - 11:44:14 | A | 1559] 	Z:\Etudes Composants.lnk
[24/04/2014 - 11:44:15 | A | 1555] 	Z:\Etudes Produits.lnk

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.net |