############################## | UsbFix V 7.121 | [Suppression] Utilisateur: Géraud (Administrateur) # DETERSON Mis à jour le 07/04/2013 par El Desaparecido Lancé à 22:09:35 | 14/04/2013 Site Web: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: Dell Inc. (Latitude D820 ) (X86-based PC) CPU: Genuine Intel(R) CPU T2400 @ 1.83GHz (1828) RAM -> [Total : 2046 | Free : 1095] BIOS: Phoenix ROM BIOS PLUS Version 1.10 A06 BOOT: Normal boot OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 466 Go (355 Go libre(s) - 76%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> CD-ROM G:\ -> Disque amovible # 4 Go (3 Go libre(s) - 73%) [EASY KEY] # FAT32 ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\SOFTWARE | Run : [IntelZeroConfig] - "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" HKLM\SOFTWARE | Run : [IntelWireless] - "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [DellTouch] - C:\WINDOWS\MMKeybd.exe HKLM\SOFTWARE | Run : [Apoint] - C:\Program Files\DellTPad\Apoint.exe HKLM\SOFTWARE | Run : [SigmatelSysTrayApp] - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /installquiet HKLM\SOFTWARE | Run : [NVHotkey] - rundll32.exe nvHotkey.dll,Start HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" HKLM\SOFTWARE | Run : [BootSkin Startup Jobs] - "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-21-1757981266-329068152-1606980848-1003\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-1757981266-329068152-1606980848-1003\SOFTWARE | Run : [Gadwin PrintScreen] - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash HKU\S-1-5-21-1757981266-329068152-1606980848-1003\SOFTWARE | Run : [GoogleChromeAutoLaunch_E1AB64F4BED446AD887BD7CAAB5C76D5] - "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE ################## | Processus Stoppés | Stoppé! C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1536) Stoppé! C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (1596) Stoppé! C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (1620) Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (2016) Stoppé! C:\WINDOWS\Explorer.EXE (440) Stoppé! C:\WINDOWS\system32\spoolsv.exe (1232) Stoppé! C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (1348) Stoppé! C:\WINDOWS\system32\rundll32.exe (1956) Stoppé! C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (1964) Stoppé! C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (1972) Stoppé! C:\Program Files\AVAST Software\Avast\avastUI.exe (1980) Stoppé! C:\Program Files\DellTPad\Apoint.exe (2040) Stoppé! C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (1780) Stoppé! C:\WINDOWS\system32\rundll32.exe (192) Stoppé! C:\WINDOWS\system32\RUNDLL32.EXE (212) Stoppé! C:\Program Files\iTunes\iTunesHelper.exe (256) Stoppé! C:\Program Files\DellTPad\ApMsgFwd.exe (308) Stoppé! C:\Program Files\DellTPad\HidFind.exe (460) Stoppé! C:\Program Files\DellTPad\Apntex.exe (548) Stoppé! C:\WINDOWS\Nhksrv.exe (560) Stoppé! C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (940) Stoppé! C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (1672) Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1728) Stoppé! C:\WINDOWS\system32\libusbd-nt.exe (2768) Stoppé! C:\WINDOWS\system32\nvsvc32.exe (2924) Stoppé! c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe (3384) Stoppé! C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3408) Stoppé! C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (3684) Stoppé! C:\Program Files\iPod\bin\iPodService.exe (3556) Stoppé! C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe (2756) Stoppé! C:\WINDOWS\system32\taskmgr.exe (2104) ################## | Éléments infectieux | (!) Fichiers temporaires supprimés. ################## | Registre | Supprimé! HKLM\software\microsoft\shared tools\msconfig\startupreg\ ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\D ################## | Listing | [30/12/2011 - 21:49:16 | N | 112] C:\224CC312826A [29/12/2012 - 19:15:24 | D ] C:\640fdd75fefd1b5f71dda43c57 [30/12/2011 - 21:49:16 | N | 40] C:\726DD17F1AAF [28/12/2012 - 15:53:13 | N | 0] C:\AUTOEXEC.BAT [02/01/2013 - 16:10:11 | N | 0] C:\AutomapClients.ini [14/04/2013 - 22:09:04 | RASHD ] C:\Autorun.inf [13/04/2013 - 17:12:36 | N | 212] C:\boot.ini [14/04/2008 - 14:00:00 | N | 4952] C:\Bootfont.bin [28/12/2012 - 15:53:13 | N | 0] C:\CONFIG.SYS [28/12/2012 - 23:42:07 | D ] C:\dell [26/01/2013 - 17:27:55 | D ] C:\Dell Management Packs [28/12/2012 - 16:03:32 | D ] C:\Documents and Settings [06/04/2013 - 22:33:15 | D ] C:\FFOutput [26/01/2013 - 15:39:41 | D ] C:\Games [29/12/2012 - 15:52:46 | D ] C:\Intel [28/12/2012 - 15:53:13 | N | 0] C:\IO.SYS [14/04/2013 - 22:04:19 | N | 21500] C:\JavaRa.log [24/11/2012 - 11:57:40 | N | 107] C:\main.c [28/12/2012 - 15:53:13 | N | 0] C:\MSDOS.SYS [14/04/2008 - 14:00:00 | N | 47564] C:\NTDETECT.COM [14/04/2008 - 14:00:00 | N | 252240] C:\ntldr [14/04/2013 - 21:11:45 | ASH | 2145386496] C:\pagefile.sys [14/04/2013 - 20:39:47 | D ] C:\Program Files [28/12/2012 - 23:30:51 | SHD ] C:\RECYCLER [29/12/2012 - 14:17:44 | D ] C:\SWSetup [28/12/2012 - 15:58:12 | SHD ] C:\System Volume Information [29/03/2013 - 00:38:09 | D ] C:\temp [14/04/2013 - 22:15:25 | D ] C:\UsbFix [14/04/2013 - 22:15:47 | A | 6902] C:\UsbFix [Clean 1] DETERSON.txt [13/04/2013 - 15:56:32 | D ] C:\WINDOWS [14/04/2013 - 11:39:10 | D ] C:\ZHP [14/01/2013 - 22:48:52 | D ] G:\Dubstep Drum Kit [14/01/2013 - 22:48:12 | D ] G:\ELECTRO and DUBSTEP [14/01/2013 - 22:46:56 | D ] G:\FL Studio 10 Final Up By Oli-Ploop [14/01/2013 - 22:40:10 | D ] G:\photoshop cs6 [24/07/2012 - 18:18:18 | N | 26] G:\clé wifi.txt [30/12/2012 - 12:18:22 | N | 3773504] G:\vpsetup_v2.30.exe [11/01/2013 - 00:23:50 | N | 107223780] G:\orchestral.flp [29/12/2012 - 23:05:32 | N | 5179191] G:\Crack DriverScanner2013 by Gerus Magnus.rar [14/02/2013 - 21:53:24 | N | 349399] G:\Sans nom 1.odt [17/02/2013 - 22:54:32 | N | 5304271] G:\I LIKE TRAINS (asdfmovie song).mp3 [03/02/2013 - 08:20:14 | N | 14784823] G:\Pablo Casals lol.odt [24/02/2013 - 17:48:46 | D ] G:\Game_Maker_8.0_Pro_Cracked_Tutorials(masoodalam51) [21/03/2013 - 20:44:12 | N | 3941006] G:\Tacata.mp3 [08/04/2013 - 20:19:10 | N | 1326447] G:\img_2645.jpg [19/03/2013 - 21:39:50 | D ] G:\Prison Architect (Alpha 5) [27/03/2013 - 08:05:42 | D ] G:\Black Mesa Security [11/02/2013 - 23:53:32 | N | 104833532] G:\SB.Cyclop.101.R2R.PC.rar [14/04/2013 - 22:09:10 | RASHD ] G:\Autorun.inf [04/04/2013 - 22:48:14 | N | 13836] G:\LA BIODIVERSITE EN DANGER.docx [14/01/2013 - 22:49:00 | D ] G:\autobiographie lol ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.org |