############################## | UsbFix V 7.126 | [Suppression]

Utilisateur: Benou (Administrateur) # PC-DE-BENOU
Mis à jour le 13/05/2013 par El Desaparecido
Lancé à 09:25:22 | 14/05/2013

Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Acer       (Aspire 5720Z    ) (X86-based PC)
CPU: Intel(R) Pentium(R) Dual  CPU  T2330  @ 1.60GHz (1600)
RAM -> [Total : 3069 | Free : 1732]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 70 Go (15 Go libre(s) - 22%) [ACER] # NTFS
D:\ -> Disque fixe # 70 Go (49 Go libre(s) - 70%) [DATA] # NTFS
E:\ -> CD-ROM

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe
HKLM\SOFTWARE | Run : [PLFSetL] - C:\Windows\PLFSetL.exe
HKLM\SOFTWARE | Run : [Skytel] - Skytel.exe
HKLM\SOFTWARE | Run : [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-600782241-3412829682-227677714-1000\SOFTWARE | Run : [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-21-600782241-3412829682-227677714-1000\SOFTWARE | Run : [ehTray.exe] - C:\Windows\ehome\ehTray.exe

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\SLsvc.exe (1276)
Stoppé! C:\Windows\System32\spoolsv.exe (1784)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\sched.exe (1816)
Stoppé! C:\Windows\system32\taskeng.exe (1824)
Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1504)
Stoppé! C:\Acer\ALaunch\ALaunchSvc.exe (948)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1840)
Stoppé! C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (1648)
Stoppé! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (892)
Stoppé! C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2216)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2384)
Stoppé! C:\Windows\system32\SearchIndexer.exe (2472)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2556)
Stoppé! C:\Windows\system32\DRIVERS\xaudio.exe (2600)
Stoppé! C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (2632)
Stoppé! C:\Windows\system32\taskeng.exe (3496)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (3724)
Stoppé! C:\Windows\System32\alg.exe (3980)
Stoppé! C:\Windows\RtHDVCpl.exe (2704)
Stoppé! C:\Windows\System32\mobsync.exe (4044)
Stoppé! C:\Windows\System32\rundll32.exe (4072)
Stoppé! C:\Windows\System32\rundll32.exe (1228)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (2820)
Stoppé! C:\Windows\ehome\ehtray.exe (3244)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (3452)
Stoppé! C:\Program Files\Windows Media Player\wmpnscfg.exe (3624)
Stoppé! C:\Windows\ehome\ehmsas.exe (2412)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (3672)
Stoppé! C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (1392)
Stoppé! C:\Windows\system32\SearchFilterHost.exe (5136)
Stoppé! C:\Windows\servicing\TrustedInstaller.exe (5472)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\update.exe (5884)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\updrgui.exe (4104)
Stoppé! C:\Windows\system32\DllHost.exe (4124)
Stoppé! C:\Windows\system32\DllHost.exe (5632)
Stoppé! C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (4480)

################## | Éléments infectieux |


(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKLM\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\F
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{13dca80f-6a92-11e0-a4d9-99ec1127a203}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{177e2a57-044b-11de-a377-e7f799ef23a1}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3697ad18-f9e8-11de-8aad-ead006936589}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{4f3f3768-c9c2-11dd-9a79-e11dcf77f4a0}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{772baffd-708c-11df-b50c-9d3423019681}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{b06e11b5-f86a-11dd-bb27-d07d2115a281}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{ef7a3573-623f-11dd-8d42-001b386b4cab}

################## | Listing |

[04/08/2008 - 18:32:45 | SHDC ] 	C:\$RECYCLE.BIN
[10/08/2007 - 09:34:33 | C | 3380] 	C:\-20070810.log
[07/09/2011 - 22:39:04 | C | 3919] 	C:\-20110907.log
[13/05/2013 - 21:47:44 | DC ] 	C:\Acer
[18/09/2006 - 23:43:36 | C | 24] 	C:\autoexec.bat
[10/08/2007 - 16:40:27 | D ] 	C:\Book
[25/11/2009 - 01:50:14 | SHD ] 	C:\Boot
[11/04/2009 - 08:36:36 | RASH | 333257] 	C:\bootmgr
[10/08/2007 - 16:43:42 | C | 8192] 	C:\BOOTSECT.BAK
[14/05/2013 - 00:43:02 | DC ] 	C:\Config.Msi
[18/09/2006 - 23:43:37 | C | 10] 	C:\config.sys
[02/11/2006 - 15:02:03 | SHD ] 	C:\Documents and Settings
[29/11/2007 - 01:06:12 | D ] 	C:\DRV
[10/08/2007 - 08:25:09 | D ] 	C:\Intel
[13/05/2013 - 21:43:36 | C | 91] 	C:\MCEDS.log
[13/05/2013 - 21:40:57 | C | 91] 	C:\MDisc.log
[13/05/2013 - 21:42:09 | C | 91] 	C:\MDR.log
[08/03/2010 - 11:31:47 | D ] 	C:\MyWorks
[29/02/2004 - 17:44:34 | C | 52576] 	C:\orange.bmp
[14/05/2013 - 09:16:18 | ASH | 3532988416] 	C:\pagefile.sys
[23/12/2008 - 00:49:03 | D ] 	C:\PerfLogs
[13/05/2013 - 21:43:08 | C | 91] 	C:\PMovie.log
[13/05/2013 - 21:42:44 | C | 437] 	C:\PowerDV.log
[14/05/2013 - 00:21:07 | D ] 	C:\Program Files
[14/05/2013 - 00:21:07 | HD ] 	C:\ProgramData
[10/08/2007 - 08:32:22 | C | 420] 	C:\RHDSetup.log
[13/05/2013 - 21:43:27 | C | 90] 	C:\SDMA.log
[10/08/2007 - 09:19:04 | C | 178] 	C:\setup.log
[13/05/2013 - 23:57:54 | SHD ] 	C:\System Volume Information
[14/05/2013 - 09:32:27 | DC ] 	C:\UsbFix
[14/05/2013 - 09:32:48 | AC | 6786] 	C:\UsbFix [Clean 1] PC-DE-BENOU.txt
[07/12/2011 - 00:13:00 | D ] 	C:\Users
[04/08/2008 - 18:32:21 | C | 1148758] 	C:\vcredist_x86.log
[14/05/2013 - 09:23:06 | D ] 	C:\Windows
[14/05/2013 - 00:21:21 | DC ] 	C:\ZHP
[04/08/2008 - 18:32:45 | SHD ] 	D:\$RECYCLE.BIN
[17/06/2011 - 18:27:10 | D ] 	D:\6c3502bf547f70c4a410d7fcbd
[08/08/2011 - 20:34:44 | N | 733747200] 	D:\bon à tirer.avi
[22/04/2012 - 15:23:25 | N | 733542164] 	D:\Case.Depart.2011.FRENCH.BRRiP.XviD-ANONYM.avi
[28/08/2011 - 16:32:10 | N | 728760320] 	D:\dracula.avi
[28/11/2007 - 15:29:36 | D ] 	D:\erData
[08/08/2011 - 22:47:48 | N | 1467643630] 	D:\fast and furious 5 rio heist 2011 french ts.avi
[13/05/2013 - 21:16:01 | N | 0] 	D:\FirexFoxXPCOMLogging.txt
[20/04/2012 - 22:42:15 | N | 735758336] 	D:\hollywoo 2011 french bdrip xvid.avi
[15/02/2012 - 23:04:01 | N | 737055596] 	D:\identité secrete 2011 french dvdrip repack 1cd xvid-hyper by phoenix [emule-island ru].avi
[20/04/2012 - 22:03:00 | N | 734263296] 	D:\le chat potte french dvdrip 2011.avi
[20/04/2012 - 20:25:35 | N | 731754496] 	D:\le chat potté 2011 dvdrip french.avi
[20/04/2012 - 22:25:06 | N | 728201064] 	D:\le chat potté(2).avi
[22/05/2011 - 21:27:04 | D ] 	D:\les chevaliers du fiel
[22/04/2012 - 15:23:35 | N | 734558208] 	D:\Marmaduke.avi
[20/04/2012 - 23:36:14 | N | 744125478] 	D:\polisse 2011 french dvdrip repack 1cd xvid.avi
[26/02/2012 - 00:17:21 | N | 740325228] 	D:\polisse 2011 french dvdscr xvid.avi
[20/04/2012 - 23:37:43 | N | 735105892] 	D:\polisse 2011 french subforced brrip xvid by cervolix [emule-island ru].avi
[09/03/2011 - 20:23:40 | D ] 	D:\Program Files
[31/12/2011 - 19:49:38 | N | 733861888] 	D:\RedLine.avi
[20/04/2012 - 22:58:01 | N | 728861044] 	D:\space battleship 2011 french dvdrip repack 1cd xvid.avi
[28/11/2007 - 15:16:45 | SHD ] 	D:\System Volume Information
[02/01/2012 - 13:44:06 | N | 733394944] 	D:\The.Hangover.FRENCH.DVDRiP.XviD-SURViVAL-wWw.Extreme-Down.Com.avi
[02/01/2012 - 16:23:57 | N | 735168512] 	D:\tnm-takers-xvid.avi
[07/01/2012 - 16:36:56 | N | 732000256] 	D:\Transformers.avi
[07/01/2012 - 21:06:27 | N | 1064865792] 	D:\Transformers.Dark.Of.The.Moon.2011.FRENCH.BDRiP.XviD-LEGiON.avi
[07/01/2012 - 17:57:55 | N | 736174060] 	D:\Transformers.Revenge.of.the.Fallen.FRENCH.REPACK.1CD.BDRip.XviD-GKS.avi

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.org |