############################## | UsbFix V 7.163 | [Suppression] Utilisateur: CC (Administrateur) # CÉLINE Mis à jour le 02/02/2014 par El Desaparecido - Team SosVirus Lancé à 12:16:39 | 05/02/2014 Site Web : http://www.usbfix.net Changelog : http://www.usbfix.net/maj/ Support : http://www.sosvirus.net/ Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.usbfix.net/contact/ PC: NEC COMPUTERS INTERNATIONAL (NEC Versa Premium ) CPU: AMD Turion(tm) 64 Mobile Technology ML-30 RAM -> [Total : 959 Mo| Free : 475 Mo] Bios: Insyde Software Boot: Normal boot OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) Service Pack 3 WB: Windows Internet Explorer : 8.0.6001.18702 WB: Google Chrome : 32.0.1700.107 WB: Mozilla Firefox : 18.0.1 SC: Security Center [Enabled] WU: Windows Update [Enabled] FW: Windows FireWall [Enabled] AS: Malwarebytes' Anti-Malware : 1.75.0001 C:\ (%systemdrive%) -> Disque fixe # 71 Go (33 Go libre(s) - 47%) [HDD] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Disque amovible # 30 Go (26 Go libre(s) - 87%) [] # FAT32 ################## | Processus Actif | C:\WINDOWS\System32\smss.exe (ID: 696 |ParentID: 4) C:\WINDOWS\system32\winlogon.exe (ID: 768 |ParentID: 696) C:\WINDOWS\system32\services.exe (ID: 812 |ParentID: 768) C:\WINDOWS\system32\lsass.exe (ID: 824 |ParentID: 768) C:\WINDOWS\system32\svchost.exe (ID: 992 |ParentID: 812) C:\WINDOWS\System32\svchost.exe (ID: 1136 |ParentID: 812) C:\WINDOWS\system32\svchost.exe (ID: 1176 |ParentID: 812) C:\WINDOWS\Explorer.EXE (ID: 1636 |ParentID: 1576) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1728 |ParentID: 812) C:\WINDOWS\system32\spoolsv.exe (ID: 1924 |ParentID: 812) C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (ID: 1092 |ParentID: 812) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (ID: 1232 |ParentID: 812) C:\Program Files\Java\jre6\bin\jqs.exe (ID: 1376 |ParentID: 812) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 1320 |ParentID: 812) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 232 |ParentID: 812) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (ID: 248 |ParentID: 812) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 472 |ParentID: 232) C:\WINDOWS\system32\slserv.exe (ID: 500 |ParentID: 812) C:\WINDOWS\system32\svchost.exe (ID: 552 |ParentID: 812) C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe (ID: 580 |ParentID: 812) C:\WINDOWS\system32\wuauclt.exe (ID: 1548 |ParentID: 1136) C:\WINDOWS\system32\wbem\wmiapsrv.exe (ID: 2912 |ParentID: 812) C:\Program Files\Alwil Software\Avast5\setup\avast.setup (ID: 2276 |ParentID: 1728) C:\WINDOWS\System32\svchost.exe (ID: 324 |ParentID: 812) ################## | Regedit Run | 04 - HKCU\..\Run : [Documentation] wscript.exe //B "C:\DOCUME~1\CC\LOCALS~1\Temp\Documentation.vbs" 04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 04 - HKLM\..\Run : [VTTimer] VTTimer.exe 04 - HKLM\..\Run : [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui 04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" 04 - HKLM\..\Run : [] 04 - HKLM\..\Run : [Documentation] wscript.exe //B "C:\DOCUME~1\CC\LOCALS~1\Temp\Documentation.vbs" 04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : [] 04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : [] 04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE 04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE 04 - HKU\S-1-5-21-3369366591-1348367908-779629615-1006\..\Run : [Documentation] wscript.exe //B "C:\DOCUME~1\CC\LOCALS~1\Temp\Documentation.vbs" 04 - HKU\S-1-5-21-3369366591-1348367908-779629615-1006\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE ################## | Recherche générique | Supprimé! C:\Documents and Settings\CC\Menu Démarrer\Programmes\Démarrage\Documentation.vbs Supprimé! F:\Documentation.vbs Supprimé! C:\DOCUME~1\CC\LOCALS~1\Temp\Documentation.vbs Supprimé! F:\Ernest et Celestine Mkv HD 720p FRENCH AAC 5.lnk Supprimé! F:\System Volume Information.lnk Supprimé! F:\scrubs.lnk Supprimé! F:\.Trash-1000.lnk Supprimé! F:\Le.huitième.jour.1996.FRENCH.DVDRip.XviD.AC3-Love&Hate.lnk Supprimé! F:\Autorun.inf.lnk (!) Fichiers temporaires supprimés. ################## | Registre | Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1 Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5 Supprimé! HKU\S-1-5-21-3369366591-1348367908-779629615-1006\Software\Microsoft\Windows\CurrentVersion\Run|Documentation Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Documentation ################## | Listing | [25/01/2009 - 10:22:04 | DC] - C:\!KillBox [01/01/2008 - 19:59:36 | DC] - C:\$VAULT$.AVG [17/05/2012 - 08:38:31 | DC] - C:\10b2b84a50f583f98e [26/08/2009 - 08:01:21 | DC] - C:\151a6cb6f9895fa7621ba8ee7c86 [22/03/2012 - 00:27:25 | DC] - C:\3e3a74629727b265e4ec536f607d14 [16/05/2012 - 23:41:29 | DC] - C:\421d9dbc0bdfac3b0a0be0 [18/11/2006 - 00:15:34 | DC] - C:\4dbec11710d8890b0c53481eabd5 [08/12/2006 - 00:58:02 | DC] - C:\68ed557daa35f8e55e [26/04/2012 - 18:50:16 | DC] - C:\8509445f683a9ec47f5a36bab5d0 [04/02/2014 - 09:06:40 | DC] - C:\AdwCleaner [10/05/2007 - 11:31:02 | C | 80 Ko] - C:\agentreg.dll.vcd [06/07/2008 - 21:37:49 | DC] - C:\Anuman Interactive [24/04/2005 - 14:07:56 | DC] - C:\APPS [16/06/2009 - 11:33:42 | DC] - C:\audio [23/10/2007 - 15:05:56 | C | 44 Ko] - C:\bdch.dll.vcd [09/05/2007 - 10:22:00 | C | 428 Ko] - C:\bdguictl.dll.vcd [23/10/2007 - 15:05:48 | C | 188 Ko] - C:\bdsubmit.dll.vcd [23/10/2007 - 15:06:16 | C | 172 Ko] - C:\bdsubmit.exe.vcd [08/03/2007 - 18:00:42 | C | 60 Ko] - C:\bdutils.dll.vcd [24/04/2005 - 13:54:04 | C | 0 Ko] - C:\BOOT.BAK [10/04/2009 - 14:15:04 | RASHC | 0 Ko] - C:\BOOT.INI [05/08/2004 - 13:00:00 | C | 5 Ko] - C:\Bootfont.bin [30/12/2013 - 22:59:52 | DC] - C:\CanonMF [24/04/2005 - 13:58:26 | DC] - C:\cmdcons [05/08/2004 - 13:00:00 | N | 257 Ko] - C:\cmldr [04/02/2014 - 13:23:17 | DC] - C:\Config.Msi [07/10/2008 - 09:58:37 | C | 0 Ko] - C:\CreateMarkers.log [23/11/2013 - 23:58:33 | DC] - C:\da555b75db8671f987d870 [01/06/2012 - 15:37:54 | DC] - C:\Diskeeper [24/04/2005 - 14:00:41 | DC] - C:\DIVTOOLS [31/05/2012 - 08:30:55 | C | 9 Ko] - C:\DkBootTime.log [05/02/2014 - 12:16:15 | C | 0 Ko] - C:\DkHyperbootSync [13/11/2008 - 13:52:45 | DC] - C:\Documents and Settings [28/01/2009 - 15:33:02 | D] - C:\DRIVERS [24/04/2005 - 13:16:56 | C | 5 Ko | 67887E985716E3C9E1FDF854413BB7D9] - C:\DWNLOG.TXT [23/03/2007 - 17:50:14 | C | 6 Ko] - C:\getfile.dll.vcd [05/02/2014 - 12:14:16 | ASH | 982580 Ko] - C:\hiberfil.sys [14/03/2006 - 16:28:16 | C | 68 Ko] - C:\httpgetf.dll.vcd [20/09/2005 - 16:37:42 | C | 1 Ko] - C:\INSTALL.LOG [24/04/2005 - 13:58:29 | RASHC | 0 Ko] - C:\IO.SYS [06/09/2007 - 22:28:15 | C | 2 Ko] - C:\IPH.PH [26/11/2008 - 13:16:03 | C | 272 Ko] - C:\livesrv.exe.vcd [14/10/2005 - 13:13:39 | D] - C:\MEDIA68 [24/04/2005 - 13:58:29 | RASHC | 0 Ko] - C:\MSDOS.SYS [30/06/2005 - 22:58:03 | RHD] - C:\MSOCache [24/04/2005 - 14:00:11 | D] - C:\My Music [24/04/2005 - 14:08:22 | D] - C:\mysql [05/08/2004 - 13:00:00 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM [25/11/2008 - 16:38:09 | RASH | 246 Ko] - C:\ntldr [06/10/2009 - 09:43:42 | DC] - C:\Output Files [05/02/2014 - 12:14:14 | ASH | 917504 Ko] - C:\pagefile.sys [06/01/2011 - 23:31:52 | DC] - C:\pdfOCR [19/09/2010 - 23:03:16 | DC] - C:\PDFOCR_Output [24/04/2005 - 13:16:30 | D] - C:\PNP [31/01/2007 - 15:07:52 | C | 80 Ko] - C:\procinf.dll.vcd [04/02/2014 - 11:44:12 | D] - C:\Program Files [17/07/2008 - 15:16:15 | D] - C:\Psfonts [13/11/2008 - 13:55:50 | SHD] - C:\RECYCLER [23/12/2004 - 10:25:44 | C | 0 Ko | A5A45B9FFD2216FF9F762B1E979A8833] - C:\SAUDIT.TXT [14/11/2008 - 11:02:46 | C | 0 Ko] - C:\sqmdata00.sqm [14/11/2008 - 14:36:48 | C | 0 Ko] - C:\sqmdata01.sqm [14/11/2008 - 14:41:19 | C | 0 Ko] - C:\sqmdata02.sqm [15/11/2008 - 11:27:06 | C | 0 Ko] - C:\sqmdata03.sqm [15/11/2008 - 11:38:09 | C | 0 Ko] - C:\sqmdata04.sqm [06/10/2008 - 15:41:06 | C | 0 Ko] - C:\sqmdata05.sqm [07/10/2008 - 09:59:47 | C | 0 Ko] - C:\sqmdata06.sqm [16/10/2008 - 14:11:11 | C | 0 Ko] - C:\sqmdata07.sqm [23/10/2008 - 20:58:31 | C | 0 Ko] - C:\sqmdata08.sqm [24/10/2008 - 01:03:08 | C | 0 Ko] - C:\sqmdata09.sqm [25/10/2008 - 01:43:49 | C | 0 Ko] - C:\sqmdata10.sqm [26/10/2008 - 13:15:47 | C | 0 Ko] - C:\sqmdata11.sqm [26/10/2008 - 22:57:12 | C | 0 Ko] - C:\sqmdata12.sqm [29/10/2008 - 12:47:59 | C | 0 Ko] - C:\sqmdata13.sqm [01/11/2008 - 11:29:54 | C | 0 Ko] - C:\sqmdata14.sqm [03/11/2008 - 20:45:13 | C | 0 Ko] - C:\sqmdata15.sqm [04/11/2008 - 15:11:58 | C | 0 Ko] - C:\sqmdata16.sqm [05/11/2008 - 23:59:54 | C | 0 Ko] - C:\sqmdata17.sqm [06/11/2008 - 13:28:57 | C | 0 Ko] - C:\sqmdata18.sqm [08/11/2008 - 14:16:29 | C | 0 Ko] - C:\sqmdata19.sqm [14/11/2008 - 11:02:46 | C | 0 Ko] - C:\sqmnoopt00.sqm [14/11/2008 - 14:36:48 | C | 0 Ko] - C:\sqmnoopt01.sqm [14/11/2008 - 14:41:19 | C | 0 Ko] - C:\sqmnoopt02.sqm [15/11/2008 - 11:27:06 | C | 0 Ko] - C:\sqmnoopt03.sqm [15/11/2008 - 11:38:08 | C | 0 Ko] - C:\sqmnoopt04.sqm [06/10/2008 - 15:41:06 | C | 0 Ko] - C:\sqmnoopt05.sqm [07/10/2008 - 09:59:47 | C | 0 Ko] - C:\sqmnoopt06.sqm [16/10/2008 - 14:11:11 | C | 0 Ko] - C:\sqmnoopt07.sqm [23/10/2008 - 20:58:31 | C | 0 Ko] - C:\sqmnoopt08.sqm [24/10/2008 - 01:03:08 | C | 0 Ko] - C:\sqmnoopt09.sqm [25/10/2008 - 01:43:49 | C | 0 Ko] - C:\sqmnoopt10.sqm [26/10/2008 - 13:15:47 | C | 0 Ko] - C:\sqmnoopt11.sqm [26/10/2008 - 22:57:12 | C | 0 Ko] - C:\sqmnoopt12.sqm [29/10/2008 - 12:47:59 | C | 0 Ko] - C:\sqmnoopt13.sqm [01/11/2008 - 11:29:54 | C | 0 Ko] - C:\sqmnoopt14.sqm [03/11/2008 - 20:45:13 | C | 0 Ko] - C:\sqmnoopt15.sqm [04/11/2008 - 15:11:58 | C | 0 Ko] - C:\sqmnoopt16.sqm [05/11/2008 - 23:59:54 | C | 0 Ko] - C:\sqmnoopt17.sqm [06/11/2008 - 13:28:57 | C | 0 Ko] - C:\sqmnoopt18.sqm [08/11/2008 - 14:16:29 | C | 0 Ko] - C:\sqmnoopt19.sqm [28/06/2005 - 14:26:22 | SHD] - C:\System Volume Information [20/12/2010 - 21:48:10 | D] - C:\temp [08/02/2007 - 17:07:04 | C | 108 Ko] - C:\txmlx.dll.vcd [08/02/2007 - 17:14:26 | C | 40 Ko] - C:\txtools.dll.vcd [24/05/2001 - 11:59:30 | C | 159 Ko | 3A938ED2427DF10E571041069E6980CB] - C:\UNWISE.EXE [23/03/2007 - 17:14:10 | C | 172 Ko] - C:\upgrepl.exe.vcd [05/02/2014 - 10:18:27 | DC] - C:\UsbFix [03/02/2014 - 22:13:59 | C | 13 Ko | F44DECFC588B91F19960D211AC457342] - C:\UsbFix [Clean 2] CÉLINE.txt [05/02/2014 - 12:59:14 | AC | 11 Ko | 04EEE1B698C35AAE0FAEE9AB1D310658] - C:\UsbFix [Clean 4] CÉLINE.txt [03/02/2014 - 20:29:41 | C | 7 Ko | D62A8F4BF868184987E08E985764C375] - C:\UsbFix [Scan 1] CÉLINE.txt [05/02/2014 - 11:18:51 | C | 5 Ko | 16D8B3B9696B8E9403604958E9E26789] - C:\UsbFix [Scan 2] CÉLINE.txt [04/02/2014 - 10:06:21 | D] - C:\WINDOWS [15/08/2007 - 14:26:00 | C | 92 Ko] - C:\wslib.dll.vcd [26/11/2008 - 13:16:02 | C | 56 Ko] - C:\wspack.dll.vcd [23/10/2007 - 11:22:24 | C | 192 Ko] - C:\zlib.dll.vcd [20/09/2010 - 00:25:15 | C | 1 Ko | A850EA3DD1F137BA335E16B3D1170077] - C:\_Sid.txt [31/01/2014 - 18:22:02 | SHD] - F:\System Volume Information [31/01/2014 - 22:42:34 | D] - F:\scrubs [31/01/2014 - 22:42:28 | SHD] - F:\.Trash-1000 [02/02/2014 - 20:24:20 | D] - F:\Le.huitième.jour.1996.FRENCH.DVDRip.XviD.AC3-Love&Hate [02/02/2014 - 20:31:22 | N | 1443043 Ko] - F:\Ernest et Celestine Mkv HD 720p FRENCH AAC 5.1 1280X720 Sprlove.mkv ################## | Vaccin | F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |