############################## | UsbFix V 7.168 | [Suppression]

Utilisateur: Mharina (Administrateur) # PC-MARINA
Mis à jour le 28/03/2014 par El Desaparecido - Team SosVirus
Lancé à 22:08:01 | 28/03/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: SAMSUNG ELECTRONICS CO., LTD. (NPN100SZ-E02SN)
CPU: Intel(R) Atom(TM) CPU N2100   @ 1.60GHz
RAM -> [Total : 2036 Mo| Free : 748 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 27.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Webroot SecureAnywhere [Enabled | Updated]
AS: Webroot SecureAnywhere [Enabled | Updated]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001

C:\ (%systemdrive%) -> Disque fixe # 155 Go (67 Go libre(s) - 44%) [Disque local] # NTFS
D:\ -> Disque fixe # 144 Go (71 Go libre(s) - 50%) [Disque local] # NTFS
G:\ -> Disque amovible # 7 Go (2 Go libre(s) - 26%) [] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 656 |ParentID: 544)
C:\Windows\system32\wininit.exe (ID: 720 |ParentID: 544)
C:\Windows\system32\csrss.exe (ID: 728 |ParentID: 712)
C:\Windows\system32\services.exe (ID: 776 |ParentID: 720)
C:\Windows\system32\lsass.exe (ID: 792 |ParentID: 720)
C:\Windows\system32\lsm.exe (ID: 800 |ParentID: 720)
C:\Windows\system32\winlogon.exe (ID: 856 |ParentID: 712)
C:\Windows\system32\svchost.exe (ID: 952 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 1064 |ParentID: 776)
C:\Windows\System32\svchost.exe (ID: 1160 |ParentID: 776)
C:\Windows\System32\svchost.exe (ID: 1304 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 1408 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 1484 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 1580 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 1760 |ParentID: 776)
C:\Windows\System32\spoolsv.exe (ID: 1936 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 2036 |ParentID: 776)
C:\Windows\system32\taskhost.exe (ID: 1832 |ParentID: 776)
C:\Windows\system32\Dwm.exe (ID: 672 |ParentID: 1304)
C:\Windows\Explorer.EXE (ID: 940 |ParentID: 2008)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1608 |ParentID: 776)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (ID: 2092 |ParentID: 776)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (ID: 2176 |ParentID: 776)
C:\Program Files\Connectify\ConnectifyService.exe (ID: 2252 |ParentID: 776)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 2348 |ParentID: 776)
C:\Program Files\Connectify\ConnectifyD.exe (ID: 2376 |ParentID: 2252)
C:\Windows\system32\conhost.exe (ID: 2408 |ParentID: 656)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 2504 |ParentID: 776)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 2704 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 2764 |ParentID: 776)
C:\Windows\system32\svchost.exe (ID: 3404 |ParentID: 776)
C:\Windows\system32\taskeng.exe (ID: 3824 |ParentID: 1484)
C:\Program Files\Samsung\Easy Software Manager\SWMAgent.exe (ID: 3928 |ParentID: 3824)
C:\Windows\system32\svchost.exe (ID: 1036 |ParentID: 776)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 2696 |ParentID: 940)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 2636 |ParentID: 940)
C:\Program Files\SuperCopier2\SuperCopier2.exe (ID: 2796 |ParentID: 940)
C:\Users\Mharina\AppData\Roaming\uTorrent\uTorrent.exe (ID: 3052 |ParentID: 940)
C:\Program Files\Connectify\Connectify.exe (ID: 3388 |ParentID: 940)
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (ID: 3536 |ParentID: 940)
C:\Windows\System32\wscript.exe (ID: 3856 |ParentID: 940)
C:\Windows\system32\RunDll32.exe (ID: 3452 |ParentID: 940)
C:\Program Files\Samsung\Easy Settings\SmartSetting.exe (ID: 3568 |ParentID: 3824)
C:\Program Files\Samsung\Easy Settings\dmhkcore.exe (ID: 3696 |ParentID: 3824)
C:\Program Files\Samsung\Easy Settings\EasySpeedUpManager.exe (ID: 3700 |ParentID: 3824)
C:\Program Files\Samsung\Easy Settings\MovieColorEnhancer.exe (ID: 3924 |ParentID: 3824)
C:\Windows\system32\svchost.exe (ID: 2424 |ParentID: 776)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4172 |ParentID: 952)
C:\Windows\system32\wbem\unsecapp.exe (ID: 4192 |ParentID: 952)
C:\Windows\System32\WUDFHost.exe (ID: 4268 |ParentID: 1304)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4628 |ParentID: 952)
C:\Windows\system32\SearchIndexer.exe (ID: 4816 |ParentID: 776)
C:\Windows\system32\igfxext.exe (ID: 5868 |ParentID: 952)
C:\Windows\system32\igfxsrvc.exe (ID: 6028 |ParentID: 952)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 496 |ParentID: 776)
C:\Windows\System32\svchost.exe (ID: 4304 |ParentID: 776)
C:\Windows\explorer.exe (ID: 5336 |ParentID: 952)
C:\Windows\system32\hkcmd.exe (ID: 4744 |ParentID: 3980)
C:\Windows\system32\igfxtray.exe (ID: 3436 |ParentID: 3980)
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ID: 4592 |ParentID: 3980)
C:\Windows\system32\igfxpers.exe (ID: 5408 |ParentID: 3980)
C:\Program Files\PowerISO\PWRISOVM.EXE (ID: 5504 |ParentID: 3980)
C:\Program Files\Unlocker\UnlockerAssistant.exe (ID: 5796 |ParentID: 3980)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 3080 |ParentID: 940)
C:\Program Files\Samsung\Easy Support Center\SSCKbdHk.exe (ID: 3772 |ParentID: 3824)
C:\Windows\system32\wbem\unsecapp.exe (ID: 3792 |ParentID: 952)
C:\Program Files\Webroot\WRSA.exe (ID: 2228 |ParentID: 776)
C:\Program Files\Webroot\WRSA.exe (ID: 6140 |ParentID: 2228)
C:\Windows\system32\taskhost.exe (ID: 8140 |ParentID: 776)
c:\program files\windows defender\MpCmdRun.exe (ID: 6428 |ParentID: 5148)
C:\Windows\system32\SearchProtocolHost.exe (ID: 4928 |ParentID: 4816)
C:\Windows\system32\SearchFilterHost.exe (ID: 7384 |ParentID: 4816)
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe (ID: 6820 |ParentID: 3536)

################## | Recherche générique |

Supprimé! C:\Users\Mharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ty9f3fcN.vbs
Supprimé! G:\Ty9f3fcN.vbs
Supprimé! C:\Users\Mharina\AppData\Local\Temp\Ty9f3fcN.vbs
Supprimé! G:\_DS_MENU.lnk
Supprimé! G:\System Volume Information.lnk
Supprimé! G:\jeux.lnk
Supprimé! G:\jeux ds.lnk
Supprimé! G:\moonshl2.lnk
Supprimé! G:\SYSTEM.lnk
Supprimé! G:\__rpg.lnk
Supprimé! G:\NDSMAIL.lnk
Supprimé! G:\Autorun.inf.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-412980218-2968603115-2452248691-1000\Software\Microsoft\Windows\CurrentVersion\Run|Ty9f3fcN
Supprimé! [x64] HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Ty9f3fcN

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
04 - HKCU\..\Run : [uTorrent] "C:\Users\Mharina\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
04 - HKCU\..\Run : [Connectify] C:\Program Files\Connectify\Connectify.exe
04 - HKCU\..\Run : [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19J4141B05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\..\Run : [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\RunOnce : [] 
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-412980218-2968603115-2452248691-1000\..\Run : [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
04 - HKU\S-1-5-21-412980218-2968603115-2452248691-1000\..\Run : [uTorrent] "C:\Users\Mharina\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
04 - HKU\S-1-5-21-412980218-2968603115-2452248691-1000\..\Run : [Connectify] C:\Program Files\Connectify\Connectify.exe
04 - HKU\S-1-5-21-412980218-2968603115-2452248691-1000\..\Run : [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19J4141B05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
04 - HKU\S-1-5-21-412980218-2968603115-2452248691-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Listing |

[28/03/2014 - 20:11:41 | SHD] - C:\$Recycle.Bin
[03/08/2013 - 17:43:39 | D] - C:\AeriaGames
[10/06/2009 - 21:42:20 | A | 0 Ko] - C:\autoexec.bat
[24/09/2013 - 14:53:43 | D] - C:\b86ad013dccfd6a410
[28/03/2014 - 19:34:15 | SHD] - C:\Boot
[20/09/2012 - 06:27:51 | RASH | 389 Ko] - C:\bootmgr
[02/06/2012 - 14:30:55 | N | 0 Ko] - C:\BOOTNXT
[22/09/2013 - 12:39:58 | RAS | 8 Ko] - C:\BOOTSECT.BAK
[10/06/2009 - 21:42:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 04:53:55 | SHD] - C:\Documents and Settings
[17/02/2014 - 12:16:22 | D] - C:\found.000
[28/03/2014 - 21:13:24 | ASH | 1563756 Ko] - C:\hiberfil.sys
[14/12/2012 - 02:22:15 | D] - C:\IDE
[28/03/2014 - 20:11:42 | D] - C:\Intel
[25/02/2014 - 23:00:59 | RASH | 0 Ko] - C:\IO.SYS
[25/02/2014 - 23:00:59 | RASH | 0 Ko] - C:\MSDOS.SYS
[04/04/2013 - 19:16:35 | RHD] - C:\MSOCache
[12/03/2014 - 11:19:31 | D] - C:\OutputFolder
[28/03/2014 - 21:13:28 | ASH | 2085012 Ko] - C:\pagefile.sys
[14/07/2009 - 02:37:05 | D] - C:\PerfLogs
[07/12/2012 - 22:36:56 | D] - C:\PlayCamera
[28/03/2014 - 21:52:36 | D] - C:\Program Files
[31/03/2013 - 21:39:00 | D] - C:\Program FilesAIMP3
[28/03/2014 - 20:11:43 | HD] - C:\ProgramData
[22/09/2013 - 14:54:54 | SD] - C:\Recovery
[22/09/2013 - 15:50:24 | N | 2 Ko] - C:\RHDSetup.log
[22/09/2013 - 16:04:38 | N | 0 Ko] - C:\Setup.log
[22/09/2013 - 11:06:48 | N | 262144 Ko] - C:\swapfile.sys
[22/09/2013 - 17:27:12 |  | 276 Ko] - C:\SWPGB
[28/03/2014 - 21:16:03 | SD] - C:\System Volume Information
[28/03/2014 - 22:07:52 | D] - C:\UsbFix
[28/03/2014 - 22:14:45 | A | 11 Ko | 62DE268D7542CF9AEA1FC5327EDCAB4B] - C:\UsbFix [Clean 1] PC-MARINA.txt
[28/03/2014 - 20:20:00 | N | 17 Ko | E24A1AF06DEFA20472EB42BF8ADD66BA] - C:\UsbFix [Clean 2] PC-MARINA.txt
[28/03/2014 - 20:00:14 | N | 13 Ko | EA65E43BC9FDAD7807801196E5E8C2A6] - C:\UsbFix [Scan 1] PC-MARINA.txt
[28/03/2014 - 20:11:58 | D] - C:\Users
[22/09/2013 - 17:27:14 |  | 0 Ko] - C:\win7.ld
[28/03/2014 - 20:12:35 | D] - C:\Windows
[08/04/2013 - 15:44:46 | D] - C:\Windows Activation Technologies
[09/06/2004 - 19:03:52 | N | 3 Ko | DDA46D53D9EA8D755A68C9DC075D5B31] - C:\winrar.txt
[22/09/2013 - 14:55:25 | SD] - D:\$RECYCLE.BIN
[04/03/2014 - 01:19:07 | D] - D:\acmapedit08
[05/03/2014 - 14:34:04 | N | 256 Ko] - D:\Animal Crossing - Wild World.nds.sav
[03/03/2014 - 00:46:04 | N | 32354 Ko] - D:\animal.nds
[14/08/2013 - 09:20:57 | D] - D:\Ark
[17/11/2013 - 22:57:37 | D] - D:\carte mem 2
[18/02/2011 - 16:43:56 | N | 90 Ko | 3066955D7482C35FEE8D9D07E34E6D0D] - D:\Dicastia-Patch.exe
[28/02/2013 - 01:39:48 | N | 214 Ko | A99CEC020BE07E1E5A3E1F2A05999F41] - D:\Dicastia.txt
[13/09/2013 - 11:03:03 | D] - D:\Downloads
[13/10/2005 - 23:44:36 | N | 2 Ko] - D:\DSbrick.signature
[24/12/2005 - 09:51:06 | N | 1 Ko] - D:\dslazy.bat
[24/12/2005 - 13:15:00 | N | 68 Ko | 307C77597D89724195CF5DBB97DC2131] - D:\dslazy.exe
[02/03/2014 - 22:18:41 | N | 151 Ko] - D:\dslazy.zip
[07/07/2011 - 03:57:24 | N | 1702789 Ko | 869666F3C3F38DF47F0FBCB40FE59D5D] - D:\edeneternal_install_20110527.exe
[04/08/2013 - 23:20:18 | D] - D:\EUGENIE
[15/02/2013 - 01:23:52 | N | 936736 Ko] - D:\KHBBS.FINAL.VOSTFR.PsPGunz.7z
[10/10/2011 - 09:03:02 | N | 1067048 Ko | 033675D18059D160E094DF1281474D10] - D:\legend_of_edda_client_complet_francais_395456.exe
[22/09/2013 - 22:35:43 | D] - D:\Logithèque
[20/02/2014 - 18:50:28 | N | 262144 Ko] - D:\Love Plus (Japan)_(Patched).nds
[22/06/2012 - 09:34:48 | N | 4305 Ko | 3550FE4E90B36C692E79786FAC7189A2] - D:\LovePlusV10n_patcher.exe
[16/01/2009 - 05:28:18 | N | 720640 Ko] - D:\MEGPOID.ISO
[01/04/2013 - 14:06:39 | D] - D:\Nouveau dossier
[28/03/2014 - 21:24:50 | D] - D:\Nouveau dossier (2)
[11/03/2011 - 21:13:32 | N | 131072 Ko] - D:\Okamiden.BAK
[22/02/2014 - 17:36:15 | N | 131072 Ko] - D:\Okamiden.nds
[04/03/2014 - 11:30:49 | D] - D:\r4
[31/12/2013 - 00:22:40 | N | 1 Ko] - D:\readme.html
[22/06/2012 - 09:46:42 | N | 2 Ko | D239B93D6F2B31D879D7BB10B9849738] - D:\READMEv10n.txt
[23/03/2012 - 15:40:41 | N | 802528 Ko] - D:\smtpeu.iso
[08/04/2013 - 13:19:31 | SD] - D:\System Volume Information
[28/03/2010 - 08:36:52 | N | 8927 Ko] - D:\THPatch.rar
[17/12/2012 - 21:45:52 | N | 18071 Ko] - D:\videoplayback_12.FLV
[19/01/2014 - 21:54:50 | SHD] - G:\System Volume Information
[26/01/2014 - 16:16:06 | D] - G:\jeux
[26/01/2014 - 16:18:56 | D] - G:\jeux ds
[26/01/2014 - 16:19:26 | D] - G:\moonshl2
[26/01/2014 - 16:19:28 | SHD] - G:\SYSTEM
[17/10/2012 - 13:04:48 | N | 379 Ko] - G:\_DS_MENU.dat
[26/01/2014 - 16:19:46 | D] - G:\__rpg
[26/01/2014 - 16:19:46 | D] - G:\NDSMAIL

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |