############################## | UsbFix V 7.167 | [Suppression]

Utilisateur: LAYLA (Administrateur) # LAYLA-PC
Mis à jour le 13/03/2014 par El Desaparecido - Team SosVirus
Lancé à 18:07:30 | 23/03/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: SAMSUNG ELECTRONICS CO., LTD. (NP270E5V-K04MA)
CPU: Intel(R) Celeron(R) CPU 847 @ 1.10GHz
RAM -> [Total : 3796 Mo| Free : 2813 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 33.0.1750.154
WB: Mozilla Firefox : 27.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | (!) Outdated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 96 Go (55 Go libre(s) - 58%) [] # NTFS
D:\ -> Disque fixe # 100 Mo (70 Mo libre(s) - 70%) [Réservé au système] # NTFS
E:\ -> Disque fixe # 370 Go (314 Go libre(s) - 85%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [L A] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 428 |ParentID: 420)
C:\Windows\system32\wininit.exe (ID: 604 |ParentID: 420)
C:\Windows\system32\csrss.exe (ID: 624 |ParentID: 596)
C:\Windows\system32\services.exe (ID: 664 |ParentID: 604)
C:\Windows\system32\winlogon.exe (ID: 696 |ParentID: 596)
C:\Windows\system32\lsass.exe (ID: 724 |ParentID: 604)
C:\Windows\system32\lsm.exe (ID: 732 |ParentID: 604)
C:\Windows\system32\svchost.exe (ID: 844 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 940 |ParentID: 664)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 664)
C:\Windows\System32\svchost.exe (ID: 448 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 432 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 788 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 1228 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 1328 |ParentID: 664)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1408 |ParentID: 664)
C:\Windows\System32\spoolsv.exe (ID: 1596 |ParentID: 664)
C:\Windows\system32\taskeng.exe (ID: 1636 |ParentID: 788)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1776 |ParentID: 664)
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ID: 1828 |ParentID: 664)
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (ID: 1192 |ParentID: 664)
C:\ProgramData\DatacardService\HWDeviceService64.exe (ID: 1488 |ParentID: 664)
C:\ProgramData\MobileBrServ\mbbservice.exe (ID: 1452 |ParentID: 664)
C:\Windows\system32\taskhost.exe (ID: 2052 |ParentID: 664)
C:\Windows\system32\Dwm.exe (ID: 2112 |ParentID: 448)
C:\Windows\Explorer.EXE (ID: 2164 |ParentID: 2096)
C:\Windows\system32\runonce.exe (ID: 2300 |ParentID: 2164)
C:\Windows\SysWOW64\runonce.exe (ID: 2348 |ParentID: 2300)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 2380 |ParentID: 1488)
C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe (ID: 2448 |ParentID: 1860)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 2472 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 2548 |ParentID: 664)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 2608 |ParentID: 1488)
C:\Program Files (x86)\Modem HDM EC156\Modem HDM EC156.exe (ID: 2640 |ParentID: 2608)
C:\Users\LAYLA\AppData\Local\Torch\Update\TorchCrashHandler.exe (ID: 2760 |ParentID: 664)
C:\Program Files (x86)\Internet Mobile+\AssistantServices.exe (ID: 2836 |ParentID: 664)
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ID: 2888 |ParentID: 664)
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (ID: 2944 |ParentID: 664)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 2444 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 2928 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 3176 |ParentID: 664)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3408 |ParentID: 844)
C:\Windows\System32\WUDFHost.exe (ID: 3588 |ParentID: 448)
C:\Windows\System32\rundll32.exe (ID: 3708 |ParentID: 844)
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (ID: 1424 |ParentID: 1636)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (ID: 108 |ParentID: 664)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (ID: 3400 |ParentID: 664)
C:\Windows\system32\sppsvc.exe (ID: 3220 |ParentID: 664)
C:\Program Files\AVAST Software\Avast\setup\instup.exe (ID: 3076 |ParentID: 1408)
C:\Users\LAYLA\appdata\local\torch\application\torch.exe (ID: 1708 |ParentID: 2640)
C:\Windows\System32\svchost.exe (ID: 2960 |ParentID: 664)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Facebook Update] "C:\Users\LAYLA\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [uTorrent] "C:\Users\LAYLA\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [UIExec] "C:\Program Files (x86)\Internet Mobile+\UIExec.exe"
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [] 
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
04 - [64bit] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [64bit] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [64bit] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - [64bit] HKLM\..\Run : [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe"
04 - [64bit] HKLM\..\Run : [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe"
04 - [64bit] HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-235832358-1739099817-1546481076-1000\..\Run : [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-235832358-1739099817-1546481076-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-235832358-1739099817-1546481076-1000\..\Run : [Facebook Update] "C:\Users\LAYLA\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-235832358-1739099817-1546481076-1000\..\Run : [uTorrent] "C:\Users\LAYLA\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
04 - HKU\S-1-5-21-235832358-1739099817-1546481076-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Supprimé! I:\Listen.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU\Software\Hola
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKU\S-1-5-21-235832358-1739099817-1546481076-1000\Software\.\.\.\.\Mountpoints2\{3ad850ee-68bf-11e3-9d78-1867b08083ae}
Supprimé! HKU\S-1-5-21-235832358-1739099817-1546481076-1000\Software\.\.\.\.\Mountpoints2\{4881ac28-a76a-11e3-a025-1867b08083ae}
Supprimé! HKU\S-1-5-21-235832358-1739099817-1546481076-1000\Software\.\.\.\.\Mountpoints2\{98b96c01-2d24-11e3-a511-1867b08083ae}
Supprimé! HKU\S-1-5-21-235832358-1739099817-1546481076-1000\Software\.\.\.\.\Mountpoints2\{a70ea1c9-7974-11e3-82ee-1867b08083ae}

################## | Listing |

[08/01/2014 - 21:57:48 | SHD] - C:\$Recycle.Bin
[01/03/2014 - 19:04:22 | D] - C:\Config.Msi
[04/12/2013 - 11:24:40 | D] - C:\Dev-Cpp
[14/07/2009 - 05:08:56 | SHD] - C:\Documents and Settings
[26/02/2014 - 12:04:30 | N | 0 Ko] - C:\END
[23/03/2014 - 18:04:45 | ASH | 2914972 Ko] - C:\hiberfil.sys
[29/09/2013 - 18:17:32 | D] - C:\Intel
[05/10/2013 - 08:54:38 | RHD] - C:\MSOCache
[11/03/2011 - 16:28:00 | N | 1 Ko] - C:\NetworkCfg.xml
[23/03/2014 - 18:04:48 | ASH | 3886632 Ko] - C:\pagefile.sys
[14/07/2009 - 03:20:08 | D] - C:\PerfLogs
[02/03/2014 - 11:03:15 | D] - C:\Program Files
[19/03/2014 - 09:25:16 | D] - C:\Program Files (x86)
[23/03/2014 - 18:05:23 | HD] - C:\ProgramData
[29/09/2013 - 01:10:26 | SHD] - C:\Recovery
[17/03/2014 - 14:43:27 | SHD] - C:\System Volume Information
[23/03/2014 - 18:03:37 | D] - C:\UsbFix
[23/03/2014 - 17:27:17 | N | 15 Ko | 27A874C2333AD90DF2F62AE68B250BCC] - C:\UsbFix [Clean 2] LAYLA-PC.txt
[23/03/2014 - 18:13:12 | A | 10 Ko | 6435D16D5FAFAB484D80E107C6BA31BE] - C:\UsbFix [Clean 4] LAYLA-PC.txt
[23/03/2014 - 17:03:15 | N | 12 Ko | 61EDC694C023B5F11FA62A3550D143DE] - C:\UsbFix [Scan 1] LAYLA-PC.txt
[23/03/2014 - 17:55:58 | N | 10 Ko | B639005915F68BBB69D1B66D52A8C97D] - C:\UsbFix [Scan 2] LAYLA-PC.txt
[08/01/2014 - 21:57:17 | D] - C:\Users
[23/03/2014 - 18:05:38 | D] - C:\Windows
[01/10/2013 - 22:57:04 | N | 0 Ko] - C:\WirelessDiagLog.csv
[08/01/2014 - 21:57:48 | SHD] - D:\$RECYCLE.BIN
[29/09/2013 - 15:24:39 |  | 332 Ko] - D:\BMAJN
[29/09/2013 - 00:03:37 | SHD] - D:\Boot
[20/11/2010 - 03:40:08 | RASH | 375 Ko] - D:\bootmgr
[29/09/2013 - 00:03:38 | RASH | 8 Ko] - D:\BOOTSECT.BAK
[13/10/2013 - 14:00:56 | N | 0 Ko] - D:\RecentPlaces.lnk
[28/09/2013 - 23:05:09 | SHD] - D:\System Volume Information
[29/09/2013 - 15:24:39 |  | 0 Ko] - D:\win7.ld
[24/01/2014 - 11:10:06 | SHD] - E:\$RECYCLE.BIN
[23/01/2014 - 22:20:03 | D] - E:\CCP-STS April 28 29, 2012
[19/03/2014 - 09:45:52 | D] - E:\Cours
[23/03/2014 - 16:48:15 | D] - E:\Downloads
[02/02/2014 - 17:15:30 | N | 0 Ko | 1628A9A80F65EB29A9DAA616BCC69211] - E:\famille.txt
[03/03/2014 - 20:56:19 | D] - E:\FFOutput
[19/03/2014 - 06:08:17 | D] - E:\Images
[26/01/2014 - 18:11:28 | D] - E:\lyla
[23/01/2014 - 22:27:54 | D] - E:\office
[23/01/2014 - 22:28:50 | D] - E:\pics
[26/01/2014 - 18:11:39 | D] - E:\Sidi Wassay
[23/01/2014 - 22:18:41 | SHD] - E:\System Volume Information
[26/01/2014 - 17:33:52 | N | 257 Ko] - E:\Transistor bipolaire - Wikipédia.htm
[26/01/2014 - 18:11:41 | D] - E:\Transistor bipolaire - Wikipédia_files
[19/03/2014 - 11:10:52 | D] - I:\IL FAUT METTRE TOUS LES FICHIERS DANS UN DOSSIER!!!!!

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |