Publicité
Publicité
Format du document : text/plain
Prévisualisation
############################## | UsbFix V 7.123 | [Suppression]
Utilisateur: Remy (Administrateur) # PC-DE-REMY
Mis � jour le 19/04/2013 par El Desaparecido
Lanc� � 22:27:33 | 22/04/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: Acer (Aspire 7720Z ) (X86-based PC)
CPU: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz (1733)
RAM -> [Total : 2037 | Free : 854]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft� Windows Vista� �dition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 112 Go (3 Go libre(s) - 3%) [ACER] # NTFS
D:\ -> Disque fixe # 111 Go (111 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [USB DISK] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe
HKLM\SOFTWARE | Run : [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
HKLM\SOFTWARE | Run : [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe
HKLM\SOFTWARE | Run : [eAudio] - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1369183909-2135498852-2888394407-1000\SOFTWARE | Run : [Acer Tour Reminder] -
HKU\S-1-5-21-1369183909-2135498852-2888394407-1000\SOFTWARE | Run : [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
################## | Processus Stopp�s |
Stopp�! C:\Windows\system32\SLsvc.exe (1324)
Stopp�! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1800)
Stopp�! C:\Windows\System32\spoolsv.exe (1944)
Stopp�! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1060)
Stopp�! C:\Acer\ALaunch\ALaunchSvc.exe (2116)
Stopp�! C:\Windows\system32\taskeng.exe (2196)
Stopp�! C:\Program Files\Google\Update\GoogleUpdate.exe (2272)
Stopp�! C:\Windows\system32\taskeng.exe (2280)
Stopp�! C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (2640)
Stopp�! C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (2676)
Stopp�! C:\Program Files\Windows Defender\MSASCui.exe (2708)
Stopp�! C:\Windows\RtHDVCpl.exe (2812)
Stopp�! C:\Acer\Empowering Technology\eNet\eNet Service.exe (2820)
Stopp�! C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (2884)
Stopp�! C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (2928)
Stopp�! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2992)
Stopp�! C:\Program Files\ma-config.com\MaConfigAgent.exe (3036)
Stopp�! C:\Acer\Empowering Technology\eAudio\eAudio.exe (3056)
Stopp�! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3064)
Stopp�! C:\Acer\Mobility Center\MobilityService.exe (3224)
Stopp�! C:\Windows\System32\hkcmd.exe (3260)
Stopp�! C:\Windows\System32\igfxpers.exe (3304)
Stopp�! C:\Program Files\CyberLink\Shared Files\RichVideo.exe (3412)
Stopp�! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3444)
Stopp�! C:\Program Files\Windows Media Player\wmpnscfg.exe (3456)
Stopp�! C:\Windows\system32\igfxsrvc.exe (3596)
Stopp�! C:\Users\Remy\AppData\Local\Temp\RtkBtMnt.exe (3848)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2492)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1568)
Stopp�! C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (1708)
Stopp�! C:\Windows\system32\SearchIndexer.exe (2976)
Stopp�! C:\Windows\system32\DRIVERS\xaudio.exe (3320)
Stopp�! C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (3364)
Stopp�! C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (3744)
Stopp�! C:\Program Files\Windows Media Player\wmpnetwk.exe (4260)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (4428)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (4780)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (5472)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (6112)
Stopp�! C:\Windows\System32\WUDFHost.exe (5744)
Stopp�! C:\Windows\system32\conime.exe (2536)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (5912)
################## | �l�ments infectieux |
Supprim�! C:\Users\Remy\AppData\Local\Temp\RtkBtMnt.exe
(!) Fichiers temporaires supprim�s.
################## | Registre |
################## | Mountpoints2 |
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{24c52b68-a88a-11de-bf03-eb2d4957fa45}
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{8ff29acc-8ea3-11de-9b2e-ad631709f71e}
################## | Listing |
[11/07/2012 - 01:22:51 | SHD ] C:\$RECYCLE.BIN
[10/08/2007 - 09:34:33 | N | 3380] C:\-20070810.log
[24/04/2008 - 19:10:43 | D ] C:\Acer
[22/04/2013 - 18:29:10 | N | 15231] C:\AdwCleaner[R1].txt
[22/04/2013 - 21:13:59 | N | 14997] C:\AdwCleaner[S1].txt
[18/09/2006 - 23:43:36 | N | 24] C:\autoexec.bat
[10/08/2007 - 16:40:27 | D ] C:\Book
[01/07/2011 - 07:44:28 | SHD ] C:\Boot
[11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
[10/08/2007 - 16:43:42 | N | 8192] C:\BOOTSECT.BAK
[21/04/2013 - 21:27:24 | D ] C:\Config.Msi
[18/09/2006 - 23:43:37 | N | 10] C:\config.sys
[02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings
[23/02/2008 - 15:44:21 | D ] C:\DRV
[22/04/2013 - 21:17:18 | ASH | 2137063424] C:\hiberfil.sys
[10/08/2007 - 08:25:09 | D ] C:\Intel
[16/08/2005 - 09:49:12 | N | 40960] C:\junction.exe
[29/11/2006 - 17:35:22 | N | 512] C:\MDR.iss
[10/08/2007 - 09:52:33 | RHD ] C:\MSOCache
[19/04/2013 - 14:29:44 | D ] C:\MyWorks
[22/04/2013 - 21:17:16 | ASH | 2450857984] C:\pagefile.sys
[27/06/2008 - 19:53:20 | D ] C:\PerfLogs
[21/04/2013 - 21:24:30 | N | 512] C:\PhysicalDisk0_MBR.bin
[22/04/2013 - 21:13:46 | D ] C:\Program Files
[22/04/2013 - 21:13:45 | HD ] C:\ProgramData
[10/08/2007 - 08:32:22 | N | 420] C:\RHDSetup.log
[23/05/2008 - 18:16:18 | N | 159] C:\Setup.log
[22/04/2013 - 18:52:51 | SHD ] C:\System Volume Information
[12/07/2008 - 02:24:04 | N | 632890] C:\SystemEvent.log
[22/04/2013 - 22:29:07 | D ] C:\UsbFix
[22/04/2013 - 22:29:25 | A | 7311] C:\UsbFix [Clean 1] PC-DE-REMY.txt
[22/04/2013 - 21:26:51 | N | 6769] C:\UsbFix [Scan 1] PC-DE-REMY.txt
[24/04/2008 - 19:09:02 | D ] C:\Users
[24/04/2008 - 19:10:11 | N | 1147844] C:\vcredist_x86.log
[22/04/2013 - 21:13:49 | D ] C:\Windows
[12/07/2008 - 02:23:18 | N | 32004] C:\WinSSEvent.log
[21/04/2013 - 21:24:32 | D ] C:\ZHP
[24/04/2008 - 19:10:33 | SHD ] D:\$RECYCLE.BIN
[23/02/2008 - 06:13:23 | D ] D:\erData
[23/02/2008 - 06:02:19 | SHD ] D:\System Volume Information
[27/03/2013 - 17:19:10 | RASHD ] F:\Autorun.inf
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.org |
Utilisateur: Remy (Administrateur) # PC-DE-REMY
Mis � jour le 19/04/2013 par El Desaparecido
Lanc� � 22:27:33 | 22/04/2013
Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org
PC: Acer (Aspire 7720Z ) (X86-based PC)
CPU: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz (1733)
RAM -> [Total : 2037 | Free : 854]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft� Windows Vista� �dition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 112 Go (3 Go libre(s) - 3%) [ACER] # NTFS
D:\ -> Disque fixe # 111 Go (111 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [USB DISK] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe
HKLM\SOFTWARE | Run : [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
HKLM\SOFTWARE | Run : [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe
HKLM\SOFTWARE | Run : [eAudio] - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1369183909-2135498852-2888394407-1000\SOFTWARE | Run : [Acer Tour Reminder] -
HKU\S-1-5-21-1369183909-2135498852-2888394407-1000\SOFTWARE | Run : [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
################## | Processus Stopp�s |
Stopp�! C:\Windows\system32\SLsvc.exe (1324)
Stopp�! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1800)
Stopp�! C:\Windows\System32\spoolsv.exe (1944)
Stopp�! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1060)
Stopp�! C:\Acer\ALaunch\ALaunchSvc.exe (2116)
Stopp�! C:\Windows\system32\taskeng.exe (2196)
Stopp�! C:\Program Files\Google\Update\GoogleUpdate.exe (2272)
Stopp�! C:\Windows\system32\taskeng.exe (2280)
Stopp�! C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (2640)
Stopp�! C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (2676)
Stopp�! C:\Program Files\Windows Defender\MSASCui.exe (2708)
Stopp�! C:\Windows\RtHDVCpl.exe (2812)
Stopp�! C:\Acer\Empowering Technology\eNet\eNet Service.exe (2820)
Stopp�! C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (2884)
Stopp�! C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (2928)
Stopp�! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2992)
Stopp�! C:\Program Files\ma-config.com\MaConfigAgent.exe (3036)
Stopp�! C:\Acer\Empowering Technology\eAudio\eAudio.exe (3056)
Stopp�! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3064)
Stopp�! C:\Acer\Mobility Center\MobilityService.exe (3224)
Stopp�! C:\Windows\System32\hkcmd.exe (3260)
Stopp�! C:\Windows\System32\igfxpers.exe (3304)
Stopp�! C:\Program Files\CyberLink\Shared Files\RichVideo.exe (3412)
Stopp�! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3444)
Stopp�! C:\Program Files\Windows Media Player\wmpnscfg.exe (3456)
Stopp�! C:\Windows\system32\igfxsrvc.exe (3596)
Stopp�! C:\Users\Remy\AppData\Local\Temp\RtkBtMnt.exe (3848)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2492)
Stopp�! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1568)
Stopp�! C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (1708)
Stopp�! C:\Windows\system32\SearchIndexer.exe (2976)
Stopp�! C:\Windows\system32\DRIVERS\xaudio.exe (3320)
Stopp�! C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (3364)
Stopp�! C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (3744)
Stopp�! C:\Program Files\Windows Media Player\wmpnetwk.exe (4260)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (4428)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (4780)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (5472)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (6112)
Stopp�! C:\Windows\System32\WUDFHost.exe (5744)
Stopp�! C:\Windows\system32\conime.exe (2536)
Stopp�! C:\Program Files\Google\Chrome\Application\chrome.exe (5912)
################## | �l�ments infectieux |
Supprim�! C:\Users\Remy\AppData\Local\Temp\RtkBtMnt.exe
(!) Fichiers temporaires supprim�s.
################## | Registre |
################## | Mountpoints2 |
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{24c52b68-a88a-11de-bf03-eb2d4957fa45}
Supprim�! HKCU\.\.\.\.\Explorer\MountPoints2\{8ff29acc-8ea3-11de-9b2e-ad631709f71e}
################## | Listing |
[11/07/2012 - 01:22:51 | SHD ] C:\$RECYCLE.BIN
[10/08/2007 - 09:34:33 | N | 3380] C:\-20070810.log
[24/04/2008 - 19:10:43 | D ] C:\Acer
[22/04/2013 - 18:29:10 | N | 15231] C:\AdwCleaner[R1].txt
[22/04/2013 - 21:13:59 | N | 14997] C:\AdwCleaner[S1].txt
[18/09/2006 - 23:43:36 | N | 24] C:\autoexec.bat
[10/08/2007 - 16:40:27 | D ] C:\Book
[01/07/2011 - 07:44:28 | SHD ] C:\Boot
[11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
[10/08/2007 - 16:43:42 | N | 8192] C:\BOOTSECT.BAK
[21/04/2013 - 21:27:24 | D ] C:\Config.Msi
[18/09/2006 - 23:43:37 | N | 10] C:\config.sys
[02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings
[23/02/2008 - 15:44:21 | D ] C:\DRV
[22/04/2013 - 21:17:18 | ASH | 2137063424] C:\hiberfil.sys
[10/08/2007 - 08:25:09 | D ] C:\Intel
[16/08/2005 - 09:49:12 | N | 40960] C:\junction.exe
[29/11/2006 - 17:35:22 | N | 512] C:\MDR.iss
[10/08/2007 - 09:52:33 | RHD ] C:\MSOCache
[19/04/2013 - 14:29:44 | D ] C:\MyWorks
[22/04/2013 - 21:17:16 | ASH | 2450857984] C:\pagefile.sys
[27/06/2008 - 19:53:20 | D ] C:\PerfLogs
[21/04/2013 - 21:24:30 | N | 512] C:\PhysicalDisk0_MBR.bin
[22/04/2013 - 21:13:46 | D ] C:\Program Files
[22/04/2013 - 21:13:45 | HD ] C:\ProgramData
[10/08/2007 - 08:32:22 | N | 420] C:\RHDSetup.log
[23/05/2008 - 18:16:18 | N | 159] C:\Setup.log
[22/04/2013 - 18:52:51 | SHD ] C:\System Volume Information
[12/07/2008 - 02:24:04 | N | 632890] C:\SystemEvent.log
[22/04/2013 - 22:29:07 | D ] C:\UsbFix
[22/04/2013 - 22:29:25 | A | 7311] C:\UsbFix [Clean 1] PC-DE-REMY.txt
[22/04/2013 - 21:26:51 | N | 6769] C:\UsbFix [Scan 1] PC-DE-REMY.txt
[24/04/2008 - 19:09:02 | D ] C:\Users
[24/04/2008 - 19:10:11 | N | 1147844] C:\vcredist_x86.log
[22/04/2013 - 21:13:49 | D ] C:\Windows
[12/07/2008 - 02:23:18 | N | 32004] C:\WinSSEvent.log
[21/04/2013 - 21:24:32 | D ] C:\ZHP
[24/04/2008 - 19:10:33 | SHD ] D:\$RECYCLE.BIN
[23/02/2008 - 06:13:23 | D ] D:\erData
[23/02/2008 - 06:02:19 | SHD ] D:\System Volume Information
[27/03/2013 - 17:19:10 | RASHD ] F:\Autorun.inf
################## | Vaccin |
C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.org |