############################## | UsbFix V 7.126 | [Suppression] Utilisateur: Caroline (Administrateur) # CAROLINE-PC Mis à jour le 13/05/2013 par El Desaparecido Lancé à 08:24:58 | 30/05/2013 Site Web: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: Acer (Aspire X3960) (x64-based PC) CPU: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz (3093) RAM -> [Total : 4078 | Free : 2817] BIOS: BIOS Date: 03/31/11 01:20:02 Ver: 04.06.04 BOOT: Fail-safe boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16576 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Antivirus [Enabled | Updated] FW: Windows FireWall Service [(!) Disabled] C:\ (%systemdrive%) -> Disque fixe # 457 Go (39 Go libre(s) - 9%) [Acer] # NTFS D:\ -> Disque fixe # 457 Go (10 Go libre(s) - 2%) [Data] # NTFS E:\ -> CD-ROM I:\ -> CD-ROM J:\ -> Disque amovible # 2 Go (390 Mo libre(s) - 20%) [USB DISK] # FAT L:\ -> Disque amovible # 7 Go (7 Go libre(s) - 97%) [] # FAT32 ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [MDS_Menu] - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" HKLM\SOFTWARE | Run : [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [MDS_Menu] - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" HKLM\SOFTWARE\wow6432Node | Run : [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-509337477-4010112078-506862805-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-509337477-4010112078-506862805-1001\SOFTWARE | Run : [Google Update] - "C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Processus Stoppés | Stoppé! C:\Windows\Explorer.EXE (688) Stoppé! C:\Windows\system32\ctfmon.exe (1032) Stoppé! C:\Windows\system32\DllHost.exe (1304) Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (1392) Stoppé! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (656) ################## | Éléments infectieux | (!) Fichiers temporaires supprimés. ################## | Registre | ################## | Mountpoints2 | ################## | Listing | [06/09/2011 - 12:51:19 | SHD ] C:\$RECYCLE.BIN [27/05/2013 - 20:29:45 | N | 110] C:\.~lock.UsbFix [Clean 1] CAROLINE-PC.txt# [27/05/2013 - 20:52:45 | N | 4205] C:\AdwCleaner[S1].txt [27/05/2013 - 20:29:22 | RASHD ] C:\Autorun.inf [10/02/2010 - 05:10:50 | D ] C:\book [22/03/2011 - 08:11:13 | N | 8192] C:\BOOTSECT.BAK [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings [16/07/2010 - 02:33:30 | N | 5093] C:\FRZ1LP41.MD5 [30/05/2013 - 08:20:36 | ASH | 3207081984] C:\hiberfil.sys [22/03/2011 - 07:40:50 | D ] C:\Intel [16/07/2010 - 02:29:19 | N | 291] C:\LPCD.DAT [01/10/2011 - 15:57:08 | RHD ] C:\MSOCache [03/09/2011 - 18:09:46 | D ] C:\OEM [30/05/2013 - 08:20:38 | ASH | 4276113408] C:\pagefile.sys [14/07/2009 - 05:20:08 | D ] C:\PerfLogs [27/05/2013 - 22:43:13 | N | 512] C:\PhysicalDisk0_MBR.bin [02/04/2013 - 02:12:37 | D ] C:\ProfNOTE 2012 [23/05/2013 - 00:03:24 | D ] C:\Program Files [28/05/2013 - 00:18:15 | D ] C:\Program Files (x86) [27/05/2013 - 20:48:13 | HD ] C:\ProgramData [12/05/2013 - 17:13:12 | D ] C:\PRONOTE Réseau 2012 [03/09/2011 - 18:08:20 | SHD ] C:\Recovery [28/05/2013 - 13:14:37 | SHD ] C:\System Volume Information [30/05/2013 - 08:35:42 | D ] C:\UsbFix [27/05/2013 - 20:29:22 | N | 10753] C:\UsbFix [Clean 1] CAROLINE-PC.txt [30/05/2013 - 03:33:07 | N | 10643] C:\UsbFix [Clean 3] CAROLINE-PC.txt [30/05/2013 - 08:35:49 | A | 6419] C:\UsbFix [Clean 4] CAROLINE-PC.txt [30/05/2013 - 02:52:19 | N | 9579] C:\UsbFix [Scan 1] CAROLINE-PC.txt [04/09/2011 - 11:50:25 | D ] C:\Users [30/05/2013 - 08:20:37 | D ] C:\Windows [27/05/2013 - 22:34:12 | D ] C:\ZHP [03/09/2011 - 18:09:51 | SHD ] D:\$RECYCLE.BIN [04/12/2011 - 18:04:02 | D ] D:\Anciens Docs [27/05/2013 - 20:29:22 | RASHD ] D:\Autorun.inf [04/12/2011 - 13:29:45 | D ] D:\Books - Audio - Text [08/12/2011 - 22:31:44 | D ] D:\Iphone - Sonneries [05/12/2011 - 01:55:49 | D ] D:\Iphone - Videos [06/01/2013 - 23:54:46 | N | 212450] D:\previewfile.log [29/05/2013 - 14:59:14 | D ] D:\Series [19/05/2013 - 19:48:15 | D ] D:\Series 2 [10/02/2010 - 05:02:50 | SHD ] D:\System Volume Information [08/03/2013 - 16:42:23 | D ] D:\Vidéos [15/05/2011 - 02:07:20 | D ] J:\Apps [15/05/2011 - 02:08:38 | D ] J:\Documents [06/06/2011 - 00:57:52 | D ] J:\Programmes [11/06/2012 - 12:02:12 | N | 16894] J:\JeuMathsSoluces.odt [11/06/2012 - 12:02:08 | N | 18326] J:\JeuMaths.odt [04/09/2011 - 22:52:16 | D ] J:\201112 [30/09/2011 - 08:33:06 | RSHD ] J:\RECYCLER [03/02/2012 - 14:18:58 | D ] J:\GeoGebra-Portable [09/03/2012 - 12:34:24 | N | 666112] J:\PDFReader.exe [29/05/2012 - 15:52:44 | D ] J:\Ted [12/06/2012 - 19:45:34 | N | 20494] J:\QuizJeuMaths.odp [29/05/2013 - 00:31:26 | N | 239578] J:\DST8205Cor.odt [29/05/2013 - 00:31:34 | N | 186319] J:\DST8205Cor.pdf