############################## [ UsbFix V3.025 | Cleaning ]
# User : (Administrateurs) #
# Update on 22/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite :
http://pagesperso-orange.fr/NosTools/usbfix.html# Start at: 09:50:01 | 27/05/2009
# Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
# Internet Explorer 7.0.6000.16681
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
# C:\ # Disque fixe local # 69,65 Go (18,04 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 69,64 Go (51,66 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 7,46 Go (5,13 Go free) # FAT32
# G:\ # Disque amovible # 1,91 Go (1,65 Go free) [MARIE] # FAT
# H:\ # Disque amovible
############################## [ Processus actifs ]
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\runonce.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Calendar\WinCal.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! F:\autorun.inf
Deleted ! F:\msvcr71.dll
################## [ Registre # Clés Run infectieuses ]
# HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\...\Explorer\MountPoints2\{0c546272-2068-11de-bfd9-001f3a229de0}\Shell\Auto\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4bffbb33-b575-11dd-9082-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9843bd96-9c43-11dd-98ac-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9a3701d1-439a-11dd-adc1-001d721f0629}\Shell\Auto\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9c64e0a2-9c2d-11dd-bd58-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{bb957e14-939c-11dd-85bc-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{d54e77a7-b703-11dd-8a44-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{d647b234-9a86-11dd-8374-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{dd70f39b-e230-11dd-b803-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{e81960fb-9e99-11dd-b3d4-001f3a229de0}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{e89c2492-e147-11dd-9b6b-001f3a229de0}\Shell\AutoRun\Command
################## [ Listing des fichiers présent ]
[19/02/2008 17:55|--a------|3380] - C:\-20080219.log
[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[02/11/2006 11:53|-rahs----|438840] - C:\bootmgr
[11/11/2006 09:41|-ra-s----|8192] - C:\BOOTSECT.BAK
[18/09/2006 23:43|--a------|10] - C:\config.sys
[?|?|?] - C:\hiberfil.sys
[16/08/2005 09:49|---------|40960] - C:\junction.exe
[30/11/2006 09:35|--a------|512] - C:\MDR.iss
[?|?|?] - C:\pagefile.sys
[17/01/2008 20:12|--ahs----|1466] - C:\Patch.rev
[16/10/2007 11:29|-rahs----|133] - C:\preload.rev
[19/02/2008 17:49|--a------|477] - C:\RHDSetup.log
[17/11/2008 18:27|--ah-----|268] - C:\sqmdata00.sqm
[17/11/2008 18:27|--ah-----|232] - C:\sqmdata01.sqm
[13/04/2009 17:26|--ah-----|232] - C:\sqmdata02.sqm
[13/04/2009 17:26|--ah-----|232] - C:\sqmdata03.sqm
[17/11/2008 18:27|--ah-----|244] - C:\sqmnoopt00.sqm
[17/11/2008 18:27|--ah-----|244] - C:\sqmnoopt01.sqm
[13/04/2009 17:26|--ah-----|244] - C:\sqmnoopt02.sqm
[13/04/2009 17:26|--ah-----|244] - C:\sqmnoopt03.sqm
[27/05/2009 09:52|--a------|5253] - C:\UsbFix.txt
[19/02/2008 17:53|--a------|1682300] - C:\vcredist_x86.log
[02/10/2007 05:36|--a------|4] - C:\wps.dat
[05/03/2009 14:23|--ah-----|4096] - F:\._.Trashes
[25/05/2009 14:43|--a------|8411] - F:\hijackthis portable.log
[26/05/2009 11:39|--a------|718324] - F:\UsbFix.exe
[26/05/2009 12:15|--a------|7621] - F:\UsbFix1.txt
[26/05/2009 12:02|--a------|7001] - F:\UsbFix4.txt
[22/01/2009 19:39|--a------|26163] - F:\1er et 2eme LP.rtf
[25/11/2008 18:53|--a------|3932214] - F:\Capture Site v_02.bmp
[13/05/2008 16:39|--a------|8399] - F:\Control Tower BPM & Tonalit‚.rtf
[25/11/2008 18:41|--a------|2470038] - F:\LE GARDE DU COEUR.rtf
[26/01/2009 22:05|--a------|1324] - F:\Set Control Tower Bridge.rtf
[?|?|?] - F:\PLASTICO - Ruben Blades trad CT.doc
[09/08/2008 23:19|--a------|2091] - F:\PLASTICO - Ruben Blades.rtf
[?|?|?] - F:\PLASTICO - Ruben Blades.odt
[?|?|?] - F:\PLASTICO2 - Ruben Blades.doc
[?|?|?] - F:\PLASTICO3 - Ruben Blades.doc
[?|?|?] - F:\PLASTICO - Ruben Blades.doc
[27/05/2009 09:36|--a------|2697168] - F:\mbam-setup.exe
[30/03/2009 12:53|--a------|14015748] - F:\VOLFONIQ-magnesium-rush 01.mp3
[03/04/2009 13:27|--a------|24641] - F:\Groupe 14.docx
[02/04/2009 17:19|--a------|172456] - F:\tpsetup.exe
[06/04/2009 14:18|--a------|25284] - F:\MdP.rtf
[11/04/2009 19:24|--a------|16017096] - F:\magnesium_115BPM.mp3
[06/05/2009 20:11|--a------|1015106] - F:\Pour Quelle Infamie Pattern Batterie.mp3
[18/05/2009 12:11|--a------|60900480] - F:\CT%20LIVE.mp3
[25/05/2009 14:41|--a------|401720] - F:\abcde.exe
[15/03/2009 18:10|--a------|21022] - G:\Recueil de Donn‚es en psychiatrie.docx
[16/03/2009 16:58|--a------|22430] - G:\N‚vrose psychoses et bipolaire.docx
[13/03/2009 12:16|--a------|17867] - G:\Groupe 14.docx
[21/03/2009 13:58|--a------|85004] - G:\info de vie.rtf
[24/03/2009 01:01|--a------|529264] - G:\Sant‚ Info.mp3
[27/03/2009 01:03|--a------|805376] - G:\Entretiens en psy 27 mars.ppt
[15/03/2007 08:49|--a------|89600] - G:\S‚miologie psychiatrique.doc
[29/03/2009 20:36|--a------|17545] - G:\Gpe 14 … imprimer.docx
[09/05/2009 21:33|--a------|13312] - G:\Objectifs stages.docx
[09/05/2009 22:05|--a------|28721] - G:\Pr‚vention des escarres.docx
[11/05/2009 22:29|--a------|30143928] - G:\avira_antivir_personal_free.exe
[23/05/2009 13:50|--a------|2887] - G:\SERETIDE DISKUS.rtf
[23/05/2009 18:58|--a------|67584] - G:\PRESENTATION SYNTHETIQUE et DDS.doc
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ Informations # Fichier Suspect ]
################## [ Cracks # Keygens # Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.025 ! ]