Le certificat de sécurité du site a été révoqué

############################## | UsbFix V 7.140 | [Suppression]

Utilisateur: Admin (Administrateur) # ADMIN-PC
Mis à jour le 30/09/2013 par El Desaparecido - Team SosVirus
Lancé à 12:51:46 | 30/09/2013

Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Dell Inc. (0C8PJJ)
CPU: AMD Athlon(tm) II P340 Dual-Core Processor
RAM -> [Total : 3836 | Free : 1235]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 451 Go (351 Go libre(s) - 78%) [OS] # NTFS
D:\ -> CD-ROM

################## | Regedit Run |

HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE | Run : [] - 
HKLM\SOFTWARE | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [ccApp] - "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
HKLM\SOFTWARE | Run : [vptray] - C:\PROGRA~2\SYMANT~1\VPTray.exe
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [AccuWeatherWidget] - "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM\SOFTWARE | Run : [Adobe Photo Downloader] - "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [agentantidote.exe] - "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
HKLM\SOFTWARE | Run : [agentantidote64.exe] - "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [Memeo Instant Backup] - C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
HKLM\SOFTWARE | Run : [Seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE\wow6432Node | Run : [] - 
HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [ccApp] - "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [vptray] - C:\PROGRA~2\SYMANT~1\VPTray.exe
HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AccuWeatherWidget] - "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Photo Downloader] - "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [agentantidote.exe] - "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
HKLM\SOFTWARE\wow6432Node | Run : [agentantidote64.exe] - "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [Memeo Instant Backup] - C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
HKLM\SOFTWARE\wow6432Node | Run : [Seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-21-2546514980-2885872958-4043960878-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2546514980-2885872958-4043960878-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2546514980-2885872958-4043960878-1000\SOFTWARE | Run : [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-2546514980-2885872958-4043960878-1000\SOFTWARE | Run : [Google Update] - 

################## | Processus Stoppés |

Stoppé! C:\windows\system32\atiesrxx.exe (ID 840 |ParentID 560)
Stoppé! C:\windows\system32\atieclxx.exe (ID 1080 |ParentID 840)
Stoppé! C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (ID 1160 |ParentID 560)
Stoppé! C:\windows\system32\taskhost.exe (ID 1592 |ParentID 560)
Stoppé! C:\windows\System32\spoolsv.exe (ID 1672 |ParentID 560)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 1816 |ParentID 1316)
Stoppé! C:\Program Files\DellTPad\Apoint.exe (ID 1828 |ParentID 1316)
Stoppé! C:\Program Files\DellTPad\ApMsgFwd.exe (ID 1868 |ParentID 1828)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID 1888 |ParentID 1316)
Stoppé! C:\Program Files\DellTPad\HidFind.exe (ID 1944 |ParentID 1828)
Stoppé! C:\Program Files\DellTPad\Apntex.exe (ID 1956 |ParentID 1928)
Stoppé! C:\Windows\System32\StikyNot.exe (ID 2044 |ParentID 1316)
Stoppé! C:\windows\system32\conhost.exe (ID 1180 |ParentID 452)
Stoppé! C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (ID 2060 |ParentID 560)
Stoppé! C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (ID 2088 |ParentID 1316)
Stoppé! C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (ID 2176 |ParentID 1316)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2536 |ParentID 2476)
Stoppé! C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (ID 2548 |ParentID 560)
Stoppé! C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ID 2580 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID 2628 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (ID 2636 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 2728 |ParentID 560)
Stoppé! C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (ID 2752 |ParentID 1732)
Stoppé! C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (ID 2792 |ParentID 560)
Stoppé! C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (ID 2836 |ParentID 560)
Stoppé! C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (ID 2944 |ParentID 560)
Stoppé! C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (ID 2952 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (ID 2972 |ParentID 1732)
Stoppé! C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID 2988 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe (ID 3048 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe (ID 3056 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 1300 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ID 2432 |ParentID 1732)
Stoppé! C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (ID 3184 |ParentID 560)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 3244 |ParentID 2536)
Stoppé! C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (ID 3304 |ParentID 560)
Stoppé! C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (ID 3588 |ParentID 3504)
Stoppé! C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (ID 3640 |ParentID 560)
Stoppé! C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (ID 3760 |ParentID 2272)
Stoppé! C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (ID 3788 |ParentID 3304)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3808 |ParentID 560)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 4032 |ParentID 3808)
Stoppé! C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (ID 2608 |ParentID 560)
Stoppé! C:\windows\system32\SearchIndexer.exe (ID 1652 |ParentID 560)
Stoppé! C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe (ID 2528 |ParentID 684)
Stoppé! C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe (ID 4368 |ParentID 684)
Stoppé! C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (ID 4584 |ParentID 2088)
Stoppé! C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (ID 4832 |ParentID 668)
Stoppé! C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (ID 3756 |ParentID 3760)
Stoppé! C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (ID 4880 |ParentID 668)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 4380 |ParentID 560)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID 2496 |ParentID 1300)
Stoppé! C:\windows\system32\DllHost.exe (ID 5068 |ParentID 668)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5404 |ParentID 1316)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3268 |ParentID 5404)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 400 |ParentID 5404)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4384 |ParentID 5404)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5124 |ParentID 5404)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5236 |ParentID 5404)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1684 |ParentID 5404)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5660 |ParentID 5404)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[14/05/2013 - 14:28:50 | SHD ] 	C:\$RECYCLE.BIN
[11/05/2012 - 15:54:16 | N | 1204] 	C:\1.txt
[26/10/2012 - 11:46:06 | D ] 	C:\6fd7c7d84c50c04c4472d6d70c97a56b
[07/08/2011 - 11:52:16 | N | 0] 	C:\AdobeDebug.txt
[15/09/2013 - 19:54:57 | N | 3072] 	C:\ads_err.adi
[15/09/2013 - 19:54:57 | N | 4559] 	C:\ads_err.adm
[15/09/2013 - 21:03:08 | N | 13785] 	C:\ads_err.adt
[30/09/2013 - 10:34:52 | RASHD ] 	C:\Autorun.inf
[22/07/2011 - 20:40:59 | D ] 	C:\Boot
[20/11/2010 - 23:23:51 | RASH | 383786] 	C:\bootmgr
[23/02/2011 - 09:08:04 | RASH | 8192] 	C:\BOOTSECT.BAK
[19/06/2007 - 17:41:44 | N | 17408] 	C:\cc2.db3
[14/05/2013 - 11:26:28 | N | 28904] 	C:\ComboFix.txt
[19/09/2013 - 22:49:01 | D ] 	C:\Config.Msi
[02/08/2011 - 10:57:54 | D ] 	C:\Dell
[22/07/2011 - 18:13:41 | N | 3113] 	C:\dell.sdr
[14/07/2009 - 01:08:56 | SHD ] 	C:\Documents and Settings
[19/11/2011 - 16:01:31 | D ] 	C:\DriverFiles
[06/08/2011 - 20:55:18 | D ] 	C:\FIND_EULA_PATH
[19/11/2011 - 16:01:31 | D ] 	C:\fonts
[30/09/2013 - 10:39:56 | ASH | 3016605696] 	C:\hiberfil.sys
[19/11/2011 - 16:01:31 | D ] 	C:\Images
[19/11/2011 - 16:01:33 | D ] 	C:\lib
[04/12/2012 - 10:21:58 | RHD ] 	C:\MSOCache
[30/09/2013 - 10:40:11 | ASH | 4022145024] 	C:\pagefile.sys
[13/07/2009 - 23:20:08 | D ] 	C:\PerfLogs
[05/09/2013 - 15:54:08 | D ] 	C:\Program Files
[20/09/2013 - 20:59:06 | D ] 	C:\Program Files (x86)
[15/09/2013 - 19:47:39 | D ] 	C:\ProgramData
[18/11/2011 - 09:48:30 | D ] 	C:\Programs
[15/05/2013 - 13:46:36 | SHD ] 	C:\RECYCLER
[08/08/2011 - 17:26:46 | D ] 	C:\Riot Games
[02/08/2011 - 11:07:37 | D ] 	C:\System Recovery
[29/09/2013 - 19:48:22 | SHD ] 	C:\System Volume Information
[13/05/2013 - 09:59:33 | D ] 	C:\Uninstall
[30/09/2013 - 13:01:43 | D ] 	C:\UsbFix
[30/09/2013 - 10:34:52 | N | 15665] 	C:\UsbFix [Clean 1] ADMIN-PC.txt
[30/09/2013 - 13:02:06 | A | 14386] 	C:\UsbFix [Clean 2] ADMIN-PC.txt
[30/09/2013 - 10:24:08 | N | 3084] 	C:\UsbFix [Listing 1 ] ADMIN-PC.txt
[30/09/2013 - 10:21:28 | N | 14889] 	C:\UsbFix [Scan 2] ADMIN-PC.txt
[11/05/2012 - 11:43:33 | N | 250] 	C:\user.js
[06/08/2011 - 20:43:50 | RD ] 	C:\Users
[10/09/2013 - 12:06:26 | D ] 	C:\wifi-temp
[29/09/2013 - 15:41:56 | D ] 	C:\Windows

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)