Voila le rapport:
############################## | UsbFix V 7.145 | [Suppression]
Utilisateur: HAAS (Administrateur) # HAAS-HP
Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à 15:56:35 | 20/10/2013
Site Web:
Forum :
https://www.sosvirus.net/ Upload Malware:
https://www.sosvirus.net/upload_malware.php Contact:
PC: Hewlett-Packard (181B)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
RAM -> [Total : 6037 | Free : 3469]
Bios: Insyde
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 575 Go (504 Go libre(s) - 88%) [] # NTFS
D:\ -> Disque fixe # 20 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [] # FAT32
################## | Regedit Run |
HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
HKLM\SOFTWARE | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
HKLM\SOFTWARE | Run : [Bron-Spizaetus] - "C:\Windows\ShellNew\RakyatKelaparan.exe"
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
HKLM\SOFTWARE\wow6432Node | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
HKLM\SOFTWARE\wow6432Node | Run : [Bron-Spizaetus] - "C:\Windows\ShellNew\RakyatKelaparan.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-80593312-139361152-551366047-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-80593312-139361152-551366047-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-80593312-139361152-551366047-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-80593312-139361152-551366047-1001\SOFTWARE | Run : [cacaoweb] - "C:\Users\HAAS\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKU\S-1-5-21-80593312-139361152-551366047-1001\SOFTWARE | Run : [Tok-Cirrhatus-1860] - "C:\Users\HAAS\AppData\Local\br4743on.exe"
HKU\S-1-5-21-80593312-139361152-551366047-1001\SOFTWARE | Run : [Tok-Cirrhatus] -
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-80593312-139361152-551366047-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Processus Stoppés |
Stoppé! C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (ID 952 |ParentID 680)
Stoppé! C:\Windows\system32\nvvsvc.exe (ID 1008 |ParentID 680)
Stoppé! C:\Program Files\IDT\WDM\STacSV64.exe (ID 1076 |ParentID 680)
Stoppé! C:\Windows\system32\Hpservice.exe (ID 1364 |ParentID 680)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID 1424 |ParentID 904)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1608 |ParentID 1008)
Stoppé! C:\Windows\system32\nvvsvc.exe (ID 1620 |ParentID 1008)
Stoppé! C:\Windows\system32\WLANExt.exe (ID 1912 |ParentID 904)
Stoppé! C:\Windows\System32\spoolsv.exe (ID 2016 |ParentID 680)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 2068 |ParentID 680)
Stoppé! C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (ID 2176 |ParentID 680)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 2220 |ParentID 680)
Stoppé! C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (ID 2260 |ParentID 680)
Stoppé! C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID 2328 |ParentID 680)
Stoppé! C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID 2424 |ParentID 680)
Stoppé! C:\Windows\system32\taskhost.exe (ID 2596 |ParentID 680)
Stoppé! C:\Windows\Explorer.EXE (ID 2756 |ParentID 2652)
Stoppé! C:\Program Files (x86)\HP SimplePass\TouchControl.exe (ID 2888 |ParentID 952)
Stoppé! C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe (ID 2916 |ParentID 2260)
Stoppé! C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 2996 |ParentID 680)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID 3060 |ParentID 680)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID 2084 |ParentID 680)
Stoppé! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 1512 |ParentID 680)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2972 |ParentID 680)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3184 |ParentID 2972)
Stoppé! C:\Windows\System32\rundll32.exe (ID 3628 |ParentID 880)
Stoppé! C:\Windows\System32\hkcmd.exe (ID 3804 |ParentID 2756)
Stoppé! C:\Windows\System32\igfxpers.exe (ID 3972 |ParentID 2756)
Stoppé! C:\Program Files\IDT\WDM\sttray64.exe (ID 4032 |ParentID 2756)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 4048 |ParentID 2756)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID 4080 |ParentID 2756)
Stoppé! C:\Program Files (x86)\Skype\Phone\Skype.exe (ID 4088 |ParentID 2756)
Stoppé! C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (ID 3288 |ParentID 4056)
Stoppé! C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (ID 920 |ParentID 4056)
Stoppé! C:\Users\HAAS\AppData\Roaming\cacaoweb\cacaoweb.exe (ID 3656 |ParentID 2756)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID 3752 |ParentID 2756)
Stoppé! C:\Users\HAAS\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID 2364 |ParentID 2756)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID 4280 |ParentID 1608)
Stoppé! C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 4392 |ParentID 3908)
Stoppé! C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (ID 4412 |ParentID 880)
Stoppé! C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID 4584 |ParentID 2756)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID 4628 |ParentID 3600)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID 4680 |ParentID 3600)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID 4712 |ParentID 3600)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID 4916 |ParentID 680)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID 4992 |ParentID 680)
Stoppé! C:\Users\HAAS\AppData\Local\winlogon.exe (ID 4320 |ParentID 1536)
Stoppé! C:\Windows\SysWOW64\RunDll32.exe (ID 3756 |ParentID 3752)
Stoppé! C:\Users\HAAS\AppData\Local\services.exe (ID 4660 |ParentID 1536)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID 4064 |ParentID 880)
Stoppé! C:\Users\HAAS\AppData\Local\lsass.exe (ID 4664 |ParentID 1536)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 1508 |ParentID 680)
Stoppé! C:\Windows\system32\taskeng.exe (ID 5324 |ParentID 724)
Stoppé! C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ID 5840 |ParentID 5324)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe (ID 6008 |ParentID 3752)
Stoppé! C:\Program Files\Common Files\AuthenTec\TrueService.exe (ID 5332 |ParentID 680)
Stoppé! C:\Program Files\Common Files\AuthenTec\TrueService.exe (ID 4336 |ParentID 5332)
Stoppé! C:\Windows\system32\DllHost.exe (ID 6304 |ParentID 880)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID 7156 |ParentID 680)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 6232 |ParentID 680)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 6316 |ParentID 680)
Stoppé! C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID 6168 |ParentID 680)
Stoppé! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (ID 6424 |ParentID 680)
Stoppé! C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID 5720 |ParentID 6168)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 4216 |ParentID 680)
Stoppé! C:\Windows\system32\wuauclt.exe (ID 5712 |ParentID 724)
Stoppé! C:\Program Files\Internet Explorer\iexplore.exe (ID 5112 |ParentID 880)
Stoppé! C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID 6660 |ParentID 5112)
Stoppé! C:\Windows\System32\MsSpellCheckingFacility.exe (ID 5596 |ParentID 880)
Stoppé! C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID 2104 |ParentID 5112)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID 3916 |ParentID 904)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (ID 2480 |ParentID 4992)
################## | à‰léments infectieux |
Supprimé! C:\Users\HAAS\AppData\Local\br4743on.exe
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-1
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-10
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-11
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-12
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-13
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-14
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-15
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-16
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-18
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-19
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-2
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-20
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-22
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-23
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-24
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-25
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-26
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-3
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-30
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-5
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-6
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-7
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-8
Supprimé! C:\Users\HAAS\AppData\Local\Bron.tok-17-9
Supprimé! C:\Users\HAAS\AppData\Local\csrss.exe
Supprimé! C:\Users\HAAS\AppData\Local\inetinfo.exe
Supprimé! C:\Users\HAAS\AppData\Local\JunkAtx.bin
Supprimé! C:\Users\HAAS\AppData\Local\Kosong.Bron.Tok.txt
Supprimé! C:\Users\HAAS\AppData\Local\Loc.Mail.Bron.Tok
Supprimé! C:\Users\HAAS\AppData\Local\lsass.exe
Supprimé! C:\Users\HAAS\AppData\Local\Ok-SendMail-Bron-tok
Supprimé! C:\Users\HAAS\AppData\Local\services.exe
Supprimé! C:\Users\HAAS\AppData\Local\smss.exe
Supprimé! C:\Users\HAAS\AppData\Local\svchost.exe
Supprimé! C:\Users\HAAS\AppData\Local\winlogon.exe
Supprimé! C:\Users\HAAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif
Supprimé! C:\Windows\SysWOW64\cmd-brontok.exe
Supprimé! C:\Windows\ShellNew\rakyatkelaparan.exe
Supprimé! D:\desktop.ini
Supprimé! F:\Data HAAS.exe
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-80593312-139361152-551366047-1001\$R1XT6H4.exe
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-80593312-139361152-551366047-1001\$R3134NA.exe
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-80593312-139361152-551366047-1001\$RKV8TTU.exe
Supprimé! C:\Documents and Settings\HAAS\AppData\Roaming\Microsoft\Windows\Templates\7668-NendangBro.com
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\AvatarModel\AvatarModel.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Background\Background.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Brow\Brow.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\EarRing\EarRing.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Eye\Eye.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Face\Face.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Hair\Hair.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Hat\Hat.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Mouth\Mouth.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Nose\Nose.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name\Untitled Name.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\AvatarModel\AvatarModel.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Background\Background.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Brow\Brow.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\EarRing\EarRing.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Eye\Eye.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Face\Face.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Hair\Hair.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Hat\Hat.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Mouth\Mouth.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Nose\Nose.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Avatar\AvatarModel\Untitled Name_1\Untitled Name_1.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Blocs-notes OneNote\Personnel\Personnel.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Documents.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Youcam\EffectManualOrder\EffectManualOrder.exe
Supprimé! C:\Documents and Settings\HAAS\Documents\Youcam\Youcam.exe
Supprimé! C:\Windows\KesenjanganSosial.exe
Supprimé! C:\Windows\System32\HAAS's Setting.scr
Supprimé! F:\.fseventsd\.fseventsd`.exe
Supprimé! F:\.Spotlight-V100\Store-V1\Stores\D4ED98D4-2C42-4116-BADE-427426CDD6D3\D4ED98D4-2C42-4116-BADE-427426CDD6D3.exe
Supprimé! F:\.Spotlight-V100\Store-V1\Store-V1.exe
(!) Fichiers temporaires supprimés.
################## | Registre |
Supprimé! HKU\S-1-5-21-80593312-139361152-551366047-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Supprimé! HKU\S-1-5-21-80593312-139361152-551366047-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Bron-Spizaetus
Supprimé! HKU\S-1-5-21-80593312-139361152-551366047-1001\Software\Microsoft\Windows\CurrentVersion\Run|tok-cirrhatus
################## | Listing |
[23/06/2012 - 14:26:46 | SHD ] C:\$RECYCLE.BIN
[15/07/2012 - 19:16:58 | D ] C:\a36f9592284ab1723f76dc9f
[24/10/2012 - 21:33:58 | D ] C:\AuthLog
[26/02/2012 - 21:37:17 | SHD ] C:\boot
[21/11/2010 - 05:23:51 | RASH | 383786] C:\bootmgr
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[20/10/2013 - 15:16:37 | ASH | 4747935744] C:\hiberfil.sys
[26/02/2012 - 12:11:18 | D ] C:\HP
[14/03/2012 - 18:33:06 | D ] C:\Intel
[23/06/2012 - 14:41:05 | RHD ] C:\MSOCache
[20/10/2013 - 15:16:41 | ASH | 6330580992] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[16/03/2013 - 17:27:15 | D ] C:\Program Files
[19/10/2013 - 23:30:17 | D ] C:\Program Files (x86)
[05/06/2013 - 18:12:36 | HD ] C:\ProgramData
[23/06/2012 - 14:22:59 | SHD ] C:\Recovery
[30/09/2013 - 21:50:59 | D ] C:\SWSetup
[19/10/2013 - 03:30:03 | SHD ] C:\System Volume Information
[23/06/2012 - 14:23:06 | D ] C:\SYSTEM.SAV
[20/10/2013 - 15:59:35 | D ] C:\UsbFix
[20/10/2013 - 16:00:43 | A | 17373] C:\UsbFix [Clean 1] HAAS-HP.txt
[23/06/2012 - 14:21:41 | RD ] C:\Users
[20/10/2013 - 15:59:31 | D ] C:\Windows
[23/06/2012 - 14:26:46 | SHD ] D:\$RECYCLE.BIN
[23/06/2012 - 14:26:42 | RASHD ] D:\boot
[14/07/2009 - 20:39:00 | RASH | 383562] D:\bootmgr
[23/06/2012 - 14:26:42 | D ] D:\FactoryUpdate
[23/06/2012 - 14:26:42 | D ] D:\hp
[24/06/2012 - 20:13:22 | N | 20] D:\HPSF_Rep.txt
[23/06/2012 - 14:24:28 | N | 8] D:\HP_WSD.dat
[23/06/2012 - 14:26:42 | RSHD ] D:\preload
[20/10/2013 - 10:25:21 | RSD ] D:\recovery
[23/06/2012 - 14:26:42 | D ] D:\RM_Reserve
[23/08/2012 - 01:48:35 | SHD ] D:\System Volume Information
[16/08/2006 - 11:51:39 | RAD ] E:\AUDIO_TS
[16/08/2006 - 11:59:44 | RAD ] E:\VIDEO_TS
[06/10/2013 - 12:09:08 | AH | 4096] F:\._.Trashes
[06/10/2013 - 12:09:08 | HD ] F:\.Trashes
[06/10/2013 - 12:09:08 | D ] F:\.fseventsd
[06/10/2013 - 12:09:08 | HD ] F:\.Spotlight-V100
[06/10/2013 - 12:10:50 | D ] F:\Chirurgie?
################## | Vaccin |
C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F |
-
https://www.sosvirus.net |
, 
