Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#10721
Bonjour !
Voilà  mon problème : Depuis quelques semaines, mon école a subis une propagation d'un virus informatique.
Résultat : Deux de mes clés USB transforment tous mes fichiers en raccourcis...
J'ai entendu parlé d'USBfix, mais je ne sais pas comment bien l'utiliser...
Merci d'avance pour vos réponses !
#10722
Bonjour et bienvenue :)

On va commencer par une Recherche pour voir quel infection tu as ;)
  • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
  • Branchez toutes vos sources de données externes à  votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisi l'option Recherche

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
++ :)
#10729
Voilà  mon rapport !
Code: Tout sélectionner
############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Ben (Administrateur) # BENMANGA
Mis à  jour le 08/10/2013 par El Desaparecido - Team SosVirus
Lancé à  18:16:53 | 09/10/2013

Site Web: http://www.usbfix.net/" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware: http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact: http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: ASUSTeK Computer INC. (M5A78L)
CPU: AMD Phenom(tm) II X4 955 Processor
RAM -> [Total : 4094 | Free : 1242]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus 2014 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 931 Go (156 Go libre(s) - 17%) [] # NTFS
D:\ -> Disque fixe # 60 Go (40 Go libre(s) - 66%) [ACER] # FAT32
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 8 Go (2 Go libre(s) - 23%) [Intenso] # FAT32
H:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID 436 |ParentID 428)
C:\Windows\system32\wininit.exe (ID 508 |ParentID 428)
C:\Windows\system32\csrss.exe (ID 544 |ParentID 524)
C:\Windows\system32\services.exe (ID 568 |ParentID 508)
C:\Windows\system32\lsass.exe (ID 588 |ParentID 508)
C:\Windows\system32\lsm.exe (ID 596 |ParentID 508)
C:\Windows\system32\winlogon.exe (ID 664 |ParentID 524)
C:\Windows\system32\svchost.exe (ID 748 |ParentID 568)
C:\Windows\system32\svchost.exe (ID 828 |ParentID 568)
C:\Windows\system32\atiesrxx.exe (ID 916 |ParentID 568)
C:\Windows\System32\svchost.exe (ID 952 |ParentID 568)
C:\Windows\System32\svchost.exe (ID 992 |ParentID 568)
C:\Windows\system32\svchost.exe (ID 116 |ParentID 568)
C:\Windows\system32\svchost.exe (ID 304 |ParentID 568)
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (ID 1068 |ParentID 568)
C:\Windows\system32\svchost.exe (ID 1128 |ParentID 568)
C:\Windows\system32\atieclxx.exe (ID 1272 |ParentID 916)
C:\Windows\System32\spoolsv.exe (ID 1436 |ParentID 568)
C:\Windows\system32\svchost.exe (ID 1464 |ParentID 568)
C:\Windows\SysWOW64\svchost.exe (ID 1572 |ParentID 568)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID 1592 |ParentID 568)
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ID 1680 |ParentID 568)
C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe (ID 1856 |ParentID 568)
C:\Windows\system32\conhost.exe (ID 1884 |ParentID 436)
C:\Windows\System32\svchost.exe (ID 1892 |ParentID 568)
C:\Windows\System32\svchost.exe (ID 1948 |ParentID 568)
C:\Windows\SysWOW64\PnkBstrA.exe (ID 1988 |ParentID 568)
C:\Windows\system32\taskhost.exe (ID 1056 |ParentID 568)
C:\Windows\system32\Dwm.exe (ID 1536 |ParentID 992)
C:\Windows\system32\taskeng.exe (ID 1364 |ParentID 304)
C:\Windows\Explorer.EXE (ID 1848 |ParentID 1212)
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ID 2016 |ParentID 1364)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 2292 |ParentID 1848)
C:\Windows\vsnp2std.exe (ID 2304 |ParentID 1848)
C:\Windows\system32\svchost.exe (ID 2544 |ParentID 568)
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (ID 2560 |ParentID 1848)
C:\Windows\System32\Drivers\WTSRV.EXE (ID 2620 |ParentID 568)
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (ID 2732 |ParentID 1848)
C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe (ID 2752 |ParentID 1848)
C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe (ID 2800 |ParentID 2752)
C:\Windows\System32\wscript.exe (ID 2920 |ParentID 1848)
C:\Program Files\ASUS\Turbo Key\TurboKey.exe (ID 3008 |ParentID 2928)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 2840 |ParentID 2928)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2968 |ParentID 2316)
C:\Jeux\hamachi-2.exe (ID 3288 |ParentID 568)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 3696 |ParentID 2968)
C:\Windows\system32\wbem\wmiprvse.exe (ID 3916 |ParentID 748)
C:\Jeux\LMIGuardianSvc.exe (ID 4008 |ParentID 3288)
C:\Windows\SysWOW64\java.exe (ID 4544 |ParentID 1856)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (ID 3128 |ParentID 3696)
C:\Windows\system32\SearchIndexer.exe (ID 4676 |ParentID 568)
C:\Windows\system32\svchost.exe (ID 3228 |ParentID 568)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 1796 |ParentID 568)
C:\Windows\system32\svchost.exe (ID 5172 |ParentID 568)
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (ID 5316 |ParentID 1068)
C:\Program Files\Tablet\Pen\WacomHost.exe (ID 5332 |ParentID 1068)
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (ID 5536 |ParentID 1068)
C:\Program Files\Tablet\Pen\Pen_Tablet.exe (ID 5660 |ParentID 5332)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 1628 |ParentID 568)
C:\Windows\System32\svchost.exe (ID 5608 |ParentID 568)
C:\Windows\system32\DllHost.exe (ID 5808 |ParentID 748)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 216 |ParentID 1848)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6108 |ParentID 216)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3896 |ParentID 216)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2984 |ParentID 216)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3068 |ParentID 216)
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (ID 1396 |ParentID 1160)
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID 1832 |ParentID 568)
C:\Program Files\Windows Sidebar\sidebar.exe (ID 6320 |ParentID 568)
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (ID 7088 |ParentID 1832)
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID 5472 |ParentID 7088)
C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID 5388 |ParentID 6292)
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe (ID 408 |ParentID 5388)
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (ID 7100 |ParentID 568)
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (ID 6464 |ParentID 1832)
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID 6520 |ParentID 6464)
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID 3984 |ParentID 1832)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3140 |ParentID 568)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 4088 |ParentID 3140)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6016 |ParentID 216)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1724 |ParentID 216)
C:\Windows\System32\WUDFHost.exe (ID 1956 |ParentID 992)
C:\UsbFix\Go.exe (ID 3892 |ParentID 1848)
C:\Windows\system32\DllHost.exe (ID 1744 |ParentID 748)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Turbo Key] - "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
HKLM\SOFTWARE | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Jeux\hamachi-2-ui.exe" --auto-start
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Turbo Key] - "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [LogMeIn Hamachi Ui] - "C:\Jeux\hamachi-2-ui.exe" --auto-start
HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [AdobeBridge] -
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Clownfish] - "C:\Program Files (x86)\Clownfish\Clownfish.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [EADM] - "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Activator] - wscript.exe //B "C:\Users\Ben\AppData\Local\Temp\Activator.vbs"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1007\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1097147635-3363988166-1689558142-1007\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | à‰léments infectieux |

Présent! H:\Activator.vbs
Présent! G:\$AVG.lnk
Présent! G:\Liste SH1.lnk
Présent! G:\Book1.lnk
Présent! G:\Liste SH1 XL.lnk
Présent! G:\6323130983.lnk
Présent! G:\6391226688.lnk
Présent! G:\6319616950.lnk
Présent! G:\111 V3.lnk
Présent! G:\111 Sceau.lnk
Présent! G:\2013-04-07 Photos Tunisie G.lnk
Présent! G:\Autres.lnk
Présent! G:\Eur.lnk
Présent! G:\Belgocontrol.lnk
Présent! G:\Photos Nokia C5.lnk
Présent! G:\Cours.lnk
Présent! C:\Users\Ben\AppData\Local\Temp\uttB08F.tmp.exe
Présent! C:\Users\Ben\AppData\Local\Temp\uttD624.tmp.exe
Présent! C:\Users\Ben\AppData\Local\Temp\uttF318.tmp.exe
Présent! C:\Users\Ben\AppData\Local\Temp\uttF8E.tmp.exe
Présent! C:\Users\Ben\AppData\Local\Temp\7za.exe

################## | Registre |

Présent! HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
HKCU\.\.\.\.\Explorer\MountPoints2\{764f4e02-c034-11e0-963f-f46d044776c5}
Shell\AutoRun\Command = F:\Setup.exe



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
#10738
Bonsoir,

Ok pour ton rapport ;) Avez vous un antivirus dans ton Ecole ? Si oui lequel stp ?

Ceci maintenant :
  • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisi l'option Suppression

    Note : Si UsbFix bloque à  14%, démarrer en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
++
#10745
Voilà  !

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Ben (Administrateur) # BENMANGA
Mis à  jour le 08/10/2013 par El Desaparecido - Team SosVirus
Lancé à  19:07:49 | 09/10/2013

Site Web: http://www.usbfix.net/" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware: http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact: http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: ASUSTeK Computer INC. (M5A78L)
CPU: AMD Phenom(tm) II X4 955 Processor
RAM -> [Total : 4094 | Free : 949]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus 2014 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 931 Go (154 Go libre(s) - 17%) [] # NTFS
D:\ -> Disque fixe # 60 Go (40 Go libre(s) - 66%) [ACER] # FAT32
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 8 Go (2 Go libre(s) - 23%) [Intenso] # FAT32
H:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [] # FAT32

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Turbo Key] - "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
HKLM\SOFTWARE | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Jeux\hamachi-2-ui.exe" --auto-start
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Turbo Key] - "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [LogMeIn Hamachi Ui] - "C:\Jeux\hamachi-2-ui.exe" --auto-start
HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [AdobeBridge] -
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Clownfish] - "C:\Program Files (x86)\Clownfish\Clownfish.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [EADM] - "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Activator] - wscript.exe //B "C:\Users\Ben\AppData\Local\Temp\Activator.vbs"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1007\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1097147635-3363988166-1689558142-1007\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\atiesrxx.exe (ID 916 |ParentID 568)
Stoppé! C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (ID 1068 |ParentID 568)
Stoppé! C:\Windows\system32\atieclxx.exe (ID 1272 |ParentID 916)
Stoppé! C:\Windows\System32\spoolsv.exe (ID 1436 |ParentID 568)
Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID 1592 |ParentID 568)
Stoppé! C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ID 1680 |ParentID 568)
Stoppé! C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe (ID 1856 |ParentID 568)
Stoppé! C:\Windows\system32\conhost.exe (ID 1884 |ParentID 436)
Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (ID 1988 |ParentID 568)
Stoppé! C:\Windows\system32\taskhost.exe (ID 1056 |ParentID 568)
Stoppé! C:\Windows\system32\taskeng.exe (ID 1364 |ParentID 304)
Stoppé! C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ID 2016 |ParentID 1364)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 2292 |ParentID 1848)
Stoppé! C:\Windows\vsnp2std.exe (ID 2304 |ParentID 1848)
Stoppé! C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (ID 2560 |ParentID 1848)
Stoppé! C:\Windows\System32\Drivers\WTSRV.EXE (ID 2620 |ParentID 568)
Stoppé! C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (ID 2732 |ParentID 1848)
Stoppé! C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe (ID 2752 |ParentID 1848)
Stoppé! C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe (ID 2800 |ParentID 2752)
Stoppé! C:\Windows\System32\wscript.exe (ID 2920 |ParentID 1848)
Stoppé! C:\Program Files\ASUS\Turbo Key\TurboKey.exe (ID 3008 |ParentID 2928)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 2840 |ParentID 2928)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2968 |ParentID 2316)
Stoppé! C:\Jeux\hamachi-2.exe (ID 3288 |ParentID 568)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 3696 |ParentID 2968)
Stoppé! C:\Jeux\LMIGuardianSvc.exe (ID 4008 |ParentID 3288)
Stoppé! C:\Windows\SysWOW64\java.exe (ID 4544 |ParentID 1856)
Stoppé! C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (ID 3128 |ParentID 3696)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID 4676 |ParentID 568)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 1796 |ParentID 568)
Stoppé! C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (ID 5316 |ParentID 1068)
Stoppé! C:\Program Files\Tablet\Pen\WacomHost.exe (ID 5332 |ParentID 1068)
Stoppé! C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (ID 5536 |ParentID 1068)
Stoppé! C:\Program Files\Tablet\Pen\Pen_Tablet.exe (ID 5660 |ParentID 5332)
Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 1628 |ParentID 568)
Stoppé! C:\Windows\system32\DllHost.exe (ID 5808 |ParentID 748)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 216 |ParentID 1848)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6108 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3896 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2984 |ParentID 216)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (ID 1396 |ParentID 1160)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID 1832 |ParentID 568)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID 5388 |ParentID 6292)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe (ID 408 |ParentID 5388)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3140 |ParentID 568)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 4088 |ParentID 3140)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6016 |ParentID 216)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID 1956 |ParentID 992)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 812 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6284 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6200 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5996 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3448 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6708 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6152 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4420 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 128 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4636 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6476 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2372 |ParentID 216)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2508 |ParentID 216)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (ID 4924 |ParentID 4676)
Stoppé! C:\Program Files (x86)\uTorrent\uTorrent.exe (ID 4872 |ParentID 216)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (ID 7360 |ParentID 4676)
Stoppé! C:\Windows\system32\DllHost.exe (ID 8160 |ParentID 748)
Stoppé! C:\Windows\system32\taskeng.exe (ID 8080 |ParentID 304)

################## | à‰léments infectieux |

Non supprimé ! H:\Activator.vbs
Supprimé! G:\$AVG.lnk
Supprimé! G:\Liste SH1.lnk
Supprimé! G:\Book1.lnk
Supprimé! G:\Liste SH1 XL.lnk
Supprimé! G:\6323130983.lnk
Supprimé! G:\6391226688.lnk
Supprimé! G:\6319616950.lnk
Supprimé! G:\111 V3.lnk
Supprimé! G:\111 Sceau.lnk
Supprimé! G:\2013-04-07 Photos Tunisie G.lnk
Supprimé! G:\Autres.lnk
Supprimé! G:\Eur.lnk
Supprimé! G:\Belgocontrol.lnk
Supprimé! G:\Photos Nokia C5.lnk
Supprimé! G:\Cours.lnk
Supprimé! C:\Users\Ben\AppData\Local\Temp\uttB08F.tmp.exe
Supprimé! C:\Users\Ben\AppData\Local\Temp\uttD624.tmp.exe
Supprimé! C:\Users\Ben\AppData\Local\Temp\uttF318.tmp.exe
Supprimé! C:\Users\Ben\AppData\Local\Temp\uttF8E.tmp.exe
Supprimé! C:\Users\Ben\AppData\Local\Temp\7za.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{764f4e02-c034-11e0-963f-f46d044776c5}

################## | Listing |

[09/10/2013 - 17:45:24 | D ] C:\$AVG
[06/01/2013 - 17:45:35 | SHD ] C:\$Recycle.Bin
[22/08/2012 - 00:52:44 | D ] C:\AeriaGames
[15/08/2013 - 15:00:52 | D ] C:\AMD
[09/10/2013 - 17:47:55 | HD ] C:\Config.Msi
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[30/03/2012 - 20:53:40 | D ] C:\download
[09/10/2013 - 16:11:09 | ASH | 3219791872] C:\hiberfil.sys
[03/10/2013 - 18:21:11 | D ] C:\Jeux
[31/10/2011 - 10:35:42 | D ] C:\Manga
[09/10/2013 - 16:11:11 | ASH | 4293058560] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[05/07/2013 - 23:03:43 | D ] C:\Program Files
[26/08/2013 - 20:13:09 | D ] C:\Program Files (x86)
[09/10/2013 - 17:45:23 | HD ] C:\ProgramData
[01/08/2011 - 21:55:11 | SHD ] C:\Recovery
[09/10/2013 - 17:44:50 | SHD ] C:\System Volume Information
[09/10/2013 - 19:18:49 | A | 14057] C:\UsbFix [Clean 3] BENMANGA.txt
[09/10/2013 - 18:01:33 | N | 12565] C:\UsbFix [Scan 1] BENMANGA.txt
[09/10/2013 - 18:45:58 | N | 13943] C:\UsbFix [Scan 2] BENMANGA.txt
[26/08/2013 - 20:13:25 | RD ] C:\Users
[01/09/2013 - 02:28:46 | D ] C:\Windows
[05/08/2004 - 05:00:00 | D ] D:\i386
[05/08/2004 - 05:00:00 | D ] D:\VALUEADD
[05/08/2004 - 05:00:00 | D ] D:\dotnetfx
[21/03/2005 - 18:44:46 | N | 75] D:\PRELOAD.AAA
[01/03/2010 - 22:00:56 | D ] D:\FOUND.000
[01/03/2010 - 23:16:10 | D ] D:\FOUND.001
[21/03/2005 - 09:41:52 | D ] D:\SYSINFO
[21/03/2005 - 09:41:52 | D ] D:\GUIDE
[21/03/2005 - 09:41:54 | D ] D:\DRV
[21/03/2005 - 09:42:44 | N | 512] D:\BOOTSECT.DOS
[05/05/2003 - 10:31:58 | D ] D:\WINDOWS
[05/08/2004 - 05:00:00 | N | 4952] D:\Bootfont.bin
[05/08/2004 - 05:00:00 | N | 251712] D:\ntldr
[05/08/2004 - 05:00:00 | N | 47564] D:\NTDETECT.COM
[01/03/2010 - 14:18:08 | N | 216] D:\boot.ini
[21/03/2005 - 09:53:06 | D ] D:\Documents and Settings
[21/03/2005 - 09:56:18 | D ] D:\Program Files
[21/03/2005 - 09:56:54 | N | 0] D:\CONFIG.SYS
[21/03/2005 - 09:56:54 | N | 0] D:\AUTOEXEC.BAT
[21/03/2005 - 09:56:54 | N | 0] D:\IO.SYS
[21/03/2005 - 09:56:54 | N | 0] D:\MSDOS.SYS
[21/03/2005 - 09:59:48 | SHD ] D:\System Volume Information
[21/05/2003 - 17:20:16 | D ] D:\Acer
[21/03/2005 - 18:30:36 | N | 6] D:\ISACER.ID
[21/03/2005 - 18:38:02 | D ] D:\Recycled
[01/03/2010 - 23:25:58 | D ] D:\FOUND.002
[01/03/2010 - 23:38:12 | D ] D:\FOUND.003
[02/03/2010 - 09:40:24 | D ] D:\FOUND.004
[03/03/2010 - 22:26:02 | D ] D:\FOUND.005
[03/08/2011 - 18:00:50 | D ] D:\FOUND.006
[03/03/2010 - 22:26:06 | ASH | 1073270784] D:\hiberfil.sys
[01/03/2010 - 21:01:32 | SHD ] D:\Config.Msi
[01/03/2010 - 21:28:16 | RSHD ] D:\RECYCLER
[03/03/2010 - 22:26:04 | N | 1610612736] D:\pagefile.sys
[01/08/2011 - 21:55:22 | SHD ] D:\$RECYCLE.BIN
[22/12/2011 - 14:38:08 | D ] D:\$AVG
[28/07/2013 - 20:35:36 | N | 13731] G:\Liste SH1.ods
[08/04/2013 - 16:26:16 | D ] G:\2013-04-07 Photos Tunisie G
[06/12/2011 - 12:12:54 | D ] G:\Autres
[21/06/2013 - 15:39:28 | D ] G:\Eur
[20/02/2013 - 19:17:26 | N | 16814] G:\Book1.ods
[16/11/2011 - 16:07:28 | D ] G:\Belgocontrol
[29/07/2013 - 15:51:10 | N | 34304] G:\Liste SH1 XL.xls
[19/09/2012 - 10:49:50 | D ] G:\Photos Nokia C5
[20/08/2013 - 17:39:12 | N | 27845] G:\6323130983.pdf
[20/08/2013 - 17:39:20 | N | 22445] G:\6391226688.pdf
[18/06/2013 - 17:15:26 | N | 26722] G:\6319616950.pdf
[25/08/2013 - 20:44:36 | N | 258606] G:\111 V3.docx
[22/09/2013 - 17:20:12 | N | 264930] G:\111 Sceau.docx
[06/09/2013 - 14:14:08 | D ] G:\Cours
[09/10/2013 - 18:03:52 | D ] G:\$AVG
[03/08/2013 - 19:45:26 | N | 73383] H:\Activator.vbs

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
#10749
Bonsoir,

Ok on va passer UsbFix en mode sans échec Ok ? :)
  • Après l'écran de démarrage de ton PC tapote sur la touche F8 ou F12
  • Choisis Mode sans échec avec prise en charge réseau (avec les flèches de ton clavier), puis Entrée

    Image
  • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisi l'option Suppression

    Note : Si UsbFix bloque à  14%, démarrer en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
#10756
Voici !

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Ben (Administrateur) # BENMANGA
Mis à  jour le 08/10/2013 par El Desaparecido - Team SosVirus
Lancé à  19:46:58 | 09/10/2013

Site Web: http://www.usbfix.net/" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware: http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact: http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: ASUSTeK Computer INC. (M5A78L)
CPU: AMD Phenom(tm) II X4 955 Processor
RAM -> [Total : 4094 | Free : 2789]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus 2014 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 931 Go (180 Go libre(s) - 19%) [] # NTFS
D:\ -> Disque fixe # 60 Go (40 Go libre(s) - 66%) [ACER] # FAT32
E:\ -> CD-ROM
G:\ -> Disque amovible # 8 Go (2 Go libre(s) - 23%) [Intenso] # FAT32
H:\ -> Disque amovible # 4 Go (4 Go libre(s) - 100%) [] # FAT32

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Turbo Key] - "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
HKLM\SOFTWARE | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Jeux\hamachi-2-ui.exe" --auto-start
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Turbo Key] - "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [LogMeIn Hamachi Ui] - "C:\Jeux\hamachi-2-ui.exe" --auto-start
HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [AdobeBridge] -
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [Clownfish] - "C:\Program Files (x86)\Clownfish\Clownfish.exe"
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [EADM] - "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-1097147635-3363988166-1689558142-1000\SOFTWARE | Run : [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:\Jeux\hamachi-2.exe (ID 1128 |ParentID 436)
Stoppé! C:\Jeux\LMIGuardianSvc.exe (ID 1180 |ParentID 1128)
Stoppé! C:\Windows\system32\ctfmon.exe (ID 1660 |ParentID 1616)
Stoppé! C:\Windows\system32\DllHost.exe (ID 1812 |ParentID 592)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2016 |ParentID 1616)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1396 |ParentID 2016)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1516 |ParentID 2016)

################## | à‰léments infectieux |

Supprimé! H:\Activator.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |


################## | Listing |

[09/10/2013 - 17:45:24 | D ] C:\$AVG
[06/01/2013 - 17:45:35 | SHD ] C:\$Recycle.Bin
[22/08/2012 - 00:52:44 | D ] C:\AeriaGames
[15/08/2013 - 15:00:52 | D ] C:\AMD
[09/10/2013 - 19:18:49 | RASHD ] C:\Autorun.inf
[09/10/2013 - 17:47:55 | HD ] C:\Config.Msi
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[30/03/2012 - 20:53:40 | D ] C:\download
[09/10/2013 - 19:43:06 | ASH | 3219791872] C:\hiberfil.sys
[03/10/2013 - 18:21:11 | D ] C:\Jeux
[31/10/2011 - 10:35:42 | D ] C:\Manga
[09/10/2013 - 19:43:08 | ASH | 4293058560] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[05/07/2013 - 23:03:43 | D ] C:\Program Files
[26/08/2013 - 20:13:09 | D ] C:\Program Files (x86)
[09/10/2013 - 17:45:23 | HD ] C:\ProgramData
[01/08/2011 - 21:55:11 | SHD ] C:\Recovery
[09/10/2013 - 17:44:50 | SHD ] C:\System Volume Information
[09/10/2013 - 19:18:50 | N | 17209] C:\UsbFix [Clean 3] BENMANGA.txt
[09/10/2013 - 20:00:31 | A | 7790] C:\UsbFix [Clean 5] BENMANGA.txt
[09/10/2013 - 18:01:33 | N | 12565] C:\UsbFix [Scan 1] BENMANGA.txt
[09/10/2013 - 18:45:58 | N | 13943] C:\UsbFix [Scan 2] BENMANGA.txt
[26/08/2013 - 20:13:25 | RD ] C:\Users
[09/10/2013 - 19:43:06 | D ] C:\Windows
[05/08/2004 - 05:00:00 | D ] D:\i386
[05/08/2004 - 05:00:00 | D ] D:\VALUEADD
[05/08/2004 - 05:00:00 | D ] D:\dotnetfx
[21/03/2005 - 18:44:46 | N | 75] D:\PRELOAD.AAA
[01/03/2010 - 22:00:56 | D ] D:\FOUND.000
[01/03/2010 - 23:16:10 | D ] D:\FOUND.001
[21/03/2005 - 09:41:52 | D ] D:\SYSINFO
[21/03/2005 - 09:41:52 | D ] D:\GUIDE
[21/03/2005 - 09:41:54 | D ] D:\DRV
[21/03/2005 - 09:42:44 | N | 512] D:\BOOTSECT.DOS
[05/05/2003 - 10:31:58 | D ] D:\WINDOWS
[05/08/2004 - 05:00:00 | N | 4952] D:\Bootfont.bin
[05/08/2004 - 05:00:00 | N | 251712] D:\ntldr
[05/08/2004 - 05:00:00 | N | 47564] D:\NTDETECT.COM
[01/03/2010 - 14:18:08 | N | 216] D:\boot.ini
[21/03/2005 - 09:53:06 | D ] D:\Documents and Settings
[21/03/2005 - 09:56:18 | D ] D:\Program Files
[21/03/2005 - 09:56:54 | N | 0] D:\CONFIG.SYS
[21/03/2005 - 09:56:54 | N | 0] D:\AUTOEXEC.BAT
[21/03/2005 - 09:56:54 | N | 0] D:\IO.SYS
[21/03/2005 - 09:56:54 | N | 0] D:\MSDOS.SYS
[21/03/2005 - 09:59:48 | SHD ] D:\System Volume Information
[21/05/2003 - 17:20:16 | D ] D:\Acer
[21/03/2005 - 18:30:36 | N | 6] D:\ISACER.ID
[21/03/2005 - 18:38:02 | D ] D:\Recycled
[01/03/2010 - 23:25:58 | D ] D:\FOUND.002
[01/03/2010 - 23:38:12 | D ] D:\FOUND.003
[02/03/2010 - 09:40:24 | D ] D:\FOUND.004
[03/03/2010 - 22:26:02 | D ] D:\FOUND.005
[03/08/2011 - 18:00:50 | D ] D:\FOUND.006
[09/10/2013 - 19:18:52 | RASHD ] D:\Autorun.inf
[03/03/2010 - 22:26:06 | ASH | 1073270784] D:\hiberfil.sys
[01/03/2010 - 21:01:32 | SHD ] D:\Config.Msi
[01/03/2010 - 21:28:16 | RSHD ] D:\RECYCLER
[03/03/2010 - 22:26:04 | N | 1610612736] D:\pagefile.sys
[01/08/2011 - 21:55:22 | SHD ] D:\$RECYCLE.BIN
[22/12/2011 - 14:38:08 | D ] D:\$AVG
[28/07/2013 - 20:35:36 | N | 13731] G:\Liste SH1.ods
[08/04/2013 - 16:26:16 | D ] G:\2013-04-07 Photos Tunisie G
[06/12/2011 - 12:12:54 | D ] G:\Autres
[21/06/2013 - 15:39:28 | D ] G:\Eur
[20/02/2013 - 19:17:26 | N | 16814] G:\Book1.ods
[16/11/2011 - 16:07:28 | D ] G:\Belgocontrol
[29/07/2013 - 15:51:10 | N | 34304] G:\Liste SH1 XL.xls
[19/09/2012 - 10:49:50 | D ] G:\Photos Nokia C5
[20/08/2013 - 17:39:12 | N | 27845] G:\6323130983.pdf
[20/08/2013 - 17:39:20 | N | 22445] G:\6391226688.pdf
[18/06/2013 - 17:15:26 | N | 26722] G:\6319616950.pdf
[25/08/2013 - 20:44:36 | N | 258606] G:\111 V3.docx
[22/09/2013 - 17:20:12 | N | 264930] G:\111 Sceau.docx
[06/09/2013 - 14:14:08 | D ] G:\Cours
[09/10/2013 - 19:18:52 | RASHD ] G:\Autorun.inf
[09/10/2013 - 18:03:52 | D ] G:\$AVG
[09/10/2013 - 19:18:52 | RASHD ] H:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)