Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
#15530
Voilà , j'ai crée un sujet.
Je poste le dernier bloc-notes car je ne sais pas si ma clef est désinfectée ^^

Utilisateur: FAPART5 (Administrateur) # FAPART5-PC
Mis à jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à 18:26:33 | 09/11/2013

Site Web :
Forum : https://www.sosvirus.net/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact :

PC: ASUSTeK Computer Inc. (K50IJ )
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
RAM -> [Total : 4061 | Free : 2636]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 149 Go (45 Go libre(s) - 30%) [OS] # NTFS
D:\ -> Disque fixe # 134 Go (134 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 30 Go (18 Go libre(s) - 61%) [USB Ka 32Gb SanDisk] # NTFS

################## | Processus Stoppés |

Stoppé! C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (ID: 852 |ParentID: 556)
Stoppé! C:\Windows\system32\FBAgent.exe (ID: 1368 |ParentID: 556)
Stoppé! C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ID: 1416 |ParentID: 556)
Stoppé! C:\Program Files\ATKGFNEX\GFNEXSrv.exe (ID: 1564 |ParentID: 556)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1596 |ParentID: 556)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1764 |ParentID: 556)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1888 |ParentID: 556)
Stoppé! C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ID: 1940 |ParentID: 556)
Stoppé! C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (ID: 2584 |ParentID: 556)
Stoppé! C:\Windows\servicing\TrustedInstaller.exe (ID: 2792 |ParentID: 556)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 2904 |ParentID: 556)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 2936 |ParentID: 356)
Stoppé! C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 3064 |ParentID: 2936)
Stoppé! C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 2164 |ParentID: 2936)
Stoppé! C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe (ID: 1328 |ParentID: 2936)
Stoppé! C:\Program Files\P4G\BatteryLife.exe (ID: 2476 |ParentID: 2936)
Stoppé! C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ID: 2512 |ParentID: 2936)
Stoppé! C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 2484 |ParentID: 2936)
Stoppé! C:\Windows\SysWOW64\ACEngSvr.exe (ID: 2152 |ParentID: 712)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 2556 |ParentID: 356)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID: 2408 |ParentID: 2556)
Stoppé! C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ID: 432 |ParentID: 1416)
Stoppé! C:\Windows\System32\rundll32.exe (ID: 2540 |ParentID: 712)
Stoppé! C:\Windows\Explorer.EXE (ID: 2420 |ParentID: 2424)
Stoppé! C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (ID: 2764 |ParentID: 432)
Stoppé! C:\Windows\System32\igfxtray.exe (ID: 3480 |ParentID: 2420)
Stoppé! C:\Windows\System32\hkcmd.exe (ID: 3488 |ParentID: 2420)
Stoppé! C:\Windows\System32\igfxpers.exe (ID: 3496 |ParentID: 2420)
Stoppé! C:\Windows\system32\igfxsrvc.exe (ID: 3540 |ParentID: 712)
Stoppé! C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 3588 |ParentID: 2420)
Stoppé! C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ID: 3596 |ParentID: 432)
Stoppé! C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ID: 3708 |ParentID: 432)
Stoppé! C:\Program Files\Elantech\ETDCtrl.exe (ID: 3768 |ParentID: 2420)
Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (ID: 3780 |ParentID: 2420)
Stoppé! C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ID: 3812 |ParentID: 432)
Stoppé! C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE (ID: 4032 |ParentID: 3796)
Stoppé! C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ID: 4080 |ParentID: 3796)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 2972 |ParentID: 556)
Stoppé! C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ID: 1288 |ParentID: 3796)
Stoppé! C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ID: 3320 |ParentID: 3796)
Stoppé! C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 3244 |ParentID: 3796)
Stoppé! C:\Program Files\AVAST Software\Avast\avastui.exe (ID: 2932 |ParentID: 3796)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3336 |ParentID: 3796)
Stoppé! C:\Windows\AsScrPro.exe (ID: 3920 |ParentID: 1940)
Stoppé! C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 4044 |ParentID: 1940)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 4104 |ParentID: 988)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE | Run : [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
04 - HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE | Run : [Setwallpaper] - c:\programdata\SetWallpaper.cmd
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
04 - HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Setwallpaper] - c:\programdata\SetWallpaper.cmd
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1582993713-3607038955-3277453227-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"" /build:7601

################## | Recherche générique |

Supprimé! F:\2013-2014 journal de classe .lnk
Supprimé! F:\bericht1.lnk
Supprimé! F:\bericht2.lnk
Supprimé! F:\bericht3.lnk
Supprimé! F:\Elèves 2013 EO 2.lnk
Supprimé! F:\elèves privés.lnk
Supprimé! F:\Formation TICE.lnk
Supprimé! F:\habits.lnk
Supprimé! F:\images.lnk
Supprimé! F:\INTENSO copie au 13 oct 2012.lnk
Supprimé! F:\LDD diapo.lnk
Supprimé! F:\MATRICE POSSIBLE POUR TEST sur base Test H3 voc Units 1 and 2 28 02 13 pr KA.lnk
Supprimé! F:\MindMapping.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-1582993713-3607038955-3277453227-1000\Software\.\.\.\.\Mountpoints2\{0a944d00-6e9f-11e1-a686-90e6ba47987b}
Supprimé! HKU\S-1-5-21-1582993713-3607038955-3277453227-1000\Software\.\.\.\.\Mountpoints2\{3dc62390-727c-11e1-a2b6-90e6ba47987b}

################## | Listing |

[14/09/2013 - 13:28:19 | SHD ] C:\$Recycle.Bin
[18/10/2013 - 07:19:24 | D ] C:\161e5c22def74a30befef9a92fc2d8
[17/10/2013 - 07:32:20 | D ] C:\483776c9be91265e70
[15/06/2009 - 12:11:59 | N | 54] C:\AdobeReader.log
[09/11/2013 - 18:19:16 | D ] C:\asus.dat
[22/10/2013 - 00:04:45 | SHD ] C:\Boot
[20/11/2010 - 13:40:07 | RASH | 383786] C:\bootmgr
[29/07/2009 - 07:03:37 | RASH | 8192] C:\BOOTSECT.BAK
[26/09/2009 - 11:49:08 | N | 13613] C:\devlist.txt
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[26/09/2009 - 11:49:06 | N | 9] C:\Finish.log
[28/10/2013 - 15:47:49 | D ] C:\FreeOCR
[08/03/2012 - 16:00:39 | D ] C:\gen5
[09/11/2013 - 18:17:27 | ASH | 3193765888] C:\hiberfil.sys
[26/09/2009 - 11:27:44 | D ] C:\Intel
[10/07/2009 - 09:35:33 | N | 1048576] C:\K40IJ.BIN
[29/07/2009 - 12:46:19 | N | 18] C:\K40IJ_K50IJ_WIN7.10
[10/07/2009 - 09:40:31 | N | 1048576] C:\K50IJ.BIN
[22/10/2009 - 15:00:17 | RHD ] C:\MSOCache
[02/07/2009 - 08:17:15 | N | 37] C:\Nero.Log
[12/06/2009 - 02:32:00 | N | 57] C:\OFFICE2007_L.TXT
[09/11/2013 - 18:17:32 | ASH | 4258357248] C:\pagefile.sys
[25/09/2009 - 23:04:29 | N | 146] C:\Pass.txt
[24/07/2009 - 07:46:46 | N | 3598] C:\Patch.LOG
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[28/10/2013 - 15:41:16 | D ] C:\Program Files
[09/11/2013 - 09:30:14 | D ] C:\Program Files (x86)
[30/10/2013 - 10:02:58 | HD ] C:\ProgramData
[22/10/2009 - 11:54:50 | SHD ] C:\Recovery
[29/07/2009 - 12:46:19 | N | 14] C:\RECOVERY.DAT
[26/09/2009 - 11:38:23 | N | 90] C:\setup.log
[14/05/2006 - 09:22:24 | N | 5] C:\store.log
[26/09/2009 - 11:19:14 | N | 170] C:\SumHidd.txt
[26/09/2009 - 11:17:59 | N | 98] C:\SumOS.txt
[09/11/2013 - 09:39:08 | SHD ] C:\System Volume Information
[09/11/2013 - 18:26:52 | D ] C:\UsbFix
[09/11/2013 - 17:36:49 | N | 12075] C:\UsbFix [Clean 2] FAPART5-PC.txt
[09/11/2013 - 18:26:55 | A | 11493] C:\UsbFix [Clean 3] FAPART5-PC.txt
[14/09/2013 - 13:28:05 | RD ] C:\Users
[07/09/2009 - 12:59:54 | N | 25] C:\v811.txt
[15/09/2013 - 10:54:09 | D ] C:\VanDale
[02/11/2013 - 12:37:15 | D ] C:\Windows
[14/09/2013 - 13:28:20 | SHD ] D:\$RECYCLE.BIN
[23/10/2013 - 13:29:02 | N | 93184] D:\P10.doc
[26/09/2009 - 10:45:44 | SHD ] D:\System Volume Information
[04/10/2013 - 15:59:20 | N | 29696] F:\2013-2014 journal de classe .doc
[31/08/2009 - 10:17:12 | N | 1056687] F:\bericht1.mp3
[31/08/2009 - 10:17:34 | N | 1674222] F:\bericht2.mp3
[31/08/2009 - 10:17:54 | N | 1486141] F:\bericht3.mp3
[11/05/2013 - 13:20:56 | D ] F:\Elèves 2013 EO 2
[06/11/2013 - 19:29:17 | D ] F:\elèves privés
[26/02/2013 - 13:27:42 | D ] F:\Formation TICE
[15/11/2012 - 17:26:54 | D ] F:\habits
[22/10/2013 - 22:58:30 | D ] F:\images
[06/11/2013 - 16:38:43 | D ] F:\INTENSO copie au 13 oct 2012
[02/11/2013 - 16:21:10 | D ] F:\LDD diapo
[09/03/2013 - 13:19:18 | N | 92672] F:\MATRICE POSSIBLE POUR TEST sur base Test H3 voc Units 1 and 2 28 02 13 pr KA.doc
[17/09/2013 - 13:01:14 | D ] F:\MindMapping

################## | Vaccin |

F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | - https://www.sosvirus.net |

    Coucou, :) Avant de tout réinstaller en […]

    Suspicion de virus crypto

    Ok bonne route :)

    Problème avec Adsfix

    bonsoir ok , à te lire prochainement :)

    suspicion de contamination

    ok très bien, merci