tritinh
Participant
Nombre d'articles : 6

Voila j’ai fait la manipulation et je penses que cela à fonctionner mais je voudrais avoir confirmation de votre part :p

[spoiler:3kddckky]############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: Tinh (Administrateur) # TINH-PC
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 00:30:21 | 07/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (K73SV)
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
RAM -> [Total : 8104 | Free : 6883]
Bios: American Megatrends Inc.
Boot: Fail-safe boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 24.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 195 Go (76 Go libre(s) – 39%) [OS] # NTFS
D: -> Disque fixe # 233 Go (216 Go libre(s) – 93%) [SDATA1] # NTFS
E: -> Disque fixe # 245 Go (146 Go libre(s) – 59%) [Data] # NTFS
F: -> Disque fixe # 233 Go (13 Go libre(s) – 5%) [SDATA2] # NTFS
G: -> Disque amovible # 30 Go (18 Go libre(s) – 59%) [USB DISK] # NTFS
J: -> Disque amovible # 7 Go (5 Go libre(s) – 67%) [LEXAR] # FAT32

################## | Référence de comparaison MD5 |

Md5 : 3278a76dec52931adccff421edbb9aeb -> G:iTunesHelper.vbe
Md5 : 3278a76dec52931adccff421edbb9aeb -> J:iTunesHelper.vbe

################## | Processus Stoppés |

Stoppé! C:WindowsExplorer.EXE (ID: 744 |ParentID: 704)
Stoppé! C:Windowssystem32ctfmon.exe (ID: 1036 |ParentID: 744)
Stoppé! C:Windowssystem32DllHost.exe (ID: 1308 |ParentID: 688)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWARE | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateLBPShortCut] – “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWAREwow6432Node | Run : [UpdateP2GoShortCut] – “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Pando Media Booster] – C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Akamai NetSession Interface] – “C:UsersTinhAppDataLocalAkamainetsession_win.exe”
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Steam] – “C:Program Files (x86)Steamsteam.exe” -silent
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Syncables] – C:Program Files (x86)syncablessyncables desktopSyncables.exe
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [DAEMON Tools Pro Agent] – “C:Program Files (x86)DAEMON Tools ProDTAgent.exe” -autorun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-1651985070-3558631432-2182452226-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! G:iTunesHelper.vbe
Supprimé! G:syncguid.dat
Supprimé! J:iTunesHelper.vbe
Supprimé! J:syncguid.dat

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

################## | Listing |

[08/10/2011 – 00:31:31 | SHD ] C:$Recycle.Bin
[06/11/2013 – 10:11:53 | D ] C:AdwCleaner
[16/11/2011 – 12:48:48 | D ] C:AsAgingFactory_TmpLog
[07/11/2013 – 00:07:26 | D ] C:ASUS.DAT
[04/09/2013 – 18:15:43 | D ] C:AsusVibeData
[29/07/2009 – 07:03:34 | SHD ] C:Boot
[14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
[29/07/2009 – 07:03:37 | RASH | 8192] C:BOOTSECT.BAK
[01/10/2011 – 23:32:22 | N | 85] C:BurnHelp.txt
[25/11/2012 – 12:28:43 | N | 40] C:C041F015A386
[27/07/2011 – 09:14:03 | N | 14469] C:devlist.txt
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[27/07/2011 – 09:00:55 | D ] C:eSupport
[26/07/2011 – 18:14:03 | N | 9] C:Finish.log
[07/11/2013 – 00:27:49 | ASH | 6373355520] C:hiberfil.sys
[27/07/2011 – 08:53:37 | D ] C:Intel
[01/04/2011 – 04:00:50 | N | 2621440] C:K73E.BIN
[31/05/2011 – 04:26:00 | N | 19] C:K73SD_K73E_K73SV_WIN7.40
[01/04/2011 – 03:21:04 | N | 2621440] C:K73SV.BIN
[13/11/2012 – 19:52:50 | RHD ] C:MSOCache
[13/10/2011 – 21:16:27 | D ] C:NVIDIA
[06/08/2013 – 14:22:17 | D ] C:NvidiaLogging
[27/07/2011 – 08:56:39 | D ] C:NvidiaLogs
[07/11/2013 – 00:27:50 | ASH | 8497811456] C:pagefile.sys
[26/07/2011 – 19:15:01 | N | 303] C:Pass.txt
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[06/11/2013 – 10:33:56 | N | 512] C:PhysicalDisk0_MBR.bin
[05/11/2013 – 23:54:49 | D ] C:Program Files
[06/11/2013 – 10:21:10 | D ] C:Program Files (x86)
[06/11/2013 – 10:11:10 | HD ] C:ProgramData
[01/10/2011 – 20:52:21 | SHD ] C:Recovery
[31/05/2011 – 04:26:00 | N | 20] C:RECOVERY.DAT
[27/07/2011 – 08:58:48 | N | 2302] C:RHDSetup.log
[27/07/2011 – 09:00:45 | N | 168] C:setup.log
[06/11/2013 – 12:40:11 | SHD ] C:System Volume Information
[22/10/2013 – 16:27:24 | D ] C:temp
[02/01/2012 – 17:00:14 | D ] C:UDK
[07/11/2013 – 00:38:53 | D ] C:UsbFix
[06/11/2013 – 13:38:14 | N | 18986] C:UsbFix [Clean 1] TINH-PC.txt
[07/11/2013 – 00:38:54 | A | 9405] C:UsbFix [Clean 2] TINH-PC.txt
[06/11/2013 – 11:40:17 | N | 17621] C:UsbFix [Scan 1] TINH-PC.txt
[04/12/2011 – 01:21:24 | RD ] C:Users
[07/11/2013 – 00:16:50 | D ] C:Windows
[06/11/2013 – 15:23:00 | D ] C:_OTM
[21/04/2013 – 20:20:09 | SHD ] D:$RECYCLE.BIN
[19/10/2013 – 10:25:18 | D ] D:Diablo III
[28/09/2013 – 00:21:43 | D ] D:League of Legends
[04/04/2010 – 09:18:24 | SHD ] D:System Volume Information
[20/05/2013 – 10:30:27 | SHD ] E:$RECYCLE.BIN
[16/12/2012 – 22:48:43 | D ] E:Asus Applications
[22/09/2013 – 13:52:24 | D ] E:Ecole
[18/10/2013 – 18:44:43 | D ] E:Jeux
[10/07/2013 – 00:27:21 | D ] E:msdownld.tmp
[25/11/2012 – 23:31:36 | D ] E:Orcs Must Die 2
[16/12/2012 – 22:45:34 | D ] E:Photoshop
[09/06/2013 – 10:53:30 | D ] E:Scan
[29/09/2013 – 22:31:29 | SHD ] E:System Volume Information
[01/10/2011 – 20:55:18 | SHD ] F:$RECYCLE.BIN
[09/10/2011 – 15:26:45 | N | 528] F:MediaID.bin
[29/09/2013 – 22:31:18 | SHD ] F:System Volume Information
[22/09/2013 – 20:32:08 | D ] F:TINH-PC
[09/10/2011 – 16:44:37 | D ] F:WindowsImageBackup
[06/11/2013 – 13:05:37 | RASHD ] G:Autorun.inf
[04/10/2013 – 23:22:32 | N | 12952350060] G:casting Revue 2013.avi
[29/10/2013 – 16:23:00 | D ] J:photocopies
[02/11/2013 – 04:18:00 | N | 1110558825] J:Mon film.wmv
[04/11/2013 – 12:06:58 | D ] J:Photos
[06/11/2013 – 13:05:38 | RASHD ] J:Autorun.inf

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:3kddckky]