Répondre à : Clés USB infectées 2016-09-08T13:14:54+00:00
Photo du profil de AntharesAnthares
Participant
Nombre d'articles : 5

Vraiment :merci2: de votre aide

Voici le rapport sur mon PC

[spoiler:aplr0gso]############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: Anthony Todisco (Administrateur) # TOUDOU
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 20:19:40 | 07/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
RAM -> [Total : 1022 | Free : 195]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 56 Go (33 Go libre(s) – 60%) [VAIO] # NTFS
D: -> Disque fixe # 48 Go (35 Go libre(s) – 73%) [VAIO] # NTFS
F: -> CD-ROM
G: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [USB DISK] # FAT32
H: -> Disque amovible # 7 Go (7 Go libre(s) – 88%) [USB DISK] # FAT32

################## | Référence de comparaison MD5 |

Md5 : DENIED -> C:DOCUME~1ANTHON~1LOCALS~1Tempmuhsjrlyze..vbs
Md5 : 8b5bd22c7cc22ab7728e774e9ae7cc96 -> G:muhsjrlyze..vbs
Md5 : 8b5bd22c7cc22ab7728e774e9ae7cc96 -> H:muhsjrlyze..vbs

################## | Processus Stoppés |

Stoppé! C:Program FilesIntelWirelessBinEvtEng.exe (ID: 1452 |ParentID: 932)
Stoppé! C:Program FilesIntelWirelessBinS24EvMon.exe (ID: 1520 |ParentID: 932)
Stoppé! C:WINDOWSsystem32spoolsv.exe (ID: 500 |ParentID: 932)
Stoppé! C:WINDOWSeHomeehRecvr.exe (ID: 760 |ParentID: 932)
Stoppé! C:WINDOWSExplorer.EXE (ID: 740 |ParentID: 672)
Stoppé! C:WINDOWSeHomeehSched.exe (ID: 824 |ParentID: 932)
Stoppé! C:WINDOWSsystem32nvsvc32.exe (ID: 1912 |ParentID: 932)
Stoppé! C:Program FilesIntelWirelessBinRegSrvc.exe (ID: 1992 |ParentID: 932)
Stoppé! C:Program FilesSonyVAIO Event ServiceVESMgr.exe (ID: 1268 |ParentID: 932)
Stoppé! C:Program FilesFichiers communsSony SharedVAIO Entertainment PlatformVCSWVCSW.exe (ID: 2700 |ParentID: 932)
Stoppé! C:WINDOWSsystem32ICO.EXE (ID: 3768 |ParentID: 740)
Stoppé! C:Program FilesSonyVAIO Power ManagementSPMgr.exe (ID: 3884 |ParentID: 740)
Stoppé! C:Program FilesEverythingEverything.exe (ID: 3892 |ParentID: 740)
Stoppé! C:Program FilesSonyVAIO UpdateVUSR.exe (ID: 3900 |ParentID: 740)
Stoppé! C:Program FilesFichiers communsJavaJava Updatejusched.exe (ID: 4012 |ParentID: 740)
Stoppé! C:Program FilesSonyVAIO UpdateVAIOUpdt.exe (ID: 4052 |ParentID: 740)
Stoppé! C:WINDOWSsystem32ctfmon.exe (ID: 4084 |ParentID: 740)
Stoppé! C:Program FilesPrtScrPrtScr.exe (ID: 200 |ParentID: 740)
Stoppé! C:WINDOWSsystem32wscript.exe (ID: 300 |ParentID: 740)
Stoppé! C:Program FilesD-LinkDWA-131 revAwirelesscm.exe (ID: 528 |ParentID: 740)
Stoppé! C:WINDOWSsystem32dllhost.exe (ID: 3204 |ParentID: 932)
Stoppé! C:Program FilesSonyVAIO UpdateVUAgent.exe (ID: 1648 |ParentID: 932)
Stoppé! C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 1584 |ParentID: 932)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3728 |ParentID: 3264)
Stoppé! C:WINDOWSsystem32wuauclt.exe (ID: 3332 |ParentID: 1368)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 652 |ParentID: 740)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3324 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 2100 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3720 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3296 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 2520 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3552 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 2800 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 1504 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 1840 |ParentID: 652)
Stoppé! C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3508 |ParentID: 652)
Stoppé! C:WINDOWSsystem32wscntfy.exe (ID: 552 |ParentID: 1368)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
04 – HKLMSOFTWARE | Run : [Mouse Suite 98 Daemon] – ICO.EXE
04 – HKLMSOFTWARE | Run : [SonyPowerCfg] – “C:Program FilesSonyVAIO Power ManagementSPMgr.exe”
04 – HKLMSOFTWARE | Run : [Everything] – “C:Program FilesEverythingEverything.exe” -startup
04 – HKLMSOFTWARE | Run : [VAIO Update Self Repair] – “C:Program FilesSonyVAIO UpdateVUSR.exe”
04 – HKLMSOFTWARE | Run : [MSC] – “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesFichiers communsJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [muhsjrlyze] – wscript.exe //B “C:DOCUME~1ANTHON~1LOCALS~1Tempmuhsjrlyze..vbs”
04 – HKLMSOFTWARE | Run : [VAIO Update] – “C:Program FilesSonyVAIO UpdateVAIOUpdt.exe” /Stationary
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-21-2229712269-2839718150-308638168-1006SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-21-2229712269-2839718150-308638168-1006SOFTWARE | Run : [Google Update] – “C:Documents and SettingsAnthony TodiscoLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-2229712269-2839718150-308638168-1006SOFTWARE | Run : [PrtScr by FireStarter] – C:Program FilesPrtScrPrtScr.exe /Tray
04 – HKUS-1-5-21-2229712269-2839718150-308638168-1006SOFTWARE | Run : [muhsjrlyze] – wscript.exe //B “C:DOCUME~1ANTHON~1LOCALS~1Tempmuhsjrlyze..vbs”
04 – HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Recherche générique |

Supprimé! C:DOCUME~1ANTHON~1LOCALS~1Tempmuhsjrlyze..vbs
Supprimé! C:Documents and SettingsAnthony TodiscoMenu DémarrerProgrammesDémarragemuhsjrlyze..vbs
Supprimé! G:muhsjrlyze..vbs
Supprimé! H:muhsjrlyze..vbs
Supprimé! H:Kings of Leon – Mechanical Bull (Deluxe Edition) 2013 Rock 320kbps CBR MP3 [VX] [P2PDL].lnk

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionstaskmgr.exe
Supprimé! HKLMSoftwaremuhsjrlyze
Supprimé! HKUS-1-5-21-2229712269-2839718150-308638168-1006SoftwareMicrosoftWindowsCurrentVersionRun|muhsjrlyze
Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|muhsjrlyze

################## | Listing |

[27/07/2006 – 10:04:48 | N | 0] C:AUTOEXEC.BAT
[07/10/2012 – 12:09:34 | D ] C:b659767a0fa81b48d41cf45a12e960
[23/09/2012 – 11:49:21 | N | 209] C:boot.ini
[10/08/2004 – 13:00:00 | N | 4952] C:Bootfont.bin
[27/07/2006 – 10:04:48 | N | 0] C:CONFIG.SYS
[23/09/2012 – 11:50:51 | D ] C:Documents and Settings
[27/07/2006 – 11:53:14 | D ] C:Drivers
[07/11/2013 – 18:41:11 | ASH | 1071828992] C:hiberfil.sys
[27/07/2006 – 10:04:48 | N | 0] C:IO.SYS
[07/11/2013 – 14:17:18 | D ] C:leslie
[27/07/2006 – 10:04:48 | N | 0] C:MSDOS.SYS
[10/08/2004 – 13:00:00 | N | 47564] C:NTDETECT.COM
[06/10/2012 – 15:19:45 | N | 252240] C:ntldr
[07/11/2013 – 18:41:10 | ASH | 1610612736] C:pagefile.sys
[07/11/2013 – 14:14:20 | D ] C:Program Files
[23/09/2012 – 16:42:58 | SHD ] C:RECYCLER
[23/09/2012 – 11:49:57 | SHD ] C:System Volume Information
[07/11/2013 – 18:42:58 | D ] C:Update
[07/11/2013 – 20:30:32 | D ] C:UsbFix
[07/11/2013 – 20:30:35 | A | 8808] C:UsbFix [Clean 2] TOUDOU.txt
[07/11/2013 – 14:03:18 | N | 8430] C:UsbFix [Scan 1] TOUDOU.txt
[07/11/2013 – 19:48:26 | N | 8018] C:UsbFix [Scan 2] TOUDOU.txt
[23/09/2012 – 16:49:25 | D ] C:VAIO Entertainment
[07/11/2013 – 18:41:22 | N | 2088] C:VCIError.log
[06/07/2013 – 13:44:37 | D ] C:wamp
[07/11/2013 – 19:25:09 | D ] C:WINDOWS
[22/12/2012 – 13:44:19 | D ] D:$AVG
[07/11/2013 – 19:10:57 | D ] D:1ca92f92fcabbdf8af0bc8a1f8
[27/12/2012 – 11:21:56 | D ] D:bef996266a6ffc238aa3399a002e3e
[12/05/2007 – 17:08:56 | D ] D:c
[17/02/2013 – 19:26:16 | SHD ] D:Config.Msi
[16/09/2012 – 19:51:42 | D ] D:Lilly
[26/12/2012 – 16:58:22 | D ] D:Progams
[23/09/2012 – 16:22:14 | SHD ] D:RECYCLER
[28/12/2012 – 12:00:15 | SHD ] D:System Volume Information
[27/01/2013 – 15:38:15 | D ] D:temp
[19/06/2013 – 20:47:51 | D ] D:Tod
[01/01/1980 – 00:00:00 | N | 21] H:.cm0013
[26/07/2013 – 16:16:06 | D ] H:Ray Charles
[26/07/2013 – 16:16:34 | D ] H:Glee
[13/06/2013 – 08:39:26 | D ] H:Adele
[13/06/2013 – 08:38:08 | D ] H:en vrac
[13/06/2013 – 08:37:40 | D ] H:Imagine dragons
[13/06/2013 – 08:35:24 | D ] H:MUSE 2ND LAW
[16/10/2013 – 14:17:58 | D ] H:Kings of Leon – Mechanical Bull (Deluxe Edition) 2013 Rock 320kbps CBR MP3 [VX] [P2PDL]
[29/10/2013 – 10:57:40 | N | 261733] H:2008 Schadron Morchain BPPS.pdf
[24/09/2013 – 10:42:22 | N | 464236] H:LivretANOVA.pdf
[31/10/2013 – 16:53:56 | N | 1678981] H:Thèse ANCRAGE B.geyres .pdf
[31/10/2013 – 16:55:02 | N | 478425] H:2006 article schadron ancrage numérique.pdf
[02/11/2013 – 09:20:16 | D ] H:Opposites [Deluxe Edition]
[29/10/2013 – 17:58:02 | N | 218304] H:1-s2.0-S1162908811000259-main.pdf
[29/10/2013 – 17:55:00 | N | 255808] H:1-s2.0-S1269176311000496-main.pdf
[29/10/2013 – 18:04:30 | N | 239872] H:1-s2.0-S0022103112000510-main.pdf
[29/10/2013 – 18:01:44 | N | 323361] H:1-s2.0-S1057740810001397-main.pdf
[29/10/2013 – 18:00:58 | N | 141887] H:1-s2.0-S0022103111001673-main.pdf
[06/11/2013 – 09:56:46 | N | 35587] H:CM N°3 Relations interpersonnelles.docx
[24/09/2013 – 18:34:14 | N | 1869824] H:Sm 7 – Relations interpersonnelles – PDF.ppt

################## | Vaccin |

G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:aplr0gso]

Et celui du PC de ma copine

[spoiler:aplr0gso]############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: Toudoune (Administrateur) # TOUDOUNE-PC
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 20:52:36 | 07/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (1015BX)
CPU: AMD C-50 Processor
RAM -> [Total : 748 | Free : 250]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 100 Go (69 Go libre(s) – 69%) [] # NTFS
D: -> Disque fixe # 183 Go (105 Go libre(s) – 57%) [] # NTFS

################## | Référence de comparaison MD5 |

Md5 : 8b5bd22c7cc22ab7728e774e9ae7cc96 -> C:UsersToudouneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmuhsjrlyze..vbs
Md5 : DENIED -> C:UsersToudouneAppDataLocalTempmuhsjrlyze..vbs

################## | Processus Stoppés |

Stoppé! C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 828 |ParentID: 536)
Stoppé! C:windowssystem32atiesrxx.exe (ID: 956 |ParentID: 536)
Stoppé! C:windowssystem32atieclxx.exe (ID: 1288 |ParentID: 956)
Stoppé! C:windowsSystem32spoolsv.exe (ID: 1632 |ParentID: 536)
Stoppé! C:windowssystem32AsusService.exe (ID: 1864 |ParentID: 536)
Stoppé! C:Program FilesMicrosoftBingDesktopBingDesktopUpdater.exe (ID: 1904 |ParentID: 536)
Stoppé! C:ExpressGateUtilVAWinService.exe (ID: 412 |ParentID: 536)
Stoppé! C:windowssystem32taskhost.exe (ID: 476 |ParentID: 536)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1060 |ParentID: 536)
Stoppé! C:windowsExplorer.EXE (ID: 1780 |ParentID: 1668)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2060 |ParentID: 1060)
Stoppé! C:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 2344 |ParentID: 536)
Stoppé! C:Program FilesElantechETDCtrl.exe (ID: 2672 |ParentID: 1780)
Stoppé! C:windowssystem32taskeng.exe (ID: 2696 |ParentID: 1112)
Stoppé! C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 2760 |ParentID: 1780)
Stoppé! C:Program FilesASUSHotkeyServiceHotKeyMon.exe (ID: 2780 |ParentID: 1864)
Stoppé! C:Program FilesAsusUSBChargeSettingiSeriesCharge.exe (ID: 2812 |ParentID: 1780)
Stoppé! C:Program FilesASUSSHESuperHybridEngine.exe (ID: 2820 |ParentID: 1864)
Stoppé! C:Program FilesASUSCapsHookCapsHook.exe (ID: 2860 |ParentID: 1864)
Stoppé! C:ExpressGateUtilVAWinAgent.exe (ID: 2900 |ParentID: 1780)
Stoppé! C:Program FilesASUSHotkeyServiceHotkeyService.exe (ID: 2908 |ParentID: 1864)
Stoppé! C:Program FilesAsusLiveUpdateLiveUpdate.exe (ID: 2920 |ParentID: 1864)
Stoppé! C:Program FilesCommon FilesInstantOnInsOnWMI.exe (ID: 3108 |ParentID: 2696)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3436 |ParentID: 1780)
Stoppé! C:Program FilesElantechETDCtrlHelper.exe (ID: 3556 |ParentID: 2672)
Stoppé! C:windowssystem32SearchIndexer.exe (ID: 3568 |ParentID: 536)
Stoppé! C:Program FilesPrtScrPrtScr.exe (ID: 3740 |ParentID: 1780)
Stoppé! C:WindowsSystem32wscript.exe (ID: 1300 |ParentID: 1732)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 1196 |ParentID: 536)
Stoppé! C:windowssystem32taskhost.exe (ID: 1284 |ParentID: 536)
Stoppé! C:windowsservicingTrustedInstaller.exe (ID: 4176 |ParentID: 536)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [ETDWare] – %ProgramFiles%ElantechETDCtrl.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [HotkeyMon] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotKeyMon.exe
04 – HKLMSOFTWARE | Run : [HotkeyService] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotkeyService.exe
04 – HKLMSOFTWARE | Run : [SuperHybridEngine] – AsusSender.exe C:Program FilesASUSSHESuperHybridEngine.exe
04 – HKLMSOFTWARE | Run : [LiveUpdate] – AsusSender.exe C:Program FilesAsusLiveUpdateLiveUpdate.exe auto
04 – HKLMSOFTWARE | Run : [CapsHook] – AsusSender.exe C:Program FilesASUSCapsHookCapsHook.exe
04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLMSOFTWARE | Run : [iSeriesCharge] – C:Program FilesASUSUSBChargeSettingiSeriesCharge.exe
04 – HKLMSOFTWARE | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
04 – HKLMSOFTWARE | Run : [ASUSPRP] – C:Program FilesASUSAPRPAPRP.EXE
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [Everything] – “C:Program FilesEverythingEverything.exe” -startup
04 – HKLMSOFTWARE | Run : [BingDesktop] – C:Program FilesMicrosoftBingDesktopBingDesktop.exe /fromkey
04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program FilesASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLMSOFTWARE | Run : [MSC] – “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1248135432-734599078-2716530331-1000SOFTWARE | Run : [PrtScr by FireStarter] – C:Program FilesPrtScrPrtScr.exe /Tray
04 – HKUS-1-5-21-1248135432-734599078-2716530331-1000SOFTWARE | Run : [muhsjrlyze] – wscript.exe //B “C:UsersToudouneAppDataLocalTempmuhsjrlyze..vbs”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersToudouneAppDataLocalTempmuhsjrlyze..vbs
Supprimé! C:UsersToudouneAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmuhsjrlyze..vbs

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-1248135432-734599078-2716530331-1000SoftwareMicrosoftWindowsCurrentVersionRun|muhsjrlyze

################## | Listing |

[16/11/2012 – 19:20:02 | SHD ] C:$RECYCLE.BIN
[17/11/2012 – 00:33:57 | D ] C:AsusVibeData
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[17/11/2012 – 03:52:26 | SHD ] C:Boot
[20/11/2010 – 13:40:08 | RASH | 383786] C:bootmgr
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[16/11/2012 – 19:29:10 | D ] C:ExpressGateUtil
[06/11/2013 – 15:47:56 | ASH | 588554240] C:hiberfil.sys
[16/11/2012 – 21:20:03 | RHD ] C:MSOCache
[07/11/2013 – 20:39:02 | ASH | 1107296256] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[19/10/2013 – 07:55:15 | N | 1384] C:preference.xml
[19/10/2013 – 07:06:22 | D ] C:Program Files
[27/03/2013 – 21:45:31 | HD ] C:ProgramData
[16/11/2012 – 19:07:29 | SHD ] C:Recovery
[17/11/2012 – 00:30:24 | N | 2241] C:RHDSetup.log
[07/11/2013 – 20:36:15 | SHD ] C:System Volume Information
[07/11/2013 – 21:02:45 | D ] C:UsbFix
[07/11/2013 – 21:02:49 | A | 7848] C:UsbFix [Clean 1] TOUDOUNE-PC.txt
[16/11/2012 – 19:10:53 | RD ] C:Users
[19/10/2013 – 07:20:38 | D ] C:Windows
[16/11/2012 – 19:18:39 | SHD ] D:$RECYCLE.BIN
[15/02/2012 – 11:33:27 | D ] D:a54ceefc5b62581c42f82ae4b039
[16/11/2012 – 17:55:07 | D ] D:COURS S3
[16/11/2012 – 17:58:08 | D ] D:IMAGES
[26/09/2011 – 08:18:12 | N | 528] D:MediaID.bin
[08/10/2011 – 16:21:02 | D ] D:MUSIQUE
[16/11/2012 – 22:40:39 | D ] D:Office(ne pas supprimer)
[23/09/2012 – 18:38:06 | D ] D:S4
[04/11/2013 – 08:17:52 | SHD ] D:System Volume Information
[20/09/2013 – 13:42:18 | D ] D:TOUDOUNE-PC
[16/11/2012 – 23:44:16 | D ] D:WindowsImageBackup

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:aplr0gso]