azajoke
Participant
Nombre d'articles : 71

je vous ajoute les rapports “suppression” d’usbfix de mes 2 autres cartes mini SD touchées par le virus

voici le premier
[spoiler:32ypcm00]############################## | UsbFix V 7.153 | [Suppression]

Utilisateur: Jo (Administrateur) # PC-DE-JO
Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
Lancé à 22:15:30 | 09/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Quanta (3069)
CPU: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
RAM -> [Total : 3002 | Free : 1388]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 32.0.1700.41

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 223 Go (25 Go libre(s) – 11%) [] # NTFS
D: -> Disque fixe # 10 Go (1 Go libre(s) – 12%) [RECOVERY] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 2 Go (597 Mo libre(s) – 32%) [] # FAT

################## | Processus Stoppés |

Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195STacSV.exe (ID: 1156 |ParentID: 652)
Stoppé! C:Windowssystem32SLsvc.exe (ID: 1264 |ParentID: 652)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1616 |ParentID: 652)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1800 |ParentID: 652)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1980 |ParentID: 652)
Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_fa807195aestsrv.exe (ID: 1996 |ParentID: 652)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 2008 |ParentID: 652)
Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 308 |ParentID: 652)
Stoppé! C:Program FilesSMINSTBLService.exe (ID: 1356 |ParentID: 652)
Stoppé! C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 1400 |ParentID: 652)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2088 |ParentID: 652)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2760 |ParentID: 1124)
Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 3944 |ParentID: 652)
Stoppé! C:Windowssystem32taskeng.exe (ID: 4080 |ParentID: 1124)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2744 |ParentID: 1344)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2920 |ParentID: 1344)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 284 |ParentID: 1344)
Stoppé! C:Program FilesHPQuickPlayQPService.exe (ID: 2056 |ParentID: 1344)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 3308 |ParentID: 840)
Stoppé! C:Program FilesWindows DefenderMSASCui.exe (ID: 3460 |ParentID: 1344)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3172 |ParentID: 1344)
Stoppé! C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 3132 |ParentID: 1344)
Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3264 |ParentID: 1344)
Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 3260 |ParentID: 1344)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3672 |ParentID: 1344)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3688 |ParentID: 1344)
Stoppé! C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3544 |ParentID: 1344)
Stoppé! C:Program FilesSFRKit9props.exe (ID: 3628 |ParentID: 1344)
Stoppé! C:Program FilesSonySony PC CompanionPCCompanion.exe (ID: 3652 |ParentID: 1344)
Stoppé! C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 1628 |ParentID: 1344)
Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 3984 |ParentID: 652)
Stoppé! C:Program FilesSonySony PC CompanionPCCompanionInfo.exe (ID: 212 |ParentID: 3652)
Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 3240 |ParentID: 652)
Stoppé! C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 2200 |ParentID: 840)
Stoppé! C:Program FilesHPDigital ImagingbinhpqSTE08.exe (ID: 3640 |ParentID: 1628)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4392 |ParentID: 284)
Stoppé! C:Windowsnotepad.exe (ID: 3440 |ParentID: 5832)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5208 |ParentID: 1108)
Stoppé! C:Windowssystem32conime.exe (ID: 5488 |ParentID: 5168)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate26e3dfec-3be0-4999-aa0e-fc87b4b74fe9.exe /check
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program FilesSFRKit9props.exe” /trayicon
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Facebook Update] – “C:UsersJoAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Sony PC Companion] – “C:Program FilesSonySony PC CompanionPCCompanion.exe” /Background

################## | Recherche générique |

Supprimé! G:default-capability.lnk
Supprimé! G:customized-capability.lnk
Supprimé! G:.android_secure.lnk
Supprimé! G:.bookmark_thumb1.lnk
Supprimé! G:MoreExchange.lnk
Supprimé! G:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> G:iTunesHelper.vbe

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

################## | Listing |

[13/03/2013 – 19:25:47 | N | 23 Ko] – C:AdwCleaner[R1].txt
[13/03/2013 – 19:26:39 | N | 0 Ko] – C:AdwCleaner[S1].txt
[13/03/2013 – 19:43:58 | N | 22 Ko] – C:AdwCleaner[R2].txt
[13/03/2013 – 19:44:50 | N | 21 Ko] – C:AdwCleaner[S2].txt
[09/12/2013 – 16:10:57 | N | 13 Ko] – C:UsbFix [Clean 1] PC-DE-JO.txt
[09/12/2013 – 22:21:33 | A | 9 Ko] – C:UsbFix [Clean 2] PC-DE-JO.txt
[18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
[09/12/2013 – 17:22:46 | ASH | 3381432 Ko] – C:pagefile.sys
[09/12/2013 – 17:22:48 | ASH | 3075004 Ko] – C:hiberfil.sys
[04/10/2009 – 16:02:18 | D] – C:System.sav
[12/08/2013 – 11:49:09 | SHD] – C:$RECYCLE.BIN
[18/09/2006 – 22:43:36 | A | 0 Ko] – C:autoexec.bat
[02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
[21/01/2008 – 03:43:50 | D] – C:PerfLogs
[25/02/2009 – 03:52:49 | RHD] – C:MSOCache
[11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
[04/10/2009 – 16:01:44 | D] – C:HP
[04/10/2009 – 16:02:18 | D] – C:SwSetup
[13/03/2012 – 20:10:05 | D] – C:Users
[22/10/2012 – 20:27:00 | SHD] – C:boot
[28/10/2013 – 12:33:30 | D] – C:AdwCleaner
[08/12/2013 – 11:23:54 | D] – C:Program Files
[09/12/2013 – 15:21:14 | D] – C:Windows
[09/12/2013 – 17:33:26 | HD] – C:ProgramData
[09/12/2013 – 17:37:33 | D] – C:Configuration
[09/12/2013 – 20:34:51 | SHD] – C:System Volume Information
[09/12/2013 – 22:15:32 | D] – C:UsbFix
[12/09/2008 – 16:38:26 | SH | 146 Ko] – D:protect.turkish
[12/09/2008 – 16:38:10 | SH | 145 Ko] – D:protect.swedish
[12/09/2008 – 16:37:52 | SH | 144 Ko] – D:protect.spanish
[12/09/2008 – 16:37:32 | SH | 146 Ko] – D:protect.slovak
[12/09/2008 – 16:37:16 | SH | 145 Ko] – D:protect.russian
[15/09/2008 – 15:06:54 | N | 149 Ko] – D:protect.romanian
[04/10/2009 – 16:01:02 | N | 0 Ko] – D:BLOCK.RIN
[12/09/2008 – 16:36:58 | SH | 145 Ko] – D:protect.portuguese brazilian
[12/09/2008 – 16:36:42 | SH | 145 Ko] – D:protect.portuguese
[12/09/2008 – 16:36:24 | SH | 146 Ko] – D:protect.polish
[12/09/2008 – 16:36:08 | SH | 144 Ko] – D:protect.norwegian
[09/12/2013 – 17:23:04 | N | 0 Ko] – D:MASTER.LOG
[12/09/2008 – 16:35:50 | SH | 154 Ko] – D:protect.korean
[12/09/2008 – 16:35:32 | SH | 148 Ko] – D:protect.japanese
[12/09/2008 – 16:35:02 | SH | 144 Ko] – D:protect.italian
[09/12/2013 – 16:10:57 | RASHD] – D:Autorun.inf
[12/09/2008 – 16:34:40 | N | 145 Ko] – D:protect.hungarian
[10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
[12/09/2008 – 16:34:22 | SH | 151 Ko] – D:protect.hebrew
[12/09/2008 – 16:33:58 | SH | 149 Ko] – D:protect.greek
[12/09/2008 – 16:33:40 | SH | 144 Ko] – D:protect.german
[12/09/2008 – 16:33:20 | SH | 144 Ko] – D:protect.french
[12/09/2008 – 16:32:56 | SH | 145 Ko] – D:protect.finnish
[12/09/2008 – 16:32:38 | SH | 145 Ko] – D:protect.english
[12/09/2008 – 16:32:20 | N | 145 Ko] – D:protect.ed
[12/09/2008 – 16:32:00 | SH | 145 Ko] – D:protect.dutch
[12/09/2008 – 16:31:40 | SH | 145 Ko] – D:protect.danish
[12/09/2008 – 16:31:20 | SH | 146 Ko] – D:protect.czech
[12/09/2008 – 16:30:56 | SH | 146 Ko] – D:protect.chinese traditional
[12/09/2008 – 16:30:34 | SH | 147 Ko] – D:protect.chinese simplified
[12/09/2008 – 16:22:34 | SH | 146 Ko] – D:protect.chinese hong kong
[15/09/2008 – 15:06:26 | N | 148 Ko] – D:protect.bulgarian
[13/03/2012 – 20:12:22 | SHD] – D:$RECYCLE.BIN
[12/09/2008 – 16:18:34 | SH | 152 Ko] – D:protect.arabic
[03/10/2006 – 22:02:44 | SH | 428 Ko] – D:bootmgr
[26/05/2009 – 04:06:57 | RD] – D:RECOVERY
[26/05/2009 – 04:06:58 | RSHD] – D:boot
[26/05/2009 – 04:07:06 | D] – D:WINDOWS
[26/05/2009 – 04:07:06 | RSHD] – D:SOURCES
[26/05/2009 – 04:07:07 | RSHD] – D:PRELOAD
[26/05/2009 – 04:07:13 | D] – D:Tools
[26/05/2009 – 04:07:14 | D] – D:HP
[09/12/2013 – 20:35:13 | SHD] – D:System Volume Information
[09/12/2013 – 12:18:28 | N | 14 Ko] – G:default-capability.xml
[09/12/2013 – 12:18:28 | N | 0 Ko] – G:customized-capability.xml
[08/04/2011 – 09:55:34 | N | 72302 Ko | CD46511496D5A201B85D8EFFF1CD7FC4] – G:setup_3.0.5527.exe
[28/06/2013 – 09:55:24 | D] – G:LOST.DIR
[09/07/2012 – 13:38:20 | D] – G:.bookmark_thumb1
[18/09/2012 – 16:35:16 | D] – G:.android_secure
[06/01/1980 – 05:16:14 | D] – G:Android
[07/06/2012 – 18:33:06 | D] – G:Attachments
[18/06/2012 – 23:11:18 | D] – G:downloads
[07/08/2012 – 08:48:38 | D] – G:mp3download
[30/08/2012 – 16:47:44 | D] – G:MoreExchange
[30/08/2012 – 16:47:44 | D] – G:droidhen
[22/09/2012 – 00:19:12 | D] – G:media
[09/07/2013 – 19:28:40 | D] – G:CrashDump
[27/08/2013 – 09:43:52 | D] – G:data
[22/09/2013 – 16:33:42 | D] – G:MEDIAGO
[08/12/2013 – 01:21:08 | D] – G:DCIM
[08/12/2013 – 01:59:26 | D] – G:Pictures
[08/12/2013 – 01:59:34 | D] – G:image
[08/12/2013 – 01:59:56 | D] – G:download
[08/12/2013 – 01:59:56 | D] – G:bluetooth
[08/12/2013 – 01:59:56 | D] – G:Music

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:32ypcm00]

et le dernier par suppression via usbfix
[spoiler:32ypcm00]############################## | UsbFix V 7.153 | [Suppression]

Utilisateur: Jo (Administrateur) # PC-DE-JO
Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
Lancé à 22:30:59 | 09/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Quanta (3069)
CPU: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
RAM -> [Total : 3002 | Free : 1775]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 32.0.1700.41

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 223 Go (25 Go libre(s) – 11%) [] # NTFS
D: -> Disque fixe # 10 Go (1 Go libre(s) – 12%) [RECOVERY] # NTFS
E: -> CD-ROM
G: -> Disque amovible # 7 Go (6 Go libre(s) – 84%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1616 |ParentID: 652)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3688 |ParentID: 1344)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5496 |ParentID: 652)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 5084 |ParentID: 652)
Stoppé! C:Windowssystem32taskeng.exe (ID: 5632 |ParentID: 1124)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2652 |ParentID: 1124)
Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4912 |ParentID: 652)
Stoppé! C:Windowssystem32SLsvc.exe (ID: 4188 |ParentID: 652)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4784 |ParentID: 1108)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHPHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate26e3dfec-3be0-4999-aa0e-fc87b4b74fe9.exe /check
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program FilesSFRKit9props.exe” /trayicon
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Facebook Update] – “C:UsersJoAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-4014418277-1995924876-2796588854-1000SOFTWARE | Run : [Sony PC Companion] – “C:Program FilesSonySony PC CompanionPCCompanion.exe” /Background

################## | Recherche générique |

Supprimé! G:customized-capability.lnk
Supprimé! G:.android_secure.lnk
Supprimé! G:default-capability.lnk
Supprimé! G:.bookmark_thumb1.lnk
Supprimé! G:MoreExchange.lnk
Supprimé! G:rosie_scroll.lnk
Supprimé! G:MP3Downloads.lnk
Supprimé! G:SFRMonCompte.lnk
Supprimé! G:MesComptesBNP.lnk
Supprimé! G:iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> G:iTunesHelper.vbe

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

################## | Listing |

[13/03/2013 – 19:25:47 | N | 23 Ko] – C:AdwCleaner[R1].txt
[13/03/2013 – 19:26:39 | N | 0 Ko] – C:AdwCleaner[S1].txt
[13/03/2013 – 19:43:58 | N | 22 Ko] – C:AdwCleaner[R2].txt
[13/03/2013 – 19:44:50 | N | 21 Ko] – C:AdwCleaner[S2].txt
[09/12/2013 – 16:10:57 | N | 13 Ko] – C:UsbFix [Clean 1] PC-DE-JO.txt
[09/12/2013 – 22:21:36 | N | 13 Ko] – C:UsbFix [Clean 2] PC-DE-JO.txt
[09/12/2013 – 22:38:20 | A | 6 Ko] – C:UsbFix [Clean 3] PC-DE-JO.txt
[18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
[09/12/2013 – 17:22:46 | ASH | 3381432 Ko] – C:pagefile.sys
[09/12/2013 – 17:22:48 | ASH | 3075004 Ko] – C:hiberfil.sys
[04/10/2009 – 16:02:18 | D] – C:System.sav
[12/08/2013 – 11:49:09 | SHD] – C:$RECYCLE.BIN
[18/09/2006 – 22:43:36 | A | 0 Ko] – C:autoexec.bat
[02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
[21/01/2008 – 03:43:50 | D] – C:PerfLogs
[25/02/2009 – 03:52:49 | RHD] – C:MSOCache
[11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
[04/10/2009 – 16:01:44 | D] – C:HP
[04/10/2009 – 16:02:18 | D] – C:SwSetup
[13/03/2012 – 20:10:05 | D] – C:Users
[22/10/2012 – 20:27:00 | SHD] – C:boot
[28/10/2013 – 12:33:30 | D] – C:AdwCleaner
[08/12/2013 – 11:23:54 | D] – C:Program Files
[09/12/2013 – 15:21:14 | D] – C:Windows
[09/12/2013 – 17:33:26 | HD] – C:ProgramData
[09/12/2013 – 17:37:33 | D] – C:Configuration
[09/12/2013 – 20:34:51 | SHD] – C:System Volume Information
[09/12/2013 – 22:31:00 | D] – C:UsbFix
[12/09/2008 – 16:38:26 | SH | 146 Ko] – D:protect.turkish
[12/09/2008 – 16:38:10 | SH | 145 Ko] – D:protect.swedish
[12/09/2008 – 16:37:52 | SH | 144 Ko] – D:protect.spanish
[12/09/2008 – 16:37:32 | SH | 146 Ko] – D:protect.slovak
[12/09/2008 – 16:37:16 | SH | 145 Ko] – D:protect.russian
[15/09/2008 – 15:06:54 | N | 149 Ko] – D:protect.romanian
[04/10/2009 – 16:01:02 | N | 0 Ko] – D:BLOCK.RIN
[12/09/2008 – 16:36:58 | SH | 145 Ko] – D:protect.portuguese brazilian
[12/09/2008 – 16:36:42 | SH | 145 Ko] – D:protect.portuguese
[12/09/2008 – 16:36:24 | SH | 146 Ko] – D:protect.polish
[12/09/2008 – 16:36:08 | SH | 144 Ko] – D:protect.norwegian
[09/12/2013 – 17:23:04 | N | 0 Ko] – D:MASTER.LOG
[12/09/2008 – 16:35:50 | SH | 154 Ko] – D:protect.korean
[12/09/2008 – 16:35:32 | SH | 148 Ko] – D:protect.japanese
[12/09/2008 – 16:35:02 | SH | 144 Ko] – D:protect.italian
[09/12/2013 – 22:21:35 | RASHD] – D:Autorun.inf
[12/09/2008 – 16:34:40 | N | 145 Ko] – D:protect.hungarian
[10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
[12/09/2008 – 16:34:22 | SH | 151 Ko] – D:protect.hebrew
[12/09/2008 – 16:33:58 | SH | 149 Ko] – D:protect.greek
[12/09/2008 – 16:33:40 | SH | 144 Ko] – D:protect.german
[12/09/2008 – 16:33:20 | SH | 144 Ko] – D:protect.french
[12/09/2008 – 16:32:56 | SH | 145 Ko] – D:protect.finnish
[12/09/2008 – 16:32:38 | SH | 145 Ko] – D:protect.english
[12/09/2008 – 16:32:20 | N | 145 Ko] – D:protect.ed
[12/09/2008 – 16:32:00 | SH | 145 Ko] – D:protect.dutch
[12/09/2008 – 16:31:40 | SH | 145 Ko] – D:protect.danish
[12/09/2008 – 16:31:20 | SH | 146 Ko] – D:protect.czech
[12/09/2008 – 16:30:56 | SH | 146 Ko] – D:protect.chinese traditional
[12/09/2008 – 16:30:34 | SH | 147 Ko] – D:protect.chinese simplified
[12/09/2008 – 16:22:34 | SH | 146 Ko] – D:protect.chinese hong kong
[15/09/2008 – 15:06:26 | N | 148 Ko] – D:protect.bulgarian
[13/03/2012 – 20:12:22 | SHD] – D:$RECYCLE.BIN
[12/09/2008 – 16:18:34 | SH | 152 Ko] – D:protect.arabic
[03/10/2006 – 22:02:44 | SH | 428 Ko] – D:bootmgr
[26/05/2009 – 04:06:57 | RD] – D:RECOVERY
[26/05/2009 – 04:06:58 | RSHD] – D:boot
[26/05/2009 – 04:07:06 | D] – D:WINDOWS
[26/05/2009 – 04:07:06 | RSHD] – D:SOURCES
[26/05/2009 – 04:07:07 | RSHD] – D:PRELOAD
[26/05/2009 – 04:07:13 | D] – D:Tools
[26/05/2009 – 04:07:14 | D] – D:HP
[09/12/2013 – 20:35:13 | SHD] – D:System Volume Information
[08/12/2013 – 21:59:48 | N | 0 Ko] – G:customized-capability.xml
[08/12/2013 – 21:59:48 | N | 7 Ko] – G:default-capability.xml
[16/04/2013 – 15:58:18 | N | 0 Ko] – G:sim_SIM_00001.vcf
[16/04/2013 – 22:09:58 | N | 0 Ko] – G:sim_SIM_00002.vcf
[18/04/2013 – 16:02:22 | N | 0 Ko] – G:sim_SIM_00003.vcf
[18/04/2013 – 16:03:46 | N | 0 Ko] – G:sim_SIM_00004.vcf
[14/05/2013 – 18:37:24 | N | 1 Ko] – G:sim_SIM_00005.vcf
[21/05/2013 – 14:30:36 | N | 1 Ko] – G:sim_SIM_00006.vcf
[21/05/2013 – 14:30:50 | N | 0 Ko] – G:pcsc_pcsc_00001.vcf
[14/09/2013 – 11:01:24 | N | 2 Ko] – G:sim_SIM_00007.vcf
[14/09/2013 – 21:12:34 | D] – G:.mmsyscache
[29/12/2012 – 15:41:40 | D] – G:LOST.DIR
[22/08/2013 – 00:36:02 | D] – G:.bookmark_thumb1
[25/06/2013 – 00:48:10 | D] – G:.android_secure
[30/09/2012 – 13:17:56 | D] – G:Android
[15/11/2012 – 23:42:32 | D] – G:droidhen
[24/12/2012 – 18:49:18 | D] – G:media
[09/01/2013 – 20:22:08 | D] – G:downloads
[04/03/2013 – 19:02:12 | D] – G:MoreExchange
[04/03/2013 – 19:55:20 | D] – G:tapjoy
[18/03/2013 – 17:52:02 | D] – G:BlackBerry
[24/03/2013 – 11:32:26 | D] – G:rosie_scroll
[14/05/2013 – 23:56:02 | D] – G:zedge
[17/05/2013 – 22:55:42 | D] – G:ian
[15/06/2013 – 12:15:28 | D] – G:Music
[13/07/2013 – 07:10:02 | D] – G:viber
[01/08/2013 – 07:11:46 | D] – G:Ringtones
[23/08/2013 – 19:07:34 | D] – G:SFRMonCompte
[02/09/2013 – 06:50:44 | D] – G:simplemp3
[14/09/2013 – 11:21:50 | D] – G:data
[17/09/2013 – 09:15:32 | D] – G:MesComptesBNP
[10/10/2013 – 04:51:14 | D] – G:MP3Downloads
[11/10/2013 – 11:43:52 | D] – G:musicv2
[02/11/2013 – 14:33:22 | D] – G:bluetooth
[05/12/2013 – 20:50:04 | D] – G:MEDIAGO
[07/12/2013 – 10:44:16 | D] – G:Download
[09/12/2013 – 14:05:40 | D] – G:dcim

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:32ypcm00]

???
:thankU