Répondre à : Clé usb virus qui crée des raccroucis 2016-09-08T13:26:13+00:00
Benoit11
Participant
Post count: 9

voilà le 1er

############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: Mélodie (Administrateur) # MÉLODIE-PC
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 18:51:57 | 19/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Aspire 5560)
CPU: AMD A4-3305M APU with Radeon(tm) HD Graphics
RAM -> [Total : 7654 | Free : 5373]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 8.1 Professionnel (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | (!) Outdated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 682 Go (529 Go libre(s) – 78%) [ACER] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [USB MELODIE] # FAT32

################## | Processus Actif |

C:WINDOWSsystem32wininit.exe (ID: 656 |ParentID: 520)
C:WINDOWSsystem32lsass.exe (ID: 748 |ParentID: 656)
C:WINDOWSsystem32svchost.exe (ID: 812 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 856 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 980 |ParentID: 740)
C:WINDOWSsystem32atiesrxx.exe (ID: 1016 |ParentID: 740)
C:WINDOWSSystem32svchost.exe (ID: 308 |ParentID: 740)
C:WINDOWSSystem32svchost.exe (ID: 412 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 536 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 784 |ParentID: 740)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1332 |ParentID: 740)
C:WINDOWSSystem32spoolsv.exe (ID: 1584 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 1620 |ParentID: 740)
c:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1836 |ParentID: 740)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1852 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 1880 |ParentID: 740)
C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe (ID: 1916 |ParentID: 740)
C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 2024 |ParentID: 740)
C:WINDOWSsystem32dashost.exe (ID: 1080 |ParentID: 412)
C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID: 1456 |ParentID: 740)
C:Program Files (x86)GarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe (ID: 1404 |ParentID: 740)
C:Program Files (x86)AcerRegistrationGREGsvc.exe (ID: 2228 |ParentID: 740)
C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 2276 |ParentID: 740)
C:WINDOWSsystem32mqsvc.exe (ID: 2312 |ParentID: 740)
C:Program FilesCommon FilesNitroReader3.0NitroPDFReaderDriverService3x64.exe (ID: 2396 |ParentID: 740)
C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe (ID: 2480 |ParentID: 740)
C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID: 2500 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 2620 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 2648 |ParentID: 740)
C:WINDOWSMicrosoft.NETFramework64v4.0.30319SMSvcHost.exe (ID: 2824 |ParentID: 740)
C:WINDOWSMicrosoft.NETFramework64v4.0.30319SMSvcHost.exe (ID: 3280 |ParentID: 740)
C:Program FilesCOMODOCOMODO Internet Securitycavwp.exe (ID: 3444 |ParentID: 812)
C:WINDOWSsystem32svchost.exe (ID: 3552 |ParentID: 740)
C:WINDOWSsystem32svchost.exe (ID: 3604 |ParentID: 740)
C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe (ID: 1140 |ParentID: 740)
C:WINDOWSsystem32SearchIndexer.exe (ID: 2888 |ParentID: 740)
C:WINDOWSSystem32WinLogon.exe (ID: 5572 |ParentID: 7896)
C:WINDOWSSystem32dwm.exe (ID: 8016 |ParentID: 5572)
C:WINDOWSsystem32atieclxx.exe (ID: 5668 |ParentID: 1016)
C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 7220 |ParentID: 2024)
C:WINDOWSsystem32taskhostex.exe (ID: 1316 |ParentID: 536)
C:Program FilesCOMODOCOMODO Internet Securitycistray.exe (ID: 2616 |ParentID: 536)
C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweLiveComm.exe (ID: 5984 |ParentID: 812)
C:WindowsSystem32skydrive.exe (ID: 6540 |ParentID: 812)
C:WindowsSystem32RuntimeBroker.exe (ID: 7172 |ParentID: 812)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 6320 |ParentID: 1476)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 5248 |ParentID: 1476)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 1288 |ParentID: 3724)
C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 6988 |ParentID: 1476)
C:Program FilesCOMODOCOMODO Internet Securitycis.exe (ID: 5124 |ParentID: 2616)
C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID: 7872 |ParentID: 1476)
C:WINDOWSsystem32wbemwmiprvse.exe (ID: 832 |ParentID: 812)
C:WINDOWSsystem32wbemunsecapp.exe (ID: 6440 |ParentID: 812)
C:WINDOWSsystem32wbemwmiprvse.exe (ID: 5712 |ParentID: 812)
C:Program FilesCanonMyPrinterBJMYPRT.EXE (ID: 3456 |ParentID: 1476)
C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID: 4740 |ParentID: 1456)
C:Program Files (x86)SamsungKiesKies.exe (ID: 5244 |ParentID: 1476)
C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe (ID: 5952 |ParentID: 6416)
C:Dolby PCEE4pcee4.exe (ID: 6544 |ParentID: 6416)
C:Program Files (x86)Launch ManagerLManager.exe (ID: 6208 |ParentID: 6416)
C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID: 4552 |ParentID: 6208)
C:Program Files (x86)Launch ManagerLMworker.exe (ID: 4604 |ParentID: 2024)
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 6684 |ParentID: 6416)
C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 7988 |ParentID: 6416)
C:WindowsSystem32WWAHost.exe (ID: 5892 |ParentID: 812)
C:WINDOWSWinStoreWSHost.exe (ID: 6688 |ParentID: 812)
C:WindowsSystem32SettingSyncHost.exe (ID: 7760 |ParentID: 812)
C:WINDOWSexplorer.exe (ID: 2568 |ParentID: 5572)
C:WindowsSystem32WUDFHost.exe (ID: 4536 |ParentID: 412)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7716 |ParentID: 5576)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6712 |ParentID: 7716)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6188 |ParentID: 7716)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6268 |ParentID: 7716)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6380 |ParentID: 7716)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5680 |ParentID: 7716)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3740 |ParentID: 7716)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3232 |ParentID: 7716)
C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4476 |ParentID: 7716)
C:WINDOWSSysWOW64ctfmon.exe (ID: 4516 |ParentID: 7988)
C:WINDOWSsystem32SearchProtocolHost.exe (ID: 6708 |ParentID: 2888)
C:WINDOWSsystem32SearchFilterHost.exe (ID: 5044 |ParentID: 2888)
C:Program FilesCOMODOCOMODO Internet Securitycis.exe (ID: 2224 |ParentID: 2616)
C:UsbFixGo.exe (ID: 5896 |ParentID: 8056)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLMSOFTWARE | Run : [Dolby Advanced Audio v2] – “C:Dolby PCEE4pcee4.exe” -autostart
04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdateb7fd25dd-325c-4a45-9eaf-36d1b489195e.exe /check
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLMSOFTWAREwow6432Node | Run : [Dolby Advanced Audio v2] – “C:Dolby PCEE4pcee4.exe” -autostart
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdateb7fd25dd-325c-4a45-9eaf-36d1b489195e.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe Run
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [GarminExpressTrayApp] – “C:Program Files (x86)GarminExpress TrayExpressTray.exe”
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersMLODIE~1AppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [Berzerk] – wscript.exe //B “C:UsersMLODIE~1AppDataLocalTempBerzerk.vbe”
04 – HKUS-1-5-18SOFTWARE | Run : [EPSON Stylus SX200 Series] – C:WINDOWSsystem32spoolDRIVERSx643E_IATIEFE.EXE /FU “C:WINDOWSTEMPE_S26A1.tmp” /EF “HKCU”

################## | Recherche générique |

Présent! C:UsersMélodieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupBerzerk.vbe
Présent! C:UsersMLODIE~1AppDataLocalTempBerzerk.vbe
Présent! C:UsersMLODIE~1AppDataLocalTempiTunesHelper.vbe
Présent! E:Berzerk.vbe
Présent! E:System Volume Information.lnk
Présent! E:DSCN2634.lnk
Présent! C:UsersMLODIE~1AppDataLocalTempcatalyst_mobility_64-bit_util.exe.tmp

################## | Référence de comparaison MD5 |

Md5 : 07DEF108105F42A1529C298D8C109A82 -> C:UsersMélodieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupBerzerk.vbe
Md5 : 07DEF108105F42A1529C298D8C109A82 -> C:UsersMLODIE~1AppDataLocalTempBerzerk.vbe
Md5 : ADF61532A3CC325E33DD21B9B40DEC4A -> C:UsersMLODIE~1AppDataLocalTempiTunesHelper.vbe
Md5 : 07DEF108105F42A1529C298D8C109A82 -> E:Berzerk.vbe

################## | Comparaison MD5 |

Présent! Md5 : 07DEF108105F42A1529C298D8C109A82 -> C:UsersMélodieAppDataLocalTempBerzerk.vbe
Présent! Md5 : ADF61532A3CC325E33DD21B9B40DEC4A -> C:UsersMélodieAppDataLocalTempiTunesHelper.vbe
Présent! Md5 : 07DEF108105F42A1529C298D8C109A82 -> C:UsersMélodieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupBerzerk.vbe
Présent! Md5 : 07DEF108105F42A1529C298D8C109A82 -> E:Berzerk.vbe

################## | Registre |

Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyMusic -> 0
Présent! HKUS-1-5-21-190457762-3544485587-4066612957-1000SoftwareMicrosoftWindowsCurrentVersionRun|Berzerk
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Berzerk
Présent! HKUS-1-5-21-190457762-3544485587-4066612957-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

voilà le 2eme

############################## | UsbFix V 7.155 | [Suppression]

Utilisateur: Mélodie (Administrateur) # MÉLODIE-PC
Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
Lancé à 19:04:55 | 19/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Aspire 5560)
CPU: AMD A4-3305M APU with Radeon(tm) HD Graphics
RAM -> [Total : 7654 | Free : 5633]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 8.1 Professionnel (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | (!) Outdated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 682 Go (529 Go libre(s) – 78%) [ACER] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [USB MELODIE] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1332 |ParentID: 740)
Stoppé! C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 7988 |ParentID: 6416)
Stoppé! C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe (ID: 5092 |ParentID: 740)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7016 |ParentID: 412)
Stoppé! C:WINDOWSsystem32dashost.exe (ID: 7712 |ParentID: 412)
Stoppé! C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe (ID: 7484 |ParentID: 740)
Stoppé! C:Program FilesCOMODOCOMODO Internet Securitycavwp.exe (ID: 2444 |ParentID: 812)
Stoppé! C:WINDOWSSystem32spoolsv.exe (ID: 4080 |ParentID: 740)
Stoppé! C:WINDOWSsystem32SearchIndexer.exe (ID: 636 |ParentID: 740)
Stoppé! C:Program Files (x86)GarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe (ID: 7260 |ParentID: 740)
Stoppé! C:WINDOWSsystem32mqsvc.exe (ID: 4360 |ParentID: 740)
Stoppé! C:WINDOWSMicrosoft.NETFramework64v4.0.30319SMSvcHost.exe (ID: 4520 |ParentID: 740)
Stoppé! C:WINDOWSMicrosoft.NETFramework64v4.0.30319SMSvcHost.exe (ID: 5148 |ParentID: 740)
Stoppé! C:WINDOWSsystem32DllHost.exe (ID: 7288 |ParentID: 812)
Stoppé! C:WindowsSystem32skydrive.exe (ID: 1852 |ParentID: 812)
Stoppé! C:WindowsSystem32SettingSyncHost.exe (ID: 4316 |ParentID: 812)
Stoppé! C:WINDOWSSysWOW64NOTEPAD.EXE (ID: 4596 |ParentID: 5896)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7352 |ParentID: 6160)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5988 |ParentID: 7352)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4996 |ParentID: 7352)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7684 |ParentID: 7352)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7996 |ParentID: 7352)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7472 |ParentID: 7352)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6228 |ParentID: 7352)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3636 |ParentID: 7352)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7360 |ParentID: 7352)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLMSOFTWARE | Run : [Dolby Advanced Audio v2] – “C:Dolby PCEE4pcee4.exe” -autostart
04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdateb7fd25dd-325c-4a45-9eaf-36d1b489195e.exe /check
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLMSOFTWAREwow6432Node | Run : [Dolby Advanced Audio v2] – “C:Dolby PCEE4pcee4.exe” -autostart
04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdateb7fd25dd-325c-4a45-9eaf-36d1b489195e.exe /check
04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe Run
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [GarminExpressTrayApp] – “C:Program Files (x86)GarminExpress TrayExpressTray.exe”
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersMLODIE~1AppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-190457762-3544485587-4066612957-1000SOFTWARE | Run : [Berzerk] – wscript.exe //B “C:UsersMLODIE~1AppDataLocalTempBerzerk.vbe”
04 – HKUS-1-5-18SOFTWARE | Run : [EPSON Stylus SX200 Series] – C:WINDOWSsystem32spoolDRIVERSx643E_IATIEFE.EXE /FU “C:WINDOWSTEMPE_S26A1.tmp” /EF “HKCU”

################## | Recherche générique |

Supprimé! C:UsersMélodieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupBerzerk.vbe
Supprimé! C:UsersMLODIE~1AppDataLocalTempBerzerk.vbe
Supprimé! C:UsersMLODIE~1AppDataLocalTempiTunesHelper.vbe
Supprimé! E:Berzerk.vbe
Supprimé! E:System Volume Information.lnk
Supprimé! E:DSCN2634.lnk
Supprimé! C:UsersMLODIE~1AppDataLocalTempcatalyst_mobility_64-bit_util.exe.tmp

(!) Fichiers temporaires supprimés. (2 Ko)

################## | Référence de comparaison MD5 |

Md5 : 07DEF108105F42A1529C298D8C109A82 -> C:UsersMélodieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupBerzerk.vbe
Md5 : 07DEF108105F42A1529C298D8C109A82 -> C:UsersMLODIE~1AppDataLocalTempBerzerk.vbe
Md5 : ADF61532A3CC325E33DD21B9B40DEC4A -> C:UsersMLODIE~1AppDataLocalTempiTunesHelper.vbe
Md5 : 07DEF108105F42A1529C298D8C109A82 -> E:Berzerk.vbe

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyMusic -> 1
Supprimé! HKUS-1-5-21-190457762-3544485587-4066612957-1000SoftwareMicrosoftWindowsCurrentVersionRun|Berzerk
Supprimé! HKUS-1-5-21-190457762-3544485587-4066612957-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[19/12/2013 – 19:01:47 | N | 13 Ko] – C:UsbFix [Scan 1] MÉLODIE-PC.txt
[19/12/2013 – 19:11:12 | A | 8 Ko] – C:UsbFix [Clean 2] MÉLODIE-PC.txt
[15/12/2013 – 13:06:21 | ASH | 5878352 Ko] – C:hiberfil.sys
[15/12/2013 – 13:06:26 | ASH | 7864320 Ko] – C:pagefile.sys
[15/12/2013 – 13:06:27 | ASH | 262144 Ko] – C:swapfile.sys
[18/11/2011 – 07:09:37 | N | 3 Ko] – C:Patch.rev
[10/07/2012 – 10:36:39 | N | 0 Ko] – C:Preload.rev
[11/12/2013 – 12:59:38 | SHD] – C:$Recycle.Bin
[15/02/2011 – 01:54:06 | N | 8 Ko] – C:BOOTSECT.BAK
[21/11/2010 – 04:23:51 | RASH | 375 Ko] – C:bootmgr
[27/12/2011 – 03:00:51 | D] – C:Dolby PCEE4
[27/12/2011 – 03:13:25 | D] – C:BOOK
[10/07/2012 – 10:38:36 | D] – C:OEM
[10/07/2012 – 10:38:38 | DC] – C:elements
[10/11/2012 – 11:11:43 | D] – C:ESD
[13/11/2012 – 22:30:15 | D] – C:AMD
[18/06/2013 – 13:18:29 | N | 0 Ko] – C:BOOTNXT
[22/08/2013 – 15:45:52 | SHD] – C:Documents and Settings
[22/08/2013 – 16:22:35 | D] – C:PerfLogs
[17/10/2013 – 21:21:07 | SHD] – C:Recovery
[17/10/2013 – 21:35:39 | D] – C:inetpub
[17/10/2013 – 21:36:00 | D] – C:Users
[24/11/2013 – 10:26:03 | HD] – C:ProgramData
[14/12/2013 – 17:32:44 | D] – C:Program Files (x86)
[15/12/2013 – 13:10:18 | D] – C:Windows
[18/12/2013 – 17:55:14 | SHD] – C:System Volume Information
[19/12/2013 – 17:59:27 | N | 0 Ko] – C:END
[19/12/2013 – 18:00:04 | D] – C:Program Files
[19/12/2013 – 19:10:59 | D] – C:UsbFix
[19/12/2013 – 18:51:06 | N | 0 Ko] – E:DSCN2635.lnk
[04/05/2013 – 12:56:28 | N | 1238 Ko] – E:DSCN2635.JPG
[19/12/2013 – 19:01:48 | RASHD] – E:Autorun.inf
[04/05/2013 – 12:56:08 | N | 4128 Ko] – E:DSCN2634.AVI
[19/12/2013 – 17:20:20 | SHD] – E:System Volume Information

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Voilà j’ai fait celà mais dans le tuto en image il y a la suite après la suppression dois-je la faire ? :)