Répondre à : Besoin d’aide pour une désinfection :) 2016-09-08T13:38:50+00:00
Veto666
Participant
Nombre d'articles : 5

Voilà, il vient de finir pour le shortcutmodule, ça a pris pas mal de temps et visiblement j’ai pas mal de fichiers infectés :(

1) USBfix
a) report

Spoiler for 2928glgq

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Robin (Administrateur) # ROBIN-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 18:15:37 | 05/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (K73BR)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 4076 Mo| Free : 2753 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17041
WB: Google Chrome : 15.0.874.120
WB: Mozilla Firefox : 29.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: Spybot – Search and Destroy [(!) Disabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: avast! Antivirus [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 300 Go (159 Go libre(s) – 53%) [OS] # NTFS
D: -> Disque fixe # 373 Go (227 Go libre(s) – 61%) [DATA] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 4 Go (1 Go libre(s) – 34%) [KINGSTON] # FAT32
I: -> Disque fixe # 443 Go (281 Go libre(s) – 63%) [Disque ext] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 464 |ParentID: 452)
C:Windowssystem32wininit.exe (ID: 548 |ParentID: 452)
C:Windowssystem32csrss.exe (ID: 560 |ParentID: 540)
C:Windowssystem32services.exe (ID: 604 |ParentID: 548)
C:Windowssystem32lsass.exe (ID: 620 |ParentID: 548)
C:Windowssystem32lsm.exe (ID: 628 |ParentID: 548)
C:Windowssystem32winlogon.exe (ID: 664 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 788 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 884 |ParentID: 604)
C:Windowssystem32atiesrxx.exe (ID: 932 |ParentID: 604)
C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 604)
C:WindowsSystem32svchost.exe (ID: 404 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 392 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 564 |ParentID: 604)
C:Windowssystem32atieclxx.exe (ID: 1120 |ParentID: 932)
C:Windowssystem32svchost.exe (ID: 1172 |ParentID: 604)
C:Windowssystem32FBAgent.exe (ID: 1276 |ParentID: 604)
C:Windowssystem32WLANExt.exe (ID: 1284 |ParentID: 404)
C:Windowssystem32conhost.exe (ID: 1296 |ParentID: 464)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1316 |ParentID: 604)
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1456 |ParentID: 604)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1492 |ParentID: 604)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1712 |ParentID: 1316)
C:Windowssystem32Dwm.exe (ID: 1812 |ParentID: 404)
C:WindowsSystem32spoolsv.exe (ID: 1844 |ParentID: 604)
C:Windowssystem32taskeng.exe (ID: 1852 |ParentID: 564)
C:WindowsExplorer.EXE (ID: 1872 |ParentID: 1780)
C:Windowssystem32taskhost.exe (ID: 1900 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 1928 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 2012 |ParentID: 604)
C:WindowsSystem32lpksetup.exe (ID: 2020 |ParentID: 1852)
C:Windowssystem32runonce.exe (ID: 1104 |ParentID: 1872)
C:WindowsSysWOW64runonce.exe (ID: 1536 |ParentID: 1104)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1352 |ParentID: 604)
C:Program Files (x86)ASUSSplendidACMON.exe (ID: 1672 |ParentID: 1276)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1940 |ParentID: 604)
C:Windowssystem32lpksetup.exe (ID: 2052 |ParentID: 788)
C:Program Filesma-config.comMaConfigAgent.exe (ID: 2108 |ParentID: 604)
C:WindowsSysWOW64ACEngSvr.exe (ID: 2188 |ParentID: 788)
C:Windowssystem32taskeng.exe (ID: 2236 |ParentID: 564)
C:Program FilesASUSP4GBatteryLife.exe (ID: 2276 |ParentID: 2236)
C:Program Files (x86)ASUSFaceLogonsensorsrv.exe (ID: 2296 |ParentID: 2236)
C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe (ID: 2304 |ParentID: 1276)
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2316 |ParentID: 2236)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 2336 |ParentID: 1852)
C:DESKTOPMalwarebytes Anti-Malwarembamscheduler.exe (ID: 2456 |ParentID: 604)
C:WindowsAsScrPro.exe (ID: 2520 |ParentID: 1276)
C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 2700 |ParentID: 1276)
C:DESKTOPMalwarebytes Anti-Malwarembamservice.exe (ID: 2832 |ParentID: 604)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2852 |ParentID: 1276)
C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe (ID: 2936 |ParentID: 604)
C:DESKTOPMalwarebytes Anti-Malwarembam.exe (ID: 3040 |ParentID: 2832)
C:Program Files (x86)SkypeUpdaterUpdater.exe (ID: 3232 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 3256 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 3292 |ParentID: 604)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3340 |ParentID: 604)
C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe (ID: 3384 |ParentID: 604)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3612 |ParentID: 3340)
C:Windowssystem32wbemwmiprvse.exe (ID: 3788 |ParentID: 788)
C:Windowssystem32wbemwmiprvse.exe (ID: 3932 |ParentID: 788)
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 3980 |ParentID: 1712)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 3468 |ParentID: 1712)
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 3592 |ParentID: 1712)
C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe (ID: 3992 |ParentID: 604)

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{507146b0-8231-11e3-a5f3-10bf4858fc03}
Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{7e87e7b9-23fa-11e2-8112-10bf4858fc03}
Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{ea262bde-f728-11e1-b001-10bf4858fc03}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKCU..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe
04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [Philips Device Listener] “C:Program Files (x86)PhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..Run : [SDTray] “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[04/11/2012 – 11:01:09 | SHD] – C:$Recycle.Bin
[05/05/2014 – 15:06:37 | D] – C:AdwCleaner
[24/02/2012 – 04:50:52 | D] – C:AsusVibeData
[29/07/2009 – 08:03:34 | SHD] – C:Boot
[14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
[29/07/2009 – 08:03:37 | RASH | 8 Ko] – C:BOOTSECT.BAK
[05/05/2014 – 15:22:36 | D] – C:DESKTOP
[21/01/2013 – 21:50:06 | D] – C:Diablo
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[11/05/2012 – 20:18:48 | D] – C:eSupport
[18/05/2013 – 18:17:07 | D] – C:Games
[05/05/2014 – 18:13:44 | ASH | 3130140 Ko] – C:hiberfil.sys
[05/03/2012 – 04:42:23 | N | 2048 Ko] – C:K43BR.BIN
[13/09/2012 – 13:27:54 | RHD] – C:MSOCache
[05/05/2014 – 18:13:44 | ASH | 4173520 Ko] – C:pagefile.sys
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[21/01/2014 – 12:29:15 | D] – C:Philips
[05/05/2014 – 15:42:16 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[21/01/2014 – 12:33:08 | D] – C:Program Files
[05/05/2014 – 15:35:48 | D] – C:Program Files (x86)
[05/05/2014 – 15:22:36 | HD] – C:ProgramData
[14/07/2012 – 12:05:47 | SHD] – C:Recovery
[02/05/2014 – 23:10:12 | SHD] – C:System Volume Information
[05/05/2014 – 18:10:30 | D] – C:UsbFix
[05/05/2014 – 18:18:24 | A | 10 Ko | A3CABAD3B018D7A0798BED387F4487EF] – C:UsbFix [Clean 2] ROBIN-PC.txt
[14/07/2012 – 12:07:24 | D] – C:Users
[29/04/2014 – 06:48:26 | D] – C:Windows
[14/07/2012 – 12:13:23 | SHD] – D:$RECYCLE.BIN
[03/12/2012 – 00:03:20 | D] – D:FFOutput
[05/05/2014 – 15:40:18 | D] – D:Films
[15/07/2012 – 04:09:05 | SHD] – D:System Volume Information
[08/08/2012 – 07:35:08 | D] – D:Theme Hospital
[15/01/2014 – 12:16:12 | SHD] – G:System Volume Information
[22/01/2014 – 02:40:30 | AH | 4 Ko] – G:._.Trashes
[28/03/2014 – 22:41:46 | D] – G:Films Baptême
[14/01/2014 – 20:25:20 | N | 3145 Ko] – G:Radio robin.doc
[22/01/2014 – 02:40:30 | HD] – G:.Trashes
[22/01/2014 – 02:40:30 | HD] – G:.Spotlight-V100
[06/03/2014 – 01:12:08 | N | 217 Ko] – G:RyanairBoardingPass.pdf
[15/01/2014 – 12:14:36 | D] – G:A imprimer
[21/03/2014 – 19:50:12 | D] – G:films
[14/05/2013 – 21:54:26 | N | 49 Ko] – G:Cemespo.pdf
[15/01/2014 – 13:04:44 | D] – G:MIPA
[15/01/2014 – 13:05:06 | D] – G:porcine
[14/02/2013 – 19:58:18 | N | 456 Ko] – G:carnet clinique anesthesie equine.pdf
[04/06/2013 – 12:41:40 | N | 5750 Ko] – G:REPONSES TUYAUX -CHIEQ.doc
[06/01/2014 – 15:56:32 | D] – G:Anesthésio
[03/05/2013 – 17:09:10 | D] – G:non utilisés pour TFE 2DOC
[04/05/2013 – 01:00:28 | D] – G:TFE
[03/03/2013 – 23:29:08 | N | 13095 Ko] – G:Boiteries-MM_HG_VF_120828-lo.pdf
[03/03/2013 – 23:32:10 | N | 10562 Ko] – G:CarnetClinique2011_GRAND.pdf
[10/01/2013 – 14:40:40 | N | 36 Ko] – G:OGA 60VF.docx
[14/02/2013 – 19:58:50 | N | 1252 Ko] – G:propedeutiqueboiteries_cv2012(1).pdf
[27/01/2014 – 01:11:58 | D] – G:tuyaux 3DOC
[08/12/2013 – 17:35:56 | D] – G:OPA
[11/04/2010 – 17:51:04 | D] – I:Recycled
[11/04/2010 – 17:51:04 | SHD] – I:System Volume Information
[11/04/2010 – 21:43:28 | D] – I:WBFS (copie d'un iso sur DD externe)
[02/11/2013 – 22:34:22 | AH | 4 Ko] – I:._.Trashes
[02/11/2013 – 22:34:22 | HD] – I:.Trashes
[11/04/2010 – 21:44:22 | D] – I:Dump
[02/11/2013 – 22:34:22 | HD] – I:.fseventsd
[02/11/2013 – 22:34:24 | HD] – I:.Spotlight-V100
[11/04/2010 – 21:48:50 | N | 15 Ko] – I:Explications détaillées.docx
[11/04/2010 – 21:49:16 | D] – I:Carte SD
[23/04/2010 – 14:33:08 | SHD] – I:$RECYCLE.BIN
[23/04/2010 – 14:33:06 | D] – I:Films
[03/05/2014 – 11:37:54 | D] – I:cours gmv3
[14/04/2014 – 21:40:18 | D] – I:GMV2 cours rédigé ana
[03/05/2014 – 13:51:50 | D] – I:Cours 3eme Doc

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2928glgq]

b) clean2 (il est possible que ce soit moi qui ai créé un deuxième rapport sans le vouloir)

Spoiler for 2928glgq

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Robin (Administrateur) # ROBIN-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 18:15:37 | 05/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (K73BR)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 4076 Mo| Free : 2753 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17041
WB: Google Chrome : 15.0.874.120
WB: Mozilla Firefox : 29.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: Spybot – Search and Destroy [(!) Disabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: avast! Antivirus [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C: (%systemdrive%) -> Disque fixe # 300 Go (159 Go libre(s) – 53%) [OS] # NTFS
D: -> Disque fixe # 373 Go (227 Go libre(s) – 61%) [DATA] # NTFS
E: -> CD-ROM
F: -> CD-ROM
G: -> Disque amovible # 4 Go (1 Go libre(s) – 34%) [KINGSTON] # FAT32
I: -> Disque fixe # 443 Go (281 Go libre(s) – 63%) [Disque ext] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 464 |ParentID: 452)
C:Windowssystem32wininit.exe (ID: 548 |ParentID: 452)
C:Windowssystem32csrss.exe (ID: 560 |ParentID: 540)
C:Windowssystem32services.exe (ID: 604 |ParentID: 548)
C:Windowssystem32lsass.exe (ID: 620 |ParentID: 548)
C:Windowssystem32lsm.exe (ID: 628 |ParentID: 548)
C:Windowssystem32winlogon.exe (ID: 664 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 788 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 884 |ParentID: 604)
C:Windowssystem32atiesrxx.exe (ID: 932 |ParentID: 604)
C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 604)
C:WindowsSystem32svchost.exe (ID: 404 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 392 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 564 |ParentID: 604)
C:Windowssystem32atieclxx.exe (ID: 1120 |ParentID: 932)
C:Windowssystem32svchost.exe (ID: 1172 |ParentID: 604)
C:Windowssystem32FBAgent.exe (ID: 1276 |ParentID: 604)
C:Windowssystem32WLANExt.exe (ID: 1284 |ParentID: 404)
C:Windowssystem32conhost.exe (ID: 1296 |ParentID: 464)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1316 |ParentID: 604)
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1456 |ParentID: 604)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1492 |ParentID: 604)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1712 |ParentID: 1316)
C:Windowssystem32Dwm.exe (ID: 1812 |ParentID: 404)
C:WindowsSystem32spoolsv.exe (ID: 1844 |ParentID: 604)
C:Windowssystem32taskeng.exe (ID: 1852 |ParentID: 564)
C:WindowsExplorer.EXE (ID: 1872 |ParentID: 1780)
C:Windowssystem32taskhost.exe (ID: 1900 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 1928 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 2012 |ParentID: 604)
C:WindowsSystem32lpksetup.exe (ID: 2020 |ParentID: 1852)
C:Windowssystem32runonce.exe (ID: 1104 |ParentID: 1872)
C:WindowsSysWOW64runonce.exe (ID: 1536 |ParentID: 1104)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1352 |ParentID: 604)
C:Program Files (x86)ASUSSplendidACMON.exe (ID: 1672 |ParentID: 1276)
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1940 |ParentID: 604)
C:Windowssystem32lpksetup.exe (ID: 2052 |ParentID: 788)
C:Program Filesma-config.comMaConfigAgent.exe (ID: 2108 |ParentID: 604)
C:WindowsSysWOW64ACEngSvr.exe (ID: 2188 |ParentID: 788)
C:Windowssystem32taskeng.exe (ID: 2236 |ParentID: 564)
C:Program FilesASUSP4GBatteryLife.exe (ID: 2276 |ParentID: 2236)
C:Program Files (x86)ASUSFaceLogonsensorsrv.exe (ID: 2296 |ParentID: 2236)
C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe (ID: 2304 |ParentID: 1276)
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2316 |ParentID: 2236)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 2336 |ParentID: 1852)
C:DESKTOPMalwarebytes Anti-Malwarembamscheduler.exe (ID: 2456 |ParentID: 604)
C:WindowsAsScrPro.exe (ID: 2520 |ParentID: 1276)
C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 2700 |ParentID: 1276)
C:DESKTOPMalwarebytes Anti-Malwarembamservice.exe (ID: 2832 |ParentID: 604)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2852 |ParentID: 1276)
C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe (ID: 2936 |ParentID: 604)
C:DESKTOPMalwarebytes Anti-Malwarembam.exe (ID: 3040 |ParentID: 2832)
C:Program Files (x86)SkypeUpdaterUpdater.exe (ID: 3232 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 3256 |ParentID: 604)
C:Windowssystem32svchost.exe (ID: 3292 |ParentID: 604)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3340 |ParentID: 604)
C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe (ID: 3384 |ParentID: 604)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3612 |ParentID: 3340)
C:Windowssystem32wbemwmiprvse.exe (ID: 3788 |ParentID: 788)
C:Windowssystem32wbemwmiprvse.exe (ID: 3932 |ParentID: 788)
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 3980 |ParentID: 1712)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 3468 |ParentID: 1712)
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 3592 |ParentID: 1712)
C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe (ID: 3992 |ParentID: 604)

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{507146b0-8231-11e3-a5f3-10bf4858fc03}
Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{7e87e7b9-23fa-11e2-8112-10bf4858fc03}
Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{ea262bde-f728-11e1-b001-10bf4858fc03}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKCU..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe
04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLM..Run : [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [Philips Device Listener] “C:Program Files (x86)PhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..Run : [SDTray] “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[04/11/2012 – 11:01:09 | SHD] – C:$Recycle.Bin
[05/05/2014 – 15:06:37 | D] – C:AdwCleaner
[24/02/2012 – 04:50:52 | D] – C:AsusVibeData
[29/07/2009 – 08:03:34 | SHD] – C:Boot
[14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
[29/07/2009 – 08:03:37 | RASH | 8 Ko] – C:BOOTSECT.BAK
[05/05/2014 – 15:22:36 | D] – C:DESKTOP
[21/01/2013 – 21:50:06 | D] – C:Diablo
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[11/05/2012 – 20:18:48 | D] – C:eSupport
[18/05/2013 – 18:17:07 | D] – C:Games
[05/05/2014 – 18:13:44 | ASH | 3130140 Ko] – C:hiberfil.sys
[05/03/2012 – 04:42:23 | N | 2048 Ko] – C:K43BR.BIN
[13/09/2012 – 13:27:54 | RHD] – C:MSOCache
[05/05/2014 – 18:13:44 | ASH | 4173520 Ko] – C:pagefile.sys
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[21/01/2014 – 12:29:15 | D] – C:Philips
[05/05/2014 – 15:42:16 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
[21/01/2014 – 12:33:08 | D] – C:Program Files
[05/05/2014 – 15:35:48 | D] – C:Program Files (x86)
[05/05/2014 – 15:22:36 | HD] – C:ProgramData
[14/07/2012 – 12:05:47 | SHD] – C:Recovery
[02/05/2014 – 23:10:12 | SHD] – C:System Volume Information
[05/05/2014 – 18:10:30 | D] – C:UsbFix
[05/05/2014 – 18:18:24 | A | 10 Ko | A3CABAD3B018D7A0798BED387F4487EF] – C:UsbFix [Clean 2] ROBIN-PC.txt
[14/07/2012 – 12:07:24 | D] – C:Users
[29/04/2014 – 06:48:26 | D] – C:Windows
[14/07/2012 – 12:13:23 | SHD] – D:$RECYCLE.BIN
[03/12/2012 – 00:03:20 | D] – D:FFOutput
[05/05/2014 – 15:40:18 | D] – D:Films
[15/07/2012 – 04:09:05 | SHD] – D:System Volume Information
[08/08/2012 – 07:35:08 | D] – D:Theme Hospital
[15/01/2014 – 12:16:12 | SHD] – G:System Volume Information
[22/01/2014 – 02:40:30 | AH | 4 Ko] – G:._.Trashes
[28/03/2014 – 22:41:46 | D] – G:Films Baptême
[14/01/2014 – 20:25:20 | N | 3145 Ko] – G:Radio robin.doc
[22/01/2014 – 02:40:30 | HD] – G:.Trashes
[22/01/2014 – 02:40:30 | HD] – G:.Spotlight-V100
[06/03/2014 – 01:12:08 | N | 217 Ko] – G:RyanairBoardingPass.pdf
[15/01/2014 – 12:14:36 | D] – G:A imprimer
[21/03/2014 – 19:50:12 | D] – G:films
[14/05/2013 – 21:54:26 | N | 49 Ko] – G:Cemespo.pdf
[15/01/2014 – 13:04:44 | D] – G:MIPA
[15/01/2014 – 13:05:06 | D] – G:porcine
[14/02/2013 – 19:58:18 | N | 456 Ko] – G:carnet clinique anesthesie equine.pdf
[04/06/2013 – 12:41:40 | N | 5750 Ko] – G:REPONSES TUYAUX -CHIEQ.doc
[06/01/2014 – 15:56:32 | D] – G:Anesthésio
[03/05/2013 – 17:09:10 | D] – G:non utilisés pour TFE 2DOC
[04/05/2013 – 01:00:28 | D] – G:TFE
[03/03/2013 – 23:29:08 | N | 13095 Ko] – G:Boiteries-MM_HG_VF_120828-lo.pdf
[03/03/2013 – 23:32:10 | N | 10562 Ko] – G:CarnetClinique2011_GRAND.pdf
[10/01/2013 – 14:40:40 | N | 36 Ko] – G:OGA 60VF.docx
[14/02/2013 – 19:58:50 | N | 1252 Ko] – G:propedeutiqueboiteries_cv2012(1).pdf
[27/01/2014 – 01:11:58 | D] – G:tuyaux 3DOC
[08/12/2013 – 17:35:56 | D] – G:OPA
[11/04/2010 – 17:51:04 | D] – I:Recycled
[11/04/2010 – 17:51:04 | SHD] – I:System Volume Information
[11/04/2010 – 21:43:28 | D] – I:WBFS (copie d'un iso sur DD externe)
[02/11/2013 – 22:34:22 | AH | 4 Ko] – I:._.Trashes
[02/11/2013 – 22:34:22 | HD] – I:.Trashes
[11/04/2010 – 21:44:22 | D] – I:Dump
[02/11/2013 – 22:34:22 | HD] – I:.fseventsd
[02/11/2013 – 22:34:24 | HD] – I:.Spotlight-V100
[11/04/2010 – 21:48:50 | N | 15 Ko] – I:Explications détaillées.docx
[11/04/2010 – 21:49:16 | D] – I:Carte SD
[23/04/2010 – 14:33:08 | SHD] – I:$RECYCLE.BIN
[23/04/2010 – 14:33:06 | D] – I:Films
[03/05/2014 – 11:37:54 | D] – I:cours gmv3
[14/04/2014 – 21:40:18 | D] – I:GMV2 cours rédigé ana
[03/05/2014 – 13:51:50 | D] – I:Cours 3eme Doc

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2928glgq]

2) Shortcut Module –> https://antimalware.top/www/?a=d&i=APs2xCilED” onclick=”window.open(this.href);return false;

J’espère ne pas avoir fais d’erreur :) Merci pour ton temps !

Véto666