Comment savoir si mon disque dur externe est clean? Résolu/Fermé

Question

Bonjour, 

J'aimerais savoir si mon disque dur n'a vraiment aucun virus, pour pouvoir le brancher sur mon nouvel ordi. En 2011 le pc que j'utilisais a chopé pas mal de virus dont un certain Win32:Cutwail-AP[Rtk] et ce disque dur a été connecté à cet ordi. Je n'y ai pas touché depuis par peur du méchant virus mais j'ai quand même pas mal de documents / photos dessus que j'aimerais récupérer. Sauriez-vous m'aider à vérifier au maximum sa santé? 
merci beacoup!

anju

Utilisateur anonyme · Answer

bonjour,

*	Télécharge USBFIX sur ton bureau (de El Desaparecido)



 http://general-changelog-team.fr/fr/downloads/viewdownload/15-outils-de-el-desaparecido/79-usbfix




/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 

- Double-clique sur l'icône Usbfix située sur ton Bureau. 
- Sur la page, clique sur le bouton : 
« Recherche » 

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir 
- puis clique sur OK 
- Laisse travailler l'outil. 
- Poste le rapport qui apparaît à la fin. 
le rapport se trouve sur C:\UsbFix [Scan 1] NOM-************.txt 
Note : A la fin de l'option nettoyage, il est recommandé de redémarrer le pc
Note : A la fin de l'option nettoyage, il est recommandé de redémarrer le pc

anju · Answer

merci beaucoup, 
faut-il que j'execute usbfix avant ou après avoir désactivé l'antivirus?

Utilisateur anonyme · Answer

désactive ton antivirus, puis exécute usbfix en mode recherche seulement, on verra s'il y a des infections, ou pas !  :-)

anju · Answer

C'est fait, voici le rapport : 

############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: Anju (Administrateur) # ANJU-PC
Mis à jour le 16/12/2013 par El Desaparecido - Team SosVirus
Lancé à 11:33:13 | 24/12/2013

Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (N53SV)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 4001 | Free : 1941]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 279 Go (112 Go libre(s) - 40%) [OS] # NTFS
D:\ -> Disque fixe # 394 Go (379 Go libre(s) - 96%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 233 Go (24 Go libre(s) - 10%) [PIPOUNETTE] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 536 |ParentID: 488)
C:\Windows\system32\csrss.exe (ID: 656 |ParentID: 648)
C:\Windows\system32\wininit.exe (ID: 664 |ParentID: 488)
C:\Windows\system32\winlogon.exe (ID: 704 |ParentID: 648)
C:\Windows\system32\services.exe (ID: 760 |ParentID: 664)
C:\Windows\system32\lsass.exe (ID: 768 |ParentID: 664)
C:\Windows\system32\lsm.exe (ID: 780 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 868 |ParentID: 760)
C:\Windows\system32
vvsvc.exe (ID: 944 |ParentID: 760)
C:\Windows\system32\svchost.exe (ID: 984 |ParentID: 760)
C:\Windows\System32\svchost.exe (ID: 440 |ParentID: 760)
C:\Windows\System32\svchost.exe (ID: 552 |ParentID: 760)
C:\Windows\system32\svchost.exe (ID: 660 |ParentID: 760)
C:\Windows\system32\svchost.exe (ID: 448 |ParentID: 760)
C:\Windows\system32\svchost.exe (ID: 1180 |ParentID: 760)
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (ID: 1292 |ParentID: 944)
C:\Windows\system32
vvsvc.exe (ID: 1304 |ParentID: 944)
C:\Windows\system32\FBAgent.exe (ID: 1328 |ParentID: 760)
C:\Windows\system32\WLANExt.exe (ID: 1348 |ParentID: 552)
C:\Windows\system32\conhost.exe (ID: 1368 |ParentID: 536)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1388 |ParentID: 760)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1532 |ParentID: 760)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1572 |ParentID: 760)
C:\Windows\system32\Dwm.exe (ID: 1708 |ParentID: 552)
C:\Windows\Explorer.EXE (ID: 1744 |ParentID: 1688)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 1792 |ParentID: 1388)
C:\Windows\AsScrPro.exe (ID: 1956 |ParentID: 1328)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 2028 |ParentID: 1328)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1200 |ParentID: 1328)
C:\Windows\System32\igfxtray.exe (ID: 2496 |ParentID: 1744)
C:\Windows\System32\hkcmd.exe (ID: 2572 |ParentID: 1744)
C:\Windows\System32\igfxpers.exe (ID: 2624 |ParentID: 1744)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 2680 |ParentID: 1744)
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 2708 |ParentID: 1744)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 2720 |ParentID: 1744)
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ID: 2816 |ParentID: 1744)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 2892 |ParentID: 2680)
C:\Windows\vsnp2uvc.exe (ID: 2900 |ParentID: 1744)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 2976 |ParentID: 1744)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 3028 |ParentID: 1744)
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (ID: 1568 |ParentID: 1744)
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 1592 |ParentID: 1744)
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (ID: 956 |ParentID: 648)
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (ID: 2920 |ParentID: 648)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 2552 |ParentID: 648)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID: 976 |ParentID: 648)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID: 2412 |ParentID: 648)
C:\Users\Anju\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 2832 |ParentID: 1744)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 2528 |ParentID: 648)
C:\ExpressGateUtil\VAWinAgent.exe (ID: 408 |ParentID: 648)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 2772 |ParentID: 648)
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (ID: 3100 |ParentID: 1568)
C:\Windows\system32\DllHost.exe (ID: 3524 |ParentID: 868)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3192 |ParentID: 648)
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (ID: 3176 |ParentID: 648)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 3308 |ParentID: 648)
C:\Program Files (x86)\OfferBox\OfferBox.exe (ID: 3320 |ParentID: 648)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 1872 |ParentID: 648)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3596 |ParentID: 648)
C:\Program Files (x86)\OfferBox\OfferBoxHTTPProxy.exe (ID: 3720 |ParentID: 3320)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 3736 |ParentID: 648)
C:\Windows\System32\spoolsv.exe (ID: 3064 |ParentID: 760)
C:\Windows\system32\svchost.exe (ID: 3984 |ParentID: 760)
C:\Windows\system32	askhost.exe (ID: 1380 |ParentID: 760)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2764 |ParentID: 760)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 4112 |ParentID: 760)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 4192 |ParentID: 760)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 4256 |ParentID: 760)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 4388 |ParentID: 760)
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (ID: 4428 |ParentID: 760)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 4536 |ParentID: 760)
C:\Windows\system32	askeng.exe (ID: 4624 |ParentID: 448)
C:\Windows\system32\svchost.exe (ID: 4692 |ParentID: 760)
C:\Program Files\P4G\BatteryLife.exe (ID: 4728 |ParentID: 4624)
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (ID: 4780 |ParentID: 760)
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 4816 |ParentID: 4624)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID: 4824 |ParentID: 4624)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 4868 |ParentID: 4624)
C:\ExpressGateUtil\VAWinService.exe (ID: 4876 |ParentID: 760)
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe (ID: 4920 |ParentID: 4780)
C:\Windows\system32\conhost.exe (ID: 4928 |ParentID: 536)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 4964 |ParentID: 760)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 3196 |ParentID: 760)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2260 |ParentID: 4964)
C:\Windows\system32\wbem\unsecapp.exe (ID: 5520 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 5580 |ParentID: 760)
C:\Windows\system32\wbem\unsecapp.exe (ID: 5600 |ParentID: 868)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 5712 |ParentID: 760)
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (ID: 5908 |ParentID: 760)
C:\Windows\system32\SearchIndexer.exe (ID: 5976 |ParentID: 760)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3864 |ParentID: 868)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 3692 |ParentID: 868)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3636 |ParentID: 760)
C:\Windows\system32\svchost.exe (ID: 5048 |ParentID: 760)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 6464 |ParentID: 760)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID: 6660 |ParentID: 1792)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ID: 6840 |ParentID: 1792)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID: 6884 |ParentID: 1792)
C:\Windows\System32\svchost.exe (ID: 6852 |ParentID: 760)
C:\Windows\system32\DllHost.exe (ID: 2800 |ParentID: 868)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1652 |ParentID: 760)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID: 5748 |ParentID: 760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 6168 |ParentID: 760)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6060 |ParentID: 1744)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3836 |ParentID: 6060)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4068 |ParentID: 6060)
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (ID: 6904 |ParentID: 5252)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID: 9028 |ParentID: 3596)
C:\Windows\system32\wuauclt.exe (ID: 1512 |ParentID: 448)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 6788 |ParentID: 760)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 6764 |ParentID: 760)
C:\Windows\system32	askhost.exe (ID: 7476 |ParentID: 760)
C:\Windows\system32\msiexec.exe (ID: 7216 |ParentID: 760)
C:\Users\Anju\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 8044 |ParentID: 4700)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8112 |ParentID: 6060)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 9060 |ParentID: 6060)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8068 |ParentID: 6060)
C:\Windows\system32	askeng.exe (ID: 8012 |ParentID: 448)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8140 |ParentID: 6060)
C:\UsbFix\Go.exe (ID: 8148 |ParentID: 6572)
C:\Windows\system32undll32.exe (ID: 11248 |ParentID: 868)
C:\Windows\System32\dinotify.exe (ID: 7336 |ParentID: 11248)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5892 |ParentID: 868)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE | Run : [FLxHCIm] - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
04 - HKLM\SOFTWARE | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
04 - HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\SOFTWARE | Run : [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe
04 - HKLM\SOFTWARE | Run : [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe
04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [] - 
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [offerbox] - C:\Program Files (x86)\OfferBox\OfferBox.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE\wow6432Node | Run : [FLxHCIm] - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [offerbox] - C:\Program Files (x86)\OfferBox\OfferBox.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
04 - HKLM\SOFTWARE | RunOnce : [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
04 - HKLM\SOFTWARE | RunOnce : [aswasOutExt64.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [aswasOutExt64.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [Bubble Dock] - "C:\Users\Anju\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [HP Photosmart 5510 series (NET)] - "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN21I3C71805V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [AdobeBridge] - 
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [cacaoweb] - "C:\Users\Anju\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Présent! C:\Users\Anju\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
Présent! C:\Users\Anju\AppData\Local\Temp\Lanceur.vbs
Présent! C:\Windows\SysWOW64\update.exe
Présent! C:\Windows\autorun.ini

################## | Référence de comparaison MD5 |

Md5 : 347DC3D9DF0A5853E5637BD431D61B72 -> C:\Users\Anju\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
Md5 : 67EB1322395D41DDDC9045B4EEF2309D -> C:\Users\Anju\AppData\Local\Temp\Lanceur.vbs

################## | Comparaison MD5 |

Présent! Md5 : 67EB1322395D41DDDC9045B4EEF2309D -> C:\Users\Anju\AppData\Local\Temp\Lanceur.vbs
Présent! Md5 : 347DC3D9DF0A5853E5637BD431D61B72 -> C:\Users\Anju\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe

################## | Registre |

Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Utilisateur anonyme · Answer

Présent! C:\Users\Anju\AppData\Local\Temp\Lanceur.vbs 

ceci n'est pas un bon signe !

relance usbfix, clique sur Suppression,

poste son rapport et redémarre ton pc !

anju · Answer

je m'en doutais un peu... a quel point est-ce mauvais signe? est-ce qu'il y a quand même des choses récupérables?
voilà en tous cas le rapport de suppression : 

############################## | UsbFix V 7.155 | [Suppression]

Utilisateur: Anju (Administrateur) # ANJU-PC
Mis à jour le 16/12/2013 par El Desaparecido - Team SosVirus
Lancé à 12:09:40 | 24/12/2013

Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (N53SV)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 4001 | Free : 1738]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 279 Go (112 Go libre(s) - 40%) [OS] # NTFS
D:\ -> Disque fixe # 394 Go (379 Go libre(s) - 96%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 233 Go (24 Go libre(s) - 10%) [PIPOUNETTE] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Windows\system32
vvsvc.exe (ID: 152 |ParentID: 864)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (ID: 1304 |ParentID: 152)
Stoppé! C:\Windows\system32
vvsvc.exe (ID: 1324 |ParentID: 152)
Stoppé! C:\Windows\system32\WLANExt.exe (ID: 1348 |ParentID: 688)
Stoppé! C:\Windows\system32\FBAgent.exe (ID: 1356 |ParentID: 864)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1436 |ParentID: 864)
Stoppé! C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ID: 1464 |ParentID: 552)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1552 |ParentID: 864)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1592 |ParentID: 864)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 1796 |ParentID: 1436)
Stoppé! C:\Windows\AsScrPro.exe (ID: 1952 |ParentID: 1356)
Stoppé! C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 2044 |ParentID: 1356)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1644 |ParentID: 1356)
Stoppé! C:\Windows\system32	askeng.exe (ID: 1892 |ParentID: 560)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 756 |ParentID: 864)
Stoppé! C:\Windows\system32	askhost.exe (ID: 2140 |ParentID: 864)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2392 |ParentID: 864)
Stoppé! C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 2468 |ParentID: 864)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2516 |ParentID: 864)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2572 |ParentID: 864)
Stoppé! C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 2700 |ParentID: 864)
Stoppé! C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (ID: 2736 |ParentID: 864)
Stoppé! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2812 |ParentID: 864)
Stoppé! C:\Windows\system32	askeng.exe (ID: 2936 |ParentID: 560)
Stoppé! C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (ID: 2996 |ParentID: 864)
Stoppé! C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 3012 |ParentID: 2936)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 3040 |ParentID: 2936)
Stoppé! C:\Program Files\P4G\BatteryLife.exe (ID: 3064 |ParentID: 2936)
Stoppé! C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID: 2100 |ParentID: 2936)
Stoppé! C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 2196 |ParentID: 2936)
Stoppé! C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe (ID: 2592 |ParentID: 2996)
Stoppé! C:\ExpressGateUtil\VAWinService.exe (ID: 1484 |ParentID: 864)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3080 |ParentID: 864)
Stoppé! C:\Windows\System32\igfxtray.exe (ID: 3148 |ParentID: 1752)
Stoppé! C:\Windows\System32\hkcmd.exe (ID: 3156 |ParentID: 1752)
Stoppé! C:\Windows\System32\igfxpers.exe (ID: 3164 |ParentID: 1752)
Stoppé! C:\Program Files\Elantech\ETDCtrl.exe (ID: 3172 |ParentID: 1752)
Stoppé! C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 3180 |ParentID: 1752)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 3188 |ParentID: 1752)
Stoppé! C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ID: 3196 |ParentID: 1752)
Stoppé! C:\Windows\vsnp2uvc.exe (ID: 3204 |ParentID: 1752)
Stoppé! C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 3244 |ParentID: 864)
Stoppé! C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 3320 |ParentID: 1752)
Stoppé! C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 3348 |ParentID: 1752)
Stoppé! C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (ID: 3400 |ParentID: 1752)
Stoppé! C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (ID: 3460 |ParentID: 1752)
Stoppé! C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 3548 |ParentID: 3172)
Stoppé! C:\Users\Anju\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 3612 |ParentID: 1752)
Stoppé! C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 3712 |ParentID: 1752)
Stoppé! C:\Windows\system32\RunDll32.exe (ID: 3736 |ParentID: 1752)
Stoppé! C:\Users\Anju\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 3748 |ParentID: 1752)
Stoppé! C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (ID: 4232 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (ID: 4240 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID: 4260 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID: 4268 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 4276 |ParentID: 3620)
Stoppé! C:\ExpressGateUtil\VAWinAgent.exe (ID: 4284 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 4312 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (ID: 4396 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 4548 |ParentID: 864)
Stoppé! C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 4932 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\OfferBox\OfferBox.exe (ID: 4956 |ParentID: 3620)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 5028 |ParentID: 864)
Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4484 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 5064 |ParentID: 3620)
Stoppé! C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 4152 |ParentID: 3620)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 5148 |ParentID: 3620)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (ID: 5376 |ParentID: 864)
Stoppé! C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (ID: 5460 |ParentID: 3460)
Stoppé! C:\Program Files (x86)\OfferBox\OfferBoxHTTPProxy.exe (ID: 5692 |ParentID: 4956)
Stoppé! C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (ID: 5700 |ParentID: 2936)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5924 |ParentID: 864)
Stoppé! C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (ID: 2888 |ParentID: 864)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID: 1932 |ParentID: 1796)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ID: 3948 |ParentID: 1796)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID: 5936 |ParentID: 1796)
Stoppé! C:\Windows\SysWOW64\ACEngSvr.exe (ID: 6640 |ParentID: 976)
Stoppé! C:\Windows\servicing\TrustedInstaller.exe (ID: 6856 |ParentID: 864)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 3312 |ParentID: 976)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2856 |ParentID: 864)
Stoppé! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID: 4584 |ParentID: 864)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 1064 |ParentID: 864)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3332 |ParentID: 1752)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6076 |ParentID: 3332)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5092 |ParentID: 3332)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5372 |ParentID: 3332)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5672 |ParentID: 3332)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2824 |ParentID: 3332)
Stoppé! C:\Windows\system32\wuauclt.exe (ID: 984 |ParentID: 560)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID: 6748 |ParentID: 5064)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3936 |ParentID: 3332)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE | Run : [FLxHCIm] - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
04 - HKLM\SOFTWARE | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
04 - HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\SOFTWARE | Run : [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe
04 - HKLM\SOFTWARE | Run : [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe
04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [] - 
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [offerbox] - C:\Program Files (x86)\OfferBox\OfferBox.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE\wow6432Node | Run : [FLxHCIm] - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [offerbox] - C:\Program Files (x86)\OfferBox\OfferBox.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [Bubble Dock] - "C:\Users\Anju\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [HP Photosmart 5510 series (NET)] - "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN21I3C71805V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [AdobeBridge] - 
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [cacaoweb] - "C:\Users\Anju\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Supprimé! C:\Users\Anju\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
Supprimé! C:\Users\Anju\AppData\Local\Temp\Lanceur.vbs
Supprimé! C:\Windows\SysWOW64\update.exe
Supprimé! C:\Windows\autorun.ini
Supprimé! G:\DUSKO

################## | Référence de comparaison MD5 |

Md5 : 347DC3D9DF0A5853E5637BD431D61B72 -> C:\Users\Anju\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
Md5 : 67EB1322395D41DDDC9045B4EEF2309D -> C:\Users\Anju\AppData\Local\Temp\Lanceur.vbs

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKU\S-1-5-21-4099775944-587757865-2989014134-1001\Software\.\.\.\.\Mountpoints2\{5eb8a601-fb69-11e0-8ca4-14dae9ca6a4f}

################## | Listing |

[30/08/2011 - 04:40:11 | N | 0 Ko] - C:\Pass.txt
[30/08/2011 - 18:39:04 | N | 15 Ko] - C:\devlist.txt
[13/12/2013 - 23:39:59 | N | 0 Ko] - C:\BurnHelp.txt
[24/12/2013 - 11:52:27 | N | 21 Ko] - C:\UsbFix [Scan 1] ANJU-PC.txt
[24/12/2013 - 12:24:04 | A | 19 Ko] - C:\UsbFix [Clean 1] ANJU-PC.txt
[24/12/2013 - 11:56:57 | ASH | 3072816 Ko] - C:\hiberfil.sys
[24/12/2013 - 11:57:04 | ASH | 4097088 Ko] - C:\pagefile.sys
[15/12/2013 - 22:35:18 | D] - C:\Config.Msi
[30/08/2011 - 03:39:04 | N | 0 Ko] - C:\Finish.log
[30/08/2011 - 18:11:37 | N | 2 Ko] - C:\RHDSetup.log
[30/08/2011 - 18:20:44 | N | 0 Ko] - C:\setup.log
[04/07/2012 - 23:45:08 | N | 3 Ko] - C:\user.js
[20/06/2012 - 19:04:23 | N | 0 Ko] - C:\acadminidump.dmp
[12/07/2011 - 04:35:11 | N | 0 Ko] - C:\RECOVERY.DAT
[24/12/2013 - 11:59:43 | D] - C:\ASUS.DAT
[14/12/2011 - 19:28:47 | N | 2 Ko] - C:\aqua_bitmap.cpp
[07/04/2011 - 08:07:50 | N | 2560 Ko] - C:\N53SV.BIN
[04/06/2012 - 07:26:20 | SHD] - C:\$Recycle.Bin
[29/07/2009 - 07:03:37 | N | 8 Ko] - C:\BOOTSECT.BAK
[12/07/2011 - 04:35:11 | N | 0 Ko] - C:\N53SV_WIN7.50
[14/07/2009 - 02:38:58 | RASH | 375 Ko] - C:\bootmgr
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[29/07/2009 - 07:03:34 | SHD] - C:\Boot
[13/04/2011 - 03:49:40 | D] - C:\AsusVibeData
[30/08/2011 - 18:01:42 | D] - C:\Intel
[30/08/2011 - 18:18:02 | D] - C:\eSupport
[30/08/2011 - 18:29:02 | D] - C:\ExpressGateUtil
[20/10/2011 - 21:21:00 | RHD] - C:\MSOCache
[21/10/2011 - 02:48:32 | SHD] - C:\Recovery
[21/10/2011 - 02:50:53 | D] - C:\Users
[14/12/2011 - 18:51:14 | D] - C:\Autodesk
[16/09/2013 - 20:55:09 | HD] - C:\ProgramData
[22/10/2013 - 21:48:08 | D] - C:\Program Files
[12/12/2013 - 00:06:51 | D] - C:\Program Files (x86)
[17/12/2013 - 22:13:20 | SHD] - C:\System Volume Information
[24/12/2013 - 12:21:52 | D] - C:\UsbFix
[24/12/2013 - 12:21:52 | D] - C:\Windows
[24/12/2013 - 11:52:26 | RASHD] - D:\Autorun.inf
[21/10/2011 - 02:51:33 | SHD] - D:\$RECYCLE.BIN
[20/10/2011 - 21:16:06 | D] - D:\WinRar
[20/10/2011 - 21:16:27 | D] - D:\install
[21/10/2011 - 02:48:09 | SHD] - D:\System Volume Information
[24/02/2008 - 01:28:56 | AH | 4 Ko] - G:\._.Trashes
[24/02/2008 - 01:28:56 | HD] - G:\.Trashes
[26/07/2009 - 21:52:12 | HD] - G:\.TemporaryItems
[26/07/2009 - 21:52:12 | AH | 0 Ko] - G:\._.TemporaryItems
[17/05/2008 - 18:08:46 | HD] - G:\.Spotlight-V100
[24/12/2013 - 11:52:28 | RASHD] - G:\Autorun.inf
[18/09/2009 - 11:30:34 | N | 0 Ko] - G:\._~portfolio~o88l6u.idlk
[29/06/2011 - 16:51:16 | HD] - G:\.fseventsd
[19/07/2010 - 16:05:28 | N | 0 Ko] - G:\100714RENDU.dwl2
[28/09/2010 - 00:54:08 | N | 0 Ko] - G:\100714RENDU.dwl
[02/03/2010 - 16:49:38 | AH | 21 Ko] - G:\.DS_Store
[10/06/2011 - 00:16:56 | ASH | 495 Ko] - G:\Thumbs.db
[06/11/2010 - 15:47:48 | SHD] - G:\$RECYCLE.BIN
[26/02/2008 - 00:06:14 | D] - G:\FILMS
[26/02/2008 - 01:29:22 | D] - G:\PHOTO
[08/03/2008 - 15:06:22 | D] - G:\MUSIQUE
[08/03/2008 - 15:08:08 | D] - G:\ETUDES
[26/04/2009 - 22:26:34 | D] - G:\DIVERS
[01/03/2010 - 16:20:52 | D] - G:\LOGICIELS
[04/03/2010 - 16:49:46 | D] - G:\Recycled
[11/03/2010 - 19:15:32 | SHD] - G:\System Volume Information
[25/11/2010 - 22:32:08 | D] - G:\kurcina
[14/02/2011 - 18:50:52 | D] - G:\fakerica
[20/06/2011 - 12:00:38 | D] - G:\Helvetica

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

anju · Answer

Est-ce que je peux en profiter pour vérifier mon autre disque dur par la même occasion? (est-il d'ailleurs possible de faire cette vérification depuis mon nouvel ordi sans risquer de l'infecter?)
merci beaucoup en tous cas!

Utilisateur anonyme · Answer

tu aurais du brancher ton DD externe en même temps sur ton pc !

mais lance de nouveau usbfix en mode recherche avec ton DD externe !

anju · Answer

désolée je n'ai pas été très vive sur ce coup là! 
mais j'ai lancé la recherche sur l'autre DD externe, donc voilà le rapport (qu'en es-t-il du premier disque dur? 


############################## | UsbFix V 7.155 | [Recherche]

Utilisateur: Anju (Administrateur) # ANJU-PC
Mis à jour le 16/12/2013 par El Desaparecido - Team SosVirus
Lancé à 12:49:23 | 24/12/2013

Site Web : http://www.usbfix.net
Forum : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (N53SV)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 4001 | Free : 1981]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Trend Micro Titanium Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 279 Go (121 Go libre(s) - 43%) [OS] # NTFS
D:\ -> Disque fixe # 394 Go (379 Go libre(s) - 96%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque fixe # 466 Go (397 Go libre(s) - 85%) [HD-PCTU3] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 636 |ParentID: 588)
C:\Windows\system32\csrss.exe (ID: 760 |ParentID: 752)
C:\Windows\system32\wininit.exe (ID: 768 |ParentID: 588)
C:\Windows\system32\winlogon.exe (ID: 816 |ParentID: 752)
C:\Windows\system32\services.exe (ID: 868 |ParentID: 768)
C:\Windows\system32\lsass.exe (ID: 876 |ParentID: 768)
C:\Windows\system32\lsm.exe (ID: 884 |ParentID: 768)
C:\Windows\system32\svchost.exe (ID: 976 |ParentID: 868)
C:\Windows\system32
vvsvc.exe (ID: 328 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 392 |ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 664 |ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 680 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 752 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 968 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 1180 |ParentID: 868)
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (ID: 1312 |ParentID: 328)
C:\Windows\system32
vvsvc.exe (ID: 1324 |ParentID: 328)
C:\Windows\system32\WLANExt.exe (ID: 1332 |ParentID: 680)
C:\Windows\system32\FBAgent.exe (ID: 1340 |ParentID: 868)
C:\Windows\system32\conhost.exe (ID: 1352 |ParentID: 636)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1428 |ParentID: 868)
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ID: 1476 |ParentID: 532)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1568 |ParentID: 868)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1620 |ParentID: 868)
C:\Windows\system32\Dwm.exe (ID: 1724 |ParentID: 680)
C:\Windows\Explorer.EXE (ID: 1752 |ParentID: 1716)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 1796 |ParentID: 1428)
C:\Windows\AsScrPro.exe (ID: 1972 |ParentID: 1340)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 2044 |ParentID: 1340)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1492 |ParentID: 1340)
C:\Windows\System32\spoolsv.exe (ID: 1632 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 1784 |ParentID: 868)
C:\Windows\system32	askhost.exe (ID: 2096 |ParentID: 868)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2376 |ParentID: 868)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (ID: 2412 |ParentID: 868)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2444 |ParentID: 868)
C:\Windows\system32	askeng.exe (ID: 2480 |ParentID: 968)
C:\Windows\system32	askeng.exe (ID: 2536 |ParentID: 968)
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 2552 |ParentID: 2480)
C:\Program Files\P4G\BatteryLife.exe (ID: 2560 |ParentID: 2480)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 2584 |ParentID: 2536)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 2604 |ParentID: 2480)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID: 2640 |ParentID: 2480)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2708 |ParentID: 868)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 2836 |ParentID: 868)
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (ID: 2876 |ParentID: 868)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2976 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 3068 |ParentID: 868)
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (ID: 2204 |ParentID: 868)
C:\ExpressGateUtil\VAWinService.exe (ID: 1048 |ParentID: 868)
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe (ID: 1772 |ParentID: 2204)
C:\Windows\system32\conhost.exe (ID: 1516 |ParentID: 636)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1272 |ParentID: 868)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 2904 |ParentID: 868)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3124 |ParentID: 1272)
C:\Windows\system32\wbem\unsecapp.exe (ID: 3552 |ParentID: 976)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 3668 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 4052 |ParentID: 868)
C:\Windows\system32\svchost.exe (ID: 3456 |ParentID: 868)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4188 |ParentID: 976)
C:\Windows\System32undll32.exe (ID: 4784 |ParentID: 976)
C:\Windows\system32\SearchIndexer.exe (ID: 5016 |ParentID: 868)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3856 |ParentID: 868)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID: 4676 |ParentID: 1796)
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (ID: 4872 |ParentID: 2536)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ID: 3540 |ParentID: 1796)
C:\Windows\System32\igfxtray.exe (ID: 5104 |ParentID: 1752)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID: 2220 |ParentID: 1796)
C:\Windows\System32\hkcmd.exe (ID: 4696 |ParentID: 1752)
C:\Windows\System32\igfxpers.exe (ID: 3448 |ParentID: 1752)
C:\Windows\system32\SearchProtocolHost.exe (ID: 4592 |ParentID: 5016)
C:\Windows\System32\svchost.exe (ID: 4124 |ParentID: 868)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 3140 |ParentID: 1752)
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 3192 |ParentID: 1752)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 356 |ParentID: 1752)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 3988 |ParentID: 976)
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ID: 3648 |ParentID: 1752)
C:\Windows\vsnp2uvc.exe (ID: 3824 |ParentID: 1752)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 5208 |ParentID: 3140)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 5292 |ParentID: 1752)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 5388 |ParentID: 1752)
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (ID: 5400 |ParentID: 1752)
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (ID: 5492 |ParentID: 1752)
C:\Windows\system32\wbem\unsecapp.exe (ID: 5568 |ParentID: 976)
C:\Users\Anju\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 5748 |ParentID: 1752)
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 6072 |ParentID: 1752)
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (ID: 4296 |ParentID: 5756)
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (ID: 3688 |ParentID: 5756)
C:\Windows\system32\RunDll32.exe (ID: 5272 |ParentID: 1752)
C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe (ID: 5276 |ParentID: 5272)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID: 5328 |ParentID: 5756)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID: 6140 |ParentID: 5756)
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (ID: 6008 |ParentID: 5492)
C:\Windows\system32\DllHost.exe (ID: 3176 |ParentID: 976)
C:\Users\Anju\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 5840 |ParentID: 1752)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 4912 |ParentID: 5756)
C:\ExpressGateUtil\VAWinAgent.exe (ID: 5488 |ParentID: 5756)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 5528 |ParentID: 5756)
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (ID: 2212 |ParentID: 5756)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 6264 |ParentID: 5756)
C:\Program Files (x86)\OfferBox\OfferBox.exe (ID: 6316 |ParentID: 5756)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 6380 |ParentID: 5756)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 6412 |ParentID: 5756)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ID: 6464 |ParentID: 5756)
C:\Program Files (x86)\OfferBox\OfferBoxHTTPProxy.exe (ID: 6492 |ParentID: 6316)
C:\Program Files\iPod\bin\iPodService.exe (ID: 6676 |ParentID: 868)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 6768 |ParentID: 5756)
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (ID: 6064 |ParentID: 868)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5692 |ParentID: 868)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID: 5112 |ParentID: 868)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6600 |ParentID: 1752)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7064 |ParentID: 6600)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7124 |ParentID: 6600)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6276 |ParentID: 6600)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6592 |ParentID: 6600)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 6992 |ParentID: 868)
C:\Windows\system32\wuauclt.exe (ID: 6512 |ParentID: 968)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6876 |ParentID: 6600)
C:\Windows\system32\SearchFilterHost.exe (ID: 2004 |ParentID: 5016)
C:\UsbFix\Go.exe (ID: 5896 |ParentID: 5980)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5372 |ParentID: 976)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE | Run : [FLxHCIm] - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
04 - HKLM\SOFTWARE | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
04 - HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\SOFTWARE | Run : [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe
04 - HKLM\SOFTWARE | Run : [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe
04 - HKLM\SOFTWARE | Run : [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE | Run : [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [] - 
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [offerbox] - C:\Program Files (x86)\OfferBox\OfferBox.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE\wow6432Node | Run : [FLxHCIm] - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] - 
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [offerbox] - C:\Program Files (x86)\OfferBox\OfferBox.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [Bubble Dock] - "C:\Users\Anju\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [HP Photosmart 5510 series (NET)] - "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN21I3C71805V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [AdobeBridge] - 
04 - HKU\S-1-5-21-4099775944-587757865-2989014134-1001\SOFTWARE | Run : [cacaoweb] - "C:\Users\Anju\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |


################## | Registre |


################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Utilisateur anonyme · Answer

normalement, les 2 disques durs sont ok  :D

n'oublie pas de désinstaller usbfix !


est ce que tu veux vérifier ton pc du moment ou on y est ?

anju · Answer

super merci beaucoup! 
je vais formater et vendre le pc sur le quel je suis donc je pense que c'est bon!
je vais pouvoir me mettre sur mon nouveau asus zenbook tout beau!
encore merci beaucoup!
bonne journée et joyeux noel!

Utilisateur anonyme · Answer

ok,

bonne fête et bon surf    :D

Comment savoir si mon disque dur externe est clean?

12 réponses

Discussions similaires

Newsletters