############################## | UsbFix V 7.162 | [Suppression]

Utilisateur: Rudy-ds (Administrateur) # ANTIKNOTE
Mis à jour le 27/01/2014 par El Desaparecido - Team SosVirus
Lancé à 12:19:24 | 02/02/2014

Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc.         (K52JT)
CPU: Intel(R) Core(TM) i7 CPU       Q 740  @ 1.73GHz
RAM -> [Total : 4021 Mo| Free : 2840 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.7601.17514
WB: Mozilla Firefox : 26.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Avira Desktop [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001

C:\ (%systemdrive%) -> Disque fixe # 182 Go (121 Go libre(s) - 67%) [OS] # NTFS
D:\ -> Disque fixe # 495 Go (344 Go libre(s) - 69%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (1 Mo libre(s) - 0%) [RUDY DS] # FAT
H:\ -> Disque amovible # 2 Go (2 Go libre(s) - 96%) [CLEF RDS] # FAT

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 484 |ParentID: 456)
C:\Windows\system32\wininit.exe (ID: 540 |ParentID: 456)
C:\Windows\system32\csrss.exe (ID: 560 |ParentID: 548)
C:\Windows\system32\services.exe (ID: 596 |ParentID: 540)
C:\Windows\system32\lsass.exe (ID: 620 |ParentID: 540)
C:\Windows\system32\lsm.exe (ID: 628 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 736 |ParentID: 596)
C:\Windows\system32\winlogon.exe (ID: 812 |ParentID: 548)
C:\Windows\system32\svchost.exe (ID: 880 |ParentID: 596)
C:\Windows\system32\atiesrxx.exe (ID: 936 |ParentID: 596)
C:\Windows\System32\svchost.exe (ID: 996 |ParentID: 596)
C:\Windows\System32\svchost.exe (ID: 140 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 492 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 1072 |ParentID: 596)
C:\Windows\system32\atieclxx.exe (ID: 1108 |ParentID: 936)
C:\Windows\system32\svchost.exe (ID: 1192 |ParentID: 596)
C:\Windows\system32\FBAgent.exe (ID: 1348 |ParentID: 596)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID: 1380 |ParentID: 596)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID: 1480 |ParentID: 596)
C:\Windows\System32\spoolsv.exe (ID: 1620 |ParentID: 596)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1648 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 1740 |ParentID: 596)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1840 |ParentID: 596)
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (ID: 1912 |ParentID: 596)
C:\Windows\SysWOW64\svchost.exe (ID: 1988 |ParentID: 596)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2020 |ParentID: 596)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 1172 |ParentID: 596)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 1520 |ParentID: 596)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 2112 |ParentID: 596)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2248 |ParentID: 596)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2508 |ParentID: 2248)
C:\Windows\system32\taskhost.exe (ID: 2944 |ParentID: 596)
C:\Windows\system32\Dwm.exe (ID: 3060 |ParentID: 140)
C:\Windows\Explorer.EXE (ID: 1448 |ParentID: 3020)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 1240 |ParentID: 1520)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID: 2636 |ParentID: 1380)
C:\Windows\system32\runonce.exe (ID: 2716 |ParentID: 1448)
C:\Windows\AsScrPro.exe (ID: 2920 |ParentID: 1348)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 2988 |ParentID: 1348)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2940 |ParentID: 736)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID: 2848 |ParentID: 2636)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID: 3096 |ParentID: 2636)
C:\Windows\system32\taskeng.exe (ID: 3140 |ParentID: 492)
C:\Program Files\P4G\BatteryLife.exe (ID: 3188 |ParentID: 3140)
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ID: 3200 |ParentID: 3140)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 3220 |ParentID: 3140)
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ID: 3232 |ParentID: 3140)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 3324 |ParentID: 736)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3392 |ParentID: 736)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID: 3544 |ParentID: 3140)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 3668 |ParentID: 1840)
C:\Windows\system32\svchost.exe (ID: 3844 |ParentID: 596)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID: 4060 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 3128 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 3432 |ParentID: 596)
C:\Windows\System32\WUDFHost.exe (ID: 1284 |ParentID: 140)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 2712 |ParentID: 596)
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ID: 1468 |ParentID: 3140)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 3372 |ParentID: 596)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 3884 |ParentID: 596)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3984 |ParentID: 596)
C:\Windows\system32\SearchIndexer.exe (ID: 2424 |ParentID: 596)
C:\Windows\system32\taskhost.exe (ID: 3988 |ParentID: 596)
C:\Windows\system32\taskeng.exe (ID: 1272 |ParentID: 492)

################## | Regedit Run |

04 - HKCU\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKCU\..\Run : [flashmemory] wscript.exe //B "C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe"
04 - HKLM\..\Run : [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
04 - HKLM\..\Run : [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\..\Run : [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\..\Run : [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\..\Run : [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
04 - HKLM\..\Run : [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [] 
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : [] 
04 - HKLM64\..\Run : [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
04 - HKLM64\..\Run : [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
04 - HKLM64\..\Run : [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [Setwallpaper] c:\programdata\SetWallpaper.cmd
04 - HKLM64\..\Run : [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-465012693-2708230279-1097855847-1000\..\Run : [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
04 - HKU\S-1-5-21-465012693-2708230279-1097855847-1000\..\Run : [flashmemory] wscript.exe //B "C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Supprimé! C:\Users\Rudy-ds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Supprimé! C:\Users\Rudy-ds\AppData\Local\Temp\flashmemory.vbe
Supprimé! H:\flashmemory.vbe
Supprimé! F:\SThumbDB.lnk
Supprimé! F:\Store(caf6a04e8ee3cee63f06899813569e487077575f).lnk
Supprimé! F:\Images.lnk
Supprimé! F:\Videos.lnk
Supprimé! F:\Sounds.lnk
Supprimé! F:\Themes.lnk
Supprimé! F:\Documents.lnk
Supprimé! F:\FOUND.000.lnk
Supprimé! F:\Others.lnk
Supprimé! F:\SamsungNavigator.lnk
Supprimé! F:\Backup.lnk
Supprimé! F:\GoogleAppsData.lnk
Supprimé! F:\Recycled.lnk
Supprimé! H:\DSCN8531.lnk
Supprimé! H:\Doc admin.lnk
Supprimé! H:\Photos Hipposcars 2013.lnk
Supprimé! H:\Curriculum Vitae.lnk
Supprimé! H:\Photos Bu Rudy - prévoir corrections.lnk
Supprimé! C:\Users\Rudy-ds\AppData\Roaming\system

(!) Fichiers temporaires supprimés.

################## | Registre |

Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Supprimé! HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Supprimé! HKU\S-1-5-21-465012693-2708230279-1097855847-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory

################## | Listing |

[09/10/2013 - 19:16:28 | SHD] - C:\$Recycle.Bin
[28/12/2011 - 10:03:06 | SHD] - C:\Boot
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - C:\bootmgr
[29/07/2009 - 07:03:37 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[19/12/2010 - 07:30:48 | D] - C:\CIMTEMP
[16/01/2014 - 15:30:49 | D] - C:\Config.Msi
[19/12/2010 - 07:49:28 | N | 19 Ko | 5DA5DBAB18F4ED571AC3076AFF1737E4] - C:\devlist.txt
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[26/12/2012 - 19:12:10 | D] - C:\Downloads
[04/12/2011 - 12:31:59 | N | 0 Ko | 9B758560EDB6EE51D610B9A069BB3F2F] - C:\dpi.txt
[19/12/2010 - 07:39:13 | D] - C:\eSupport
[19/12/2010 - 07:49:27 | N | 0 Ko] - C:\Finish.log
[14/12/2012 - 16:16:33 | D] - C:\found.000
[02/02/2014 - 11:21:46 | ASH | 3087752 Ko] - C:\hiberfil.sys
[19/12/2010 - 07:25:57 | D] - C:\Intel
[21/10/2010 - 07:28:47 | N | 2048 Ko] - C:\K52JT.BIN
[21/10/2010 - 07:29:04 | N | 2048 Ko] - C:\K52JU.BIN
[21/10/2010 - 11:53:15 | N | 0 Ko] - C:\K52JU_K52JT_WIN7.10
[06/01/2012 - 00:53:28 | RHD] - C:\MSOCache
[02/02/2014 - 11:21:48 | ASH | 4117004 Ko] - C:\pagefile.sys
[18/12/2010 - 17:42:41 | N | 0 Ko | 9367D62B204F2B09D23968DECCEBEBD9] - C:\Pass.txt
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[08/01/2014 - 19:33:18 | N | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[03/12/2013 - 10:57:41 | D] - C:\Program Files
[08/01/2014 - 19:21:26 | D] - C:\Program Files (x86)
[05/01/2014 - 11:04:55 | HD] - C:\ProgramData
[17/07/2012 - 18:19:12 | SHD] - C:\Recovery
[21/10/2010 - 11:53:15 | N | 0 Ko] - C:\RECOVERY.DAT
[11/12/2011 - 23:31:43 | N | 0 Ko] - C:\setup.log
[13/05/2006 - 17:22:24 | N | 0 Ko] - C:\store.log
[16/01/2014 - 15:29:15 | SHD] - C:\System Volume Information
[17/11/2012 - 21:10:42 | D] - C:\Temp
[01/02/2014 - 20:18:02 | D] - C:\UsbFix
[02/02/2014 - 12:25:29 | A | 12 Ko | 162FE501F56FA42CC07C0A8129628D14] - C:\UsbFix [Clean 2] ANTIKNOTE.txt
[01/02/2014 - 20:24:27 | N | 13 Ko | E5C16F845B18EFEA5437855E0C55D344] - C:\UsbFix [Scan 1] ANTIKNOTE.txt
[04/12/2011 - 12:29:48 | D] - C:\Users
[23/11/2013 - 15:30:31 | D] - C:\Windows
[09/10/2013 - 20:02:25 | SHD] - D:\$RECYCLE.BIN
[16/10/2013 - 05:19:34 | D] - D:\078b8126e41cd89fc611742ce8819b6a
[18/11/2012 - 20:16:59 | D] - D:\c13b3875ebbc7cc54c06
[13/10/2013 - 22:39:20 | D] - D:\c2933718f53c80e66444bf
[09/01/2012 - 19:10:28 | D] - D:\Montage
[31/01/2014 - 10:33:18 | D] - D:\Musique
[20/12/2013 - 15:14:54 | D] - D:\Photos
[27/12/2012 - 00:15:56 | SHD] - D:\System Volume Information
[29/10/2013 - 13:14:14 | D] - D:\Vidéos
[11/09/2013 - 22:37:14 | D] - D:\Voice
[29/01/2012 - 23:56:08 | D] - F:\Images
[01/01/2010 - 00:26:12 | D] - F:\Videos
[01/01/2010 - 00:26:14 | D] - F:\Sounds
[01/01/2010 - 00:26:14 | D] - F:\Themes
[08/07/2009 - 05:35:32 | D] - F:\Documents
[10/12/2009 - 16:27:28 | D] - F:\FOUND.000
[01/01/2010 - 00:26:14 | D] - F:\Others
[01/02/2014 - 08:41:48 | N | 69144 Ko] - F:\SThumbDB.tdb
[22/03/2011 - 12:16:16 | N | 132 Ko] - F:\Store(caf6a04e8ee3cee63f06899813569e487077575f).hds
[24/07/2011 - 13:22:38 | D] - F:\SamsungNavigator
[17/04/2012 - 16:34:34 | D] - F:\Backup
[07/11/2012 - 09:42:08 | D] - F:\GoogleAppsData
[27/03/2011 - 14:07:04 | D] - F:\Recycled
[24/12/2012 - 20:03:00 | N | 3794 Ko] - H:\DSCN8531.JPG

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |