Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#19638
re
rejau a écrit ::fumeunpeco: :alcool: je disais que je pense que le windows8 aussi est infecté et est ce que on peut pas procédé a sa désinfection avant d'aller sur windows7?ou bien ce n'est pas la peine??
on s'occupe de w7 et ensuite on s'occupera de w8 ;)

@+
#19651
Bon enfinn c'est fait

############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: FassMaraj (Administrateur) # FASSMARAJ-PC
Mis à  jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à  18:39:57 | 29/11/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Micro-Star International Co., Ltd. (MS-16GN)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3564 | Free : 2105]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Intégrale (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2014 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 165 Go (11 Go libre(s) - 7%) [Disque local] # NTFS
D:\ -> Disque fixe # 301 Go (18 Go libre(s) - 6%) [Disque local] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (2 Go libre(s) - 93%) [SWAGG] # FAT
G:\ -> Disque fixe # 100 Mo (63 Mo libre(s) - 63%) [Réservé au système] # NTFS
H:\ -> Disque amovible # 13 Go (3 Go libre(s) - 25%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:\PROGRA~2\AVG\AVG2014\avgrsa.exe (ID: 420 |ParentID: 404)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 476 |ParentID: 420)
Stoppé! C:\Windows\system32\atiesrxx.exe (ID: 764 |ParentID: 828)
Stoppé! C:\Windows\system32\atieclxx.exe (ID: 1388 |ParentID: 764)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1620 |ParentID: 828)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 1772 |ParentID: 828)
Stoppé! C:\Windows\Explorer.EXE (ID: 1936 |ParentID: 1868)
Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID: 1320 |ParentID: 828)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (ID: 1484 |ParentID: 828)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (ID: 1848 |ParentID: 828)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID: 1800 |ParentID: 828)
Stoppé! C:\Windows\SysWOW64\ChgService.exe (ID: 1072 |ParentID: 828)
Stoppé! C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ID: 1096 |ParentID: 828)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (ID: 2204 |ParentID: 1800)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (ID: 2224 |ParentID: 1800)
Stoppé! C:\Windows\SysWOW64\NLSSRV32.EXE (ID: 2288 |ParentID: 828)
Stoppé! C:\Windows\system32\sppsvc.exe (ID: 2472 |ParentID: 828)
Stoppé! C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (ID: 2524 |ParentID: 828)
Stoppé! C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe (ID: 2720 |ParentID: 828)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2796 |ParentID: 828)
Stoppé! C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ID: 2084 |ParentID: 2524)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3260 |ParentID: 2796)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 3412 |ParentID: 1936)
Stoppé! C:\Program Files\Elantech\ETDCtrl.exe (ID: 3428 |ParentID: 1936)
Stoppé! C:\Program Files\BitComet\BitComet.exe (ID: 3448 |ParentID: 1936)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID: 3692 |ParentID: 3464)
Stoppé! C:\Program Files (x86)\AVG Secure Search\vprot.exe (ID: 3728 |ParentID: 3464)
Stoppé! C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 3140 |ParentID: 3428)
Stoppé! C:\Program Files (x86)\Kanakoo Liberté Plus\Main\USB Modem.exe (ID: 692 |ParentID: 1936)
Stoppé! C:\Windows\servicing\TrustedInstaller.exe (ID: 4436 |ParentID: 828)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\SOFTWARE | Run : [BitComet] - "C:\Program Files\BitComet\BitComet.exe" /tray
04 - HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\SOFTWARE | Run : [goihkgucfv] - wscript.exe //B "C:\Users\FassMaraj\AppData\Roaming\goihkgucfv..vbs"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Recherche générique |

Supprimé! C:\Users\FASSMA~1\AppData\Local\Temp\ADMIN.vbe
Supprimé! C:\Users\FASSMA~1\AppData\Local\Temp\tp.vbe
Supprimé! C:\Users\FASSMA~1\AppData\Local\Temp\CPBA.bat
Supprimé! C:\Users\FASSMA~1\AppData\Local\Temp\uac.bat

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : E11A368AAA023AC803DFF823CC918920 -> C:\Users\FASSMA~1\AppData\Local\Temp\ADMIN.vbe
Md5 : 63D203F65AF2A81A053395639E48580F -> C:\Users\FASSMA~1\AppData\Local\Temp\tp.vbe

################## | Comparaison MD5 |


################## | Registre |

Supprimé! HKCU\Software\Door
Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 0
Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 0
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acrobat.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acrodist.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adobe air application installer.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\formdesigner.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\illustrator.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lphant.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poweriso.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pwrisovm.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\switchboard.exe
Supprimé! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acrord32.exe
Supprimé! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s-bar.exe
Supprimé! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe
Supprimé! HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\Software\.\.\.\.\Mountpoints2\F
Supprimé! HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\Software\.\.\.\.\Mountpoints2\H
Supprimé! HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\Software\.\.\.\.\Mountpoints2\{238c2b30-ed16-11e2-9925-806e6f6e6963}
Supprimé! HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\Software\.\.\.\.\Mountpoints2\{83129639-f758-11e2-ac44-6c626d31fdb2}
Supprimé! HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\Software\.\.\.\.\Mountpoints2\{83129661-f758-11e2-ac44-6c626d31fdb2}

################## | Listing |

[29/11/2013 - 09:52:16 | SHD ] C:\$RECYCLE.BIN
[10/06/2009 - 21:42:20 | N | 24] C:\autoexec.bat
[10/06/2009 - 21:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:08:56 | SHD ] C:\Documents and Settings
[28/11/2013 - 17:41:27 | D ] C:\Downloads
[24/11/2013 - 14:45:34 | D ] C:\H
[25/05/2013 - 12:28:21 | D ] C:\inetpub
[30/10/2013 - 09:06:46 | RHD ] C:\MSOCache
[24/11/2013 - 14:38:59 | D ] C:\Nouveau dossier
[29/11/2013 - 18:30:08 | ASH | 3736858624] C:\pagefile.sys
[14/07/2009 - 03:20:08 | D ] C:\PerfLogs
[29/11/2013 - 00:24:24 | N | 512] C:\PhysicalDisk0_MBR.bin
[30/10/2013 - 09:08:42 | D ] C:\Program Files
[28/11/2013 - 23:57:40 | D ] C:\Program Files (x86)
[28/11/2013 - 23:03:20 | HD ] C:\ProgramData
[15/07/2013 - 09:04:00 | SHD ] C:\Recovery
[19/11/2013 - 06:15:51 | SHD ] C:\System Volume Information
[28/07/2013 - 10:46:37 | D ] C:\Temp
[29/11/2013 - 19:07:26 | D ] C:\UsbFix
[29/11/2013 - 07:16:49 | N | 8497] C:\UsbFix [Clean 1] FASSMARAJ-PC.txt
[29/11/2013 - 08:03:47 | N | 6033] C:\UsbFix [Clean 2] FASSMARAJ-PC.txt
[29/11/2013 - 10:34:56 | N | 5934] C:\UsbFix [Clean 3] FASSMARAJ-PC.txt
[29/11/2013 - 19:07:30 | A | 12120] C:\UsbFix [Clean 4] FASSMARAJ-PC.txt
[14/09/2013 - 08:26:23 | RD ] C:\Users
[29/11/2013 - 08:01:14 | D ] C:\Windows
[29/11/2013 - 14:06:39 | D ] D:\$AVG
[28/11/2013 - 21:20:53 | SHD ] D:\$RECYCLE.BIN
[14/10/2013 - 07:35:47 | N | 26870] D:\1374769_340802922723016_1210707325_n.jpg
[21/10/2013 - 23:23:04 | N | 40791] D:\1374973_930872400320722_305454934_n.jpg
[18/10/2013 - 22:58:49 | N | 40171] D:\1376644_676242075733680_1140229366_n.jpg
[05/10/2013 - 07:52:16 | N | 138876] D:\1377067_757368297623192_1726485285_n.jpg
[17/10/2013 - 21:45:04 | N | 24243] D:\1378127_675519559139265_744486611_n.jpg
[05/10/2013 - 07:49:41 | N | 18689] D:\1379342_613629845349966_907012803_n.jpg
[15/10/2013 - 18:22:39 | N | 26978] D:\1380093_603972559643912_2132461502_n.jpg
[05/10/2013 - 07:50:46 | N | 28019] D:\1382388_664977796868017_608525256_n.jpg
[16/10/2013 - 21:53:08 | N | 78040] D:\1382835_408539252608640_1580444316_n.png
[18/10/2013 - 07:43:17 | N | 28162] D:\1383187_524934400922283_142856209_n.jpg
[12/10/2013 - 22:16:27 | N | 54661] D:\1383830_516651231753071_2071706720_n.jpg
[02/10/2013 - 19:38:41 | N | 28584] D:\1385037_389426351160208_414916932_n.jpg
[11/10/2013 - 02:34:58 | N | 661360] D:\1385705_10151918051426142_314313606_n.png
[03/11/2013 - 03:41:30 | N | 25075] D:\1385996_704480566228664_88315971_n.jpg
[18/10/2013 - 22:57:10 | N | 120320] D:\1395218_676130972411457_14066382_n.jpg
[03/11/2013 - 03:38:33 | N | 139890] D:\1450068_760285680663793_214547457_n.png
[02/10/2013 - 19:26:44 | N | 76914] D:\312660_354342461331341_994345674_n.jpg
[05/10/2013 - 07:57:31 | N | 214112] D:\453px-Zekrom-NB.png
[20/10/2013 - 08:00:14 | N | 24386] D:\545227_561979983869003_1840957485_n.jpg
[05/10/2013 - 08:00:50 | N | 275749] D:\545px-Reshiram.png
[02/10/2013 - 22:29:01 | N | 17348] D:\579146_602611126465772_620272337_n.jpg
[01/10/2013 - 05:44:20 | N | 17262] D:\599332_611829535529997_1845729032_n.jpg
[03/11/2013 - 03:27:42 | N | 15680] D:\644274_682603141757977_1080603938_n.jpg
[20/11/2013 - 19:21:55 | D ] D:\91
[24/10/2013 - 22:39:23 | N | 75448] D:\931355_135183663336462_2043850405_n.jpg
[26/07/2012 - 06:51:57 | N | 24] D:\autoexec.bat
[27/09/2013 - 18:51:40 | D ] D:\Bebert
[26/07/2012 - 03:44:30 | RASH | 398156] D:\bootmgr
[02/06/2012 - 14:30:55 | N | 1] D:\BOOTNXT
[17/11/2013 - 17:46:18 | D ] D:\Carte memoire
[26/07/2012 - 06:51:57 | N | 10] D:\config.sys
[12/10/2013 - 23:21:30 | D ] D:\Daria
[11/10/2013 - 14:51:35 | D ] D:\DD
[12/09/2013 - 19:30:45 | D ] D:\EMUL
[25/11/2013 - 16:11:42 | D ] D:\Faiz
[15/07/2013 - 12:07:45 | D ] D:\Faiz 1
[29/11/2013 - 17:28:59 | ASH | 2143911936] D:\hiberfil.sys
[29/11/2013 - 10:07:36 | D ] D:\HUMOUR
[30/09/2013 - 18:32:50 | D ] D:\Les BET
[25/11/2013 - 18:32:29 | RHD ] D:\MSOCache
[27/11/2013 - 15:11:01 | D ] D:\naruto
[11/10/2013 - 17:14:21 | D ] D:\New
[29/11/2013 - 17:29:00 | N | 2684354560] D:\pagefile.sys
[26/07/2012 - 06:29:28 | D ] D:\PerfLogs
[05/10/2011 - 16:39:52 | N | 31286075] D:\Photodex.ProShow.Gold.4.52.3053_2.rar
[28/11/2013 - 14:38:03 | D ] D:\Program Files
[19/11/2013 - 10:17:18 | D ] D:\Program Files (x86)
[27/11/2013 - 22:18:48 | HD ] D:\ProgramData
[21/11/2013 - 11:39:33 | SHD ] D:\Recovery
[29/11/2013 - 17:29:00 | N | 268435456] D:\swapfile.sys
[28/11/2013 - 16:07:44 | SHD ] D:\System Volume Information
[10/10/2013 - 14:16:21 | D ] D:\TuneUp Utilities 2013 13.0.2013.194 Final Incl Patch @ ONly By THE RAIN {HKRG}
[29/11/2013 - 10:36:06 | D ] D:\UsbFix
[29/11/2013 - 10:42:09 | N | 15311] D:\UsbFix [Clean 1] JANUZ.txt
[28/11/2013 - 20:06:08 | N | 6025] D:\UsbFix [Scan 1] JANUZ.txt
[21/11/2013 - 11:41:56 | RD ] D:\Users
[12/10/2013 - 23:49:10 | D ] D:\Val
[29/11/2013 - 10:07:41 | D ] D:\Windows
[21/11/2013 - 12:11:10 | D ] D:\Windows.old
[28/11/2013 - 16:06:02 | D ] D:\Yann
[12/09/2013 - 19:30:45 | D ] D:\Yu gi oh!
[21/11/2013 - 11:56:10 | SHD ] G:\$RECYCLE.BIN
[21/11/2013 - 11:26:00 | SHD ] G:\Boot
[26/07/2012 - 03:44:30 | RASH | 398156] G:\bootmgr
[02/06/2012 - 14:30:55 | N | 1] G:\BOOTNXT
[21/11/2013 - 11:26:03 | RASH | 8192] G:\BOOTSECT.BAK
[26/06/2013 - 10:27:44 | N | 8192] G:\bootsect.lxe.bak
[15/07/2013 - 09:11:01 | N | 383592] G:\gdrop
[30/08/2013 - 04:25:14 | SHD ] G:\System Volume Information
[21/10/2013 - 11:36:14 | N | 171136] G:\w7ldr
[04/11/2009 - 15:28:11 | N | 17] G:\win7.ld
[15/07/2013 - 09:11:01 | N | 171136] G:\xeldr

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |

c'est bon?
#19656
re

oui, mais ceci et poste le rapport s'il te plaît
  • Lance UsbFix ton Bureau !
  • Branchez toutes vos sources de données externes à  votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisi l'option Vacciner

    Note : Des petites fenêtres vont s'ouvrir, clique sur Ok

    Image
:merci2:
#19661
re

tu n'as pas eu de raaport :interro:

si non, fais ceci et poste le rapport s'il te plaît
  • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
  • Branche toutes tes sources de données externes au PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisis l'option Recherche

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
:merci2:

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)