Rapport UsbFix

Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
 Répondre
  • Avatar du membre
  • Avatar du membre
Avatar du membre

Rapport UsbFix

par Amandine
 dim. 20 oct. 2013 17:05 #12141
Voici le rapport UsbFix établi suite au scan de mon PC et d'une clef USB.

Pouvez-vous m'indiquer la marche à  suivre.

Merci d'avance.
Code: Tout sélectionner
############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: User (Administrateur) # USER-PC
Mis à  jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à  16:46:52 | 20/10/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (K54C)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 4000 | Free : 2214]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Bitdefender Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 186 Go (108 Go libre(s) - 58%) [OS] # NTFS
D:\ -> Disque fixe # 254 Go (210 Go libre(s) - 82%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 958 Mo (932 Mo libre(s) - 97%) [] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID 600 |ParentID 488)
C:\Windows\system32\wininit.exe (ID 672 |ParentID 488)
C:\Windows\system32\csrss.exe (ID 696 |ParentID 680)
C:\Windows\system32\services.exe (ID 728 |ParentID 672)
C:\Windows\system32\lsass.exe (ID 756 |ParentID 672)
C:\Windows\system32\lsm.exe (ID 764 |ParentID 672)
C:\Windows\system32\winlogon.exe (ID 824 |ParentID 680)
C:\Windows\system32\svchost.exe (ID 912 |ParentID 728)
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (ID 968 |ParentID 728)
C:\Windows\system32\svchost.exe (ID 1076 |ParentID 728)
C:\Windows\System32\svchost.exe (ID 1184 |ParentID 728)
C:\Windows\System32\svchost.exe (ID 1236 |ParentID 728)
C:\Windows\system32\svchost.exe (ID 1264 |ParentID 728)
C:\Windows\system32\svchost.exe (ID 1296 |ParentID 728)
C:\Windows\system32\svchost.exe (ID 1412 |ParentID 728)
C:\Windows\system32\svchost.exe (ID 1512 |ParentID 728)
C:\Windows\system32\FBAgent.exe (ID 1632 |ParentID 728)
C:\Windows\system32\WLANExt.exe (ID 1640 |ParentID 1236)
C:\Windows\system32\conhost.exe (ID 1648 |ParentID 600)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID 1704 |ParentID 728)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID 1764 |ParentID 728)
C:\Windows\System32\spoolsv.exe (ID 1896 |ParentID 728)
C:\Windows\system32\svchost.exe (ID 1940 |ParentID 728)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1964 |ParentID 728)
C:\Windows\system32\taskhost.exe (ID 2196 |ParentID 728)
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (ID 2228 |ParentID 2212)
C:\Windows\system32\Dwm.exe (ID 2304 |ParentID 1236)
C:\Windows\Explorer.EXE (ID 2360 |ParentID 2272)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 2564 |ParentID 728)
C:\Windows\system32\taskeng.exe (ID 2572 |ParentID 1296)
C:\Windows\system32\taskeng.exe (ID 2620 |ParentID 1296)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID 2628 |ParentID 2572)
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ID 2644 |ParentID 2572)
C:\Program Files\ASUS\P4G\BatteryLife.exe (ID 2700 |ParentID 2572)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID 2712 |ParentID 2620)
C:\Windows\SysWOW64\ACEngSvr.exe (ID 2844 |ParentID 912)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID 2872 |ParentID 1704)
C:\Windows\System32\igfxtray.exe (ID 2944 |ParentID 2360)
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ID 2968 |ParentID 728)
C:\Program Files\Bonjour\mDNSResponder.exe (ID 3016 |ParentID 728)
C:\Windows\system32\svchost.exe (ID 3048 |ParentID 728)
C:\Program Files (x86)\PDF Architect\HelperService.exe (ID 2080 |ParentID 728)
C:\Windows\System32\hkcmd.exe (ID 116 |ParentID 2360)
C:\Windows\System32\igfxpers.exe (ID 2680 |ParentID 2360)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 2140 |ParentID 2360)
C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID 2128 |ParentID 728)
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID 3088 |ParentID 2360)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 3228 |ParentID 2360)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID 3304 |ParentID 2360)
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (ID 3332 |ParentID 2360)
C:\Program Files\Windows Sidebar\sidebar.exe (ID 3364 |ParentID 2360)
C:\Windows\System32\wscript.exe (ID 3392 |ParentID 2360)
C:\Windows\system32\svchost.exe (ID 3608 |ParentID 728)
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (ID 3648 |ParentID 728)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3712 |ParentID 728)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3940 |ParentID 3712)
C:\Windows\system32\svchost.exe (ID 2044 |ParentID 728)
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID 3580 |ParentID 2360)
C:\Windows\system32\SearchIndexer.exe (ID 4240 |ParentID 728)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID 4456 |ParentID 2140)
C:\Windows\AsScrPro.exe (ID 4592 |ParentID 1632)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID 4720 |ParentID 1632)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 4884 |ParentID 1632)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4976 |ParentID 912)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4984 |ParentID 912)
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ID 5096 |ParentID 3400)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID 3468 |ParentID 3400)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID 4104 |ParentID 3400)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID 3108 |ParentID 3400)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 3800 |ParentID 3400)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 3772 |ParentID 3400)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 2020 |ParentID 728)
C:\Program Files\iPod\bin\iPodService.exe (ID 5396 |ParentID 728)
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ID 5736 |ParentID 2968)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID 5964 |ParentID 2872)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ID 5516 |ParentID 2872)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID 5212 |ParentID 2872)
C:\Windows\System32\svchost.exe (ID 6556 |ParentID 728)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 6876 |ParentID 728)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 2608 |ParentID 728)
C:\Windows\system32\DllHost.exe (ID 1424 |ParentID 912)
C:\Windows\System32\WUDFHost.exe (ID 7004 |ParentID 1236)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6984 |ParentID 3132)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3756 |ParentID 6984)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4968 |ParentID 6984)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5024 |ParentID 6984)
C:\UsbFix\Go.exe (ID 8380 |ParentID 8352)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
HKLM\SOFTWARE | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
HKLM\SOFTWARE\wow6432Node | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [dxrpdiag] - wscript.exe //B "C:\Users\User\AppData\Local\Temp\dxrpdiag.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | à‰léments infectieux |

Présent! F:\dxrpdiag.vbs
Présent! C:\Users\User\AppData\Local\Temp\dxrpdiag.vbs
Présent! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxrpdiag.vbs
Présent! F:\Autre.lnk
Présent! F:\Hygiène.lnk
Présent! F:\Chimie générale.lnk

################## | Registre |

Présent! HKU\S-1-5-21-1747940908-1875828394-673419322-1000\Software\Microsoft\Windows\CurrentVersion\Run|dxrpdiag
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dxrpdiag
Présent! HKU\S-1-5-21-1747940908-1875828394-673419322-1000\Software\Microsoft\Windows\CurrentVersion\Run|dxrpdiag
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dxrpdiag
Présent! HKU\S-1-5-21-1747940908-1875828394-673419322-1000\Software\Microsoft\Windows\CurrentVersion\Run|dxrpdiag
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dxrpdiag


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
Avatar du membre

Re: Rapport UsbFix

par H.A.W.X
 dim. 20 oct. 2013 17:06 #12143
Bonjour :)

On passe à  la suppression pour UsbFix ;)
  • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisi l'option Suppression

    Note : Si UsbFix bloque à  14%, démarrer en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse

Veux tu que l'on vérifie si tu as d'autres infections ? :)
Avatar du membre

Re: Rapport UsbFix

par Amandine
 dim. 20 oct. 2013 17:18 #12150
Voici le nouveau rapport UsbFix (clean).
Je suis d'accord de vérifier s'il y a d'autres infections.

Amandine.

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: User (Administrateur) # USER-PC
Mis à  jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à  17:10:00 | 20/10/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: ASUSTeK Computer Inc. (K54C)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 4000 | Free : 1932]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Bitdefender Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 186 Go (108 Go libre(s) - 58%) [OS] # NTFS
D:\ -> Disque fixe # 254 Go (210 Go libre(s) - 82%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 958 Mo (932 Mo libre(s) - 97%) [] # FAT32

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
HKLM\SOFTWARE | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
HKLM\SOFTWARE\wow6432Node | Run : [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1747940908-1875828394-673419322-1000\SOFTWARE | Run : [dxrpdiag] - wscript.exe //B "C:\Users\User\AppData\Local\Temp\dxrpdiag.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (ID 968 |ParentID 728)
Stoppé! C:\Windows\system32\FBAgent.exe (ID 1632 |ParentID 728)
Stoppé! C:\Windows\system32\WLANExt.exe (ID 1640 |ParentID 1236)
Stoppé! C:\Windows\system32\conhost.exe (ID 1648 |ParentID 600)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ID 1704 |ParentID 728)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ID 1764 |ParentID 728)
Stoppé! C:\Windows\System32\spoolsv.exe (ID 1896 |ParentID 728)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1964 |ParentID 728)
Stoppé! C:\Windows\system32\taskhost.exe (ID 2196 |ParentID 728)
Stoppé! C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (ID 2228 |ParentID 2212)
Stoppé! C:\Windows\Explorer.EXE (ID 2360 |ParentID 2272)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 2564 |ParentID 728)
Stoppé! C:\Windows\system32\taskeng.exe (ID 2572 |ParentID 1296)
Stoppé! C:\Windows\system32\taskeng.exe (ID 2620 |ParentID 1296)
Stoppé! C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID 2628 |ParentID 2572)
Stoppé! C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ID 2644 |ParentID 2572)
Stoppé! C:\Program Files\ASUS\P4G\BatteryLife.exe (ID 2700 |ParentID 2572)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ID 2712 |ParentID 2620)
Stoppé! C:\Windows\SysWOW64\ACEngSvr.exe (ID 2844 |ParentID 912)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ID 2872 |ParentID 1704)
Stoppé! C:\Windows\System32\igfxtray.exe (ID 2944 |ParentID 2360)
Stoppé! C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ID 2968 |ParentID 728)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (ID 3016 |ParentID 728)
Stoppé! C:\Program Files (x86)\PDF Architect\HelperService.exe (ID 2080 |ParentID 728)
Stoppé! C:\Windows\System32\hkcmd.exe (ID 116 |ParentID 2360)
Stoppé! C:\Windows\System32\igfxpers.exe (ID 2680 |ParentID 2360)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 2140 |ParentID 2360)
Stoppé! C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID 2128 |ParentID 728)
Stoppé! C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID 3088 |ParentID 2360)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 3228 |ParentID 2360)
Stoppé! C:\Program Files (x86)\Skype\Phone\Skype.exe (ID 3304 |ParentID 2360)
Stoppé! C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (ID 3332 |ParentID 2360)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID 3364 |ParentID 2360)
Stoppé! C:\Windows\System32\wscript.exe (ID 3392 |ParentID 2360)
Stoppé! C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (ID 3648 |ParentID 728)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3712 |ParentID 728)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3940 |ParentID 3712)
Stoppé! C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID 3580 |ParentID 2360)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID 4240 |ParentID 728)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID 4456 |ParentID 2140)
Stoppé! C:\Windows\AsScrPro.exe (ID 4592 |ParentID 1632)
Stoppé! C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID 4720 |ParentID 1632)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 4884 |ParentID 1632)
Stoppé! C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ID 5096 |ParentID 3400)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ID 3468 |ParentID 3400)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ID 4104 |ParentID 3400)
Stoppé! C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID 3108 |ParentID 3400)
Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 3800 |ParentID 3400)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 3772 |ParentID 3400)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 2020 |ParentID 728)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (ID 5396 |ParentID 728)
Stoppé! C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ID 5736 |ParentID 2968)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ID 5964 |ParentID 2872)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ID 5516 |ParentID 2872)
Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ID 5212 |ParentID 2872)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 6876 |ParentID 728)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 2608 |ParentID 728)
Stoppé! C:\Windows\system32\DllHost.exe (ID 1424 |ParentID 912)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID 7004 |ParentID 1236)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6984 |ParentID 3132)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3756 |ParentID 6984)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4968 |ParentID 6984)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5024 |ParentID 6984)

################## | à‰léments infectieux |

Supprimé! F:\dxrpdiag.vbs
Supprimé! C:\Users\User\AppData\Local\Temp\dxrpdiag.vbs
Supprimé! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxrpdiag.vbs
Supprimé! F:\Autre.lnk
Supprimé! F:\Hygiène.lnk
Supprimé! F:\Chimie générale.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-1747940908-1875828394-673419322-1000\Software\Microsoft\Windows\CurrentVersion\Run|dxrpdiag

################## | Listing |

[23/09/2013 - 22:49:14 | SHD ] C:\$Recycle.Bin
[20/10/2013 - 15:07:30 | D ] C:\ASUS.DAT
[11/10/2011 - 13:18:45 | N | 44] C:\ASUS.md5
[19/10/2011 - 06:34:37 | D ] C:\AsusVibeData
[19/10/2013 - 23:04:41 | N | 418061] C:\bdlog.txt
[29/07/2009 - 08:03:34 | SHD ] C:\Boot
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[29/07/2009 - 08:03:37 | RASH | 8192] C:\BOOTSECT.BAK
[23/03/2012 - 19:54:24 | N | 13386] C:\devlist.txt
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[23/03/2012 - 19:41:34 | D ] C:\eSupport
[23/03/2012 - 19:54:24 | N | 9] C:\Finish.log
[20/10/2013 - 15:06:25 | ASH | 3145826304] C:\hiberfil.sys
[23/03/2012 - 19:35:46 | D ] C:\Intel
[03/11/2011 - 04:16:26 | N | 2621440] C:\K54C.BIN
[21/12/2011 - 09:50:59 | N | 19] C:\K54C_WIN7.30
[31/08/2012 - 14:26:11 | RHD ] C:\MSOCache
[23/05/2013 - 14:26:04 | D ] C:\narbonne été 2012
[20/10/2013 - 15:06:31 | ASH | 4194435072] C:\pagefile.sys
[23/03/2012 - 20:55:46 | N | 303] C:\Pass.txt
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[27/08/2013 - 23:14:10 | D ] C:\Program Files
[12/10/2013 - 15:48:14 | D ] C:\Program Files (x86)
[27/08/2013 - 23:14:09 | HD ] C:\ProgramData
[31/08/2012 - 11:13:44 | SHD ] C:\Recovery
[21/12/2011 - 09:50:59 | N | 6] C:\RECOVERY.DAT
[23/03/2012 - 19:40:14 | N | 2532] C:\RHDSetup.log
[30/08/2011 - 07:00:22 | N | 1083] C:\setup.iss
[11/10/2013 - 17:00:19 | SHD ] C:\System Volume Information
[20/10/2013 - 17:10:49 | D ] C:\UsbFix
[20/10/2013 - 17:12:04 | A | 12349] C:\UsbFix [Clean 1] USER-PC.txt
[20/10/2013 - 16:54:14 | N | 12210] C:\UsbFix [Scan 2] USER-PC.txt
[31/08/2012 - 11:15:41 | RD ] C:\Users
[27/08/2013 - 21:14:19 | D ] C:\Windows
[31/08/2012 - 11:16:26 | SHD ] D:\$RECYCLE.BIN
[11/09/2013 - 18:10:39 | D ] D:\2013-07-14
[20/10/2013 - 16:11:56 | D ] D:\Amandine
[11/09/2013 - 18:12:07 | D ] D:\Amsterdam ludo
[15/10/2013 - 15:32:04 | N | 36125224] D:\Anat.pdf
[15/10/2013 - 15:58:14 | N | 7070529] D:\Bio.pdf
[18/09/2013 - 22:16:17 | D ] D:\Camp baladin 2013 Jalhay
[13/09/2013 - 09:16:21 | D ] D:\Copie clé bis
[17/03/2013 - 12:32:59 | D ] D:\Copie Clé usb
[18/09/2013 - 22:21:35 | D ] D:\Copie clé usb verte
[16/09/2013 - 21:51:25 | N | 13373] D:\escalade voile stage réponse.docx
[27/08/2013 - 20:29:33 | D ] D:\Firefox
[11/09/2013 - 18:06:50 | D ] D:\Francofolies 2013
[22/09/2013 - 21:42:25 | D ] D:\Haute Ecole Charemagne
[21/09/2013 - 15:14:28 | D ] D:\Hollande 2013
[06/09/2013 - 14:14:26 | D ] D:\Horaires de bus
[18/09/2013 - 22:16:24 | D ] D:\Impression recto_verso couleur
[29/09/2013 - 16:46:45 | N | 13190] D:\message Alice.docx
[18/09/2013 - 17:58:33 | D ] D:\Porte ouverte Bras-sur-Lienne Hélicopthère
[01/09/2012 - 02:16:27 | SHD ] D:\System Volume Information
[26/09/2013 - 07:51:20 | N | 194215] D:\tableau_descriptif_alter_ang_sept.pdf
[11/09/2013 - 18:04:23 | D ] D:\ULg
[29/09/2013 - 16:11:39 | D ] D:\Wallangue
[01/06/2013 - 12:41:01 | N | 162] D:\~$sum__Bio-2.doc
[18/09/2013 - 22:25:22 | D ] F:\Autre
[08/10/2013 - 14:57:50 | D ] F:\Chimie générale
[08/10/2013 - 14:58:42 | D ] F:\Hygiène

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
Avatar du membre

Re: Rapport UsbFix

par H.A.W.X
 dim. 20 oct. 2013 17:28 #12162
OK pour ton rapport :) Voici comment faire pour vérifier si ton PC est sain :
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à  été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Avatar du membre

Re: Rapport UsbFix

par Amandine
 dim. 20 oct. 2013 17:53 #12177
Je ne parviens pas à  héberger le fichier ZHPDiag.txt créé.

Je me permets d'en joindre une copie ci dessous.

~ Rapport de ZHPDiag v2013.10.20.55 - Nicolas Coolman (20/10/2013)
~ Lancé par User (20/10/2013 17:38:27)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à  la désinfection : https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v30.0.1599.101 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Bitdefender Antivirus Plus 2012 v15.0.38
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 7
Java 7 Update 25

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4000 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 110 GB (59%) free of 186 GB

---\\ Mode de connexion au système
~ Computer Name: USER-PC
~ User Name: User
~ All Users Names: User, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 110 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 210 Go of 254 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.19/10/2011 - 03:54:37.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d&#130;ouverture de session Windows.) (.20/11/2010 - 14:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.19/10/2011 - 04:02:02.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/10/2011 - 03:34:22.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2213
~ Mes musiques (My Musics) : 21/351
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 1/12
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.396]
[MD5.DD425C93255671A5FE81A95E686C03D7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8111104] [PID.7284]
[MD5.7F32D4C47A50E7223491E8FB9359907D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.3956]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.8024]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 12 Legitimates Filtered in 00mn 15s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.amazon.com
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [User]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [User]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [User]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [User]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe https://www.sosvirus.net
O4 - GS\Desktop [User]: SosVirus sur Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe https://www.facebook.com
O4 - GS\Desktop [User]: SyncBack.lnk . (.2BrightSparks - SyncBack.) -- C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe
~ Global Startup: 83 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. - AsusVibe Application.) -- C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - GS\Startup [Public]: FancyStart daemon.lnk . (...) -- C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
O4 - GS\Startup [User]: OneNote 2010 - Capture d&#130;écran et lancement.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [BDAgent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Nuance PDF Reader-reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [SonicMasterTray] . (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [Wireless Console 3] . (.ASUS - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1747940908-1875828394-673419322-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1747940908-1875828394-673419322-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-1747940908-1875828394-673419322-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à  OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5197450C-D2E3-4406-903C-188BC9CDD605}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5197450C-D2E3-4406-903C-188BC9CDD605}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{5197450C-D2E3-4406-903C-188BC9CDD605}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5197450C-D2E3-4406-903C-188BC9CDD605}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{5197450C-D2E3-4406-903C-188BC9CDD605}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5197450C-D2E3-4406-903C-188BC9CDD605}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tàches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [294]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/11/2012 - 21:21:31 - [0] ----D C:\Program Files (x86)\GUM5BB6.tmp
O43 - CFD: 7/11/2012 - 15:48:14 - [0] ----D C:\ProgramData\Ask
~ 23 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 176 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0BB54D9E9E75C4164057C5A62F3F81DA] - 19/10/2013 - 22:04:41 ----- . (...) -- C:\bdlog.txt [418061]
O44 - LFC:[MD5.558505425CEB933316110AEF6733B567] - 20/10/2013 - 15:54:14 ----- . (...) -- C:\UsbFix [Scan 2] USER-PC.txt [12210]
O44 - LFC:[MD5.07D3C710D652A94F6002AE8BFAA95419] - 20/10/2013 - 16:12:05 ---A- . (...) -- C:\UsbFix [Clean 1] USER-PC.txt [14305]
~ Files: 95 Legitimates Filtered in 00mn 41s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.407C9285FF75CA61F9B1ADFB47940EA8] - 14/10/2013 - 20:55:52 ---A- - C:\Windows\Prefetch\EREG.EXE-26A8197A.pf
O45 - LFCP:[MD5.758F89C6B9E8C11D524F653342FF60F6] - 15/10/2013 - 19:33:18 ---A- - C:\Windows\Prefetch\SISOFTWARE-SANDRA-LITE-2010_S-429F671E.pf
O45 - LFCP:[MD5.C5034E80150D6514C15E7C67FDAABF70] - 15/10/2013 - 19:33:18 ---A- - C:\Windows\Prefetch\SISOFTWARE-SANDRA-LITE-2010_S-57B520FF.pf
O45 - LFCP:[MD5.4958BB53E7B5AE97BEC3F3251F1EF61B] - 17/10/2013 - 19:24:23 ---A- - C:\Windows\Prefetch\INSTALLER.EXE-F13B2F53.pf
O45 - LFCP:[MD5.EFAEE13B0265621B7215433C5AA6C227] - 19/10/2013 - 21:01:00 ---A- - C:\Windows\Prefetch\WSCFIX.EXE-942E369F.pf
O45 - LFCP:[MD5.C1F5C0A2871587091A342F656705E17D] - 19/10/2013 - 21:54:19 ---A- - C:\Windows\Prefetch\30.0.1599.101_30.0.1599.69_CH-7B6685BA.pf
O45 - LFCP:[MD5.D346060F3E85AB5BCB29723FB1EB47C9] - 20/10/2013 - 16:10:00 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 18/10/2013 - 17:40:17 ---A- . (...) -- C:\Users\User\Downloads\Bull_Vir_Prem_Sec_2013.pdf [1208220]
O61 - LFC: 20/10/2013 - 17:39:59 ---A- . (...) -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [257418]
O61 - LFC: 20/10/2013 - 17:40:05 ---A- . (...) -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State [45120]
O61 - LFC: 20/10/2013 - 17:40:15 ---A- . (...) -- C:\Users\User\AppData\Roaming\ZHP\Log.txt [18632] =>.Nicolas Coolman
O61 - LFC: 20/10/2013 - 17:40:15 ---A- . (...) -- C:\Users\User\AppData\Roaming\ZHP\TestsZHPDiag.txt [2832] =>.Nicolas Coolman
O61 - LFC: 20/10/2013 - 17:40:15 ---A- . (...) -- C:\Users\User\AppData\Roamingprivacy.xml [376]
~ 12 Fichiers temporaires (Temporary files)
~ Files: 135 Legitimates Filtered in 00mn 28s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - https://www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {58C75D89-E1D5-4B9B-B66A-8E7563338B48} - (Ask Search) - https://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.2190D4D7F61A438E1BCA9CF9651EE587] [SPRF][31/08/2012] (...) -- C:\ProgramData\1346412669.bdinstall.bin [304572]
[MD5.9EC0FF48E79E5F345022464E2A7CE61D] [SPRF][9/06/2013] (...) -- C:\ProgramData\1370805510.bdinstall.bin [35107]
[MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][6/10/2010] (...) -- C:\ProgramData\FullRemove.exe [131984]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{139A087B-C92C-4B75-A696-9E865D089BF9}C:\windows\kmsemulator.exe" | In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "UDP Query User{D9E23DE7-32DC-4F88-AC68-87F59A965700}C:\windows\kmsemulator.exe" | In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe
~ Firewall: 210 Legitimates Filtered in 00mn 01s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 8/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 4/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SS - | Auto 1/12/2011 92800 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
SS - | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SS - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 16/11/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/11/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/11/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 21/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 22/11/2012 1522312 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files (x86)\PDF Architect\HelperService.exe
SS - | Auto 22/11/2012 905864 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files (x86)\PDF Architect\ConversionService.exe
SS - | Auto 21/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/10/2011 466736 | (Update Server) . (.BitDefender.) - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
SR - | Auto 31/08/2012 67904 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
SR - | Auto 13/12/2012 1957912 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 28s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by User at 20/10/2013 17:41:44
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by User at 20/10/2013 17:41:46

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (20/10/2013)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 288466 Items scanned in 00mn 19s



---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blo ... oolbar-ask =>Toolbar.Ask
~ https://nicolascoolman.webs.com/apps/blo ... olbar-bing =>Toolbar.Bing
~ MSI: 2 link(s) detected in 00mn 19s



~ 1561 Legitimates filtered by white list
End of the scan (453 lines in 03mn 38s)(0)
Avatar du membre

Re: Rapport UsbFix

par Amandine
 dim. 20 oct. 2013 18:46 #12189
Pouvez-vous m'indiquer s'il y a encore des opérations à  effectuer ? Il y a à  peu près 45 minutes que je n'ai plus de réponse.
Merci d'avance.

Amandine.
Avatar du membre

Re: Rapport UsbFix

par El Desaparecido
 dim. 20 oct. 2013 18:57 #12191
Hello Amandine :hello: ,
Pouvez-vous m'indiquer s'il y a encore des opérations à  effectuer ? Il y a à  peu près 45 minutes que je n'ai plus de réponse.
Nous aussi on a une vie privée Amandine .... et là  c'est dimanche 19H , heure de l'apéro et de préparer le diner ..

Ton sujet est quasi terminé ceci dit :)

Regarde dans panneau de configuration -> programmes et fonctionnalité , si tu as ceci dans la liste : Ask ou ask toolbar.
Si c'est le cas , désinstalle le et dis moi :)
Avatar du membre

Re: Rapport UsbFix

par Amandine
 dim. 20 oct. 2013 19:09 #12194
Désolée :shame: , merci pour votre disponibilité.
Je n'ai ni Ask ni Ask Toolbar.

Amandine
Avatar du membre

Re: Rapport UsbFix

par El Desaparecido
 dim. 20 oct. 2013 19:18 #12198
Désinstal ces deux versions de java :

Java 7 Update 7
Java 7 Update 25

Installe la dernière mise à  jours java : https://www.java.com/fr/download/
Installe la dernière mise à  jours Adobe reader : https://get.adobe.com/fr/reader/ ( décoche Google Chrome )
  • Séléctionne et copie le script suivant :
    Script ZHPFix
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
    O69 - SBI: SearchScopes [HKCU] {58C75D89-E1D5-4B9B-B66A-8E7563338B48} - (Ask Search) - https://websearch.ask.com
    [HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
    C:\Users\User\AppData\Roamingprivacy.xml
    C:\ProgramData\Ask
    EmptyCLSID
    Emptytemp
    EmptyFlash
  • Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c'est le cas, Clic sur "GO"
    Image

    Image
  • Confirmes les nettoyages des données en cliquant sur "Oui"
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à  été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
 Répondre
 Retourner vers « Aide à  la désinfection - Forum Virus Sécurité »
navigateur qui plante

Bonjour, Pour commencer, nous allons éta[…]

LIRE LA SUITE
PC bloqué sur une image

salut à vous peut-être tester avec u[…]

LIRE LA SUITE
[RESOLU] Virus sur pc

Merci à vous pour l'aide :)

LIRE LA SUITE
[RESOLU] PC qui lag et beaucoup de pubs

Mimisuitou N' installez pas de cracks sur votre […]

LIRE LA SUITE
VOIR PLUS DE SUJETS