Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#3397
Re,

J'ai conservé USBfix de côté.
J'ai lancé ROGUEKILLER, voici le rapport après suppression:
RogueKiller V8.4.0 [Dec 18 2012] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion- ... ntees.html" onclick="window.open(this.href);return false;
Site Web : http://www.sur-la-toile.com/RogueKiller/" onclick="window.open(this.href);return false;
Blog : http://tigzyrk.blogspot.com/" onclick="window.open(this.href);return false;

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : ludivine [Droits d'admin]
Mode : Suppression -- Date : 23/04/2013 13:22:20

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++
--- User ---
[MBR] d6bd5b9b940487c72b88ebd59ad4d4e0
[BSP] bef4027388ba5aad3aeb9b7da2f8776e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 464545 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HTS541680J9SA00 USB Device +++++
--- User ---
[MBR] 7f7b3bcdcf08ee3733aad7e353c7d3df
[BSP] 86d0b758eeef503d1d43a0774f7a9062 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[2]_D_23042013_132220.txt >>
RKreport[1]_S_23042013_132135.txt ; RKreport[2]_D_23042013_132220.txt
#3398
re

OK

Relance ZHPDiag, et héberge son nouveau rapport
#3402
Re

Avec l'Explorateur Windows, cherche et supprime =>
C:\program files (x86)\bearshare applications
Vide ta corbeille

Poste les deux rapports de USBFix par un copier/coller =>
C:\UsbFix [Clean 2] LUDIVINE-PC.txt
C:\UsbFix [Clean 1] LUDIVINE-PC.txt
#3403
Re,

Je n'ai aucun programme du nom de bearshare applications dans program Files (x86)
La corbeille est vidée.
Ci-dessous les deux rapports:
UBB Fix Clean 1:
############################## | UsbFix V 7.123 | [Suppression]

Utilisateur: ludivine (Administrateur) # LUDIVINE-PC
Mis à  jour le 19/04/2013 par El Desaparecido
Lancé à  23:11:41 | 22/04/2013

Site Web: http://sosvirus.org/" onclick="window.open(this.href);return false;
Upload Malware: http://upload.sosvirus.org/" onclick="window.open(this.href);return false;
Contact: contact@sosvirus.org

PC: Acer (Aspire 7715Z ) (x64-based PC)
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz (2200)
RAM -> [Total : 4026 | Free : 2682]
BIOS: InsydeH2O Version V3.03
BOOT: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 454 Go (288 Go libre(s) - 64%) [Acer] # NTFS
D:\ -> CD-ROM

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [OPTENET_GUI] - C:\PROGRA~2\CONTRO~1\bin\optgui.exe
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [EgisTecLiveUpdate] - "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [OPTENET_GUI] - C:\PROGRA~2\CONTRO~1\bin\optgui.exe
HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [EgisTecLiveUpdate] - "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [orangeinside] - C:\Users\ludivine\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [MailNotifier] - C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:\Windows\Explorer.EXE (1152)
Stoppé! C:\Windows\System32\spoolsv.exe (1352)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1428)
Stoppé! C:\Windows\PLFSetI.exe (1436)
Stoppé! C:\Windows\System32\igfxpers.exe (1456)
Stoppé! C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (1464)
Stoppé! C:\Windows\system32\taskhost.exe (1492)
Stoppé! C:\Windows\system32\igfxsrvc.exe (1580)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1732)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1776)
Stoppé! C:\Windows\System32\igfxtray.exe (1824)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (1832)
Stoppé! C:\Windows\System32\hkcmd.exe (1844)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (1856)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (1916)
Stoppé! C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (2040)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1744)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (896)
Stoppé! C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (964)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2160)
Stoppé! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2344)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2432)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2464)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2812)
Stoppé! C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe (2932)
Stoppé! C:\Windows\system32\SearchIndexer.exe (3040)
Stoppé! C:\Program Files (x86)\Controle Parental\bin\OPTGui.exe (3048)
Stoppé! C:\Program Files (x86)\Launch Manager\LManager.exe (2504)
Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (3032)
Stoppé! C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (2924)
Stoppé! C:\Windows\system32\igfxext.exe (3416)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (3740)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (3856)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (3404)
Stoppé! C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (1068)
Stoppé! C:\Windows\system32\taskeng.exe (2140)

################## | à‰léments infectieux |


USBFix Clean 2:
############################## | UsbFix V 7.123 | [Suppression]

Utilisateur: ludivine (Administrateur) # LUDIVINE-PC
Mis à  jour le 19/04/2013 par El Desaparecido
Lancé à  11:50:52 | 23/04/2013

Site Web: http://sosvirus.org/" onclick="window.open(this.href);return false;
Upload Malware: http://upload.sosvirus.org/" onclick="window.open(this.href);return false;
Contact: contact@sosvirus.org

PC: Acer (Aspire 7715Z ) (x64-based PC)
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz (2200)
RAM -> [Total : 4026 | Free : 2759]
BIOS: InsydeH2O Version V3.03
BOOT: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 454 Go (288 Go libre(s) - 64%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 75 Go (18 Go libre(s) - 24%) [] # NTFS

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [OPTENET_GUI] - C:\PROGRA~2\CONTRO~1\bin\optgui.exe
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [EgisTecLiveUpdate] - "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [OPTENET_GUI] - C:\PROGRA~2\CONTRO~1\bin\optgui.exe
HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [EgisTecLiveUpdate] - "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [orangeinside] - C:\Users\ludivine\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2496602305-358690197-2041390401-1001\SOFTWARE | Run : [MailNotifier] - C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:\Windows\System32\spoolsv.exe (1196)
Stoppé! C:\Windows\system32\taskhost.exe (1396)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1436)
Stoppé! C:\Windows\system32\taskeng.exe (1532)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1736)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (1776)
Stoppé! C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (1968)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (2020)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (1032)
Stoppé! C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (1328)
Stoppé! C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe (1332)
Stoppé! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1852)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1256)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2064)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2080)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2224)
Stoppé! C:\Windows\PLFSetI.exe (2336)
Stoppé! C:\Windows\System32\igfxpers.exe (2356)
Stoppé! C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (2364)
Stoppé! C:\Windows\System32\igfxtray.exe (2372)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (2392)
Stoppé! C:\Windows\System32\hkcmd.exe (2400)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (2408)
Stoppé! C:\Windows\system32\igfxsrvc.exe (2460)
Stoppé! C:\Windows\system32\SearchIndexer.exe (2984)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (2076)
Stoppé! C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe (1644)
Stoppé! C:\Program Files (x86)\Controle Parental\bin\OPTGui.exe (2932)
Stoppé! C:\Program Files (x86)\Launch Manager\LManager.exe (2704)
Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (1916)
Stoppé! C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (3076)
Stoppé! C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (3108)
Stoppé! C:\Windows\system32\igfxext.exe (3484)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (3704)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (3876)
Stoppé! C:\Windows\system32\sppsvc.exe (2856)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (352)
Stoppé! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (1412)

################## | à‰léments infectieux |
#3404
Re

OK
As tu réinitialisé complètement ta box ?
Fait le sinon
Branche ce portable en RJ45 sur la box
Est-elle reconnue dans la configuration réseau de ta box ?
#3406
la connexion Internet s'est faite, mais toujours impossible d'aller sur le net
Merci d'être plus précis !
Je ne suis pas devin :hein:
Que veux-tu dire par impossible d'aller sur le Web, puisque tu es connecté ?
Quel message d'erreur ?

En attente de tes réponses
#3407
Désolé,

En fait, le PC en bas à  droite m'indique que je suis connecté avec accès internet.
Par contre, quand je lance internet, message d'erreur, Internet explorer ne peut pas afficher cette page web.
Donc le PC me dit que j'ai internet, mais impossible d'aller sur le Web
infection incredimail Mystart

https://www.cjoint.com/c/IKttYOfaDpS voilà […]

lien renvoyant vers un site

bonjour encore ce probleme recurrent du lien de […]

Merci El Magnifico Un peu de pédagogie ne n[…]

bonsoir pas de suite , je ferme