15 sujets de 1 à 15 (sur un total de 28)
  • Auteur
    Messages
  • carole06
    Participant
    Nombre d'articles : 13

    Bonjour,
    Ma clé usb a été infectée. Je suis passée par usbfix pour son analyse et je voudrai la nettoyer. Pour cela j’aurai besoin de votre aide.
    Est-ce qu’il vous faut le rapport d’analyse qui doit être apparemment dans mon disque dur ?
    Par ailleurs, j’ai désinstallé avast, condition pour qu’ usbfix puisse analyser la clé. A quel moment est-ce que je peux réinstaller le logiciel ?Merci pour vos réponses et votre aide.

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    :hello: carole06 et :welcome: sur sosvirus

    je vais te prendre en charge et résoudre ton soucis :)

    peux-tu poster le rapport d’usbfix s’il te plaît

    :merci2:

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    :hello: carole06,

    [norephelpe:ij4by98o][/norephelpe:ij4by98o]

    carole06
    Participant
    Nombre d'articles : 13

    Bonjour Billmaxime,

    Je te remercie pour ton aide. Voici le rapport d’Usbfix. Je vais rester rester vigilante quant à ta réponse.
    Bonne journée.

    ############################## | UsbFix V 7.169 | [Recherche]

    Utilisateur: Louisa (Administrateur) # LOUISA-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 17:51:57 | 02/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (143A)
    CPU: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
    RAM -> [Total : 3894 Mo| Free : 1762 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17105
    WB: Google Chrome : 34.0.1847.131

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AS: Windows Defender [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 451 Go (300 Go libre(s) – 66%) [] # NTFS
    D: -> Disque fixe # 14 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
    E: -> Disque fixe # 99 Mo (91 Mo libre(s) – 92%) [HP_TOOLS] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (95 Mo libre(s) – 2%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 484 |ParentID: 440)
    C:Windowssystem32wininit.exe (ID: 560 |ParentID: 440)
    C:Windowssystem32csrss.exe (ID: 576 |ParentID: 552)
    C:Windowssystem32services.exe (ID: 608 |ParentID: 560)
    C:Windowssystem32lsass.exe (ID: 632 |ParentID: 560)
    C:Windowssystem32lsm.exe (ID: 640 |ParentID: 560)
    C:Windowssystem32winlogon.exe (ID: 672 |ParentID: 552)
    C:Windowssystem32svchost.exe (ID: 788 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 888 |ParentID: 608)
    C:Windowssystem32atiesrxx.exe (ID: 936 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 1008 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 396 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 556 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 804 |ParentID: 608)
    C:Windowssystem32atieclxx.exe (ID: 1204 |ParentID: 936)
    C:Windowssystem32svchost.exe (ID: 1220 |ParentID: 608)
    C:Windowssystem32WLANExt.exe (ID: 1336 |ParentID: 396)
    C:Windowssystem32conhost.exe (ID: 1352 |ParentID: 484)
    C:WindowsSystem32spoolsv.exe (ID: 1552 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 1580 |ParentID: 608)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1664 |ParentID: 608)
    C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1792 |ParentID: 608)
    C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (ID: 1848 |ParentID: 608)
    C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1896 |ParentID: 608)
    C:Program FilesHewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1956 |ParentID: 608)
    C:Program Files (x86)Jumpstartjswpbapi.exe (ID: 1980 |ParentID: 608)
    C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 2124 |ParentID: 608)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 2148 |ParentID: 608)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 2404 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 2452 |ParentID: 608)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2520 |ParentID: 608)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2616 |ParentID: 2520)
    C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 2744 |ParentID: 608)
    C:Windowssystem32taskhost.exe (ID: 2776 |ParentID: 608)
    C:Windowssystem32Dwm.exe (ID: 2856 |ParentID: 396)
    C:WindowsExplorer.EXE (ID: 2916 |ParentID: 2832)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2820 |ParentID: 608)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2940 |ParentID: 2916)
    C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (ID: 3020 |ParentID: 2916)
    C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID: 2100 |ParentID: 2916)
    C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe (ID: 3208 |ParentID: 2916)
    C:WindowsSystem32hkcmd.exe (ID: 3312 |ParentID: 2916)
    C:Windowssystem32igfxsrvc.exe (ID: 3356 |ParentID: 788)
    C:WindowsSystem32igfxpers.exe (ID: 3412 |ParentID: 2916)
    C:Program FilesJavajre6binjusched.exe (ID: 3472 |ParentID: 2916)
    C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 3636 |ParentID: 2916)
    C:Program FilesMcAfee Security Scan3.8.141SSScheduler.exe (ID: 3708 |ParentID: 2916)
    C:Program Files (x86)Javajre6binjusched.exe (ID: 3792 |ParentID: 3644)
    C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID: 3800 |ParentID: 3644)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3808 |ParentID: 3644)
    C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe (ID: 3940 |ParentID: 3644)
    C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 3288 |ParentID: 608)
    C:Windowssystem32SearchIndexer.exe (ID: 368 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 4040 |ParentID: 608)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 2440 |ParentID: 2940)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3632 |ParentID: 3748)
    C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID: 3372 |ParentID: 3564)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3704 |ParentID: 3632)
    C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 4264 |ParentID: 608)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 4604 |ParentID: 3552)
    C:Windowssystem32svchost.exe (ID: 2904 |ParentID: 608)
    C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe (ID: 3820 |ParentID: 608)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 2712 |ParentID: 608)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 4356 |ParentID: 608)
    C:Windowssystem32wbemwmiprvse.exe (ID: 1156 |ParentID: 788)
    C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe (ID: 4060 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 2316 |ParentID: 608)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4236 |ParentID: 788)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2160 |ParentID: 608)
    C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe (ID: 2852 |ParentID: 4604)
    C:Program FilesInternet Exploreriexplore.exe (ID: 4896 |ParentID: 2916)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 5012 |ParentID: 4896)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 6108 |ParentID: 4896)
    C:Windowssystem32MacromedFlashFlashUtil64_13_0_0_206_ActiveX.exe (ID: 5212 |ParentID: 788)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 5936 |ParentID: 4896)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 1044 |ParentID: 4896)
    C:WindowsSysWOW64DllHost.exe (ID: 3204 |ParentID: 788)
    C:Program FilesAVAST SoftwareAvastaswRunDll.exe (ID: 1268 |ParentID: 3204)
    C:Program FilesAVAST SoftwareAvastsetupavast.setup (ID: 8132 |ParentID: 1268)
    C:Windowssystem32taskhost.exe (ID: 7156 |ParentID: 608)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 8044 |ParentID: 4896)
    C:Windowssystem32taskeng.exe (ID: 7832 |ParentID: 804)
    c:program fileswindows defenderMpCmdRun.exe (ID: 8288 |ParentID: 8264)
    C:Windowssystem32SearchProtocolHost.exe (ID: 8928 |ParentID: 368)
    C:WindowsSystem32WUDFHost.exe (ID: 5760 |ParentID: 396)

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKCU..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKCU..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLM..Run : [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Javajre6binjusched.exe”
    04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : []
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [HOSTS Anti-Adware_PUPs] C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe
    04 – HKLM..RunOnce : []
    04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – [x64] HKLM..Run : [IAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
    04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
    04 – [x64] HKLM..Run : [RtkOSD] C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [SunJavaUpdateSched] “C:Program FilesJavajre6binjusched.exe”
    04 – [x64] HKLM..Run : [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! G:iTunesHelper.vbe
    Présent! G:autorun.lnk
    Présent! G:Etiquettes boites.lnk
    Présent! G:Boarding_Pass.lnk
    Présent! G:Etiquettes boites (2).lnk
    Présent! G:CartevisiteRégis.lnk
    Présent! G:Etiquettes boites 1.lnk
    Présent! G:CONTRAT DE LOCATION.lnk

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    :hello: carole06,

    ATTENTION:tu devrais libérer de l’espace sur ta clé usb
    G: -> Disque amovible # 4 Go (95 Mo libre(s) – 2%) [] # FAT32
    ====================================================================================

    le rapport n’est pas complet ^^ héberge le sur sosupload et poste le lien dans ta prochaine réponse

    le lien https://antimalware.top/” onclick=”window.open(this.href);return false;

    tu peux déjà désinstaller ceci:

    C:Program FilesMcAfee Security Scan3.8.141SSScheduler.exe

    les anciennes version de java (la dernière en date étant la Version 7 Update 55

    :merci2:

    carole06
    Participant
    Nombre d'articles : 13

    Bonjour Billmaxime,

    Voici le lien obtenu sur upload :
    https://antimalware.top/www/?a=d&i=chdPQj62CO” onclick=”window.open(this.href);return false;

    En parallèle, j’ai désinstallé les anciennes versions de Java et Mc Afee.
    Pour ce qui est de la clé usb, je voudrais la vider mais étant donné qu’elle est infestée et que je n’ai plus de logiciel anti virus, je crains
    de causer des problèmes si je la raccorde de nouveau à mon pc. Qu’en penses-tu ?

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    :hello: carole06,

    fait ceci et poste le rapport s’il te plaît, ensuite tu pourras récupérer les données de ta clé ;)

    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Suppression

      Note : L’ordinateur va redémarrer automatiquement, au redémarrage, clique sur le message transmis par UsbFix et laisse le programme travailler.

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    :merci2:

    carole06
    Participant
    Nombre d'articles : 13

    Je n’ai pas eu besoin de suivre toute la démarche. En espérant que cela a fonctionné.

    Voici le rapport :

    ############################## | UsbFix V 7.169 | [Suppression]

    Utilisateur: Louisa (Administrateur) # LOUISA-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 14:30:38 | 06/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (143A)
    CPU: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
    RAM -> [Total : 3894 Mo| Free : 1635 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17105
    WB: Google Chrome : 34.0.1847.131

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AS: Windows Defender [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 451 Go (299 Go libre(s) – 66%) [] # NTFS
    D: -> Disque fixe # 14 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
    E: -> Disque fixe # 99 Mo (91 Mo libre(s) – 92%) [HP_TOOLS] # FAT32
    F: -> CD-ROM

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 432 |ParentID: 384)
    C:Windowssystem32wininit.exe (ID: 500 |ParentID: 384)
    C:Windowssystem32csrss.exe (ID: 524 |ParentID: 508)
    C:Windowssystem32services.exe (ID: 556 |ParentID: 500)
    C:Windowssystem32lsass.exe (ID: 580 |ParentID: 500)
    C:Windowssystem32lsm.exe (ID: 588 |ParentID: 500)
    C:Windowssystem32winlogon.exe (ID: 644 |ParentID: 508)
    C:Windowssystem32svchost.exe (ID: 748 |ParentID: 556)
    C:Windowssystem32svchost.exe (ID: 828 |ParentID: 556)
    C:Windowssystem32atiesrxx.exe (ID: 876 |ParentID: 556)
    C:WindowsSystem32svchost.exe (ID: 948 |ParentID: 556)
    C:WindowsSystem32svchost.exe (ID: 1004 |ParentID: 556)
    C:Windowssystem32svchost.exe (ID: 308 |ParentID: 556)
    C:Windowssystem32svchost.exe (ID: 384 |ParentID: 556)
    C:Windowssystem32atieclxx.exe (ID: 1124 |ParentID: 876)
    C:Windowssystem32svchost.exe (ID: 1160 |ParentID: 556)
    C:Windowssystem32WLANExt.exe (ID: 1300 |ParentID: 1004)
    C:Windowssystem32conhost.exe (ID: 1308 |ParentID: 432)
    C:WindowsSystem32spoolsv.exe (ID: 1476 |ParentID: 556)
    C:Windowssystem32svchost.exe (ID: 1516 |ParentID: 556)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1588 |ParentID: 556)
    C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1628 |ParentID: 556)
    C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (ID: 1688 |ParentID: 556)
    C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1756 |ParentID: 556)
    C:Program FilesHewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1812 |ParentID: 556)
    C:Program Files (x86)Jumpstartjswpbapi.exe (ID: 1840 |ParentID: 556)
    C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1868 |ParentID: 556)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1900 |ParentID: 556)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 304 |ParentID: 556)
    C:Windowssystem32svchost.exe (ID: 1924 |ParentID: 556)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2084 |ParentID: 556)
    C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 2124 |ParentID: 556)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2176 |ParentID: 556)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2300 |ParentID: 2084)
    C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2468 |ParentID: 556)
    C:Windowssystem32svchost.exe (ID: 2684 |ParentID: 556)
    C:Windowssystem32taskhost.exe (ID: 2912 |ParentID: 556)
    C:Windowssystem32Dwm.exe (ID: 2064 |ParentID: 1004)
    C:WindowsSystem32rundll32.exe (ID: 1380 |ParentID: 748)
    C:WindowsExplorer.EXE (ID: 2492 |ParentID: 3044)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3036 |ParentID: 2492)
    C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (ID: 2896 |ParentID: 2492)
    C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID: 3000 |ParentID: 2492)
    C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe (ID: 456 |ParentID: 2492)
    C:WindowsSystem32igfxpers.exe (ID: 3120 |ParentID: 2492)
    C:Windowssystem32igfxsrvc.exe (ID: 3228 |ParentID: 748)
    C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 3260 |ParentID: 2492)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3532 |ParentID: 3036)
    C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID: 3580 |ParentID: 3268)
    C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe (ID: 3612 |ParentID: 3268)
    C:Windowssystem32SearchIndexer.exe (ID: 3868 |ParentID: 556)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 1224 |ParentID: 3548)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3496 |ParentID: 1224)
    C:Windowssystem32svchost.exe (ID: 1072 |ParentID: 556)
    C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe (ID: 3948 |ParentID: 556)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 1324 |ParentID: 556)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 3692 |ParentID: 556)
    C:Windowssystem32wbemwmiprvse.exe (ID: 2696 |ParentID: 748)
    C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe (ID: 4024 |ParentID: 556)
    C:Windowssystem32wbemwmiprvse.exe (ID: 2452 |ParentID: 748)
    C:WindowsSystem32svchost.exe (ID: 4176 |ParentID: 556)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4208 |ParentID: 556)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 4544 |ParentID: 3156)
    C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID: 4700 |ParentID: 3180)
    C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe (ID: 4764 |ParentID: 4544)
    C:Windowssystem32taskhost.exe (ID: 5384 |ParentID: 556)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5500 |ParentID: 2492)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 7524 |ParentID: 5500)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 7296 |ParentID: 5500)
    C:Windowssystem32MacromedFlashFlashUtil64_13_0_0_206_ActiveX.exe (ID: 5168 |ParentID: 748)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 8048 |ParentID: 5500)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 6752 |ParentID: 5500)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 9748 |ParentID: 5500)
    C:Windowssystem32SearchProtocolHost.exe (ID: 2280 |ParentID: 3868)
    C:Windowssystem32SearchFilterHost.exe (ID: 7176 |ParentID: 3868)
    C:Windowssystem32SearchProtocolHost.exe (ID: 9040 |ParentID: 3868)

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|EnableShellExecuteHooks -> 0
    Supprimé! HKUS-1-5-21-2438885668-180924057-1699815265-1000Software….Mountpoints2G
    Supprimé! HKUS-1-5-21-2438885668-180924057-1699815265-1000Software….Mountpoints2{df77716b-b4fe-11df-9308-002682a01eb4}

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKCU..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKCU..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLM..Run : [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe
    04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : []
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [HOSTS Anti-Adware_PUPs] C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe
    04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – [x64] HKLM..Run : [IAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
    04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
    04 – [x64] HKLM..Run : [RtkOSD] C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Listing |

    [22/08/2011 – 16:46:59 | SHD] – C:$Recycle.Bin
    [07/01/2014 – 12:00:34 | D] – C:AdwCleaner
    [23/02/2014 – 19:40:31 | N | 0 Ko] – C:AVScanner.ini
    [16/05/2010 – 23:43:34 | SHD] – C:boot
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
    [29/06/2011 – 23:35:34 | D] – C:cbde259474907931138433a6
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [24/02/2012 – 22:43:35 | D] – C:films
    [06/05/2014 – 11:00:19 | ASH | 2990484 Ko] – C:hiberfil.sys
    [18/06/2010 – 01:53:36 | D] – C:HP
    [18/06/2010 – 02:04:25 | D] – C:Intel
    [06/05/2014 – 11:00:43 | ASH | 3987312 Ko] – C:pagefile.sys
    [18/01/2012 – 14:15:08 | D] – C:pan am saison 1
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [06/05/2014 – 13:30:27 | D] – C:Program Files
    [06/05/2014 – 13:29:28 | D] – C:Program Files (x86)
    [06/05/2014 – 13:27:14 | HD] – C:ProgramData
    [30/08/2010 – 14:21:22 | SHD] – C:Recovery
    [16/01/2014 – 02:42:40 | N | 594 Ko | ECFA4E7350DE3BB49AE671A9A3382A35] – C:SecurityScanner.dll
    [19/01/2012 – 16:00:43 | D] – C:series
    [28/11/2012 – 15:26:01 | D] – C:SwSetup
    [06/05/2014 – 13:29:53 | SHD] – C:System Volume Information
    [30/08/2010 – 14:21:26 | D] – C:SYSTEM.SAV
    [02/05/2014 – 17:50:25 | D] – C:UsbFix
    [06/05/2014 – 14:32:35 | A | 11 Ko | 30CDFE15E9C7742742CA9AC3609CA1B2] – C:UsbFix [Clean 2] LOUISA-PC.txt
    [02/05/2014 – 18:08:21 | N | 11 Ko | 311D614CCBD1157FA8B4D27263E89C20] – C:UsbFix [Scan 1] LOUISA-PC.txt
    [13/12/2012 – 21:16:20 | N | 0 Ko] – C:user.js
    [30/08/2010 – 14:20:54 | D] – C:Users
    [05/02/2011 – 13:11:27 | D] – C:UtilisateursAF
    [25/03/2014 – 21:03:39 | D] – C:VALCOMPTA4
    [02/05/2014 – 17:42:17 | D] – C:Windows
    [30/08/2010 – 14:25:57 | SHD] – D:$RECYCLE.BIN
    [30/08/2010 – 14:25:53 | SHD] – D:boot
    [14/07/2009 – 20:39:00 | ASH | 375 Ko] – D:bootmgr
    [30/08/2010 – 14:25:53 | N | 0 Ko] – D:BT_HP.FLG
    [18/06/2010 – 12:40:33 | N | 0 Ko] – D:CSP.DAT
    [18/06/2010 – 12:47:51 | N | 14 Ko] – D:DeployRp.log
    [30/08/2010 – 14:25:53 | D] – D:hp
    [30/08/2010 – 14:25:53 | N | 0 Ko] – D:language.ini
    [30/08/2010 – 14:25:53 | SHD] – D:preload
    [30/08/2010 – 14:25:53 | SD] – D:Recovery
    [18/06/2010 – 12:47:48 | N | 0 Ko] – D:RPCONFIG.LOG
    [19/01/2012 – 15:40:40 | SHD] – D:System Volume Information
    [30/08/2010 – 14:25:54 | D] – D:system.sav
    [30/08/2010 – 14:25:58 | SHD] – E:$RECYCLE.BIN
    [18/06/2010 – 01:39:08 | D] – E:Hewlett-Packard
    [02/05/2013 – 13:44:40 | N | 14 Ko] – E:Etiquettes boites.docx
    [02/05/2013 – 13:13:42 | N | 14 Ko] – E:etiquettes parlophone.docx

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    re

    tu n’as pas branché ta clé (qui est infectée) :electriksock:

    | UsbFix V 7.169 | [Recherche]

    Utilisateur: Louisa (Administrateur) # LOUISA-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 17:51:57 | 02/05/2014
    C: (%systemdrive%) -> Disque fixe # 451 Go (300 Go libre(s) – 66%) [] # NTFS
    D: -> Disque fixe # 14 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
    E: -> Disque fixe # 99 Mo (91 Mo libre(s) – 92%) [HP_TOOLS] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (95 Mo libre(s) – 2%) [] # FAT32

    | UsbFix V 7.169 | [Suppression]

    Utilisateur: Louisa (Administrateur) # LOUISA-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 14:30:38 | 06/05/2014
    C: (%systemdrive%) -> Disque fixe # 451 Go (299 Go libre(s) – 66%) [] # NTFS
    D: -> Disque fixe # 14 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
    E: -> Disque fixe # 99 Mo (91 Mo libre(s) – 92%) [HP_TOOLS] # FAT32
    F: -> CD-ROM

    tu dois recommencer la manipularion en branchant cette clé et poster le rapport :P:

    :merci2:

    carole06
    Participant
    Nombre d'articles : 13

    En fait, je n’ai que quelques petites connaissances en informatique. J’ai inséré la clé usb et la fenêtre “exécution automatique” s’est ouverte (option : ‘ouvrir dossier’ – ‘utiliser lecteur pour sauvegarde’ – ‘accélérer système’).
    En cliquant droit, je n’ai pas l’option dont tu me parles. Où est-ce que je dois cliquer ?

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    re

    En fait, je n’ai que quelques petites connaissances en informatique. J’ai inséré la clé usb et la fenêtre “exécution automatique” s’est ouverte (option : ‘ouvrir dossier’ – ‘utiliser lecteur pour sauvegarde’ – ‘accélérer système’).
    En cliquant droit, je n’ai pas l’option dont tu me parles. Où est-ce que je dois cliquer ?

    tu cliques sur la croix rouge en haut a droite pour fermer la fenêtre, ensuite tu exécutes usbfix

    en mode suppression et tu postes le rapport s’il te plaît

    si tu as des questions…

    :merci2:

    carole06
    Participant
    Nombre d'articles : 13

    Voici le rapport :

    ############################## | UsbFix V 7.169 | [Suppression]

    Utilisateur: Louisa (Administrateur) # LOUISA-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 19:04:24 | 06/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (143A)
    CPU: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
    RAM -> [Total : 3894 Mo| Free : 2680 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17105
    WB: Google Chrome : 34.0.1847.131

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AS: Windows Defender [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 451 Go (303 Go libre(s) – 67%) [] # NTFS
    D: -> Disque fixe # 14 Go (2 Go libre(s) – 14%) [RECOVERY] # NTFS
    E: -> Disque fixe # 99 Mo (91 Mo libre(s) – 92%) [HP_TOOLS] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (95 Mo libre(s) – 2%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 424 |ParentID: 416)
    C:Windowssystem32wininit.exe (ID: 500 |ParentID: 416)
    C:Windowssystem32csrss.exe (ID: 516 |ParentID: 492)
    C:Windowssystem32services.exe (ID: 548 |ParentID: 500)
    C:Windowssystem32lsass.exe (ID: 568 |ParentID: 500)
    C:Windowssystem32lsm.exe (ID: 576 |ParentID: 500)
    C:Windowssystem32winlogon.exe (ID: 636 |ParentID: 492)
    C:Windowssystem32svchost.exe (ID: 732 |ParentID: 548)
    C:Windowssystem32svchost.exe (ID: 808 |ParentID: 548)
    C:Windowssystem32atiesrxx.exe (ID: 856 |ParentID: 548)
    C:WindowsSystem32svchost.exe (ID: 940 |ParentID: 548)
    C:WindowsSystem32svchost.exe (ID: 988 |ParentID: 548)
    C:Windowssystem32svchost.exe (ID: 108 |ParentID: 548)
    C:Windowssystem32svchost.exe (ID: 340 |ParentID: 548)
    C:Windowssystem32atieclxx.exe (ID: 1072 |ParentID: 856)
    C:Windowssystem32svchost.exe (ID: 1132 |ParentID: 548)
    C:Windowssystem32WLANExt.exe (ID: 1304 |ParentID: 988)
    C:Windowssystem32conhost.exe (ID: 1316 |ParentID: 424)
    C:WindowsSystem32spoolsv.exe (ID: 1464 |ParentID: 548)
    C:Windowssystem32svchost.exe (ID: 1496 |ParentID: 548)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1572 |ParentID: 548)
    C:Program FilesRealtekAudioHDAAERTSr64.exe (ID: 1604 |ParentID: 548)
    C:Program Files (x86)MicrosoftBingBarBBSvc.EXE (ID: 1632 |ParentID: 548)
    C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (ID: 1660 |ParentID: 548)
    C:WindowsSysWOW64ezSharedSvcHost.exe (ID: 1724 |ParentID: 548)
    C:Program FilesHewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 1776 |ParentID: 548)
    C:Program Files (x86)Jumpstartjswpbapi.exe (ID: 1816 |ParentID: 548)
    C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 1852 |ParentID: 548)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1880 |ParentID: 548)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 1320 |ParentID: 548)
    C:Windowssystem32svchost.exe (ID: 1000 |ParentID: 548)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2052 |ParentID: 548)
    C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 2112 |ParentID: 548)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2192 |ParentID: 548)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2284 |ParentID: 2052)
    C:Windowssystem32taskhost.exe (ID: 2504 |ParentID: 548)
    C:Windowssystem32taskeng.exe (ID: 2584 |ParentID: 340)
    C:Windowssystem32Dwm.exe (ID: 2620 |ParentID: 988)
    C:WindowsExplorer.EXE (ID: 2644 |ParentID: 2592)
    C:Windowssystem32runonce.exe (ID: 2860 |ParentID: 2644)
    C:WindowsSysWOW64runonce.exe (ID: 2888 |ParentID: 2860)
    C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2916 |ParentID: 548)
    C:Windowssystem32svchost.exe (ID: 1276 |ParentID: 548)
    C:WindowsSystem32WUDFHost.exe (ID: 2812 |ParentID: 988)
    C:WindowsSystem32rundll32.exe (ID: 3020 |ParentID: 732)
    C:Windowssystem32wbemwmiprvse.exe (ID: 228 |ParentID: 732)

    ################## | Recherche générique |

    Supprimé! G:iTunesHelper.vbe
    Supprimé! G:autorun.lnk
    Supprimé! G:Etiquettes boites.lnk
    Supprimé! G:Boarding_Pass.lnk
    Supprimé! G:Etiquettes boites (2).lnk
    Supprimé! G:CartevisiteRégis.lnk
    Supprimé! G:Etiquettes boites 1.lnk
    Supprimé! G:CONTRAT DE LOCATION.lnk
    Supprimé! G:etiquettes parlophone.lnk
    Supprimé! G:Appel de fonds 2014.lnk
    Supprimé! G:Contrat de syndic bénévole.lnk
    Supprimé! G:Procès verbal AG du 08.lnk
    Supprimé! G:Data.lnk
    Supprimé! G:trz7E54.tmp

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKCU..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKCU..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLM..Run : [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe
    04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : []
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [HOSTS Anti-Adware_PUPs] C:Program Files (x86)Hosts_Anti_Adwares_PUPsHOSTS_Anti-Adware_main.exe
    04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – [x64] HKLM..Run : [IAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
    04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
    04 – [x64] HKLM..Run : [RtkOSD] C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [HPAdvisorDock] C:Program Files (x86)Hewlett-PackardHP AdvisorDockHPAdvisorDock.exe
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-2438885668-180924057-1699815265-1000..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Listing |

    [22/08/2011 – 16:46:59 | SHD] – C:$Recycle.Bin
    [07/01/2014 – 12:00:34 | D] – C:AdwCleaner
    [23/02/2014 – 19:40:31 | N | 0 Ko] – C:AVScanner.ini
    [16/05/2010 – 23:43:34 | SHD] – C:boot
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
    [29/06/2011 – 23:35:34 | D] – C:cbde259474907931138433a6
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [24/02/2012 – 22:43:35 | D] – C:films
    [06/05/2014 – 19:03:30 | ASH | 2990484 Ko] – C:hiberfil.sys
    [18/06/2010 – 01:53:36 | D] – C:HP
    [18/06/2010 – 02:04:25 | D] – C:Intel
    [06/05/2014 – 19:03:32 | ASH | 3987312 Ko] – C:pagefile.sys
    [18/01/2012 – 14:15:08 | D] – C:pan am saison 1
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [06/05/2014 – 13:30:27 | D] – C:Program Files
    [06/05/2014 – 13:29:28 | D] – C:Program Files (x86)
    [06/05/2014 – 13:27:14 | HD] – C:ProgramData
    [30/08/2010 – 14:21:22 | SHD] – C:Recovery
    [16/01/2014 – 02:42:40 | N | 594 Ko | ECFA4E7350DE3BB49AE671A9A3382A35] – C:SecurityScanner.dll
    [19/01/2012 – 16:00:43 | D] – C:series
    [28/11/2012 – 15:26:01 | D] – C:SwSetup
    [06/05/2014 – 13:29:53 | SHD] – C:System Volume Information
    [30/08/2010 – 14:21:26 | D] – C:SYSTEM.SAV
    [06/05/2014 – 14:39:30 | D] – C:UsbFix
    [06/05/2014 – 14:32:35 | N | 13 Ko | 4429718F037483C59069668DEA0D7837] – C:UsbFix [Clean 2] LOUISA-PC.txt
    [06/05/2014 – 18:34:31 | N | 4 Ko | 47FDC11B8C5C32DF0788E5CFE7D50B60] – C:UsbFix [Clean 4] LOUISA-PC.txt
    [06/05/2014 – 19:29:47 | A | 9 Ko | BF0C6352424935B638A01936E71C7278] – C:UsbFix [Clean 6] LOUISA-PC.txt
    [02/05/2014 – 18:08:21 | N | 11 Ko | 311D614CCBD1157FA8B4D27263E89C20] – C:UsbFix [Scan 1] LOUISA-PC.txt
    [13/12/2012 – 21:16:20 | N | 0 Ko] – C:user.js
    [30/08/2010 – 14:20:54 | D] – C:Users
    [05/02/2011 – 13:11:27 | D] – C:UtilisateursAF
    [25/03/2014 – 21:03:39 | D] – C:VALCOMPTA4
    [02/05/2014 – 17:42:17 | D] – C:Windows
    [30/08/2010 – 14:25:57 | SHD] – D:$RECYCLE.BIN
    [30/08/2010 – 14:25:53 | SHD] – D:boot
    [14/07/2009 – 20:39:00 | ASH | 375 Ko] – D:bootmgr
    [30/08/2010 – 14:25:53 | N | 0 Ko] – D:BT_HP.FLG
    [18/06/2010 – 12:40:33 | N | 0 Ko] – D:CSP.DAT
    [18/06/2010 – 12:47:51 | N | 14 Ko] – D:DeployRp.log
    [30/08/2010 – 14:25:53 | D] – D:hp
    [30/08/2010 – 14:25:53 | N | 0 Ko] – D:language.ini
    [30/08/2010 – 14:25:53 | SHD] – D:preload
    [30/08/2010 – 14:25:53 | SD] – D:Recovery
    [18/06/2010 – 12:47:48 | N | 0 Ko] – D:RPCONFIG.LOG
    [19/01/2012 – 15:40:40 | SHD] – D:System Volume Information
    [30/08/2010 – 14:25:54 | D] – D:system.sav
    [30/08/2010 – 14:25:58 | SHD] – E:$RECYCLE.BIN
    [18/06/2010 – 01:39:08 | D] – E:Hewlett-Packard
    [02/05/2013 – 13:44:40 | N | 14 Ko] – E:Etiquettes boites.docx
    [02/05/2013 – 13:13:42 | N | 14 Ko] – E:etiquettes parlophone.docx
    [01/02/2011 – 14:16:42 | D] – G:Data
    [01/02/2011 – 14:29:18 | D] – G:Xtras
    [03/07/2001 – 21:43:58 | N | 0 Ko] – G:autorun.inf
    [20/05/2000 – 19:44:46 | N | 2992 Ko | 15CAA04245B0D04B1A8CE42A72BF1909] – G:Boarding_Pass.exe
    [27/06/2001 – 20:04:12 | N | 15 Ko] – G:Boarding_Pass.ini
    [10/07/2012 – 20:11:20 | SHD] – G:.fseventsd
    [17/04/2012 – 16:47:50 | SH | 4 Ko] – G:._.Trashes
    [02/05/2013 – 13:49:28 | N | 152 Ko] – G:FOUND.000
    [17/04/2012 – 16:47:50 | N | 4 Ko] – G:.Trashes
    [17/04/2012 – 16:47:52 | SHD] – G:.Spotlight-V100
    [10/02/2012 – 21:35:46 | N | 3087639 Ko] – G:All_About_Lyoness_Multimedia_FR.mov
    [04/04/2014 – 15:28:06 | D] – G:FOUND.001
    [02/05/2013 – 13:44:40 | N | 14 Ko] – G:Etiquettes boites.docx
    [02/05/2013 – 13:44:40 | N | 14 Ko] – G:Etiquettes boites (2).docx
    [03/04/2014 – 16:04:04 | N | 14 Ko] – G:CartevisiteRégis.docx
    [03/05/2013 – 19:27:16 | N | 14 Ko] – G:Etiquettes boites 1.docx
    [04/04/2014 – 15:29:44 | N | 18 Ko] – G:CONTRAT DE LOCATION.docx
    [22/06/2013 – 11:52:36 | N | 14 Ko] – G:etiquettes parlophone.docx
    [15/04/2014 – 11:03:12 | N | 18 Ko] – G:Appel de fonds 2014-2ème trimestre.docx
    [07/01/2014 – 15:09:32 | N | 20 Ko] – G:Appel de fonds 2014.docx
    [08/11/2013 – 09:40:54 | N | 21 Ko] – G:Contrat de syndic bénévole.docx
    [10/11/2013 – 19:44:10 | N | 21 Ko] – G:Procès verbal AG du 08.11.2013.docx

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    re

    ok, les dossiers/fichiers de ta clé sont lisibles maintenant ;)

    fait ceci et poste le rapport s’il te plaît

    • Télécharge RogueKiller(de Tigzy) sur ton Bureau.
    • Lance RogueKiller, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      Note : Attends que le PreScan ait fini.

    • Clique sur Scan.
    • Une fois le scan terminé rends toi sur le bureau, le rapport RKreport[X]¤S¤.txt à été créé.
    • Héberge le rapport RKreport[X]¤S¤.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

    carole06
    Participant
    Nombre d'articles : 13

    voici le rapport :

    RogueKiller V8.8.15 _x64_ [Mar 27 2014] par Adlice Software
    mail : http://www.adlice.com/contact/” onclick=”window.open(this.href);return false;
    Remontees : http://forum.adlice.com” onclick=”window.open(this.href);return false;
    Site Web : http://www.surlatoile.org/RogueKiller/” onclick=”window.open(this.href);return false;
    Blog : http://www.adlice.com” onclick=”window.open(this.href);return false;

    Systeme d’exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Demarrage : Mode normal
    Utilisateur : Louisa [Droits d’admin]
    Mode : Recherche — Date : 05/06/2014 20:46:24
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrees de registre : 2 ¤¤¤
    [HJ DESK][PUM] HKLM[…]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
    [HJ DESK][PUM] HKLM[…]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

    ¤¤¤ Tâches planifiées : 1 ¤¤¤
    [V2][SUSP PATH] Registration : “C:Program Files (x86)Hewlett-PackardHP SetupRemEngine.exe” – Registration ShowMessageTask2D [7][-] -> TROUVÉ

    ¤¤¤ Entrées Startup : 0 ¤¤¤

    ¤¤¤ Navigateurs web : 0 ¤¤¤

    ¤¤¤ Addons navigateur : 0 ¤¤¤

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
    [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:Program FilesInternet ExplorerIEShims.dll @ 0xF68B1C90)
    [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:Windowssystem32SHLWAPI.dll @ 0xFE3EFB70)
    [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:Program Files (x86)Internet ExplorerIEShims.dll @ 0x737F2888)
    [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:Windowssyswow64shlwapi.DLL @ 0x758446E9)
    [Address] EAT @iexplore.exe (BeginBufferedAnimation) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DF38)
    [Address] EAT @iexplore.exe (BeginBufferedPaint) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2B741)
    [Address] EAT @iexplore.exe (BeginPanningFeedback) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F476AF)
    [Address] EAT @iexplore.exe (BufferedPaintClear) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2BBDB)
    [Address] EAT @iexplore.exe (BufferedPaintInit) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2B8D4)
    [Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DE83)
    [Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CE19)
    [Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E428)
    [Address] EAT @iexplore.exe (BufferedPaintUnInit) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37525)
    [Address] EAT @iexplore.exe (CloseThemeData) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F21FA1)
    [Address] EAT @iexplore.exe (DrawThemeBackground) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2D464)
    [Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3436D)
    [Address] EAT @iexplore.exe (DrawThemeEdge) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C01C)
    [Address] EAT @iexplore.exe (DrawThemeIcon) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4D123)
    [Address] EAT @iexplore.exe (DrawThemeParentBackground) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E776)
    [Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E5C5)
    [Address] EAT @iexplore.exe (DrawThemeText) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DB21)
    [Address] EAT @iexplore.exe (DrawThemeTextEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2A70C)
    [Address] EAT @iexplore.exe (EnableThemeDialogTexture) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3786D)
    [Address] EAT @iexplore.exe (EnableTheming) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C9FF)
    [Address] EAT @iexplore.exe (EndBufferedAnimation) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2ACE8)
    [Address] EAT @iexplore.exe (EndBufferedPaint) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2ACE8)
    [Address] EAT @iexplore.exe (EndPanningFeedback) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4762C)
    [Address] EAT @iexplore.exe (GetBufferedPaintBits) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2CF26)
    [Address] EAT @iexplore.exe (GetBufferedPaintDC) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CDCF)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CD86)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C893)
    [Address] EAT @iexplore.exe (GetCurrentThemeName) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F363AE)
    [Address] EAT @iexplore.exe (GetThemeAppProperties) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2EBD6)
    [Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DA9E)
    [Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37155)
    [Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F30190)
    [Address] EAT @iexplore.exe (GetThemeBitmap) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F24B9C)
    [Address] EAT @iexplore.exe (GetThemeBool) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F26651)
    [Address] EAT @iexplore.exe (GetThemeColor) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F227C0)
    [Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C346)
    [Address] EAT @iexplore.exe (GetThemeEnumValue) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F227C0)
    [Address] EAT @iexplore.exe (GetThemeFilename) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B997)
    [Address] EAT @iexplore.exe (GetThemeFont) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F376A2)
    [Address] EAT @iexplore.exe (GetThemeInt) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F227C0)
    [Address] EAT @iexplore.exe (GetThemeIntList) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B86E)
    [Address] EAT @iexplore.exe (GetThemeMargins) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F22F97)
    [Address] EAT @iexplore.exe (GetThemeMetric) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F355B4)
    [Address] EAT @iexplore.exe (GetThemePartSize) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2289F)
    [Address] EAT @iexplore.exe (GetThemePosition) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B80D)
    [Address] EAT @iexplore.exe (GetThemePropertyOrigin) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F30923)
    [Address] EAT @iexplore.exe (GetThemeRect) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B936)
    [Address] EAT @iexplore.exe (GetThemeStream) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B8CF)
    [Address] EAT @iexplore.exe (GetThemeString) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B7A1)
    [Address] EAT @iexplore.exe (GetThemeSysBool) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CB86)
    [Address] EAT @iexplore.exe (GetThemeSysColor) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F35530)
    [Address] EAT @iexplore.exe (GetThemeSysColorBrush) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CA32)
    [Address] EAT @iexplore.exe (GetThemeSysFont) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C3D8)
    [Address] EAT @iexplore.exe (GetThemeSysInt) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C5E7)
    [Address] EAT @iexplore.exe (GetThemeSysSize) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CC61)
    [Address] EAT @iexplore.exe (GetThemeSysString) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C553)
    [Address] EAT @iexplore.exe (GetThemeTextExtent) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F289FE)
    [Address] EAT @iexplore.exe (GetThemeTextMetrics) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3778C)
    [Address] EAT @iexplore.exe (GetThemeTransitionDuration) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E1A1)
    [Address] EAT @iexplore.exe (GetWindowTheme) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3535B)
    [Address] EAT @iexplore.exe (HitTestThemeBackground) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F32DC1)
    [Address] EAT @iexplore.exe (IsAppThemed) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37009)
    [Address] EAT @iexplore.exe (IsCompositionActive) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F265DF)
    [Address] EAT @iexplore.exe (IsThemeActive) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F36F36)
    [Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2281C)
    [Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CB3F)
    [Address] EAT @iexplore.exe (IsThemePartDefined) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F230CF)
    [Address] EAT @iexplore.exe (OpenThemeData) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F25F29)
    [Address] EAT @iexplore.exe (OpenThemeDataEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F306FE)
    [Address] EAT @iexplore.exe (SetThemeAppProperties) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CCEC)
    [Address] EAT @iexplore.exe (SetWindowTheme) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37AFC)
    [Address] EAT @iexplore.exe (SetWindowThemeAttribute) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F29E39)
    [Address] EAT @iexplore.exe (ThemeInitApiHook) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F24571)
    [Address] EAT @iexplore.exe (UpdatePanningFeedback) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F475ED)
    [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:Program Files (x86)Internet ExplorerIEShims.dll @ 0x737F2888)
    [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:Windowssyswow64shlwapi.DLL @ 0x758446E9)
    [Address] EAT @iexplore.exe (BeginBufferedAnimation) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DF38)
    [Address] EAT @iexplore.exe (BeginBufferedPaint) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2B741)
    [Address] EAT @iexplore.exe (BeginPanningFeedback) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F476AF)
    [Address] EAT @iexplore.exe (BufferedPaintClear) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2BBDB)
    [Address] EAT @iexplore.exe (BufferedPaintInit) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2B8D4)
    [Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DE83)
    [Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CE19)
    [Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E428)
    [Address] EAT @iexplore.exe (BufferedPaintUnInit) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37525)
    [Address] EAT @iexplore.exe (CloseThemeData) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F21FA1)
    [Address] EAT @iexplore.exe (DrawThemeBackground) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2D464)
    [Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3436D)
    [Address] EAT @iexplore.exe (DrawThemeEdge) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C01C)
    [Address] EAT @iexplore.exe (DrawThemeIcon) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4D123)
    [Address] EAT @iexplore.exe (DrawThemeParentBackground) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E776)
    [Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E5C5)
    [Address] EAT @iexplore.exe (DrawThemeText) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DB21)
    [Address] EAT @iexplore.exe (DrawThemeTextEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2A70C)
    [Address] EAT @iexplore.exe (EnableThemeDialogTexture) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3786D)
    [Address] EAT @iexplore.exe (EnableTheming) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C9FF)
    [Address] EAT @iexplore.exe (EndBufferedAnimation) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2ACE8)
    [Address] EAT @iexplore.exe (EndBufferedPaint) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2ACE8)
    [Address] EAT @iexplore.exe (EndPanningFeedback) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4762C)
    [Address] EAT @iexplore.exe (GetBufferedPaintBits) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2CF26)
    [Address] EAT @iexplore.exe (GetBufferedPaintDC) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CDCF)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CD86)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C893)
    [Address] EAT @iexplore.exe (GetCurrentThemeName) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F363AE)
    [Address] EAT @iexplore.exe (GetThemeAppProperties) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2EBD6)
    [Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2DA9E)
    [Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37155)
    [Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F30190)
    [Address] EAT @iexplore.exe (GetThemeBitmap) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F24B9C)
    [Address] EAT @iexplore.exe (GetThemeBool) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F26651)
    [Address] EAT @iexplore.exe (GetThemeColor) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F227C0)
    [Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C346)
    [Address] EAT @iexplore.exe (GetThemeEnumValue) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F227C0)
    [Address] EAT @iexplore.exe (GetThemeFilename) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B997)
    [Address] EAT @iexplore.exe (GetThemeFont) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F376A2)
    [Address] EAT @iexplore.exe (GetThemeInt) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F227C0)
    [Address] EAT @iexplore.exe (GetThemeIntList) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B86E)
    [Address] EAT @iexplore.exe (GetThemeMargins) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F22F97)
    [Address] EAT @iexplore.exe (GetThemeMetric) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F355B4)
    [Address] EAT @iexplore.exe (GetThemePartSize) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2289F)
    [Address] EAT @iexplore.exe (GetThemePosition) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B80D)
    [Address] EAT @iexplore.exe (GetThemePropertyOrigin) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F30923)
    [Address] EAT @iexplore.exe (GetThemeRect) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B936)
    [Address] EAT @iexplore.exe (GetThemeStream) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B8CF)
    [Address] EAT @iexplore.exe (GetThemeString) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4B7A1)
    [Address] EAT @iexplore.exe (GetThemeSysBool) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CB86)
    [Address] EAT @iexplore.exe (GetThemeSysColor) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F35530)
    [Address] EAT @iexplore.exe (GetThemeSysColorBrush) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CA32)
    [Address] EAT @iexplore.exe (GetThemeSysFont) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C3D8)
    [Address] EAT @iexplore.exe (GetThemeSysInt) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C5E7)
    [Address] EAT @iexplore.exe (GetThemeSysSize) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CC61)
    [Address] EAT @iexplore.exe (GetThemeSysString) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4C553)
    [Address] EAT @iexplore.exe (GetThemeTextExtent) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F289FE)
    [Address] EAT @iexplore.exe (GetThemeTextMetrics) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3778C)
    [Address] EAT @iexplore.exe (GetThemeTransitionDuration) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2E1A1)
    [Address] EAT @iexplore.exe (GetWindowTheme) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F3535B)
    [Address] EAT @iexplore.exe (HitTestThemeBackground) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F32DC1)
    [Address] EAT @iexplore.exe (IsAppThemed) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37009)
    [Address] EAT @iexplore.exe (IsCompositionActive) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F265DF)
    [Address] EAT @iexplore.exe (IsThemeActive) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F36F36)
    [Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F2281C)
    [Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CB3F)
    [Address] EAT @iexplore.exe (IsThemePartDefined) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F230CF)
    [Address] EAT @iexplore.exe (OpenThemeData) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F25F29)
    [Address] EAT @iexplore.exe (OpenThemeDataEx) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F306FE)
    [Address] EAT @iexplore.exe (SetThemeAppProperties) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F4CCEC)
    [Address] EAT @iexplore.exe (SetWindowTheme) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F37AFC)
    [Address] EAT @iexplore.exe (SetWindowThemeAttribute) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F29E39)
    [Address] EAT @iexplore.exe (ThemeInitApiHook) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F24571)
    [Address] EAT @iexplore.exe (UpdatePanningFeedback) : fwpuclnt.dll -> HOOKED (C:WindowsSysWOW64uxtheme.dll @ 0x71F475ED)

    ¤¤¤ Ruches Externes: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    –> %SystemRoot%System32driversetchosts

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: (\.PHYSICALDRIVE0 @ IDE) Hitachi HTS725050A9A364 +++++
    — User —
    [MBR] 89096ade0de59352d9b9b42d48f8b817
    [BSP] e404c73aac3eb667946b67e6f973da65 : Windows Vista/7/8 MBR Code
    Partition table:
    0 – [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
    1 – [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 462255 MB
    2 – [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 947107840 | Size: 14381 MB
    3 – [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
    User = LL1 … OK!
    User = LL2 … OK!

    +++++ PhysicalDrive1: (\.PHYSICALDRIVE1 @ USB) General USB Flash Disk USB Device +++++
    — User —
    [MBR] d29963bd557c9b7bdb728b1ce2afabd6
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 – [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3822 MB
    User = LL1 … OK!
    Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )

    Termine : <>

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    re

    ok, fait ceci et poste le message s’il te plaît

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

15 sujets de 1 à 15 (sur un total de 28)
  • Vous devez être connecté pour répondre à ce sujet.