Infection virus PC + USB + DDE 2013-10-31T03:46:24+00:00
15 sujets de 1 à 15 (sur un total de 28)
  • Auteur
    Messages
  • Sofia
    Participant
    Nombre d'articles : 14

    Bonjour à tous,

    Je suis nouvelle sur ce forum (et pas une pro de l’informatique), merci à tous ceux qui le font vivre!

    J’ai un nouvel ordinateur depuis un mois (ASUS X55U, windows 8, 4GB ram, x64 bits) et voulant faire les choses bien j’ai acheté et installé Kaspersky 2013, scanné mon disque dur externe et ma clef USB, et pas de virus détectés, avant de copier des fichiers.

    Il y a 2 semaines ma clef USB a été infectée par un virus (en le connectant à un autre PC) qui a converti la plupart des fichiers en raccourci. En double-cliquant sur un de ces raccourcis, j’ai l’impression que j’ai installé un programme pas très gentil; quelques jours plus tard, je ne pouvais plus ouvrir windows sur mon ordinateur; en suivant “l’aide téléphonique” de Asus, j’ai restauré mon ordinateur à un état antérieur: je n’ai pas perdu de fichier (juste des programmes), à priori l’ordi a l’air de marcher, mais je ne sais pas si le virus a été éliminé, c’est pourquoi je poste sur ce forum les rapports MBAM, ZHP Diag et Adwcleaner pour être sur que ces virus sont bien partis.

    Par ailleurs j’ai voulu faire “réparer” ma clef USB et mon disque dur (j’habite au mexique, il y a plein de petites boutiques d’informatique à tous les coins de rue), mais j’ai l’impression que tout ce qu’ils ont fait, c’est copier l’information, formater les disques et re-copier l’info: total, ma clef USB continue à m’afficher les fichiers comme raccourci… ¿que dois-je faire?

    Ps: au moment de faire l’analyse par MBAM, ZHP Diag et Adwcleaner de mon PC, je n’avais pas connecté ma clef et mon disque dur… dois-je le faire?

    D’avance merci!!

    Sofía

    Spoiler for 3s8om8e7

    Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.10.30.07

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16721
    AMB :: RS [administrateur]

    Protection: Activé

    30/10/2013 20:27:49
    mbam-log-2013-10-30 (20-27-49).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 223682
    Temps écoulé: 5 minute(s), 54 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    (fin)[/spoiler:3s8om8e7]

    Spoiler for 3s8om8e7

    # AdwCleaner v3.010 – Reporte Creado 30/10/2013 en 20:40:50
    # Actualizado 20/10/2013 por Xplode
    # Sistema Operativo : Windows 8 Single Language (64 bits)
    # Nombre de usuario : AMB – RS
    # Ejecutado desde : C:UsersAMBDesktopadwcleaner.exe
    # Opción : Limpiar

    ***** [ Servicios ] *****

    ***** [ Archivos / Carpetas ] *****

    Carpeta Borrar : C:UsersAMBAppDataRoamingpdfforge

    ***** [ Accesos directos ] *****

    ***** [ Registro ] *****

    Clave Borrar : HKLMSOFTWAREClassesS

    ***** [ Navegadores ] *****

    -\ Internet Explorer v10.0.9200.16537

    -\ Mozilla Firefox v25.0 (es-MX)

    [ Archivo : C:UsersAMBAppDataRoamingMozillaFirefoxProfileshki8gza2.defaultprefs.js ]

    *************************

    AdwCleaner[R0].txt – [890 octets] – [30/10/2013 20:39:16]
    AdwCleaner[S0].txt – [804 octets] – [30/10/2013 20:40:50]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [863 octets] ##########[/spoiler:3s8om8e7]

    Spoiler for 3s8om8e7

    ~ Report of ZHPDiag v2013.10.30.78 – Nicolas Coolman (30/10/2013)
    ~ Launched by AMB (30/10/2013 20:54:20)
    ~ Web site address : http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Translated by
    ~ Version State :
    ~ White List : Activate by program
    ~ Elevation of privilege : OK
    ~ User Account Control :

    —\ Internet browsers
    MSIE: Internet Explorer v10.0.9200.16721
    MFIE: Mozilla Firefox 25.0 (Defaut)

    —\ Windows product information
    ~ Langage: Anglais
    Windows 8 Home Premium Edition, 64-bit (Build 9200)
    Windows Server License Manager Script : OK
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ System protection software
    Kaspersky Internet Security 2013 v13.0.1.4190
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W8

    —\ System optimization software

    —\ Sharing software PeerToPeer

    —\ Surveillance software
    Adobe Flash Player 11 Plugin
    Adobe Reader X

    —\ Information on the system
    ~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3673 MB (69% free)
    System Restore: Activé (Enable)
    System drive C: has 57 GB (30%) free of 186 GB

    —\ Connection to the system mode
    ~ Computer Name: RS
    ~ User Name: AMB
    ~ All Users Names: Invitado, AMB, Administrador,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Environment variables
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersAMBAppDataRoamingZHP
    ~ %AppData% : C:UsersAMBAppDataRoaming
    ~ %Desktop% : C:UsersAMBDesktop
    ~ %Favorites% : C:UsersAMBFavorites
    ~ %LocalAppData% : C:UsersAMBAppDataLocal
    ~ %StartMenu% : C:UsersAMBAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumeration of the disk units
    C: Hard drive, Flash drive, Thumb drive (Free 57 Go of 186 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
    E: CD-ROM drive (Not Inserted)

    —\ State of the Windows Security Center
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Search Generic System Files
    [MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorador de Windows.) (.01/06/2013 – 5:34:21.) — C:WindowsExplorer.exe [2391280]
    [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Aplicación de inicio de Windows.) (.25/07/2012 – 21:08:50.) — C:WindowsSystem32Wininit.exe [132608]
    [MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensiones de Internet para Win32.) (.22/09/2013 – 16:55:10.) — C:WindowsSystem32wininet.dll [2241024]
    [MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Aplicación de inicio de sesión de Windows.) (.10/10/2012 – 23:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
    [MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Biblioteca de licencias de software.) (.25/07/2012 – 21:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
    [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] – (.Microsoft Corporation – Controlador de función suplementaria de Winsock.) (.05/11/2012 – 21:53:44.) — C:Windowssystem32DriversAFD.sys [560640]
    [MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.25/07/2012 – 23:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
    [MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.25/07/2012 – 20:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
    [MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.25/07/2012 – 20:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
    [MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.25/07/2012 – 20:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
    [MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 0:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
    [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Controlador de puerto de i8042.) (.25/07/2012 – 20:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
    [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.25/07/2012 – 20:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
    [MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.05/02/2013 – 16:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
    [MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.25/07/2012 – 20:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
    [MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Controlador del sistema de archivos NTFS.) (.02/02/2013 – 4:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
    [MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Controlador de puerto paralelo.) (.25/07/2012 – 20:29:53.) — C:Windowssystem32DriversParport.sys [105984]
    [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.25/07/2012 – 20:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
    [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirector de dispositivos de Microsoft RDP.) (.25/07/2012 – 20:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
    [MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.25/07/2012 – 23:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
    [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Controlador de instantánea de volumen.) (.01/06/2013 – 5:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Hidden files state (Hidden/Total)
    ~ Mes images (My Pictures) : 1/13663
    ~ Mes musiques (My Musics) : 1/3269
    ~ Mes Videos (My Videos) : 1/3
    ~ Mes Favoris (My Favorites) : 1/8
    ~ Mes Documents (My Documents) : 1/293
    ~ Mon Bureau (My Desktop) : 1/9
    ~ Menu demarrer (Programs) : 1/21
    ~ Hidden Files: Scanned in 00mn 09s

    —\ Process running
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2016]
    [MD5.7C58A2513C3DA421A461D75C66C56D21] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1123536] [PID.484]
    [MD5.2C35624F79B9ADBFE47090879F0D8673] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322208] [PID.2424]
    [MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [178848] [PID.2844]
    [MD5.29769215DEB6E8418EF3656B0423776E] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20352] [PID.4004]
    [MD5.38161F642AA7A2882914DDB0E90FF41C] – (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [642216] [PID.3724]
    [MD5.B7995C675014EEBE77A0BEB7AFCCFC08] – (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe [91432] [PID.944]
    [MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] – (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe [356128] [PID.1656]
    [MD5.A7766D3BCB614BC77AA06579D84AE8ED] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8153600] [PID.844]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Line Analysis F0, F1, F2, F3 – IniFiles, Auto loading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Other User Links (O4)
    O4 – GSDesktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
    O4 – GSProgram [Public]: Desktop.lnk – Orphan key
    O4 – GSProgram [Public]: HD VDeck.lnk . (.VIA – VIA HD Audio CPL.) — C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [AMB]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [AMB]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [AMB]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [AMB]: Kaspersky Internet Security 2013.lnk . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe
    O4 – GSDesktop [AMB]: Mis documentos.lnk . (…) — C:UsersAMBDocuments
    ~ Global Startup: 36 Legitimates Filtered in 00mn 08s

    —\ Auto loading programs from Registry and folders (O4)
    O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [HDAudDeck] . (.VIA – VIA HD Audio CPL.) — C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe
    O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [AVP] . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe
    ~ Application: Scanned in 00mn 00s

    —\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
    O9 – Extra button: Teclado Virtual [64Bits] – {0C4CC089-D306-440D-9772-464E226F6539} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013kbrd.ico
    O9 – Extra button: Comprobación de direcciones URL [64Bits] – {CCF151D8-D089-449F-A5A4-D9909053F20F} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013logo.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Lop.com/Domain Hijackers (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3BE12774-F972-4252-A652-15D3E9EDAB1E}: DhcpNameServer = 10.3.9.2 10.3.1.100
    O17 – HKLMSystemCCSServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpNameServer = 127.0.0.1
    O17 – HKLMSystemCCSServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpDomain = wds02.com
    O17 – HKLMSystemCS1ServicesTcpip..{3BE12774-F972-4252-A652-15D3E9EDAB1E}: DhcpNameServer = 10.3.9.2 10.3.1.100
    O17 – HKLMSystemCS1ServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpNameServer = 127.0.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpDomain = wds02.com
    ~ Domain: Scanned in 00mn 00s

    —\ Extra protocols (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visor HTML de Microsoft (R).) — C:WindowsSystem32mshtml.dll
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Contents of the Common Files folders (O43)
    O43 – CFD: 19/10/2013 – 16:24:17 – [0] -SH-D C:UsersAMBAppDataLocalArchivos temporales de Internet
    ~ Program Folder: 102 Legitimates Filtered in 00mn 43s

    —\ Last modified or created files under Windows and System32 (O44)
    O44 – LFC:[MD5.165EB24F51291AA5D0EB1BA9D28648D2] – 19/10/2013 – 16:24:39 —A- . (…) — C:Windowsdiagerr.xml [17148]
    O44 – LFC:[MD5.165EB24F51291AA5D0EB1BA9D28648D2] – 19/10/2013 – 16:24:39 —A- . (…) — C:Windowsdiagwrn.xml [17148]
    O44 – LFC:[MD5.F1E903CAD8AE7F74CBE877C96EA3F47A] – 19/10/2013 – 16:31:06 —A- . (…) — C:WindowsFixPatch.log [198]
    O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 19/10/2013 – 16:51:37 —A- . (…) — C:WindowsSysNativeApnDatabase.xml [386923]
    O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 19/10/2013 – 16:51:37 —A- . (…) — C:WindowsSystem32ApnDatabase.xml [386923]
    O44 – LFC:[MD5.FF5E3D3BD17234BFF2BC8E113CBA632A] – 19/10/2013 – 17:05:24 —A- . (…) — C:WindowsDPINST.LOG [12662]
    O44 – LFC:[MD5.18B7CB93C628B2E84C19D147F4AE881E] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSysNativepar.txt [42]
    O44 – LFC:[MD5.95970761AEE9A4B5678A839656168E51] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSysNativepar2.txt [45]
    O44 – LFC:[MD5.18B7CB93C628B2E84C19D147F4AE881E] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSystem32par.txt [42]
    O44 – LFC:[MD5.95970761AEE9A4B5678A839656168E51] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSystem32par2.txt [45]
    O44 – LFC:[MD5.A0387C02E067531CD5CD18BEED9857B8] – 19/10/2013 – 17:54:53 —A- . (…) — C:Windowscur.log [1209]
    O44 – LFC:[MD5.A572C5598C2B77D19E8C86543E1757BB] – 19/10/2013 – 17:58:29 —A- . (…) — C:Windowsori.log [1252]
    O44 – LFC:[MD5.5498449C191A8B1B3CC52B10EA0C37D1] – 19/10/2013 – 18:01:43 —A- . (…) — C:Windowsmot.log [1252]
    O44 – LFC:[MD5.53A6FB9940EE28E5BFF25E17AE1B6662] – 19/10/2013 – 21:11:40 —A- . (…) — C:Windowscomp.log [99]
    O44 – LFC:[MD5.57622C3186F68B12942059D2A16FF6C4] – 21/10/2013 – 15:00:53 —A- . (…) — C:WindowsImprovement.log [26]
    O44 – LFC:[MD5.983FB022A15049162B8BFAF627FDB689] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfc0416.dat [154608]
    O44 – LFC:[MD5.F034D1EC82BD6F5078BDB91ED2E83D38] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfc0816.dat [159974]
    O44 – LFC:[MD5.ADC166FCA3829F1DEFEF89B8385DD480] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfh0416.dat [762816]
    O44 – LFC:[MD5.40135932BB5F9BA387A23B21765043AB] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfh0816.dat [776694]
    O44 – LFC:[MD5.983FB022A15049162B8BFAF627FDB689] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfc0416.dat [154608]
    O44 – LFC:[MD5.F034D1EC82BD6F5078BDB91ED2E83D38] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfc0816.dat [159974]
    O44 – LFC:[MD5.ADC166FCA3829F1DEFEF89B8385DD480] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfh0416.dat [762816]
    O44 – LFC:[MD5.40135932BB5F9BA387A23B21765043AB] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfh0816.dat [776694]
    ~ Files: 1103 Legitimates Filtered in 01mn 36s

    —\ Last files created in Windows Prefetcher (O45)
    O45 – LFCP:[MD5.8E3256F47C6650FE7331BD696EE812B2] – 19/10/2013 – 16:53:23 —A- – C:WindowsPrefetchMCUIHOST.EXE-AE5E0AD4.pf
    O45 – LFCP:[MD5.6D37DB8C895F7097888DA4F54042CD2F] – 19/10/2013 – 17:09:41 —A- – C:WindowsPrefetchMCCLNUI.EXE-556F8410.pf
    O45 – LFCP:[MD5.3A7C0F5929575EA2F266226771396AA1] – 19/10/2013 – 17:26:40 —A- – C:WindowsPrefetchAUTORUN.EXE-D28490C2.pf
    O45 – LFCP:[MD5.F09EA636872FA884820F941D44122905] – 19/10/2013 – 17:26:48 —A- – C:WindowsPrefetchKIS13.0.1.4190ES_3639.EXE-16A5A3A3.pf
    O45 – LFCP:[MD5.BE8A816504B8DFA398B24F199203E0F3] – 19/10/2013 – 19:11:16 —A- – C:WindowsPrefetchPATCH_G.EXE-E400E555.pf
    O45 – LFCP:[MD5.CBE70237E2D95F5158AE76AB74B5E8AF] – 19/10/2013 – 19:11:22 —A- – C:WindowsPrefetchPATCH_C.EXE-96A9FB41.pf
    O45 – LFCP:[MD5.7D69B92301990FBD22210A987221E7D7] – 19/10/2013 – 19:11:23 —A- – C:WindowsPrefetchPATCH_D.EXE-A9FFB5C6.pf
    O45 – LFCP:[MD5.B6BED430C83EB4C7D296A46CED54C198] – 19/10/2013 – 19:11:24 —A- – C:WindowsPrefetchPATCH_F.EXE-D0AB2AD0.pf
    O45 – LFCP:[MD5.5D787315A902C60147438965571F75F8] – 19/10/2013 – 19:11:28 —A- – C:WindowsPrefetchPATCH_I_KIS2013.EXE-F126C5C3.pf
    O45 – LFCP:[MD5.EF26BFE59D573198954AC4D07F12A5F7] – 21/10/2013 – 16:49:17 —A- – C:WindowsPrefetchDOWNLOADUPDATEINFO.TMP-5262C18F.pf
    O45 – LFCP:[MD5.C5A5536B6F852C5AA5DBED8FA631B8F9] – 21/10/2013 – 16:52:20 —A- – C:WindowsPrefetchCBSTUB.EXE-07331ED2.pf
    O45 – LFCP:[MD5.AD71CACAC11C3D55F7B4614950737462] – 21/10/2013 – 16:52:55 —A- – C:WindowsPrefetchINSTALLCHECK.TMP-98372B28.pf
    O45 – LFCP:[MD5.6A71FDB5B40E4BBA3F3922AF6699089E] – 21/10/2013 – 20:13:54 —A- – C:WindowsPrefetchCLEANUPTXRLOGS.EXE-E3BABE71.pf
    O45 – LFCP:[MD5.4FD1CAA14CDB9BCCC71A4A91E6C6EFB0] – 28/10/2013 – 19:36:12 —A- – C:WindowsPrefetchdynreservedpri.db
    O45 – LFCP:[MD5.F99CD19D209E228B8F0AE8F5CDA6E906] – 29/10/2013 – 19:50:02 —A- – C:WindowsPrefetchDELMIGPROV.EXE-D8CEC74F.pf
    O45 – LFCP:[MD5.278EC50818A1085FA52C5831B788B22F] – 30/10/2013 – 20:51:05 —A- – C:WindowsPrefetchPDVD10SERV.EXE-99C8A7B5.pf
    ~ Prefetcher: 209 Legitimates Filtered in 00mn 00s

    —\ Microsoft Windows Policies System (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Microsoft Windows Policies Explorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ System Drivers List (SDL) (O58)
    O58 – SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] – 01/08/2012 – 21:22:48 —A- . (.No owner – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
    ~ Drivers: 17 Legitimates Filtered in 00mn 00s

    —\ Last modified or created user files (O61)
    O61 – LFC: 30/10/2013 – 20:58:09 —A- . (…) — C:UsersAMBAppDataLocalThunderbirdMozilla Thunderbirdactive-update.xml [57] =>.Mozilla Corporation
    O61 – LFC: 30/10/2013 – 20:58:13 —A- . (…) — C:UsersAMBAppDataRoamingThunderbirdCrash ReportsInstallTime20131023145339 [10] =>.Mozilla Corporation
    O61 – LFC: 30/10/2013 – 20:58:22 —A- . (…) — C:UsersAMBDocumentscontactos luum.csv [84256]
    O61 – LFC: 30/10/2013 – 20:58:22 —A- . (…) — C:UsersAMBDocumentsdocuments-export-2013-10-30.zip [328862131]
    O61 – LFC: 30/10/2013 – 20:58:30 —A- . (…) — C:UsersAMBLinksDesktop.lnk [441]
    O61 – LFC: 30/10/2013 – 20:58:30 —A- . (…) — C:UsersAMBLinksDownloads.lnk [860]
    O61 – LFC: 30/10/2013 – 20:58:30 —A- . (…) — C:UsersAMBLinksRecentPlaces.lnk [383]
    ~ Files: 132 Legitimates Filtered in 07mn 00s

    —\ List all tools cleaner (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Start Menu Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Search Particular Root Folder (SPRF) (O84)
    [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
    [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersAMBAppDataLocalTempQuarantine.exe [344355]
    [MD5.8C27D71B2F6719136407C525ECF18D51] [SPRF][30/10/2013] (…) — C:UsersAMBDesktopadwcleaner.exe [1060070]
    ~ Files: 6 Legitimates Filtered in 00mn 01s

    —\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 07/08/2012 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 23/07/2012 105120 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 19/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SS – | Demand 29/10/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SR – | Auto 14/08/2012 27792 | (VIAKaraokeService) . (.VIA Technologies, Inc..) – C:WindowsSystem32viakaraokesrv.exe
    SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SS – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 13s

    —\ Search Master Boot Record Infection (MBR)(O80)
    Run by AMB at 30/10/2013 21:07:55
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Search Master Boot Record Infection (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by AMB at 30/10/2013 21:07:59

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 03s

    —\ Scan Additionnel (O88)
    Database Version : 12965 – (30/10/2013)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 0

    ~ Additionnel Scan: 189030 Items scanned in 00mn 50s

    ~ 2171 Legitimates filtered by white list
    End of the scan (358 lines in 14mn 30s)(0)[/spoiler:3s8om8e7]

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    hello pour vérifier et vacciner :

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    Sofia
    Participant
    Nombre d'articles : 14

    Bonjour et merci pour ta réponse!

    Juste une petite question: je connecte ma clef USB et mon disque dur externe avant de lancer USBfix ou je continue juste avec mon PC?

    :merci2:
    Sofía

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    branche tout ce que tu peux brancher ports usb , sdcards , etc, etc…..mp3,4

    Sofia
    Participant
    Nombre d'articles : 14

    Rebonjour!

    J’ai lancé usbfix en mode normal mais il a planté a 21%, alors je l’ai lancé en mode sans echec, en conectant mon USB + DDE, voilà le résultat:

    Spoiler for 13gq65d4

    ############################## | UsbFix V 7.147 | [Supresión]

    Usuario: AMB (Administrador) # RS
    Actualizado el 30/10/2013 por El Desaparecido – Team SosVirus
    Comenzó a 11:23:21 | 31/10/2013

    Sitio web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contacto: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X55U)
    CPU: AMD E-450 APU with Radeon(tm) HD Graphics
    RAM -> [Total : 3673 | Free : 2789]
    Bios: American Megatrends Inc.
    Boot: Fail-safe boot

    OS: Microsoft Windows 8 Single Language (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 25.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Kaspersky Internet Security [Enabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [(!) Disabled]

    C: (%systemdrive%) -> Disco fijo # 186 Gb (61 Mb libre(s) – 33%) [OS] # NTFS
    D: -> Disco fijo # 258 Gb (258 Mb libre(s) – 100%) [Data] # NTFS
    E: -> CD-ROM
    F: -> Disco fijo # 298 Gb (122 Mb libre(s) – 41%) [My Passport] # NTFS
    G: -> Disco extraíble # 4 Gb (2 Mb libre(s) – 41%) [ADATA UFD] # FAT32

    ################## | Procesos Parados |

    Parado! C:WindowsExplorer.EXE (ID: 644 |ParentID: 628)
    Parado! C:Windowssystem32ctfmon.exe (ID: 864 |ParentID: 644)
    Parado! C:Windowssystem32DllHost.exe (ID: 1204 |ParentID: 612)
    Parado! \?C:Windowssystem32wbemWMIADAP.EXE (ID: 1912 |ParentID: 784)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –

    ################## | Búsqueda genérica |

    (!) Archivos temporales suprimido.

    ################## | Registro |

    Reparado ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Reparado ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0

    ################## | Listing |

    [19/10/2013 – 16:32:41 | SHD ] C:$Recycle.Bin
    [23/10/2013 – 12:11:58 | D ] C:$SysReset
    [30/10/2013 – 20:40:51 | D ] C:AdwCleaner
    [19/10/2013 – 16:23:06 | SHD ] C:Archivos de programa
    [05/10/2012 – 04:24:40 | D ] C:AsusVibeData
    [04/08/2012 – 22:53:19 | SHD ] C:Boot
    [25/07/2012 – 21:44:30 | RASH | 398156] C:bootmgr
    [02/06/2012 – 08:30:55 | N | 1] C:BOOTNXT
    [26/07/2012 – 01:22:08 | SHD ] C:Documents and Settings
    [05/10/2012 – 04:19:58 | D ] C:eSupport
    [31/10/2013 – 11:20:31 | ASH | 3081383936] C:hiberfil.sys
    [31/10/2013 – 11:20:32 | ASH | 671088640] C:pagefile.sys
    [26/07/2012 – 01:33:46 | D ] C:PerfLogs
    [30/10/2013 – 21:07:57 | N | 512] C:PhysicalDisk0_MBR.bin
    [19/10/2013 – 17:08:02 | D ] C:Program Files
    [30/10/2013 – 20:53:16 | D ] C:Program Files (x86)
    [30/10/2013 – 20:25:36 | HD ] C:ProgramData
    [31/10/2013 – 11:20:32 | ASH | 268435456] C:swapfile.sys
    [31/10/2013 – 09:58:44 | SHD ] C:System Volume Information
    [31/10/2013 – 11:29:23 | D ] C:UsbFix
    [31/10/2013 – 10:02:22 | N | 6892] C:UsbFix [Clean 1] RS.txt
    [31/10/2013 – 11:33:27 | A | 4756] C:UsbFix [Clean 2] RS.txt
    [19/10/2013 – 16:24:16 | RD ] C:Users
    [31/10/2013 – 11:20:31 | D ] C:Windows
    [25/10/2013 – 10:01:31 | D ] C:Windows.old
    [21/08/2012 – 22:08:34 | N | 4196352] C:X45U.BIN
    [21/08/2012 – 22:06:49 | N | 4196352] C:X55U.BIN
    [19/05/2013 – 07:57:18 | SHD ] D:$RECYCLE.BIN
    [04/09/2013 – 20:07:56 | SHD ] D:System Volume Information

    ################## | Vaccin |

    (!) Este ordenador no está vacunado!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:13gq65d4]
    (désolée, le rapport est en español…)
    :bye:

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    fais voir celui-ci ? C:UsbFix [Clean 1] RS.txt

    Sofia
    Participant
    Nombre d'articles : 14

    Je ne l’avais pas vu… le voila!

    Spoiler for 1dfz617j

    ############################## | UsbFix V 7.147 | [Supresión]

    Usuario: AMB (Administrador) # RS
    Actualizado el 30/10/2013 por El Desaparecido – Team SosVirus
    Comenzó a 10:01:56 | 31/10/2013

    Sitio web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contacto: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X55U)
    CPU: AMD E-450 APU with Radeon(tm) HD Graphics
    RAM -> [Total : 3673 | Free : 2288]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 Single Language (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 25.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Kaspersky Internet Security [(!) Disabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disco fijo # 186 Gb (61 Mb libre(s) – 33%) [OS] # NTFS
    D: -> Disco fijo # 258 Gb (258 Mb libre(s) – 100%) [Data] # NTFS
    E: -> CD-ROM
    F: -> Disco fijo # 298 Gb (122 Mb libre(s) – 41%) [My Passport] # NTFS
    G: -> Disco extraíble # 4 Gb (2 Mb libre(s) – 41%) [ADATA UFD] # FAT32

    ################## | Procesos Parados |

    Parado! C:Windowssystem32atiesrxx.exe (ID: 884 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1268 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1344 |ParentID: 660)
    Parado! C:WindowsSystem32spoolsv.exe (ID: 1444 |ParentID: 660)
    Parado! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1588 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe (ID: 1636 |ParentID: 660)
    Parado! C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (ID: 1656 |ParentID: 660)
    Parado! C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (ID: 1728 |ParentID: 660)
    Parado! C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (ID: 1764 |ParentID: 660)
    Parado! C:Windowssystem32viakaraokesrv.exe (ID: 1928 |ParentID: 660)
    Parado! C:Windowssystem32SearchIndexer.exe (ID: 3236 |ParentID: 660)
    Parado! C:WindowsSystem32LogonUI.exe (ID: 1316 |ParentID: 3156)
    Parado! C:Windowssystem32atieclxx.exe (ID: 3896 |ParentID: 884)
    Parado! C:Program FilesASUSP4GBatteryLife.exe (ID: 4428 |ParentID: 660)
    Parado! C:Windowssystem32taskhostex.exe (ID: 628 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID: 636 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 880 |ParentID: 1268)
    Parado! C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe (ID: 4484 |ParentID: 1636)
    Parado! C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (ID: 3308 |ParentID: 1764)
    Parado! C:WindowsExplorer.EXE (ID: 3596 |ParentID: 1488)
    Parado! C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 5096 |ParentID: 880)
    Parado! C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2276 |ParentID: 3612)
    Parado! C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 4760 |ParentID: 3824)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID: 4568 |ParentID: 480)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID: 4288 |ParentID: 4568)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID: 4580 |ParentID: 4568)
    Parado! C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe (ID: 3684 |ParentID: 1908)
    Parado! C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 1168 |ParentID: 1908)
    Parado! C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (ID: 4664 |ParentID: 3060)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (ID: 2532 |ParentID: 4604)
    Parado! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 2800 |ParentID: 4948)
    Parado! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 1152 |ParentID: 2800)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (ID: 4128 |ParentID: 4568)
    Parado! C:WindowsservicingTrustedInstaller.exe (ID: 1480 |ParentID: 660)
    Parado! C:Windowswinsxsamd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79TiWorker.exe (ID: 6028 |ParentID: 776)
    Parado! C:Windowssystem32lpksetup.exe (ID: 6128 |ParentID: 4272)
    Parado! C:Windowssystem32lpksetup.exe (ID: 5720 |ParentID: 776)
    Parado! C:Windowssystem32srtasks.exe (ID: 6108 |ParentID: 5720)
    Parado! C:Windowssystem32conhost.exe (ID: 1712 |ParentID: 6108)
    Parado! C:WindowsSystem32WUDFHost.exe (ID: 5628 |ParentID: 1036)
    Parado! \?C:Windowssystem32wbemWMIADAP.EXE (ID: 5576 |ParentID: 1008)
    Parado! C:Windowssystem32vssvc.exe (ID: 4800 |ParentID: 660)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –

    ################## | Búsqueda genérica |[/spoiler:1dfz617j]

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    fais ceci :

      Seuls ces liens sont officiels ne pas télécharger l’outil sur d’autres liens !

      Note : Pendant le scan le bureau peu disparaître à plusieurs reprises

    • Désactive toutes tes protections si possible, antivirus, sandbox, pare-feux … ( >> Aide << )
    • Télécharge Pre_Scan sur ton bureau !
    • Si le lien n’est pas fonctionnel :
      • #ICI (renommé winlogon)

    • Note : Si l’outil est relancé plusieurs fois, clique sur Scan|Kill

    • Si l’outil est bloqué par l’infection essaye avec d’autres exetensions :

    • Si des Proxy sont détectés et que tu n’en as pas installé :
      • Clique sur Supprimer le Proxy

    • A la fin du scan, rends toi à la racine de ton disque dur ( C: )
    • Héberge le rapport Pre_Scan¤¤¤¤¤¤¤¤¤.txt sur SosUpload
    Sofia
    Participant
    Nombre d'articles : 14

    Re-re-re bonjour!

    J’avoue que je ne comprends pas tout ce qui se passe, mais je suis les instructions… J’ai téléchargé prescan, ça a lancé scan I kill directement, ça a duré 2h mais je ne crois pas qu’il ait beugué, voilà le rapport: https://antimalware.top/log/SosUpload.dab941fae6441a2a7c44f12329322ae2.txt” onclick=”window.open(this.href);return false;

    A bientôt pour la suite des aventures!
    Merci et bonne nuit en France!
    :dodo10:

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    le rapport n’est aps complet….on va voir ce qui se passe avec un diag

    relance l’outil , clique sur diag , puis heberge au final , le rapport c:pre_diag_xx_xx_xx.txt sur Sosupload et donne le lien

    Sofia
    Participant
    Nombre d'articles : 14

    Voila le rapport de diag, mais j’ai branché mon usb et mon DDE en cours de route… dois-je le refaire?
    http://cjoint.com/13nv/CKbbzHWcjtL.htm” onclick=”window.open(this.href);return false;
    :merci2:

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware PRO”
    • Sélectionne Examen complet
    • Clic sur Rechercher
    • Supprime tout les éléments trouvés !
    • Poste le rapport sur le forum

    Sofia
    Participant
    Nombre d'articles : 14

    Hola, désolée pour le retard, décallage horaire oblige…
    Juste une petite question: en suivant les instructions du forum j’avais déjà téléchargé Malwarebytes sans décocher”Activer l’essai gratuit…” et mis le diag dans mon premier post… y’a pas de souci, ou je dois le re-télécharger?
    Merci!

    :electriksock: (parceque c’est la fête des morts ici au mexique!)

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    ah oui non exact j’avais oublié ^^

    des soucis persistent ?

    Sofia
    Participant
    Nombre d'articles : 14

    Eh bien… Oui quand je branche ma clef USB mes fichiers continuent à apparaitre comme raccourcis, et j’aimerai savoir s’il n’y a plus de virus sur mon PC et sur mon disque dur…
    Merci!

15 sujets de 1 à 15 (sur un total de 28)
  • Vous devez être connecté pour répondre à ce sujet.