Infection virus PC + USB + DDE 2013-10-31T03:46:24+00:00

Dépannage Informatique : Infection virus PC + USB + DDE

  • Auteur
    Messages
  • Sofia
    Participant
    Nombre d'articles : 13

    Bonjour à tous,

    Je suis nouvelle sur ce forum (et pas une pro de l’informatique), merci à tous ceux qui le font vivre!

    J’ai un nouvel ordinateur depuis un mois (ASUS X55U, windows 8, 4GB ram, x64 bits) et voulant faire les choses bien j’ai acheté et installé Kaspersky 2013, scanné mon disque dur externe et ma clef USB, et pas de virus détectés, avant de copier des fichiers.

    Il y a 2 semaines ma clef USB a été infectée par un virus (en le connectant à un autre PC) qui a converti la plupart des fichiers en raccourci. En double-cliquant sur un de ces raccourcis, j’ai l’impression que j’ai installé un programme pas très gentil; quelques jours plus tard, je ne pouvais plus ouvrir windows sur mon ordinateur; en suivant “l’aide téléphonique” de Asus, j’ai restauré mon ordinateur à un état antérieur: je n’ai pas perdu de fichier (juste des programmes), à priori l’ordi a l’air de marcher, mais je ne sais pas si le virus a été éliminé, c’est pourquoi je poste sur ce forum les rapports MBAM, ZHP Diag et Adwcleaner pour être sur que ces virus sont bien partis.

    Par ailleurs j’ai voulu faire “réparer” ma clef USB et mon disque dur (j’habite au mexique, il y a plein de petites boutiques d’informatique à tous les coins de rue), mais j’ai l’impression que tout ce qu’ils ont fait, c’est copier l’information, formater les disques et re-copier l’info: total, ma clef USB continue à m’afficher les fichiers comme raccourci… ¿que dois-je faire?

    Ps: au moment de faire l’analyse par MBAM, ZHP Diag et Adwcleaner de mon PC, je n’avais pas connecté ma clef et mon disque dur… dois-je le faire?

    D’avance merci!!

    Sofía

    [spoiler:3s8om8e7]Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.10.30.07

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16721
    AMB :: RS [administrateur]

    Protection: Activé

    30/10/2013 20:27:49
    mbam-log-2013-10-30 (20-27-49).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 223682
    Temps écoulé: 5 minute(s), 54 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    (fin)[/spoiler:3s8om8e7]

    [spoiler:3s8om8e7]# AdwCleaner v3.010 – Reporte Creado 30/10/2013 en 20:40:50
    # Actualizado 20/10/2013 por Xplode
    # Sistema Operativo : Windows 8 Single Language (64 bits)
    # Nombre de usuario : AMB – RS
    # Ejecutado desde : C:UsersAMBDesktopadwcleaner.exe
    # Opción : Limpiar

    ***** [ Servicios ] *****

    ***** [ Archivos / Carpetas ] *****

    Carpeta Borrar : C:UsersAMBAppDataRoamingpdfforge

    ***** [ Accesos directos ] *****

    ***** [ Registro ] *****

    Clave Borrar : HKLMSOFTWAREClassesS

    ***** [ Navegadores ] *****

    -\ Internet Explorer v10.0.9200.16537

    -\ Mozilla Firefox v25.0 (es-MX)

    [ Archivo : C:UsersAMBAppDataRoamingMozillaFirefoxProfileshki8gza2.defaultprefs.js ]

    *************************

    AdwCleaner[R0].txt – [890 octets] – [30/10/2013 20:39:16]
    AdwCleaner[S0].txt – [804 octets] – [30/10/2013 20:40:50]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [863 octets] ##########[/spoiler:3s8om8e7]

    [spoiler:3s8om8e7]~ Report of ZHPDiag v2013.10.30.78 – Nicolas Coolman (30/10/2013)
    ~ Launched by AMB (30/10/2013 20:54:20)
    ~ Web site address : http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Translated by
    ~ Version State :
    ~ White List : Activate by program
    ~ Elevation of privilege : OK
    ~ User Account Control :

    —\ Internet browsers
    MSIE: Internet Explorer v10.0.9200.16721
    MFIE: Mozilla Firefox 25.0 (Defaut)

    —\ Windows product information
    ~ Langage: Anglais
    Windows 8 Home Premium Edition, 64-bit (Build 9200)
    Windows Server License Manager Script : OK
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ System protection software
    Kaspersky Internet Security 2013 v13.0.1.4190
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W8

    —\ System optimization software

    —\ Sharing software PeerToPeer

    —\ Surveillance software
    Adobe Flash Player 11 Plugin
    Adobe Reader X

    —\ Information on the system
    ~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3673 MB (69% free)
    System Restore: Activé (Enable)
    System drive C: has 57 GB (30%) free of 186 GB

    —\ Connection to the system mode
    ~ Computer Name: RS
    ~ User Name: AMB
    ~ All Users Names: Invitado, AMB, Administrador,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Environment variables
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersAMBAppDataRoamingZHP
    ~ %AppData% : C:UsersAMBAppDataRoaming
    ~ %Desktop% : C:UsersAMBDesktop
    ~ %Favorites% : C:UsersAMBFavorites
    ~ %LocalAppData% : C:UsersAMBAppDataLocal
    ~ %StartMenu% : C:UsersAMBAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumeration of the disk units
    C: Hard drive, Flash drive, Thumb drive (Free 57 Go of 186 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
    E: CD-ROM drive (Not Inserted)

    —\ State of the Windows Security Center
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Search Generic System Files
    [MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorador de Windows.) (.01/06/2013 – 5:34:21.) — C:WindowsExplorer.exe [2391280]
    [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Aplicación de inicio de Windows.) (.25/07/2012 – 21:08:50.) — C:WindowsSystem32Wininit.exe [132608]
    [MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensiones de Internet para Win32.) (.22/09/2013 – 16:55:10.) — C:WindowsSystem32wininet.dll [2241024]
    [MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Aplicación de inicio de sesión de Windows.) (.10/10/2012 – 23:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
    [MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Biblioteca de licencias de software.) (.25/07/2012 – 21:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
    [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] – (.Microsoft Corporation – Controlador de función suplementaria de Winsock.) (.05/11/2012 – 21:53:44.) — C:Windowssystem32DriversAFD.sys [560640]
    [MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.25/07/2012 – 23:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
    [MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.25/07/2012 – 20:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
    [MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.25/07/2012 – 20:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
    [MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.25/07/2012 – 20:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
    [MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 0:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
    [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Controlador de puerto de i8042.) (.25/07/2012 – 20:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
    [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.25/07/2012 – 20:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
    [MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.05/02/2013 – 16:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
    [MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.25/07/2012 – 20:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
    [MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Controlador del sistema de archivos NTFS.) (.02/02/2013 – 4:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
    [MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Controlador de puerto paralelo.) (.25/07/2012 – 20:29:53.) — C:Windowssystem32DriversParport.sys [105984]
    [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.25/07/2012 – 20:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
    [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirector de dispositivos de Microsoft RDP.) (.25/07/2012 – 20:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
    [MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.25/07/2012 – 23:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
    [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Controlador de instantánea de volumen.) (.01/06/2013 – 5:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Hidden files state (Hidden/Total)
    ~ Mes images (My Pictures) : 1/13663
    ~ Mes musiques (My Musics) : 1/3269
    ~ Mes Videos (My Videos) : 1/3
    ~ Mes Favoris (My Favorites) : 1/8
    ~ Mes Documents (My Documents) : 1/293
    ~ Mon Bureau (My Desktop) : 1/9
    ~ Menu demarrer (Programs) : 1/21
    ~ Hidden Files: Scanned in 00mn 09s

    —\ Process running
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2016]
    [MD5.7C58A2513C3DA421A461D75C66C56D21] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1123536] [PID.484]
    [MD5.2C35624F79B9ADBFE47090879F0D8673] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322208] [PID.2424]
    [MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [178848] [PID.2844]
    [MD5.29769215DEB6E8418EF3656B0423776E] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20352] [PID.4004]
    [MD5.38161F642AA7A2882914DDB0E90FF41C] – (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [642216] [PID.3724]
    [MD5.B7995C675014EEBE77A0BEB7AFCCFC08] – (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe [91432] [PID.944]
    [MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] – (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe [356128] [PID.1656]
    [MD5.A7766D3BCB614BC77AA06579D84AE8ED] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8153600] [PID.844]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Line Analysis F0, F1, F2, F3 – IniFiles, Auto loading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Other User Links (O4)
    O4 – GSDesktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
    O4 – GSProgram [Public]: Desktop.lnk – Orphan key
    O4 – GSProgram [Public]: HD VDeck.lnk . (.VIA – VIA HD Audio CPL.) — C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [AMB]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [AMB]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [AMB]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [AMB]: Kaspersky Internet Security 2013.lnk . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe
    O4 – GSDesktop [AMB]: Mis documentos.lnk . (…) — C:UsersAMBDocuments
    ~ Global Startup: 36 Legitimates Filtered in 00mn 08s

    —\ Auto loading programs from Registry and folders (O4)
    O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [HDAudDeck] . (.VIA – VIA HD Audio CPL.) — C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe
    O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [AVP] . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe
    ~ Application: Scanned in 00mn 00s

    —\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
    O9 – Extra button: Teclado Virtual [64Bits] – {0C4CC089-D306-440D-9772-464E226F6539} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013kbrd.ico
    O9 – Extra button: Comprobación de direcciones URL [64Bits] – {CCF151D8-D089-449F-A5A4-D9909053F20F} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013logo.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Lop.com/Domain Hijackers (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3BE12774-F972-4252-A652-15D3E9EDAB1E}: DhcpNameServer = 10.3.9.2 10.3.1.100
    O17 – HKLMSystemCCSServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpNameServer = 127.0.0.1
    O17 – HKLMSystemCCSServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpDomain = wds02.com
    O17 – HKLMSystemCS1ServicesTcpip..{3BE12774-F972-4252-A652-15D3E9EDAB1E}: DhcpNameServer = 10.3.9.2 10.3.1.100
    O17 – HKLMSystemCS1ServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpNameServer = 127.0.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{FEFB1A8D-52D4-4A49-93D3-D8317C08C32D}: DhcpDomain = wds02.com
    ~ Domain: Scanned in 00mn 00s

    —\ Extra protocols (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visor HTML de Microsoft (R).) — C:WindowsSystem32mshtml.dll
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Contents of the Common Files folders (O43)
    O43 – CFD: 19/10/2013 – 16:24:17 – [0] -SH-D C:UsersAMBAppDataLocalArchivos temporales de Internet
    ~ Program Folder: 102 Legitimates Filtered in 00mn 43s

    —\ Last modified or created files under Windows and System32 (O44)
    O44 – LFC:[MD5.165EB24F51291AA5D0EB1BA9D28648D2] – 19/10/2013 – 16:24:39 —A- . (…) — C:Windowsdiagerr.xml [17148]
    O44 – LFC:[MD5.165EB24F51291AA5D0EB1BA9D28648D2] – 19/10/2013 – 16:24:39 —A- . (…) — C:Windowsdiagwrn.xml [17148]
    O44 – LFC:[MD5.F1E903CAD8AE7F74CBE877C96EA3F47A] – 19/10/2013 – 16:31:06 —A- . (…) — C:WindowsFixPatch.log [198]
    O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 19/10/2013 – 16:51:37 —A- . (…) — C:WindowsSysNativeApnDatabase.xml [386923]
    O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 19/10/2013 – 16:51:37 —A- . (…) — C:WindowsSystem32ApnDatabase.xml [386923]
    O44 – LFC:[MD5.FF5E3D3BD17234BFF2BC8E113CBA632A] – 19/10/2013 – 17:05:24 —A- . (…) — C:WindowsDPINST.LOG [12662]
    O44 – LFC:[MD5.18B7CB93C628B2E84C19D147F4AE881E] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSysNativepar.txt [42]
    O44 – LFC:[MD5.95970761AEE9A4B5678A839656168E51] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSysNativepar2.txt [45]
    O44 – LFC:[MD5.18B7CB93C628B2E84C19D147F4AE881E] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSystem32par.txt [42]
    O44 – LFC:[MD5.95970761AEE9A4B5678A839656168E51] – 19/10/2013 – 17:53:37 —A- . (…) — C:WindowsSystem32par2.txt [45]
    O44 – LFC:[MD5.A0387C02E067531CD5CD18BEED9857B8] – 19/10/2013 – 17:54:53 —A- . (…) — C:Windowscur.log [1209]
    O44 – LFC:[MD5.A572C5598C2B77D19E8C86543E1757BB] – 19/10/2013 – 17:58:29 —A- . (…) — C:Windowsori.log [1252]
    O44 – LFC:[MD5.5498449C191A8B1B3CC52B10EA0C37D1] – 19/10/2013 – 18:01:43 —A- . (…) — C:Windowsmot.log [1252]
    O44 – LFC:[MD5.53A6FB9940EE28E5BFF25E17AE1B6662] – 19/10/2013 – 21:11:40 —A- . (…) — C:Windowscomp.log [99]
    O44 – LFC:[MD5.57622C3186F68B12942059D2A16FF6C4] – 21/10/2013 – 15:00:53 —A- . (…) — C:WindowsImprovement.log [26]
    O44 – LFC:[MD5.983FB022A15049162B8BFAF627FDB689] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfc0416.dat [154608]
    O44 – LFC:[MD5.F034D1EC82BD6F5078BDB91ED2E83D38] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfc0816.dat [159974]
    O44 – LFC:[MD5.ADC166FCA3829F1DEFEF89B8385DD480] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfh0416.dat [762816]
    O44 – LFC:[MD5.40135932BB5F9BA387A23B21765043AB] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSysNativeprfh0816.dat [776694]
    O44 – LFC:[MD5.983FB022A15049162B8BFAF627FDB689] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfc0416.dat [154608]
    O44 – LFC:[MD5.F034D1EC82BD6F5078BDB91ED2E83D38] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfc0816.dat [159974]
    O44 – LFC:[MD5.ADC166FCA3829F1DEFEF89B8385DD480] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfh0416.dat [762816]
    O44 – LFC:[MD5.40135932BB5F9BA387A23B21765043AB] – 30/10/2013 – 20:55:44 —A- . (…) — C:WindowsSystem32prfh0816.dat [776694]
    ~ Files: 1103 Legitimates Filtered in 01mn 36s

    —\ Last files created in Windows Prefetcher (O45)
    O45 – LFCP:[MD5.8E3256F47C6650FE7331BD696EE812B2] – 19/10/2013 – 16:53:23 —A- – C:WindowsPrefetchMCUIHOST.EXE-AE5E0AD4.pf
    O45 – LFCP:[MD5.6D37DB8C895F7097888DA4F54042CD2F] – 19/10/2013 – 17:09:41 —A- – C:WindowsPrefetchMCCLNUI.EXE-556F8410.pf
    O45 – LFCP:[MD5.3A7C0F5929575EA2F266226771396AA1] – 19/10/2013 – 17:26:40 —A- – C:WindowsPrefetchAUTORUN.EXE-D28490C2.pf
    O45 – LFCP:[MD5.F09EA636872FA884820F941D44122905] – 19/10/2013 – 17:26:48 —A- – C:WindowsPrefetchKIS13.0.1.4190ES_3639.EXE-16A5A3A3.pf
    O45 – LFCP:[MD5.BE8A816504B8DFA398B24F199203E0F3] – 19/10/2013 – 19:11:16 —A- – C:WindowsPrefetchPATCH_G.EXE-E400E555.pf
    O45 – LFCP:[MD5.CBE70237E2D95F5158AE76AB74B5E8AF] – 19/10/2013 – 19:11:22 —A- – C:WindowsPrefetchPATCH_C.EXE-96A9FB41.pf
    O45 – LFCP:[MD5.7D69B92301990FBD22210A987221E7D7] – 19/10/2013 – 19:11:23 —A- – C:WindowsPrefetchPATCH_D.EXE-A9FFB5C6.pf
    O45 – LFCP:[MD5.B6BED430C83EB4C7D296A46CED54C198] – 19/10/2013 – 19:11:24 —A- – C:WindowsPrefetchPATCH_F.EXE-D0AB2AD0.pf
    O45 – LFCP:[MD5.5D787315A902C60147438965571F75F8] – 19/10/2013 – 19:11:28 —A- – C:WindowsPrefetchPATCH_I_KIS2013.EXE-F126C5C3.pf
    O45 – LFCP:[MD5.EF26BFE59D573198954AC4D07F12A5F7] – 21/10/2013 – 16:49:17 —A- – C:WindowsPrefetchDOWNLOADUPDATEINFO.TMP-5262C18F.pf
    O45 – LFCP:[MD5.C5A5536B6F852C5AA5DBED8FA631B8F9] – 21/10/2013 – 16:52:20 —A- – C:WindowsPrefetchCBSTUB.EXE-07331ED2.pf
    O45 – LFCP:[MD5.AD71CACAC11C3D55F7B4614950737462] – 21/10/2013 – 16:52:55 —A- – C:WindowsPrefetchINSTALLCHECK.TMP-98372B28.pf
    O45 – LFCP:[MD5.6A71FDB5B40E4BBA3F3922AF6699089E] – 21/10/2013 – 20:13:54 —A- – C:WindowsPrefetchCLEANUPTXRLOGS.EXE-E3BABE71.pf
    O45 – LFCP:[MD5.4FD1CAA14CDB9BCCC71A4A91E6C6EFB0] – 28/10/2013 – 19:36:12 —A- – C:WindowsPrefetchdynreservedpri.db
    O45 – LFCP:[MD5.F99CD19D209E228B8F0AE8F5CDA6E906] – 29/10/2013 – 19:50:02 —A- – C:WindowsPrefetchDELMIGPROV.EXE-D8CEC74F.pf
    O45 – LFCP:[MD5.278EC50818A1085FA52C5831B788B22F] – 30/10/2013 – 20:51:05 —A- – C:WindowsPrefetchPDVD10SERV.EXE-99C8A7B5.pf
    ~ Prefetcher: 209 Legitimates Filtered in 00mn 00s

    —\ Microsoft Windows Policies System (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Microsoft Windows Policies Explorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ System Drivers List (SDL) (O58)
    O58 – SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] – 01/08/2012 – 21:22:48 —A- . (.No owner – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
    ~ Drivers: 17 Legitimates Filtered in 00mn 00s

    —\ Last modified or created user files (O61)
    O61 – LFC: 30/10/2013 – 20:58:09 —A- . (…) — C:UsersAMBAppDataLocalThunderbirdMozilla Thunderbirdactive-update.xml [57] =>.Mozilla Corporation
    O61 – LFC: 30/10/2013 – 20:58:13 —A- . (…) — C:UsersAMBAppDataRoamingThunderbirdCrash ReportsInstallTime20131023145339 [10] =>.Mozilla Corporation
    O61 – LFC: 30/10/2013 – 20:58:22 —A- . (…) — C:UsersAMBDocumentscontactos luum.csv [84256]
    O61 – LFC: 30/10/2013 – 20:58:22 —A- . (…) — C:UsersAMBDocumentsdocuments-export-2013-10-30.zip [328862131]
    O61 – LFC: 30/10/2013 – 20:58:30 —A- . (…) — C:UsersAMBLinksDesktop.lnk [441]
    O61 – LFC: 30/10/2013 – 20:58:30 —A- . (…) — C:UsersAMBLinksDownloads.lnk [860]
    O61 – LFC: 30/10/2013 – 20:58:30 —A- . (…) — C:UsersAMBLinksRecentPlaces.lnk [383]
    ~ Files: 132 Legitimates Filtered in 07mn 00s

    —\ List all tools cleaner (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Start Menu Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Search Particular Root Folder (SPRF) (O84)
    [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
    [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersAMBAppDataLocalTempQuarantine.exe [344355]
    [MD5.8C27D71B2F6719136407C525ECF18D51] [SPRF][30/10/2013] (…) — C:UsersAMBDesktopadwcleaner.exe [1060070]
    ~ Files: 6 Legitimates Filtered in 00mn 01s

    —\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 07/08/2012 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 23/07/2012 105120 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 19/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SS – | Demand 29/10/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SR – | Auto 14/08/2012 27792 | (VIAKaraokeService) . (.VIA Technologies, Inc..) – C:WindowsSystem32viakaraokesrv.exe
    SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SS – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 13s

    —\ Search Master Boot Record Infection (MBR)(O80)
    Run by AMB at 30/10/2013 21:07:55
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Search Master Boot Record Infection (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by AMB at 30/10/2013 21:07:59

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 03s

    —\ Scan Additionnel (O88)
    Database Version : 12965 – (30/10/2013)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 0

    ~ Additionnel Scan: 189030 Items scanned in 00mn 50s

    ~ 2171 Legitimates filtered by white list
    End of the scan (358 lines in 14mn 30s)(0)[/spoiler:3s8om8e7]

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    hello pour vérifier et vacciner :

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • Sofia
    Participant
    Nombre d'articles : 13

    Bonjour et merci pour ta réponse!

    Juste une petite question: je connecte ma clef USB et mon disque dur externe avant de lancer USBfix ou je continue juste avec mon PC?

    :merci2:
    Sofía

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    branche tout ce que tu peux brancher ports usb , sdcards , etc, etc…..mp3,4

  • Sofia
    Participant
    Nombre d'articles : 13

    Rebonjour!

    J’ai lancé usbfix en mode normal mais il a planté a 21%, alors je l’ai lancé en mode sans echec, en conectant mon USB + DDE, voilà le résultat:

    [spoiler:13gq65d4]############################## | UsbFix V 7.147 | [Supresión]

    Usuario: AMB (Administrador) # RS
    Actualizado el 30/10/2013 por El Desaparecido – Team SosVirus
    Comenzó a 11:23:21 | 31/10/2013

    Sitio web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contacto: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X55U)
    CPU: AMD E-450 APU with Radeon(tm) HD Graphics
    RAM -> [Total : 3673 | Free : 2789]
    Bios: American Megatrends Inc.
    Boot: Fail-safe boot

    OS: Microsoft Windows 8 Single Language (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 25.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Kaspersky Internet Security [Enabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [(!) Disabled]

    C: (%systemdrive%) -> Disco fijo # 186 Gb (61 Mb libre(s) – 33%) [OS] # NTFS
    D: -> Disco fijo # 258 Gb (258 Mb libre(s) – 100%) [Data] # NTFS
    E: -> CD-ROM
    F: -> Disco fijo # 298 Gb (122 Mb libre(s) – 41%) [My Passport] # NTFS
    G: -> Disco extraíble # 4 Gb (2 Mb libre(s) – 41%) [ADATA UFD] # FAT32

    ################## | Procesos Parados |

    Parado! C:WindowsExplorer.EXE (ID: 644 |ParentID: 628)
    Parado! C:Windowssystem32ctfmon.exe (ID: 864 |ParentID: 644)
    Parado! C:Windowssystem32DllHost.exe (ID: 1204 |ParentID: 612)
    Parado! \?C:Windowssystem32wbemWMIADAP.EXE (ID: 1912 |ParentID: 784)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –

    ################## | Búsqueda genérica |

    (!) Archivos temporales suprimido.

    ################## | Registro |

    Reparado ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Reparado ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0

    ################## | Listing |

    [19/10/2013 – 16:32:41 | SHD ] C:$Recycle.Bin
    [23/10/2013 – 12:11:58 | D ] C:$SysReset
    [30/10/2013 – 20:40:51 | D ] C:AdwCleaner
    [19/10/2013 – 16:23:06 | SHD ] C:Archivos de programa
    [05/10/2012 – 04:24:40 | D ] C:AsusVibeData
    [04/08/2012 – 22:53:19 | SHD ] C:Boot
    [25/07/2012 – 21:44:30 | RASH | 398156] C:bootmgr
    [02/06/2012 – 08:30:55 | N | 1] C:BOOTNXT
    [26/07/2012 – 01:22:08 | SHD ] C:Documents and Settings
    [05/10/2012 – 04:19:58 | D ] C:eSupport
    [31/10/2013 – 11:20:31 | ASH | 3081383936] C:hiberfil.sys
    [31/10/2013 – 11:20:32 | ASH | 671088640] C:pagefile.sys
    [26/07/2012 – 01:33:46 | D ] C:PerfLogs
    [30/10/2013 – 21:07:57 | N | 512] C:PhysicalDisk0_MBR.bin
    [19/10/2013 – 17:08:02 | D ] C:Program Files
    [30/10/2013 – 20:53:16 | D ] C:Program Files (x86)
    [30/10/2013 – 20:25:36 | HD ] C:ProgramData
    [31/10/2013 – 11:20:32 | ASH | 268435456] C:swapfile.sys
    [31/10/2013 – 09:58:44 | SHD ] C:System Volume Information
    [31/10/2013 – 11:29:23 | D ] C:UsbFix
    [31/10/2013 – 10:02:22 | N | 6892] C:UsbFix [Clean 1] RS.txt
    [31/10/2013 – 11:33:27 | A | 4756] C:UsbFix [Clean 2] RS.txt
    [19/10/2013 – 16:24:16 | RD ] C:Users
    [31/10/2013 – 11:20:31 | D ] C:Windows
    [25/10/2013 – 10:01:31 | D ] C:Windows.old
    [21/08/2012 – 22:08:34 | N | 4196352] C:X45U.BIN
    [21/08/2012 – 22:06:49 | N | 4196352] C:X55U.BIN
    [19/05/2013 – 07:57:18 | SHD ] D:$RECYCLE.BIN
    [04/09/2013 – 20:07:56 | SHD ] D:System Volume Information

    ################## | Vaccin |

    (!) Este ordenador no está vacunado!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:13gq65d4]
    (désolée, le rapport est en español…)
    :bye:

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    fais voir celui-ci ? C:UsbFix [Clean 1] RS.txt

  • Sofia
    Participant
    Nombre d'articles : 13

    Je ne l’avais pas vu… le voila!

    [spoiler:1dfz617j]############################## | UsbFix V 7.147 | [Supresión]

    Usuario: AMB (Administrador) # RS
    Actualizado el 30/10/2013 por El Desaparecido – Team SosVirus
    Comenzó a 10:01:56 | 31/10/2013

    Sitio web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contacto: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X55U)
    CPU: AMD E-450 APU with Radeon(tm) HD Graphics
    RAM -> [Total : 3673 | Free : 2288]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 Single Language (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 25.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Kaspersky Internet Security [(!) Disabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disco fijo # 186 Gb (61 Mb libre(s) – 33%) [OS] # NTFS
    D: -> Disco fijo # 258 Gb (258 Mb libre(s) – 100%) [Data] # NTFS
    E: -> CD-ROM
    F: -> Disco fijo # 298 Gb (122 Mb libre(s) – 41%) [My Passport] # NTFS
    G: -> Disco extraíble # 4 Gb (2 Mb libre(s) – 41%) [ADATA UFD] # FAT32

    ################## | Procesos Parados |

    Parado! C:Windowssystem32atiesrxx.exe (ID: 884 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1268 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1344 |ParentID: 660)
    Parado! C:WindowsSystem32spoolsv.exe (ID: 1444 |ParentID: 660)
    Parado! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1588 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe (ID: 1636 |ParentID: 660)
    Parado! C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (ID: 1656 |ParentID: 660)
    Parado! C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (ID: 1728 |ParentID: 660)
    Parado! C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (ID: 1764 |ParentID: 660)
    Parado! C:Windowssystem32viakaraokesrv.exe (ID: 1928 |ParentID: 660)
    Parado! C:Windowssystem32SearchIndexer.exe (ID: 3236 |ParentID: 660)
    Parado! C:WindowsSystem32LogonUI.exe (ID: 1316 |ParentID: 3156)
    Parado! C:Windowssystem32atieclxx.exe (ID: 3896 |ParentID: 884)
    Parado! C:Program FilesASUSP4GBatteryLife.exe (ID: 4428 |ParentID: 660)
    Parado! C:Windowssystem32taskhostex.exe (ID: 628 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID: 636 |ParentID: 660)
    Parado! C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 880 |ParentID: 1268)
    Parado! C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe (ID: 4484 |ParentID: 1636)
    Parado! C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (ID: 3308 |ParentID: 1764)
    Parado! C:WindowsExplorer.EXE (ID: 3596 |ParentID: 1488)
    Parado! C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 5096 |ParentID: 880)
    Parado! C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2276 |ParentID: 3612)
    Parado! C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 4760 |ParentID: 3824)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID: 4568 |ParentID: 480)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID: 4288 |ParentID: 4568)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID: 4580 |ParentID: 4568)
    Parado! C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe (ID: 3684 |ParentID: 1908)
    Parado! C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 1168 |ParentID: 1908)
    Parado! C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013avp.exe (ID: 4664 |ParentID: 3060)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (ID: 2532 |ParentID: 4604)
    Parado! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 2800 |ParentID: 4948)
    Parado! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 1152 |ParentID: 2800)
    Parado! C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (ID: 4128 |ParentID: 4568)
    Parado! C:WindowsservicingTrustedInstaller.exe (ID: 1480 |ParentID: 660)
    Parado! C:Windowswinsxsamd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79TiWorker.exe (ID: 6028 |ParentID: 776)
    Parado! C:Windowssystem32lpksetup.exe (ID: 6128 |ParentID: 4272)
    Parado! C:Windowssystem32lpksetup.exe (ID: 5720 |ParentID: 776)
    Parado! C:Windowssystem32srtasks.exe (ID: 6108 |ParentID: 5720)
    Parado! C:Windowssystem32conhost.exe (ID: 1712 |ParentID: 6108)
    Parado! C:WindowsSystem32WUDFHost.exe (ID: 5628 |ParentID: 1036)
    Parado! \?C:Windowssystem32wbemWMIADAP.EXE (ID: 5576 |ParentID: 1008)
    Parado! C:Windowssystem32vssvc.exe (ID: 4800 |ParentID: 660)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –

    ################## | Búsqueda genérica |[/spoiler:1dfz617j]

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    fais ceci :

      Seuls ces liens sont officiels ne pas télécharger l’outil sur d’autres liens !

      Note : Pendant le scan le bureau peu disparaître à plusieurs reprises

    • Désactive toutes tes protections si possible, antivirus, sandbox, pare-feux … ( >> Aide << )
    • Télécharge Pre_Scan sur ton bureau !
    • Si le lien n’est pas fonctionnel :
      • #ICI (renommé winlogon)

    • Note : Si l’outil est relancé plusieurs fois, clique sur Scan|Kill

    • Si l’outil est bloqué par l’infection essaye avec d’autres exetensions :

    • Si des Proxy sont détectés et que tu n’en as pas installé :
      • Clique sur Supprimer le Proxy

    • A la fin du scan, rends toi à la racine de ton disque dur ( C: )
    • Héberge le rapport Pre_Scan¤¤¤¤¤¤¤¤¤.txt sur SosUpload
  • Sofia
    Participant
    Nombre d'articles : 13

    Re-re-re bonjour!

    J’avoue que je ne comprends pas tout ce qui se passe, mais je suis les instructions… J’ai téléchargé prescan, ça a lancé scan I kill directement, ça a duré 2h mais je ne crois pas qu’il ait beugué, voilà le rapport: https://antimalware.top/log/SosUpload.dab941fae6441a2a7c44f12329322ae2.txt” onclick=”window.open(this.href);return false;

    A bientôt pour la suite des aventures!
    Merci et bonne nuit en France!
    :dodo10:

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    le rapport n’est aps complet….on va voir ce qui se passe avec un diag

    relance l’outil , clique sur diag , puis heberge au final , le rapport c:pre_diag_xx_xx_xx.txt sur Sosupload et donne le lien

  • Sofia
    Participant
    Nombre d'articles : 13

    Voila le rapport de diag, mais j’ai branché mon usb et mon DDE en cours de route… dois-je le refaire?
    http://cjoint.com/13nv/CKbbzHWcjtL.htm” onclick=”window.open(this.href);return false;
    :merci2:

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware PRO”
    • Sélectionne Examen complet
    • Clic sur Rechercher
    • Supprime tout les éléments trouvés !
    • Poste le rapport sur le forum

  • Sofia
    Participant
    Nombre d'articles : 13

    Hola, désolée pour le retard, décallage horaire oblige…
    Juste une petite question: en suivant les instructions du forum j’avais déjà téléchargé Malwarebytes sans décocher”Activer l’essai gratuit…” et mis le diag dans mon premier post… y’a pas de souci, ou je dois le re-télécharger?
    Merci!

    :electriksock: (parceque c’est la fête des morts ici au mexique!)

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    ah oui non exact j’avais oublié ^^

    des soucis persistent ?

  • Sofia
    Participant
    Nombre d'articles : 13

    Eh bien… Oui quand je branche ma clef USB mes fichiers continuent à apparaitre comme raccourcis, et j’aimerai savoir s’il n’y a plus de virus sur mon PC et sur mon disque dur…
    Merci!

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    et tout etait connecté pendant la suppression d’usbfix ?

  • Sofia
    Participant
    Nombre d'articles : 13

    Avec usbfix oui tout était connecté, je l’ai fait en mode sans echec.
    Pour le diag de Prescan comme je ne pouvais pas l’arreter, j’ai connecté mes usb et dde en cours de route…

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    ok reconnecte tout et refais une suppression avec usbfix en mode sans echec

  • Sofia
    Participant
    Nombre d'articles : 13

    Salut!

    Voilà le rapport de USBfix, je crois que cette fois ça a marché! Mes fichiers n’apparaissent plus comme raccourci sur mon usb, youpi!!!

    [spoiler:2c7v3o09]############################## | UsbFix V 7.147 | [Supresión]

    Usuario: AMB (Administrador) # RS
    Actualizado el 30/10/2013 por El Desaparecido – Team SosVirus
    Comenzó a 15:17:56 | 01/11/2013

    Sitio web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contacto: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X55U)
    CPU: AMD E-450 APU with Radeon(tm) HD Graphics
    RAM -> [Total : 3673 | Free : 2837]
    Bios: American Megatrends Inc.
    Boot: Fail-safe boot

    OS: Microsoft Windows 8 Single Language (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 25.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Kaspersky Internet Security [Enabled | Updated]
    AS: Windows Defender : 4.3.0215.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [(!) Disabled]

    C: (%systemdrive%) -> Disco fijo # 186 Gb (53 Mb libre(s) – 28%) [OS] # NTFS
    D: -> Disco fijo # 258 Gb (258 Mb libre(s) – 100%) [Data] # NTFS
    E: -> CD-ROM
    F: -> Disco fijo # 298 Gb (122 Mb libre(s) – 41%) [My Passport] # NTFS
    G: -> Disco extraíble # 4 Gb (2 Mb libre(s) – 41%) [ADATA UFD] # FAT32

    ################## | Procesos Parados |

    Parado! C:WindowsExplorer.EXE (ID: 336 |ParentID: 328)
    Parado! C:Windowssystem32ctfmon.exe (ID: 488 |ParentID: 336)
    Parado! C:Windowssystem32DllHost.exe (ID: 1136 |ParentID: 608)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [HDAudDeck] – C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe -r
    HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2013runner_avp.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –

    ################## | Búsqueda genérica |

    Suprimido ! G:559.lnk
    Suprimido ! G:MVI_7172.lnk
    Suprimido ! G:Esquinas_2.lnk
    Suprimido ! G:_disk_id.lnk
    Suprimido ! G:xanath.lnk
    Suprimido ! G:vainilla.lnk
    Suprimido ! G:TOTONACA.lnk
    Suprimido ! G:capitulo4.lnk
    Suprimido ! G:CONSOLIDADO CUESTIONARIOS VAINILLA.lnk
    Suprimido ! G:BOOTEX.lnk
    Suprimido ! G:DIAG FINAL final 2.lnk
    Suprimido ! G:CONSOLIDADO CUESTIONARIOS VAINILLA-FORMATO.lnk
    Suprimido ! G:impacto vainilla.lnk
    Suprimido ! G:EDO_VER_TT_2006.lnk
    Suprimido ! G:DR_cuasimulco.lnk
    Suprimido ! G:ANEXO DIAGNÓSTICO.lnk
    Suprimido ! G:vainilla_av.lnk
    Suprimido ! G:INFO ZONAS DE INVESTIGACION.lnk
    Suprimido ! G:Copia de Matriz FODA.lnk
    Suprimido ! G:BASE DE DATOS REALES VAINILLA.lnk
    Suprimido ! G:DIR-EXP-VER.lnk
    Suprimido ! G:ANALISIS VAINILLINA.lnk
    Suprimido ! G:el siglo de la vainilla en papantla.lnk
    Suprimido ! G:ENTREVISTAS A LÍDERES.lnk
    Suprimido ! G:Relacion muestras vainilla.lnk
    Suprimido ! G:DIAG FINAL.lnk
    Suprimido ! G:CONSOLIDADO CUESTIONARIOS VAINILLA veracruz.lnk
    Suprimido ! G:CONSOLIDADO CUESTIONARIOS VAINILLA Oaxaca.lnk
    Suprimido ! G:El Cultivo de la Vainilla.lnk
    Suprimido ! G:produccion oaxaca 2011.lnk
    Suprimido ! G:DERRUMBE PRODUCCION VAINILLA 2012.lnk
    Suprimido ! G:DE_chinantecos.lnk
    Suprimido ! G:PUB0169_BoletinAMSACno20.lnk
    Suprimido ! G:GAYA.lnk
    Suprimido ! G:CIFRAS HISTORICAS PRODUCCION VAINILLA.lnk
    Suprimido ! G:onza.lnk
    Suprimido ! G:productores opaxaca 2012.lnk
    Suprimido ! G:programa recuperacion vainilla oaxaca 2012.lnk
    Suprimido ! G:Totonaca-2005.lnk
    Suprimido ! G:UniVerso El Periódico de los Universitarios – No.lnk
    Suprimido ! G:5532423580_75842f1406.lnk
    Suprimido ! G:dev.lnk
    Suprimido ! G:comerci toto.lnk
    Suprimido ! G:THE MEXICAN.lnk
    Suprimido ! G:SECCION_III_Valor Agregado_Vainilla.lnk
    Suprimido ! G:DIAG FINAL final.lnk
    Suprimido ! G:SECCION_II_Caracteristicas_del_Mercado_Vainilla.lnk
    Suprimido ! G:Producción de vainilla en invernaderos.lnk
    Suprimido ! G:anual-090500.lnk
    Suprimido ! G:BusquedaEmpresa.lnk
    Suprimido ! G:SIAVI – Sistema de Informacion Comercial Via Internet (09050001 ).lnk
    Suprimido ! G:empresas_subpartida-090500.lnk
    Suprimido ! G:PRECIOS Y COSTOS.lnk
    Suprimido ! G:DATOS ADICIONALES PRESENTACION.lnk
    Suprimido ! G:DIAG FINAL final 3.lnk
    Suprimido ! G:veracruz-2.lnk
    Suprimido ! G:Oaxaca_in_Mexico.lnk
    Suprimido ! G:Estudio vainillina vainilla Papantla.lnk
    Suprimido ! G:PR_VAINILLA_SAN_LUIS_2012.lnk
    Suprimido ! G:forma_32_captura_19012011.lnk
    Suprimido ! G:forma_32_captura_19012011 BLANCO.lnk
    Suprimido ! G:forma_32_captura_19012011 BLANCO 2.lnk
    Suprimido ! G:SOLICITUD DEVOLUCION FORMATO 32.lnk
    Suprimido ! G:.lnk
    Suprimido ! G:SEGURO (1).lnk
    Suprimido ! G:PAPANTLA PLAN Y DIAGNÓSTICO.lnk
    Suprimido ! G:http.lnk
    Suprimido ! G:carta presentacion Elias Garcia Martinez.lnk
    Suprimido ! G:reserva ecologica.lnk
    Suprimido ! G:DR_anexo.lnk
    Suprimido ! C:UsersAMBAppDataLocalTemprad92D28.tmp
    Suprimido ! F:syncguid.dat
    Suprimido ! F:RecyclerS-1-5-21-1482476501-823518204-1177238915-1003
    No suprimido ! F:RecyclerS-5-3-42-2819952290-8240758988-879315005-3665

    (!) Archivos temporales suprimido.

    ################## | Registro |

    Reparado ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
    Reparado ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 5

    ################## | Listing |

    [31/10/2013 – 17:38:55 | SHD ] C:$Recycle.Bin
    [23/10/2013 – 12:11:58 | D ] C:$SysReset
    [30/10/2013 – 20:40:51 | D ] C:AdwCleaner
    [19/10/2013 – 16:23:06 | SHD ] C:Archivos de programa
    [05/10/2012 – 04:24:40 | D ] C:AsusVibeData
    [04/08/2012 – 22:53:19 | SHD ] C:Boot
    [25/07/2012 – 21:44:30 | RASH | 398156] C:bootmgr
    [02/06/2012 – 08:30:55 | N | 1] C:BOOTNXT
    [26/07/2012 – 01:22:08 | SHD ] C:Documents and Settings
    [05/10/2012 – 04:19:58 | D ] C:eSupport
    [01/11/2013 – 15:15:44 | ASH | 3081383936] C:hiberfil.sys
    [01/11/2013 – 15:15:45 | ASH | 3892314112] C:pagefile.sys
    [26/07/2012 – 01:33:46 | D ] C:PerfLogs
    [30/10/2013 – 21:07:57 | N | 512] C:PhysicalDisk0_MBR.bin
    [31/10/2013 – 18:20:05 | | 528339] C:Pre_Diag_31_10_2013_18_20_05.txt
    [31/10/2013 – 18:08:45 | D ] C:Pre_Scan
    [31/10/2013 – 17:29:29 | N | 9846] C:Pre_Scan.txt
    [19/10/2013 – 17:08:02 | D ] C:Program Files
    [30/10/2013 – 20:53:16 | D ] C:Program Files (x86)
    [31/10/2013 – 16:57:49 | HD ] C:ProgramData
    [31/10/2013 – 23:21:51 | D ] C:sources
    [01/11/2013 – 15:15:45 | ASH | 268435456] C:swapfile.sys
    [31/10/2013 – 09:58:44 | SHD ] C:System Volume Information
    [01/11/2013 – 15:24:56 | D ] C:UsbFix
    [31/10/2013 – 10:02:22 | N | 6892] C:UsbFix [Clean 1] RS.txt
    [31/10/2013 – 11:33:27 | N | 5319] C:UsbFix [Clean 2] RS.txt
    [01/11/2013 – 15:29:03 | A | 8137] C:UsbFix [Clean 3] RS.txt
    [19/10/2013 – 16:24:16 | RD ] C:Users
    [31/10/2013 – 23:16:33 | D ] C:Windows
    [25/10/2013 – 10:01:31 | D ] C:Windows.old
    [21/08/2012 – 22:08:34 | N | 4196352] C:X45U.BIN
    [21/08/2012 – 22:06:49 | N | 4196352] C:X55U.BIN
    [19/05/2013 – 07:57:18 | SHD ] D:$RECYCLE.BIN
    [04/09/2013 – 20:07:56 | SHD ] D:System Volume Information
    [28/11/2012 – 19:42:24 | D ] F:$AVG
    [24/10/2013 – 14:43:49 | SHD ] F:$RECYCLE.BIN
    [29/04/2013 – 12:32:48 | D ] F:BACK UP LUUM
    [08/10/2013 – 18:40:36 | D ] F:BACK UP SOPHIE
    [27/08/2013 – 07:36:52 | N | 1128267776] F:buda_vfs.img
    [25/04/2013 – 06:02:31 | N | 1147904] F:Cado papa 2.pps
    [25/04/2013 – 06:02:21 | N | 1145856] F:Cado papa 2.ppt
    [29/04/2013 – 15:52:38 | N | 33792] F:Constancia continuidad laboral.doc
    [04/07/2012 – 10:30:37 | D ] F:DOCS ORLANDO
    [29/03/2012 – 11:07:24 | D ] F:Fichiers disque dur
    [24/01/2013 – 11:16:21 | D ] F:INFORME FINAL INDESOL
    [20/03/2013 – 01:18:03 | D ] F:LUUM ENERO 2013
    [31/07/2012 – 17:47:16 | D ] F:PACMYC 2012
    [10/10/2013 – 22:57:53 | D ] F:PROJET VANILLE
    [01/11/2013 – 15:24:55 | SHD ] F:RECYCLER
    [02/06/2013 – 20:19:34 | SHD ] F:System Volume Information
    [21/03/2012 – 08:21:21 | RASH | 708608] F:Thumbs.db
    [16/05/2013 – 19:29:40 | N | 1363330] G:559.pdf
    [12/05/2013 – 02:22:18 | N | 50075758] G:MVI_7172.AVI
    [12/05/2013 – 02:22:18 | N | 10866] G:MVI_7172.THM
    [16/05/2013 – 19:43:30 | N | 612438] G:Esquinas_2.pdf
    [18/05/2013 – 21:20:36 | D ] G:10. EL OJITE
    [18/05/2013 – 21:24:14 | D ] G:11. TUXTEPEC
    [22/05/2013 – 21:19:06 | N | 4] G:_disk_id.pod
    [18/04/2013 – 10:32:48 | N | 129440] G:xanath.png
    [18/05/2013 – 21:24:58 | D ] G:12. CARRETERA TUXTEPEC-VALLE NACIONAL
    [18/05/2013 – 21:26:10 | D ] G:13. VALLE NACIONAL
    [18/05/2013 – 21:26:44 | D ] G:14. GRAN LUCHA
    [29/05/2013 – 14:20:42 | N | 21065] G:vainilla.jpg
    [29/05/2013 – 19:13:58 | N | 407077] G:TOTONACA.PDF
    [12/05/2013 – 14:14:38 | N | 480871] G:capitulo4.pdf
    [18/05/2013 – 21:28:06 | D ] G:15. CANGREJO CHICO
    [18/05/2013 – 21:29:56 | D ] G:16. GRNJA GRANDE
    [19/05/2013 – 22:52:56 | D ] G:16. SAN FELIPE USILA
    [12/04/2013 – 21:16:46 | D ] G:17. CERRO QUEMADO
    [19/04/2013 – 02:03:54 | N | 178176] G:CONSOLIDADO CUESTIONARIOS VAINILLA.xls
    [16/04/2013 – 09:14:14 | N | 66048] G:CONSOLIDADO CUESTIONARIOS VAINILLA-FORMATO.xls
    [03/06/2013 – 13:52:38 | N | 65271808] G:DIAG FINAL final 2.ppt
    [12/06/2013 – 15:08:52 | N | 1050] G:BOOTEX.LOG
    [17/04/2013 – 23:29:50 | N | 2717696] G:impacto vainilla.doc
    [17/04/2013 – 23:37:46 | N | 1423931] G:EDO_VER_TT_2006.pdf
    [17/04/2013 – 23:49:38 | N | 194219] G:DR_cuasimulco.pdf
    [28/05/2013 – 11:25:54 | N | 44544] G:ANEXO DIAGNÓSTICO.doc
    [18/04/2013 – 18:22:36 | N | 29696] G:INFO ZONAS DE INVESTIGACION.doc
    [18/04/2013 – 06:28:04 | N | 19216314] G:vainilla_av.pdf
    [03/05/2013 – 20:10:00 | N | 72704] G:BASE DE DATOS REALES VAINILLA.xls
    [18/04/2013 – 07:26:54 | N | 163568] G:DIR-EXP-VER.pdf
    [18/04/2013 – 09:57:44 | N | 190536] G:ANALISIS VAINILLINA.TIF
    [18/04/2013 – 10:18:10 | N | 738599] G:el siglo de la vainilla en papantla.pdf
    [18/04/2013 – 12:08:12 | N | 23552] G:ENTREVISTAS A LÍDERES.doc
    [03/06/2013 – 16:12:00 | N | 44032] G:Relacion muestras vainilla.xls
    [30/05/2013 – 11:37:02 | N | 67412992] G:DIAG FINAL.ppt
    [03/06/2013 – 22:45:50 | N | 512000] G:CONSOLIDADO CUESTIONARIOS VAINILLA veracruz.xls
    [30/05/2013 – 15:50:08 | N | 146432] G:CONSOLIDADO CUESTIONARIOS VAINILLA Oaxaca.xls
    [19/04/2013 – 19:36:40 | N | 1704997] G:El Cultivo de la Vainilla.pdf
    [29/05/2013 – 14:41:04 | N | 93629] G:produccion oaxaca 2011.pdf
    [29/05/2013 – 15:50:26 | N | 16056] G:DERRUMBE PRODUCCION VAINILLA 2012.docx
    [29/05/2013 – 15:00:16 | N | 515755] G:DE_chinantecos.pdf
    [29/05/2013 – 15:58:14 | N | 6642267] G:PUB0169_BoletinAMSACno20.pdf
    [29/05/2013 – 21:13:56 | N | 9505] G:GAYA.jpg
    [12/06/2013 – 14:39:12 | N | 69829] G:CIFRAS HISTORICAS PRODUCCION VAINILLA.xlsx
    [29/05/2013 – 22:00:24 | N | 5032850] G:DIAG FINAL.pdf
    [30/05/2013 – 00:35:36 | N | 80454] G:onza.bmp
    [02/07/2013 – 13:03:30 | D ] G:dev
    [29/05/2013 – 16:05:56 | N | 401145] G:productores opaxaca 2012.pdf
    [29/05/2013 – 16:07:08 | N | 951867] G:programa recuperacion vainilla oaxaca 2012.pdf
    [29/05/2013 – 18:19:58 | N | 1480588] G:Totonaca-2005.pdf
    [29/05/2013 – 18:29:10 | D ] G:UniVerso El Periódico de los Universitarios – No. 491_files
    [29/05/2013 – 18:29:10 | N | 14664] G:UniVerso El Periódico de los Universitarios – No. 491.htm
    [30/05/2013 – 00:38:52 | N | 129690] G:5532423580_75842f1406.jpg
    [02/07/2013 – 13:05:54 | N | 433745] G:dev.zip
    [29/05/2013 – 21:48:42 | N | 5476] G:comerci toto.jpg
    [30/05/2013 – 00:58:04 | N | 47347] G:THE MEXICAN.jpg
    [30/05/2013 – 09:08:50 | N | 49152] G:SECCION_III_Valor Agregado_Vainilla.doc
    [30/05/2013 – 15:49:06 | N | 64863232] G:DIAG FINAL final.ppt
    [21/07/2013 – 19:31:16 | HD ] G:.Trashes
    [02/06/2013 – 19:56:56 | D ] G:fichas empresas
    [02/06/2013 – 20:23:12 | N | 401920] G:SECCION_II_Caracteristicas_del_Mercado_Vainilla.doc
    [02/06/2013 – 20:34:36 | N | 28160] G:Producción de vainilla en invernaderos.doc
    [02/06/2013 – 21:12:08 | N | 58880] G:anual-090500.xls
    [02/06/2013 – 21:12:20 | N | 105984] G:BusquedaEmpresa.xls
    [02/06/2013 – 21:22:26 | N | 120623] G:SIAVI – Sistema de Informacion Comercial Via Internet (09050001 ).pdf
    [25/04/2013 – 18:47:34 | N | 41984] G:empresas_subpartida-090500.xls
    [03/06/2013 – 22:46:02 | N | 32256] G:PRECIOS Y COSTOS.xls
    [03/06/2013 – 08:46:30 | N | 148480] G:DATOS ADICIONALES PRESENTACION.doc
    [03/06/2013 – 18:36:00 | N | 11936] G:Copia de Matriz FODA.xlsx
    [31/05/2013 – 11:14:24 | N | 2327777] G:DIAG FINAL final.ppsx
    [03/06/2013 – 21:34:34 | N | 73018368] G:DIAG FINAL final 3.ppt
    [03/06/2013 – 22:54:16 | D ] G:DIAGNOSTICO FINAL
    [04/06/2013 – 00:29:26 | N | 12842] G:veracruz-2.gif
    [04/06/2013 – 00:27:26 | N | 23138] G:Oaxaca_in_Mexico.svg.png
    [04/06/2013 – 01:11:54 | N | 38600] G:Relacion muestras vainilla.pdf
    [03/05/2013 – 22:20:54 | N | 1786332] G:Estudio vainillina vainilla Papantla.pdf
    [03/05/2013 – 05:05:14 | N | 1933744] G:PR_VAINILLA_SAN_LUIS_2012.pdf
    [26/06/2013 – 13:05:58 | N | 172474] G:forma_32_captura_19012011.tif
    [26/06/2013 – 13:06:18 | N | 879546] G:forma_32_captura_19012011 BLANCO.pdf
    [02/07/2013 – 10:42:44 | N | 879546] G:forma_32_captura_19012011 BLANCO 2.pdf
    [02/07/2013 – 10:44:28 | N | 165436] G:SOLICITUD DEVOLUCION FORMATO 32.pdf
    [21/07/2013 – 19:31:16 | SH | 4096] G:._.Trashes
    [22/09/2013 – 18:36:10 | D ] G:.fseventsd
    [21/07/2013 – 19:31:16 | HD ] G:.Spotlight-V100
    [12/09/2013 – 15:48:36 | D ] G:COURS FRANCAIS
    [14/09/2013 – 11:14:50 | D ] G:Nueva carpeta
    [13/05/2013 – 21:00:48 | D ] G:1. PRIMERO DE MAYO
    [22/09/2013 – 18:34:16 | D ] G:Sophie Morin?
    [03/10/2013 – 16:24:42 | N | 290620] G:SEGURO (1).pdf
    [12/05/2013 – 14:22:52 | N | 491805] G:PAPANTLA PLAN Y DIAGNÓSTICO.PDF
    [12/05/2013 – 14:38:32 | N | 13282] G:http.docx
    [13/05/2013 – 20:59:56 | D ] G:RUTA PAPANTLA-1 DE MAYO
    [13/05/2013 – 21:00:16 | D ] G:PAPANTLA
    [13/05/2013 – 21:09:00 | D ] G:4. PUEBLILLO
    [13/05/2013 – 21:10:32 | D ] G:3. MARTINICAS
    [13/05/2013 – 21:15:06 | D ] G:5. ARROLLO COLORADO
    [13/05/2013 – 21:43:22 | N | 14952] G:carta presentacion Elias Garcia Martinez.docx
    [15/05/2013 – 11:39:18 | D ] G:6. SOLTEROS DE JUAN ROSAS
    [13/05/2013 – 21:03:30 | D ] G:2. CUYUXQUIHUI
    [15/05/2013 – 11:43:22 | D ] G:7. MONTAÑAS DE ZARAGOZA
    [15/05/2013 – 11:44:50 | D ] G:8. SAN RAFAEL-CALLE GRANDE
    [15/05/2013 – 11:45:24 | D ] G:9. GAYA
    [15/05/2013 – 19:30:48 | N | 123106] G:reserva ecologica.jpg
    [16/05/2013 – 19:34:24 | N | 110489] G:DR_anexo.pdf

    ################## | Vaccin |

    G:Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2c7v3o09]

    Tu crois que c’est tout bon maintenant? Il faut que je fasse quelque chose d’autre?

    Muchisimas gracias!!
    Sophie :bravo1:

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    il en reste refais l’option Scan|Kill de Pre_Scan en mode sans echec

  • Sofia
    Participant
    Nombre d'articles : 13

    Voilà le rapport de scan kill en mode sans echec avec tout bien branché:

    [spoiler:xbgawgcq]¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1031.4 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ~ ¤¤¤¤¤ XP | Vista | 7 | 8 – 32/64 bits ¤¤¤¤¤ – Start 15:58:53

    ~ Update on 31/10/2013 | 21.30 by g3n-h@ckm@n
    ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/” onclick=”window.open(this.href);return false;
    ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/” onclick=”window.open(this.href);return false;
    ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/” onclick=”window.open(this.href);return false;

    ~ [AMB (Administrator)] – [RS]
    ~ SID = S-1-5-21-3529130228-2139803319-912275503-1001

    ~ System : Windows 8 Single Language (64 bits) CoreSingleLanguage
    ~ ProcessorNameString : AMD E-450 APU with Radeon(tm) HD Graphics
    ~ Identifier : AMD64 Family 20 Model 2 Stepping 0

    ~ Memory RAM = Total (MB) : 3761 | Free (MB) : 2696
    ~ Pagefile = Total (MB) : 4417 | Free (MB) : 3169
    ~ Virtual = Total (MB) : 4194 | Free (MB) : 4061

    ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

    ¤¤¤¤¤¤¤¤¤¤ | Drives

    c:-> [Fixed] | [OS] | Total : 190780 Mo | Free : 61660 Mo -> NTFS
    d:-> [Fixed] | [Data] | Total : 264650 Mo | Free : 264530 Mo -> NTFS
    f:-> [Fixed] | [My Passport] | Total : 305220 Mo | Free : 124560 Mo -> NTFS
    g:-> [Removable] | [ADATA UFD] | Total : 3810 Mo | Free : 1570 Mo -> FAT32

    ¤¤¤¤¤¤¤¤¤¤ | Windows Updates

    No windows updates detected !!!

    ¤¤¤¤¤¤¤¤¤¤ | Sessions

    ~ C:Windowssystem32configsystemprofile
    ~ C:WindowsServiceProfilesLocalService
    ~ C:WindowsServiceProfilesNetworkService
    ~ C:UsersAMB
    ~ C:UsersAdministrator

    New restorepoint created

    Standby deleted !

    ¤¤¤¤¤¤¤¤¤¤ | stopped Processes

    (900) — atiesrxx.exe
    (1264) — AsLdrSrv.exe
    (1352) — GFNEXSrv.exe
    (1428) — spoolsv.exe
    (1636) — armsvc.exe
    (1656) — InsOnSrv.exe
    (2020) — mbamscheduler.exe
    (2156) — ViakaraokeSrv.exe
    (2988) — SearchIndexer.exe
    (4164) — BatteryLife.exe
    (1576) — taskhostex.exe
    (4904) — HControl.exe
    (2748) — USBChargerPlus.exe
    (4912) — InsOnWMI.exe
    (500) — mbamgui.exe
    (4520) — explorer.exe
    (3668) — atieclxx.exe
    (3576) — KBFiltr.exe
    (3904) — DMedia.exe
    (2164) — ATKOSD2.exe
    (5100) — AsusTPLoader.exe
    (4212) — QuickGesture64.exe
    (660) — QuickGesture.exe
    (4000) — AsusTPCenter.exe
    (5024) — AsusTPHelper.exe
    (600) — VDeck.exe
    (408) — PDVD10Serv.exe
    (2960) — MOM.exe
    (880) — CCC.exe
    (684) — MMLoadDrv.exe

    Boot : Normal

    ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !

    ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine

    Repaired : [HKLMSOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionWinlogon]|[userinit] : C:WindowsSysWOW64Userinit.exe, -> C:WindowsSystem32userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤ | Associations

    Repaired : [HKCRApplication.Manifestshellopencommand] : “C:WindowsSystem32rundll32.exe” “C:WindowsSystem32dfshim.dll”,ShOpenVerbApplication %1 -> rundll32.exe dfshim.dll,ShOpenVerbApplication %1
    Repaired : [HKCRApplication.Referenceshellopencommand] : “C:WindowsSystem32rundll32.exe” “C:WindowsSystem32dfshim.dll”,ShOpenVerbShortcut %1|%2 -> rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
    Repaired : [HKCRFoldershellopencommand] : C:WindowsExplorer.exe -> C:WindowsExplorer.exe

    ¤

    Repaired : [HKLMSoftwareClientsStartMenuInternetIExplore.exeshellopencommand] : C:Program FilesInternet Exploreriexplore.exe -> “C:Program Files (x86)Internet Exploreriexplore.exe”

    ¤¤¤¤¤¤¤¤¤¤ | Registry

    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionpoliciesExplorer]|[NoDriveTypeAutoRun] : 0 -> 145
    Repaired : [HKUS-1-5-21-3529130228-2139803319-912275503-1001softwareMicrosoftWindowsCurrentVersionExplorerAdvanced]|[Hidden] : 2 -> 0
    Repaired : [HKUS-1-5-21-3529130228-2139803319-912275503-1001softwareMicrosoftWindowsCurrentVersionPoliciesExplorer]|[NoDriveTypeAutoRun] : 0 -> 145

    ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access

    ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

    Safeboot Keys are O.K

    Alternate shell is OK !

    ¤

    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBasicDisplay.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBasicRender.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimaldxgkrnl.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimalFsDepends.sys] : Driver
    Repaired : [HKLM | Minimalvga.sys] : -> Driver
    Repaired : [HKLM | Minimalvgasave.sys] : -> Driver

    ¤

    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootNetworkVirtualSmartcardReader] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootNetworkBasicDisplay.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootNetworkBasicRender.sys] : Driver
    Repaired : [HKLM | Networkvga.sys] : -> Driver
    Repaired : [HKLM | Networkvgasave.sys] : -> Driver

    ¤¤¤¤¤¤¤¤¤¤ | IFEO

    ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

    ¤¤¤¤¤¤¤¤¤¤ | Windows

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf]|[] : @SYS:DoesNotExist
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingsystem.iniBoot]|[Shell] : SYS:MicrosoftWindows NTCurrentVersionWinlogon

    Winsrv : OK !

    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[AppInit_DLLS] :
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[LoadAppInit_DLLs] : 0

    [HKLMSOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionWindows]|[AppInit_DLLS] :
    [HKLMSOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionWindows]|[LoadAppInit_DLLs] : 0

    ¤¤¤¤¤¤¤¤¤¤ | Security Center

    [HKLMSOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
    [HKLMSOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]|[DisableMonitoring] : 1

    ¤¤¤¤¤¤¤¤¤¤ | Services Corrections

    Repaired : [HKLM | ServicesPlugPlay] : 3 -> 2
    Repaired : [HKLM | Servicesagp440] : 0 -> 2
    Repaired : [HKLM | ServicesBits] : 3 -> 2
    Repaired : [HKLM | ServicesEapHost] : 3 -> 2
    Repaired : [HKLM | ServicesSharedAccess] : 4 -> 2
    Repaired : [HKLM | Serviceswindefend] : 3 -> 2
    Repaired : [HKLM | Serviceswuauserv] : 3 -> 2
    Repaired : [HKLM | Serviceswudfsvc] : 3 -> 2
    Repaired : [HKLM | ServicesWerSvc] : 3 -> 2

    ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

    Repaired : [HKUS-1-5-21-3529130228-2139803319-912275503-1001SoftwareMicrosoftInternet ExplorerMain]|[Start Page] : http://asus13.msn.com” onclick=”window.open(this.href);return false; -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Repaired : [HKUS-1-5-21-3529130228-2139803319-912275503-1001SoftwareMicrosoftInternet ExplorerMain]|[Local Page] : C:Windowssystem32blank.htm -> C:WindowsSysWOW64blank.htm
    Repaired : [HKUS-1-5-21-3529130228-2139803319-912275503-1001SoftwareMicrosoftInternet ExplorerMain]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896” onclick=”window.open(this.href);return false; -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch” onclick=”window.open(this.href);return false;
    Repaired : [HKLMSoftwareMicrosoftInternet ExplorerMain]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141” onclick=”window.open(this.href);return false; -> http://go.microsoft.com/fwlink/?LinkId=69157” onclick=”window.open(this.href);return false;
    Repaired : [HKLMSoftwareMicrosoftInternet ExplorerMain]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141” onclick=”window.open(this.href);return false; -> http://go.microsoft.com/fwlink/?LinkId=69157” onclick=”window.open(this.href);return false;

    ¤

    Repaired : [HKUS-1-5-21-3529130228-2139803319-912275503-1001SoftwareMicrosoftWindowsCurrentVersionInternet settings]|[WarnonZoneCrossing] : 0 -> 1

    ¤¤¤¤¤¤¤¤¤¤ | Hosts

    C:WindowsSystem32Driversetchosts : Cleaned

    ¤¤¤¤¤¤¤¤¤¤ | reparsepoint

    ¤¤¤¤¤¤¤¤¤¤ | Offsets detection

    ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

    Removed : C:$Recycle.binS-1-5-21-3529130228-2139803319-912275503-1001

    Moved to quarantine successfully : C:UsersAll UsersSetStretch.cmd
    Moved to quarantine successfully : C:UsersAll UsersSetStretch.exe
    Moved to quarantine successfully : C:UsersAdministratorAppDataLocalIconCache.db
    Moved to quarantine successfully : C:UsersAMBAppDataLocalIconCache.db
    Moved to quarantine successfully : C:UsersAMBDownloadsSetup.X86.es-ES_O365HomePremRetail_932cffbd-27f5-46f1-9e33-db10ac905fbe_TX_PR_.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsCreativeCloudSet-Up.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsMCPR.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsFirefox Setup 24.0.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsApache_OpenOffice_4.0.1_Win_x86_install_es.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsPDFCreatorWebSetup.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsThunderbird Setup 24.0.1.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsvlc-2.1.0-win32.exe
    Moved to quarantine successfully : C:UsersAMBDownloadsmbam-setup-1.75.0.1300.exe
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1031.4 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ~ ¤¤¤¤¤ XP | Vista | 7 | 8 – 32/64 bits ¤¤¤¤¤ – Start 18:28:38

    ~ Update on 31/10/2013 | 21.30 by g3n-h@ckm@n
    ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/” onclick=”window.open(this.href);return false;
    ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/” onclick=”window.open(this.href);return false;
    ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/” onclick=”window.open(this.href);return false;

    ~ [AMB (Administrator)] – [RS]
    ~ SID = S-1-5-21-3529130228-2139803319-912275503-1001

    ~ System : Windows 8 Single Language (64 bits) CoreSingleLanguage
    ~ ProcessorNameString : AMD E-450 APU with Radeon(tm) HD Graphics
    ~ Identifier : AMD64 Family 20 Model 2 Stepping 0

    ~ Memory RAM = Total (MB) : 3761 | Free (MB) : 3253
    ~ Pagefile = Total (MB) : 7563 | Free (MB) : 7088
    ~ Virtual = Total (MB) : 4194 | Free (MB) : 4061

    ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

    ¤¤¤¤¤¤¤¤¤¤ | Drives

    c:-> [Fixed] | [OS] | Total : 190780 Mo | Free : 52070 Mo -> NTFS
    d:-> [Fixed] | [Data] | Total : 264650 Mo | Free : 264530 Mo -> NTFS
    f:-> [Fixed] | [My Passport] | Total : 305220 Mo | Free : 124570 Mo -> NTFS
    g:-> [Removable] | [ADATA UFD] | Total : 3810 Mo | Free : 1580 Mo -> FAT32

    ¤¤¤¤¤¤¤¤¤¤ | Windows Updates

    No windows updates detected !!!

    ¤¤¤¤¤¤¤¤¤¤ | Sessions

    ~ C:Windowssystem32configsystemprofile
    ~ C:WindowsServiceProfilesLocalService
    ~ C:WindowsServiceProfilesNetworkService
    ~ C:UsersAMB
    ~ C:UsersAdministrator

    New restorepoint created

    Standby deleted !

    ¤¤¤¤¤¤¤¤¤¤ | stopped Processes

    (376) — explorer.exe
    (340) — ctfmon.exe

    Boot : Safemode

    ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !

    ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine

    Repaired : [HKLMSOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionWinlogon]|[userinit] : C:WindowsSysWOW64Userinit.exe, -> C:WindowsSystem32userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤ | Associations

    ¤

    ¤¤¤¤¤¤¤¤¤¤ | Registry

    Repaired : [HKLMsoftwareMicrosoftWindowsCurrentVersionpoliciesExplorer]|[NoDriveTypeAutoRun] : 0 -> 145
    Repaired : [HKUS-1-5-21-3529130228-2139803319-912275503-1001softwareMicrosoftWindowsCurrentVersionPoliciesExplorer]|[NoDriveTypeAutoRun] : 0 -> 145

    ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access

    ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

    Safeboot Keys are O.K

    Alternate shell is OK !

    ¤

    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBasicDisplay.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBasicRender.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimaldxgkrnl.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootMinimalFsDepends.sys] : Driver

    ¤

    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootNetworkVirtualSmartcardReader] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootNetworkBasicDisplay.sys] : Driver
    Cannot repair ! [HKLMSYSTEMCurrentControlSetControlSafeBootNetworkBasicRender.sys] : Driver

    ¤¤¤¤¤¤¤¤¤¤ | IFEO

    ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

    ¤¤¤¤¤¤¤¤¤¤ | Windows

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf]|[] : @SYS:DoesNotExist
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingsystem.iniBoot]|[Shell] : SYS:MicrosoftWindows NTCurrentVersionWinlogon

    Winsrv : OK !

    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[AppInit_DLLS] :
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]|[LoadAppInit_DLLs] : 0

    [HKLMSOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionWindows]|[AppInit_DLLS] :
    [HKLMSOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionWindows]|[LoadAppInit_DLLs] : 0

    ¤¤¤¤¤¤¤¤¤¤ | Security Center

    [HKLMSOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
    [HKLMSOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]|[DisableMonitoring] : 1

    ¤¤¤¤¤¤¤¤¤¤ | Services Corrections

    Repaired : [HKLM | ServicesPlugPlay] : 3 -> 2
    Repaired : [HKLM | Servicesagp440] : 0 -> 2
    Repaired : [HKLM | ServicesBits] : 3 -> 2
    Repaired : [HKLM | ServicesEapHost] : 3 -> 2
    Repaired : [HKLM | ServicesSharedAccess] : 4 -> 2
    Repaired : [HKLM | Serviceswindefend] : 3 -> 2
    Repaired : [HKLM | Serviceswuauserv] : 3 -> 2
    Repaired : [HKLM | Serviceswudfsvc] : 3 -> 2
    Repaired : [HKLM | ServicesWerSvc] : 3 -> 2

    ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

    Browsers settings for Users : OK

    Browsers settings for Machine : OK

    ¤

    Hijack.Internet : OK

    ¤¤¤¤¤¤¤¤¤¤ | Hosts

    C:WindowsSystem32Driversetchosts : Cleaned

    ¤¤¤¤¤¤¤¤¤¤ | reparsepoint

    ¤¤¤¤¤¤¤¤¤¤ | Offsets detection

    ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

    Removed : C:$Recycle.binS-1-5-21-3529130228-2139803319-912275503-1001

    Moved to quarantine successfully : C:UsersAMBAppDataLocalTempSDIAG_be17edce-fbc5-4b0b-8eca-1176d871556eNetworkDiagnosticSnapIn.dll
    Moved to quarantine successfully : C:UsersAMBAppDataLocalIconCache.db

    Moved to quarantine successfully : C:Windowsassemblytmp

    Prefetch -> Emptied

    Disinfected : C:UsersAMBDesktopUsbFix Ayudar el autor.lnk : C:Program Files (x86)Internet Exploreriexplore.exe (hxxp://www.usbfix.net/es/ayudar-el-autor/)

    Suspect : C:WindowsMEMORY.DMP

    D: : Vaccinated (Vaccin created by Pre_Scan)
    F: : Vaccinated (Vaccin created by Pre_Scan)
    G: : Vaccinated (Vaccin created by Usbfix)

    ¤¤¤¤¤¤¤¤¤¤ | Hidden files

    ~ [Drive F:] : Hidden : 1248 | Restored : 1248
    ~ [Drive G:] : Hidden : 5 | Restored : 5
    ~ [Program Files] : Hidden : 4 | Restored : 4
    ~ [Users] : Hidden : 2 | Restored : 2
    ~ [Documents] : Hidden : 7 | Restored : 7
    ~ [Searches] : Hidden : 2 | Restored : 2
    ~ [Windows] : Hidden : 80 | Restored : 78
    ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
    ~ [AppData] : Hidden : 9 | Restored : 9

    ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

    Disk: 0 Size=477G
    Pos MBRndx Type/Name Size Active Hide Start Sector Sectors



    —-


    —-



    0 0 EE-UNKNWN 477G No No 1 976,773,167

    ¤¤¤¤¤¤¤¤¤¤

    [HKLM64 | Winlogon]|[AutoRestartShell] : 1

    End : 19:24:47

    Standby Restored !
    ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ – 446[/spoiler:xbgawgcq]
    Alors, il en reste encore?
    Bonne nuit!
    :dodo10:

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    hello , good !

    refais un diag stp (heberge le rapport sur sosupload et donne le lien)

  • Sofia
    Participant
    Nombre d'articles : 13

    Hola, désolée pour le retard, je n’étais pas chez moi aujourd’hui…

    Voilà le rapport de diag de Pre scan, en mode sans echec, avec tout bien branché

    http://cjoint.com/13nv/CKdhqcVTTeV.htm” onclick=”window.open(this.href);return false;

    Y’a encore des virus bien accrochés ou c’est tout bon?
    :merci2:

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    hello 😀

    nan c’est bon tu peux faire le ménage 😀

    http://www.security-helpzone.com/gen-hackman/nettoyage-en-fin-de-desinfection/” onclick=”window.open(this.href);return false;

  • Sofia
    Participant
    Nombre d'articles : 13

    Voilà le rapport de Del fix:
    [spoiler:28vu6oxv]# DelFix v10.4 – Logfile created 03/11/2013 at 11:08:40
    # Updated 19/07/2013 by Xplode
    # Username : AMB – RS
    # Operating System : Windows 8 Single Language (64 bits)

    ~ Activating UAC … OK

    ~ Removing disinfection tools …

    Deleted : C:USBFix
    Deleted : C:pre_scan
    Deleted : C:ProgramDataMicrosoftWindowsStart MenuProgramsZHP
    Deleted : C:Program Files (x86)ZHPDiag
    Deleted : C:PhysicalDisk0_MBR.bin
    Deleted : C:Pre_Diag_03_11_2013_00_01_44.txt
    Deleted : C:Pre_Diag_31_10_2013_18_20_05.txt
    Deleted : C:Pre_Scan_01_11_2013_19_24_49.txt
    Deleted : C:UsbFix [Clean 1] RS.txt
    Deleted : C:UsbFix [Clean 2] RS.txt
    Deleted : C:UsbFix [Clean 3] RS.txt
    Deleted : C:UsersAMBDesktopadwcleaner.exe
    Deleted : C:UsersAMBDesktopAdwCleaner[S0].txt
    Deleted : C:UsersAMBDesktoplogiciel1.txt
    Deleted : C:UsersAMBDesktopPre_Diag_31_10_2013_18_20_05.txt
    Deleted : C:UsersAMBDesktopPre_Scan.exe
    Deleted : C:UsersAMBDesktopUsbFix Ayudar el autor.lnk
    Deleted : C:UsersAMBDesktopUsbFix [Clean 2] RS.txt
    Deleted : C:UsersAMBDesktopUsbFix [Clean 3] RS.txt
    Deleted : C:UsersAMBDesktopUsbFix.exe
    Deleted : C:UsersAMBDesktopZHPDiag.lnk
    Deleted : C:UsersAMBDesktopZHPDiag.txt
    Deleted : C:UsersAMBDesktopZHPDiag2.exe
    Deleted : C:UsersAMBDesktopZHPFix.lnk
    Deleted : HKCUSoftwareg3n-h@ckm@n
    Deleted : HKCUSoftwareUSBFix
    Deleted : HKLMSOFTWAREAdwCleaner
    Deleted : HKLMSOFTWAREg3n-h@ckm@n
    Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallUSBFix
    Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallZHPDiag_is1

    ~ Creating registry backup … OK

    ~ Cleaning system restore …

    Deleted : RP #4 [Punto de control programado | 10/30/2013 01:24:17]
    Deleted : RP #5 [Windows Update | 10/30/2013 01:24:47]
    Deleted : RP #6 [Eliminación del paquete de idioma | 10/31/2013 15:41:53]
    Deleted : RP #7 [Eliminación del paquete de idioma | 11/01/2013 22:01:49]
    Deleted : RP #8 [Installed Java 7 Update 45 | 11/03/2013 16:58:38]

    New restore point created !

    ~ Resetting system settings … OK

    ########## – EOF – ##########[/spoiler:28vu6oxv]
    Dernières petites questions: il me semble que certains dossiers/fichiers ont étés créés sur ma clef USB et DDE… Sont-ils importants? Puis-je les effacer?

    -Sur USB: “.Trashes” (dossier), “.Spotlight-V100” (dossier), “.fseventsd” (dossier), “BOOTEX.LOG” (fichier), “._.Trashes” (fichier), “_disk_id.pod” (fichier)

    -Sur DDE: “$AVG” (dossier), “Autorun.inf” (dossier), “buda_vfs.img” (fichier), “Thumbs.db” (fichier)

    Sinon un énorme MERCI à toi et à tous les contributeurs de ce site!! Longue vie à SOS virus!!
    :bravo1: :alcool:

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    pour ceux sur usb tu peux les supprimer mais ils reviendront dès que tu brancheras la clé sur un Mac

    ==

    mais normalement tu devrais pas les voir ce sont des fichiers/dossiers cachés.

    faut que tu remettes les dossiers/fichiers cachés en caché ^^

  • Sofia
    Participant
    Nombre d'articles : 13

    Ok!…

    Et bien merci pour tout, j’essairai de suivre les conseils de sécurité, je recommenderai le site et dès que je peux je ferai un don parceque c’est quand même bien cool ce que vous faites!

    Un abrazo desde México!
    :bye:

    Ps: comentkonfait pour mettre le sujet en résolu?

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8426

    je m’en occupe 🙂

    bises de (Valence) france 🙂

Le sujet ‘Infection virus PC + USB + DDE’ est fermé à de nouvelles réponses.