Mon pc endommage mes clés usb, mes fichiers sont transformés en raccourcis 2014-07-22T12:37:21+00:00

SOSVirus : Dépannage PC Gratuit Support Aide à la désinfection – Forum Virus Sécurité Mon pc endommage mes clés usb, mes fichiers sont transformés en raccourcis

  • Auteur
    Messages
  • seneque55
    Post count: 0

    Bonjour,
    Je suis nouveau sur votre forum, prière de m’apporter de l’aide.
    Merci++++
    BBcode[quote][spoiler:2rbs2tdv]Malwarebytes Anti-Malware
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Scan Date: 22/07/2014
    Scan Time: 12:56:07
    Logfile: scan.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.22.03
    Rootkit Database: v2014.07.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Bougrine

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 378662
    Time Elapsed: 20 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)~ Rapport de ZHPDiag v2014.6.25.98 – Nicolas Coolman (25/06/2014)
    ~ Lancé par Bougrine (22/07/2014 12:30:31)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17207 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : HYRR2
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft Security Client v4.5.0216.0
    Windows Defender W7 (Deactivate)

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 14 Plugin
    Adobe Reader XI
    Java 7 Update 65

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1279 MB (39% free)
    System Restore: Activé (Enable)
    System drive C: has 15 GB (28%) free of 52 GB

    —\ Mode de connexion au système
    ~ Computer Name: BOUGRINE-PC
    ~ User Name: Bougrine
    ~ All Users Names: Ines Bougrine, HomeGroupUser$, Bougrine, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersBougrineAppDataRoamingZHP
    ~ %AppData% : C:UsersBougrineAppDataRoaming
    ~ %Desktop% : C:UsersBougrineDesktop
    ~ %Favorites% : C:UsersBougrineFavorites
    ~ %LocalAppData% : C:UsersBougrineAppDataLocal
    ~ %StartMenu% : C:UsersBougrineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 15 Go of 52 Go)
    D: CD-ROM drive (Not Inserted)
    E: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 05:30:54.) — C:WindowsExplorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 01:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.CCC198257901BEEA2FBF8EB1E7678356] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 22:13:59.) — C:WindowsSystem32wininet.dll [1791488]
    [MD5.998507B046BA314CE8245364C686FA67] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 09:17:02.) — C:WindowsSystem32Winlogon.exe [304128]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 12:21:24.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.D0B388DA1D111A34366E04EB4A5DD156] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 06:36:07.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 01:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/07/2009 – 23:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 08:38:10.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 08:42:32.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 09:59:29.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.13/07/2009 – 23:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.13/07/2009 – 23:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 02:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 08:39:44.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.C8DFF8D07755A66C7A4A738930F0FEAC] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 02:18:22.) — C:Windowssystem32Driversntfs.sys [1212352]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/07/2009 – 23:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/07/2009 – 23:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.B973FCFC50DC1434E1970A146F7E3885] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 10:24:46.) — C:Windowssystem32Driversrdpdr.sys [133632]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.13/07/2009 – 23:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 08:39:17.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 12:30:16.) — C:Windowssystem32Driversvolsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 3/736
    ~ Mes musiques (My Musics) : 1/36
    ~ Mes Favoris (My Favorites) : 1/82
    ~ Mes Documents (My Documents) : 4/185
    ~ Mon Bureau (My Desktop) : 2/1294
    ~ Menu demarrer (Programs) : 1/32
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembam.exe [6970168] [PID.3020]
    [MD5.DD15C00E74B0F4BC80B274EE1B59EEB7] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe [311616] [PID.3152]
    [MD5.1DE859B82E381A645C44284A5044BC33] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [256896] [PID.3216]
    [MD5.27DECE3A80717098AB1F1436F3DC4C87] – (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe [1564992] [PID.3364]
    [MD5.760ACD103FFB86AD65DC41CDEB08ABCF] – (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe [578560] [PID.2940]
    [MD5.646A34526CC33BE4CA933C5680D80B48] – (.Nokia – Nokia Suite.) — C:Program FilesNokiaNokia SuiteNokiaSuite.exe [1090912] [PID.2352]
    [MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] – (.Nokia – Microsoft Bluetooth Media Server.) — C:Program FilesPC Connectivity SolutionTransportsNclMSBTSrvEx.exe [158032] [PID.3032]
    [MD5.CD900EFB4F8946A2BB1950D9F45915C2] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [812216] [PID.3844]
    [MD5.C8BC9A2DC599F1A52DC6B42FDD47B01E] – (.Adobe Systems Incorporated – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil32_14_0_0_145_ActiveX.exe [851632] [PID.3232]
    [MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8071680] [PID.2376]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    P2 – FPN: [HKLM] [@nokia.com/EnablerPlugin] – (.Pas de propriétaire – Nokia Suite Enabler Plugin.) — C:Program FilesNokiaNokia SuitenpNokiaSuiteEnabler.dll
    ~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = preserve
    ~ IE Browser: 11 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [APSDaemon] C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe (.not file.)
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..RunOnce: [Malwarebytes Anti-Malware (cleanup)] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe
    O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
    O4 – HKCU..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
    O4 – HKCU..Run: [NokiaSuite.exe] . (.Nokia – Nokia Suite.) — C:Program FilesNokiaNokia SuiteNokiaSuite.exe
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3743128526-456646245-3591239297-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
    O4 – HKUSS-1-5-21-3743128526-456646245-3591239297-1000..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
    O4 – HKUSS-1-5-21-3743128526-456646245-3591239297-1000..Run: [NokiaSuite.exe] . (.Nokia – Nokia Suite.) — C:Program FilesNokiaNokia SuiteNokiaSuite.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{2F5A1B33-7180-422A-B107-6796CAF6E6E0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{7A67DF44-56C4-412C-A44F-DC612F7A08DB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{9BEAC053-0AF2-4737-BD8D-90ADC9EDB2E6}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{2F5A1B33-7180-422A-B107-6796CAF6E6E0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{7A67DF44-56C4-412C-A44F-DC612F7A08DB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{9BEAC053-0AF2-4737-BD8D-90ADC9EDB2E6}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{2F5A1B33-7180-422A-B107-6796CAF6E6E0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{7A67DF44-56C4-412C-A44F-DC612F7A08DB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{9BEAC053-0AF2-4737-BD8D-90ADC9EDB2E6}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [5008] (…) — C:UsersBougrineAppDataLocalTemplaunchie.vbs \B (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{046AE570-2E5B-491D-9CF5-B93246B2F054}] (…) — C:UsersBougrineDesktop2261_ULi_Integrated220.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    ~ Scheduled Task: 4 Legitimates Filtered in 00mn 06s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Millprog 1.0.8 – (…) [HKLM] — Millprog_is1
    ~ Logic: 14 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAEK_KM2004@Yahoo.fr]
    [HKCUSoftwareVV]
    [HKCUSoftwareWSVCUPlugin]
    [HKCUSoftware로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
    [HKLMSoftwarePCTools]
    ~ Key Software: 198 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 12/05/2014 – 23:53:42 – [] —-D C:Program FilesFreeFixer
    O43 – CFD: 17/02/2014 – 12:02:19 – [] —-D C:Program FilesMillprog
    O43 – CFD: 05/02/2013 – 20:09:46 – [] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 10/11/2013 – 14:41:51 – [] —-D C:UsersBougrineAppDataRoamingFreeFixer
    O43 – CFD: 08/03/2014 – 15:12:56 – [0] —-D C:UsersBougrineAppDataRoaming{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
    O43 – CFD: 25/10/2013 – 11:42:32 – [] —-D C:UsersBougrineAppDataLocalFreeFixer
    O43 – CFD: 30/01/2014 – 11:41:17 – [] —-D C:UsersBougrineAppDataLocalIDA-STEP
    ~ Program Folder: 181 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.BD45CEB3EBB6832AE7997FA29468ACE1] – 21/07/2014 – 18:43:24 —A- . (…) — C:WindowsSystem32DriversTrueSight.sys [29160]
    O44 – LFC:[MD5.7D3096707F75B20DACD1364D825036C1] – 21/07/2014 – 18:58:18 —A- . (…) — C:Windowsntbtlog.txt [207562]
    O44 – LFC:[MD5.4BADBB38E1AF93FC1D9DC939F890E47D] – 21/07/2014 – 20:57:02 —A- . (…) — C:Windowsspwdrpf.INI [81]
    O44 – LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] – 22/07/2014 – 10:55:03 —A- . (.SQLite Development Team – SQLite Dynamic Link Library (No TCL).) — C:WindowsSystem32sqlite3.dll [536576]
    ~ Files: 76 Legitimates Filtered in 00mn 18s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:14/07/2009 – 01:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
    O58 – SDL:13/07/2009 – 22:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
    O58 – SDL:11/04/2014 – 08:39:22 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudbus.sys [89856]
    O58 – SDL:11/04/2014 – 08:39:22 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudmdm.sys [184192]
    O58 – SDL:24/07/2006 – 16:05:00 —A- . (…) — C:WindowsSystem32DriversStarOpen.sys [5632]
    O58 – SDL:14/07/2009 – 01:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
    O58 – SDL:21/07/2014 – 18:43:24 —A- . (…) — C:WindowsSystem32DriversTrueSight.sys [29160]
    O58 – SDL:31/12/2004 – 13:24:16 —A- . (.ULi Electronics Inc. – Driver for ULi PCI Fast Ethernet Controller.) — C:WindowsSystem32DriversULILAN.SYS [28160]
    O58 – SDL:30/06/2006 – 03:39:14 —A- . (.ULi Electronics Inc. – Driver for ULi PCI Fast Ethernet Controller.) — C:WindowsSystem32DriversULILAN32.SYS [30720]
    O58 – SDL:13/12/2012 – 14:50:38 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [45056]
    O58 – SDL:13/07/2009 – 21:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:13/07/2009 – 21:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:13/07/2009 – 21:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:13/07/2009 – 21:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:13/07/2009 – 21:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:13/07/2009 – 21:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:13/07/2009 – 21:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:13/07/2009 – 21:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:13/07/2009 – 21:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:13/07/2009 – 21:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:13/07/2009 – 21:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:13/07/2009 – 21:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:13/07/2009 – 21:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:13/07/2009 – 21:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:13/07/2009 – 21:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 90 Legitimates Filtered in 00mn 07s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 21/07/2014 – 12:32:02 —A- . (…) — C:UsersBougrineDesktopdocu-majidDownloadsRogueKiller.exe [4770904]
    O61 – LFC: 22/07/2014 – 12:32:02 —A- . (…) — C:UsersBougrineDesktopdocu-majidDownloadsAdwCleaner.exe [1354223]
    O61 – LFC: 22/07/2014 – 12:32:02 —A- . (…) — C:UsersBougrineDesktopdocu-majidDownloadsZHPCleaner.exe [1189888] =>.Nicolas Coolman
    ~ 159 Fichiers temporaires (Temporary files)
    ~ 630 Fichiers cookies (Cookies files)
    ~ Files: 12 Legitimates Filtered in 00mn 09s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    O63 – Logiciel: OTL – (.OldTimer.)
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 21/07/2014 – C:Windowssystem32driversTrueSight.sys (TrueSight) .(…) – LEGACY_TRUESIGHT
    ~ Legacy: 135 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} [DefaultScope] – (mail.ru: Поиск в Интернете) – http://go.mail.ru” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.3AF846C9C7F525634C165C919B3B3E40] [SPRF][04/03/2013] (…) — C:ProgramData1362424319.bdinstall.bin [1943080]
    [MD5.3546B982519E124A6F0643A9C7339845] [SPRF][07/03/2013] (…) — C:ProgramData1362676411.bdinstall.bin [230656]
    [MD5.1A57E166AC6223D7F6748A72040906A7] [SPRF][20/07/2014] (…) — C:ProgramDatantuser.dat [262144]
    [MD5.FFD4204C8E7BC929A4C44AFECCC04ADB] [SPRF][31/07/2013] (.Pas de propriétaire – bfldbdll DLL.) — C:UsersBougrineAppDataRoamingbfldb.dll [2171392]
    [MD5.4A928FF29E3E0CB9980C934D582DF131] [SPRF][31/07/2013] (.Pas de propriétaire – bfldongledll DLL.) — C:UsersBougrineAppDataRoamingbfldongle.dll [2248704]
    [MD5.465ECD2C96BEED42720D2522D8685B81] [SPRF][31/07/2013] (.Pas de propriétaire – bfluartdll DLL.) — C:UsersBougrineAppDataRoamingbfluart.dll [2265088]
    [MD5.B85BA511AC7F7883049D5A25904F5479] [SPRF][31/07/2013] (.Pas de propriétaire – bflusbldll DLL.) — C:UsersBougrineAppDataRoamingbflusb.dll [2416640]
    ~ Files: 9 Legitimates Filtered in 00mn 00s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREMicrosoftTracingupdatediamondata_RASAPI32 =>Hijacker.Diamondata
    HKLMSOFTWAREMicrosoftTracingupdatediamondata_RASMANCS =>Hijacker.Diamondata
    HKLMSOFTWAREMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
    ~ BTK: 219 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SS – | Demand 10/07/1658 0 | (WinRing0_1_2_0) . (…) – C:UsersBougrineAppDataLocalTemptmp1C1C.tmp
    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
    SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) – c:Program FilesMicrosoft Security ClientMsMpEng.exe
    SR – | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) – C:Program FilesPC Connectivity SolutionServiceLayer.exe
    SR – | Auto 07/02/2005 57344 | (SLService) . (…) – C:WindowsSystem32slserv.exe
    SR – | Auto 14/07/2009 20992 | C:Windowssystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 15/05/2008 61424 | ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.Cyberlink Corp..) – C:Program FilesCyberLinkPowerDVD800.fcl
    ~ Services: Scanned in 00mn 21s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Bougrine at 22/07/2014 12:33:00
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS aliide.sys PCIIDEX.SYS atapi.sys
    C:Windowssystem32driversaliide.sys Acer Laboratories Inc. ALi mini IDE Driver
    1 ntkrnlpa!IofCallDriver[0x8307BBBA] >> DeviceHarddisk0DR0[0x85B5C610]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 14 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Bougrine at 22/07/2014 12:33:02
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (25/06/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    C:ProgramDataInstallMate =>PUP.Tarma^
    ~ Additionnel Scan: 226383 Items scanned in 00mn 34s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ AMI: 2 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.fr/hijacker-diamondata” onclick=”window.open(this.href);return false; =>Hijacker.Diamondata
    ~ MSI: 2 link(s) detected in 00mn 00s

    ~ 840 Legitimates filtered by white list
    End of the scan (419 lines in 03mn 07s)(0)
    OTL Extras logfile created on: 20/07/2014 19:30:10 – Run 1
    OTL by OldTimer – Version 3.2.69.0 Folder = C:UsersBougrineDesktopdocu-majidDownloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) – Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17207)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1,25 Gb Total Physical Memory | 0,36 Gb Available Physical Memory | 28,71% Memory free
    2,50 Gb Paging File | 1,35 Gb Available in Paging File | 53,82% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 51,88 Gb Total Space | 14,74 Gb Free Space | 28,40% Space Free | Partition Type: NTFS

    Computer Name: BOUGRINE-PC | User Name: Bougrine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINESOFTWAREClasses]
    .cpl [@ = cplfile] — C:WindowsSystem32control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] — C:Windowswinhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
    batfile [open] — “%1” %*
    cmdfile [open] — “%1” %*
    comfile [open] — “%1” %*
    cplfile [cplopen] — %SystemRoot%System32control.exe “%1”,%* (Microsoft Corporation)
    exefile [open] — “%1” %*
    helpfile [open] — Reg Error: Key error.
    hlpfile [open] — %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] — “%1” %*
    inffile [install] — %SystemRoot%System32InfDefaultInstall.exe “%1” (Microsoft Corporation)
    piffile [open] — “%1” %*
    regfile [merge] — Reg Error: Key error.
    scrfile [config] — “%1”
    scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] — “%1” /S
    txtfile [edit] — Reg Error: Key error.
    Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –playlist-enqueue “%1” (VideoLAN)
    Directory [cmd] — cmd.exe /s /k pushd “%V” (Microsoft Corporation)
    Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –no-playlist-enqueue “%1” (VideoLAN)
    Folder [open] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Folder [explore] — Reg Error: Value error.
    Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
    “cval” = 1

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
    “VistaSp1” = Reg Error: Unknown registry data type — File not found
    “AntiVirusOverride” = 0
    “AntiSpywareOverride” = 0
    “FirewallOverride” = 0

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
    “EnableFirewall” = 1
    “DisableNotifications” = 0

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
    “EnableFirewall” = 1
    “DisableNotifications” = 0

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
    “EnableFirewall” = 1
    “DisableNotifications” = 0

    ========== Authorized Applications List ==========

    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{7D6C4434-B915-42BB-BECE-5095DD252B02}” = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    “{CB400326-D3ED-4649-985F-B1430EB6B3F2}” = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{3A1C0FF6-9654-444A-A19A-210BB2EC0714}” = dir=in | app=c:program fileswindows livecontactswlcomm.exe |
    “{3F90F1BF-22D5-445E-9270-18E24CD58068}” = dir=in | app=c:program fileswindows livemessengermsnmsgr.exe |
    “{7A095C05-E7F1-46E0-BD4D-9D8A7102A982}” = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe |
    “{D6E81CE7-93A4-45E3-B3C1-E7F0266B487A}” = dir=in | app=c:program filesnokianokia suitenokiasuite.exe |
    “TCP Query User{9964B6F6-C6ED-4035-A17F-841EA96AC9B6}C:program filesvideolanvlcvlc.exe” = protocol=6 | dir=in | app=c:program filesvideolanvlcvlc.exe |
    “UDP Query User{C26CF1CE-69A5-4691-9836-C46B177F911F}C:program filesvideolanvlcvlc.exe” = protocol=17 | dir=in | app=c:program filesvideolanvlcvlc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “{05E379CC-F626-4E7D-8354-463865B303BF}” = Windows Live UX Platform Language Pack
    “{0B0F231F-CE6A-483D-AA23-77B364F75917}” = Windows Live Installer
    “{111EE7DF-FC45-40C7-98A7-753AC46B12FB}” = QuickTime 7
    “{200FEC62-3C34-4D60-9CE8-EC372E01C08F}” = Windows Live SOXE Definitions
    “{26A24AE4-039D-4CA4-87B4-2F83217025FF}” = Java 7 Update 55
    “{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}” = CyberLink PowerDVD 8
    “{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}” = Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030
    “{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}” = Windows Live
    “{36A345C9-0691-45A1-AEEF-29ECEC8B5014}” = Microsoft Security Client
    “{4903D172-DCCB-392F-93A3-34CA9D47FE3D}” = Microsoft .NET Framework 4.5.1
    “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
    “{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}” = 32 Bit HP CIO Components Installer
    “{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM
    “{682B3E4F-696A-42DE-A41C-4C07EA1678B4}” = Windows Live SOXE
    “{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}” = PC Connectivity Solution
    “{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}” = MSVC80_x86_v2
    “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
    “{758C8301-2696-4855-AF45-534B1200980A}” = Samsung Kies
    “{83C292B7-38A5-440B-A731-07070E81A64F}” = Windows Live PIMT Platform
    “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
    “{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}” = MSVCRT
    “{90120000-0015-040C-0000-0000000FF1CE}” = Microsoft Office Access MUI (French) 2007
    “{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0016-040C-0000-0000000FF1CE}” = Microsoft Office Excel MUI (French) 2007
    “{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0018-040C-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (French) 2007
    “{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0019-040C-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (French) 2007
    “{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-001A-040C-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (French) 2007
    “{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-001B-040C-0000-0000000FF1CE}” = Microsoft Office Word MUI (French) 2007
    “{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-001F-0401-0000-0000000FF1CE}” = Microsoft Office Proof (Arabic) 2007
    “{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007
    “{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007
    “{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-040C-0000-0000000FF1CE}” = Microsoft Office Proof (French) 2007
    “{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0413-0000-0000000FF1CE}” = Microsoft Office Proof (Dutch) 2007
    “{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0C0A-0000-0000000FF1CE}” = Microsoft Office Proof (Spanish) 2007
    “{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-002C-040C-0000-0000000FF1CE}” = Microsoft Office Proofing (French) 2007
    “{90120000-0030-0000-0000-0000000FF1CE}” = Microsoft Office Enterprise 2007
    “{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0044-040C-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (French) 2007
    “{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-006E-040C-0000-0000000FF1CE}” = Microsoft Office Shared MUI (French) 2007
    “{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-00A1-040C-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (French) 2007
    “{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-00B2-040C-0000-0000000FF1CE}” = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
    “{90120000-00BA-040C-0000-0000000FF1CE}” = Microsoft Office Groove MUI (French) 2007
    “{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In
    “{92FB6C44-E685-45AD-9B20-CADF4CABA132} – 1033” = Microsoft .NET Framework 4.5.1
    “{92FB6C44-E685-45AD-9B20-CADF4CABA132} – 1036” = Microsoft .NET Framework 4.5.1 (Français)
    “{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting
    “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17
    “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161
    “{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}” = Windows Live Photo Common
    “{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}” = Windows Live Messenger
    “{AC76BA86-7AD7-1036-7B44-AB0000000001}” = Adobe Reader XI (11.0.03) – Français
    “{AF111648-99A1-453E-81DD-80DBBF6DAD0D}” = MSVC90_x86
    “{B175520C-86A2-35A7-8619-86DC379688B9}” = Microsoft Visual C++ 2012 x86 Additional Runtime – 11.0.61030
    “{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}” = Microsoft Visual C++ 2012 x86 Minimum Runtime – 11.0.61030
    “{C507986C-A83D-3F09-9099-5E1AF20BE648}” = Microsoft .NET Framework 4.5.1 (FRA)
    “{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}” = Windows Live ID Sign-in Assistant
    “{C893D8C0-1BA0-4517-B11C-E89B65E72F70}” = Windows Live Photo Common
    “{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}” = Windows Live UX Platform
    “{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}” = SAMSUNG USB Driver for Mobile Phones
    “{D45240D3-B6B3-4FF9-B243-54ECE3E10066}” = Windows Live Communications Platform
    “{E09C4DB7-630C-4F06-A631-8EA7239923AF}” = D3DX10
    “{E3B64CC5-C011-40C0-92BC-7316CD5E5688}” = Microsoft_VC100_CRT_SP1_x86
    “{E5B21F11-6933-4E0B-A25C-7963E3C07D11}” = Windows Live Messenger
    “{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}” = Nokia Suite
    “{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219
    “17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382” = Package de pilotes Windows – Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
    “Adobe Flash Player ActiveX” = Adobe Flash Player 14 ActiveX
    “Adobe Flash Player Plugin” = Adobe Flash Player 14 Plugin
    “Adobe Shockwave Player” = Adobe Shockwave Player 12.0
    “ENTERPRISE” = Microsoft Office Enterprise 2007
    “InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}” = CyberLink PowerDVD 8
    “InstallShield_{758C8301-2696-4855-AF45-534B1200980A}” = Samsung Kies
    “Microsoft Security Client” = Microsoft Security Essentials
    “Millprog_is1” = Millprog 1.0.8
    “Nokia Suite” = Nokia Suite
    “Usbfix” = UsbFix
    “VLC media player” = VLC media player 2.1.3
    “WinLiveSuite” = Windows Live
    “WinRAR archiver” = Archiveur WinRAR

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “MyFreeCodec” = MyFreeCodec

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error – 16/07/2014 16:47:04 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 16/07/2014 16:50:39 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 11328
    Description =

    Error – 16/07/2014 16:50:46 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 17/07/2014 08:04:20 | Computer Name = Bougrine-PC | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 11.0.9600.17207 a cessé d’interagir
    avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
    sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

    ID
    de processus : cb0 Heure de début : 01cfa1b68e7d4f24 Heure de fin : 23 Chemin d’accès
    de l’application : C:Program FilesInternet Exploreriexplore.exe ID de rapport
    :

    Error – 19/07/2014 22:35:32 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 19/07/2014 22:37:16 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 11328
    Description =

    Error – 19/07/2014 22:37:22 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 20/07/2014 06:40:03 | Computer Name = Bougrine-PC | Source = .NET Runtime | ID = 1026
    Description =

    Error – 20/07/2014 06:40:07 | Computer Name = Bougrine-PC | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante Kies.exe, version : 1.0.0.1821, horodatage
    : 0x5357afa9 Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409,
    horodatage : 0x531599f6 Code d’exception : 0xe0434352 Décalage d’erreur : 0x0000812f
    ID
    du processus défaillant : 0x910 Heure de début de l’application défaillante : 0x01cfa406e4365349
    Chemin
    d’accès de l’application défaillante : C:Program FilesSamsungKiesKies.exe Chemin
    d’accès du module défaillant: C:Windowssystem32KERNELBASE.dll ID de rapport :
    36a07411-0ffa-11e4-9d34-0040d084d65b

    Error – 20/07/2014 14:00:14 | Computer Name = Bougrine-PC | Source = Windows Backup | ID = 4103
    Description =

    [ OSession Events ]
    Error – 28/05/2013 06:45:45 | Computer Name = Bougrine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6175
    seconds with 60 seconds of active time. This session ended with a crash.

    Error – 23/08/2013 09:08:38 | Computer Name = Bougrine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2138
    seconds with 120 seconds of active time. This session ended with a crash.

    Error – 18/05/2014 08:59:24 | Computer Name = Bougrine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2494
    seconds with 1080 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error – 20/07/2014 12:30:01 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR3.

    Error – 20/07/2014 12:30:02 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR3.

    Error – 20/07/2014 12:30:02 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR3.

    Error – 20/07/2014 12:30:32 | Computer Name = Bougrine-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
    Description = Vérification du volume chiffré : impossible de lire les informations
    de volume sur E:.

    Error – 20/07/2014 14:31:25 | Computer Name = Bougrine-PC | Source = Disk | ID = 262151
    Description = Le périphérique DeviceHarddisk1DR4 comporte un bloc défectueux.

    Error – 20/07/2014 14:31:58 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:31:58 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:31:59 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:31:59 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:32:00 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    < End of report >
    ############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 13:32:44 | 22/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 525 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |(!) Non à jour]
    AS: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    E: -> Disque amovible # 970 Mo (970 Mo libre(s) – 100%) [] # FAT32

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32csrss.exe (ID: 340|ParentID: 332|Système)
    C:WindowsSystem32wininit.exe (ID: 388|ParentID: 332|Système)
    C:WindowsSystem32csrss.exe (ID: 400|ParentID: 380|Système)
    C:WindowsSystem32winlogon.exe (ID: 440|ParentID: 380|Système)
    C:WindowsSystem32services.exe (ID: 476|ParentID: 388|Système)
    C:WindowsSystem32lsass.exe (ID: 484|ParentID: 388|Système)
    C:WindowsSystem32lsm.exe (ID: 492|ParentID: 388|Système)
    C:WindowsSystem32svchost.exe (ID: 628|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 704|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 752|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 876|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 936|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 996|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1276|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 1344|ParentID: 476|SERVICE LOCAL)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1756|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 1492|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32dwm.exe (ID: 3252|ParentID: 936|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 3700|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 2648|ParentID: 476|Système)
    C:WindowsSystem32rundll32.exe (ID: 5120|ParentID: 628|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 5124|ParentID: 936|SERVICE LOCAL)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 5012|ParentID: 476|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 5980|ParentID: 5012|Système)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6092|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32SearchIndexer.exe (ID: 5856|ParentID: 476|Système)
    C:Windowsexplorer.exe (ID: 296|ParentID: 4748|Bougrine)
    C:WindowsSystem32spoolsv.exe (ID: 5392|ParentID: 476|Système)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2632|ParentID: 296|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 4224|ParentID: 476|Système)
    C:WindowsSystem32mqsvc.exe (ID: 4876|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesInternet Exploreriexplore.exe (ID: 3220|ParentID: 296|Bougrine)
    C:WindowsSystem32dllhost.exe (ID: 4164|ParentID: 628|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 1028|ParentID: 3220|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5456|ParentID: 3220|Bougrine)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 6088|ParentID: 628|Bougrine)
    C:UsbFixUsbFix.exe (ID: 1368|ParentID: 296|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    ################## | Registre |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:2rbs2tdv][code]BBcode

    Quote:
    [spoiler:2rbs2tdv]Malwarebytes Anti-Malware
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Scan Date: 22/07/2014
    Scan Time: 12:56:07
    Logfile: scan.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.22.03
    Rootkit Database: v2014.07.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Bougrine

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 378662
    Time Elapsed: 20 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)~ Rapport de ZHPDiag v2014.6.25.98 – Nicolas Coolman (25/06/2014)
    ~ Lancé par Bougrine (22/07/2014 12:30:31)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17207 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : HYRR2
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft Security Client v4.5.0216.0
    Windows Defender W7 (Deactivate)

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 14 Plugin
    Adobe Reader XI
    Java 7 Update 65

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1279 MB (39% free)
    System Restore: Activé (Enable)
    System drive C: has 15 GB (28%) free of 52 GB

    —\ Mode de connexion au système
    ~ Computer Name: BOUGRINE-PC
    ~ User Name: Bougrine
    ~ All Users Names: Ines Bougrine, HomeGroupUser$, Bougrine, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersBougrineAppDataRoamingZHP
    ~ %AppData% : C:UsersBougrineAppDataRoaming
    ~ %Desktop% : C:UsersBougrineDesktop
    ~ %Favorites% : C:UsersBougrineFavorites
    ~ %LocalAppData% : C:UsersBougrineAppDataLocal
    ~ %StartMenu% : C:UsersBougrineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 15 Go of 52 Go)
    D: CD-ROM drive (Not Inserted)
    E: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 05:30:54.) — C:WindowsExplorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 01:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.CCC198257901BEEA2FBF8EB1E7678356] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 22:13:59.) — C:WindowsSystem32wininet.dll [1791488]
    [MD5.998507B046BA314CE8245364C686FA67] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 09:17:02.) — C:WindowsSystem32Winlogon.exe [304128]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 12:21:24.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.D0B388DA1D111A34366E04EB4A5DD156] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 06:36:07.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 01:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/07/2009 – 23:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 08:38:10.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 08:42:32.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 09:59:29.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.13/07/2009 – 23:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.13/07/2009 – 23:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 02:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 08:39:44.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.C8DFF8D07755A66C7A4A738930F0FEAC] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 02:18:22.) — C:Windowssystem32Driversntfs.sys [1212352]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/07/2009 – 23:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/07/2009 – 23:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.B973FCFC50DC1434E1970A146F7E3885] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 10:24:46.) — C:Windowssystem32Driversrdpdr.sys [133632]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.13/07/2009 – 23:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 08:39:17.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 12:30:16.) — C:Windowssystem32Driversvolsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 3/736
    ~ Mes musiques (My Musics) : 1/36
    ~ Mes Favoris (My Favorites) : 1/82
    ~ Mes Documents (My Documents) : 4/185
    ~ Mon Bureau (My Desktop) : 2/1294
    ~ Menu demarrer (Programs) : 1/32
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembam.exe [6970168] [PID.3020]
    [MD5.DD15C00E74B0F4BC80B274EE1B59EEB7] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe [311616] [PID.3152]
    [MD5.1DE859B82E381A645C44284A5044BC33] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [256896] [PID.3216]
    [MD5.27DECE3A80717098AB1F1436F3DC4C87] – (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe [1564992] [PID.3364]
    [MD5.760ACD103FFB86AD65DC41CDEB08ABCF] – (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe [578560] [PID.2940]
    [MD5.646A34526CC33BE4CA933C5680D80B48] – (.Nokia – Nokia Suite.) — C:Program FilesNokiaNokia SuiteNokiaSuite.exe [1090912] [PID.2352]
    [MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] – (.Nokia – Microsoft Bluetooth Media Server.) — C:Program FilesPC Connectivity SolutionTransportsNclMSBTSrvEx.exe [158032] [PID.3032]
    [MD5.CD900EFB4F8946A2BB1950D9F45915C2] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [812216] [PID.3844]
    [MD5.C8BC9A2DC599F1A52DC6B42FDD47B01E] – (.Adobe Systems Incorporated – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil32_14_0_0_145_ActiveX.exe [851632] [PID.3232]
    [MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8071680] [PID.2376]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    P2 – FPN: [HKLM] [@nokia.com/EnablerPlugin] – (.Pas de propriétaire – Nokia Suite Enabler Plugin.) — C:Program FilesNokiaNokia SuitenpNokiaSuiteEnabler.dll
    ~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = preserve
    ~ IE Browser: 11 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [APSDaemon] C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe (.not file.)
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..RunOnce: [Malwarebytes Anti-Malware (cleanup)] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe
    O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
    O4 – HKCU..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
    O4 – HKCU..Run: [NokiaSuite.exe] . (.Nokia – Nokia Suite.) — C:Program FilesNokiaNokia SuiteNokiaSuite.exe
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3743128526-456646245-3591239297-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
    O4 – HKUSS-1-5-21-3743128526-456646245-3591239297-1000..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
    O4 – HKUSS-1-5-21-3743128526-456646245-3591239297-1000..Run: [NokiaSuite.exe] . (.Nokia – Nokia Suite.) — C:Program FilesNokiaNokia SuiteNokiaSuite.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{2F5A1B33-7180-422A-B107-6796CAF6E6E0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{7A67DF44-56C4-412C-A44F-DC612F7A08DB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{9BEAC053-0AF2-4737-BD8D-90ADC9EDB2E6}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{2F5A1B33-7180-422A-B107-6796CAF6E6E0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{7A67DF44-56C4-412C-A44F-DC612F7A08DB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{9BEAC053-0AF2-4737-BD8D-90ADC9EDB2E6}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{2F5A1B33-7180-422A-B107-6796CAF6E6E0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{7A67DF44-56C4-412C-A44F-DC612F7A08DB}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{9BEAC053-0AF2-4737-BD8D-90ADC9EDB2E6}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [5008] (…) — C:UsersBougrineAppDataLocalTemplaunchie.vbs \B (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{046AE570-2E5B-491D-9CF5-B93246B2F054}] (…) — C:UsersBougrineDesktop2261_ULi_Integrated220.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    ~ Scheduled Task: 4 Legitimates Filtered in 00mn 06s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Millprog 1.0.8 – (…) [HKLM] — Millprog_is1
    ~ Logic: 14 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAEK_KM2004@Yahoo.fr]
    [HKCUSoftwareVV]
    [HKCUSoftwareWSVCUPlugin]
    [HKCUSoftware로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
    [HKLMSoftwarePCTools]
    ~ Key Software: 198 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 12/05/2014 – 23:53:42 – [] —-D C:Program FilesFreeFixer
    O43 – CFD: 17/02/2014 – 12:02:19 – [] —-D C:Program FilesMillprog
    O43 – CFD: 05/02/2013 – 20:09:46 – [] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 10/11/2013 – 14:41:51 – [] —-D C:UsersBougrineAppDataRoamingFreeFixer
    O43 – CFD: 08/03/2014 – 15:12:56 – [0] —-D C:UsersBougrineAppDataRoaming{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
    O43 – CFD: 25/10/2013 – 11:42:32 – [] —-D C:UsersBougrineAppDataLocalFreeFixer
    O43 – CFD: 30/01/2014 – 11:41:17 – [] —-D C:UsersBougrineAppDataLocalIDA-STEP
    ~ Program Folder: 181 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.BD45CEB3EBB6832AE7997FA29468ACE1] – 21/07/2014 – 18:43:24 —A- . (…) — C:WindowsSystem32DriversTrueSight.sys [29160]
    O44 – LFC:[MD5.7D3096707F75B20DACD1364D825036C1] – 21/07/2014 – 18:58:18 —A- . (…) — C:Windowsntbtlog.txt [207562]
    O44 – LFC:[MD5.4BADBB38E1AF93FC1D9DC939F890E47D] – 21/07/2014 – 20:57:02 —A- . (…) — C:Windowsspwdrpf.INI [81]
    O44 – LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] – 22/07/2014 – 10:55:03 —A- . (.SQLite Development Team – SQLite Dynamic Link Library (No TCL).) — C:WindowsSystem32sqlite3.dll [536576]
    ~ Files: 76 Legitimates Filtered in 00mn 18s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:14/07/2009 – 01:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
    O58 – SDL:13/07/2009 – 22:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
    O58 – SDL:11/04/2014 – 08:39:22 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudbus.sys [89856]
    O58 – SDL:11/04/2014 – 08:39:22 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudmdm.sys [184192]
    O58 – SDL:24/07/2006 – 16:05:00 —A- . (…) — C:WindowsSystem32DriversStarOpen.sys [5632]
    O58 – SDL:14/07/2009 – 01:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
    O58 – SDL:21/07/2014 – 18:43:24 —A- . (…) — C:WindowsSystem32DriversTrueSight.sys [29160]
    O58 – SDL:31/12/2004 – 13:24:16 —A- . (.ULi Electronics Inc. – Driver for ULi PCI Fast Ethernet Controller.) — C:WindowsSystem32DriversULILAN.SYS [28160]
    O58 – SDL:30/06/2006 – 03:39:14 —A- . (.ULi Electronics Inc. – Driver for ULi PCI Fast Ethernet Controller.) — C:WindowsSystem32DriversULILAN32.SYS [30720]
    O58 – SDL:13/12/2012 – 14:50:38 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [45056]
    O58 – SDL:13/07/2009 – 21:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:13/07/2009 – 21:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:13/07/2009 – 21:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:13/07/2009 – 21:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:13/07/2009 – 21:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:13/07/2009 – 21:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:13/07/2009 – 21:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:13/07/2009 – 21:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:13/07/2009 – 21:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:13/07/2009 – 21:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:13/07/2009 – 21:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:13/07/2009 – 21:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:13/07/2009 – 21:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:13/07/2009 – 21:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:13/07/2009 – 21:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 90 Legitimates Filtered in 00mn 07s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 21/07/2014 – 12:32:02 —A- . (…) — C:UsersBougrineDesktopdocu-majidDownloadsRogueKiller.exe [4770904]
    O61 – LFC: 22/07/2014 – 12:32:02 —A- . (…) — C:UsersBougrineDesktopdocu-majidDownloadsAdwCleaner.exe [1354223]
    O61 – LFC: 22/07/2014 – 12:32:02 —A- . (…) — C:UsersBougrineDesktopdocu-majidDownloadsZHPCleaner.exe [1189888] =>.Nicolas Coolman
    ~ 159 Fichiers temporaires (Temporary files)
    ~ 630 Fichiers cookies (Cookies files)
    ~ Files: 12 Legitimates Filtered in 00mn 09s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net.&#41;” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    O63 – Logiciel: OTL – (.OldTimer.)
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 21/07/2014 – C:Windowssystem32driversTrueSight.sys (TrueSight) .(…) – LEGACY_TRUESIGHT
    ~ Legacy: 135 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} [DefaultScope] – (mail.ru: Поиск в Интернете) – http://go.mail.ru” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.3AF846C9C7F525634C165C919B3B3E40] [SPRF][04/03/2013] (…) — C:ProgramData1362424319.bdinstall.bin [1943080]
    [MD5.3546B982519E124A6F0643A9C7339845] [SPRF][07/03/2013] (…) — C:ProgramData1362676411.bdinstall.bin [230656]
    [MD5.1A57E166AC6223D7F6748A72040906A7] [SPRF][20/07/2014] (…) — C:ProgramDatantuser.dat [262144]
    [MD5.FFD4204C8E7BC929A4C44AFECCC04ADB] [SPRF][31/07/2013] (.Pas de propriétaire – bfldbdll DLL.) — C:UsersBougrineAppDataRoamingbfldb.dll [2171392]
    [MD5.4A928FF29E3E0CB9980C934D582DF131] [SPRF][31/07/2013] (.Pas de propriétaire – bfldongledll DLL.) — C:UsersBougrineAppDataRoamingbfldongle.dll [2248704]
    [MD5.465ECD2C96BEED42720D2522D8685B81] [SPRF][31/07/2013] (.Pas de propriétaire – bfluartdll DLL.) — C:UsersBougrineAppDataRoamingbfluart.dll [2265088]
    [MD5.B85BA511AC7F7883049D5A25904F5479] [SPRF][31/07/2013] (.Pas de propriétaire – bflusbldll DLL.) — C:UsersBougrineAppDataRoamingbflusb.dll [2416640]
    ~ Files: 9 Legitimates Filtered in 00mn 00s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREMicrosoftTracingupdatediamondata_RASAPI32 =>Hijacker.Diamondata
    HKLMSOFTWAREMicrosoftTracingupdatediamondata_RASMANCS =>Hijacker.Diamondata
    HKLMSOFTWAREMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
    ~ BTK: 219 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SS – | Demand 10/07/1658 0 | (WinRing0_1_2_0) . (…) – C:UsersBougrineAppDataLocalTemptmp1C1C.tmp
    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
    SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) – c:Program FilesMicrosoft Security ClientMsMpEng.exe
    SR – | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) – C:Program FilesPC Connectivity SolutionServiceLayer.exe
    SR – | Auto 07/02/2005 57344 | (SLService) . (…) – C:WindowsSystem32slserv.exe
    SR – | Auto 14/07/2009 20992 | C:Windowssystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 15/05/2008 61424 | ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.Cyberlink Corp..) – C:Program FilesCyberLinkPowerDVD800.fcl
    ~ Services: Scanned in 00mn 21s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Bougrine at 22/07/2014 12:33:00
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS aliide.sys PCIIDEX.SYS atapi.sys
    C:Windowssystem32driversaliide.sys Acer Laboratories Inc. ALi mini IDE Driver
    1 ntkrnlpa!IofCallDriver[0x8307BBBA] >> DeviceHarddisk0DR0[0x85B5C610]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 14 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Bougrine at 22/07/2014 12:33:02
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (25/06/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    C:ProgramDataInstallMate =>PUP.Tarma^
    ~ Additionnel Scan: 226383 Items scanned in 00mn 34s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ AMI: 2 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.fr/hijacker-diamondata” onclick=”window.open(this.href);return false; =>Hijacker.Diamondata
    ~ MSI: 2 link(s) detected in 00mn 00s

    ~ 840 Legitimates filtered by white list
    End of the scan (419 lines in 03mn 07s)(0)
    OTL Extras logfile created on: 20/07/2014 19:30:10 – Run 1
    OTL by OldTimer – Version 3.2.69.0 Folder = C:UsersBougrineDesktopdocu-majidDownloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) – Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17207)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1,25 Gb Total Physical Memory | 0,36 Gb Available Physical Memory | 28,71% Memory free
    2,50 Gb Paging File | 1,35 Gb Available in Paging File | 53,82% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 51,88 Gb Total Space | 14,74 Gb Free Space | 28,40% Space Free | Partition Type: NTFS

    Computer Name: BOUGRINE-PC | User Name: Bougrine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINESOFTWAREClasses]
    .cpl [@ = cplfile] — C:WindowsSystem32control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] — C:Windowswinhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
    batfile [open] — “%1” %*
    cmdfile [open] — “%1” %*
    comfile [open] — “%1” %*
    cplfile [cplopen] — %SystemRoot%System32control.exe “%1”,%* (Microsoft Corporation)
    exefile [open] — “%1” %*
    helpfile [open] — Reg Error: Key error.
    hlpfile [open] — %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] — “%1” %*
    inffile [install] — %SystemRoot%System32InfDefaultInstall.exe “%1” (Microsoft Corporation)
    piffile [open] — “%1” %*
    regfile [merge] — Reg Error: Key error.
    scrfile [config] — “%1”
    scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] — “%1” /S
    txtfile [edit] — Reg Error: Key error.
    Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –playlist-enqueue “%1” (VideoLAN)
    Directory [cmd] — cmd.exe /s /k pushd “%V” (Microsoft Corporation)
    Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –no-playlist-enqueue “%1” (VideoLAN)
    Folder [open] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Folder [explore] — Reg Error: Value error.
    Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
    “cval” = 1

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
    “VistaSp1” = Reg Error: Unknown registry data type — File not found
    “AntiVirusOverride” = 0
    “AntiSpywareOverride” = 0
    “FirewallOverride” = 0

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
    “EnableFirewall” = 1
    “DisableNotifications” = 0

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
    “EnableFirewall” = 1
    “DisableNotifications” = 0

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
    “EnableFirewall” = 1
    “DisableNotifications” = 0

    ========== Authorized Applications List ==========

    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{7D6C4434-B915-42BB-BECE-5095DD252B02}” = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    “{CB400326-D3ED-4649-985F-B1430EB6B3F2}” = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{3A1C0FF6-9654-444A-A19A-210BB2EC0714}” = dir=in | app=c:program fileswindows livecontactswlcomm.exe |
    “{3F90F1BF-22D5-445E-9270-18E24CD58068}” = dir=in | app=c:program fileswindows livemessengermsnmsgr.exe |
    “{7A095C05-E7F1-46E0-BD4D-9D8A7102A982}” = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe |
    “{D6E81CE7-93A4-45E3-B3C1-E7F0266B487A}” = dir=in | app=c:program filesnokianokia suitenokiasuite.exe |
    “TCP Query User{9964B6F6-C6ED-4035-A17F-841EA96AC9B6}C:program filesvideolanvlcvlc.exe” = protocol=6 | dir=in | app=c:program filesvideolanvlcvlc.exe |
    “UDP Query User{C26CF1CE-69A5-4691-9836-C46B177F911F}C:program filesvideolanvlcvlc.exe” = protocol=17 | dir=in | app=c:program filesvideolanvlcvlc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “{05E379CC-F626-4E7D-8354-463865B303BF}” = Windows Live UX Platform Language Pack
    “{0B0F231F-CE6A-483D-AA23-77B364F75917}” = Windows Live Installer
    “{111EE7DF-FC45-40C7-98A7-753AC46B12FB}” = QuickTime 7
    “{200FEC62-3C34-4D60-9CE8-EC372E01C08F}” = Windows Live SOXE Definitions
    “{26A24AE4-039D-4CA4-87B4-2F83217025FF}” = Java 7 Update 55
    “{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}” = CyberLink PowerDVD 8
    “{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}” = Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030
    “{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}” = Windows Live
    “{36A345C9-0691-45A1-AEEF-29ECEC8B5014}” = Microsoft Security Client
    “{4903D172-DCCB-392F-93A3-34CA9D47FE3D}” = Microsoft .NET Framework 4.5.1
    “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
    “{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}” = 32 Bit HP CIO Components Installer
    “{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM
    “{682B3E4F-696A-42DE-A41C-4C07EA1678B4}” = Windows Live SOXE
    “{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}” = PC Connectivity Solution
    “{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}” = MSVC80_x86_v2
    “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
    “{758C8301-2696-4855-AF45-534B1200980A}” = Samsung Kies
    “{83C292B7-38A5-440B-A731-07070E81A64F}” = Windows Live PIMT Platform
    “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
    “{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}” = MSVCRT
    “{90120000-0015-040C-0000-0000000FF1CE}” = Microsoft Office Access MUI (French) 2007
    “{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0016-040C-0000-0000000FF1CE}” = Microsoft Office Excel MUI (French) 2007
    “{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0018-040C-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (French) 2007
    “{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0019-040C-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (French) 2007
    “{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-001A-040C-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (French) 2007
    “{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-001B-040C-0000-0000000FF1CE}” = Microsoft Office Word MUI (French) 2007
    “{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-001F-0401-0000-0000000FF1CE}” = Microsoft Office Proof (Arabic) 2007
    “{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007
    “{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007
    “{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-040C-0000-0000000FF1CE}” = Microsoft Office Proof (French) 2007
    “{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0413-0000-0000000FF1CE}” = Microsoft Office Proof (Dutch) 2007
    “{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-001F-0C0A-0000-0000000FF1CE}” = Microsoft Office Proof (Spanish) 2007
    “{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    “{90120000-002C-040C-0000-0000000FF1CE}” = Microsoft Office Proofing (French) 2007
    “{90120000-0030-0000-0000-0000000FF1CE}” = Microsoft Office Enterprise 2007
    “{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-0044-040C-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (French) 2007
    “{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-006E-040C-0000-0000000FF1CE}” = Microsoft Office Shared MUI (French) 2007
    “{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-00A1-040C-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (French) 2007
    “{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90120000-00B2-040C-0000-0000000FF1CE}” = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
    “{90120000-00BA-040C-0000-0000000FF1CE}” = Microsoft Office Groove MUI (French) 2007
    “{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}” = Microsoft Office 2007 Service Pack 3 (SP3)
    “{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In
    “{92FB6C44-E685-45AD-9B20-CADF4CABA132} – 1033” = Microsoft .NET Framework 4.5.1
    “{92FB6C44-E685-45AD-9B20-CADF4CABA132} – 1036” = Microsoft .NET Framework 4.5.1 (Français)
    “{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting
    “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17
    “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161
    “{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}” = Windows Live Photo Common
    “{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}” = Windows Live Messenger
    “{AC76BA86-7AD7-1036-7B44-AB0000000001}” = Adobe Reader XI (11.0.03) – Français
    “{AF111648-99A1-453E-81DD-80DBBF6DAD0D}” = MSVC90_x86
    “{B175520C-86A2-35A7-8619-86DC379688B9}” = Microsoft Visual C++ 2012 x86 Additional Runtime – 11.0.61030
    “{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}” = Microsoft Visual C++ 2012 x86 Minimum Runtime – 11.0.61030
    “{C507986C-A83D-3F09-9099-5E1AF20BE648}” = Microsoft .NET Framework 4.5.1 (FRA)
    “{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}” = Windows Live ID Sign-in Assistant
    “{C893D8C0-1BA0-4517-B11C-E89B65E72F70}” = Windows Live Photo Common
    “{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}” = Windows Live UX Platform
    “{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}” = SAMSUNG USB Driver for Mobile Phones
    “{D45240D3-B6B3-4FF9-B243-54ECE3E10066}” = Windows Live Communications Platform
    “{E09C4DB7-630C-4F06-A631-8EA7239923AF}” = D3DX10
    “{E3B64CC5-C011-40C0-92BC-7316CD5E5688}” = Microsoft_VC100_CRT_SP1_x86
    “{E5B21F11-6933-4E0B-A25C-7963E3C07D11}” = Windows Live Messenger
    “{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}” = Nokia Suite
    “{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219
    “17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382” = Package de pilotes Windows – Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
    “Adobe Flash Player ActiveX” = Adobe Flash Player 14 ActiveX
    “Adobe Flash Player Plugin” = Adobe Flash Player 14 Plugin
    “Adobe Shockwave Player” = Adobe Shockwave Player 12.0
    “ENTERPRISE” = Microsoft Office Enterprise 2007
    “InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}” = CyberLink PowerDVD 8
    “InstallShield_{758C8301-2696-4855-AF45-534B1200980A}” = Samsung Kies
    “Microsoft Security Client” = Microsoft Security Essentials
    “Millprog_is1” = Millprog 1.0.8
    “Nokia Suite” = Nokia Suite
    “Usbfix” = UsbFix
    “VLC media player” = VLC media player 2.1.3
    “WinLiveSuite” = Windows Live
    “WinRAR archiver” = Archiveur WinRAR

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “MyFreeCodec” = MyFreeCodec

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error – 16/07/2014 16:47:04 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 16/07/2014 16:50:39 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 11328
    Description =

    Error – 16/07/2014 16:50:46 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 17/07/2014 08:04:20 | Computer Name = Bougrine-PC | Source = Application Hang | ID = 1002
    Description = Le programme iexplore.exe version 11.0.9600.17207 a cessé d’interagir
    avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
    sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

    ID
    de processus : cb0 Heure de début : 01cfa1b68e7d4f24 Heure de fin : 23 Chemin d’accès
    de l’application : C:Program FilesInternet Exploreriexplore.exe ID de rapport
    :

    Error – 19/07/2014 22:35:32 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 19/07/2014 22:37:16 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 11328
    Description =

    Error – 19/07/2014 22:37:22 | Computer Name = Bougrine-PC | Source = MsiInstaller | ID = 1023
    Description =

    Error – 20/07/2014 06:40:03 | Computer Name = Bougrine-PC | Source = .NET Runtime | ID = 1026
    Description =

    Error – 20/07/2014 06:40:07 | Computer Name = Bougrine-PC | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante Kies.exe, version : 1.0.0.1821, horodatage
    : 0x5357afa9 Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409,
    horodatage : 0x531599f6 Code d’exception : 0xe0434352 Décalage d’erreur : 0x0000812f
    ID
    du processus défaillant : 0x910 Heure de début de l’application défaillante : 0x01cfa406e4365349
    Chemin
    d’accès de l’application défaillante : C:Program FilesSamsungKiesKies.exe Chemin
    d’accès du module défaillant: C:Windowssystem32KERNELBASE.dll ID de rapport :
    36a07411-0ffa-11e4-9d34-0040d084d65b

    Error – 20/07/2014 14:00:14 | Computer Name = Bougrine-PC | Source = Windows Backup | ID = 4103
    Description =

    [ OSession Events ]
    Error – 28/05/2013 06:45:45 | Computer Name = Bougrine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6175
    seconds with 60 seconds of active time. This session ended with a crash.

    Error – 23/08/2013 09:08:38 | Computer Name = Bougrine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2138
    seconds with 120 seconds of active time. This session ended with a crash.

    Error – 18/05/2014 08:59:24 | Computer Name = Bougrine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2494
    seconds with 1080 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error – 20/07/2014 12:30:01 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR3.

    Error – 20/07/2014 12:30:02 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR3.

    Error – 20/07/2014 12:30:02 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR3.

    Error – 20/07/2014 12:30:32 | Computer Name = Bougrine-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
    Description = Vérification du volume chiffré : impossible de lire les informations
    de volume sur E:.

    Error – 20/07/2014 14:31:25 | Computer Name = Bougrine-PC | Source = Disk | ID = 262151
    Description = Le périphérique DeviceHarddisk1DR4 comporte un bloc défectueux.

    Error – 20/07/2014 14:31:58 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:31:58 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:31:59 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:31:59 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    Error – 20/07/2014 14:32:00 | Computer Name = Bougrine-PC | Source = Disk | ID = 262155
    Description = Le pilote a détecté une erreur du contrôleur sur DeviceHarddisk1DR4.

    < End of report >
    ############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 13:32:44 | 22/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 525 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |(!) Non à jour]
    AS: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    E: -> Disque amovible # 970 Mo (970 Mo libre(s) – 100%) [] # FAT32

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32csrss.exe (ID: 340|ParentID: 332|Système)
    C:WindowsSystem32wininit.exe (ID: 388|ParentID: 332|Système)
    C:WindowsSystem32csrss.exe (ID: 400|ParentID: 380|Système)
    C:WindowsSystem32winlogon.exe (ID: 440|ParentID: 380|Système)
    C:WindowsSystem32services.exe (ID: 476|ParentID: 388|Système)
    C:WindowsSystem32lsass.exe (ID: 484|ParentID: 388|Système)
    C:WindowsSystem32lsm.exe (ID: 492|ParentID: 388|Système)
    C:WindowsSystem32svchost.exe (ID: 628|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 704|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 752|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 876|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 936|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 996|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1276|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 1344|ParentID: 476|SERVICE LOCAL)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1756|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 1492|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32dwm.exe (ID: 3252|ParentID: 936|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 3700|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 2648|ParentID: 476|Système)
    C:WindowsSystem32rundll32.exe (ID: 5120|ParentID: 628|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 5124|ParentID: 936|SERVICE LOCAL)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 5012|ParentID: 476|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 5980|ParentID: 5012|Système)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6092|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32SearchIndexer.exe (ID: 5856|ParentID: 476|Système)
    C:Windowsexplorer.exe (ID: 296|ParentID: 4748|Bougrine)
    C:WindowsSystem32spoolsv.exe (ID: 5392|ParentID: 476|Système)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2632|ParentID: 296|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 4224|ParentID: 476|Système)
    C:WindowsSystem32mqsvc.exe (ID: 4876|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesInternet Exploreriexplore.exe (ID: 3220|ParentID: 296|Bougrine)
    C:WindowsSystem32dllhost.exe (ID: 4164|ParentID: 628|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 1028|ParentID: 3220|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5456|ParentID: 3220|Bougrine)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 6088|ParentID: 628|Bougrine)
    C:UsbFixUsbFix.exe (ID: 1368|ParentID: 296|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    ################## | Registre |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:2rbs2tdv]

  • Anonyme
    Post count: 1400

    :hello: seneque55 et :welcome: sur sosvirus

    je vais te prendre en charge ;)

    pour ton problème, fait ceci et poste le rapport s’il te plaît

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes tes sources de données externes au PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Recherche

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    :merci2:

  • seneque55
    Post count: 0

    Bonjour et merci pour votre soutien.
    J’ai déjà envoyé plusieurs rapports je vous renvoie ce dernier.

    BBc

    [spoiler:1lbql8xf]############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 17:02:39 | 22/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 525 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [Actif |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 52 Go (14 Go libre(s) – 28%) [HDD] # NTFS

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32csrss.exe (ID: 340|ParentID: 332|Système)
    C:WindowsSystem32wininit.exe (ID: 388|ParentID: 332|Système)
    C:WindowsSystem32csrss.exe (ID: 400|ParentID: 380|Système)
    C:WindowsSystem32winlogon.exe (ID: 440|ParentID: 380|Système)
    C:WindowsSystem32services.exe (ID: 476|ParentID: 388|Système)
    C:WindowsSystem32lsass.exe (ID: 484|ParentID: 388|Système)
    C:WindowsSystem32lsm.exe (ID: 492|ParentID: 388|Système)
    C:WindowsSystem32svchost.exe (ID: 628|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 704|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 752|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 876|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 936|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 996|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1276|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 1344|ParentID: 476|SERVICE LOCAL)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1756|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 1492|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32dwm.exe (ID: 3252|ParentID: 936|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 3700|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 2648|ParentID: 476|Système)
    C:WindowsSystem32rundll32.exe (ID: 5120|ParentID: 628|Bougrine)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 5012|ParentID: 476|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 5980|ParentID: 5012|Système)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6092|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32SearchIndexer.exe (ID: 5856|ParentID: 476|Système)
    C:Windowsexplorer.exe (ID: 296|ParentID: 4748|Bougrine)
    C:WindowsSystem32spoolsv.exe (ID: 5392|ParentID: 476|Système)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2632|ParentID: 296|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 4224|ParentID: 476|Système)
    C:WindowsSystem32mqsvc.exe (ID: 4876|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32taskhost.exe (ID: 4592|ParentID: 476|Bougrine)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 5032|ParentID: 296|Bougrine)
    C:WindowsSystem32dllhost.exe (ID: 2060|ParentID: 628|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5300|ParentID: 296|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 1676|ParentID: 5300|Bougrine)
    C:WindowsSystem32audiodg.exe (ID: 4364|ParentID: 876|SERVICE LOCAL)
    C:UsbFixUsbFix.exe (ID: 3764|ParentID: 296|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    ################## | Registre |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:1lbql8xf]

  • Anonyme
    Post count: 1400

    re

    tu n’as pas branché ta/tes clé(s) usb pour réaliser le scan, refait le scan avec tes clés usb de branchées

    et poste le rapport

    :merci2:

  • seneque55
    Post count: 0

    @billmaxime wrote:

    re

    tu n’as pas branché t/tes clé(s) usb pour réaliser le scan, refait le scan avec tes clés usb de branchées

    et poste le rapport

    :merci2:

    J’ai branché 3 clés et voici le èm scan
    Merci beaucoup pour la gentillesse

    BBc

    [spoiler:xhrhrr8j]############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 18:18:53 | 22/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 525 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [Actif |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    C: (%SystemDrive%) -> Disque fixe # 52 Go (14 Go libre(s) – 28%) [HDD] # NTFS
    E: -> Disque amovible # 970 Mo (970 Mo libre(s) – 100%) [] # FAT32
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32csrss.exe (ID: 340|ParentID: 332|Système)
    C:WindowsSystem32wininit.exe (ID: 388|ParentID: 332|Système)
    C:WindowsSystem32csrss.exe (ID: 400|ParentID: 380|Système)
    C:WindowsSystem32winlogon.exe (ID: 440|ParentID: 380|Système)
    C:WindowsSystem32services.exe (ID: 476|ParentID: 388|Système)
    C:WindowsSystem32lsass.exe (ID: 484|ParentID: 388|Système)
    C:WindowsSystem32lsm.exe (ID: 492|ParentID: 388|Système)
    C:WindowsSystem32svchost.exe (ID: 628|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 704|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 752|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 876|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 936|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 996|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1276|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 1344|ParentID: 476|SERVICE LOCAL)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1756|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 1492|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32dwm.exe (ID: 3252|ParentID: 936|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 3700|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 2648|ParentID: 476|Système)
    C:WindowsSystem32rundll32.exe (ID: 5120|ParentID: 628|Bougrine)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 5012|ParentID: 476|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 5980|ParentID: 5012|Système)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6092|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32SearchIndexer.exe (ID: 5856|ParentID: 476|Système)
    C:Windowsexplorer.exe (ID: 296|ParentID: 4748|Bougrine)
    C:WindowsSystem32spoolsv.exe (ID: 5392|ParentID: 476|Système)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2632|ParentID: 296|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 4224|ParentID: 476|Système)
    C:WindowsSystem32mqsvc.exe (ID: 4876|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32taskhost.exe (ID: 4592|ParentID: 476|Bougrine)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 5032|ParentID: 296|Bougrine)
    C:WindowsSystem32dllhost.exe (ID: 2060|ParentID: 628|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5300|ParentID: 296|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 1676|ParentID: 5300|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 5312|ParentID: 936|SERVICE LOCAL)
    C:WindowsSystem32dinotify.exe (ID: 6008|ParentID: 4772|Bougrine)
    C:WindowsSystem32notepad.exe (ID: 4000|ParentID: 3764|Bougrine)
    C:UsbFixUsbFix.exe (ID: 584|ParentID: 3764|Bougrine)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 3268|ParentID: 628|Bougrine)
    C:WindowsSystem32audiodg.exe (ID: 6032|ParentID: 876|SERVICE LOCAL)
    C:Program FilesWindows Media Playerwmplayer.exe (ID: 5716|ParentID: 628|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! A:Recycle.exe
    Présent! A:SSVICHOSST.exe
    Présent! G:RecyclerS-0-4-88-5815858051-4751108336-047441488-4651nvCIsvfm.cpl
    Présent! G:RecyclerS-0-4-88-5815858051-4751108336-047441488-4651cxFfXvhd.cpl
    Présent! G:RecyclerS-0-4-88-5815858051-4751108336-047441488-4651
    Présent! A:ert.dll
    Présent! G:RecyclerS-1-6-21-2434476501-1644491937-600003330-1213Desktop.ini
    Présent! G:RecyclerS-1-6-21-2434476501-1644491937-600003330-1213

    ################## | Registre |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:xhrhrr8j]

  • Anonyme
    Post count: 1400

    re

    J’ai branché 3 clés et voici le èm scan

    si tu as d’autres clés où support externe, il faudra aussi faire 1 scan en mode recherche

    avec les clés branchées pour le scan en mode recherche que tu viens de réaliser, fait ceci et poste le rapport

    s’il te plaît

    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    :merci2:

  • seneque55
    Post count: 0

    un grand merci
    voici le scan

    BBc

    [spoiler:xknopd95]############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 19:01:42 | 22/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 627 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [Actif |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 52 Go (14 Go libre(s) – 28%) [HDD] # NTFS

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32csrss.exe (ID: 340|ParentID: 332|Système)
    C:WindowsSystem32wininit.exe (ID: 388|ParentID: 332|Système)
    C:WindowsSystem32csrss.exe (ID: 400|ParentID: 380|Système)
    C:WindowsSystem32winlogon.exe (ID: 440|ParentID: 380|Système)
    C:WindowsSystem32services.exe (ID: 476|ParentID: 388|Système)
    C:WindowsSystem32lsass.exe (ID: 484|ParentID: 388|Système)
    C:WindowsSystem32lsm.exe (ID: 492|ParentID: 388|Système)
    C:WindowsSystem32svchost.exe (ID: 628|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 704|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 752|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 876|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 936|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 996|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1276|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 1344|ParentID: 476|SERVICE LOCAL)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1756|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1968|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 1492|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32dwm.exe (ID: 3252|ParentID: 936|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 3700|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 2648|ParentID: 476|Système)
    C:WindowsSystem32dllhost.exe (ID: 2060|ParentID: 628|Bougrine)
    C:WindowsSystem32rundll32.exe (ID: 300|ParentID: 628|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 4596|ParentID: 936|SERVICE LOCAL)
    C:Windowsexplorer.exe (ID: 2200|ParentID: 1776|Bougrine)
    C:WindowsSystem32SearchIndexer.exe (ID: 2960|ParentID: 476|Système)
    C:Program FilesInternet Exploreriexplore.exe (ID: 4760|ParentID: 2200|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2108|ParentID: 4760|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 3088|ParentID: 4760|Bougrine)
    C:WindowsSystem32mqsvc.exe (ID: 3400|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32taskhost.exe (ID: 3584|ParentID: 476|SERVICE LOCAL)
    C:UsbFixUsbFix.exe (ID: 3288|ParentID: 2200|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    ################## | Registre |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:xknopd95]

  • Anonyme
    Post count: 1400

    re

    tu n’as pas posté le bon rapport >> [glow=red:2lfkjpf1]Lancé à 19:01:42 | 22/07/2014[/glow:2lfkjpf1]

    ça c’est le 1er que tu as fait en mode recherche ;)

    poste moi celui après “nettoyage”

    :merci2:

  • seneque55
    Post count: 0
    BBc

    [spoiler:1ppkyoj1]############################## | UsbFix V 7.176 | [Nettoyage]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 19:21:39 | 22/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 640 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [Actif |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 52 Go (14 Go libre(s) – 28%) [HDD] # NTFS

    ################## | Processus Stoppés |

    C:WindowsSystem32rundll32.exe (ID: 5992|ParentID: 628|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 4316|ParentID: 936|SERVICE LOCAL)
    C:Windowsexplorer.exe (ID: 3388|ParentID: 3668|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5924|ParentID: 3388|Bougrine)
    C:WindowsSystem32SearchIndexer.exe (ID: 5368|ParentID: 476|Système)
    C:WindowsSystem32mqsvc.exe (ID: 4296|ParentID: 476|SERVICE RÉSEAU)

    ################## | Autorun |

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [20/07/2014 – 16:39:47 | D] – C:kleaner.tmp
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:MSDOS.SYS
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:IO.SYS
    [10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
    [22/07/2014 – 11:58:17 | ASH | 982696 Ko] – C:hiberfil.sys
    [22/07/2014 – 11:58:23 | ASH | 1310264 Ko] – C:pagefile.sys
    [08/07/2012 – 13:28:36 | N | 0 Ko] – C:Boot.ini.saved
    [17/06/2005 – 19:37:27 | N | 1 Ko] – C:IPH.PH
    [22/07/2014 – 10:47:48 | D] – C:Config.Msi
    [05/08/2004 – 13:00:00 | N | 46 Ko | SHA1: 6CAAFF4D8A162BB1080036CE1A6D023AECDA36C3] – C:NTDETECT.COM
    [05/08/2004 – 13:00:00 | N | 5 Ko] – C:Bootfont.bin
    [08/06/2014 – 11:08:43 | SHD] – C:$Recycle.Bin
    [22/07/2014 – 12:33:00 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [17/06/2005 – 20:05:15 | N | 0 Ko] – C:Boot.BAK
    [08/07/2012 – 13:28:38 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [05/08/2004 – 13:00:00 | N | 257 Ko] – C:cmldr
    [05/08/2004 – 13:00:00 | RASH | 246 Ko] – C:ntldr
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
    [20/06/2012 – 15:58:58 | D] – C:APPS
    [20/06/2012 – 15:58:58 | D] – C:My Music
    [20/06/2012 – 15:58:59 | SHD] – C:RECYCLER
    [20/06/2012 – 16:00:26 | D] – C:cmdcons
    [20/06/2012 – 16:00:33 | D] – C:DIVTOOLS
    [20/06/2012 – 16:01:16 | D] – C:mysql
    [20/06/2012 – 16:01:19 | D] – C:OEMCUST
    [20/06/2012 – 16:01:26 | D] – C:PNP
    [08/07/2012 – 12:42:57 | SHD] – C:Recovery
    [08/08/2012 – 07:46:11 | SHD] – C:Boot
    [07/09/2012 – 19:22:36 | RHD] – C:MSOCache
    [09/10/2012 – 08:59:55 | N | 199 Ko] – C:grldr
    [09/10/2012 – 09:01:03 | N | 0 Ko] – C:win7ldr
    [16/05/2013 – 10:38:41 | D] – C:312101e980c0342f4045
    [29/05/2013 – 11:57:19 | D] – C:DRIVERS
    [22/07/2013 – 13:46:23 | D] – C:9d591f6e4d705c52fc618d32016b
    [30/07/2013 – 15:36:25 | D] – C:Diccionario Lengua Española
    [28/11/2013 – 22:44:54 | D] – C:DriverPack Solution
    [08/06/2014 – 11:08:15 | D] – C:Users
    [20/07/2014 – 17:38:19 | D] – C:Temp
    [21/07/2014 – 21:56:31 | D] – C:Windows
    [21/07/2014 – 21:57:02 | D] – C:Log
    [22/07/2014 – 10:44:46 | SHD] – C:System Volume Information
    [22/07/2014 – 11:55:51 | HD] – C:ProgramData
    [22/07/2014 – 11:56:01 | D] – C:AdwCleaner
    [22/07/2014 – 12:13:07 | D] – C:Program Files
    [22/07/2014 – 19:21:30 | D] – C:UsbFix

    ################## | Vaccin |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:1ppkyoj1]

    Merci

  • Anonyme
    Post count: 1400

    re

    tu n’as pas posté le bon rapport, il me faut le rapport après [glow=red:18smg3yc]”nettoyage”[/glow:18smg3yc] avec ces clés de branchées

    [glow=red:18smg3yc]A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT[/glow:18smg3yc]
    C: (%SystemDrive%) -> Disque fixe # 52 Go (14 Go libre(s) – 28%) [HDD] # NTFS
    [glow=red:18smg3yc]E: -> Disque amovible # 970 Mo (970 Mo libre(s) – 100%) [] # FAT32
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT[/glow:18smg3yc]

    :merci2:

  • seneque55
    Post count: 0
    BBc

    [spoiler:38u4ayny]############################## | UsbFix V 7.176 | [Nettoyage]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 19:42:26 | 22/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 563 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [Actif |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 52 Go (14 Go libre(s) – 28%) [HDD] # NTFS

    ################## | Processus Stoppés |

    C:WindowsSystem32rundll32.exe (ID: 4448|ParentID: 628|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 3560|ParentID: 936|SERVICE LOCAL)
    C:Windowsexplorer.exe (ID: 4408|ParentID: 5360|Bougrine)
    C:WindowsSystem32SearchIndexer.exe (ID: 1684|ParentID: 476|Système)
    C:Program FilesInternet Exploreriexplore.exe (ID: 4736|ParentID: 4408|Bougrine)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 1020|ParentID: 628|Bougrine)
    C:WindowsSystem32SearchProtocolHost.exe (ID: 6004|ParentID: 1684|Système)
    C:WindowsSystem32notepad.exe (ID: 824|ParentID: 1736|Bougrine)
    C:WindowsSystem32notepad.exe (ID: 284|ParentID: 3900|Bougrine)

    ################## | Autorun |

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [NokiaSuite.exe] C:Program FilesNokiaNokia SuiteNokiaSuite.exe -tray
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [20/07/2014 – 16:39:47 | D] – C:kleaner.tmp
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:MSDOS.SYS
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:IO.SYS
    [10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
    [22/07/2014 – 11:58:17 | ASH | 982696 Ko] – C:hiberfil.sys
    [22/07/2014 – 11:58:23 | ASH | 1310264 Ko] – C:pagefile.sys
    [08/07/2012 – 13:28:36 | N | 0 Ko] – C:Boot.ini.saved
    [17/06/2005 – 19:37:27 | N | 1 Ko] – C:IPH.PH
    [22/07/2014 – 10:47:48 | D] – C:Config.Msi
    [05/08/2004 – 13:00:00 | N | 46 Ko | SHA1: 6CAAFF4D8A162BB1080036CE1A6D023AECDA36C3] – C:NTDETECT.COM
    [05/08/2004 – 13:00:00 | N | 5 Ko] – C:Bootfont.bin
    [08/06/2014 – 11:08:43 | SHD] – C:$Recycle.Bin
    [22/07/2014 – 12:33:00 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [17/06/2005 – 20:05:15 | N | 0 Ko] – C:Boot.BAK
    [08/07/2012 – 13:28:38 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [05/08/2004 – 13:00:00 | N | 257 Ko] – C:cmldr
    [05/08/2004 – 13:00:00 | RASH | 246 Ko] – C:ntldr
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
    [20/06/2012 – 15:58:58 | D] – C:APPS
    [20/06/2012 – 15:58:58 | D] – C:My Music
    [20/06/2012 – 15:58:59 | SHD] – C:RECYCLER
    [20/06/2012 – 16:00:26 | D] – C:cmdcons
    [20/06/2012 – 16:00:33 | D] – C:DIVTOOLS
    [20/06/2012 – 16:01:16 | D] – C:mysql
    [20/06/2012 – 16:01:19 | D] – C:OEMCUST
    [20/06/2012 – 16:01:26 | D] – C:PNP
    [08/07/2012 – 12:42:57 | SHD] – C:Recovery
    [08/08/2012 – 07:46:11 | SHD] – C:Boot
    [07/09/2012 – 19:22:36 | RHD] – C:MSOCache
    [09/10/2012 – 08:59:55 | N | 199 Ko] – C:grldr
    [09/10/2012 – 09:01:03 | N | 0 Ko] – C:win7ldr
    [16/05/2013 – 10:38:41 | D] – C:312101e980c0342f4045
    [29/05/2013 – 11:57:19 | D] – C:DRIVERS
    [22/07/2013 – 13:46:23 | D] – C:9d591f6e4d705c52fc618d32016b
    [30/07/2013 – 15:36:25 | D] – C:Diccionario Lengua Española
    [28/11/2013 – 22:44:54 | D] – C:DriverPack Solution
    [08/06/2014 – 11:08:15 | D] – C:Users
    [20/07/2014 – 17:38:19 | D] – C:Temp
    [21/07/2014 – 21:56:31 | D] – C:Windows
    [21/07/2014 – 21:57:02 | D] – C:Log
    [22/07/2014 – 10:44:46 | SHD] – C:System Volume Information
    [22/07/2014 – 11:55:51 | HD] – C:ProgramData
    [22/07/2014 – 11:56:01 | D] – C:AdwCleaner
    [22/07/2014 – 12:13:07 | D] – C:Program Files
    [22/07/2014 – 19:36:45 | D] – C:UsbFix

    ################## | Vaccin |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:38u4ayny]
    J’ai 6 clés le tas est mélangé hahaha

  • Anonyme
    Post count: 1400

    re

    J’ai 6 clés le tas est mélangé hahaha

    ok, mais dans le rapport, il n’y a que ton disque dur qui apparaît :interro:

    C: (%SystemDrive%) -> Disque fixe # 52 Go (14 Go libre(s) – 28%) [HDD] # NTFS

    regarde dans les rapports que tu as sur ton bureau où dans C:usbfix.clean si tu as le rapport après nettoyage avec

    ces clés:

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    E: -> Disque amovible # 970 Mo (970 Mo libre(s) – 100%) [] # FAT32
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    si tu le vois, poste le dans ta prochaine réponse

    :merci2:

  • seneque55
    Post count: 0

    Merci beaucoup pour votre gentillesse Monsieur.
    Je posterai demain si possible. Encore merci pour votre temps et votre attention.
    Bonne nuit

  • Anonyme
    Post count: 1400

    re

    pas de soucis ;)

    bonne nuit et @ demain :bye:

  • Anonyme
    Post count: 0

    :hello: ,

    Les rapports sont sauvegardés ici : C:UsbFixLogUsbFix [Clean …

    Bonne soirée messieurs :)

    :hello:

  • seneque55
    Post count: 0

    Un grand bonjour et merci d’avance.
    voici l e rapport d’aujourd’hui.
    n.b: Est-ce que y a pas moyen de répondre sans passer par nom utilsateur, adress mail question..?
    merci

    BBc

    [spoiler:1u3dwcqg]############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 06:09:32 | 23/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 486 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [Actif |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32wininit.exe (ID: 396|ParentID: 352)
    C:WindowsSystem32winlogon.exe (ID: 448|ParentID: 388)
    C:WindowsSystem32services.exe (ID: 476|ParentID: 396)
    C:WindowsSystem32lsass.exe (ID: 508|ParentID: 396)
    C:WindowsSystem32lsm.exe (ID: 516|ParentID: 396)
    C:WindowsSystem32svchost.exe (ID: 616|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 688|ParentID: 476)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 740|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 884|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 932|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 972|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 1004|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 1320|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 1424|ParentID: 476)
    C:WindowsSystem32spoolsv.exe (ID: 1536|ParentID: 476)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 1748|ParentID: 476)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1860|ParentID: 476)
    C:WindowsSystem32mqsvc.exe (ID: 1952|ParentID: 476)
    C:WindowsSystem32slserv.exe (ID: 2020|ParentID: 476)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 512|ParentID: 476)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 1144|ParentID: 512)
    C:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 2068|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 2112|ParentID: 476)
    C:WindowsSystem32svchost.exe (ID: 3212|ParentID: 476)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3416|ParentID: 476)
    C:WindowsSystem32taskhost.exe (ID: 3828|ParentID: 476|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2128|ParentID: 1860|Bougrine)
    C:WindowsSystem32dwm.exe (ID: 2812|ParentID: 932|Bougrine)
    C:Windowsexplorer.exe (ID: 2840|ParentID: 2776|Bougrine)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3080|ParentID: 2840|Bougrine)
    C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3652|ParentID: 2840|Bougrine)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2608|ParentID: 2840|Bougrine)
    C:Program FilesSamsungKiesKies.exe (ID: 3852|ParentID: 2840|Bougrine)
    C:Program FilesSamsungKiesKiesAirMessage.exe (ID: 3948|ParentID: 2840|Bougrine)
    C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 4076|ParentID: 3716|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 2312|ParentID: 476)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 3704|ParentID: 476)
    C:WindowsSystem32SearchIndexer.exe (ID: 3388|ParentID: 476)
    C:Program FilesPC Connectivity SolutionServiceLayer.exe (ID: 4092|ParentID: 476)
    C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe (ID: 3844|ParentID: 4092)
    C:Program FilesInternet Exploreriexplore.exe (ID: 548|ParentID: 2840|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 3260|ParentID: 548|Bougrine)
    C:WindowsSystem32audiodg.exe (ID: 3192|ParentID: 884)
    C:UsbFixUsbFix.exe (ID: 2324|ParentID: 2840|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! A:ert.dll

    ################## | Registre |

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |
    ############################## | UsbFix V 7.176 | [Nettoyage]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 06:12:45 | 23/07/2014

    Site Web : [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;]
    Changelog : [http://www.usbfix.net/maj/ http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;]
    Assistance : [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;]
    Upload Malware : [https://www.sosvirus.net/upload_malware.php upload_malware.php]
    Contact : [http://www.usbfix.net/contact/ http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;]

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 473 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [Actif |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    ################## | Processus Stoppés |

    C:WindowsSystem32spoolsv.exe (ID: 1536|ParentID: 476|Système)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 1748|ParentID: 476|Système)
    C:WindowsSystem32mqsvc.exe (ID: 1952|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32slserv.exe (ID: 2020|ParentID: 476|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 512|ParentID: 476|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 1144|ParentID: 512|Système)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3416|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32taskhost.exe (ID: 3828|ParentID: 476|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2128|ParentID: 1860|Bougrine)
    C:Windowsexplorer.exe (ID: 2840|ParentID: 2776|Bougrine)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3080|ParentID: 2840|Bougrine)
    C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3652|ParentID: 2840|Bougrine)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2608|ParentID: 2840|Bougrine)
    C:Program FilesSamsungKiesKies.exe (ID: 3852|ParentID: 2840|Bougrine)
    C:Program FilesSamsungKiesKiesAirMessage.exe (ID: 3948|ParentID: 2840|Bougrine)
    C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 4076|ParentID: 3716|Bougrine)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 3704|ParentID: 476|Système)
    C:WindowsSystem32SearchIndexer.exe (ID: 3388|ParentID: 476|Système)
    C:Program FilesPC Connectivity SolutionServiceLayer.exe (ID: 4092|ParentID: 476|Système)
    C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe (ID: 3844|ParentID: 4092|Système)
    C:Program FilesInternet Exploreriexplore.exe (ID: 548|ParentID: 2840|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 3260|ParentID: 548|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 2748|ParentID: 932|SERVICE LOCAL)
    C:WindowsSystem32SearchProtocolHost.exe (ID: 2848|ParentID: 3388|Système)
    C:WindowsSystem32SearchFilterHost.exe (ID: 2336|ParentID: 3388|Système)

    ################## | Autorun |

    ################## | Recherche générique |

    Non supprimé ! A:ert.dll

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | A: – Disque USB (FAT) |

    [31/10/2003 – 18:13:42 | N | 64 Ko | SHA1: 45C6A7889165A634D6140B65D757755C0ADCAE40] – A:UDPv24.exe
    [30/09/2003 – 14:52:32 | N | 936 Ko] – A:USB Disk Pro v2.0.pdf
    [02/03/2011 – 11:06:56 | N | 3 Ko] – A:folder.htt
    [12/08/2008 – 14:48:34 | N | 67 Ko] – A:Y7YQ6J[1].pdf
    [06/08/2012 – 17:46:44 | N | 0 Ko] – A:ert.dll

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [20/07/2014 – 16:39:47 | D] – C:kleaner.tmp
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:MSDOS.SYS
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:IO.SYS
    [10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
    [23/07/2014 – 05:14:39 | ASH | 982696 Ko] – C:hiberfil.sys
    [23/07/2014 – 05:14:41 | ASH | 1310264 Ko] – C:pagefile.sys
    [08/07/2012 – 13:28:36 | N | 0 Ko] – C:Boot.ini.saved
    [17/06/2005 – 19:37:27 | N | 1 Ko] – C:IPH.PH
    [23/07/2014 – 05:41:13 | D] – C:Config.Msi
    [23/07/2014 – 05:13:50 | N | 3 Ko] – C:bootsqm.dat
    [05/08/2004 – 13:00:00 | N | 46 Ko | [https://www.virustotal.com/file/8f7186a71684dd114e89cc908ed9400192bc3a47fb288cce4c5c27d0f5d3afa4/analysis/1405807532/ VirusTotal] – (0/53)] – C:NTDETECT.COM
    [05/08/2004 – 13:00:00 | N | 5 Ko] – C:Bootfont.bin
    [08/06/2014 – 11:08:43 | SHD] – C:$Recycle.Bin
    [22/07/2014 – 12:33:00 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [17/06/2005 – 20:05:15 | N | 0 Ko] – C:Boot.BAK
    [08/07/2012 – 13:28:38 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [05/08/2004 – 13:00:00 | N | 257 Ko] – C:cmldr
    [05/08/2004 – 13:00:00 | RASH | 246 Ko] – C:ntldr
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
    [20/06/2012 – 15:58:58 | D] – C:APPS
    [20/06/2012 – 15:58:58 | D] – C:My Music
    [20/06/2012 – 15:58:59 | SHD] – C:RECYCLER
    [20/06/2012 – 16:00:26 | D] – C:cmdcons
    [20/06/2012 – 16:00:33 | D] – C:DIVTOOLS
    [20/06/2012 – 16:01:16 | D] – C:mysql
    [20/06/2012 – 16:01:19 | D] – C:OEMCUST
    [20/06/2012 – 16:01:26 | D] – C:PNP
    [08/07/2012 – 12:42:57 | SHD] – C:Recovery
    [08/08/2012 – 07:46:11 | SHD] – C:Boot
    [07/09/2012 – 19:22:36 | RHD] – C:MSOCache
    [09/10/2012 – 08:59:55 | N | 199 Ko] – C:grldr
    [09/10/2012 – 09:01:03 | N | 0 Ko] – C:win7ldr
    [16/05/2013 – 10:38:41 | D] – C:312101e980c0342f4045
    [29/05/2013 – 11:57:19 | D] – C:DRIVERS
    [22/07/2013 – 13:46:23 | D] – C:9d591f6e4d705c52fc618d32016b
    [30/07/2013 – 15:36:25 | D] – C:Diccionario Lengua Española
    [28/11/2013 – 22:44:54 | D] – C:DriverPack Solution
    [08/06/2014 – 11:08:15 | D] – C:Users
    [20/07/2014 – 17:38:19 | D] – C:Temp
    [21/07/2014 – 21:57:02 | D] – C:Log
    [22/07/2014 – 10:44:46 | SHD] – C:System Volume Information
    [22/07/2014 – 11:55:51 | HD] – C:ProgramData
    [22/07/2014 – 11:56:01 | D] – C:AdwCleaner
    [23/07/2014 – 05:37:47 | D] – C:Windows
    [23/07/2014 – 05:48:03 | D] – C:Program Files
    [23/07/2014 – 06:09:18 | D] – C:UsbFix

    ################## | G: – Disque USB (FAT) |

    [04/07/2014 – 09:47:06 | D] – G:FOUND.001
    [20/07/2012 – 21:39:26 | D] – G:FOUND.000
    [26/07/2012 – 19:13:22 | N | 2756 Ko] – G:Je reviendrai vers toi – YouTube.mp3
    [18/07/2008 – 15:39:44 | N | 2341 Ko] – G:joe dassin – et si tu n'existe pas.mp3
    [03/08/2012 – 11:51:40 | RSHD] – G:RECYCLER
    [02/08/2012 – 18:19:50 | N | 3107 Ko] – G:MICHEL FUGAIN une belle histoire – YouTube.mp3
    [02/08/2012 – 18:20:14 | N | 2711 Ko] – G:le petit ane gris.mp3
    [02/08/2012 – 18:07:34 | N | 3491 Ko] – G:MICHEL FUGAIN une belle histoire – YouTube.FLV
    [02/08/2012 – 18:12:36 | N | 11519 Ko] – G:le petit ane gris.FLV
    [03/08/2012 – 16:24:50 | N | 12 Ko] – G:Paroles.docx
    [10/08/2012 – 13:24:40 | N | 2 Ko] – G:BOOTEX.LOG
    [19/02/2013 – 17:37:16 | D] – G:goethe
    [22/04/2013 – 18:14:02 | N | 11 Ko] – G:ATTESTATION DE SALAIRE.docx
    [27/07/2013 – 10:39:50 | N | 11 Ko] – G:Frais de réparation.docx
    [24/11/2013 – 14:14:42 | N | 11 Ko] – G:Attestation de Travai1.docx
    [13/02/2014 – 17:57:12 | N | 11 Ko] – G:Abgehaun.docx
    [03/07/2014 – 09:58:36 | N | 14 Ko] – G:ATTESTATION DE DOMICILIATION.docx
    [03/07/2014 – 17:08:52 | N | 1130 Ko] – G:STKRONOS-S6.pdf
    [04/07/2014 – 09:25:22 | N | 3623 Ko] – G:EBW_EXCOM_hybrid_2_5_GB_mail.pdf
    [04/07/2014 – 09:47:06 | N | 94 Ko] – G:FOUND.001FILE0000.CHK
    [20/07/2012 – 21:39:26 | N | 2 Ko] – G:FOUND.000FILE0000.CHK
    [20/07/2012 – 21:39:26 | N | 2 Ko] – G:FOUND.000FILE0001.CHK
    [20/07/2012 – 21:39:26 | N | 2 Ko] – G:FOUND.000FILE0002.CHK
    [20/07/2012 – 21:39:26 | N | 18772 Ko] – G:FOUND.000FILE0003.CHK
    [06/08/2012 – 17:46:56 | D] – G:RECYCLERS-0-5-22-1628521511-4362170414-863271642-4304
    [07/08/2012 – 17:37:48 | D] – G:RECYCLERS-1-6-80-1078604628-3725336837-070267314-0631
    [15/08/2012 – 17:57:38 | D] – G:RECYCLERS-6-4-52-0554634273-8766473325-314532763-2478
    [16/08/2012 – 17:52:50 | D] – G:RECYCLERS-7-3-11-8835057708-1112510036-828734133-4543
    [26/08/2012 – 17:15:52 | D] – G:RECYCLERS-7-3-17-4220135346-0007182378-477658804-8806
    [26/08/2012 – 17:22:58 | D] – G:RECYCLERS-1-0-25-4444161737-5768866470-177646485-3601
    [26/08/2012 – 17:49:56 | D] – G:RECYCLERS-5-0-33-0753102241-5540721734-721388117-0383
    [28/08/2012 – 17:44:48 | D] – G:RECYCLERS-6-5-67-5735567147-1604854255-035632670-3544
    [29/08/2012 – 17:59:38 | D] – G:RECYCLERS-0-0-55-6746120822-2367852022-166524138-1517
    [21/03/2013 – 16:27:54 | D] – G:RECYCLERS-1-4-17-6583635350-3165242515-360564705-7148
    [21/03/2013 – 14:43:50 | A | 0 Ko] – G:goetheNouveau document texte.txt

    ################## | Vaccin |

    A:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | [https://www.sosvirus.net/ https://www.sosvirus.net/” onclick=”window.open(this.href);return false;] | [http://www.usbfix.net/ http://www.usbfix.net/” onclick=”window.open(this.href);return false;] |[/spoiler:1u3dwcqg]

  • Anonyme
    Post count: 1400

    :hello: seneque55,

    n.b: Est-ce que y a pas moyen de répondre sans passer par nom utilsateur, adress mail question..?
    merci

    si, en t’inscrivant sur le site, c’est gratuit

    tu as de nouveau posté 1 rapport de recherche

    | UsbFix V 7.176 | [Recherche]
    Lancé à 06:09:32 | 23/07/2014

    nous allons procéder différemment, fait ceci et poste le rapport s’il te plaît

    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche la case suivantes :
      • Supprimer les outils de désinfection

    :merci2:

  • seneque55
    Post count: 0

    merci pour la réponse. je suis enregistré mais il m’accepte pas pour cause : utilisateur déjà existé :merci2:

  • seneque55
    Post count: 0

    voici le rapport

    BBc

    [spoiler:rysoz2d4]# DelFix v10.7 – Rapport créé le 23/07/2014 à 08:34:40
    # Mis à jour le 27/04/2014 par Xplode
    # Nom d'utilisateur : Bougrine – BOUGRINE-PC
    # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)

    ~ Suppression des outils de désinfection …

    Supprimé : C:USBFix
    Supprimé : C:AdwCleaner
    Supprimé : C:UsersBougrineAppDataRoamingZHP
    Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsZHP
    Supprimé : C:Program FilesZHPDiag
    Supprimé : C:PhysicalDisk0_MBR.bin
    Supprimé : C:UsersBougrineDesktopExtras.Txt
    Supprimé : C:UsersBougrineDesktopOTL.Txt
    Supprimé : C:UsersBougrineDesktopOTL.exe
    Supprimé : C:UsersBougrineDesktopscan.txt
    Supprimé : C:UsersBougrineDesktopUsbFix [Clean 24] BOUGRINE-PC-aujoud_hui.txt
    Supprimé : C:UsersBougrineDesktopUsbFix [Scan 19] BOUGRINE-PC.txt
    Supprimé : C:UsersBougrineDesktopUsbFix [Scan 21] BOUGRINE-PC-aujoud_hui.txt
    Supprimé : C:UsersBougrineDesktopUsbFix.lnk
    Supprimé : C:UsersBougrineDesktopUsbFix_Report.txt
    Supprimé : C:UsersBougrineDesktopZHPDiag.lnk
    Supprimé : C:UsersBougrineDesktopZHPDiag.txt
    Supprimé : C:UsersBougrineDesktopZHPFix.lnk
    Supprimée : HKCUSoftwareUSBFix
    Supprimée : HKLMSOFTWAREOldTimer Tools
    Supprimée : HKLMSOFTWAREAdwCleaner
    Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallUSBFix
    Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallZHPDiag_is1

    ########## – EOF – ##########[/spoiler:rysoz2d4]
    :merci2:

  • seneque55
    Post count: 0
    BBc

    [spoiler:15z3ywjj]############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 08:42:33 | 23/07/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 461 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32csrss.exe (ID: 360|ParentID: 352|Système)
    C:WindowsSystem32wininit.exe (ID: 396|ParentID: 352|Système)
    C:WindowsSystem32csrss.exe (ID: 408|ParentID: 388|Système)
    C:WindowsSystem32winlogon.exe (ID: 448|ParentID: 388|Système)
    C:WindowsSystem32services.exe (ID: 476|ParentID: 396|Système)
    C:WindowsSystem32lsass.exe (ID: 508|ParentID: 396|Système)
    C:WindowsSystem32lsm.exe (ID: 516|ParentID: 396|Système)
    C:WindowsSystem32svchost.exe (ID: 616|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 688|ParentID: 476|SERVICE RÉSEAU)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 740|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 884|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 932|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 972|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 1004|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 1320|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 1424|ParentID: 476|SERVICE LOCAL)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1860|ParentID: 476|Système)
    C:WindowsSystem32svchost.exe (ID: 2112|ParentID: 476|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 3212|ParentID: 476|SERVICE LOCAL)
    C:WindowsSystem32dwm.exe (ID: 2812|ParentID: 932|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 2312|ParentID: 476|Système)
    C:WindowsSystem32dllhost.exe (ID: 3912|ParentID: 616|Bougrine)
    C:WindowsSystem32rundll32.exe (ID: 2448|ParentID: 616|Bougrine)
    C:Windowsexplorer.exe (ID: 2452|ParentID: 2108|Bougrine)
    C:WindowsSystem32SearchIndexer.exe (ID: 6092|ParentID: 476|Système)
    C:WindowsSystem32WUDFHost.exe (ID: 5672|ParentID: 932|SERVICE LOCAL)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2612|ParentID: 2452|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 4456|ParentID: 2612|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 3780|ParentID: 2612|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2088|ParentID: 2612|Bougrine)
    C:WindowsSystem32audiodg.exe (ID: 5784|ParentID: 884|SERVICE LOCAL)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 4772|ParentID: 616|Bougrine)
    C:UsbFixUsbFix.exe (ID: 5628|ParentID: 4720|Bougrine)
    C:WindowsSystem32SearchProtocolHost.exe (ID: 5396|ParentID: 6092|Système)
    C:WindowsSystem32SearchFilterHost.exe (ID: 3740|ParentID: 6092|Système)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! A:ert.dll

    ################## | Registre |

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:15z3ywjj]
    [spoiler:15z3ywjj]############################## | UsbFix V 7.176 | [Nettoyage]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 08:48:40 | 23/07/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 486 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    ################## | Processus Stoppés |

    C:WindowsSystem32rundll32.exe (ID: 2448|ParentID: 616|Bougrine)
    C:Windowsexplorer.exe (ID: 2452|ParentID: 2108|Bougrine)
    C:WindowsSystem32SearchIndexer.exe (ID: 6092|ParentID: 476|Système)
    C:WindowsSystem32WUDFHost.exe (ID: 5672|ParentID: 932|SERVICE LOCAL)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2612|ParentID: 2452|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2088|ParentID: 2612|Bougrine)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 4772|ParentID: 616|Bougrine)

    ################## | Autorun |

    ################## | Recherche générique |

    Non supprimé ! A:ert.dll

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | A: – Disque USB (FAT) |

    [30/09/2003 – 14:52:32 | N | 936 Ko] – A:USB Disk Pro v2.0.pdf
    [12/08/2008 – 14:48:34 | N | 67 Ko] – A:Y7YQ6J[1].pdf
    [02/03/2011 – 11:06:56 | N | 3 Ko] – A:folder.htt
    [31/10/2003 – 18:13:42 | N | 64 Ko | SHA1: 45C6A7889165A634D6140B65D757755C0ADCAE40] – A:UDPv24.exe
    [06/08/2012 – 17:46:44 | N | 0 Ko] – A:ert.dll

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [23/07/2014 – 08:34:44 | N | 1 Ko] – C:DelFix.txt
    [20/07/2014 – 16:39:47 | D] – C:kleaner.tmp
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:MSDOS.SYS
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:IO.SYS
    [10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
    [23/07/2014 – 05:14:39 | ASH | 982696 Ko] – C:hiberfil.sys
    [23/07/2014 – 05:14:41 | ASH | 1310264 Ko] – C:pagefile.sys
    [08/07/2012 – 13:28:36 | N | 0 Ko] – C:Boot.ini.saved
    [17/06/2005 – 19:37:27 | N | 1 Ko] – C:IPH.PH
    [23/07/2014 – 05:41:13 | D] – C:Config.Msi
    [23/07/2014 – 05:13:50 | N | 3 Ko] – C:bootsqm.dat
    [05/08/2004 – 13:00:00 | N | 46 Ko | VirusTotal – (0/53)] – C:NTDETECT.COM
    [05/08/2004 – 13:00:00 | N | 5 Ko] – C:Bootfont.bin
    [08/06/2014 – 11:08:43 | SHD] – C:$Recycle.Bin
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [17/06/2005 – 20:05:15 | N | 0 Ko] – C:Boot.BAK
    [08/07/2012 – 13:28:38 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [05/08/2004 – 13:00:00 | N | 257 Ko] – C:cmldr
    [05/08/2004 – 13:00:00 | RASH | 246 Ko] – C:ntldr
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
    [20/06/2012 – 15:58:58 | D] – C:APPS
    [20/06/2012 – 15:58:58 | D] – C:My Music
    [20/06/2012 – 15:58:59 | SHD] – C:RECYCLER
    [20/06/2012 – 16:00:26 | D] – C:cmdcons
    [20/06/2012 – 16:00:33 | D] – C:DIVTOOLS
    [20/06/2012 – 16:01:16 | D] – C:mysql
    [20/06/2012 – 16:01:19 | D] – C:OEMCUST
    [20/06/2012 – 16:01:26 | D] – C:PNP
    [08/07/2012 – 12:42:57 | SHD] – C:Recovery
    [08/08/2012 – 07:46:11 | SHD] – C:Boot
    [07/09/2012 – 19:22:36 | RHD] – C:MSOCache
    [09/10/2012 – 08:59:55 | N | 199 Ko] – C:grldr
    [09/10/2012 – 09:01:03 | N | 0 Ko] – C:win7ldr
    [16/05/2013 – 10:38:41 | D] – C:312101e980c0342f4045
    [29/05/2013 – 11:57:19 | D] – C:DRIVERS
    [22/07/2013 – 13:46:23 | D] – C:9d591f6e4d705c52fc618d32016b
    [30/07/2013 – 15:36:25 | D] – C:Diccionario Lengua Española
    [28/11/2013 – 22:44:54 | D] – C:DriverPack Solution
    [08/06/2014 – 11:08:15 | D] – C:Users
    [20/07/2014 – 17:38:19 | D] – C:Temp
    [21/07/2014 – 21:57:02 | D] – C:Log
    [22/07/2014 – 10:44:46 | SHD] – C:System Volume Information
    [22/07/2014 – 11:55:51 | HD] – C:ProgramData
    [23/07/2014 – 05:37:47 | D] – C:Windows
    [23/07/2014 – 08:34:44 | D] – C:Program Files
    [23/07/2014 – 08:42:24 | D] – C:UsbFix

    ################## | G: – Disque USB (FAT) |

    [03/07/2014 – 17:08:52 | N | 1130 Ko] – G:STKRONOS-S6.pdf
    [04/07/2014 – 09:25:22 | N | 3623 Ko] – G:EBW_EXCOM_hybrid_2_5_GB_mail.pdf
    [18/07/2008 – 15:39:44 | N | 2341 Ko] – G:joe dassin – et si tu n'existe pas.mp3
    [26/07/2012 – 19:13:22 | N | 2756 Ko] – G:Je reviendrai vers toi – YouTube.mp3
    [02/08/2012 – 18:19:50 | N | 3107 Ko] – G:MICHEL FUGAIN une belle histoire – YouTube.mp3
    [02/08/2012 – 18:20:14 | N | 2711 Ko] – G:le petit ane gris.mp3
    [10/08/2012 – 13:24:40 | N | 2 Ko] – G:BOOTEX.LOG
    [02/08/2012 – 18:07:34 | N | 3491 Ko] – G:MICHEL FUGAIN une belle histoire – YouTube.FLV
    [02/08/2012 – 18:12:36 | N | 11519 Ko] – G:le petit ane gris.FLV
    [03/08/2012 – 16:24:50 | N | 12 Ko] – G:Paroles.docx
    [22/04/2013 – 18:14:02 | N | 11 Ko] – G:ATTESTATION DE SALAIRE.docx
    [27/07/2013 – 10:39:50 | N | 11 Ko] – G:Frais de réparation.docx
    [24/11/2013 – 14:14:42 | N | 11 Ko] – G:Attestation de Travai1.docx
    [13/02/2014 – 17:57:12 | N | 11 Ko] – G:Abgehaun.docx
    [03/07/2014 – 09:58:36 | N | 14 Ko] – G:ATTESTATION DE DOMICILIATION.docx
    [04/07/2014 – 09:47:06 | D] – G:FOUND.001
    [20/07/2012 – 21:39:26 | D] – G:FOUND.000
    [03/08/2012 – 11:51:40 | RSHD] – G:RECYCLER
    [19/02/2013 – 17:37:16 | D] – G:goethe

    ################## | Vaccin |

    A:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:15z3ywjj]

  • Anonyme
    Post count: 1400

    re

    je vois que tu as retéléchargé usbfix et que tu as fait 1 scan en mode recherche et en mode nettoyage

    tu branches cette clé >> A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT

    puis tu vas faire analyser ce fichier sur virus total >> A:ert.dll et tu me posteras le lien du résultat dans ta prochaine réponse

    :merci2:

  • seneque5
    Participant
    Post count: 12

    Re bonjour
    étant connecté je ne trouve pas la discussion de ce matin seneque55 en l’occurrence moi meme.
    encore mon pc me demande de formater chaque clé connectée :merci2:

  • Anonyme
    Post count: 1400

    re

    Re bonjour
    étant connecté je ne trouve pas la discussion de ce matin seneque55 en l’occurrence moi meme.
    encore mon pc me demande de formater chaque clé connectée :merci2:

    maintenant tu es connecté ;) et tu devrais voir l’entièreté du topic

    regarde et exécute la manip de mon message de 23 Juil 2014 11:25

    :merci2:

  • seneque5
    Participant
    Post count: 12
  • Anonyme
    Post count: 1400

    re

    c’est le rapport d’1 vieille analyse >> [glow=red:dapm5pfd]Analysis date: 2010-05-10 11:05:23 UTC ( 4 years, 2 months ago )[/glow:dapm5pfd]

    je voudrais le rapport de l’analyse de ton fichier

    :merci2:

  • seneque5
    Participant
    Post count: 12

    Il refuse , ce ert.dll d’etre analysé. impossible. je l’ai supprimé!!!! que dites vous?
    merci

  • Anonyme
    Post count: 1400

    re

    Il refuse , ce ert.dll d’etre analysé. impossible. je l’ai supprimé!!!! que dites vous?
    merci

    tu as eu 1 message d’erreur quand tu as tenté de le faire analyser :interro:

    comme tu l’as supprimé, je ne vois pas ce que je peux dire du fait que je ne sais pas si le fichier/DLL était où n’était pas infecté :what:

    refait moi 1 scan en mode “recherche” en branchant uniquement cette clé et poste le rapport s’il te plaît >>
    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT

    :merci2:

  • seneque5
    Participant
    Post count: 12

    voilà, je l’ai supprimé puis il revient comme le phénix.
    excusez moi de vous avoir perdre votre temps deux de mes clés ne s’ouvrent plus ainsi que la sd de Nintendo de ma fille.

  • seneque5
    Participant
    Post count: 12

    ce A:/ est peut etre virtuel car quand je branche chaque clé seul ne figure pas, il ne sort que quand toute les clés branchées

  • seneque5
    Participant
    Post count: 12

    ce qui est etonnant c’est que quand je l’ouvre y a une extension ert.dll, des fichiers acrobat et d’autres :merci2:

  • seneque5
    Participant
    Post count: 12

    je vous souhaite une excellente journée cher monsieur et merci beaucoup. laissez moi si possible des notes.

  • Anonyme
    Post count: 1400

    re

    tu ne lis pas ce que j’écris :(

    dans ce message par seneque5 » 23 Juil 2014 12:51 tu me dis ceci

    Il refuse , ce ert.dll d’etre analysé. impossible. je l’ai supprimé!!!! que dites vous?
    merci

    et dans ce message par seneque5 » 23 Juil 2014 13:12

    voilà, je l’ai supprimé puis il revient comme le phénix.

    et je t’ai posé cette question par billmaxime » 23 Juil 2014 12:58

    tu as eu 1 message d’erreur quand tu as tenté de le faire analyser :interro:

    à laquelle tu n’as pas répondu, et ensuite, je t’ai demandé d’exécuter cette manipulation que tu n’as pas faite

    refait moi 1 scan en mode “recherche” en branchant uniquement cette clé et poste le rapport s’il te plaît >>
    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT

    si tu essayes de mettre la charrue avant les boeufs, le champ ne sera jamais labouré :P:

    retente le scan sur virus total et dit moi si ça fonctionne

    :merci2:

  • seneque5
    Participant
    Post count: 12
    BBc

    [spoiler:7obvpom3]############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 13:02:09 | 23/07/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 614 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32wininit.exe (ID: 388|ParentID: 332)
    C:WindowsSystem32winlogon.exe (ID: 440|ParentID: 380)
    C:WindowsSystem32services.exe (ID: 468|ParentID: 388)
    C:WindowsSystem32lsass.exe (ID: 480|ParentID: 388)
    C:WindowsSystem32lsm.exe (ID: 488|ParentID: 388)
    C:WindowsSystem32svchost.exe (ID: 604|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 676|ParentID: 468)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 728|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 868|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 920|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 960|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 996|ParentID: 468)
    C:WindowsSystem32audiodg.exe (ID: 1060|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 1232|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 1328|ParentID: 468)
    C:WindowsSystem32spoolsv.exe (ID: 1388|ParentID: 468)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1572|ParentID: 468)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 1620|ParentID: 468)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1748|ParentID: 468)
    C:WindowsSystem32mqsvc.exe (ID: 1884|ParentID: 468)
    C:WindowsSystem32slserv.exe (ID: 1960|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 2016|ParentID: 468)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 356|ParentID: 468)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 1252|ParentID: 356)
    C:WindowsSystem32taskhost.exe (ID: 2060|ParentID: 468|Bougrine)
    C:WindowsSystem32dwm.exe (ID: 2172|ParentID: 920|Bougrine)
    C:Windowsexplorer.exe (ID: 2184|ParentID: 2156|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2460|ParentID: 1748|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 2512|ParentID: 468)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 2788|ParentID: 2184|Bougrine)
    C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 2960|ParentID: 2184|Bougrine)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2980|ParentID: 2184|Bougrine)
    C:Program FilesSamsungKiesKies.exe (ID: 3040|ParentID: 2184|Bougrine)
    C:Program FilesSamsungKiesKiesAirMessage.exe (ID: 3048|ParentID: 2184|Bougrine)
    C:WindowsSystem32SearchIndexer.exe (ID: 3148|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 3244|ParentID: 468)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1908|ParentID: 468)
    C:WindowsSystem32svchost.exe (ID: 3312|ParentID: 468)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2920|ParentID: 2184|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 276|ParentID: 2920|Bougrine)
    C:WindowsSystem32MacromedFlashFlashUtil32_14_0_0_145_ActiveX.exe (ID: 3660|ParentID: 604|Bougrine)
    C:UsbFixUsbFix.exe (ID: 2412|ParentID: 2184|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    ################## | Registre |

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:7obvpom3]

  • Anonyme
    Post count: 1400

    re

    c’est bon, le fichier n’est plus présent ;)

    maintenant, branche les clés qui n’ont pas encore été scannées et fait 1 scan en mode “nettoyage” puis poste le rapport s’il te plaît

    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    :merci2:

  • seneque5
    Participant
    Post count: 12
    BBc

    [spoiler:36uyqjn7]############################## | UsbFix V 7.176 | [Nettoyage]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 13:06:14 | 23/07/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 601 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    A: -> Disque amovible # 1 Mo (0 Mo libre(s) – 25%) [] # FAT
    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    G: -> Disque amovible # 122 Mo (74 Mo libre(s) – 60%) [INES] # FAT

    ################## | Processus Stoppés |

    C:WindowsSystem32spoolsv.exe (ID: 1388|ParentID: 468|Système)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1572|ParentID: 468|Système)
    C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 1620|ParentID: 468|Système)
    C:WindowsSystem32mqsvc.exe (ID: 1884|ParentID: 468|SERVICE RÉSEAU)
    C:WindowsSystem32slserv.exe (ID: 1960|ParentID: 468|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 356|ParentID: 468|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 1252|ParentID: 356|Système)
    C:WindowsSystem32taskhost.exe (ID: 2060|ParentID: 468|Bougrine)
    C:Windowsexplorer.exe (ID: 2184|ParentID: 2156|Bougrine)
    C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2460|ParentID: 1748|Bougrine)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 2788|ParentID: 2184|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 2864|ParentID: 920|SERVICE LOCAL)
    C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 2960|ParentID: 2184|Bougrine)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2980|ParentID: 2184|Bougrine)
    C:Program FilesSamsungKiesKies.exe (ID: 3040|ParentID: 2184|Bougrine)
    C:Program FilesSamsungKiesKiesAirMessage.exe (ID: 3048|ParentID: 2184|Bougrine)
    C:WindowsSystem32SearchIndexer.exe (ID: 3148|ParentID: 468|Système)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1908|ParentID: 468|SERVICE RÉSEAU)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2920|ParentID: 2184|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 276|ParentID: 2920|Bougrine)
    C:WindowsSystem32MacromedFlashFlashUtil32_14_0_0_145_ActiveX.exe (ID: 3660|ParentID: 604|Bougrine)
    C:WindowsSystem32SearchFilterHost.exe (ID: 2476|ParentID: 3148|Système)
    C:WindowsSystem32SearchProtocolHost.exe (ID: 2164|ParentID: 3148|Bougrine)
    C:WindowsSystem32taskeng.exe (ID: 3572|ParentID: 996|Bougrine)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 1016|ParentID: 604|Bougrine)

    ################## | Autorun |

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | A: – Disque USB (FAT) |

    [30/09/2003 – 14:52:32 | N | 936 Ko] – A:USB Disk Pro v2.0.pdf
    [12/08/2008 – 14:48:34 | N | 67 Ko] – A:Y7YQ6J[1].pdf
    [02/03/2011 – 11:06:56 | N | 3 Ko] – A:folder.htt
    [31/10/2003 – 18:13:42 | N | 64 Ko | SHA1: 45C6A7889165A634D6140B65D757755C0ADCAE40] – A:UDPv24.exe

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [23/07/2014 – 08:34:44 | N | 1 Ko] – C:DelFix.txt
    [20/07/2014 – 16:39:47 | D] – C:kleaner.tmp
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:MSDOS.SYS
    [17/06/2005 – 19:33:58 | RASH | 0 Ko] – C:IO.SYS
    [10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
    [23/07/2014 – 12:48:57 | ASH | 982696 Ko] – C:hiberfil.sys
    [23/07/2014 – 12:49:03 | ASH | 1310264 Ko] – C:pagefile.sys
    [08/07/2012 – 13:28:36 | N | 0 Ko] – C:Boot.ini.saved
    [17/06/2005 – 19:37:27 | N | 1 Ko] – C:IPH.PH
    [23/07/2014 – 05:41:13 | D] – C:Config.Msi
    [23/07/2014 – 05:13:50 | N | 3 Ko] – C:bootsqm.dat
    [05/08/2004 – 13:00:00 | N | 46 Ko | SHA1: 6CAAFF4D8A162BB1080036CE1A6D023AECDA36C3] – C:NTDETECT.COM
    [05/08/2004 – 13:00:00 | N | 5 Ko] – C:Bootfont.bin
    [08/06/2014 – 11:08:43 | SHD] – C:$Recycle.Bin
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [17/06/2005 – 20:05:15 | N | 0 Ko] – C:Boot.BAK
    [08/07/2012 – 13:28:38 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [05/08/2004 – 13:00:00 | N | 257 Ko] – C:cmldr
    [05/08/2004 – 13:00:00 | RASH | 246 Ko] – C:ntldr
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
    [20/06/2012 – 15:58:58 | D] – C:APPS
    [20/06/2012 – 15:58:58 | D] – C:My Music
    [20/06/2012 – 15:58:59 | SHD] – C:RECYCLER
    [20/06/2012 – 16:00:26 | D] – C:cmdcons
    [20/06/2012 – 16:00:33 | D] – C:DIVTOOLS
    [20/06/2012 – 16:01:16 | D] – C:mysql
    [20/06/2012 – 16:01:19 | D] – C:OEMCUST
    [20/06/2012 – 16:01:26 | D] – C:PNP
    [08/07/2012 – 12:42:57 | SHD] – C:Recovery
    [08/08/2012 – 07:46:11 | SHD] – C:Boot
    [07/09/2012 – 19:22:36 | RHD] – C:MSOCache
    [09/10/2012 – 08:59:55 | N | 199 Ko] – C:grldr
    [09/10/2012 – 09:01:03 | N | 0 Ko] – C:win7ldr
    [16/05/2013 – 10:38:41 | D] – C:312101e980c0342f4045
    [29/05/2013 – 11:57:19 | D] – C:DRIVERS
    [22/07/2013 – 13:46:23 | D] – C:9d591f6e4d705c52fc618d32016b
    [30/07/2013 – 15:36:25 | D] – C:Diccionario Lengua Española
    [28/11/2013 – 22:44:54 | D] – C:DriverPack Solution
    [08/06/2014 – 11:08:15 | D] – C:Users
    [20/07/2014 – 17:38:19 | D] – C:Temp
    [21/07/2014 – 21:57:02 | D] – C:Log
    [22/07/2014 – 10:44:46 | SHD] – C:System Volume Information
    [22/07/2014 – 11:55:51 | HD] – C:ProgramData
    [23/07/2014 – 05:37:47 | D] – C:Windows
    [23/07/2014 – 08:34:44 | D] – C:Program Files
    [23/07/2014 – 13:02:01 | D] – C:UsbFix

    ################## | G: – Disque USB (FAT) |

    [03/07/2014 – 17:08:52 | N | 1130 Ko] – G:STKRONOS-S6.pdf
    [04/07/2014 – 09:25:22 | N | 3623 Ko] – G:EBW_EXCOM_hybrid_2_5_GB_mail.pdf
    [18/07/2008 – 15:39:44 | N | 2341 Ko] – G:joe dassin – et si tu n'existe pas.mp3
    [26/07/2012 – 19:13:22 | N | 2756 Ko] – G:Je reviendrai vers toi – YouTube.mp3
    [02/08/2012 – 18:19:50 | N | 3107 Ko] – G:MICHEL FUGAIN une belle histoire – YouTube.mp3
    [02/08/2012 – 18:20:14 | N | 2711 Ko] – G:le petit ane gris.mp3
    [10/08/2012 – 13:24:40 | N | 2 Ko] – G:BOOTEX.LOG
    [02/08/2012 – 18:07:34 | N | 3491 Ko] – G:MICHEL FUGAIN une belle histoire – YouTube.FLV
    [02/08/2012 – 18:12:36 | N | 11519 Ko] – G:le petit ane gris.FLV
    [03/08/2012 – 16:24:50 | N | 12 Ko] – G:Paroles.docx
    [22/04/2013 – 18:14:02 | N | 11 Ko] – G:ATTESTATION DE SALAIRE.docx
    [27/07/2013 – 10:39:50 | N | 11 Ko] – G:Frais de réparation.docx
    [24/11/2013 – 14:14:42 | N | 11 Ko] – G:Attestation de Travai1.docx
    [13/02/2014 – 17:57:12 | N | 11 Ko] – G:Abgehaun.docx
    [03/07/2014 – 09:58:36 | N | 14 Ko] – G:ATTESTATION DE DOMICILIATION.docx
    [04/07/2014 – 09:47:06 | D] – G:FOUND.001
    [20/07/2012 – 21:39:26 | D] – G:FOUND.000
    [03/08/2012 – 11:51:40 | RSHD] – G:RECYCLER
    [19/02/2013 – 17:37:16 | D] – G:goethe

    ################## | Vaccin |

    A:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:36uyqjn7] :merci2:

  • Anonyme
    Post count: 1400

    re

    ça c’est le rapport avec les clés qui sont désinfectées (met les de coté et va chercher et branche les clés qui n’ont pas encore été scannée)

    ensuite, fait 1 scan en mode “nettoyage” avec ces clés de branchées et poste le rapport s’il te plaît

    :merci2:

  • seneque5
    Participant
    Post count: 12

    elle sont ttes branchées et figurent mais restent fermées et win me demande des les formater :merci2:

  • seneque5
    Participant
    Post count: 12

    après formatage et perte de données

    BBc

    [spoiler:3qtc87sp]############################## | UsbFix V 7.176 | [Recherche]

    Utilisateur: Bougrine (Administrateur) # BOUGRINE-PC
    Mis à jour le 18/07/2014 par El Desaparecido – SosVirus
    Lancé à 13:34:44 | 23/07/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    CPU: Mobile AMD Sempron(tm) Processor 3000+
    RAM -> [Total : 1280 Mo | Free : 653 Mo]
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428

    ################## | Security Information |

    AV: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Microsoft Security Essentials [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 1.0.0.532
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 52 Go (15 Go libre(s) – 29%) [HDD] # NTFS
    E: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32
    F: -> Disque amovible # 2 Go (2 Go libre(s) – 100%) [] # FAT

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 260|ParentID: 4|Système)
    C:WindowsSystem32csrss.exe (ID: 340|ParentID: 332|Système)
    C:WindowsSystem32wininit.exe (ID: 388|ParentID: 332|Système)
    C:WindowsSystem32csrss.exe (ID: 400|ParentID: 380|Système)
    C:WindowsSystem32winlogon.exe (ID: 440|ParentID: 380|Système)
    C:WindowsSystem32services.exe (ID: 468|ParentID: 388|Système)
    C:WindowsSystem32lsass.exe (ID: 480|ParentID: 388|Système)
    C:WindowsSystem32lsm.exe (ID: 488|ParentID: 388|Système)
    C:WindowsSystem32svchost.exe (ID: 604|ParentID: 468|Système)
    C:WindowsSystem32svchost.exe (ID: 676|ParentID: 468|SERVICE RÉSEAU)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 728|ParentID: 468|Système)
    C:WindowsSystem32svchost.exe (ID: 868|ParentID: 468|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 920|ParentID: 468|Système)
    C:WindowsSystem32svchost.exe (ID: 960|ParentID: 468|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 996|ParentID: 468|Système)
    C:WindowsSystem32svchost.exe (ID: 1232|ParentID: 468|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 1328|ParentID: 468|SERVICE LOCAL)
    C:Program FilesMalwarebytes Anti-Malwarembamservice.exe (ID: 1748|ParentID: 468|Système)
    C:WindowsSystem32svchost.exe (ID: 2016|ParentID: 468|SERVICE LOCAL)
    C:WindowsSystem32dwm.exe (ID: 2172|ParentID: 920|Bougrine)
    C:WindowsSystem32svchost.exe (ID: 2512|ParentID: 468|SERVICE RÉSEAU)
    C:WindowsSystem32svchost.exe (ID: 3244|ParentID: 468|SERVICE LOCAL)
    C:WindowsSystem32svchost.exe (ID: 3312|ParentID: 468|Système)
    C:WindowsSystem32rundll32.exe (ID: 772|ParentID: 604|Bougrine)
    C:WindowsSystem32WUDFHost.exe (ID: 3628|ParentID: 920|SERVICE LOCAL)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE (ID: 4016|ParentID: 468|Système)
    C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE (ID: 2288|ParentID: 4016|Système)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 344|ParentID: 468|SERVICE RÉSEAU)
    C:WindowsSystem32SearchIndexer.exe (ID: 1652|ParentID: 468|Système)
    C:WindowsSystem32spoolsv.exe (ID: 1620|ParentID: 468|Système)
    C:Windowsexplorer.exe (ID: 3016|ParentID: 3904|Bougrine)
    C:WindowsSystem32mqsvc.exe (ID: 2460|ParentID: 468|SERVICE RÉSEAU)
    C:Program FilesInternet Exploreriexplore.exe (ID: 2980|ParentID: 3016|Bougrine)
    C:WindowsSystem32dllhost.exe (ID: 3488|ParentID: 604|Bougrine)
    C:Program FilesInternet Exploreriexplore.exe (ID: 3060|ParentID: 2980|Bougrine)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 2500|ParentID: 604|Bougrine)
    C:WindowsSystem32audiodg.exe (ID: 3484|ParentID: 868|SERVICE LOCAL)
    C:WindowsSystem32wbemWmiPrvSE.exe (ID: 3596|ParentID: 604|SERVICE RÉSEAU)
    C:WindowsSystem32sppsvc.exe (ID: 2600|ParentID: 468|SERVICE RÉSEAU)
    C:UsbFixUsbFix.exe (ID: 1412|ParentID: 3016|Bougrine)
    C:WindowsSystem32dllhost.exe (ID: 1404|ParentID: 604|Bougrine)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [MSC] “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKLM..RunOnce : [Malwarebytes Anti-Malware (cleanup)] “C:ProgramDataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe” “C:ProgramDataMalwarebytesMalwarebytes Anti-Malware”
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesPreload] C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3743128526-456646245-3591239297-1000..Run : [KiesAirMessage] C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    ################## | Registre |

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:3qtc87sp]

  • Anonyme
    Post count: 1400

    re

    après formatage et perte de données

    c’est radical, mais maintenant tes clés sont “propres”

    dit moi si tu as encore des soucis

    :merci2:

  • seneque5
    Participant
    Post count: 12

    Oui merci à vous et à toute votre équipe :bravo1: chapeau .
    considérons l’affaire close alors!
    au prochain branchement des clés je vais voir.
    En fait, y a t-il une explication à ce casse tte chinois?
    merci et :merci2:

  • Anonyme
    Post count: 1400

    re

    En fait, y a t-il une explication à ce casse tte chinois?

    oui, windows n’est pas maintenu a jour (mises a jour via windows update du panneau de configuration)

    tu as(où quelqu’un d’autre) téléchargé sur des sites douteux (01net, softonic,tuto 4pc) par exemple

    lors de téléchargements, tu n’as pas décoché le(s) programme(s) additionnel(s)

    perso, je te conseille encore de faire ceci et de poster le rapport pour voir si tout est ok sur ton pc

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

  • Anonyme
    Post count: 1400

    [norephelpe:33g2k78r][/norephelpe:33g2k78r]

Le sujet ‘Mon pc endommage mes clés usb, mes fichiers sont transformés en raccourcis’ est fermé à de nouvelles réponses.