Virus survival.vbe 2014-05-08T23:32:44+00:00
  • Auteur
    Messages
  • jordan44
    Participant
    Nombre d'articles : 2

    Bonjour,

    J’ai attrapé le virus des clés USB, j’ai fais des scan de ZHPDiag et USBFix. Je pense que le virus est supprimer mais les fichiers infectés restent en raccourci.

    Quelqu’un peut-il m’aider?

    Merci d’avance 🙂

    Rapport de ZHPDiag
    [spoiler:evh8k1ea]~ Rapport de ZHPDiag v2014.5.8.57 – Nicolas Coolman (08/05/2014)
    ~ Lancé par yvon dalibert (09/05/2014 00:31:48)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702
    GCIE: Google Chrome v34.0.1847.131 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : KO

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2016
    Malwarebytes Anti-Malware version 2.0.1.1004

    —\ Logiciels d'optimisation du système
    CCleaner v4.12

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9 – Français

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1014 MB (17% free)
    System Restore: Activé (Enable)
    System drive C: has 106 GB (71%) free of 149 GB

    —\ Mode de connexion au système
    ~ Computer Name: NINI
    ~ User Name: yvon dalibert
    ~ All Users Names: yvon dalibert, SUPPORT_388945a0, HelpAssistant, annie dalibert, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and Settingsyvon dalibertApplication DataZHP
    ~ %AppData% : C:Documents and Settingsyvon dalibertApplication Data
    ~ %Desktop% : C:Documents and Settingsyvon dalibertBureau
    ~ %Favorites% : C:Documents and Settingsyvon dalibertFavoris
    ~ %LocalAppData% : C:Documents and Settingsyvon dalibertLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and Settingsyvon dalibertMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 106 Go of 149 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 42 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.E1948B1F45A176FB4A0251446A5AE86D] – (.Microsoft Corporation – Internet Extensions for Win32.) (.06/03/2014 – 18:58:52.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d'ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.14/04/2008 – 00:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.14/04/2008 – 08:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.14/04/2008 – 00:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 19:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/51
    ~ Mes musiques (My Musics) : 1/365
    ~ Mes Favoris (My Favorites) : 1/41
    ~ Mes Documents (My Documents) : 2/864
    ~ Mon Bureau (My Desktop) : 0/6
    ~ Menu demarrer (Programs) : 1/23
    ~ Hidden Files: Scanned in 00mn 02s

    —\ Processus lancés
    [MD5.01FAE7E8176472FE359E86AB4FD039A9] – (…) — C:WINDOWSSystem32WLTRYSVC.exe [24576] [PID.1672]
    [MD5.C7F30BB20487765460865AEF466933EA] – (.Dell Inc. – Dell Wireless WLAN Card Wireless Network Co.) — C:WINDOWSSystem32bcmwltry.exe [2039808] [PID.1704]
    [MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1724]
    [MD5.A5299D04ED225D64CF07A568A3E1BF8C] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe [55184] [PID.200]
    [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.288]
    [MD5.D87ACAED61E417BBA546CED5E7E36D9C] – (.Microsoft Corporation – .NET Runtime Optimization Service.) — C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [69632] [PID.404]
    [MD5.09417134F248DFCEEA15C72BCC87F592] – (.Sun Microsystems, Inc. – Java(TM) Quick Starter Service.) — C:Program FilesJavajre6binjqs.exe [153376] [PID.1400]
    [MD5.BEFF149A82F78B648046108EB9D28893] – (.IObit – Product Updater.) — C:Program FilesIObitLiveUpdateLiveUpdate.exe [2151200] [PID.1420]
    [MD5.777115C9CC675BD98127660712D2F784] – (.SupportSoft, Inc. – SupportSoft Agent Service.) — C:Program FilesDell Support Centerbinsprtsvc.exe [201968] [PID.604]
    [MD5.49501C6BE752D5043ADA8667AC774F7A] – (.Microsoft Corporation – Windows User Mode Driver Manager.) — C:WINDOWSsystem32wdfmgr.exe [38912] [PID.216]
    [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.3284]
    [MD5.BB1F9614D427716D0D9E9FEFC34CC9A4] – (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [1434920] [PID.2888]
    [MD5.23245198778946CBFD3E0C818EF09361] – (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe [17529856] [PID.668]
    [MD5.9F6B6D0BE4F77F8693E9FD15D81C8A01] – (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe [141848] [PID.4092]
    [MD5.4C53C44E7C20E65445037954DC3A6BA4] – (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe [166424] [PID.428]
    [MD5.D8F3B455D3FA4B40C9BF544F55647C19] – (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe [137752] [PID.464]
    [MD5.F56197D5CBDCC6A87C242DC8B8EEEE34] – (.Intel Corporation – igfxsrvc Module.) — C:WINDOWSsystem32igfxsrvc.exe [256536] [PID.860]
    [MD5.EF2E4B7BFC144119FAFE5F5329A2D59D] – (.Creative Technology Ltd. – Creative Monitoring application.) — C:WINDOWSOA012Mon.exe [24576] [PID.2392]
    [MD5.5E4C9C25D603AE46DEDCBD9674F86E21] – (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjusched.exe [149280] [PID.2428]
    [MD5.1818A2CD223603911970E667A5EACC9C] – (.Dell Inc. – Dell Wireless WLAN Card Wireless Network Tr.) — C:WINDOWSsystem32WLTRAY.exe [2289664] [PID.2460]
    [MD5.59ED06CB3DDB7E0D2265D49A20F6367D] – (.Dell – WSED.) — C:Program FilesWSEDWSED.exe [247080] [PID.3000]
    [MD5.DC42D2FBE2922691E8AB5E7EAAE57E78] – (.Dell – Pas de description.) — C:Program FilesBattery MeterBTMeter.exe [623984] [PID.2348]
    [MD5.2A223D4F77DE26E4DB8B41B5BB1A702B] – (.Compal Electronics, Inc – CapsLKNotify Application.) — C:Program FilesCapsLKNotifyCapsLKNotify.exe [320808] [PID.3464]
    [MD5.00D1FB0073B4A8BD2989EA8FF4CC792B] – (.SupportSoft, Inc. – Dell Support Center Updates.) — C:Program FilesDell Support Centerbinsprtcmd.exe [206064] [PID.3980]
    [MD5.BE4C00E9BF06C136A1F63856BB7AAC5E] – (.CyberLink Corp. – CyberLink PowerDVD Resident Program.) — C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe [128232] [PID.656]
    [MD5.3E364978E4C74D3BCEA29FB41743CB5A] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3873704] [PID.2220]
    [MD5.D7936ED15F4AEF0FC33F329D0F21ED46] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [151952] [PID.2344]
    [MD5.EF1C51222117B37AFBFF8F4642EA8C62] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [552848] [PID.3544]
    [MD5.542459D16B416D054161007FC9B1246E] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [841032] [PID.3908]
    [MD5.CCD09CA21C1946AF24834512BD9A6FCA] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7873536] [PID.3436]
    ~ Processes Running: Scanned in 00mn 05s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:Documents and Settingsyvon dalibertLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKLM]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [SynTPEnh] . (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Alcmtr] . (.Realtek Semiconductor Corp. – Realtek Azalia Audio – Event Monitor.) — C:WINDOWSALCMTR.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKLM..Run: [OA012Mon] . (.Creative Technology Ltd. – Creative Monitoring application.) — C:WINDOWSOA012Mon.exe
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjusched.exe =>.Oracle Corporation
    O4 – HKLM..Run: [Broadcom Wireless Manager UI] . (.Dell Inc. – Dell Wireless WLAN Card Wireless Network Tr.) — C:WINDOWSsystem32WLTRAY.exe
    O4 – HKLM..Run: [WSED] . (.Dell – WSED.) — C:Program FilesWSEDWSED.exe
    O4 – HKLM..Run: [BTMeter] . (.Dell – Pas de description.) — C:Program FilesBattery MeterBTMeter.exe
    O4 – HKLM..Run: [CapsLKNotify] . (.Compal Electronics, Inc – CapsLKNotify Application.) — C:Program FilesCapsLKNotifyCapsLKNotify.exe
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — c:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Run: [dellsupportcenter] . (.SupportSoft, Inc. – Dell Support Center Updates.) — C:Program FilesDell Support Centerbinsprtcmd.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeqttask.exe
    O4 – HKLM..Run: [PDVDDXSrv] . (.CyberLink Corp. – CyberLink PowerDVD Resident Program.) — C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    O4 – HKUS.DEFAULT..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-2864729764-1779981083-3612934209-1007..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-21-2864729764-1779981083-3612934209-1007..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: Skype add-on for Internet Explorer – {5067A26B-1337-4436-8AFE-EE169C2DA79F} — Clé orpheline
    O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} . (…) — C:Program FilesSkypeToolbarsInternet Explorerfavicon.ico
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} ((no name)) – http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_Win32.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {31435657-9980-0010-8000-00AA00389B71} ((no name)) – http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} ((no name)) – http://www.photoweb.fr/telechargement/telechargement-photoweb-6.5.6.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{043C3DB0-FDBB-47E1-86C1-33A3CAEE2122}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{043C3DB0-FDBB-47E1-86C1-33A3CAEE2122}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{043C3DB0-FDBB-47E1-86C1-33A3CAEE2122}: DhcpNameServer = 109.0.66.10 109.0.66.20
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: GoToAssist . (.Citrix Online, a division of Citrix Systems – Citrix Online GoToAssist.) — C:Program FilesCitrixGoToAssist514G2AWinLogon.dll
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and Settingsyvon dalibertLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and Settingsyvon dalibertLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT: – (..) — C:WINDOWSTasksNotification de fin de service de Microsoft Windows XP – à la connexion.job [238]
    O39 – APT: – (..) — C:WINDOWSTasksNotification de fin de service de Microsoft Windows XP -mensuellement.job [232]
    ~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: CapsLKNotify – (…) [HKLM] — InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}
    O42 – Logiciel: Jauge de batterie – (…) [HKLM] — InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}
    ~ Logic: 15 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareCAPSLKNOTIFY]
    [HKLMSoftwareFunction Keys]
    [HKLMSoftwareShortcut_Module]
    [HKLMSoftwareWSED]
    ~ Key Software: 188 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 09/11/2010 – 21:46:27 – [] —-D C:Program FilesBattery Meter
    O43 – CFD: 09/11/2010 – 21:46:27 – [] —-D C:Program FilesCapsLKNotify
    O43 – CFD: 09/11/2010 – 21:47:02 – [] —-D C:Program FilesFunction Keys
    O43 – CFD: 09/11/2010 – 21:50:51 – [] —-D C:Program FilesWSED
    O43 – CFD: 17/01/2014 – 17:32:03 – [0] —-D C:Documents and SettingsAll UsersApplication DataProductData
    O43 – CFD: 30/10/2009 – 16:31:06 – [] —-D C:Documents and SettingsAll UsersApplication DataWin732
    O43 – CFD: 30/10/2009 – 16:31:06 – [] —-D C:Documents and SettingsAll UsersApplication DataWin764
    O43 – CFD: 30/10/2009 – 16:33:13 – [] —-D C:Documents and SettingsAll UsersApplication DataXP32
    O43 – CFD: 17/01/2014 – 17:30:08 – [0] —-D C:Documents and SettingsAll UsersApplication Data{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    O43 – CFD: 30/10/2009 – 16:31:40 – [] —-D C:Documents and Settingsyvon dalibertMenu DémarrerProgrammesTouches de fonction
    ~ Program Folder: 136 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] – 04/05/2014 – 13:30:40 —A- . (…) — C:WINDOWSsystem32DriversaswHwid.sys [24184]
    O44 – LFC:[MD5.467A5445D94013900DB12D2D7E8E650E] – 04/05/2014 – 16:13:32


    . (…) — C:UsbFix [Clean 2] NINI.txt [10491]
    O44 – LFC:[MD5.D0E16B73EFE76481EFA1F30DD77720BA] – 04/05/2014 – 16:33:11


    . (…) — C:UsbFix [Clean 4] NINI.txt [7575]
    O44 – LFC:[MD5.BC5A9685617A76B1154D0DF1BA079D59] – 04/05/2014 – 18:18:21


    . (…) — C:UsbFix [Clean 6] NINI.txt [7950]
    O44 – LFC:[MD5.A49DB208029E5E4C8B4034642655A0F6] – 04/05/2014 – 18:40:43


    . (…) — C:UsbFix [Clean 8] NINI.txt [6106]
    O44 – LFC:[MD5.D6091C4B80508CE415D944547DD84C03] – 04/05/2014 – 18:46:46


    . (…) — C:UsbFix [Scan 1] NINI.txt [7177]
    O44 – LFC:[MD5.397B45D179008ED4BEF4601F25DF342B] – 04/05/2014 – 19:47:15


    . (…) — C:Shortcut_Module_04_05_2014_20_47_15.txt [29431]
    O44 – LFC:[MD5.042EE58A05F21BEC59F6CE2A068CEDD5] – 04/05/2014 – 22:14:11


    . (…) — C:Shortcut_Module_04_05_2014_23_14_11.txt [14664]
    O44 – LFC:[MD5.450EB71D518A145217B1F5824C24A452] – 05/05/2014 – 19:03:41


    . (…) — C:Shortcut_Module_05_05_2014_20_03_41.txt [14581]
    O44 – LFC:[MD5.F3732F1FB374F9423445F46EF7675CF0] – 05/05/2014 – 19:46:28


    . (…) — C:UsbFix [Scan 2] NINI.txt [7297]
    O44 – LFC:[MD5.F7E93FE11D78B3083509DE5603B8E02D] – 05/05/2014 – 19:52:03 —A- . (…) — C:UsbFix [Clean 10] NINI.txt [8589]
    O44 – LFC:[MD5.AB77BA917BE788B81BEB758E5835572F] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWSFaxSetup.log [6159]
    O44 – LFC:[MD5.4979D9AD2E4480F7CF04FA9F8B85687C] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWScomsetup.log [2032]
    O44 – LFC:[MD5.2F1F74A3EAE651A8B1479CBC32D267F0] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWSiis6.log [958]
    O44 – LFC:[MD5.05C78D45B9D680B3FE8F633A7EC28997] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWSimsins.log [1355]
    O44 – LFC:[MD5.22068008FAE2304C028B548D210F4FF0] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWSmsgsocm.log [309]
    O44 – LFC:[MD5.9399218BC1ECDF115145DE22CFE3AE78] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWSntdtcsetup.log [1229]
    O44 – LFC:[MD5.601220D2C1C3A4F5E0190E2587BA1698] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWSocgen.log [2956]
    O44 – LFC:[MD5.48F7F8C1D0F71DA93DCE29E73E7AF7C4] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWSocmsn.log [342]
    O44 – LFC:[MD5.68057E99F1A9BAC9E4E4293BA1BAAC8A] – 05/05/2014 – 21:02:06 —A- . (…) — C:WINDOWStsoc.log [2360]
    O44 – LFC:[MD5.D3E39DEF8DC273C451AAD05B4CB9A3E1] – 08/05/2014 – 21:48:49 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.6A923D45626BD9DB53D1FC0D8E3B77A0] – 08/05/2014 – 21:48:50 —A- . (…) — C:WINDOWSwiadebug.log [157]
    O44 – LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] – 26/04/2014 – 13:13:20 —A- . (.SQLite Development Team – SQLite Dynamic Link Library (No TCL).) — C:WINDOWSsystem32sqlite3.dll [536576]
    O44 – LFC:[MD5.903D394FA3649294DD47C94D19192105] – 26/04/2014 – 14:07:54 —A- . (…) — C:WINDOWSsystem32TZLog.log [216352]
    ~ Files: 56 Legitimates Filtered in 00mn 30s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    O46 – SEH:ShellExecuteHooks – Windows Desktop Search Namespace Manager – {56F9679E-7826-4C84-81F3-532071A8BCC5} – C:Program FilesWindows Desktop SearchMSNLNamespaceMgr.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    ~ MWPS: 9 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:18/08/2001 – 10:52:00 —A- . (.Advanced System Products, Inc. – AdvanSys SCSI Controller Driver.) — C:WINDOWSsystem32Driversasc.sys [26496]
    O58 – SDL:18/08/2001 – 10:51:58 —A- . (.Advanced System Products, Inc. – AdvanSys Ultra-Wide PCI SCSI Driver.) — C:WINDOWSsystem32Driversasc3550.sys [14848]
    O58 – SDL:04/05/2014 – 13:30:40 —A- . (…) — C:WINDOWSsystem32DriversaswHwid.sys [24184] =>.ALWIL Software
    O58 – SDL:04/05/2014 – 13:30:40 —A- . (…) — C:WINDOWSsystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
    O58 – SDL:04/05/2014 – 13:30:40 —A- . (…) — C:WINDOWSsystem32DriversaswVmm.sys [180632] =>.ALWIL Software
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
    O58 – SDL:05/11/2008 – 02:24:58 —A- . (.Windows (R) Codename Longhorn DDK provider – Embedded System Control.) — C:WINDOWSsystem32DriversEMSC.sys [14248]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
    O58 – SDL:12/11/2012 – 09:31:10 —A- . (.MBB Incorporated – CDROM Filter.) — C:WINDOWSsystem32Driversmassfilter.sys [9216]
    O58 – SDL:18/08/2001 – 10:52:12 —A- . (.American Megatrends Inc. – MegaRAID RAID Controller Driver for Windows Whistler 32.) — C:WINDOWSsystem32Driversmraid35x.sys [17280]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
    O58 – SDL:18/08/2001 – 11:07:34 —A- . (.Symbios Logic Inc. – Symbios Logic Inc. SCSI Miniport Driver.) — C:WINDOWSsystem32Driverssymc810.sys [16256]
    O58 – SDL:18/08/2001 – 10:52:22 —A- . (.Promise Technology, Inc. – Gestionnaire de miniport ULTRA66 de Promise.) — C:WINDOWSsystem32Driversultra.sys [36736]
    O58 – SDL:28/09/2012 – 10:32:56 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WINDOWSsystem32Driversusbaapl.sys [44544]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
    O58 – SDL:14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
    ~ Drivers: 83 Legitimates Filtered in 00mn 04s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 04/05/2014 – 00:33:16 —A- . (…) — C:Documents and Settingsyvon dalibertMes documentsDownloadsShortcut_Module.exe [2559488]
    O61 – LFC: 05/05/2014 – 00:33:11 —A- . (…) — C:Documents and Settingsyvon dalibertBureauShortcut_Module.exe [2559488]
    ~ 148 Fichiers temporaires (Temporary files)
    ~ 4 Fichiers cookies (Cookies files)
    ~ Files: 32 Legitimates Filtered in 00mn 08s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 11/08/2012 – C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe (Apple Mobile Device) .(.Apple Inc. – MobileDeviceService.) – LEGACY_APPLE_MOBILE_DEVICE
    O64 – Services: CurCS – 04/05/2014 – C:WINDOWSsystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    O64 – Services: CurCS – 30/08/2011 – C:Program FilesBonjourmDNSResponder.exe (Bonjour Service) .(.Apple Inc. – Bonjour Service.) – LEGACY_BONJOUR_SERVICE
    O64 – Services: CurCS – 03/06/2009 – C:Program FilesDell Support Centerbinsprtsvc.exe (sprtsvc_DellSupportCenter) .(.SupportSoft, Inc. – SupportSoft Agent Service.) – LEGACY_SPRTSVC_DELLSUPPORTCENTER
    ~ Legacy: 184 Legitimates Filtered in 00mn 01s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: <>[HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – () – http://search.live.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {31CA97F7-4D86-4B7C-A6FE-25584D2EDC50} [DefaultScope] – (Yahoo) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {5758F90B-DC76-449C-B932-9A9A91B10CB4} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D0721B2F-253E-4ABF-BD71-45358F71F528} – (PriceMinister) – http://www.priceminister.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D305570E-D694-4FB6-B100-972F615B986D} – (Bing) – http://search.live.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {DEFA626E-6735-4E45-A6B1-21571CF92695} – (Wikipedia (en)) – http://en.wikipedia.org” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {EA710FF9-4B75-4FD5-B360-92B1ED313F24} – (AlloCine) – http://www.allocine.fr” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.4FCA52B62DC5A5A81F39EDBCCC23451F] [SPRF][05/05/2014] (.Pas de propriétaire – Shortcut_Module.) — C:Documents and Settingsyvon dalibertBureauShortcut_Module.exe [2559488]
    ~ Files: 1 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.D7ED2273F556BD0F1E918D15C315D306] [WIS][05/05/2014] (.Spigot, Inc. – Widgi Toolbar.) — C:WindowsInstaller5a0bc.msi [4578304] =>PUP.Dealio
    ~ WIS: 1 Legitimates Filtered in 00mn 08s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Demand 30/10/2009 16680 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) – C:Program FilesCitrixGoToAssist514g2aservice.exe
    SS – | Auto 20/02/2010 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 20/02/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 22/09/2013 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 14/04/2008 14336 | C:Program FilesHPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WINDOWSsystem32svchost.exe
    SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesFichiers communsInstallShieldDriver1050Intel 32IDriverT.exe
    SS – | Auto 21/01/2014 699912 | (Orange update Core Service) . (.Orange SA.) – C:Program FilesOrangeOrangeUpdateServiceOUCore.exe
    SR – | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 04/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 14/04/2008 14336 | C:Program FilesHPDigital ImagingbinHPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WINDOWSsystem32svchost.exe
    SR – | Demand 29/11/2012 552848 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 30/10/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) – C:Program FilesJavajre6binjqs.exe
    SR – | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) – C:Program FilesIObitLiveUpdateLiveUpdate.exe
    SR – | Auto 14/04/2008 14336 | C:WINDOWSsystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WINDOWSsystem32svchost.exe
    SR – | Auto 14/04/2008 14336 | C:WINDOWSsystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WINDOWSsystem32svchost.exe
    SR – | Auto 03/06/2009 201968 | (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc..) – C:Program FilesDell Support Centerbinsprtsvc.exe
    SR – | Auto 07/01/2009 24576 | (wltrysvc) . (…) – C:WINDOWSsystem32WLTRYSVC.exe
    ~ Services: Scanned in 00mn 19s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by yvon dalibert at 09/05/2014 00:35:07
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x8655CAB8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 13 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by yvon dalibert at 09/05/2014 00:35:09
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (08/05/2014)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 1

    [HKCUSoftwareIObit Apps] =>PUP.Dealio
    [HKCUSoftwareAppDataLowSoftwareIObit Apps] =>PUP.Dealio
    C:WindowsInstaller5a0bc.msi =>PUP.Dealio^
    ~ Additionnel Scan: 224622 Items scanned in 00mn 47s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.byethost7.com/wordpress/pup-dealio/” onclick=”window.open(this.href);return false; =>PUP.Dealio
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 866 Legitimates filtered by white list
    End of the scan (532 lines in 04mn 12s)(0)[/spoiler:evh8k1ea]

    Rapport de UsbFix
    [spoiler:evh8k1ea]############################## | UsbFix V 7.169 | [Suppression]

    Utilisateur: yvon dalibert (Administrateur) # NINI
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 00:48:11 | 09/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Dell Inc. (CN0Y53)
    CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    RAM -> [Total : 1014 Mo| Free : 647 Mo]
    Bios: Dell Inc.
    Boot: Normal boot

    OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) Service Pack 3
    WB: Windows Internet Explorer : 8.0.6001.18702
    WB: Google Chrome : 34.0.1847.131

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    FW: Windows FireWall [Enabled]

    C: (%systemdrive%) -> Disque fixe # 149 Go (106 Go libre(s) – 71%) [OS] # NTFS

    ################## | Processus Actif |

    C:WINDOWSSystem32smss.exe (ID: 588 |ParentID: 4)
    C:WINDOWSsystem32csrss.exe (ID: 932 |ParentID: 588)
    C:WINDOWSsystem32winlogon.exe (ID: 956 |ParentID: 588)
    C:WINDOWSsystem32services.exe (ID: 1000 |ParentID: 956)
    C:WINDOWSsystem32lsass.exe (ID: 1012 |ParentID: 956)
    C:WINDOWSsystem32svchost.exe (ID: 1176 |ParentID: 1000)
    C:WINDOWSsystem32svchost.exe (ID: 1268 |ParentID: 1000)
    C:WINDOWSSystem32svchost.exe (ID: 1332 |ParentID: 1000)
    C:WINDOWSsystem32svchost.exe (ID: 1452 |ParentID: 1000)
    C:WINDOWSsystem32svchost.exe (ID: 1520 |ParentID: 1000)
    C:WINDOWSSystem32WLTRYSVC.EXE (ID: 1720 |ParentID: 1000)
    C:WINDOWSSystem32bcmwltry.exe (ID: 1736 |ParentID: 1720)
    C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1744 |ParentID: 1000)
    C:WINDOWSsystem32spoolsv.exe (ID: 2008 |ParentID: 1000)
    C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 252 |ParentID: 1000)
    C:Program FilesBonjourmDNSResponder.exe (ID: 684 |ParentID: 1000)
    C:WINDOWSExplorer.EXE (ID: 704 |ParentID: 444)
    C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (ID: 764 |ParentID: 1000)
    C:WINDOWSsystem32svchost.exe (ID: 1368 |ParentID: 1000)
    C:Program FilesJavajre6binjqs.exe (ID: 1496 |ParentID: 1000)
    C:Program FilesIObitLiveUpdateLiveUpdate.exe (ID: 460 |ParentID: 1000)
    C:WINDOWSSystem32svchost.exe (ID: 200 |ParentID: 1000)
    C:WINDOWSSystem32svchost.exe (ID: 572 |ParentID: 1000)
    C:Program FilesDell Support Centerbinsprtsvc.exe (ID: 1952 |ParentID: 1000)
    C:WINDOWSsystem32svchost.exe (ID: 1572 |ParentID: 1000)
    C:WINDOWSsystem32wdfmgr.exe (ID: 424 |ParentID: 1000)
    C:WINDOWSsystem32SearchIndexer.exe (ID: 1212 |ParentID: 1000)
    C:WINDOWSsystem32wuauclt.exe (ID: 2300 |ParentID: 1332)
    C:WINDOWSsystem32wscntfy.exe (ID: 2596 |ParentID: 1332)
    C:WINDOWSsystem32wbemwmiapsrv.exe (ID: 2864 |ParentID: 1000)
    C:WINDOWSSystem32alg.exe (ID: 3500 |ParentID: 1000)
    C:WINDOWSsystem32wbemwmiprvse.exe (ID: 3544 |ParentID: 1176)
    C:WINDOWSsystem32wbemwmiprvse.exe (ID: 3856 |ParentID: 1176)

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] Explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] Explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:WINDOWSsystem32userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:WINDOWSsystem32userinit.exe,
    04 – HKCU..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    04 – HKCU..Run : [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
    04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLM..Run : [RTHDCPL] RTHDCPL.EXE
    04 – HKLM..Run : [Alcmtr] ALCMTR.EXE
    04 – HKLM..Run : [IgfxTray] C:WINDOWSsystem32igfxtray.exe
    04 – HKLM..Run : [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
    04 – HKLM..Run : [Persistence] C:WINDOWSsystem32igfxpers.exe
    04 – HKLM..Run : [OA012Mon] C:WINDOWSOA012Mon.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesJavajre6binjusched.exe”
    04 – HKLM..Run : [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
    04 – HKLM..Run : [WSED] C:Program FilesWSEDWSED.exe
    04 – HKLM..Run : [BTMeter] C:Program FilesBattery MeterBTMeter.exe
    04 – HKLM..Run : [CapsLKNotify] C:Program FilesCapsLKNotifyCapsLKNotify.exe
    04 – HKLM..Run : [Adobe Reader Speed Launcher] “c:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLM..Run : [dellsupportcenter] “C:Program FilesDell Support Centerbinsprtcmd.exe” /P dellsupportcenter
    04 – HKLM..Run : [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
    04 – HKLM..Run : [PDVDDXSrv] “C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe”
    04 – HKLM..Run : [APSDaemon] “C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
    04 – HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
    04 – HKLMSoftwareMicrosoftWindows NTCurrentVersionTerminal ServerInstall..Run : []
    04 – HKLMSoftwareMicrosoftWindows NTCurrentVersionTerminal ServerInstall..RunOnce : []
    04 – HKUS-1-5-19..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-20..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-21-2864729764-1779981083-3612934209-1007..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    04 – HKUS-1-5-21-2864729764-1779981083-3612934209-1007..Run : [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
    04 – HKUS-1-5-18..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE

    ################## | Listing |

    [04/05/2014 – 14:48:09 | D] – C:3514e1179b3e21839ba5c4351465
    [09/05/2014 – 00:31:23 | D] – C:AdwCleaner
    [30/04/2008 – 01:03:11 | A | 0 Ko] – C:AUTOEXEC.BAT
    [04/05/2014 – 14:48:00 | D] – C:b5cbf94b39035d5416217e52e780
    [22/04/2014 – 21:51:45 | RASH | 0 Ko] – C:boot.ini
    [14/04/2008 – 14:00:00 | N | 5 Ko] – C:Bootfont.bin
    [05/05/2014 – 22:27:44 | D] – C:Config.Msi
    [30/04/2008 – 01:03:11 | N | 0 Ko] – C:CONFIG.SYS
    [09/11/2009 – 20:37:07 | D] – C:DELL
    [30/10/2009 – 18:02:07 | N | 4 Ko] – C:dell.sdr
    [09/05/2014 – 00:33:18 | N | 0 Ko] – C:Documents
    [14/04/2014 – 19:20:09 | D] – C:Documents and Settings
    [30/10/2009 – 22:04:34 | D] – C:drivers
    [04/05/2014 – 15:29:52 | D] – C:ee2973541b4b65b6db96d525c8a9e7
    [09/05/2014 – 00:46:47 | ASH | 1038772 Ko] – C:hiberfil.sys
    [30/10/2009 – 16:25:09 | D] – C:I386
    [30/04/2008 – 01:03:11 | AH | 0 Ko] – C:IO.SYS
    [30/04/2008 – 01:03:11 | AH | 0 Ko] – C:MSDOS.SYS
    [09/11/2009 – 22:41:06 | RHD] – C:MSOCache
    [14/04/2008 – 14:00:00 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] – C:NTDETECT.COM
    [14/04/2008 – 14:00:00 | RASH | 246 Ko] – C:ntldr
    [09/05/2014 – 00:46:44 | ASH | 1558052 Ko] – C:pagefile.sys
    [09/05/2014 – 00:35:08 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [26/04/2014 – 13:42:42 | D] – C:Program Files
    [17/12/2010 – 10:13:52 | SHD] – C:RECYCLER
    [05/05/2014 – 20:03:41 | D] – C:Shortcut_Module
    [04/05/2014 – 20:47:15 | N | 29 Ko | 397B45D179008ED4BEF4601F25DF342B] – C:Shortcut_Module_04_05_2014_20_47_15.txt
    [04/05/2014 – 23:14:11 | N | 14 Ko | 042EE58A05F21BEC59F6CE2A068CEDD5] – C:Shortcut_Module_04_05_2014_23_14_11.txt
    [05/05/2014 – 20:03:41 | N | 14 Ko | 450EB71D518A145217B1F5824C24A452] – C:Shortcut_Module_05_05_2014_20_03_41.txt
    [06/11/2009 – 17:13:05 | SHD] – C:System Volume Information
    [09/05/2014 – 00:44:43 | D] – C:UsbFix
    [05/05/2014 – 20:52:03 | N | 8 Ko | F7E93FE11D78B3083509DE5603B8E02D] – C:UsbFix [Clean 10] NINI.txt
    [09/05/2014 – 00:49:14 | A | 8 Ko | 029F17BAF79BB01512787CCDDF176B22] – C:UsbFix [Clean 12] NINI.txt
    [04/05/2014 – 17:13:32 | N | 10 Ko | 467A5445D94013900DB12D2D7E8E650E] – C:UsbFix [Clean 2] NINI.txt
    [04/05/2014 – 17:33:11 | N | 7 Ko | D0E16B73EFE76481EFA1F30DD77720BA] – C:UsbFix [Clean 4] NINI.txt
    [04/05/2014 – 19:18:21 | N | 8 Ko | BC5A9685617A76B1154D0DF1BA079D59] – C:UsbFix [Clean 6] NINI.txt
    [04/05/2014 – 19:40:43 | N | 6 Ko | A49DB208029E5E4C8B4034642655A0F6] – C:UsbFix [Clean 8] NINI.txt
    [04/05/2014 – 19:46:46 | N | 7 Ko | D6091C4B80508CE415D944547DD84C03] – C:UsbFix [Scan 1] NINI.txt
    [05/05/2014 – 20:46:28 | N | 7 Ko | F3732F1FB374F9423445F46EF7675CF0] – C:UsbFix [Scan 2] NINI.txt
    [14/01/2014 – 05:13:54 | D] – C:Users
    [09/05/2014 – 00:47:41 | D] – C:WINDOWS

    ################## | Vaccin |

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:evh8k1ea]

  • Anonyme
    Nombre d'articles : 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Désinstalle ta version de UsbFix et télécharge celle ci : partage/UsbFix.exe

    • Branche toutes tes sources de données externes au PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Recherche

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    • Tutoriel : http://www.usbfix.net/tutoriels/” onclick=”window.open(this.href);return false;
  • jordan44
    Participant
    Nombre d'articles : 2

    [spoiler:2gm0mp94]############################## | UsbFix V 7.170 | [Recherche]

    Utilisateur: yvon dalibert (Administrateur) # NINI
    Mis à jour le 07/05/2014 par El Desaparecido – SosVirus
    Lancé à 09:32:48 | 09/05/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    PC: Dell Inc. (CN0Y53)
    CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    RAM -> [Total : 1014 Mo| Free : 370 Mo]
    Bios: Dell Inc.
    Boot: Normal boot

    OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) Service Pack 3
    WB: Windows Internet Explorer : 8.0.6001.18702
    WB: Google Chrome : 34.0.1847.131

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    FW: Windows FireWall [Enabled]

    C: (%SystemDrive%) -> Disque fixe # 149 Go (106 Go libre(s) – 71%) [OS] # NTFS

    ################## | Processus Actif |

    C:WINDOWSsystem32smss.exe (ID: 884|ParentID: 4|SYSTEM)
    C:WINDOWSsystem32csrss.exe (ID: 932|ParentID: 884|SYSTEM)
    C:WINDOWSsystem32winlogon.exe (ID: 956|ParentID: 884|SYSTEM)
    C:WINDOWSsystem32services.exe (ID: 1000|ParentID: 956|SYSTEM)
    C:WINDOWSsystem32lsass.exe (ID: 1012|ParentID: 956|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 1164|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 1252|ParentID: 1000|SERVICE RÉSEAU)
    C:WINDOWSsystem32svchost.exe (ID: 1292|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 1416|ParentID: 1000|SERVICE RÉSEAU)
    C:WINDOWSsystem32svchost.exe (ID: 1440|ParentID: 1000|SERVICE LOCAL)
    C:WINDOWSsystem32WLTRYSVC.EXE (ID: 1648|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32BCMWLTRY.EXE (ID: 1680|ParentID: 1648|SYSTEM)
    C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1692|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32spoolsv.exe (ID: 1928|ParentID: 1000|SYSTEM)
    C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2004|ParentID: 1000|SYSTEM)
    C:Program FilesBonjourmDNSResponder.exe (ID: 2036|ParentID: 1000|SYSTEM)
    C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (ID: 224|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 308|ParentID: 1000|SYSTEM)
    C:Program FilesJavajre6binjqs.exe (ID: 464|ParentID: 1000|SYSTEM)
    C:Program FilesIObitLiveUpdateLiveUpdate.exe (ID: 544|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 736|ParentID: 1000|SERVICE LOCAL)
    C:WINDOWSsystem32svchost.exe (ID: 844|ParentID: 1000|SERVICE LOCAL)
    C:Program FilesDell Support Centerbinsprtsvc.exe (ID: 924|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 1196|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32wdfmgr.exe (ID: 1376|ParentID: 1000|SERVICE LOCAL)
    C:WINDOWSsystem32searchindexer.exe (ID: 1480|ParentID: 1000|SYSTEM)
    C:WINDOWSexplorer.exe (ID: 2480|ParentID: 2116|yvon dalibert)
    C:WINDOWSsystem32alg.exe (ID: 2720|ParentID: 1000|SERVICE LOCAL)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 1884|ParentID: 2480|yvon dalibert)
    C:WINDOWSsystem32wbemwmiapsrv.exe (ID: 2848|ParentID: 1000|SYSTEM)
    C:WINDOWSsystem32wbemwmiprvse.exe (ID: 2916|ParentID: 1164|SYSTEM)
    C:WINDOWSRTHDCPL.EXE (ID: 3548|ParentID: 2480|yvon dalibert)
    C:WINDOWSsystem32igfxtray.exe (ID: 3592|ParentID: 2480|yvon dalibert)
    C:WINDOWSsystem32hkcmd.exe (ID: 3600|ParentID: 2480|yvon dalibert)
    C:WINDOWSsystem32igfxpers.exe (ID: 3624|ParentID: 2480|yvon dalibert)
    C:WINDOWSsystem32igfxsrvc.exe (ID: 3768|ParentID: 1164|yvon dalibert)
    C:WINDOWSOA012Mon.exe (ID: 3904|ParentID: 2480|yvon dalibert)
    C:Program FilesJavajre6binjusched.exe (ID: 3944|ParentID: 2480|yvon dalibert)
    C:WINDOWSsystem32WLTRAY.EXE (ID: 4032|ParentID: 2480|yvon dalibert)
    C:Program FilesWSEDWSED.exe (ID: 228|ParentID: 2480|yvon dalibert)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 756|ParentID: 2480|yvon dalibert)
    C:Program FilesBattery MeterBTMeter.exe (ID: 1368|ParentID: 2480|yvon dalibert)
    C:Program FilesCapsLKNotifyCapsLKNotify.exe (ID: 1600|ParentID: 2480|yvon dalibert)
    C:Program FilesDell Support Centerbinsprtcmd.exe (ID: 1748|ParentID: 2480|yvon dalibert)
    C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe (ID: 2096|ParentID: 2480|yvon dalibert)
    C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2244|ParentID: 2480|yvon dalibert)
    C:Program FilesiTunesiTunesHelper.exe (ID: 2388|ParentID: 2480|yvon dalibert)
    C:WINDOWSsystem32ctfmon.exe (ID: 2404|ParentID: 2480|yvon dalibert)
    C:Program FilesWindows Desktop SearchWindowsSearch.exe (ID: 3368|ParentID: 2480|yvon dalibert)
    C:Program FilesiPodbiniPodService.exe (ID: 1396|ParentID: 1000|SYSTEM)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2156|ParentID: 756|yvon dalibert)
    C:WINDOWSsystem32searchprotocolhost.exe (ID: 3992|ParentID: 1480|SYSTEM)
    C:UsbFixUsbFix.exe (ID: 780|ParentID: 3456|yvon dalibert)
    C:WINDOWSsystem32wscntfy.exe (ID: 2700|ParentID: 1292|yvon dalibert)
    C:WINDOWSsystem32wbemwmiprvse.exe (ID: 2776|ParentID: 1164|SERVICE RÉSEAU)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] Explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:WINDOWSsystem32userinit.exe,
    04 – HKCU..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    04 – HKCU..Run : [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
    04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLM..Run : [RTHDCPL] RTHDCPL.EXE
    04 – HKLM..Run : [Alcmtr] ALCMTR.EXE
    04 – HKLM..Run : [IgfxTray] C:WINDOWSsystem32igfxtray.exe
    04 – HKLM..Run : [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
    04 – HKLM..Run : [Persistence] C:WINDOWSsystem32igfxpers.exe
    04 – HKLM..Run : [OA012Mon] C:WINDOWSOA012Mon.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesJavajre6binjusched.exe”
    04 – HKLM..Run : [Broadcom Wireless Manager UI] C:WINDOWSsystem32WLTRAY.exe
    04 – HKLM..Run : [WSED] C:Program FilesWSEDWSED.exe
    04 – HKLM..Run : [BTMeter] C:Program FilesBattery MeterBTMeter.exe
    04 – HKLM..Run : [CapsLKNotify] C:Program FilesCapsLKNotifyCapsLKNotify.exe
    04 – HKLM..Run : [Adobe Reader Speed Launcher] “c:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLM..Run : [dellsupportcenter] “C:Program FilesDell Support Centerbinsprtcmd.exe” /P dellsupportcenter
    04 – HKLM..Run : [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
    04 – HKLM..Run : [PDVDDXSrv] “C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe”
    04 – HKLM..Run : [APSDaemon] “C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
    04 – HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
    04 – HKUS-1-5-19..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-20..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-21-2864729764-1779981083-3612934209-1007..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
    04 – HKUS-1-5-21-2864729764-1779981083-3612934209-1007..Run : [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
    04 – HKUS-1-5-18..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE

    ################## | Recherche générique |

    ################## | Registre |

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [04/05/2014 – 20:47:15 | N | 29 Ko] – C:Shortcut_Module_04_05_2014_20_47_15.txt
    [04/05/2014 – 23:14:11 | N | 14 Ko] – C:Shortcut_Module_04_05_2014_23_14_11.txt
    [05/05/2014 – 20:03:41 | N | 14 Ko] – C:Shortcut_Module_05_05_2014_20_03_41.txt
    [30/04/2008 – 01:03:11 | N | 0 Ko] – C:CONFIG.SYS
    [30/04/2008 – 01:03:11 | AH | 0 Ko] – C:IO.SYS
    [30/04/2008 – 01:03:11 | AH | 0 Ko] – C:MSDOS.SYS
    [09/05/2014 – 09:24:20 | ASH | 1558052 Ko] – C:pagefile.sys
    [09/05/2014 – 09:24:22 | ASH | 1038772 Ko] – C:hiberfil.sys
    [30/10/2009 – 18:02:07 | N | 4 Ko] – C:dell.sdr
    [05/05/2014 – 22:27:44 | D] – C:Config.Msi
    [22/04/2014 – 21:51:45 | RASH | 0 Ko] – C:boot.ini
    [14/04/2008 – 14:00:00 | N | 46 Ko | VirusTotal – (0/51)] – C:NTDETECT.COM
    [14/04/2008 – 14:00:00 | N | 5 Ko] – C:Bootfont.bin
    [09/05/2014 – 00:35:08 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [30/04/2008 – 01:03:11 | A | 0 Ko] – C:AUTOEXEC.BAT
    [14/04/2008 – 14:00:00 | RASH | 246 Ko] – C:ntldr
    [30/10/2009 – 16:25:09 | D] – C:I386
    [30/10/2009 – 22:04:34 | D] – C:drivers
    [06/11/2009 – 17:13:05 | SHD] – C:System Volume Information
    [09/11/2009 – 20:37:07 | D] – C:DELL
    [09/11/2009 – 22:41:06 | RHD] – C:MSOCache
    [17/12/2010 – 10:13:52 | SHD] – C:RECYCLER
    [14/01/2014 – 05:13:54 | D] – C:Users
    [14/04/2014 – 19:20:09 | D] – C:Documents and Settings
    [26/04/2014 – 13:42:42 | D] – C:Program Files
    [04/05/2014 – 14:48:00 | D] – C:b5cbf94b39035d5416217e52e780
    [04/05/2014 – 14:48:09 | D] – C:3514e1179b3e21839ba5c4351465
    [04/05/2014 – 15:29:52 | D] – C:ee2973541b4b65b6db96d525c8a9e7
    [05/05/2014 – 20:03:41 | D] – C:Shortcut_Module
    [09/05/2014 – 00:31:23 | D] – C:AdwCleaner
    [09/05/2014 – 00:33:18 | N | 0 Ko] – C:Documents
    [09/05/2014 – 09:24:45 | D] – C:WINDOWS
    [09/05/2014 – 09:31:54 | D] – C:UsbFix

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:2gm0mp94]

  • Anonyme
    Nombre d'articles : 0

    L’infection n’est pas présente sur ta machine.

    T’as pas la clé USB concernée car elle était pas connecté lors de la recherche avec UsbFix …

  • jordan44
    Participant
    Nombre d'articles : 2

    non, je n’ai pas la clé avec moi
    j’ai une autre machine avec une clé usb qui sont infectés mais je ne les ai pas avec moi aujourd’hui, je les récupère au plus vite

    merci de ton aide :merci2:

  • Anonyme
    Nombre d'articles : 0

    Ok je comprend mieux 🙂

    Tu peux désinstaller UsbFix 😉

    Bon week-end 🙂

    [pagefb:1taljok2][/pagefb:1taljok2]

Le sujet ‘Virus survival.vbe’ est fermé à de nouvelles réponses.