jean-phi

Parfait, merci beaucoup pour votre aide, patience et reactivite! JP

Voici mon rapport de ZHPFix: Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013 Fichier d'export Registre : Run by JP at 02/07/2013 16:55:26 High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Recycle Files Deleted ========== Memory Process ========== DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\toolbar1039434.exe DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\toolbar239800072.exe DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\toolbar239800384.exe DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\toolbar2662547.exe DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\uninst1.exe DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\uninstall1046049.exe DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\ICReinstall_setup(1).exe DELETED Memory Process: C:\Users\JP\AppData\Local\Temp\MachineIdCreator.exe ========== Memory Module ========== DELETED Memory Module: C:\Users\JP\AppData\Local\Temp\iGearedHelper.dll DELETE on Reboot Memory Module: C:\Users\JP\AppData\Local\Temp\Tsu-1608.dll DELETED Memory Module: C:\Users\JP\AppData\Local\Temp\Tsu0AE9A6DA.dll ========== Registry Key ========== DELETED CLSID MPSK: {1dd2e137-af41-11e1-a0b5-4c80930ca78c} DELETED CLSID MPSK: {a2c05c5c-af41-11e1-99be-4c80930ca78c} DELETED CLSID MPSK: {a2c05c5f-af41-11e1-99be-4c80930ca78c} DELETED Key: HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32 DELETED Key: HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASAPI32 DELETED Key: HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASMANCS DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} DELETED Key: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib ========== Registry Value ========== NOT FOUND IFC: [FEATURE_BROWSER_EMULATION] svchost.exe DELETED RunValue: FAStartup No Value in Standard Profile Register Key FirewallRaz : No Value in Domain Profile Register Key FirewallRaz : No Value in Firewall Exception Register Key (FirewallRaz) ========== Repertory ========== DELETED Folder: C:\Users\JP\AppData\Local\{E855AC82-B5C9-4122-AB52-B9E49D885C3C} ========== File ========== DELETED File: c:\users\jp\downloads\setup.exe DELETED File: c:\users\jp\downloads\spyhunter-installer.exe DELETED File*: c:\users\jp\appdata\local\temp\toolbar1039434.exe DELETED File*: c:\users\jp\appdata\local\temp\toolbar239800072.exe DELETED File*: c:\users\jp\appdata\local\temp\toolbar239800384.exe DELETED File*: c:\users\jp\appdata\local\temp\toolbar2662547.exe DELETED File: c:\users\jp\appdata\local\temp\uninst1.exe DELETED File*: c:\users\jp\appdata\local\temp\uninstall1046049.exe NOT FOUND Folder/File: c:\users\jp\appdata\local\temp\uninst1.exe NOT FOUND Folder/File: c:\users\jp\appdata\local\temp\toolbar1039434.exe NOT FOUND Folder/File: c:\users\jp\appdata\local\temp\toolbar2662547.exe DELETED File: c:\windows\prefetch\find.exe-66a35b26.pf DELETED File: c:\windows\prefetch\fainstsupp.exe-d44b57d4.pf DELETED File: c:\windows\prefetch\sftservice.exe-4afe8553.pf DELETED File: c:\windows\prefetch\mediasrv.exe-b8d46bc3.pf DELETED File: c:\windows\prefetch\cacls.exe-8712205b.pf DELETED File: c:\windows\prefetch\checkquotasplg.exe-b57daf00.pf DELETED File: c:\windows\prefetch\datasafe.exe-27429c3a.pf DELETED File: c:\windows\prefetch\frestoreplg.exe-91a9c5ca.pf DELETED File: c:\windows\prefetch\pstrestoreextplg.exe-cab15c1a.pf DELETED File: c:\windows\prefetch\setmuilanguage.exe-75c1693c.pf DELETED File: c:\windows\prefetch\sftvss64.exe-47034904.pf DELETED File: c:\windows\prefetch\strestoreplg.exe-419fd2a5.pf DELETED File: c:\windows\prefetch\backupplg.exe-e037339e.pf DELETED File: c:\windows\prefetch\stimageextplg.exe-d507f560.pf DELETED File: c:\windows\prefetch\iwrap.exe-5a01f8f6.pf DELETED File: c:\windows\prefetch\rplaunch.exe-e7f444a6.pf DELETED File: c:\windows\prefetch\go.exe-9f5f9b7b.pf DELETED File: C:\Users\JP\AppData\Local\Temp\defaultCache.reg DELETED File*: c:\users\jp\appdata\local\temp\defaultcache.reg DELETED File*: c:\users\jp\appdata\local\temp\icreinstall_setup(1).exe DELETED File*: c:\users\jp\appdata\local\temp\igearedhelper.dll DELETED File*: c:\users\jp\appdata\local\temp\machineidcreator.exe DELETED File: c:\users\jp\appdata\local\temp\tsu0ae9a6da.dll DELETED Flash Cookies DELETED Window Temporary ========== Hosts file ========== Hosts File not cleaned (Please Deactivate your Antivirus) ========== Task ========== DELETED Task: Express Files Updater DELETED Task: YourFile DownloaderUpdate ========== Restoration ========== Restore System Point created succefully ========== Other ========== NOT SUPPORTED ~ Adware.ExpressFiles - Malicius Software Information NOT SUPPORTED ~ Crapware.SpyHunter - Malicius Software Information NOT SUPPORTED ~ Toolbar.Babylon - Malicius Software Information NOT SUPPORTED ~ Adware.WebCake - Malicius Software Information ========== Summary ========== 8 : Memory Process 3 : Memory Module 9 : Registry Key 5 : Registry Value 1 : Repertory 36 : File 1 : Hosts file 2 : Task 1 : Restoration 4 : Other End of clean in 00mn 30s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 02/07/2013 16:55:26 [5451]

J'ai du faire 2 scans pour USBfix: premier scan avec mes cles USB, second avec mon DDE. Resultats: Scan1 ############################## | UsbFix V 7.129 | [Research] User: JP (Administrator) # JP-PC Updated 24/06/2013 by El Desaparecido Started at 10:07:32 | 02/07/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Dell Inc. (Inspiron N5110) (x64-based PC) CPU: Intel® Core i7-2670QM CPU @ 2.20GHz (2201) RAM -> [Total : 8099 | Free : 5874] BIOS: BIOS Date: 07/18/11 15:25:00 Ver: 04.06.04 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [(!) Disabled] AV: McAfee Anti-Virus and Anti-Spyware [Enabled | Updated] FW: Windows FireWall Service [(!) Disabled] C:\ (%systemdrive%) -> Fixed drive # 581 Gb (477 Mb free - 82%) [OS] # NTFS D:\ -> CD-ROM E:\ -> Removable drive # 7 Gb (2 Mb free - 32%) [uSB USO] # FAT32 F:\ -> Removable drive # 7 Gb (5 Mb free - 69%) [CLÉ JP] # FAT32 ################## | Active Processes | C:\windows\system32\csrss.exe (948) C:\windows\system32\csrss.exe (864) C:\windows\system32\wininit.exe (896) C:\windows\system32\winlogon.exe (968) C:\windows\system32\services.exe (1016) C:\windows\system32\lsass.exe (936) C:\windows\system32\lsm.exe (424) C:\windows\system32\svchost.exe (1120) C:\windows\system32\nvvsvc.exe (1184) C:\windows\system32\svchost.exe (1224) C:\windows\System32\svchost.exe (1320) C:\windows\System32\svchost.exe (1360) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (1384) C:\windows\system32\svchost.exe (1532) C:\windows\system32\svchost.exe (1624) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (1708) C:\windows\system32\nvvsvc.exe (1720) C:\windows\system32\svchost.exe (1764) C:\windows\system32\WLANExt.exe (1988) C:\windows\system32\conhost.exe (1996) C:\windows\System32\spoolsv.exe (1380) C:\windows\system32\Dwm.exe (1892) C:\windows\Explorer.EXE (1820) C:\windows\system32\taskhost.exe (1912) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (2212) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (2248) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (2332) C:\windows\system32\svchost.exe (2388) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (2440) C:\windows\System32\svchost.exe (2564) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2588) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (2832) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1048) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2744) C:\Windows\System32\igfxtray.exe (2748) C:\Windows\System32\hkcmd.exe (2732) C:\Windows\System32\igfxpers.exe (2764) C:\Program Files\DellTPad\Apoint.exe (2852) C:\Program Files\Dell\QuickSet\quickset.exe (2416) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (1468) C:\Windows\System32\rundll32.exe (1464) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (3084) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (3236) C:\Users\JP\AppData\Roaming\Dropbox\bin\Dropbox.exe (3300) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (3356) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (3396) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (3528) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3540) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3572) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (3620) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (3668) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (3864) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3932) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (4080) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (4216) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (4228) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (4748) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (4664) C:\windows\system32\svchost.exe (4352) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (4376) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (4380) C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (4128) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (4416) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (4640) C:\windows\system32\wbem\unsecapp.exe (4988) C:\windows\system32\wbem\unsecapp.exe (4984) C:\windows\system32\wbem\wmiprvse.exe (4976) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (5856) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (5148) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3860) C:\windows\system32\SearchIndexer.exe (5516) C:\windows\system32\svchost.exe (2580) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (4468) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (6264) C:\Program Files\DellTPad\ApMsgFwd.exe (6656) C:\Program Files\DellTPad\Apntex.exe (6296) C:\Program Files\DellTPad\HidFind.exe (6312) C:\windows\system32\conhost.exe (6408) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (1632) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (3176) C:\Program Files (x86)\Nero\Update\NASvc.exe (2432) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (5068) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (3112) C:\windows\System32\WUDFHost.exe (6960) C:\windows\system32\SearchProtocolHost.exe (2328) C:\windows\system32\SearchFilterHost.exe (488) C:\UsbFix\Go.exe (7076) C:\windows\system32\wbem\wmiprvse.exe (5264) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [FAStartup] - HKLM\SOFTWARE | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE\wow6432Node | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE\wow6432Node | Run : [] - HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE\wow6432Node | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE\wow6432Node | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [FAStartup] - HKLM\SOFTWARE\wow6432Node | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Files # Infected Folders | Found ! E:\05 Dobri Dien Romale.wma ################## | Registry | Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{1dd2e137-af41-11e1-a0b5-4c80930ca78c} Shell\AutoRun\Command = E:\SFR.exe HKCU\.\.\.\.\Explorer\MountPoints2\{a2c05c5c-af41-11e1-99be-4c80930ca78c} Shell\AutoRun\Command = E:\SFR.exe HKCU\.\.\.\.\Explorer\MountPoints2\{a2c05c5f-af41-11e1-99be-4c80930ca78c} Shell\AutoRun\Command = E:\SFR.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.net | Clean 1 ############################## | UsbFix V 7.129 | [Deletion] User: JP (Administrator) # JP-PC Updated 24/06/2013 by El Desaparecido Started at 10:11:05 | 02/07/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Dell Inc. (Inspiron N5110) (x64-based PC) CPU: Intel® Core i7-2670QM CPU @ 2.20GHz (2201) RAM -> [Total : 8099 | Free : 5876] BIOS: BIOS Date: 07/18/11 15:25:00 Ver: 04.06.04 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [(!) Disabled] AV: McAfee Anti-Virus and Anti-Spyware [Enabled | Updated] FW: Windows FireWall Service [(!) Disabled] C:\ (%systemdrive%) -> Fixed drive # 581 Gb (477 Mb free - 82%) [OS] # NTFS D:\ -> CD-ROM E:\ -> Removable drive # 7 Gb (2 Mb free - 32%) [uSB USO] # FAT32 F:\ -> Removable drive # 7 Gb (5 Mb free - 69%) [CLÉ JP] # FAT32 ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [FAStartup] - HKLM\SOFTWARE | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE\wow6432Node | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE\wow6432Node | Run : [] - HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE\wow6432Node | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE\wow6432Node | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [FAStartup] - HKLM\SOFTWARE\wow6432Node | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Stopped processes | Stopped! C:\windows\system32\nvvsvc.exe (1184) Stopped! C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (1384) Stopped! C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (1708) Stopped! C:\windows\system32\nvvsvc.exe (1720) Stopped! C:\windows\system32\WLANExt.exe (1988) Stopped! C:\windows\System32\spoolsv.exe (1380) Stopped! C:\windows\system32\taskhost.exe (1912) Stopped! C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (2212) Stopped! C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (2248) Stopped! C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (2332) Stopped! C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (2440) Stopped! C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2588) Stopped! C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (2832) Stopped! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1048) Stopped! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2744) Stopped! C:\Windows\System32\igfxtray.exe (2748) Stopped! C:\Windows\System32\hkcmd.exe (2732) Stopped! C:\Windows\System32\igfxpers.exe (2764) Stopped! C:\Program Files\DellTPad\Apoint.exe (2852) Stopped! C:\Program Files\Dell\QuickSet\quickset.exe (2416) Stopped! C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (1468) Stopped! C:\Windows\System32\rundll32.exe (1464) Stopped! C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (3084) Stopped! C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (3236) Stopped! C:\Users\JP\AppData\Roaming\Dropbox\bin\Dropbox.exe (3300) Stopped! C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (3356) Stopped! C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (3396) Stopped! C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (3528) Stopped! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3540) Stopped! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3572) Stopped! C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (3620) Stopped! C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (3668) Stopped! C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (3864) Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3932) Stopped! C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (4080) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (4216) Stopped! C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (4228) Stopped! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (4748) Stopped! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (4664) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (4376) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (4380) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (4128) Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (4416) Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (4640) Stopped! C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (5856) Stopped! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (5148) Stopped! C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3860) Stopped! C:\windows\system32\SearchIndexer.exe (5516) Stopped! C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (4468) Stopped! C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (6264) Stopped! C:\Program Files\DellTPad\ApMsgFwd.exe (6656) Stopped! C:\Program Files\DellTPad\Apntex.exe (6296) Stopped! C:\Program Files\DellTPad\HidFind.exe (6312) Stopped! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (1632) Stopped! C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (3176) Stopped! C:\Program Files (x86)\Nero\Update\NASvc.exe (2432) Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (5068) Stopped! C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (3112) Stopped! C:\windows\System32\WUDFHost.exe (6960) Stopped! C:\windows\system32\SearchProtocolHost.exe (464) ################## | Files # Infected Folders | Scan 2 ############################## | UsbFix V 7.129 | [Research] User: JP (Administrator) # JP-PC Updated 24/06/2013 by El Desaparecido Started at 11:03:32 | 02/07/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Dell Inc. (Inspiron N5110) (x64-based PC) CPU: Intel® Core i7-2670QM CPU @ 2.20GHz (2201) RAM -> [Total : 8099 | Free : 5796] BIOS: BIOS Date: 07/18/11 15:25:00 Ver: 04.06.04 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [(!) Disabled] AV: McAfee Anti-Virus and Anti-Spyware [Enabled | Updated] FW: Windows FireWall Service [(!) Disabled] C:\ (%systemdrive%) -> Fixed drive # 581 Gb (477 Mb free - 82%) [OS] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 932 Gb (804 Mb free - 86%) [Expansion Drive] # NTFS Y:\ -> Fixed drive # 15 Gb (6 Mb free - 42%) [Recovery] # NTFS ################## | Active Processes | C:\windows\system32\csrss.exe (984) C:\windows\system32\wininit.exe (428) C:\windows\system32\csrss.exe (948) C:\windows\system32\services.exe (140) C:\windows\system32\lsass.exe (160) C:\windows\system32\lsm.exe (156) C:\windows\system32\svchost.exe (1088) C:\windows\system32\winlogon.exe (1124) C:\windows\system32\nvvsvc.exe (1196) C:\windows\system32\svchost.exe (1236) C:\windows\System32\svchost.exe (1300) C:\windows\System32\svchost.exe (1360) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (1396) C:\windows\system32\svchost.exe (1484) C:\windows\system32\svchost.exe (1572) C:\windows\system32\svchost.exe (1656) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (1800) C:\windows\system32\nvvsvc.exe (1812) C:\windows\system32\WLANExt.exe (1884) C:\windows\system32\conhost.exe (1896) C:\windows\System32\spoolsv.exe (1976) C:\windows\system32\taskhost.exe (2104) C:\windows\system32\Dwm.exe (2184) C:\windows\Explorer.EXE (2212) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (2552) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (2580) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (2612) C:\windows\system32\svchost.exe (2640) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (2660) C:\windows\System32\svchost.exe (2716) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2760) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (2848) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (2872) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2936) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2984) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (2992) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (3032) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (3088) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (3124) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (3200) C:\windows\system32\svchost.exe (3228) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3276) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (3500) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3660) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (3836) C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (3976) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3496) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (3308) C:\windows\system32\wbem\unsecapp.exe (4000) C:\windows\system32\wbem\wmiprvse.exe (4308) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (4104) C:\windows\system32\SearchIndexer.exe (4224) C:\Windows\System32\igfxtray.exe (3896) C:\Windows\System32\hkcmd.exe (4768) C:\Windows\System32\igfxpers.exe (4800) C:\Program Files\DellTPad\Apoint.exe (5236) C:\Program Files\Dell\QuickSet\quickset.exe (5540) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (5188) C:\Windows\System32\rundll32.exe (5296) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (5712) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (5924) C:\Users\JP\AppData\Roaming\Dropbox\bin\Dropbox.exe (6080) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (5664) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (5756) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (5864) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (5280) C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe (5416) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (5620) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (5948) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (5220) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (5460) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (5580) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (5800) C:\windows\system32\wbem\unsecapp.exe (5268) C:\windows\system32\svchost.exe (968) C:\Program Files\DellTPad\ApMsgFwd.exe (5636) C:\Program Files\DellTPad\HidFind.exe (7092) C:\Program Files\DellTPad\Apntex.exe (7156) C:\windows\system32\conhost.exe (6264) C:\windows\system32\taskeng.exe (6696) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5308) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (6880) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (4480) C:\Program Files (x86)\Nero\Update\NASvc.exe (5020) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (732) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (1736) C:\windows\system32\wbem\wmiprvse.exe (6596) C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe (4484) C:\windows\system32\taskhost.exe (1592) C:\UsbFix\Go.exe (4208) \\?\C:\windows\system32\wbem\WMIADAP.EXE (4444) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [FAStartup] - HKLM\SOFTWARE | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE\wow6432Node | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE\wow6432Node | Run : [] - HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE\wow6432Node | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE\wow6432Node | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [FAStartup] - HKLM\SOFTWARE\wow6432Node | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Files # Infected Folders | Found ! E:\Setup.exe Found ! E:\Autorun.inf Found ! Y:\AUTORUN.INF Found ! Y:\desktop.ini ################## | Registry | Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{1dd2e137-af41-11e1-a0b5-4c80930ca78c} Shell\AutoRun\Command = E:\SFR.exe HKCU\.\.\.\.\Explorer\MountPoints2\{a2c05c5c-af41-11e1-99be-4c80930ca78c} Shell\AutoRun\Command = E:\SFR.exe HKCU\.\.\.\.\Explorer\MountPoints2\{a2c05c5f-af41-11e1-99be-4c80930ca78c} Shell\AutoRun\Command = E:\SFR.exe ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.net | Clean 2 ############################## | UsbFix V 7.129 | [Deletion] User: JP (Administrator) # JP-PC Updated 24/06/2013 by El Desaparecido Started at 11:06:39 | 02/07/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Dell Inc. (Inspiron N5110) (x64-based PC) CPU: Intel® Core i7-2670QM CPU @ 2.20GHz (2201) RAM -> [Total : 8099 | Free : 5792] BIOS: BIOS Date: 07/18/11 15:25:00 Ver: 04.06.04 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [(!) Disabled] AV: McAfee Anti-Virus and Anti-Spyware [Enabled | Updated] FW: Windows FireWall Service [(!) Disabled] C:\ (%systemdrive%) -> Fixed drive # 581 Gb (477 Mb free - 82%) [OS] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 932 Gb (804 Mb free - 86%) [Expansion Drive] # NTFS Y:\ -> Fixed drive # 15 Gb (6 Mb free - 42%) [Recovery] # NTFS ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [FAStartup] - HKLM\SOFTWARE | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 HKLM\SOFTWARE\wow6432Node | Run : [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM\SOFTWARE\wow6432Node | Run : [] - HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE\wow6432Node | Run : [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 HKLM\SOFTWARE\wow6432Node | Run : [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe HKLM\SOFTWARE\wow6432Node | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [FAStartup] - HKLM\SOFTWARE\wow6432Node | Run : [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-21-2375913321-2883534992-1522907984-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Stopped processes | Stopped! C:\windows\system32\nvvsvc.exe (1196) Stopped! C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (1396) Stopped! C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (1800) Stopped! C:\windows\system32\nvvsvc.exe (1812) Stopped! C:\windows\system32\WLANExt.exe (1884) Stopped! C:\windows\System32\spoolsv.exe (1976) Stopped! C:\windows\system32\taskhost.exe (2104) Stopped! C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (2552) Stopped! C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (2580) Stopped! C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (2612) Stopped! C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (2660) Stopped! C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2760) Stopped! C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (2848) Stopped! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (2872) Stopped! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2936) Stopped! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2984) Stopped! C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (2992) Stopped! C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (3032) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (3088) Stopped! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (3124) Stopped! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (3200) Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3276) Stopped! C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (3500) Stopped! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3660) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (3836) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (3976) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (3308) Stopped! C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (4104) Stopped! C:\windows\system32\SearchIndexer.exe (4224) Stopped! C:\Windows\System32\igfxtray.exe (3896) Stopped! C:\Windows\System32\hkcmd.exe (4768) Stopped! C:\Windows\System32\igfxpers.exe (4800) Stopped! C:\Program Files\DellTPad\Apoint.exe (5236) Stopped! C:\Program Files\Dell\QuickSet\quickset.exe (5540) Stopped! C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (5188) Stopped! C:\Windows\System32\rundll32.exe (5296) Stopped! C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (5712) Stopped! C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (5924) Stopped! C:\Users\JP\AppData\Roaming\Dropbox\bin\Dropbox.exe (6080) Stopped! C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (5664) Stopped! C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (5756) Stopped! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (5864) Stopped! C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (5280) Stopped! C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (5620) Stopped! C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (5948) Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (5220) Stopped! C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (5460) Stopped! C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (5580) Stopped! C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (5800) Stopped! C:\Program Files\DellTPad\ApMsgFwd.exe (5636) Stopped! C:\Program Files\DellTPad\HidFind.exe (7092) Stopped! C:\Program Files\DellTPad\Apntex.exe (7156) Stopped! C:\windows\system32\taskeng.exe (6696) Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5308) Stopped! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (6880) Stopped! C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (4480) Stopped! C:\Program Files (x86)\Nero\Update\NASvc.exe (5020) Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (732) Stopped! C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (1736) Stopped! C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe (4484) ################## | Files # Infected Folders | Et enfin ZHP Diag © CJoint.com, 2012

En fait, j'avais deja effectue les etapes suivantes: RogueKiller et MBAM. Mais comme vous m'avez dit de le refaire, je n'ai pas reflechi et j'ai tout recommence! Voici le lien de AdwClean: © CJoint.com, 2012 Voici egalement le lien de JRT: © CJoint.com, 2012 Et enfin, en ayant refait tourner MBAM, voici le rapport que j'ai obtenu: Malwarebytes Anti-Malware (Essai) 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2013.07.01.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 JP :: JP-PC [administrateur] Protection: Activé 01/07/2013 20:55:03 mbam-log-2013-07-01 (20-55-03).txt Type d'examen: Examen complet (C:\|D:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 373165 Temps écoulé: 33 minute(s), 57 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) J'espere que cette fois-ci, je n'ai pas fait trop de betises!

Hehe oui, je ne fais pas les choses a moitie! Voici les ci-joints de RHKiller hier (je l'ai relance aujourd'hui et je n'ai pas eu d'errreur de registre): © CJoint.com, 2012 © CJoint.com, 2012 © CJoint.com, 2012 © CJoint.com, 2012 Et lorsque je l'ai relance aujourd'hui, voici les rapports que j'ai obtenus: © CJoint.com, 2012 © CJoint.com, 2012 Lancement de AdwCleaner, premier rapport: © CJoint.com, 2012 (la suite dans le message suivant)

Desole honte sur moi! J'ai relance le diagnostic, et voici le lien : pjjoint.malekal.com - Submit a file Je pense que cette fois-ci ca devrait etre bon.

Bonjour a tous, Je bataille depuis un petit bout de temps avec ce virus qu'AVG m'a detecte et a mis en quarantaine. J'ai trouve sur le site de l'aide en ligne (j'ai d'abord nettoye avec RogueKiller, puis analyse avec MBAM) et maintenant je suis un peu coince avec ZHP : j'ai effectue le diagnostic, mais maintenant je ne sais pas quoi faire avec le resultat. Dans le sujet que j'avais trouve en ligne (cf. [Résolu] Virus Win64/Patched.A et Luhe.Sirefef.A - Forums Zebulon.fr j'ai l'impression qu'on adapte les commandes de ZHPfix selon la sortie obtenue dans le diagnostic et je ne sais pas du tout faire! Voici le lien pour ma sortie diagnostique de ZPH : http://pjjoint.malekal.com/files.php?id=ZHPDiag_20130630_d10f8j14m5e6. Je vous remercie par avance de votre aide! J-P