Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

Voici le rapport :

 

 

Rapport de Contrôle restrictions Pierre13 (CTR version 2.1.0.0 ) du 11\11\2015 à 17:41:34
PC de Thib
Windows 7 Home Premium Service Pack 1 (64 bits)

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

PC vacciné contre sponsor Java.
Configuration Windows Update en mode demande.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activé.

232 restrictions contrôlées.

Aucune restriction trouvée.


Le rapport est sur le bureau (C:\Users\Thib\Desktop\CTR.txt)

Posté(e)

Ok...pas de restriction.

 

Vérification si ce n'est pas une infection:

 

Téléchargement ZHPDiag :



ZHPDiag_1-300x221.jpg


Démarrer la recherche :

  • – Cliquer sur « Scanner » pour démarrer la recherche.
  • – En cours de recherche, un compteur indique le nombre de détections.



ZHPDiag_2-300x220.jpg

  • – Laisser s'effectuer la recherche jusqu’à ce que la barre de progression atteigne le 100%
  • – Pour annuler la recherche, cliquer sur la touche « Echap ».
  • -- Cliquer sur Rapport à la fin du scan.
  • -- Héberger le rapport sur Cjoint (le rapport est sur le bureau)
  • -- Poster le lien vers ce rapport.

Posté(e) (modifié)

Alors après le redemarrage suite a CTR.exe, j'ai perdu ma connection a internet.J'ai reboot le routeur et réinitialisé le firewall.

La connection est revenu, mais toujours impossible de se connecter via la VPN.

 

Voici le rapport ZHPDiag :

 

http://www.cjoint.com/c/EKlrqsApXNh

 

edit: je ne suis pas connecter au groupe résidenciel

Modifié par TA-K-2-PT
Posté(e)

Bizarre...CTR ne touche pas au réseau...du moins n'empêche pas les connexions, au contraire.

 

Je regarde le rapport...

 

@++

Posté(e)

Bon...Il y a bien une infection..

 

Faire ceci:

 

Anti virus désactivé !

Télécharger ZHPFix sur cette page.



  • Sélectionner/copier ce code en marron ci dessous :



----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
3 - CFD: 13/07/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[MD5.00000000000000000000000000000000] [APT] [Chromium] (...) -- C:\Users\Thib\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (.not file.) [0] => Fichier absent
O43 - CFD: 23/06/2015 - [] D -- C:\ProgramData\boost_interprocess => boost.org
O43 - CFD: 08/04/2015 - [0] D -- C:\ProgramData\Note => Empty Folder not necessary
O43 - CFD: 29/04/2015 - [0] DC -- C:\ProgramData\{7A86240F-63E1-4D58-83D3-E717B0CCAD94} => Empty Folder not necessary
O53 - SMSR:HKLM\...\startupreg\Mobile Partner [Key] . (...) -- C:\Program Files (x86)\Wi-Fi Modem\Wi-Fi Modem (.not file.) => Fichier absent


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Lancer ZHPFix avec un clic droit et choisir Exécuter en tant qu'administrateur.

  • Cliquer sur « IMPORTER » ,
  • Le code doit apparaître
  • Dans ZHPFix, cliquer sur GO.
  • Laisser travailler l'outil.
  • S'il demande à redémarrer le PC, accepter.
  • Un rapport sera sur le bureau..Poster le contenu.



Posté(e) (modifié)

Une infection ! ...... Pourtant malware bytes ne voit rien ni mon AV........ bref c'est pas le sujet.

 

Voila le rapport :

 

 

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Thib at 11/11/2015 18:29:18
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (00mn 02s)
Dossier Prefetcher vidé

========== Clés du Registre ==========
SUPPRIMÉ:* StartupReg: Mobile Partner

========== Valeurs du Registre ==========
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
SUPPRIMÉ: FirewallRaz (Public) : NetPres-Out-TCP
SUPPRIMÉ: FirewallRaz (Public) : NetPres-In-TCP
SUPPRIMÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
SUPPRIMÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
SUPPRIMÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
SUPPRIMÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope

========== Dossiers ==========
SUPPRIMÉS Temporaires Windows (25)
SUPPRIMÉS Flash Cookies (0)
SUPPRIMÉ: C:\ProgramData\boost_interprocess
SUPPRIMÉ: C:\ProgramData\Note
SUPPRIMÉ: C:\ProgramData\{7A86240F-63E1-4D58-83D3-E717B0CCAD94}

========== Fichiers ==========
SUPPRIMÉS Temporaires Windows (131) (17 031 037 octets)
SUPPRIMÉS Flash Cookies (0) (0 octets)

========== Tache planifiée ==========
SUPPRIMÉ: Chromium

========== Autre ==========
NON TRAITÉ 3 - CFD: 13/07/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia


========== Récapitulatif ==========
1 : Clés du Registre
8 : Valeurs du Registre
5 : Dossiers
2 : Fichiers
1 : Tache planifiée
1 : Autre


End of clean in 00mn 05s

========== Chemin de fichier rapport ==========
C:\Users\Thib\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/04/2015 19:56:00 [2111]
C:\Users\Thib\AppData\Roaming\ZHP\ZHPFix[R2].txt - 22/04/2015 19:57:57 [1585]
C:\Users\Thib\AppData\Roaming\ZHP\ZHPFix[R3].txt - 22/04/2015 20:00:07 [1589]
C:\Users\Thib\AppData\Roaming\ZHP\ZHPFix[R4].txt - 11/11/2015 18:29:21 [1870]

Modifié par TA-K-2-PT
Posté(e)

Ah...mais les anti virus ne voient pas tout...la preuve.

C'est un rogue et je ne suis pas certain qu'il a bien été nettoyé.

Pour en être certain, faire ceci:

 

Désactiver l'anti virus avant !
Sous IE9, IE10 ou IE11, le filtre SmartScreen déclenche une alerte. Cliquer sur Actions puis sur Exécuter quand même


  • 1--> Où trouver la version 32 ou 64 bits de Windows ?
  • 2--> Aller sur cette page
  • 3--> Cliquer sur :
  • Portable 32 bits si Windows est en 32 bits.

    rogue_10.jpg
  • Portable 64 bits si Windows est en 64 bits.

    rogue_11.jpg
  • Pendant le téléchargement, une page va s'ouvrir...fermer cette page.
  • Placer (ou déplacer) le fichier téléchargé sur le bureau (Important!)
  • Faire un clic droit sur le fichier et choisir Exécuter en tant qu'administrateur.
  • Patienter le temps du Préscan

    presca10.jpg
  • Après le Préscan, cliquer sur Scan

    presca11.jpg
  • Le scan peut demander plusieurs minutes en fonction du nombre de fichiers à analyser...Patienter jusqu'à la fin.

    scan_e10.jpg
  • A la fin du scan, cliquer sur Rapport

    rappor11.jpg
  • Une autre interface va s'ouvrir, cliquer sur Ouvrir TXT

    rappor12.jpg
  • Le rapport va s'ouvrir...Sélectionner tout le contenu, le copier et le coller dans ta réponse.


Posté(e)


{

"header": {

"program": {

"project": "RogueKiller",

"version": "10.11.5.0",

"x64": true,

"date": "Nov 9 2015",

"contact": "http://www.adlice.com/contact/",

"feedback": "http://forum.adlice.com",

"website": "http://www.adlice.com/fr/logiciels/roguekiller/",

"blog": "http://www.adlice.com"

},

"environment": {

"operating_system": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version",

"boot": 0,

"winpe": false,

"user": "Thib",

"user_admin": true,

"program_location": "C:\\Users\\Thib\\Desktop\\RogueKillerX64_old.exe",

"x64": true,

"licensing": "free"

},

"report": {

"type": 1,

"aborted": false,

"date": "11/11/2015 19:06:23",

"switches": 0,

"debug": false

}

},

"information": {

"processes": [

{

"name": "[System Process]",

"name_parent": "",

"pid": 0,

"path": "",

"command_line": "",

"pid_parent": 0,

"path_parent": ""

},

{

"name": "System",

"name_parent": "",

"pid": 4,

"path": "",

"command_line": "",

"pid_parent": 0,

"path_parent": ""

},

{

"name": "smss.exe",

"name_parent": "",

"pid": 452,

"path": "C:\\Windows\\System32\\smss.exe",

"command_line": "",

"pid_parent": 4,

"path_parent": ""

},

{

"name": "csrss.exe",

"name_parent": "",

"pid": 652,

"path": "C:\\Windows\\System32\\csrss.exe",

"command_line": "",

"pid_parent": 644,

"path_parent": ""

},

{

"name": "wininit.exe",

"name_parent": "",

"pid": 828,

"path": "C:\\Windows\\System32\\wininit.exe",

"command_line": "",

"pid_parent": 644,

"path_parent": ""

},

{

"name": "csrss.exe",

"name_parent": "",

"pid": 856,

"path": "C:\\Windows\\System32\\csrss.exe",

"command_line": "",

"pid_parent": 840,

"path_parent": ""

},

{

"name": "services.exe",

"name_parent": "wininit.exe",

"pid": 896,

"path": "C:\\Windows\\System32\\services.exe",

"command_line": "",

"pid_parent": 828,

"path_parent": "C:\\Windows\\System32\\wininit.exe"

},

{

"name": "lsass.exe",

"name_parent": "wininit.exe",

"pid": 920,

"path": "C:\\Windows\\System32\\lsass.exe",

"command_line": "",

"pid_parent": 828,

"path_parent": "C:\\Windows\\System32\\wininit.exe"

},

{

"name": "winlogon.exe",

"name_parent": "",

"pid": 936,

"path": "C:\\Windows\\System32\\winlogon.exe",

"command_line": "",

"pid_parent": 840,

"path_parent": ""

},

{

"name": "lsm.exe",

"name_parent": "wininit.exe",

"pid": 944,

"path": "C:\\Windows\\System32\\lsm.exe",

"command_line": "",

"pid_parent": 828,

"path_parent": "C:\\Windows\\System32\\wininit.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 224,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "nvvsvc.exe",

"name_parent": "services.exe",

"pid": 764,

"path": "C:\\Windows\\System32\\nvvsvc.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "nvSCPAPISvr.exe",

"name_parent": "services.exe",

"pid": 784,

"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 508,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 1084,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 1132,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 1160,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 1192,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 1408,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "nvxdsync.exe",

"name_parent": "nvvsvc.exe",

"pid": 1544,

"path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe",

"command_line": "",

"pid_parent": 764,

"path_parent": "C:\\Windows\\System32\\nvvsvc.exe"

},

{

"name": "nvvsvc.exe",

"name_parent": "nvvsvc.exe",

"pid": 1552,

"path": "C:\\Windows\\System32\\nvvsvc.exe",

"command_line": "",

"pid_parent": 764,

"path_parent": "C:\\Windows\\System32\\nvvsvc.exe"

},

{

"name": "spoolsv.exe",

"name_parent": "services.exe",

"pid": 1604,

"path": "C:\\Windows\\System32\\spoolsv.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "sched.exe",

"name_parent": "services.exe",

"pid": 1632,

"path": "C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\sched.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 1748,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "taskhost.exe",

"name_parent": "services.exe",

"pid": 1880,

"path": "C:\\Windows\\System32\\taskhost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "dwm.exe",

"name_parent": "svchost.exe",

"pid": 2012,

"path": "C:\\Windows\\System32\\dwm.exe",

"command_line": "",

"pid_parent": 1132,

"path_parent": "C:\\Windows\\System32\\svchost.exe"

},

{

"name": "avguard.exe",

"name_parent": "services.exe",

"pid": 2044,

"path": "C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avguard.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "atkexComSvc.exe",

"name_parent": "services.exe",

"pid": 1272,

"path": "C:\\Program Files (x86)\\ASUS\\AXSP\\1.02.00\\atkexComSvc.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "explorer.exe",

"name_parent": "",

"pid": 1580,

"path": "C:\\Windows\\explorer.exe",

"command_line": "",

"pid_parent": 2004,

"path_parent": ""

},

{

"name": "taskeng.exe",

"name_parent": "svchost.exe",

"pid": 1844,

"path": "C:\\Windows\\System32\\taskeng.exe",

"command_line": "",

"pid_parent": 1192,

"path_parent": "C:\\Windows\\System32\\svchost.exe"

},

{

"name": "AsSysCtrlService.exe",

"name_parent": "services.exe",

"pid": 2300,

"path": "C:\\Program Files (x86)\\ASUS\\AsSysCtrlService\\1.00.22\\AsSysCtrlService.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 2328,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "DTSU2PAuSrv64.exe",

"name_parent": "services.exe",

"pid": 2364,

"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\DTSU2PAuSrv64.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "GfExperienceService.exe",

"name_parent": "services.exe",

"pid": 2436,

"path": "C:\\Program Files\\NVIDIA Corporation\\GeForce Experience Service\\GfExperienceService.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "HWDeviceService64.exe",

"name_parent": "services.exe",

"pid": 2492,

"path": "C:\\ProgramData\\DatacardService\\HWDeviceService64.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "DCSHelper.exe",

"name_parent": "HWDeviceService64.exe",

"pid": 2560,

"path": "C:\\ProgramData\\DatacardService\\DCSHelper.exe",

"command_line": "",

"pid_parent": 2492,

"path_parent": "C:\\ProgramData\\DatacardService\\HWDeviceService64.exe"

},

{

"name": "IPROSetMonitor.exe",

"name_parent": "services.exe",

"pid": 2568,

"path": "C:\\Windows\\System32\\IProsetMonitor.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "mbamscheduler.exe",

"name_parent": "services.exe",

"pid": 2632,

"path": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamscheduler.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "NvNetworkService.exe",

"name_parent": "services.exe",

"pid": 2876,

"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "NvStreamService.exe",

"name_parent": "services.exe",

"pid": 2948,

"path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamService.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "PnkBstrA.exe",

"name_parent": "services.exe",

"pid": 2996,

"path": "C:\\Windows\\SysWOW64\\PnkBstrA.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "NvBackend.exe",

"name_parent": "Explorer.EXE",

"pid": 3020,

"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe",

"command_line": "",

"pid_parent": 1580,

"path_parent": "C:\\Windows\\explorer.exe"

},

{

"name": "PnkBstrB.exe",

"name_parent": "services.exe",

"pid": 3028,

"path": "C:\\Windows\\SysWOW64\\PnkBstrB.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "GameScannerService.exe",

"name_parent": "services.exe",

"pid": 3056,

"path": "C:\\Program Files (x86)\\Razer\\Razer Services\\GSS\\GameScannerService.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "avira_system_speedup.exe",

"name_parent": "taskeng.exe",

"pid": 2216,

"path": "C:\\Program Files (x86)\\Avira\\AviraSpeedup\\avira_system_speedup.exe",

"command_line": "",

"pid_parent": 1844,

"path_parent": "C:\\Windows\\System32\\taskeng.exe"

},

{

"name": "avshadow.exe",

"name_parent": "avguard.exe",

"pid": 2124,

"path": "C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avshadow.exe",

"command_line": "",

"pid_parent": 2044,

"path_parent": "C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avguard.exe"

},

{

"name": "iusb3mon.exe",

"name_parent": "",

"pid": 3076,

"path": "C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe",

"command_line": "",

"pid_parent": 1956,

"path_parent": ""

},

{

"name": "RzSynapse.exe",

"name_parent": "",

"pid": 3096,

"path": "C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe",

"command_line": "",

"pid_parent": 1956,

"path_parent": ""

},

{

"name": "avgnt.exe",

"name_parent": "",

"pid": 3124,

"path": "C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe",

"command_line": "",

"pid_parent": 1956,

"path_parent": ""

},

{

"name": "jusched.exe",

"name_parent": "",

"pid": 3152,

"path": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe",

"command_line": "",

"pid_parent": 1956,

"path_parent": ""

},

{

"name": "GWX.exe",

"name_parent": "",

"pid": 3192,

"path": "C:\\Windows\\System32\\GWX\\GWX.exe",

"command_line": "",

"pid_parent": 3180,

"path_parent": ""

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 3460,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "nvtray.exe",

"name_parent": "nvxdsync.exe",

"pid": 3496,

"path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvtray.exe",

"command_line": "",

"pid_parent": 1544,

"path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe"

},

{

"name": "Avira.ServiceHost.exe",

"name_parent": "services.exe",

"pid": 3780,

"path": "C:\\Program Files (x86)\\Avira\\Launcher\\Avira.ServiceHost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "SearchIndexer.exe",

"name_parent": "services.exe",

"pid": 3820,

"path": "C:\\Windows\\System32\\SearchIndexer.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "WmiPrvSE.exe",

"name_parent": "svchost.exe",

"pid": 3692,

"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",

"command_line": "",

"pid_parent": 224,

"path_parent": "C:\\Windows\\System32\\svchost.exe"

},

{

"name": "dllhost.exe",

"name_parent": "svchost.exe",

"pid": 4308,

"path": "C:\\Windows\\System32\\dllhost.exe",

"command_line": "",

"pid_parent": 224,

"path_parent": "C:\\Windows\\System32\\svchost.exe"

},

{

"name": "Avira.Systray.exe",

"name_parent": "Avira.ServiceHost.exe",

"pid": 4672,

"path": "C:\\Program Files (x86)\\Avira\\Launcher\\Avira.Systray.exe",

"command_line": "",

"pid_parent": 3780,

"path_parent": "C:\\Program Files (x86)\\Avira\\Launcher\\Avira.ServiceHost.exe"

},

{

"name": "NvStreamNetworkService.exe",

"name_parent": "NvStreamService.exe",

"pid": 4960,

"path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamNetworkService.exe",

"command_line": "",

"pid_parent": 2948,

"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamService.exe"

},

{

"name": "NvStreamUserAgent.exe",

"name_parent": "NvStreamService.exe",

"pid": 4924,

"path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamUserAgent.exe",

"command_line": "",

"pid_parent": 2948,

"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamService.exe"

},

{

"name": "conhost.exe",

"name_parent": "csrss.exe",

"pid": 4912,

"path": "C:\\Windows\\System32\\conhost.exe",

"command_line": "",

"pid_parent": 652,

"path_parent": "C:\\Windows\\System32\\csrss.exe"

},

{

"name": "conhost.exe",

"name_parent": "csrss.exe",

"pid": 4928,

"path": "C:\\Windows\\System32\\conhost.exe",

"command_line": "",

"pid_parent": 856,

"path_parent": "C:\\Windows\\System32\\csrss.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 5032,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "IAStorIcon.exe",

"name_parent": "",

"pid": 5696,

"path": "C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe",

"command_line": "",

"pid_parent": 2932,

"path_parent": ""

},

{

"name": "IAStorDataMgrSvc.exe",

"name_parent": "services.exe",

"pid": 3884,

"path": "C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorDataMgrSvc.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "mbam.exe",

"name_parent": "mbamscheduler.exe",

"pid": 5448,

"path": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbam.exe",

"command_line": "",

"pid_parent": 2632,

"path_parent": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamscheduler.exe"

},

{

"name": "audiodg.exe",

"name_parent": "svchost.exe",

"pid": 2904,

"path": "C:\\Windows\\System32\\audiodg.exe",

"command_line": "",

"pid_parent": 1084,

"path_parent": "C:\\Windows\\System32\\svchost.exe"

},

{

"name": "svchost.exe",

"name_parent": "services.exe",

"pid": 2888,

"path": "C:\\Windows\\System32\\svchost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "firefox.exe",

"name_parent": "Explorer.EXE",

"pid": 3448,

"path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",

"command_line": "",

"pid_parent": 1580,

"path_parent": "C:\\Windows\\explorer.exe"

},

{

"name": "taskhost.exe",

"name_parent": "services.exe",

"pid": 5304,

"path": "C:\\Windows\\System32\\taskhost.exe",

"command_line": "",

"pid_parent": 896,

"path_parent": "C:\\Windows\\System32\\services.exe"

},

{

"name": "taskeng.exe",

"name_parent": "svchost.exe",

"pid": 7000,

"path": "C:\\Windows\\System32\\taskeng.exe",

"command_line": "",

"pid_parent": 1192,

"path_parent": "C:\\Windows\\System32\\svchost.exe"

},

{

"name": "SearchProtocolHost.exe",

"name_parent": "SearchIndexer.exe",

"pid": 6412,

"path": "C:\\Windows\\System32\\SearchProtocolHost.exe",

"command_line": "",

"pid_parent": 3820,

"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"

},

{

"name": "SearchFilterHost.exe",

"name_parent": "SearchIndexer.exe",

"pid": 5124,

"path": "C:\\Windows\\System32\\SearchFilterHost.exe",

"command_line": "",

"pid_parent": 3820,

"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"

},

{

"name": "RogueKillerX64_old.exe",

"name_parent": "Explorer.EXE",

"pid": 7052,

"path": "C:\\Users\\Thib\\Desktop\\RogueKillerX64_old.exe",

"command_line": "",

"pid_parent": 1580,

"path_parent": "C:\\Windows\\explorer.exe"

},

{

"name": "firefox.exe",

"name_parent": "RogueKillerX64_old.exe",

"pid": 2704,

"path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",

"command_line": "",

"pid_parent": 7052,

"path_parent": "C:\\Users\\Thib\\Desktop\\RogueKillerX64_old.exe"

}

]

},

"results": {

"processes": [],

"modules": [],

"services": [],

"registry": [

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 256,

"value": "Start Page",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 512,

"value": "Start Page",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 256,

"value": "Start Page",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_USERS\\S-1-5-21-3918476806-4240115513-3409448266-1000\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 512,

"value": "Start Page",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_USERS\\S-1-5-21-3918476806-4240115513-3409448266-1000\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 256,

"value": "Default_Page_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 512,

"value": "Default_Page_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 256,

"value": "Default_Page_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_USERS\\S-1-5-21-3918476806-4240115513-3409448266-1000\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.HomePage"

],

"rule_name": "IE Settings",

"view": 512,

"value": "Default_Page_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_USERS\\S-1-5-21-3918476806-4240115513-3409448266-1000\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.SearchPage"

],

"rule_name": "IE Settings",

"view": 256,

"value": "Search Page",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.SearchPage"

],

"rule_name": "IE Settings",

"view": 512,

"value": "Search Page",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.SearchPage"

],

"rule_name": "IE Settings",

"view": 256,

"value": "Default_Search_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.SearchPage"

],

"rule_name": "IE Settings",

"view": 512,

"value": "Default_Search_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.SearchPage"

],

"rule_name": "IE Settings",

"view": 256,

"value": "Default_Search_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_USERS\\S-1-5-21-3918476806-4240115513-3409448266-1000\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

},

{

"scan_what": 1,

"scan_how": [

12

],

"scan_how_trigger": 12,

"vendors": [

"PUM.SearchPage"

],

"rule_name": "IE Settings",

"view": 512,

"value": "Default_Search_URL",

"subkey": "",

"value_old_data": "",

"value_data": "https://safesearch.avira.com/#web/result?source=art&q=",

"path": "HKEY_USERS\\S-1-5-21-3918476806-4240115513-3409448266-1000\\Software\\Microsoft\\Internet Explorer\\Main",

"extra": "",

"files_status": "",

"vtscore": -1,

"files": [],

"status_str": "TROUVÉ",

"status_choice": 1,

"status_removed": 0

}

],

"tasks": [],

"filesystem": [

{

"scan_what": 3,

"scan_how": [

1,

2

],

"vendors": [

"PUP"

],

"status_choice": 2,

"processed": [

{

"type": 2,

"name": "{84F3A9E1-F22E-44D1-A4DA-6FDAED1C26FF}",

"path_expanded": "C:\\ProgramData\\{84F3A9E1-F22E-44D1-A4DA-6FDAED1C26FF}",

"path_compressed": "%programdata%\\{84F3A9E1-F22E-44D1-A4DA-6FDAED1C26FF}",

"md5": "",

"md5_low_level": "",

"forged": false,

"lnk_target": "",

"lnk_args": "",

"junc_target": "",

"junc_tag": 0,

"junc_error": 0,

"exists": true,

"signed": false,

"signer": "",

"status_str": "TROUVÉ",

"status_removed": 0

}

]

},

{

"scan_what": 3,

"scan_how": [

1,

2

],

"vendors": [

"PUP"

],

"status_choice": 2,

"processed": [

{

"type": 2,

"name": "{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}",

"path_expanded": "C:\\ProgramData\\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}",

"path_compressed": "%programdata%\\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}",

"md5": "",

"md5_low_level": "",

"forged": false,

"lnk_target": "",

"lnk_args": "",

"junc_target": "",

"junc_tag": 0,

"junc_error": 0,

"exists": true,

"signed": false,

"signer": "",

"status_str": "TROUVÉ",

"status_removed": 0

}

]

},

{

"scan_what": 3,

"scan_how": [

1,

2

],

"vendors": [

"PUP"

],

"status_choice": 2,

"processed": [

{

"type": 2,

"name": "{C78336EC-F2EB-4640-99A4-DFE96581B90B}",

"path_expanded": "C:\\ProgramData\\{C78336EC-F2EB-4640-99A4-DFE96581B90B}",

"path_compressed": "%programdata%\\{C78336EC-F2EB-4640-99A4-DFE96581B90B}",

"md5": "",

"md5_low_level": "",

"forged": false,

"lnk_target": "",

"lnk_args": "",

"junc_target": "",

"junc_tag": 0,

"junc_error": 0,

"exists": true,

"signed": false,

"signer": "",

"status_str": "TROUVÉ",

"status_removed": 0

}

]

},

{

"scan_what": 3,

"scan_how": [

1,

2

],

"vendors": [

"PUP"

],

"status_choice": 2,

"processed": [

{

"type": 2,

"name": "{DA6C351D-D7D1-4A58-8F29-2B90EB8E9081}",

"path_expanded": "C:\\ProgramData\\{DA6C351D-D7D1-4A58-8F29-2B90EB8E9081}",

"path_compressed": "%programdata%\\{DA6C351D-D7D1-4A58-8F29-2B90EB8E9081}",

"md5": "",

"md5_low_level": "",

"forged": false,

"lnk_target": "",

"lnk_args": "",

"junc_target": "",

"junc_tag": 0,

"junc_error": 0,

"exists": true,

"signed": false,

"signer": "",

"status_str": "TROUVÉ",

"status_removed": 0

}

]

},

{

"scan_what": 3,

"scan_how": [

1,

2

],

"vendors": [

"PUP"

],

"status_choice": 2,

"processed": [

{

"type": 2,

"name": "{F036CC43-6BE8-4CBD-91C3-76F4BC8FFD6F}",

"path_expanded": "C:\\ProgramData\\{F036CC43-6BE8-4CBD-91C3-76F4BC8FFD6F}",

"path_compressed": "%programdata%\\{F036CC43-6BE8-4CBD-91C3-76F4BC8FFD6F}",

"md5": "",

"md5_low_level": "",

"forged": false,

"lnk_target": "",

"lnk_args": "",

"junc_target": "",

"junc_tag": 0,

"junc_error": 0,

"exists": true,

"signed": false,

"signer": "",

"status_str": "TROUVÉ",

"status_removed": 0

}

]

}

],

"hosts": {

"is_too_big": false,

"lines": [

{

"scan_what": 0,

"scan_how": [],

"vendors": [],

"line": "127.0.0.1 \tlocalhost",

"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",

"status_str": "",

"status_malicious": false,

"status_choice": 1,

"status_removed": 0

}

]

},

"antirootkit": {

"is_driver_loaded": false,

"driver_error": 3221226347,

"results": []

},

"web_browsers": [],

"disk": {

"results": [],

"mbr": "+++++ PhysicalDrive0: +++++\n--- User ---\n[MBR] c4ad7448ba589bc6c8774a63fedb9cd8\n[BSP] fcefda0c1919ad5d8bff6e3961b78464 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"

}

}

}

Rejoindre la conversation

Vous publiez en tant qu’invité. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...