C'est super gentil, merci
Oui je sais c'est pour ça que je vous demande de me sauver carrément ma vie!
Je l'ai déjà télécharger, je viens de refaire une analyse que voici :
############################## | UsbFix V 7.169 | [Recherche]
Utilisateur: Daminou (Administrateur) # DAMIEN
Mis à jour le 31/03/2014 par El Desaparecido - Team SosVirus
Lancé à 19:07:08 | 23/04/2014
Site Web :
http://www.usbfix.net/
Changelog :
http://www.usbfix.net/maj/
Support :
http://www.sosvirus.net/forum-virus-securite.html
Upload Malware :
http://www.sosvirus.net/upload_malware.php
Contact :
http://www.usbfix.net/contact/
PC: SAMSUNG ELECTRONICS CO., LTD. (NP270E5E-X06FR)
CPU: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
RAM - [Total : 3798 Mo| Free : 1772 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot
OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16659
WB: Google Chrome : 34.0.1847.116
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Anti-virus firewall [Enabled | Updated]
AV: Windows Defender [(!) Disabled | Updated]
AS: Anti-virus firewall [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) - Disque fixe # 673 Go (594 Go libre(s) - 88%) [] # NTFS
D:\ - CD-ROM
E:\ - Disque amovible # 7 Go (7 Go libre(s) - 100%) [DAMIEN] # FAT32
################## | Processus Actif |
C:\WINDOWS\system32\wininit.exe (ID: 672 |ParentID: 576)
C:\WINDOWS\system32\lsass.exe (ID: 772 |ParentID: 672)
C:\WINDOWS\system32\svchost.exe (ID: 848 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 896 |ParentID: 764)
C:\WINDOWS\system32\nvvsvc.exe (ID: 980 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 568 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 596 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 804 |ParentID: 764)
C:\WINDOWS\System32\svchost.exe (ID: 1032 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 1152 |ParentID: 764)
C:\WINDOWS\System32\spoolsv.exe (ID: 1488 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 1516 |ParentID: 764)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1632 |ParentID: 764)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1748 |ParentID: 764)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1764 |ParentID: 764)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1796 |ParentID: 764)
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (ID: 1816 |ParentID: 764)
C:\WINDOWS\system32\dashost.exe (ID: 1880 |ParentID: 1032)
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (ID: 1888 |ParentID: 764)
C:\Program Files (x86)\Orange\Antivirus Firewall\fshoster32.exe (ID: 1528 |ParentID: 764)
C:\Program Files (x86)\Orange\Antivirus Firewall\apps\CCF_Reputation\fsorsp.exe (ID: 2064 |ParentID: 764)
C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE (ID: 2096 |ParentID: 764)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 2136 |ParentID: 764)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 2216 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 2316 |ParentID: 764)
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ID: 2392 |ParentID: 764)
C:\Program Files (x86)\Orange\Antivirus Firewall\apps\ComputerSecurity\Common\FSMA32.EXE (ID: 2956 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 3040 |ParentID: 764)
C:\WINDOWS\system32\svchost.exe (ID: 3056 |ParentID: 764)
C:\Program Files (x86)\Orange\Antivirus Firewall\apps\ComputerSecurity\Common\FSHDLL64.EXE (ID: 3344 |ParentID: 2956)
C:\WINDOWS\System32\svchost.exe (ID: 3368 |ParentID: 764)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 3844 |ParentID: 848)
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (ID: 4180 |ParentID: 4140)
C:\WINDOWS\system32\DllHost.exe (ID: 4504 |ParentID: 848)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 4696 |ParentID: 764)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4796 |ParentID: 764)
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (ID: 4804 |ParentID: 4140)
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (ID: 4624 |ParentID: 764)
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ID: 1496 |ParentID: 764)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3164 |ParentID: 764)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 5804 |ParentID: 764)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5776 |ParentID: 764)
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (ID: 5152 |ParentID: 764)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 3144 |ParentID: 764)
C:\WINDOWS\System32\WinLogon.exe (ID: 1184 |ParentID: 188)
C:\WINDOWS\System32\dwm.exe (ID: 1428 |ParentID: 1184)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 7008 |ParentID: 980)
C:\WINDOWS\system32\nvvsvc.exe (ID: 6420 |ParentID: 980)
C:\WINDOWS\system32\taskhostex.exe (ID: 2872 |ParentID: 596)
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ID: 5012 |ParentID: 1888)
C:\Program Files (x86)\Samsung\Settings\sSettings.exe (ID: 6660 |ParentID: 596)
C:\WINDOWS\Explorer.EXE (ID: 4264 |ParentID: 8848)
C:\Windows\System32\skydrive.exe (ID: 36 |ParentID: 848)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 1056 |ParentID: 7008)
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ID: 3968 |ParentID: 4264)
C:\Windows\System32\igfxtray.exe (ID: 7556 |ParentID: 4264)
C:\WINDOWS\system32\igfxext.exe (ID: 6336 |ParentID: 848)
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (ID: 2184 |ParentID: 3968)
C:\Program Files (x86)\Orange\Antivirus Firewall\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE (ID: 5800 |ParentID: 1528)
C:\Program Files\Samsung\S Agent\CommonAgent.exe (ID: 8044 |ParentID: 596)
C:\Program Files (x86)\Orange\Antivirus Firewall\apps\ComputerSecurity\Anti-Virus\fssm32.exe (ID: 4560 |ParentID: 5800)
C:\Windows\System32\hkcmd.exe (ID: 7572 |ParentID: 4264)
C:\Windows\System32\igfxpers.exe (ID: 4564 |ParentID: 4264)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 8132 |ParentID: 4264)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4972 |ParentID: 4464)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 6800 |ParentID: 4264)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 3300 |ParentID: 4264)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7808 |ParentID: 4972)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 5436 |ParentID: 848)
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe (ID: 6816 |ParentID: 4264)
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe (ID: 2984 |ParentID: 4264)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 5584 |ParentID: 3300)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6396 |ParentID: 4972)
C:\WINDOWS\SysWOW64\lxeccoms.exe (ID: 6000 |ParentID: 6816)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 5216 |ParentID: 2856)
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (ID: 8544 |ParentID: 2856)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 4756 |ParentID: 2856)
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (ID: 1368 |ParentID: 2856)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 2420 |ParentID: 2856)
C:\Program Files (x86)\Orange\Antivirus Firewall\fshoster32.exe (ID: 8528 |ParentID: 2856)
C:\Program Files (x86)\Orange\Antivirus Firewall\apps\ComputerSecurity\Common\FSM32.EXE (ID: 4928 |ParentID: 2856)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 8180 |ParentID: 2856)
C:\Windows\System32\SettingSyncHost.exe (ID: 3636 |ParentID: 848)
C:\Program Files (x86)\Orange\Antivirus Firewall\apps\ComputerSecurity\Spam Control\fsscoepl_x64.exe (ID: 4996 |ParentID: 4928)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID: 5552 |ParentID: 2420)
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (ID: 5256 |ParentID: 8044)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 1416 |ParentID: 848)
C:\Windows\System32\WUDFHost.exe (ID: 3104 |ParentID: 1032)
C:\WINDOWS\splwow64.exe (ID: 7276 |ParentID: 2984)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8856 |ParentID: 4972)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5704 |ParentID: 4972)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe (ID: 2188 |ParentID: 848)
C:\Windows\System32\RuntimeBroker.exe (ID: 6288 |ParentID: 848)
C:\WINDOWS\system32\taskhost.exe (ID: 5444 |ParentID: 596)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8084 |ParentID: 4972)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6448 |ParentID: 4972)
C:\Program Files (x86)\Orange\Antivirus Firewall\fsadminsettings.exe (ID: 4536 |ParentID: 8528)
C:\WINDOWS\System32\Taskmgr.exe (ID: 2920 |ParentID: 6844)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8184 |ParentID: 4972)
C:\Windows\System32\WWAHost.exe (ID: 5868 |ParentID: 848)
C:\Program Files\Microsoft Office 15\Root\Office15\POWERPNT.EXE (ID: 1316 |ParentID: 4972)
C:\WINDOWS\system32\SearchProtocolHost.exe (ID: 8792 |ParentID: 4696)
C:\WINDOWS\system32\SearchFilterHost.exe (ID: 9172 |ParentID: 4696)
C:\WINDOWS\System32\svchost.exe (ID: 3092 |ParentID: 764)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKCU\..\Run : [Facebook Update] "C:\Users\Daminou\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKLM\..\Run : [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\..\Run : [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
04 - HKLM\..\Run : [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [F-Secure Hoster (77051)] "C:\Program Files (x86)\Orange\Antivirus Firewall\fshoster32.exe" -app -hosterid:1
04 - HKLM\..\Run : [F-Secure Manager] "C:\Program Files (x86)\Orange\Antivirus Firewall\apps\ComputerSecurity\Common\FSM32.EXE" /splash
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - [x64] HKLM\..\Run : [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
04 - [x64] HKLM\..\Run : [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
04 - [x64] HKLM\..\Run : [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
04 - [x64] HKLM\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - [x64] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - [x64] HKLM\..\Run : [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
04 - [x64] HKLM\..\Run : [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
04 - [x64] HKLM\..\Run : [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
04 - [x64] HKLM\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - HKU\S-1-5-21-2710196674-1561009495-2148570843-1002\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-2710196674-1561009495-2148570843-1002\..\Run : [Facebook Update] "C:\Users\Daminou\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
################## | Recherche générique |
################## | Registre |
################## | E.O.F |
http://www.usbfix.net/ -
http://www.sosvirus.net |