Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par Miaka
#14364
Bonjour,
Je suis nouvelle sur ce forum et d'ailleurs c'est la 1ère fois que je suis inscrite "tout court" dans un forum.
Donc j'y connais rien.
J'ai suivi les conseils que vous avez donnés à  d'autres membres concernant l'utilisation de usbfix à  installer sur son bureau, cliquer sur rechercher puis sur supprimer.

Je l'ai fais une 1ère fois, ça a fonctionné sur ma clé usb et même sur les docs du pc.

Maintenant, j'ai voulu refaire pareil avec mes 2 autres clés usb + mon appareil numérique et mon mp3 car ils sont tous infectés par le virus raccourci... rien n'y fait.

J'ai désinstaller puis installé de nouveau USBFIX mais maintenant, il a plus la couleur rouge et jaune du début, il est plutôt rose et bleu et fonctionne pour la recherche (me donne un rapport).
Par contre, quand je clique sur supprimer, il m'envoie direct sur votre site !!!!????

Quel est le problème svp?

D'avance je vous remercie... j'ai vraiment besoin de détruire complètement ce virus.

bien à  vous, :merci2:
Avatar du membre
par Miaka
#14589
Bonjour,
Désolée j'ai supprimé le rapport...
Ces derniers temps, comme le pc est hyper lent j'ai une fà¢cheuse tendance à  tout supprimer..
Il n'est plus dans ma corbeille non plus! ;(

Désolée de rep en retard..

Merci pour votre aide
Avatar du membre
par El Desaparecido
#14593
Nous allons éffectuer un diagnostic de ton ordinateur.
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

    Image
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à  été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Avatar du membre
par Miaka
#14605
Merci Monsieur, voici le rapport:


~ Rapport de ZHPDiag v2013.11.4.4 - Nicolas Coolman (4/11/2013)
~ Lancé par dell (5/11/2013 17:22:10)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 758 MB (16% free)
System Restore: Activé (Enable)
System drive C: has 18 GB (48%) free of 37 GB

---\\ Mode de connexion au système
~ Computer Name: ADM-E6577662901
~ User Name: dell
~ All Users Names: SUPPORT_388945a0, HelpAssistant, dell, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\dell\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\dell\Application Data\
~ %Desktop% : C:\Documents and Settings\dell\Bureau\
~ %Favorites% : C:\Documents and Settings\dell\Favoris\
~ %LocalAppData% : C:\Documents and Settings\dell\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\dell\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 18 Go of 37 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:33.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 9:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/25
~ Mes musiques (My Musics) : 2/4
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 2/35
~ Mon Bureau (My Desktop) : 2/10
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.0A7F86657755ADA92C57E597BF5151F7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1084]
[MD5.E89028D8068170E606AA0996D457AAA3] - (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe [85470352] [PID.1648]
[MD5.2D894EDBC9348BD01168AF0D062BEEB1] - (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe [21223942] [PID.2904]
[MD5.10247C15D999CC116C87DA36BD0AD64D] - (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928] [PID.3244]
[MD5.DDE4A991F26179573D2CFA7A093F56FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [163840] [PID.3520]
[MD5.EAF47A526B911B0961D3FECEB442E0C4] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135168] [PID.3688]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.1376]
[MD5.E05E86D484CDA786CAA97B750F243DDC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20474528] [PID.968]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.516]
[MD5.89BECCA60E9A652934D65EDB72A438A4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8174080] [PID.3036]
~ Processes Running: Scanned in 00mn 06s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\prefs.js
M3 - MFPP: Plugins - [dell] -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\amazon.xml
M3 - MFPP: Plugins - [dell] -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [dell] -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [dell] -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\Search_Results.xml =>PUP.SearchResults
M3 - MFPP: Plugins - [dell] -- C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml =>PUP.SearchResults
M0 - MFSP: prefs.js [dell - 5lzax1qx.default] http://www.amazon.com" onclick="window.open(this.href);return false;
~ Firefox Browser: 13 Legitimates Filtered in 00mn 04s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com" onclick="window.open(this.href);return false;
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cd.feuvert.be;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} . (.Bandoo Media Inc - Url Helper.) -- C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll =>Adware.Bandoo
O2 - BHO: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} . (.APN LLC - dtx Dynamic Link Library.) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll =>PUP.SearchResults
~ BHO: 16 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Search-Results Toolbar - [HKLM]{f34c9277-6577-4dff-b2d7-7d58092f272f} . (.APN LLC - dtx Dynamic Link Library.) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll =>PUP.SearchResults
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [dell]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 7 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [DATAMNGR] . (.Bandoo Media Inc - Data Manager.) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe =>Adware.Bandoo
O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline
O4 - HKLM\..\Run: [jusched7] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKLM\..\Run: [Intel(R)Bl] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKCU\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKLM\..\policies\Explorer\Run: [jusched9] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKLM\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKCU\..\policies\Explorer\Run: [jusched9] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKCU\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à  OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Bandoo Media Inc - Data Manager.) - C:\Program Files\SEARCH~1\Datamngr\datamngr.dll =>Adware.Bandoo
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 2 Legitimates Filtered in 00mn 07s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: (no name) - {X1A25B25-0C22-13AW-1V25-L5HMUV12V36O} . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
~ Active Setup: 22 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Search-Results Toolbar - (.APN LLC.) [HKLM] -- ilividtoolbarguid =>Adware.Bandoo
~ Logic: 46 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN DTX]
[HKCU\Software\Alexa Internet]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Poussin]
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKCU\Software\à€ classé]
[HKCU\Software\Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“ Æ’EÆ’BÆ’U[Æ’h‚à…¶¬‚³‚ꂽƒ[Æ’Jƒ‹ Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\De Boeck & Larcier S.A.]
[HKLM\Software\iLividSRTB] =>Adware.Bandoo
~ Key Software: 110 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/05/2013 - 17:28:54 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 6/12/2012 - 20:08:13 - [21,609] ----D C:\Program Files\Search Results Toolbar =>PUP.SearchResults
O43 - CFD: 7/06/2013 - 11:03:37 - [0] ----D C:\Documents and Settings\All Users\Application Data\Ask
O43 - CFD: 11/03/2012 - 19:18:41 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>Toolbar.Babylon
O43 - CFD: 6/12/2012 - 20:07:11 - [0] ----D C:\Documents and Settings\All Users\Application Data\boost_interprocess
O43 - CFD: 8/04/2005 - 3:16:43 - [0,022] --H-D C:\Documents and Settings\dell\Application Data\0842810B
O43 - CFD: 11/03/2012 - 19:18:41 - [0,011] ----D C:\Documents and Settings\dell\Application Data\Babylon =>Toolbar.Babylon
O43 - CFD: 6/12/2012 - 20:08:44 - [0] ----D C:\Documents and Settings\dell\Application Data\searchresultstb =>PUP.SearchResults
O43 - CFD: 11/03/2012 - 19:18:42 - [13,007] ----D C:\Documents and Settings\dell\Local Settings\Application Data\Babylon =>Toolbar.Babylon
~ Program Folder: 113 Legitimates Filtered in 00mn 25s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F76868188B955ACF92B41089C7FDF1B1] - 1/11/2013 - 15:48:06 ---A- . (...) -- C:\WINDOWS\wmsetup.log [3050]
O44 - LFC:[MD5.59C6F6D7843521AADB43A82E3B94B064] - 2/11/2013 - 19:09:05 ---A- . (...) -- C:\WINDOWS\pLsd.dat [93102]
O44 - LFC:[MD5.44697312B74BDD433CC3763579E4F06B] - 27/10/2013 - 23:20:07 ---A- . (...) -- C:\WINDOWS\permis.ini [82]
O44 - LFC:[MD5.05280EBDE8970201298787CB2AC5AC58] - 5/11/2013 - 16:32:58 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.1BFD18C488CC82B10F5713B044FA9574] - 5/11/2013 - 16:33:07 ---A- . (...) -- C:\WINDOWS\wiadebug.log [441]
~ Files: 18 Legitimates Filtered in 00mn 22s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.87E0EE68A051195883CBD384E2BDDDF3] - 2/11/2013 - 9:21:10 ---A- - C:\WINDOWS\Prefetch\FEUVERT.EXE-0CAAA735.pf
O45 - LFCP:[MD5.74A38BCB3DCA0BB99314BD14736F811E] - 24/10/2013 - 20:32:20 ---A- - C:\WINDOWS\Prefetch\SEARCH_PROTECT.EXE-2CC42F38.pf
O45 - LFCP:[MD5.1CEC2C9256D321F53217DBD3569274C4] - 27/10/2013 - 23:17:03 ---A- - C:\WINDOWS\Prefetch\SETUP_PDD0.EXE-0190A0C9.pf
O45 - LFCP:[MD5.E9574403E4F8A05A6E7E0E8E9EB199EE] - 28/10/2013 - 23:20:01 ---A- - C:\WINDOWS\Prefetch\PERMIS.EXE-22BB8390.pf
O45 - LFCP:[MD5.5D86AA95541F29D078F4E44A5FA68FBF] - 3/11/2013 - 13:21:59 ---A- - C:\WINDOWS\Prefetch\INTEL(R)GRAPH.EXE-30154E07.pf
O45 - LFCP:[MD5.6C534FDB8E2B3C11258380FC34B723B8] - 3/11/2013 - 13:24:05 ---A- - C:\WINDOWS\Prefetch\INTEL(R)PL5.EXE-03189382.pf
O45 - LFCP:[MD5.9B48DDE4A63D47137C3169110E5793D8] - 4/11/2013 - 10:25:27 ---A- - C:\WINDOWS\Prefetch\FSUM.COM-26E40E4F.pf
O45 - LFCP:[MD5.AF9A4832589BE57F0B704BE23B0C8C86] - 4/11/2013 - 10:32:59 ---A- - C:\WINDOWS\Prefetch\GO.EXE-39722D3E.pf
O45 - LFCP:[MD5.0F8DE88AFBEC3FDA9FAF065B5AC95989] - 5/11/2013 - 10:06:12 ---A- - C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-35B8F253.pf
O45 - LFCP:[MD5.F4CC948E678D137CB7E0E45D5ECF6251] - 5/11/2013 - 16:35:46 ---A- - C:\WINDOWS\Prefetch\DATAMN~1.EXE-0B977BB4.pf
O45 - LFCP:[MD5.4CD44A77531E5F51DC78419E0313CC32] - 5/11/2013 - 16:36:13 ---A- - C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-2D0670F3.pf
~ Prefetcher: 114 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe" [Enabled] .(.APN LLC.) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe =>PUP.SearchResults
~ Keys Export: 13 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E6F53D6C0DEA3D375362265E175CA638] - 24/02/2010 - 11:22:10 ---A- . (.Protect Software GmbH - ProtectDisc x64/x86 Hybrid Driver.) -- C:\WINDOWS\system32\Drivers\acedrv11.sys [185472]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 5/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2/11/2013 - 17:24:14 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\HOSTS.txt [790] =>.Nicolas Coolman
O61 - LFC: 2/11/2013 - 17:24:21 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\2EMEMAIN EBAY KAPAZA\2ememain.url [1685] =>Toolbar.eBay
O61 - LFC: 2/11/2013 - 17:24:21 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\BROCANTES.url [1316]
O61 - LFC: 2/11/2013 - 17:25:02 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat [18740]
O61 - LFC: 2/11/2013 - 17:28:32 ---A- . (...) -- C:\Documents and Settings\dell\Recent\images.lnk [250]
O61 - LFC: 2/11/2013 - 17:28:34 ---A- . (...) -- C:\Documents and Settings\dell\Recent\S4300292.lnk [359]
O61 - LFC: 2/11/2013 - 17:28:34 ---A- . (...) -- C:\Documents and Settings\dell\Recent\S4300584.lnk [359]
O61 - LFC: 3/11/2013 - 17:23:36 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\0842810B\03-11-2013 [1208]
O61 - LFC: 3/11/2013 - 17:23:38 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\dell-wchelper.dll [154283]
O61 - LFC: 3/11/2013 - 17:28:34 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 2] ADM-E6577662901.lnk [612]
O61 - LFC: 3/11/2013 - 17:28:34 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 3] ADM-E6577662901.lnk [612]
O61 - LFC: 4/11/2013 - 17:23:36 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\0842810B\04-11-2013 [12212]
O61 - LFC: 4/11/2013 - 17:23:48 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\Microsoft\Media Player\00B3338C.wpl [355]
O61 - LFC: 4/11/2013 - 17:25:02 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb [1900544]
O61 - LFC: 4/11/2013 - 17:25:02 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb [430]
O61 - LFC: 4/11/2013 - 17:25:07 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML [13846]
O61 - LFC: 4/11/2013 - 17:28:31 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb Hindi 2012 - Nekhdam Clandestin.lnk [393]
O61 - LFC: 4/11/2013 - 17:28:31 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb Hindi Best Of 2013 - Sahabha Alamha Lamour.lnk [436]
O61 - LFC: 4/11/2013 - 17:28:31 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb el Omari 2010.lnk [321]
O61 - LFC: 4/11/2013 - 17:28:31 ---A- . (...) -- C:\Documents and Settings\dell\Recent\cheb el hendi 2013 datni mp3.lnk [361]
O61 - LFC: 4/11/2013 - 17:28:31 ---A- . (...) -- C:\Documents and Settings\dell\Recent\cheb hindi nediha gawria 2012.lnk [369]
O61 - LFC: 4/11/2013 - 17:28:32 ---A- . (...) -- C:\Documents and Settings\dell\Recent\El Hindi 2011 - Merga Had Chira.lnk [372]
O61 - LFC: 4/11/2013 - 17:28:32 ---A- . (...) -- C:\Documents and Settings\dell\Recent\lhbitri 2007.lnk [297]
O61 - LFC: 4/11/2013 - 17:28:34 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 1] ADM-E6577662901.lnk [612]
O61 - LFC: 5/11/2013 - 17:23:36 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\0842810B\05-11-2013 [9475]
O61 - LFC: 5/11/2013 - 17:23:38 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\dellv3.4.2.2.vbs [808]
O61 - LFC: 5/11/2013 - 17:24:14 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\Log.txt [21313] =>.Nicolas Coolman
O61 - LFC: 5/11/2013 - 17:24:14 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\TestsZHPDiag.txt [3172] =>.Nicolas Coolman
O61 - LFC: 5/11/2013 - 17:24:14 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 5/11/2013 - 17:24:14 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 5/11/2013 - 17:24:21 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\La doudoune longue wow.url [1048]
O61 - LFC: 5/11/2013 - 17:24:21 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\Manteau long - A vendre €25 à  Mettet 2ememain.be.url [4600]
O61 - LFC: 5/11/2013 - 17:24:21 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\PC BANKING\PC BANKING FORTIS BANQUE.url [1088]
O61 - LFC: 5/11/2013 - 17:24:21 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\Parka capuche amovible SOFT GREY La Redoute.url [1059]
O61 - LFC: 5/11/2013 - 17:24:21 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\TELECHARGER.url [596]
O61 - LFC: 5/11/2013 - 17:24:21 -SHA- . (...) -- C:\Documents and Settings\dell\IECompatCache\index.dat [65536]
O61 - LFC: 5/11/2013 - 17:24:21 -SHA- . (...) -- C:\Documents and Settings\dell\IETldCache\index.dat [262144]
O61 - LFC: 5/11/2013 - 17:28:31 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Adele - Someone Like You.lnk [345]
O61 - LFC: 5/11/2013 - 17:28:32 ---A- . (...) -- C:\Documents and Settings\dell\Recent\MOUNIR (E).lnk [185]
O61 - LFC: 5/11/2013 - 17:28:33 ---A- . (...) -- C:\Documents and Settings\dell\Recent\mounir.lnk [249]
O61 - LFC: 5/11/2013 - 17:28:34 ---A- . (...) -- C:\Documents and Settings\dell\Recent\_____ _____ ______ (_____ ___ ______).lnk [473]
O61 - LFC: 5/11/2013 - 17:28:34 ---A- . (...) -- C:\Documents and Settings\dell\Recent\will.i.am - Heartbreaker ft. Cheryl Cole.lnk [409]
~ 17 Fichiers temporaires (Temporary files)
~ 194 Fichiers cookies (Cookies files)
~ Files: 332 Legitimates Filtered in 04mn 58s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [dell - 5lzax1qx.default] user_pref("extensions.asktb.ff-original-keyword-url", "http://www.amazon.com/websearch/ref=bit ... ay?ie=UTF8&[...]
O69 - SBI: SearchScopes [HKCU] A144FA10FAB840C1BBB3C125047CF88B - (Amazon) - http://www.amazon.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {78539862-2E3B-4F4E-AA81-2E42695902C1} - (Ask Search) - http://websearch.ask.com" onclick="window.open(this.href);return false; =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Search Results) - http://dts.search-results.com" onclick="window.open(this.href);return false; =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {a5b9c0f5-5616-47cd-a95f-e43b488faccf} - (My Web Search) - http://search.mywebsearch.com" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} [DefaultScope] - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {FEC05A40-4F72-4D7B-8066-6CE05F5FF1C2} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.705FD70F8FF19A91F51F40D395C5FA05] [SPRF][2/10/2013] (.Java (TM) - Java (TM).) -- C:\Documents and Settings\dell\Local Settings\Application Data\Intel(TM)7z.exe [24675532]
[MD5.CF43D0F929AE3335692D014F4DF05E6D] [SPRF][3/11/2013] (...) -- C:\Documents and Settings\dell\Application Data\dell-wchelper.dll [154283]
~ Files: 3 Legitimates Filtered in 00mn 02s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A20F87C59CDD86A1BB68D2058F2C5263] [WIS][16/05/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\137058.msi [24064] =>Toolbar.Google
~ WIS: 48 Legitimates Filtered in 00mn 10s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 9/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 16/05/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 5/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: Scanned in 00mn 11s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Run by dell at 5/11/2013 17:29:56

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Harddisk0\DR0[0x82FE5AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by dell at 5/11/2013 17:29:58

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12971 - (4/11/2013)
Clés trouvées (Keys found) : 41
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.SearchResults^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid] =>Adware.Bandoo^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c98d5b61-b0ea-4d48-9839-1079d352d880}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c98d5b61-b0ea-4d48-9839-1079d352d880}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKLM\Software\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}] =>Toolbar.Amazon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}] =>Toolbar.Amazon
[HKLM\Software\Classes\AppID\BrowserConnection.dll] =>Adware.Bandoo
[HKLM\Software\Classes\BrowserConnection.Loader] =>Adware.Bandoo
[HKLM\Software\Classes\BrowserConnection.Loader.1] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\&search] =>Adware.BHO
[HKCU\Software\APN DTX] =>Toolbar.Ask
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKLM\Software\iLividSRTB] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{f34c9277-6577-4dff-b2d7-7d58092f272f} =>PUP.SearchResults^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:DATAMNGR =>Adware.Bandoo^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\Search Results Toolbar =>PUP.SearchResults^
C:\Documents and Settings\All Users\Application Data\Babylon =>Toolbar.Babylon^
C:\Documents and Settings\dell\Application Data\Babylon =>Toolbar.Babylon^
C:\Documents and Settings\dell\Application Data\searchresultstb =>PUP.SearchResults^
C:\Documents and Settings\dell\Local Settings\Application Data\Babylon =>Toolbar.Babylon^
C:\Program Files\Amazon Browser Bar =>Toolbar.Amazon
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
C:\Windows\Installer\137058.msi =>Toolbar.Google^
~ Additionnel Scan: 163912 Items scanned in 00mn 27s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... rchresults" onclick="window.open(this.href);return false; =>PUP.SearchResults
~ http://nicolascoolman.webs.com/apps/blo ... are-bandoo" onclick="window.open(this.href);return false; =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blo ... bar-google" onclick="window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit" onclick="window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... p-datamngr" onclick="window.open(this.href);return false; =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blo ... mypcbackup" onclick="window.open(this.href);return false; =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon" onclick="window.open(this.href);return false; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... olbar-ebay" onclick="window.open(this.href);return false; =>Toolbar.eBay
~ http://nicolascoolman.webs.com/apps/blo ... oolbar-ask" onclick="window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blo ... ywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blo ... lbar-skype" onclick="window.open(this.href);return false; =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blo ... lbar-avira" onclick="window.open(this.href);return false; =>Toolbar.Avira
~ http://nicolascoolman.webs.com/apps/blo ... mapsgalaxy" onclick="window.open(this.href);return false; =>Adware.MapsGalaxy
~ MSI: 13 link(s) detected in 00mn 27s



~ 1164 Legitimates filtered by white list
End of the scan (594 lines in 08mn 16s)(0)
Avatar du membre
par El Desaparecido
#14606
  • Télécharge OTM de OldTimer sur ton bureau.
  • Double-clique sur OTM.exe pour le lancer.
  • Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
  • Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.

Image
Code : Tout sélectionner
:files 
C:\Users\Public\*.exe 
C:\Users\Public\*.vbe
C:\Documents and Settings\dell\Application Data\0842810B
C:\WINDOWS\Prefetch\*.pf
C:\Documents and Settings\dell\Application Data\dell-wchelper.dll 
C:\Documents and Settings\dell\Application Data\*.exe
C:\Documents and Settings\dell\Application Data\Public
C:\Documents and Settings\dell\Application Data\*.vbs
C:\Documents and Settings\dell\Local Settings\Application Data\*.exe
C:\Documents and Settings\dell\Local Settings\Application Data\*.vbs

:Reg
[-HKEY_CURRENT_USER\Software\à€ classé]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"8jusched"=-
"Intel(R)Bl4"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"jusched7"=-
"Intel(R)Bl"=-
[HKEY_USERS\S-1-5-21-1957994488-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
"8jusched"=-
"Intel(R)Bl4"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
"9jusched"=-
"Intel(R)Bl5"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
"9jusched"=-
"Intel(R)Bl5"=-

:commands 
[emptytemp] 
  • Clique sur "MoveIt!" .
  • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l'ordinateur.
  • Si c'est le cas, acceptes en cliquant sur "YES".
  • Post le rapport dans ta prochaine réponse.
  • Le rapport est situé dans C:\_OTM\MovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).
Avatar du membre
par Miaka
#14609
merci de m'aider :)

voici le contenu du rapport, si y a moyen de vous l'envoyer autrement pour que ça ne soit pas une grosse tartine, n'hésitez pas à  me dire comment..

merci d'avance

All processes killed
========== FILES ==========
C:\Users\Public\Intel(R)Bl.exe moved successfully.
C:\Users\Public\Intel(R)Graph.exe moved successfully.
C:\Users\Public\Intel(R)Pl5.exe moved successfully.
C:\Users\Public\jusched.exe moved successfully.
C:\Users\Public\4z1z.VBE moved successfully.
C:\Users\Public\7z1z.VBE moved successfully.
C:\Users\Public\9eimmD.vbe moved successfully.
C:\Users\Public\9eizmmD.vbe moved successfully.
C:\Users\Public\9stiemD.VBE moved successfully.
C:\Users\Public\9stziemD.VBE moved successfully.
C:\Documents and Settings\dell\Application Data\0842810B folder moved successfully.
C:\WINDOWS\Prefetch\AM_DELTA_PATCH_1.161.1151.0.E-2BCF3F55.pf moved successfully.
C:\WINDOWS\Prefetch\AM_DELTA_PATCH_1.161.1251.0.E-2B58D3BC.pf moved successfully.
C:\WINDOWS\Prefetch\AM_DELTA_PATCH_1.161.1332.0.E-1F5B9583.pf moved successfully.
C:\WINDOWS\Prefetch\AM_DELTA_PATCH_1.161.659.0.EX-06D5063A.pf moved successfully.
C:\WINDOWS\Prefetch\AM_DELTA_PATCH_1.161.801.0.EX-1CC2825D.pf moved successfully.
C:\WINDOWS\Prefetch\AM_DELTA_PATCH_1.161.846.0.EX-0C338AD2.pf moved successfully.
C:\WINDOWS\Prefetch\AM_DELTA_PATCH_1.161.896.0.EX-19D9B98D.pf moved successfully.
C:\WINDOWS\Prefetch\AU_.EXE-05C8D81D.pf moved successfully.
C:\WINDOWS\Prefetch\CCLEANER.EXE-0BCE437C.pf moved successfully.
C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf moved successfully.
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf moved successfully.
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
C:\WINDOWS\Prefetch\DATAMN~1.EXE-0B977BB4.pf moved successfully.
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf moved successfully.
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf moved successfully.
C:\WINDOWS\Prefetch\DW20.EXE-0F7C73AD.pf moved successfully.
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\Prefetch\FACEBOOKUPDATE.EXE-14C47792.pf moved successfully.
C:\WINDOWS\Prefetch\FEUVERT.EXE-0CAAA735.pf moved successfully.
C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf moved successfully.
C:\WINDOWS\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf moved successfully.
C:\WINDOWS\Prefetch\FSUM.COM-26E40E4F.pf moved successfully.
C:\WINDOWS\Prefetch\GO.EXE-39722D3E.pf moved successfully.
C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-27588DA3.pf moved successfully.
C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-39D7EE95.pf moved successfully.
C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-2C9D1F31.pf moved successfully.
C:\WINDOWS\Prefetch\GREP.COM-2D03091C.pf moved successfully.
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\Prefetch\HKCMD.EXE-1D05234B.pf moved successfully.
C:\WINDOWS\Prefetch\IASTORICON.EXE-2AA6B195.pf moved successfully.
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\Prefetch\IGFXPERS.EXE-2C07C174.pf moved successfully.
C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.
C:\WINDOWS\Prefetch\IGFXTRAY.EXE-3391579A.pf moved successfully.
C:\WINDOWS\Prefetch\IKERNEL.EXE-048903CE.pf moved successfully.
C:\WINDOWS\Prefetch\IKERNEL.EXE-0F497BD1.pf moved successfully.
C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-2D0670F3.pf moved successfully.
C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-35B8F253.pf moved successfully.
C:\WINDOWS\Prefetch\INTEL(R)GRAPH.EXE-30154E07.pf moved successfully.
C:\WINDOWS\Prefetch\INTEL(R)PL5.EXE-03189382.pf moved successfully.
C:\WINDOWS\Prefetch\INTEL(TM)7Z.EXE-1F777EF7.pf moved successfully.
C:\WINDOWS\Prefetch\INTEL(TM)7Z.EXE-289DB3AB.pf moved successfully.
C:\WINDOWS\Prefetch\JUSCHED.EXE-0173BDFB.pf moved successfully.
C:\WINDOWS\Prefetch\JUSCHED.EXE-116B8467.pf moved successfully.
C:\WINDOWS\Prefetch\JUSCHED.EXE-158C0737.pf moved successfully.
C:\WINDOWS\Prefetch\JUSCHED.EXE-29EED084.pf moved successfully.
C:\WINDOWS\Prefetch\LADS.EXE-06335087.pf moved successfully.
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\Prefetch\MBR.EXE-313604BE.pf moved successfully.
C:\WINDOWS\Prefetch\MBRCHECK.EXE-2B10ECF1.pf moved successfully.
C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1E628E9C.pf moved successfully.
C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-1D30D19B.pf moved successfully.
C:\WINDOWS\Prefetch\MSHTA.EXE-331DF029.pf moved successfully.
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
C:\WINDOWS\Prefetch\MSMPENG.EXE-053C8CA0.pf moved successfully.
C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf moved successfully.
C:\WINDOWS\Prefetch\MSSECES.EXE-14257906.pf moved successfully.
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\Prefetch\NSLOOKUP.EXE-160B1221.pf moved successfully.
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\Prefetch\OSPPSVC.EXE-307F45D2.pf moved successfully.
C:\WINDOWS\Prefetch\OTM.EXE-3790DD77.pf moved successfully.
C:\WINDOWS\Prefetch\OUTLOOK.EXE-0454B3E2.pf moved successfully.
C:\WINDOWS\Prefetch\PERMIS.EXE-22BB8390.pf moved successfully.
C:\WINDOWS\Prefetch\PV.EXE-215F4419.pf moved successfully.
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-132C8EAC.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13E2ECEC.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3EAF638B.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-416F1D64.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4984B0FE.pf moved successfully.
C:\WINDOWS\Prefetch\SCHTASKS.EXE-0CBF6A11.pf moved successfully.
C:\WINDOWS\Prefetch\SEARCH_PROTECT.EXE-2CC42F38.pf moved successfully.
C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf moved successfully.
C:\WINDOWS\Prefetch\SETUP_PDD0.EXE-0190A0C9.pf moved successfully.
C:\WINDOWS\Prefetch\SETUP_WM.EXE-3135CBD6.pf moved successfully.
C:\WINDOWS\Prefetch\SETUP_WM.EXE-33C67984.pf moved successfully.
C:\WINDOWS\Prefetch\SKYPE.EXE-30AE1A60.pf moved successfully.
C:\WINDOWS\Prefetch\SMAX4PNP.EXE-381239AF.pf moved successfully.
C:\WINDOWS\Prefetch\SOL.EXE-1C0C14EB.pf moved successfully.
C:\WINDOWS\Prefetch\SPOOLSV.EXE-282F76A7.pf moved successfully.
C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf moved successfully.
C:\WINDOWS\Prefetch\SUBINACL.EXE-17974576.pf moved successfully.
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf moved successfully.
C:\WINDOWS\Prefetch\UN-USBFIX.EXE-3896FACC.pf moved successfully.
C:\WINDOWS\Prefetch\UPDATER.EXE-0E835CED.pf moved successfully.
C:\WINDOWS\Prefetch\UPDATETASK.EXE-154F922C.pf moved successfully.
C:\WINDOWS\Prefetch\USBFIX.EXE-003240E9.pf moved successfully.
C:\WINDOWS\Prefetch\USBFIX[1].EXE-03418A10.pf moved successfully.
C:\WINDOWS\Prefetch\USBFIX[1].EXE-081666FC.pf moved successfully.
C:\WINDOWS\Prefetch\USBFIX[1].EXE-0E8F9782.pf moved successfully.
C:\WINDOWS\Prefetch\USBFIX[1].EXE-0FA1222D.pf moved successfully.
C:\WINDOWS\Prefetch\USBFIX[1].EXE-2AE615A2.pf moved successfully.
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\Prefetch\WINWORD.EXE-14C9B39E.pf moved successfully.
C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-2D4B6027.pf moved successfully.
C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf moved successfully.
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf moved successfully.
C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA1.pf moved successfully.
C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf moved successfully.
C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf moved successfully.
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\Prefetch\ZHPDIAG.EXE-021B7932.pf moved successfully.
C:\WINDOWS\Prefetch\ZHPDIAG2.EXE-118B494F.pf moved successfully.
C:\WINDOWS\Prefetch\ZHPDIAG2.TMP-3A1CB463.pf moved successfully.
C:\WINDOWS\Prefetch\ZHPFIX.EXE-0BB68D6A.pf moved successfully.
C:\WINDOWS\Prefetch\ZHPHEP.EXE-025A0224.pf moved successfully.
C:\WINDOWS\Prefetch\ZHPHEP.EXE-07C98D09.pf moved successfully.
LoadLibrary failed for C:\Documents and Settings\dell\Application Data\dell-wchelper.dll
C:\Documents and Settings\dell\Application Data\dell-wchelper.dll moved successfully.
File/Folder C:\Documents and Settings\dell\Application Data\*.exe not found.
File/Folder C:\Documents and Settings\dell\Application Data\Public not found.
C:\Documents and Settings\dell\Application Data\dellv3.4.2.2.vbs moved successfully.
C:\Documents and Settings\dell\Local Settings\Application Data\Intel(TM)7z.exe moved

successfully.
File/Folder C:\Documents and Settings\dell\Local Settings\Application Data\*.vbs not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\à€ classé\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8jusched

deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Intel(R)Bl4

deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jusched7

deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Intel(R)Bl

deleted successfully.
Registry value

HKEY_USERS\S-1-5-21-1957994488-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVe

rsion\Policies\Explorer\run\\8jusched not found.
Registry value

HKEY_USERS\S-1-5-21-1957994488-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVe

rsion\Policies\Explorer\run\\Intel(R)Bl4 not found.
Registry value

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\\9jusched

not found.
Registry value

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\\Intel(R)

Bl5 deleted successfully.
Registry value

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\\9jusched

not found.
Registry value

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\\Intel(R)B

l5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: dell
->Temp folder emptied: 275239955 bytes
->Temporary Internet Files folder emptied: 753141084 bytes
->FireFox cache emptied: 1718955 bytes
->Flash cache emptied: 9991 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3695393 bytes

User: NetworkService
->Temp folder emptied: 3507278 bytes
->Temporary Internet Files folder emptied: 1162139 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 774656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 366275657 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 391250578

bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder

emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.716,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11052013_182649

Files moved on Reboot...

Registry entries deleted on Reboot...
Avatar du membre
par El Desaparecido
#14611
Impec :bravo1:
  • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Choisi l'option Scanner
    2. Choisi l'option Nettoyer
  • Accepte l'avertissement en cliquant sur OK

    Image
  • Acceptes les avertissements/informations en cliquant sur OK
  • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
Avatar du membre
par Miaka
#14676
merci pour le suivi

voici le rapport:

# AdwCleaner v3.011 - Rapport créé le 05/11/2013 à  19:56:01
# Mis à  jour le 03/11/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : dell - ADM-E6577662901
# Exécuté depuis : C:\Documents and Settings\dell\Bureau\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\Ask
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\Babylon
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Dossier Supprimé : C:\Program Files\Amazon Browser Bar
Dossier Supprimé : C:\Program Files\MyPC Backup
Dossier Supprimé : C:\Program Files\Search Results Toolbar
Dossier Supprimé : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Amazon Browser Bar
Dossier Supprimé : C:\Documents and Settings\dell\Local Settings\Application Data\Babylon
Dossier Supprimé : C:\Documents and Settings\dell\Application Data\Babylon
Dossier Supprimé : C:\Documents and Settings\dell\Application Data\ilividtoolbarguid
Dossier Supprimé : C:\Documents and Settings\dell\Application Data\searchresultstb
Dossier Supprimé : C:\Documents and Settings\dell\Application Data\Systweak
Dossier Supprimé : C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\ilividtoolbarguid
Fichier Supprimé : C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Fichier Supprimé : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Fichier Supprimé : C:\WINDOWS\system32\roboot.exe
Fichier Supprimé : C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\.autoreg
Fichier Supprimé : C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\Askcom.xml
Fichier Supprimé : C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\bingp.xml
Fichier Supprimé : C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\Search_Results.xml
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Clé Supprimée : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Clé Supprimée : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Clé Supprimée : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Clé Supprimée : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F34C9277-6577-4DFF-B2D7-7D58092F272F}]
Valeur Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe]
Clé Supprimée : HKCU\Software\Alexa Internet
Clé Supprimée : HKCU\Software\APN DTX
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\distromatic
Clé Supprimée : HKCU\Software\ilivid
Clé Supprimée : HKCU\Software\ilividtoolbarguid
Clé Supprimée : HKCU\Software\systweak
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\iLividSRTB
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Fichier : C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\prefs.js ]

Ligne Supprimée : user_pref("browser.startup.homepage", "hxxp://www.amazon.com/websearch/ref=bit_bds-p1 ... 1006_20130[...]
Ligne Supprimée : user_pref("browser.search.defaultengine", "Ask.com");
Ligne Supprimée : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.amazon.com/websearch/ref=bit_bds-p1 ... d41c07358d[...]
Ligne Supprimée : user_pref("keyword.URL", "hxxp://www.amazon.com/websearch/ref=bit_bds-p1 ... 0_BE_ff_ab_[...]

*************************

AdwCleaner[R0].txt - [10016 octets] - [05/11/2013 19:45:10]
AdwCleaner[S0].txt - [9886 octets] - [05/11/2013 19:56:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9946 octets] ##########
Avatar du membre
par El Desaparecido
#14683
merci pour le suivi
;)
  • Télécharge Malwarebytes' Anti-Malware et installe le.
  • Lance Malwarebytes' Anti-Malware.
  • Clique sur l'onglet "Mises à  jours" puis sur "Rechercher des mises à  jours".
  • Clique sur l'onglet "Recherche", coche "éxécuter un examen rapide" puis clic sur Rechercher.
A la fin de l'analyse, si MBAM n'a rien trouvé :
  • Clique sur OK, le rapport s'ouvre spontanément.
Si des menaces ont été détectées :
  • Clique sur OK puis "Afficher les résultats".
  • Coches toutes les cases.
  • Choisis l'option "Supprimer la sélection".

    Image
  • Si MBAM demande le redémarrage de Windows : Clique sur "Oui".
  • Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs".
  • Sinon le rapport s'ouvre automatiquement après la suppression.
  • Post le rapport dans ta prochaine réponse.

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)