Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
Avatar du membre
par familicomputer
#15066
bonjour!
voila j'ai un énorme souci ma clé est infecté et elle crée des raccourcis.
J'ai téléchargé USBFix lancer la rechercher et une suppréssion malheureusement avast s'en est mêlé maintenant impossible de l'ouvrir j'ai essayé de supprimer USBFix et le réinstaller mais j'ai un message soit dropper soit fichier malveillant qui s'affiche...
Quelqu'un pourrait-il me sauver?
Avatar du membre
par billmaxime
#15068
:hello: familicomputer et :welcome:

peux-tu poster les rapports d'usbfix (recherche et suppression) via 1 copier/coller s'il te plaît

les rapports se trouvent sur ton bureau et dans C:\usbfix.txt

:merci2:
Avatar du membre
par familicomputer
#15072
bonjour à  toi!
merci de me répondre
vici le rapport de scan et je crois que la suppression n'es pas aller jusqu'au boit car je n'est pas d'autre document texte que le scan


############################## | UsbFix V 7.149 | [Recherche]

Utilisateur: Rébecca (Administrateur) # PC-DE-CHAUFOUR
Mis à  jour le 03/11/2013 par El Desaparecido - Team SosVirus
Lancé à  19:08:31 | 04/11/2013

Site Web: http://www.usbfix.net/" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware: http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact: http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
RAM -> [Total : 3036 | Free : 777]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft® Windows Vistaâ„¢ à‰dition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 144 Go (11 Go libre(s) - 8%) [] # NTFS
D:\ -> Disque fixe # 144 Go (106 Go libre(s) - 73%) [DATA] # NTFS
E:\ -> CD-ROM
K:\ -> Disque amovible # 2 Go (2 Go libre(s) - 82%) [INTENSO USB] # FAT
L:\ -> Disque amovible # 4 Go (3 Go libre(s) - 69%) [] # FAT32

################## | Référence de comparaison MD5 |

Md5 : DENIED -> C:\Users\RBECCA~1\AppData\Local\Temp\iTunesHelper.vbe
Md5 : 32bef3bb4b558ade6cf41113628fc86d -> K:\iTunesHelper.vbe
Md5 : 32bef3bb4b558ade6cf41113628fc86d -> L:\iTunesHelper.vbe

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 612 |ParentID: 600)
C:\Windows\system32\wininit.exe (ID: 656 |ParentID: 600)
C:\Windows\system32\csrss.exe (ID: 668 |ParentID: 648)
C:\Windows\system32\winlogon.exe (ID: 716 |ParentID: 648)
C:\Windows\system32\services.exe (ID: 748 |ParentID: 656)
C:\Windows\system32\lsass.exe (ID: 760 |ParentID: 656)
C:\Windows\system32\lsm.exe (ID: 776 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 924 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 1000 |ParentID: 748)
C:\Windows\System32\svchost.exe (ID: 1036 |ParentID: 748)
C:\Windows\System32\svchost.exe (ID: 1120 |ParentID: 748)
C:\Windows\System32\svchost.exe (ID: 1176 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 1236 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 1328 |ParentID: 748)
C:\Windows\system32\SLsvc.exe (ID: 1356 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 1388 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 1596 |ParentID: 748)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1728 |ParentID: 748)
C:\ProgramData\eSafe\eGdpSvc.exe (ID: 1808 |ParentID: 748)
C:\Windows\System32\spoolsv.exe (ID: 1076 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 472 |ParentID: 748)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1072 |ParentID: 748)
C:\Windows\System32\svchost.exe (ID: 932 |ParentID: 748)
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (ID: 412 |ParentID: 748)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1508 |ParentID: 748)
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (ID: 2184 |ParentID: 748)
C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 2204 |ParentID: 748)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2232 |ParentID: 748)
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (ID: 2376 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 2424 |ParentID: 748)
C:\Windows\System32\svchost.exe (ID: 2444 |ParentID: 748)
C:\Windows\System32\svchost.exe (ID: 2548 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 2560 |ParentID: 748)
C:\Windows\system32\svchost.exe (ID: 2576 |ParentID: 748)
C:\Program Files\Tor\tor.exe (ID: 2604 |ParentID: 748)
C:\Windows\System32\svchost.exe (ID: 2648 |ParentID: 748)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2676 |ParentID: 748)
C:\Windows\system32\SearchIndexer.exe (ID: 2764 |ParentID: 748)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2812 |ParentID: 2676)
C:\Windows\system32\taskeng.exe (ID: 3504 |ParentID: 1236)
C:\Windows\system32\taskeng.exe (ID: 3972 |ParentID: 1236)
C:\Windows\system32\Dwm.exe (ID: 4012 |ParentID: 1176)
C:\Windows\Explorer.EXE (ID: 4056 |ParentID: 3952)
C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 876 |ParentID: 2204)
C:\Program Files\Windows Defender\MSASCui.exe (ID: 948 |ParentID: 4056)
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (ID: 3176 |ParentID: 4056)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 3596 |ParentID: 4056)
C:\Program Files\Common Files\aol\1265362316\ee\aolsoftware.exe (ID: 2508 |ParentID: 4056)
C:\Windows\System32\igfxtray.exe (ID: 3688 |ParentID: 4056)
C:\Windows\System32\hkcmd.exe (ID: 3676 |ParentID: 4056)
C:\Windows\System32\igfxpers.exe (ID: 3704 |ParentID: 4056)
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID: 3724 |ParentID: 4088)
C:\Program Files\HP\HP Software Update\hpwuschd2.exe (ID: 3740 |ParentID: 4056)
C:\Program Files\Iminent\IMBooster\IMBooster.exe (ID: 2100 |ParentID: 4056)
C:\Program Files\SweetIM\Messenger\SweetIM.exe (ID: 324 |ParentID: 4056)
C:\Program Files\CardDetector\HUAWEI\CardDetector.exe (ID: 3228 |ParentID: 4056)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 1916 |ParentID: 4056)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 3916 |ParentID: 4056)
C:\Program Files\Alwil Software\Avast5\avastui.exe (ID: 1188 |ParentID: 4056)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3936 |ParentID: 4056)
C:\Windows\ehome\ehtray.exe (ID: 1112 |ParentID: 4056)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ID: 3160 |ParentID: 4056)
C:\Program Files\Micro Application\LauncherMA.exe (ID: 3524 |ParentID: 4056)
C:\Program Files\MyPC Backup\MyPC Backup.exe (ID: 4252 |ParentID: 4056)
D:\AOL 9.0 VR\waol.exe (ID: 4320 |ParentID: 3672)
C:\Windows\ehome\ehmsas.exe (ID: 4416 |ParentID: 924)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4808 |ParentID: 924)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4868 |ParentID: 3936)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4892 |ParentID: 3936)
C:\Program Files\iPod\bin\iPodService.exe (ID: 5084 |ParentID: 748)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 5220 |ParentID: 3160)
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (ID: 5376 |ParentID: 924)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (ID: 5540 |ParentID: 924)
C:\Windows\system32\svchost.exe (ID: 5676 |ParentID: 748)
C:\Windows\system32\conime.exe (ID: 5828 |ParentID: 5768)
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (ID: 2540 |ParentID: 924)
D:\AOL 9.0 VR\shellmon.exe (ID: 4584 |ParentID: 4320)
C:\Users\Evelyne\AppData\Local\Smartbar\Application\ProductsRemovalTool.exe (ID: 6076 |ParentID: 4768)
C:\Users\Evelyne\AppData\Local\Smartbar\Application\SnapDo.exe (ID: 5660 |ParentID: 4768)
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe (ID: 6108 |ParentID: 4320)
C:\Windows\system32\csrss.exe (ID: 561044 |ParentID: 563060)
C:\Windows\system32\winlogon.exe (ID: 561424 |ParentID: 563060)
C:\Windows\system32\Dwm.exe (ID: 562872 |ParentID: 1176)
C:\Windows\system32\taskeng.exe (ID: 457128 |ParentID: 1236)
C:\Program Files\Windows Defender\MSASCui.exe (ID: 562160 |ParentID: 562608)
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (ID: 70128 |ParentID: 562608)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 562848 |ParentID: 562608)
C:\Program Files\Common Files\aol\1265362316\ee\aolsoftware.exe (ID: 563188 |ParentID: 562608)
C:\Windows\System32\hkcmd.exe (ID: 563212 |ParentID: 562608)
C:\Windows\System32\igfxpers.exe (ID: 563228 |ParentID: 562608)
C:\Program Files\HP\HP Software Update\hpwuschd2.exe (ID: 563236 |ParentID: 562608)
C:\Program Files\Iminent\IMBooster\IMBooster.exe (ID: 563256 |ParentID: 562608)
C:\Program Files\SweetIM\Messenger\SweetIM.exe (ID: 563272 |ParentID: 562608)
C:\Program Files\CardDetector\HUAWEI\CardDetector.exe (ID: 563312 |ParentID: 562608)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 563352 |ParentID: 562608)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 563444 |ParentID: 562608)
C:\Program Files\Alwil Software\Avast5\avastui.exe (ID: 563452 |ParentID: 562608)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 563460 |ParentID: 562608)
C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 563468 |ParentID: 562608)
C:\Windows\System32\wscript.exe (ID: 563572 |ParentID: 562608)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ID: 563604 |ParentID: 562608)
C:\Windows\system32\wuauclt.exe (ID: 563772 |ParentID: 1236)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 563832 |ParentID: 748)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 563928 |ParentID: 563604)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 563952 |ParentID: 563460)
D:\AOL 9.0 VR\waol.exe (ID: 564008 |ParentID: 563588)
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (ID: 564360 |ParentID: 924)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (ID: 564552 |ParentID: 924)
C:\Windows\system32\conime.exe (ID: 563252 |ParentID: 561984)
D:\AOL 9.0 VR\shellmon.exe (ID: 561184 |ParentID: 564008)
C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe (ID: 562968 |ParentID: 563288)
C:\Windows\explorer.exe (ID: 562956 |ParentID: 561424)
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe (ID: 563208 |ParentID: 5540)
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe (ID: 563920 |ParentID: 564552)
C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe (ID: 562432 |ParentID: 564668)
C:\UsbFix\Go.exe (ID: 565016 |ParentID: 563720)
C:\Windows\System32\WUDFHost.exe (ID: 563756 |ParentID: 1176)
C:\Windows\System32\mobsync.exe (ID: 562128 |ParentID: 924)
C:\Windows\System32\mobsync.exe (ID: 563268 |ParentID: 924)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\SOFTWARE | Run : [BCU] - "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
04 - HKLM\SOFTWARE | Run : [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe
04 - HKLM\SOFTWARE | Run : [HostManager] - C:\Program Files\Common Files\AOL\1265362316\ee\AOLSoftware.exe
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [EoEngine] -
04 - HKLM\SOFTWARE | Run : [EoWeather] -
04 - HKLM\SOFTWARE | Run : [eorezo] -
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [IMBooster] - C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
04 - HKLM\SOFTWARE | Run : [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [CardDetectorHUAWEI] - C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
04 - HKLM\SOFTWARE | Run : [BEWINTERNET-FR-DMGP-V2SessionManager] - "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1001\SOFTWARE | Run : [msnmsgr] - ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1001\SOFTWARE | Run : [ehTray.exe] - C:\Windows\ehome\ehTray.exe
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1001\SOFTWARE | Run : [Bubble Dock] - "C:\Users\Evelyne\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1001\SOFTWARE | Run : [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1001\SOFTWARE | Run : [AOL Fast Start] - "D:\AOL 9.0 VR\AOL.EXE" -b
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1001\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\Evelyne\AppData\Local\Smartbar\Application\SnapDo.exe startup
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [msnmsgr] - ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\RBECCA~1\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [AOL Fast Start] - "D:\AOL 9.0 VR\AOL.EXE" -b

################## | Recherche générique |

Présent! C:\Users\RBECCA~1\AppData\Local\Temp\iTunesHelper.vbe
Présent! C:\Users\Rébecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! K:\iTunesHelper.vbe
Présent! L:\iTunesHelper.vbe
Présent! K:\S4 league.lnk
Présent! K:\Enfants travail.lnk
Présent! K:\SAM_3267.lnk
Présent! K:\SAM_3266 (800x600).lnk
Présent! K:\Etude socio-culturelle CHAUFOUR.lnk
Présent! K:\SAM_3266.lnk
Présent! K:\SAM_3272.lnk
Présent! K:\.lnk
Présent! K:\SAM_3269.lnk
Présent! K:\SAM_3270.lnk
Présent! K:\SAM_3271.lnk
Présent! K:\plan.lnk
Présent! K:\450px-HBM_rue_Larrey.lnk
Présent! K:\800px-Th%C3%A9%C3%A2tre_de_la_Vieille-Grille.lnk
Présent! K:\800px-Rue_Larrey.lnk
Présent! K:\1.lnk
Présent! K:\desktop.lnk
Présent! K:\800px-Rue_Larrey_2.lnk
Présent! K:\2.lnk
Présent! K:\3.lnk
Présent! K:\1bryan.lnk
Présent! K:\bryan 2.lnk
Présent! K:\Bryan.lnk
Présent! K:\Pokémon Colosseum Boss Battle theme.lnk
Présent! K:\Ilyana-san.lnk
Présent! K:\Ilyana.lnk
Présent! K:\Sonic+ Jeux Vidéos.lnk
Présent! K:\Phoenix Wright.lnk
Présent! K:\fonds d'écran sonic.lnk
Présent! K:\Super Smash Bros. Mele.lnk
Présent! L:\.lnk
Présent! L:\DCIM.lnk
Présent! L:\MISC.lnk
Présent! K:\desktop.ini

################## | Comparaison MD5 |


################## | Registre |

Présent! HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Avatar du membre
par billmaxime
#15074
re

désactive avast et exécute usbfix en mode suppression, puis poste le rapport

[http://www.forum-entraide-informatique. ... iver-avast pour désactiver avast]
  • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisis l'option Suppression

    Note : Si UsbFix bloque à  14%, démarrer en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
Avatar du membre
par familicomputer
#15600
coucou!!

voila le rapport de USBFix après sur la suppression

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Rébecca (Administrateur) # PC-DE-CHAUFOUR
Mis à  jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à  19:35:17 | 09/11/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
RAM -> [Total : 3036 | Free : 1337]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft® Windows Vistaâ„¢ à‰dition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 144 Go (11 Go libre(s) - 8%) [] # NTFS
D:\ -> Disque fixe # 144 Go (106 Go libre(s) - 73%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 87%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\SLsvc.exe (ID: 1380 |ParentID: 708)
Stoppé! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1748 |ParentID: 708)
Stoppé! C:\ProgramData\eSafe\eGdpSvc.exe (ID: 1804 |ParentID: 708)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1284 |ParentID: 708)
Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1072 |ParentID: 708)
Stoppé! C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (ID: 916 |ParentID: 708)
Stoppé! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 828 |ParentID: 708)
Stoppé! C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (ID: 2152 |ParentID: 708)
Stoppé! C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 2172 |ParentID: 708)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2200 |ParentID: 708)
Stoppé! C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (ID: 2316 |ParentID: 708)
Stoppé! C:\Program Files\Tor\tor.exe (ID: 2604 |ParentID: 708)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2676 |ParentID: 708)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 2724 |ParentID: 708)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2784 |ParentID: 2676)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 3060 |ParentID: 1164)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 3804 |ParentID: 1188)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 3948 |ParentID: 1188)
Stoppé! C:\Windows\Explorer.EXE (ID: 3968 |ParentID: 3876)
Stoppé! C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID: 1320 |ParentID: 4004)
Stoppé! C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 536 |ParentID: 2172)
Stoppé! C:\Program Files\Windows Defender\MSASCui.exe (ID: 2828 |ParentID: 3968)
Stoppé! C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (ID: 3104 |ParentID: 3968)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 3492 |ParentID: 3968)
Stoppé! C:\Program Files\Common Files\aol\1265362316\ee\aolsoftware.exe (ID: 3512 |ParentID: 3968)
Stoppé! C:\Windows\System32\igfxtray.exe (ID: 3504 |ParentID: 3968)
Stoppé! C:\Windows\System32\hkcmd.exe (ID: 3520 |ParentID: 3968)
Stoppé! C:\Windows\System32\igfxpers.exe (ID: 3536 |ParentID: 3968)
Stoppé! C:\Program Files\HP\HP Software Update\hpwuschd2.exe (ID: 2560 |ParentID: 3968)
Stoppé! C:\Program Files\Iminent\IMBooster\IMBooster.exe (ID: 3780 |ParentID: 3968)
Stoppé! C:\Program Files\SweetIM\Messenger\SweetIM.exe (ID: 3820 |ParentID: 3968)
Stoppé! C:\Program Files\CardDetector\HUAWEI\CardDetector.exe (ID: 3996 |ParentID: 3968)
Stoppé! C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 4020 |ParentID: 3968)
Stoppé! C:\Program Files\iTunes\iTunesHelper.exe (ID: 2140 |ParentID: 3968)
Stoppé! C:\Program Files\Alwil Software\Avast5\avastui.exe (ID: 4084 |ParentID: 3968)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4092 |ParentID: 3968)
Stoppé! C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 2108 |ParentID: 3968)
Stoppé! C:\Program Files\Pando Networks\Media Booster\PMB.exe (ID: 1436 |ParentID: 3968)
Stoppé! C:\Windows\System32\wscript.exe (ID: 1024 |ParentID: 3968)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ID: 3228 |ParentID: 3968)
Stoppé! D:\AOL 9.0 VR\waol.exe (ID: 4228 |ParentID: 2968)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4380 |ParentID: 708)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4764 |ParentID: 4092)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (ID: 4924 |ParentID: 708)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 5132 |ParentID: 3228)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (ID: 5256 |ParentID: 2724)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (ID: 5368 |ParentID: 924)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (ID: 5552 |ParentID: 924)
Stoppé! D:\AOL 9.0 VR\shellmon.exe (ID: 3944 |ParentID: 4228)
Stoppé! C:\Windows\system32\wuauclt.exe (ID: 2164 |ParentID: 1188)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5924 |ParentID: 3968)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4824 |ParentID: 5924)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5320 |ParentID: 5924)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5504 |ParentID: 5924)
Stoppé! C:\Program Files\Common Files\Java\Java Update\jucheck.exe (ID: 6132 |ParentID: 4020)
Stoppé! C:\Windows\servicing\TrustedInstaller.exe (ID: 1200 |ParentID: 708)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 5992 |ParentID: 1188)
Stoppé! C:\Windows\system32\SearchFilterHost.exe (ID: 5176 |ParentID: 2724)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3756 |ParentID: 5924)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\SOFTWARE | Run : [BCU] - "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
04 - HKLM\SOFTWARE | Run : [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe
04 - HKLM\SOFTWARE | Run : [HostManager] - C:\Program Files\Common Files\AOL\1265362316\ee\AOLSoftware.exe
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [EoEngine] -
04 - HKLM\SOFTWARE | Run : [EoWeather] -
04 - HKLM\SOFTWARE | Run : [eorezo] -
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [IMBooster] - C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
04 - HKLM\SOFTWARE | Run : [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [CardDetectorHUAWEI] - C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
04 - HKLM\SOFTWARE | Run : [BEWINTERNET-FR-DMGP-V2SessionManager] - "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [msnmsgr] - ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\RBECCA~1\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\SOFTWARE | Run : [AOL Fast Start] - "D:\AOL 9.0 VR\AOL.EXE" -b

################## | Recherche générique |

Supprimé! C:\Users\RBECCA~1\AppData\Local\Temp\iTunesHelper.vbe
Supprimé! C:\Users\Rébecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Supprimé! F:\iTunesHelper.vbe
Supprimé! F:\.lnk
Supprimé! F:\LOST.DIR.lnk
Supprimé! F:\.android_secure.lnk
Supprimé! F:\Android.lnk
Supprimé! F:\DCIM.lnk
Supprimé! F:\Sounds.lnk
Supprimé! F:\Halfbrick.lnk
Supprimé! F:\.beintoo.lnk
Supprimé! F:\Pictures.lnk
Supprimé! F:\ppy_cross.lnk
Supprimé! F:\download.lnk
Supprimé! F:\.downloadTemp.lnk
Supprimé! F:\media.lnk
Supprimé! F:\bluetooth.lnk
Supprimé! F:\samsungapps.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Rébecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\RBECCA~1\AppData\Local\Temp\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> F:\iTunesHelper.vbe

################## | Comparaison MD5 |


################## | Registre |

Supprimé! HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Supprimé! HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\Software\.\.\.\.\Mountpoints2\{784be32a-874f-11e0-bbf8-00038a000015}
Supprimé! HKU\S-1-5-21-3385765646-2502414165-3692084876-1002\Software\.\.\.\.\Mountpoints2\{a4c60095-75fc-11df-86b0-00038a000015}

################## | Listing |

[06/02/2010 - 10:39:37 | SHD ] C:\$Recycle.Bin
[10/09/2012 - 14:23:49 | N | 1310720] C:\Aladdin (F).smc
[18/09/2006 - 22:43:36 | N | 24] C:\autoexec.bat
[14/08/2011 - 16:30:31 | D ] C:\BigFishGamesCache
[04/02/2010 - 21:34:49 | SHD ] C:\Boot
[11/04/2009 - 14:18:38 | RASH | 333257] C:\bootmgr
[04/02/2010 - 21:34:51 | RAS | 8192] C:\BOOTSECT.BAK
[04/11/2013 - 07:39:10 | HD ] C:\Config.Msi
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[09/11/2013 - 19:19:04 | ASH | 3183992832] C:\hiberfil.sys
[04/02/2010 - 21:56:05 | N | 193] C:\Install.log
[04/02/2010 - 21:49:01 | D ] C:\Intel
[09/02/2010 - 12:56:38 | N | 941] C:\IPH.PH
[07/11/2011 - 20:16:08 | D ] C:\jeux
[03/09/1997 - 02:25:06 | N | 524800] C:\Mario.smc
[09/11/2013 - 19:19:03 | ASH | 3497803776] C:\pagefile.sys
[21/01/2008 - 03:32:31 | D ] C:\PerfLogs
[15/10/2013 - 12:23:09 | D ] C:\Program Files
[04/11/2013 - 22:33:43 | HD ] C:\ProgramData
[04/02/2010 - 21:52:50 | N | 1841] C:\RHDSetup.log
[01/09/2013 - 21:58:00 | N | 8258] C:\service.log
[01/01/1980 - 00:00:00 | N | 2097664] C:\Super Mario All Stars (E).smc
[14/06/2013 - 17:27:02 | N | 8192] C:\Super Mario All Stars (E).srm
[28/02/2013 - 17:38:14 | N | 8192] C:\Super_Nes_Super_Mario_All-Stars.srm
[27/02/2013 - 13:34:59 | N | 282459] C:\Super_Nes_Super_Mario_All-Stars.zst
[09/11/2013 - 13:36:42 | SHD ] C:\System Volume Information
[09/11/2013 - 19:50:24 | D ] C:\UsbFix
[09/11/2013 - 19:50:55 | A | 12786] C:\UsbFix [Clean 3] PC-DE-CHAUFOUR.txt
[04/11/2013 - 19:53:45 | N | 16387] C:\UsbFix [Scan 3] PC-DE-CHAUFOUR.txt
[06/02/2010 - 10:39:25 | RD ] C:\Users
[29/10/2013 - 08:33:47 | D ] C:\Windows
[06/02/2010 - 10:39:37 | SHD ] D:\$RECYCLE.BIN
[12/12/2010 - 17:01:12 | D ] D:\AOL 9.0 VR
[15/10/2013 - 12:16:18 | N | 134622711] D:\Apache_OpenOffice_4.0.1_Win_x86_install_fr.exe
[26/01/2013 - 14:39:56 | N | 503312318] D:\Catherine de Médicis et les chà¢teaux de la Loire - Secrets d'Histoire.mp4
[21/07/2013 - 14:16:22 | D ] D:\DRAMA
[26/01/2010 - 23:00:01 | D ] D:\erData
[06/10/2012 - 19:23:54 | N | 17518127] D:\Génériques de Pokémon - Saisons 1a1 1.mp4
[26/01/2013 - 14:47:14 | N | 422029624] D:\Henri VIII, un amour de tyran - Secrets d'Histoire.mp4
[21/07/2013 - 12:24:25 | D ] D:\Mangas
[24/05/2013 - 15:31:19 | D ] D:\musique ordi
[14/02/2010 - 16:31:18 | D ] D:\open office
[15/10/2013 - 12:18:45 | D ] D:\open office 2
[24/05/2013 - 15:29:59 | D ] D:\rebechou
[18/12/2012 - 12:04:06 | N | 688146306] D:\Secrets d-histoire - E42 (1).avi
[12/06/2008 - 06:41:47 | SHD ] D:\System Volume Information
[27/03/2010 - 21:12:56 | D ] D:\VLC
[09/09/2013 - 12:16:48 | D ] F:\LOST.DIR
[28/10/2013 - 23:06:54 | D ] F:\.android_secure
[09/09/2013 - 12:16:58 | D ] F:\Android
[09/09/2013 - 12:47:06 | D ] F:\DCIM
[25/09/2013 - 07:54:48 | N | 77922304] F:\.HPIMAGE.VFS
[28/10/2013 - 16:37:52 | D ] F:\Sounds
[09/09/2013 - 13:35:08 | D ] F:\Halfbrick
[09/09/2013 - 13:35:20 | D ] F:\.beintoo
[09/09/2013 - 21:35:12 | N | 36] F:\.profig.os
[10/09/2013 - 09:44:10 | D ] F:\Pictures
[11/09/2013 - 22:24:08 | D ] F:\ppy_cross
[07/11/2013 - 21:54:04 | D ] F:\download
[20/10/2013 - 00:03:02 | D ] F:\.downloadTemp
[25/09/2013 - 22:43:28 | D ] F:\media
[01/10/2013 - 14:58:28 | D ] F:\bluetooth
[11/10/2013 - 09:56:12 | D ] F:\samsungapps

################## | Vaccin |

F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Avatar du membre
par billmaxime
#15639
re

ok, fait ceci s'il te plaît
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à  été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
:merci2:
Avatar du membre
par familicomputer
#15775
bonjour!
voila le rapport

~ Rapport de ZHPDiag v2013.11.9.20 - Nicolas Coolman (09/11/2013)
~ Lancé par Rébecca (10/11/2013 12:29:44)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v30.0.1599.101 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : JX9VK
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006

---\\ Logiciels d'optimisation du système
CCleaner v3.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMule
Pando Media Booster v2.6.0.1

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3035 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 11 GB (7%) free of 144 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-CHAUFOUR
~ User Name: Rébecca
~ All Users Names: Rébecca, Evelyne, Chaufour, Bryan, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rébecca\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rébecca\AppData\Roaming\
~ %Desktop% : C:\Users\Rébecca\Desktop\
~ %Favorites% : C:\Users\Rébecca\Favorites\
~ %LocalAppData% : C:\Users\Rébecca\AppData\Local\
~ %StartMenu% : C:\Users\Rébecca\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 144 Go)
D: Hard drive, Flash drive, Thumb drive (Free 106 Go of 144 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 14:18:30.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 11:13:22.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 14:18:46.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 14:18:00.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 14:18:00.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 14:18:02.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 14:18:50.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/04/2009 - 14:18:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 14:18:50.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 14:18:47.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4044
~ Mes musiques (My Musics) : 131/1838
~ Mes Videos (My Videos) : 5/148
~ Mes Favoris (My Favorites) : 1/113
~ Mes Documents (My Documents) : 5/296
~ Mon Bureau (My Desktop) : 12/1130
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 06s



---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.64080]
[MD5.ABBB8C380A24BC4E3D9EF916CAC3596D] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7547424] [PID.64092]
[MD5.C482C535CBFEFE722EC1EB7F11F680A3] - (.America Online, Inc. - AOL.) -- C:\Program Files\Common Files\aol\1265362316\ee\aolsoftware.exe [50736] [PID.64120]
[MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.113124]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.64140]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.64160]
[MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.64172]
[MD5.4777ED40233E42F69F0DAE68013FE310] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI\CardDetector.exe [274432] [PID.64252]
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896] [PID.64288]
[MD5.7C0704D4523BA671AFE6D028399942D3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3567800] [PID.64308]
[MD5.5B3994A919BDEF4BFE192C05A5B3D2A1] - (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe [3082320] [PID.4348]
[MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.64412]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.6016]
[MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.65184]
[MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.65216]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.65244]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [844752] [PID.10368]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8192512] [PID.8316]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.8700]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1344]
[MD5.4BE7EC02133544CDE7A580875E130208] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1708]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1960]
[MD5.85180CF88C5EBAD73B452A43A004CA51] - (.AOL LLC - AOL Connectivity Service.) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640] [PID.1916]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.776]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.836]
[MD5.4F4F94777D3DE647FD67E2145EAC1260] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632] [PID.2084]
[MD5.506B0B498216371D64ABB69145B70E4C] - (...) -- C:\Program Files\Tor\tor.exe [3233806] [PID.2368]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.3684]
[MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bryan\AppData\Local\Akamai\netsession_win.exe [4489472] [PID.64396]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Rébecca\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.searchgol.com" onclick="window.open(this.href);return false; =>Hijacker.SearchGol
G0 - GCSP: Preference [User Data\Default] http://www.searchgol.com" onclick="window.open(this.href);return false; =>Hijacker.SearchGol
~ Google Browser: 8 Legitimates Filtered in 00mn 13s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startpage.com" onclick="window.open(this.href);return false;
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL - Librairie de lien dynamique AOL Toolbar pou.) -- C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: AOL Toolbar - [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL - Librairie de lien dynamique AOL Toolbar pou.) -- C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: AOL 9.0 VR.lnk . (.AOL - AOL.) -- D:\AOL 9.0 VR\aol.exe
O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net" onclick="window.open(this.href);return false; - eMule.) -- C:\Program Files\eMule\emule.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Program [Public]: More Great Games.lnk - Clé orpheline
O4 - GS\QuickLaunch [Rébecca]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Rébecca]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Rébecca]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Rébecca]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Rébecca]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sosvirus.net" onclick="window.open(this.href);return false;
O4 - GS\Desktop [Rébecca]: SosVirus sur Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.facebook.com" onclick="window.open(this.href);return false;
O4 - GS\QuickLaunch [Evelyne]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com" onclick="window.open(this.href);return false; =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Evelyne]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com" onclick="window.open(this.href);return false; =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Evelyne]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://feed.snapdo.com" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
O4 - GS\Program [Evelyne]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com" onclick="window.open(this.href);return false; =>Hijacker.Qvo6
O4 - GS\Program [Evelyne]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://feed.snapdo.com" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
O4 - GS\SystemTools [Evelyne]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com" onclick="window.open(this.href);return false; =>Hijacker.Qvo6
O4 - GS\Desktop [Evelyne]: bs_simple_annee_incomplete_-_a_compter_aout_2012_-_11--1 - Raccourci.lnk . (...) -- C:\Users\Rébecca\Documents\salaire hadrien.xls (.not file.)
O4 - GS\Desktop [Evelyne]: Documents - Raccourci.lnk . (...) -- C:\Users\Rébecca\Documents
O4 - GS\Desktop [Evelyne]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://feed.snapdo.com" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
O4 - GS\QuickLaunch [Chaufour]: AOL 9.0 VR.lnk . (.AOL - AOL.) -- D:\AOL 9.0 VR\aol.exe
O4 - GS\QuickLaunch [Chaufour]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Chaufour]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Chaufour]: Titan Poker.lnk . (...) -- C:\Poker\Titan Poker\casino.exe (.not file.) =>Adware.Casino
O4 - GS\Program [Chaufour]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Chaufour]: Titan Poker.lnk . (...) -- C:\Poker\Titan Poker\casino.exe (.not file.) =>Adware.Casino
O4 - GS\SystemTools [Chaufour]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Chaufour]: Everest Poker.fr.lnk . (...) -- C:\Program Files\Everest Poker.fr\CStart.exe (.not file.) =>PUP.Casino
O4 - GS\QuickLaunch [Bryan]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Bryan]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Bryan]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Bryan]: S4League.lnk . (.(c) Neowiz Games - S4 League Game Launcher.) -- C:\Program Files\alaplaya\S4League\patcher_s4.exe
O4 - GS\Program [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Bryan]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Bryan]: Aquarium exotique Screensaver.lnk . (.Axialis Software - Screen Saver.) -- C:\Windows\System32\Aquarium Exotique.scr
O4 - GS\Desktop [Bryan]: Images - Raccourci.lnk . (...) -- C:\Users\Rébecca\Pictures
O4 - GS\Desktop [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 127 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Rébecca]: OpenOffice.org 3.1.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - GS\Startup [Evelyne]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files\Micro Application\LauncherMA.exe
O4 - GS\Startup [Evelyne]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - GS\Startup [Bryan]: OpenOffice.org 3.1.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [HostManager] . (.America Online, Inc. - AOL.) -- C:\Program Files\Common Files\AOL\1265362316\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (.not file.) =>Adware.IMBooster
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.) =>Toolbar.Google
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.) =>Toolbar.Google
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [AOL Fast Start] . (.AOL - AOL.) -- D:\AOL 9.0 VR\AOL.exe
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (.not file.) =>Adware.MegaSearch
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} . (.AOL - AOL Toolbar.) -- c:\program files\aol\aol toolbar 4.0\resources\fr-FR\aoltbres.dll
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} ((no name)) - http://assets.photobox.com/assets/aurig ... 0728060044" onclick="window.open(this.href);return false;
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://copainsdavant.linternaute.com/fr ... oader5.cab" onclick="window.open(this.href);return false;
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\bitguard\271769~1.27\{c16c1~1\bitguard.dll (.not file.) =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files\Tor\tor.exe
~ Services: 8 Legitimates Filtered in 00mn 05s



---\\ Tà¢ches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DMEPeriodicTask.job [304]
[MD5.00000000000000000000000000000000] [APT] [{208A3873-FE23-4176-8E18-4119AA0C2B68}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{71F025F2-2FE1-4D16-ABF5-985ABB27027A}] (...) -- c:\Users\Rébecca\Downloads\photofiltre.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai
O42 - Logiciel: Culture Gé Avancé mon coach particulier - (...) [HKLM] -- {8569BE3A-9F93-41A0-A59D-F58E9AFA553E}
O42 - Logiciel: Dans les secrets de l'art - (...) [HKLM] -- {4549B8D8-E4FD-418E-B238-D898C06E8DEC}
O42 - Logiciel: Holly 2 - Le pays magique - (...) [HKLM] -- {38374155-1720-4D43-AF0D-E11B0675B8A7}
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {B5A7A63A-EE4A-4735-A8E5-D2E242611E55} =>Adware.IMBooster
O42 - Logiciel: SweetIM for Messenger 3.6 - (.SweetIM Technologies Ltd..) [HKLM] -- {0D5BBB2B-F044-46C3-877B-6A6BE1E08D19} =>PUP.SweetIM
~ Logic: 89 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Pando Networks]
~ Key Software: 145 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/09/2010 - 17:21:07 - [7,174] ----D C:\Program Files\Pando Networks
O43 - CFD: 23/05/2013 - 14:56:23 - [0,043] ----D C:\Program Files\Uninstaller
~ 540 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 720 Legitimates Filtered in 00mn 37s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.FD93DE34E4636DB9EB702385927E4354] - 04/11/2013 - 19:53:45 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-CHAUFOUR.txt [16387]
O44 - LFC:[MD5.AE74ED07562F3918AA89006D60989E70] - 09/11/2013 - 19:51:05 ----- . (...) -- C:\UsbFix [Clean 3] PC-DE-CHAUFOUR.txt [14890]
O44 - LFC:[MD5.A20DE33FAAB95A88086DBBFCBED39452] - 09/11/2013 - 20:10:17 ----- . (...) -- C:\UsbFix [Clean 4] PC-DE-CHAUFOUR.txt [9683]
O44 - LFC:[MD5.45B102D50E9800A5B28150AF32A1DAC6] - 09/11/2013 - 20:54:21 ---A- . (...) -- C:\UsbFix [Clean 5] PC-DE-CHAUFOUR.txt [11996]
~ Files: 57 Legitimates Filtered in 00mn 23s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.FCA9C4FC1BB131DFC21DCB77C1AC3824] - 10/11/2013 - 08:11:26 ---A- - C:\Windows\Prefetch\HPQPHOTOCRM.EXE-3FC4DE4E.pf
O45 - LFCP:[MD5.9226C89D33DCF75F2EF62739E4D583FC] - 10/11/2013 - 08:18:19 ---A- - C:\Windows\Prefetch\SHELLRESTART.EXE-8234B0D0.pf
O45 - LFCP:[MD5.E3C35134ACD2355ECCC80ADB5B29CD24] - 10/11/2013 - 08:18:20 ---A- - C:\Windows\Prefetch\WAOL.EXE-6897E6A6.pf
O45 - LFCP:[MD5.41FC697C991A4F25E4B11F74AA7AC9EE] - 10/11/2013 - 08:18:22 ---A- - C:\Windows\Prefetch\AOL.EXE-9A2184F3.pf
O45 - LFCP:[MD5.1FB4E186C25D0D1F6235F5E10E36F77D] - 10/11/2013 - 08:18:32 ---A- - C:\Windows\Prefetch\SHELLMON.EXE-FEF06B49.pf
O45 - LFCP:[MD5.8AFA712F95C970544C9D2A73A3DDF9CF] - 10/11/2013 - 08:18:45 ---A- - C:\Windows\Prefetch\AOLTPSD3.EXE-F1BCE065.pf
O45 - LFCP:[MD5.CB4BC40B8927AB36488C945E54CA20A3] - 10/11/2013 - 10:42:08 ---A- - C:\Windows\Prefetch\PATCHER_S4.EXE-0D924D66.pf
O45 - LFCP:[MD5.B988681BD17374F0599772C892E99428] - 10/11/2013 - 10:42:18 ---A- - C:\Windows\Prefetch\HGWC.EXE-04861EA2.pf
O45 - LFCP:[MD5.59E5C3F353D9BD5B3D6CD466B608CA71] - 10/11/2013 - 10:42:31 ---A- - C:\Windows\Prefetch\XTRAP.XT-B4B251B1.pf
O45 - LFCP:[MD5.145057AFE9A9146F1CFA421F0A267943] - 10/11/2013 - 12:09:27 ---A- - C:\Windows\Prefetch\INSTUP.EXE-52AC782A.pf
~ Prefetcher: 94 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 21/10/2013 - 06:31:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/11/2013 - 12:31:45 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260408]
O61 - LFC: 09/11/2013 - 12:31:45 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\avgchrome\avgp [99779]
O61 - LFC: 09/11/2013 - 12:32:12 ---A- . (...) -- C:\Users\Rébecca\Documents\liste mangas.odt [18918]
O61 - LFC: 09/11/2013 - 12:33:14 ---A- . (...) -- C:\Users\Rébecca\telechargement\adwcleaner.exe [1073262]
O61 - LFC: 10/11/2013 - 12:31:49 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\Google\Chrome\User Data\Local State [45917]
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\cert\cert8.db [65536] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\cert\key3.db [16384] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\cert\secmod.db [16384] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\pando.save [1125] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:32:11 ---A- . (...) -- C:\Users\Rébecca\AppData\Roaming\ZHP\Log.txt [20787] =>.Nicolas Coolman
O61 - LFC: 10/11/2013 - 12:32:11 ---A- . (...) -- C:\Users\Rébecca\AppData\Roaming\ZHP\TestsZHPDiag.txt [2900] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ Files: 131 Legitimates Filtered in 01mn 32s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false;.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <aol.exe> <>[HKLM\..\Shell\open\Command] (...) -- D:\AOL9~1.0VR\aol.exe http://www.qvo6.com" onclick="window.open(this.href);return false; =>Hijacker.Qvo6
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {1615CDA5-C909-4415-BEFC-970AC3956881} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {4748B98B-7174-434f-9C7D-9EAFF2F37D8B} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {FB56CED7-3ECA-4609-8586-B91EFB70AB07} - (Yahoo) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\Rébecca\AppData\Local\Temp\Quarantine.exe [350259]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D97C371A-699C-49D3-9928-D4479D5D060B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{14A84F40-472E-48DE-A052-5E7FD009794E}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{23EDC2B4-D84A-42A3-AA2C-958AFD0D7762}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{42BBF812-402C-4E7B-B32C-7342C555022E}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{A925AF45-8331-4D95-898E-8E97428B4FFA}" |In - Public - P6 - TRUE | .(...) -- C:\jeux\Elsword_FR\data\x2.exe (.not file.)
O87 - FAEL: "{4D717F40-99CD-4A61-84AA-91C134C5F2EF}" |In - Public - P17 - TRUE | .(...) -- C:\jeux\Elsword_FR\data\x2.exe (.not file.)
O87 - FAEL: "{2DE0D176-AF52-4AD3-B1ED-68F143F52C1F}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
~ Firewall: 219 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "A36A7A5BA4EE53748A5E2D2E2416E155" . (.Iminent.) -- C:\Windows\Installer\{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}\imbooster.ico =>Adware.IMBooster
O90 - PUC: "A6A9B7407E12FC548852A060E1FEB932" . (.SweetIM Toolbar for Internet Explorer 4.3.) -- C:\Windows\Installer\{047B9A6A-21E7-45CF-8825-0A061EEF9B23}\ARPPRODUCTICON.exe =>PUP.SweetIM
O90 - PUC: "BA172DB42E6685D4FA8808EFB370074C" . (.Fissa.) -- C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}\ARPPRODUCTICON.exe =>PUP.OfferBox
~ Update Products: 100 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.54EB55922213B6DD04896E6F781FDCF1] [WIS][03/06/2011] (.Iminent - Iminent.) -- C:\Windows\Installer\1465d47.msi [993280] =>Adware.IMBooster
[MD5.173D38427980E12E08829C35D8DD679E] [WIS][02/03/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\1fa024c.msi [459264]
[MD5.248B3A1E05B4C347F5372C40DD8B7F73] [WIS][06/02/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.6.) -- C:\Windows\Installer\2a6cd4f.msi [1947136] =>PUP.SweetIM
[MD5.D8B82ABBC1C82768978FBE17F58AFA66] [WIS][06/02/2012] (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\2a6cd55.msi [1838592] =>PUP.SweetIM
[MD5.117E509FE6FF7257E1242EB56D4B7B5B] [WIS][04/11/2013] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\48c68.msi [1708032] =>Hijacker.SmartBar
~ WIS: 102 Legitimates Filtered in 00mn 04s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/01/2008 21504 | c:\program files\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 23/10/2006 46640 | (AOL ACS) . (.AOL LLC.) - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 21/10/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 03/12/2008 69632 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Auto 06/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 24/02/2010 3432444 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/09/2013 3233806 | (tor) . (...) - C:\Program Files\Tor\tor.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Rébecca at 10/11/2013 12:34:19

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12993 - (09/11/2013)
Clés trouvées (Keys found) : 25
Valeurs trouvées (Values found) : 12
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}] =>PUP.SweetIM^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Features\A6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\A6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Classes\Installer\Features\B2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\B2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{047B9A6A-21E7-45CF-8825-0A061EEF9B23}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:IMBooster =>Adware.IMBooster^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Windows\Installer\1465d47.msi =>Adware.IMBooster^
C:\Windows\Installer\2a6cd4f.msi =>PUP.SweetIM^
C:\Windows\Installer\2a6cd55.msi =>PUP.SweetIM^
C:\Windows\Installer\48c68.msi =>Hijacker.SmartBar^
~ Additionnel Scan: 320790 Items scanned in 00mn 28s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... -searchgol" onclick="window.open(this.href);return false; =>Hijacker.SearchGol
~ http://nicolascoolman.webs.com/apps/blo ... acker-qvo6" onclick="window.open(this.href);return false; =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blo ... r-smartbar" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blo ... are-casino" onclick="window.open(this.href);return false; =>Adware.Casino
~ http://nicolascoolman.webs.com/apps/blo ... -imbooster" onclick="window.open(this.href);return false; =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blo ... bar-google" onclick="window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blo ... megasearch" onclick="window.open(this.href);return false; =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blo ... p-bitguard" onclick="window.open(this.href);return false; =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blo ... up-sweetim" onclick="window.open(this.href);return false; =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blo ... fesecurity" onclick="window.open(this.href);return false; =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blo ... p-offerbox" onclick="window.open(this.href);return false; =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blo ... e-spointer" onclick="window.open(this.href);return false; =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blo ... eltasearch" onclick="window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blo ... p-funmoods" onclick="window.open(this.href);return false; =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo" onclick="window.open(this.href);return false; =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blo ... crossrider" onclick="window.open(this.href);return false; =>PUP.CrossRider
~ MSI: 16 link(s) detected in 00mn 28s



~ 1869 Legitimates filtered by white list
End of the scan (614 lines in 05mn 04s)(0)
Avatar du membre
par billmaxime
#15784
:hello: familicomputer,

fais ceci et poste le rapport s'il te plaît
  • Télécharge MalwareBytes
  • Procède à  l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO"
  • Sélectionne Examen rapide
  • Clic sur Rechercher
  • Supprime tout les éléments trouvés !
  • Poste le rapport sur le forum
Image

puis ceci et poste aussi le rapport s'il te plaît
  • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Choisi l'option Scanner
    2. Choisi l'option Nettoyer
  • Accepte l'avertissement en cliquant sur OK

    Image
  • Acceptes les avertissements/informations en cliquant sur OK
  • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
:merci2:
Avatar du membre
par billmaxime
#17567
:hello: familicomputer,

j'attends toujours les rapports de MBAM et d'adwcleaner ;)

en attente de ta réponse, passe 1 bonne fin de journée ^^'

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)