Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
  • Avatar du membre
#208362
Bonjour,

Avant tout bravo pour ce site vraiment agréable dans sa navigation.
Et avant tout n°2, merci de lire mon message avec un si grand intérêt ;)
Voilà mon problème : depuis plus d'une semaine, je ne peux ouvrir certains logiciels qui me sont indispensables pour mon boulot (donc grosse urgence quoi...) sans que mon PC ne plante, avec un écran bleu. Windows m'a alerté d'un certain virus nommé win32/Small.ca.
La semaine dernière donc, en suivant des conseils vus sur un forum, j'ai lancé une analyse à l'aide de Malwarebytes' Anti-Malware, dont voici le rapport :
Code: Tout sélectionner
Malwarebytes Anti-Malware
https://www.malwarebytes.org

Scan Date: 26/10/2014
Scan Time: 23:46:33
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.26.08
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: orion

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346856
Time Elapsed: 17 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.PriceGong.A, HKU\S-1-5-21-4173547603-675645401-1036151855-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [361a67b2027a82b4141e6aead33058a8],
PUP.Optional.Softonic.A, HKU\S-1-5-21-4173547603-675645401-1036151855-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [10409a7f6715310547abf5532ad95ca4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data, , [252b6dac1666fb3b6522e01653af0cf4],

Files: 30
Trojan.Agent.CK, C:\Users\orion\Documents\xf-a2010.exe, , [113fb465f785092d1e5316136d95eb15],
PUP.OfferBundler.ST, C:\Users\orion\Downloads\SoftonicDownloader_pour_asio4all.exe, , [c68af6230379ec4aca494b564ab652ae],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\1.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\a.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\b.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\c.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\d.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\e.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\f.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\g.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\h.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\i.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\j.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\k.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\l.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\m.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\n.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\o.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\p.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\q.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\r.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\s.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\t.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\u.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\v.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\w.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\wlu.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\x.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\y.txt, , [252b6dac1666fb3b6522e01653af0cf4],
PUP.Optional.PriceGong.A, C:\Users\orion\AppData\LocalLow\PriceGong\Data\z.txt, , [252b6dac1666fb3b6522e01653af0cf4],

Physical Sectors: 0
(No malicious items detected)


(end)
Après ça j'ai mis en quarantaine tout ce que Malwarebytes m'a conseillé de mettre en quarantaine.

Mais après avoir découvert votre site, j'ai repris toute la procédure depuis le début, comme vous conseillez de le faire. Donc voici le rapport de AdwCleaner :
Code: Tout sélectionner
# AdwCleaner v3.311 - Report created 03/11/2014 at 16:36:41
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : orion - ORION-PC
# Running from : C:\Users\orion\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Softonic_France
Folder Deleted : C:\Users\orion\AppData\Local\PackageAware
Folder Deleted : C:\Users\orion\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\orion\AppData\LocalLow\Softonic_France
Folder Deleted : C:\Users\orion\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\orion\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\orion\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\orion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2542115
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader41044_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader41044_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_asio4all_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_asio4all_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C58ABC47-8E11-4F02-889C-BBDAE55E8EB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C58ABC47-8E11-4F02-889C-BBDAE55E8EB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C58ABC47-8E11-4F02-889C-BBDAE55E8EB0}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Softonic_France
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Softonic_France
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.2 (x86 fr)

[ File : C:\Users\orion\AppData\Roaming\Mozilla\Firefox\Profiles\bof15fui.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5560 octets] - [03/11/2014 16:30:18]
AdwCleaner[S0].txt - [4345 octets] - [03/11/2014 16:36:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4405 octets] ##########
...suivi du nouveau rapport de Malwarebytes :
Code: Tout sélectionner
Malwarebytes Anti-Malware
https://www.malwarebytes.org

Scan Date: 03/11/2014
Scan Time: 16:45:18
Logfile: MBAM2.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.03.06
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: orion

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 264322
Time Elapsed: 7 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
...Et enfin le rapport de ZHPDiag
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.11.3.157 - Nicolas Coolman (03/11/2014)
~ Lancé par orion (03/11/2014 16:57:21)
~ Adresse du Site Web https://nicolascoolman.fr
~ Adresse du Forum https://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17358
MFIE: Mozilla Firefox 33.0.2 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, RETAIL channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware version 2.0.3.1025
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 9 ActiveX
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 14 GB (13%) free of 98 GB

---\\ Mode de connexion au système
~ Computer Name: ORION-PC
~ User Name: orion
~ All Users Names: orion, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\orion\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\orion\AppData\Roaming\
~ %Desktop% : C:\Users\orion\Desktop\
~ %Favorites% : C:\Users\orion\Favorites\
~ %LocalAppData% : C:\Users\orion\AppData\Local\
~ %StartMenu% : C:\Users\orion\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 14 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 24 Go of 360 Go)
E: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.19/09/2014 - 01:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Windows Logon Application.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/568
~ Mes musiques (My Musics) : 1/221
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 1/14230
~ Mon Bureau (My Desktop) : 1/529
~ Menu demarrer (Programs) : 1/57
~ Hidden Files: Scanned in 00mn 10s



---\\ Processus lancés
[MD5.1542D48BEF0C07513453CDEF1577BB79] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [691656] [PID.1816]
[MD5.DE1C19537602BAF9BC79BB35B794E257] - (.Skype Technologies S.A. - Skype.) -- C:\Windows.old\Program Files\Skype\Phone\Skype.exe [22065760] [PID.1712]
[MD5.A7672FFFC0830198D082E2A5C4BEC34E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [228352] [PID.2184]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.2544]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040] [PID.2588]
[MD5.EF1FDB2A4B30AA4761376183FD81CC18] - (.France Telecom SA - Pas de description.) -- C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624] [PID.2620]
[MD5.4EB0C6C3EF4D8885CF2B5D0062F31E44] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376] [PID.2668]
[MD5.21B8FAAFA5CCD89663AAD5833ABF4B35] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.2704]
[MD5.569E547273C25B019054A12A40400ECE] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11318784] [PID.2792]
[MD5.4B723F33D7331F20E06F3A2FD76EC1D5] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11312128] [PID.2824]
[MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.1476]
[MD5.BA7E0BAD9AFF2E62F10F74DFB4783986] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2076]
[MD5.9ED34A82F8FBF6001F127420834DD793] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8118784] [PID.3868]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1296]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1096]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.2064]
[MD5.9AC09551F559A1EEAFC0B19F624C233E] - (.Pas de propriétaire - DCSHOST.) -- C:\ProgramData\DatacardService\DCService.exe [249856] [PID.2092]
[MD5.10DBAA1703253FB511D0F5C5F6064B00] - (.France Telecom SA - Pas de description.) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [77824] [PID.2164]
[MD5.6D8A2EE4244630B290A837E79C0F37A1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2556]
[MD5.09D4503CBB6ADB3A54E7C7A75090B728] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504] [PID.2768]
[MD5.0AF89452A8CE3928168F4E5B2208C68B] - (...) -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [86016] [PID.2920]
[MD5.0AF89452A8CE3928168F4E5B2208C68B] - (...) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016] [PID.2884]
[MD5.2BBB318EA9F34FDC508CEA4AAB98D770] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2673064] [PID.3360]
[MD5.F76D04F7413B07DAA029F6520B64B4E8] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720] [PID.4976]
[MD5.78D1DFE903224ECA05C517E9AAC9D063] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\setup\instup.exe [149808] [PID.4828]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (36)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Windows.old\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files (x86)\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Wow6432Node\Run: [CardDetectorHUAWEI1752_1552] . (.France Telecom SA - Pas de description.) -- C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Windows.old\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{536F8981-86B2-46E7-8F34-8E706525BA1B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{536F8981-86B2-46E7-8F34-8E706525BA1B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{536F8981-86B2-46E7-8F34-8E706525BA1B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{D07F7B55-E3F5-4075-B9B7-4D9776FC3B36}] (...) -- E:\setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1068]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 06s



---\\ Logiciels installés (O42)
O42 - Logiciel: Addictive Drums - (...) [HKLM][64Bits] -- Addictive Drums
O42 - Logiciel: Cortona3D Viewer - (.ParallelGraphics.) [HKLM][64Bits] -- {DEACDFFA-D424-416F-B849-FA282F55B2CE}
O42 - Logiciel: EASYnatMAX - (...) [HKLM][64Bits] -- {708E6085-E2D1-45D7-89D0-E7B936E9D3B4}
O42 - Logiciel: ReaPlugs/x64 - (...) [HKLM][64Bits] -- ReaPlugs
O42 - Logiciel: Urban PAD 2.5.3.2.a - (.Gamr7.) [HKLM][64Bits] -- Urban PAD
O42 - Logiciel: VideoLightBox - (...) [HKLM][64Bits] -- VideoLightBox
O42 - Logiciel: Virtos DeNoiser - (.Virtos GmbH.) [HKLM][64Bits] -- Virtos DeNoiser
O42 - Logiciel: Vue 8.5 xStream 64bit - (.e-on software.) [HKLM][64Bits] -- Vue 8.5 xStream 64bit
~ Logic: 30 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Aokip]
[HKCU\Software\Calculator]
[HKCU\Software\NextLimit]
[HKCU\Software\VideoLightBox.com]
[HKCU\Software\XLN Audio]
[HKCU\Software\virtos]
[HKLM\Software\Wow6432Node\Virtos]
[HKLM\Software\Wow6432Node\XLN Audio]
~ Key Software: 375 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/10/2010 - 12:30:07 - [] ----D C:\Program Files (x86)\Gamr7
O43 - CFD: 09/05/2011 - 19:54:56 - [] ----D C:\Program Files (x86)\VideoLightBox
O43 - CFD: 02/10/2014 - 11:11:07 - [] ----D C:\Program Files (x86)\Virtos
O43 - CFD: 12/01/2011 - 15:07:21 - [] ----D C:\Program Files (x86)\XLN Audio
O43 - CFD: 11/10/2010 - 12:30:35 - [] ----D C:\Users\orion\AppData\Roaming\Gamr7
O43 - CFD: 30/12/2012 - 16:47:14 - [] --H-D C:\Users\orion\AppData\Local\AbRo1ZLrBHm3ff
O43 - CFD: 30/12/2012 - 16:47:14 - [] --H-D C:\Users\orion\AppData\Local\fjudjGt073cGw
O43 - CFD: 11/10/2010 - 12:30:08 - [] ----D C:\Users\orion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamr7
O43 - CFD: 09/05/2011 - 19:54:56 - [] ----D C:\Users\orion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLightBox
O43 - CFD: 02/10/2014 - 11:11:08 - [0] ----D C:\Users\orion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtos DeNoiser
~ Program Folder: 204 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.895F9D772D8BDC09D94F837785F3094F] - 03/11/2014 - 14:19:17 ---A- . (...) -- C:\Windows\ntbtlog.txt [88860]
~ Files: 15 Legitimates Filtered in 00mn 05s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{b09b6be6-1918-11e0-b940-0022fbb55ba2}\AutoRun\command. (...) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{bb0498f8-36d7-11e0-9f6a-0022fbb55ba2}\AutoRun\command. (...) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{e738ba0d-5aae-11df-b0a1-0022fbb55ba2}\AutoRun\command. (...) -- G:\setup.exe (.not file.)
O51 - MPSK:{f90759ad-1919-11e0-a8e2-0022fbb55ba2}\AutoRun\command. (...) -- F:\AutoRunCardDetector.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:01/05/2014 - 20:36:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:01/05/2014 - 20:36:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:01/05/2014 - 20:36:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:06/03/2012 - 01:23:14 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/03/2012 - 01:23:42 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [11776]
O58 - SDL:06/03/2012 - 01:23:14 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/04/2001 - 02:03:56 ---A- . (.Syncrosoft Hard- und Software GmbH - Internet Protection Hardware Driver.) -- C:\Windows\SysWOW64\drivers\NSynas32.sys [17784]
O58 - SDL:25/11/2002 - 02:46:16 ---A- . (.Syncrosoft GmbH - SynasUSB.sys.) -- C:\Windows\SysWOW64\drivers\SynasUSB.sys [16896]
O58 - SDL:05/01/2011 - 12:40:29 ---A- . (...) -- C:\Windows\SysWOW64\audcon.sys [2892]
~ Drivers: 83 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 03/11/2014 - 16:58:51 ---A- . (...) -- C:\Users\orion\Desktop\adwcleaner_3.311.exe [1375089]
~ 3483 Fichiers temporaires (Temporary files)
~ 176 Fichiers cookies (Cookies files)
~ Files: 4 Legitimates Filtered in 00mn 32s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 01/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 83 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\orion\Downloads\Adobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.Com\Adobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.Com\keygen.exe =>.Crack,Keygen
C:\Users\orion\Downloads\Adobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.Com\Adobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.Com\keygen.exe =>.Crack,Keygen
~ Files: Scanned in 01mn 37s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.63BA4D223A0D6D3B0965414A2D4494DA] [SPRF][08/05/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.12EFD5FA51597F188E5DB50BE20EE597] [SPRF][03/11/2014] (...) -- C:\Users\orion\Desktop\adwcleaner_3.311.exe [1375089]
[MD5.27B0372F02BBD2D05D9CFBEA7830402E] [SPRF][28/05/2011] (...) -- C:\Users\orion\Desktop\ASIO4ALL_2_9_French.exe [401268]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "D28D155E65D47FA42A9C88797D0ABC00" . (.Autodesk 3ds Max 2010 Tutorials Files.) -- C:\Windows\Installer\{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}\ico_product =>PUP.AgenceExclusive
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 25/10/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/06/2010 1030600 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 19/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 30/10/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Windows.old\Program Files\Skype\Updater\Updater.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 01/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SR - | Auto 29/09/2010 249856 | (DCService.exe) . (...) - C:\ProgramData\DatacardService\DCService.exe
SR - | Demand 14/06/2010 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 25/08/2009 77824 | C:\Program Files (x86)\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SR - | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 12/03/2009 86016 | (mi-raysat_3dsmax2010_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
SR - | Auto 12/03/2009 86016 | (mi-raysat_3dsmax2010_64) . (...) - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
SR - | Auto 16/07/2012 2673064 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by orion at 03/11/2014 17:00:56
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by orion at 03/11/2014 17:00:58
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408]
~ Emulateurs: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (03/11/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 667735 Items scanned in 01mn 00s



---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ https://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
~ MSI: 1 link(s) detected in 00mn 00s



~ 852 Legitimates filtered by white list
End of the scan (460 lines in 04mn 38s)(2)
Voilà , je viens d'essayer de relancer un de mes logiciels qui plantait, au cas oà¹, avant d'envoyer ce message, mais c'est la même chose. Un immense merci, et dans l'attente de news.
:merci2:
Modifié en dernier par g3n-h@ckm@n le jeu. 6 nov. 2014 10:28, modifié 1 fois.Raison : référencement
#208366
salut
  • Désactive ton antivirus le temps du téléchargement et de l'utilisation.
  • Télécharge AdsFix sur ton bureau.
    Note : Enregistrer votre travail avant de continuer !
  • Lance AdsFix
  • Pour un pc assez infecté , il peut mettre plusieurs secondes à se charger
  • Inscrit ton pays
  • Clique sur Nettoyer , après l'avoir débloqué dans les options
    Image
    Note : Patiente le temps du scan
  • Laisse travailler l'outil même s'il te parait bloqué
  • Si l'outil détecte un proxy que tu ne connais pas clic sur : "Supprimer le proxy"
  • Héberge le rapport C:\AdsFix_date_heure.txt sur SOSUpload puis donne le lien obtenu.
Aide:
#208383
Merci beaucoup pour cette réponse rapide !
J'ai téléchargé AdsFix, j'ai lancé une analyse mais j'ai dà» l'interrompre pour un truc important de dernière minute à faire sur l'ordi. Et l'analyse prend un temps fou. (à 55% j'avais déjà 35 infections).
Donc je la relance pendant la nuit, j'espère que tout va bien se passer. Je reviens ici demain.
Merci encore !
#208416
re
  • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
  • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisis l'option Nettoyage

    Image
  • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
#208420
Re,

J'ai fait 2 scans, chacun comprenant 2 modules externes branchés en USB.
Le 1er :

############################## | UsbFix V 7.184 | [Clean]

User: orion (Administrator) # ORION-PC
Updated 20/10/2014 by El Desaparecido - SosVirus
Started at 15:27:33 | 04/11/2014

Website :
Changelog :
Support : https://www.sosvirus.net/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Live detection :
Contact :

################## | System information |

MB: MSI (MS-1722)
CPU: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz
GC: ATI Mobility Radeon HD 4850
RAM -> [Total : 4095 Mo | Free : 2252 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoftâ„¢ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Mozilla Firefox : 33.0.2

################## | Security Information |

AV: avast! Antivirus [(!) Disabled |Updated]
AS: Windows Defender [Enabled |Updated]
AS: avast! Antivirus [(!) Disabled |Updated]
AS: Malwarebytes Anti-Malware : 2.0.3.1025
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 98 Gb (19 Gb free - 20%) [] # NTFS
D:\ -> Fixed disk # 360 Gb (24 Gb free - 7%) [] # NTFS
F:\ -> Removable disk # 15 Gb (2 Gb free - 12%) [KINGSTON] # FAT32
H:\ -> Fixed disk # 466 Gb (19 Gb free - 4%) [My Passport] # FAT32

################## | Generic Research |

Deleted! F:\x.exe
Deleted! F:\New Folder.lnk
Deleted! F:\Passwords.lnk
Deleted! F:\Documents.lnk
Deleted! F:\Pictures.lnk
Deleted! F:\Music.lnk
Deleted! F:\Video.lnk
Deleted! F:\.Trashes.lnk
Deleted! F:\.Spotlight-V100.lnk
Deleted! F:\old.lnk
Deleted! F:\Premiere6.5.lnk
Deleted! F:\TL7.lnk
Deleted! F:\clips.lnk
Deleted! F:\USER FILES.lnk
Deleted! F:\Cambodge.lnk
Deleted! F:\films.lnk
Deleted! F:\templates.lnk
Deleted! F:\trucs nouveaux pour site.lnk
Deleted! F:\Photos papa et maman.lnk
Deleted! F:\site 2012.lnk
Deleted! F:\bat.lnk
Deleted! F:\CV.lnk
Deleted! F:\sur la route du jeu.lnk
Deleted! F:\Trad.lnk
Deleted! F:\album_photos.lnk
Deleted! F:\blue-grass.lnk
Deleted! F:\tutos_realflow.lnk
Deleted! F:\Ressources.lnk
Deleted! F:\mix_spectacle.lnk
Deleted! F:\logiciels.lnk
Deleted! F:\photos_maison.lnk
Deleted! F:\Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].lnk
Deleted! F:\van der toc.lnk
Deleted! F:\Nepal Photo.lnk
Deleted! F:\Tor Browser.lnk
Deleted! F:\Tutos After Effect CS6 nouveautes.lnk
Deleted! F:\SUrf.lnk
Deleted! F:\Guitare voix, flute ou violon.lnk
Deleted! F:\.fseventsd.lnk
Deleted! F:\Nepal Video.lnk
Deleted! F:\mix.lnk
Deleted! F:\ert.dll
Deleted! F:\syncguid.dat
Deleted! H:\autorun.in_2.org
Deleted! H:\Autorun.inf
Deleted! F:\siuut.exe
Deleted! F:\siuutx.exe

(!) Temporary files deleted. (14.1440343856812 MB)

################## | Registry |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
04 - HKCU\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKCU\..\Run : [Skype] "C:\Windows.old\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files (x86)\Orange\IEWInternet\SessionManager\SessionManager.exe"
04 - HKLM\..\Run : [CardDetectorHUAWEI1752_1552] C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [Skype] "C:\Windows.old\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"" /build:7601

################## | UsbFix - Information |

Info :
Info :

################## | Hijack |

Restored! [N] F:\._lexetat.avi
Restored! [N] F:\._video Qi Gong François.mp4
Restored! [N] F:\.vbt5
Restored! [N] F:\._trek_final.mov
Restored! [N] F:\._tao3.we3.7(1).WMA
Restored! [N] F:\._Emmaniversaire.mov

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[02/05/2010 - 14:45:05 | A | 0 Ko] - C:\debug.txt
[04/11/2014 - 04:59:00 | A | 38 Ko] - C:\AdsFix_4novembre2014_8h30.txt
[20/03/2009 - 16:42:25 | A | 0 Ko] - C:\config.sys
[04/11/2014 - 08:23:14 | ASH | 3145080 Ko] - C:\hiberfil.sys
[04/11/2014 - 08:23:18 | ASH | 4193440 Ko] - C:\pagefile.sys
[26/10/2014 - 13:19:44 | D] - C:\Windows.old
[13/12/2009 - 19:52:15 | A | 0 Ko] - C:\Setup.log
[03/11/2014 - 17:00:57 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[04/11/2014 - 08:23:59 | SHD] - C:\$Recycle.Bin
[20/03/2009 - 16:42:25 | A | 0 Ko] - C:\autoexec.bat
[09/05/2010 - 01:09:16 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[29/03/2010 - 15:54:33 | D] - C:\SwarmCache
[08/05/2010 - 15:24:11 | SHD] - C:\Recovery
[08/05/2010 - 15:24:20 | RD] - C:\Users
[29/05/2010 - 11:16:47 | D] - C:\Securitoo
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - C:\bootmgr
[23/12/2010 - 23:52:58 | D] - C:\temporaire_directx
[05/01/2011 - 17:36:49 | D] - C:\Games
[20/03/2013 - 08:51:17 | SHD] - C:\Boot
[02/10/2014 - 11:02:04 | RD] - C:\Program Files
[03/11/2014 - 16:36:41 | HD] - C:\ProgramData
[03/11/2014 - 16:36:46 | D] - C:\AdwCleaner
[03/11/2014 - 16:55:39 | RD] - C:\Program Files (x86)
[03/11/2014 - 23:51:26 | D] - C:\AdsFix
[04/11/2014 - 08:24:47 | D] - C:\Windows
[04/11/2014 - 08:30:57 | SHD] - C:\System Volume Information
[04/11/2014 - 15:26:33 | D] - C:\UsbFix

################## | D:\ - Fixed drive (NTFS) |

[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1031.txt
[07/11/2007 - 07:00:40 | A | 10 Ko] - D:\eula.1033.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.2052.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1042.txt
[07/11/2007 - 07:00:40 | A | 0 Ko] - D:\eula.1041.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1040.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1036.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.3082.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1028.txt
[29/03/2010 - 11:56:23 | D] - D:\msdownld.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_2.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_1.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_3.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_5.tmp
[27/09/2010 - 11:14:32 | A | 11424 Ko] - D:\2141129_MVM_0.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_1.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_2.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_3.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_5.tmp
[27/09/2010 - 11:58:09 | A | 1632 Ko] - D:\4879196_MVM_0.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_1.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_3.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_2.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_5.tmp
[27/09/2010 - 12:17:07 | A | 1632 Ko] - D:\8327380_MVM_0.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_1.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_2.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_3.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_5.tmp
[27/09/2010 - 12:22:48 | A | 1632 Ko] - D:\8682282_MVM_0.tmp
[07/11/2007 - 07:53:12 | A | 237 Ko] - D:\VC_RED.MSI
[12/05/2014 - 11:37:22 | A | 323621 Ko] - D:\Emmaniversaire.mov
[07/11/2007 - 07:00:40 | A | 1 Ko] - D:\install.ini
[07/11/2007 - 07:00:40 | A | 1 Ko] - D:\globdata.ini
[07/11/2007 - 07:44:20 | A | 835 Ko] - D:\install.exe
[01/12/2006 - 22:37:14 | A | 884 Ko] - D:\msdia80.dll
[07/11/2007 - 07:44:20 | A | 93 Ko] - D:\install.res.1031.dll
[07/11/2007 - 07:44:20 | A | 88 Ko] - D:\install.res.1033.dll
[07/11/2007 - 07:44:20 | A | 94 Ko] - D:\install.res.1036.dll
[07/11/2007 - 07:44:20 | A | 92 Ko] - D:\install.res.1040.dll
[07/11/2007 - 07:44:20 | A | 79 Ko] - D:\install.res.1041.dll
[07/11/2007 - 07:44:20 | A | 77 Ko] - D:\install.res.1042.dll
[07/11/2007 - 07:44:20 | A | 73 Ko] - D:\install.res.2052.dll
[07/11/2007 - 07:44:20 | A | 93 Ko] - D:\install.res.3082.dll
[07/11/2007 - 07:44:20 | A | 74 Ko] - D:\install.res.1028.dll
[07/11/2007 - 07:50:40 | A | 1883 Ko] - D:\VC_RED.cab
[07/11/2007 - 07:00:40 | A | 6 Ko] - D:\vcredist.bmp
[08/05/2010 - 15:24:34 | SHD] - D:\$RECYCLE.BIN
[08/11/2009 - 20:01:30 | SHD] - D:\System Volume Information
[11/11/2009 - 10:11:48 | D] - D:\projetTUT
[11/12/2009 - 14:32:32 | D] - D:\ANIME
[28/02/2010 - 13:22:33 | D] - D:\montageFOTO
[07/03/2010 - 19:56:23 | D] - D:\landArt
[18/03/2010 - 19:44:28 | D] - D:\trucs du telephone
[20/08/2010 - 08:22:20 | D] - D:\pour_dvd
[05/11/2010 - 19:31:02 | D] - D:\plan_caharel
[09/11/2010 - 18:29:26 | D] - D:\Art_du_tao
[27/01/2011 - 11:26:45 | D] - D:\After_effect_tests
[27/01/2011 - 15:32:35 | D] - D:\site_test_flash
[28/01/2011 - 16:59:41 | D] - D:\Tutos
[28/01/2011 - 17:01:35 | D] - D:\KOM
[12/02/2011 - 23:02:27 | D] - D:\116d7391cb87ef9ad2ed
[13/02/2011 - 10:07:21 | D] - D:\faire_son_pain
[04/05/2011 - 19:31:42 | D] - D:\Mexik
[18/06/2011 - 14:46:07 | D] - D:\videographe
[18/06/2011 - 14:49:24 | D] - D:\logo_bati
[24/06/2011 - 19:13:12 | D] - D:\After_effects_templates
[28/06/2011 - 13:18:24 | D] - D:\Essai TL7
[03/10/2011 - 12:21:02 | D] - D:\teaser_perso
[10/10/2011 - 16:29:07 | D] - D:\aa_sauvegardes_ancien_bureau
[13/11/2011 - 13:29:35 | D] - D:\joel
[29/11/2011 - 22:39:35 | D] - D:\Cocktail_diffusion
[23/02/2012 - 18:52:06 | D] - D:\CV Yuppa
[04/06/2012 - 17:20:41 | D] - D:\impots
[10/06/2012 - 20:13:33 | D] - D:\SITE
[29/07/2012 - 18:37:48 | D] - D:\3D
[17/01/2013 - 15:11:05 | D] - D:\sur la route du jeu
[01/03/2013 - 21:09:24 | D] - D:\Van Der Toc et Cie
[19/09/2013 - 12:48:15 | D] - D:\Video rudy 30 ans
[18/12/2013 - 10:35:50 | D] - D:\carte_voeux_baticreateurs
[27/02/2014 - 16:42:08 | D] - D:\CV
[27/02/2014 - 16:50:06 | D] - D:\horoscope Maya
[27/02/2014 - 17:03:06 | D] - D:\EESI
[24/05/2014 - 19:57:45 | D] - D:\Art video of me
[05/06/2014 - 21:02:07 | D] - D:\Mitchosa
[06/07/2014 - 19:36:11 | D] - D:\TL7
[13/07/2014 - 09:20:49 | D] - D:\jeux
[17/07/2014 - 20:11:15 | D] - D:\Mylie trucs
[13/09/2014 - 10:53:10 | D] - D:\film
[15/09/2014 - 09:41:36 | D] - D:\footages
[22/09/2014 - 09:00:41 | D] - D:\photos
[24/09/2014 - 10:07:04 | D] - D:\Licence Pro
[24/09/2014 - 14:11:07 | D] - D:\Cinema 4d tests
[02/10/2014 - 14:40:18 | D] - D:\zik, paroles, tabs
[04/10/2014 - 08:56:58 | D] - D:\Tao
[04/10/2014 - 14:54:30 | D] - D:\logiciels
[09/10/2014 - 16:22:31 | D] - D:\Gerling L
[13/10/2014 - 12:46:09 | D] - D:\La ferme aux abeilles
[22/10/2014 - 13:11:22 | D] - D:\Jeanne
[23/10/2014 - 14:42:27 | D] - D:\LCS
[24/10/2014 - 11:32:20 | D] - D:\Videos Debut

################## | F:\ - Removable drive (FAT32) |

[13/01/2014 - 16:56:04 | A | 46107 Ko] - F:\tao3.we3.7(1).WMA
[13/01/2014 - 16:57:54 | N | 4 Ko] - F:\._tao3.we3.7(1).WMA
[16/05/2008 - 23:01:40 | A | 16200 Ko] - F:\p'tite zik.wav
[06/11/2012 - 21:03:50 | A | 26109 Ko] - F:\for_something.wav
[18/01/2014 - 13:41:40 | N | 0 Ko] - F:\.vbt5
[19/07/2012 - 09:56:34 | A | 2 Ko] - F:\git along little dogies.txt
[19/07/2012 - 11:51:40 | A | 1 Ko] - F:\there's a man going round taking names.txt
[18/01/2012 - 17:23:54 | D] - F:\.Trashes
[18/01/2012 - 17:23:54 | N | 4 Ko] - F:\._.Trashes
[18/01/2012 - 17:23:54 | D] - F:\.Spotlight-V100
[28/03/2012 - 14:47:24 | A | 786 Ko] - F:\Leclerc reduit.pdf
[23/05/2012 - 09:30:18 | A | 6714 Ko] - F:\l_homme_qui_parle_aux_plantes.pdf
[07/12/2012 - 12:51:52 | A | 13776 Ko] - F:\repertoire 2012PDF.pdf
[27/12/2012 - 22:31:14 | A | 128 Ko] - F:\Yo%20Ho%20Ho%20and%20a%20Bottle%20of%20Rum.pdf
[12/04/2013 - 08:49:36 | A | 469 Ko] - F:\cv2013.pdf
[11/02/2013 - 17:00:18 | A | 8 Ko] - F:\lettre de rupture conventionnelle.odt
[11/07/2012 - 13:00:58 | A | 96 Ko] - F:\text_3d_2.obj
[11/07/2012 - 13:00:58 | A | 0 Ko] - F:\text_3d_2.mtl
[11/06/2012 - 16:50:46 | A | 1132 Ko] - F:\IMGP8558.mpg_Video
[11/06/2012 - 16:50:46 | A | 88 Ko] - F:\IMGP8558.mpg_Audio
[11/06/2012 - 16:43:44 | A | 6373 Ko] - F:\27758537.mpa
[24/07/2012 - 12:52:00 | A | 4902 Ko] - F:\There_s a Man Going Around Taking Names.mp4
[25/09/2012 - 22:21:14 | A | 3170 Ko] - F:\Vidéo0013.mp4
[25/09/2012 - 22:22:42 | A | 901 Ko] - F:\Vidéo0012.mp4
[19/12/2012 - 16:58:22 | A | 33064 Ko] - F:\France Gall - Laisse Tomber Les Filles (1964) HD 1080p.mp4
[30/12/2012 - 11:08:54 | A | 513 Ko] - F:\compo_640.mp4
[10/05/2013 - 14:28:26 | A | 122304 Ko] - F:\video Qi Gong François.mp4
[31/07/2013 - 21:47:56 | N | 4 Ko] - F:\._video Qi Gong François.mp4
[24/07/2012 - 12:53:34 | A | 1382 Ko] - F:\There_s a Man Going Around Taking Names.mp3
[07/11/2012 - 10:20:42 | A | 2176 Ko] - F:\for_something.mp3
[30/12/2013 - 16:37:24 | A | 843823 Ko] - F:\trek_final.mov
[30/12/2013 - 17:19:56 | N | 4 Ko] - F:\._trek_final.mov
[12/05/2014 - 12:37:22 | A | 323621 Ko] - F:\Emmaniversaire.mov
[12/05/2014 - 12:45:30 | N | 4 Ko] - F:\._Emmaniversaire.mov
[11/07/2012 - 14:07:22 | A | 192 Ko] - F:\texte_3d_2.max
[01/02/2012 - 23:12:26 | A | 209 Ko] - F:\chambre_interieur_nuit_leger.jpg
[02/02/2012 - 19:51:40 | A | 326 Ko] - F:\chambre_interieur_presque_nuit_leger.jpg
[21/05/2012 - 13:52:30 | A | 68 Ko] - F:\logo sans adresse internet.jpg
[23/12/2012 - 23:51:40 | A | 276 Ko] - F:\imuvrini copie.jpg
[27/12/2012 - 22:31:26 | A | 344 Ko] - F:\derelict-melody.JPG
[30/12/2012 - 11:12:52 | A | 91 Ko] - F:\image_voeux_2013.jpg
[27/09/2012 - 12:03:00 | D] - F:\Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx]
[20/06/2012 - 18:27:36 | A | 5 Ko] - F:\index_copy.html
[03/07/2012 - 16:02:06 | A | 9 Ko] - F:\portfolio-1.html
[01/08/2014 - 17:17:52 | HD] - F:\.fseventsd
[30/12/2012 - 16:50:02 | A | 2161 Ko] - F:\voeux_baticreateurs_2013.flv
[15/05/2012 - 21:34:26 | A | 241 Ko] - F:\USER FILES.exe
[15/05/2012 - 21:34:26 | A | 241 Ko] - F:\Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].exe
[15/05/2012 - 21:34:26 | A | 241 Ko] - F:\Trad.exe
[15/05/2012 - 21:34:26 | A | 241 Ko] - F:\van der toc.exe
[15/05/2012 - 21:34:26 | A | 241 Ko] - F:\trucs nouveaux pour site.exe
[15/05/2012 - 21:34:26 | A | 241 Ko] - F:\tutos_realflow.exe
[15/05/2012 - 21:34:26 | A | 241 Ko] - F:\Tutos After Effect CS6 nouveautes.exe
[26/07/2012 - 16:37:48 | A | 3559 Ko] - F:\TeamViewer_Setup_fr-cka.exe
[27/12/2012 - 16:52:06 | A | 23488 Ko] - F:\tor-browser-2.3.25-1_en-US.exe
[01/10/2012 - 15:03:06 | A | 12 Ko] - F:\services_anglais.docx
[25/06/2012 - 00:54:48 | N | 4 Ko] - F:\._lexetat.avi
[03/08/2013 - 16:35:12 | AH | 0 Ko] - F:\.apdisk
[23/05/2007 - 14:46:28 | D] - F:\SUrf
[08/01/2008 - 17:46:20 | D] - F:\USER FILES
[24/10/2011 - 15:20:54 | D] - F:\TL7
[26/01/2012 - 17:05:30 | D] - F:\mix
[06/03/2012 - 12:33:24 | D] - F:\clips
[05/06/2012 - 15:51:18 | D] - F:\templates
[08/06/2012 - 18:39:50 | D] - F:\Cambodge
[10/06/2012 - 21:14:08 | D] - F:\site 2012
[15/06/2012 - 11:43:32 | D] - F:\trucs nouveaux pour site
[25/06/2012 - 00:55:08 | D] - F:\films
[03/07/2012 - 09:30:16 | D] - F:\old
[04/07/2012 - 09:20:28 | D] - F:\blue-grass
[13/07/2012 - 16:03:00 | D] - F:\tutos_realflow
[24/07/2012 - 10:56:00 | D] - F:\photos_maison
[18/08/2012 - 19:25:50 | D] - F:\Photos papa et maman
[05/09/2012 - 14:38:08 | D] - F:\mix_spectacle
[09/09/2012 - 17:57:44 | D] - F:\sur la route du jeu
[28/10/2012 - 11:37:40 | D] - F:\van der toc
[02/12/2012 - 17:18:02 | D] - F:\Tor Browser
[19/12/2012 - 16:49:20 | D] - F:\Trad
[02/01/2013 - 09:41:18 | D] - F:\bat
[03/04/2013 - 11:43:42 | D] - F:\Ressources
[03/04/2013 - 12:34:00 | D] - F:\logiciels
[03/04/2013 - 12:47:30 | D] - F:\Tutos After Effect CS6 nouveautes
[19/06/2013 - 09:19:14 | D] - F:\Guitare voix, flute ou violon
[06/08/2013 - 10:03:06 | D] - F:\CV
[07/10/2013 - 14:37:06 | D] - F:\album_photos
[31/10/2013 - 22:58:34 | D] - F:\Nepal Photo
[17/12/2013 - 11:35:56 | D] - F:\Mitcho'sa
[30/12/2013 - 17:21:04 | AD] - F:\nepal_selection
[03/06/2014 - 09:18:14 | D] - F:\fotos ferme zabeilles
[29/07/2014 - 17:41:36 | D] - F:\Crack-Windows

################## | H:\ - Fixed drive (FAT32) |

[16/07/2008 - 09:14:58 | A | 42 Ko] - H:\WDInstaller.xml
[24/10/2009 - 12:54:22 | HD] - H:\.Trashes
[24/10/2009 - 12:54:22 | AH | 4 Ko] - H:\._.Trashes
[27/09/2010 - 12:14:34 | A | 0 Ko] - H:\2141129_MVM_6.tmp
[27/09/2010 - 12:14:34 | A | 0 Ko] - H:\2141129_MVM_4.tmp
[27/09/2010 - 12:58:10 | A | 0 Ko] - H:\4879196_MVM_4.tmp
[27/09/2010 - 12:58:14 | A | 0 Ko] - H:\4879196_MVM_6.tmp
[27/09/2010 - 13:17:08 | A | 0 Ko] - H:\8327380_MVM_4.tmp
[27/09/2010 - 13:17:08 | A | 0 Ko] - H:\8327380_MVM_6.tmp
[27/09/2010 - 13:22:50 | A | 0 Ko] - H:\8682282_MVM_4.tmp
[27/09/2010 - 13:22:50 | A | 0 Ko] - H:\8682282_MVM_6.tmp
[03/02/2013 - 18:03:14 | AH | 4 Ko] - H:\._.TemporaryItems
[03/02/2013 - 18:03:14 | HD] - H:\.TemporaryItems
[24/10/2009 - 12:54:22 | HD] - H:\.Spotlight-V100
[11/01/2009 - 14:19:48 | A | 0 Ko] - H:\wdEULA.log
[11/01/2009 - 14:19:50 | A | 0 Ko] - H:\wdstatus.log
[11/01/2009 - 14:27:40 | A | 0 Ko] - H:\wdinstaller.log
[24/04/2004 - 12:38:56 | A | 37 Ko] - H:\JSTART.exe
[08/02/2008 - 13:44:38 | A | 4467 Ko] - H:\WDSync.exe
[08/07/2008 - 11:53:30 | A | 1719 Ko] - H:\WDSetup.exe
[18/07/2008 - 11:23:04 | A | 312 Ko] - H:\Setup.exe
[08/07/2009 - 20:39:22 | SHD] - H:\$RECYCLE.BIN
[04/05/2011 - 19:27:28 | SHD] - H:\FOUND.000
[22/07/2008 - 14:29:30 | D] - H:\WD_Windows_Tools
[22/07/2008 - 14:30:50 | D] - H:\WDsync
[22/07/2008 - 14:30:50 | D] - H:\Documentation
[22/07/2008 - 14:30:54 | D] - H:\autorun
[26/12/2008 - 11:01:44 | D] - H:\WD Sync Data
[26/12/2008 - 11:01:44 | SHD] - H:\System Volume Information
[28/12/2008 - 12:40:06 | D] - H:\Recycled
[11/01/2009 - 14:32:04 | D] - H:\HOP
[18/08/2010 - 11:32:46 | D] - H:\Backup HDD G7
[27/09/2010 - 16:27:52 | D] - H:\Art_Du_Tao_videos
[27/09/2010 - 16:30:08 | D] - H:\FileZilla
[16/11/2010 - 11:12:26 | D] - H:\Travaux
[04/07/2014 - 11:01:44 | D] - H:\mitcho'sa tribaba

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | |


...Et le 2ème :

############################## | UsbFix V 7.184 | [Clean]

User: orion (Administrator) # ORION-PC
Updated 20/10/2014 by El Desaparecido - SosVirus
Started at 15:38:41 | 04/11/2014

Website :
Changelog :
Support : https://www.sosvirus.net/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Live detection :
Contact :

################## | System information |

MB: MSI (MS-1722)
CPU: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz
GC: ATI Mobility Radeon HD 4850
RAM -> [Total : 4095 Mo | Free : 2785 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoftâ„¢ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Mozilla Firefox : 33.0.2

################## | Security Information |

AV: avast! Antivirus [(!) Disabled |Updated]
AS: Windows Defender [Enabled |Updated]
AS: avast! Antivirus [(!) Disabled |Updated]
AS: Malwarebytes Anti-Malware : 2.0.3.1025
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 98 Gb (19 Gb free - 20%) [] # NTFS
D:\ -> Fixed disk # 360 Gb (24 Gb free - 7%) [] # NTFS
F:\ -> Fixed disk # 931 Gb (281 Gb free - 30%) [GO JEANNE] # FAT32
I:\ -> Removable disk # 1000 Mb (152 Mb free - 15%) [WS_321M] # FAT

################## | Generic Research |

Deleted! F:\syncguid.dat
Deleted! F:\Thumbs.db
Deleted! I:\syncguid.dat

(!) Temporary files deleted. (0.0634346008300781 MB)

################## | Registry |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
04 - HKCU\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKCU\..\Run : [Skype] "C:\Windows.old\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files (x86)\Orange\IEWInternet\SessionManager\SessionManager.exe"
04 - HKLM\..\Run : [CardDetectorHUAWEI1752_1552] C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [AdobeBridge]
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKU\S-1-5-21-4173547603-675645401-1036151855-1000\..\Run : [Skype] "C:\Windows.old\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"" /build:7601

################## | UsbFix - Information |

Info :
Info :

################## | Hijack |

Restored! [N] I:\.vbt5

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[02/05/2010 - 14:45:05 | A | 0 Ko] - C:\debug.txt
[04/11/2014 - 04:59:00 | A | 38 Ko] - C:\AdsFix_4novembre2014_8h30.txt
[20/03/2009 - 16:42:25 | A | 0 Ko] - C:\config.sys
[04/11/2014 - 08:23:14 | ASH | 3145080 Ko] - C:\hiberfil.sys
[04/11/2014 - 08:23:18 | ASH | 4193440 Ko] - C:\pagefile.sys
[26/10/2014 - 13:19:44 | D] - C:\Windows.old
[13/12/2009 - 19:52:15 | A | 0 Ko] - C:\Setup.log
[03/11/2014 - 17:00:57 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[04/11/2014 - 08:23:59 | SHD] - C:\$Recycle.Bin
[20/03/2009 - 16:42:25 | A | 0 Ko] - C:\autoexec.bat
[09/05/2010 - 01:09:16 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[29/03/2010 - 15:54:33 | D] - C:\SwarmCache
[08/05/2010 - 15:24:11 | SHD] - C:\Recovery
[08/05/2010 - 15:24:20 | RD] - C:\Users
[29/05/2010 - 11:16:47 | D] - C:\Securitoo
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - C:\bootmgr
[23/12/2010 - 23:52:58 | D] - C:\temporaire_directx
[05/01/2011 - 17:36:49 | D] - C:\Games
[20/03/2013 - 08:51:17 | SHD] - C:\Boot
[02/10/2014 - 11:02:04 | RD] - C:\Program Files
[03/11/2014 - 16:36:41 | HD] - C:\ProgramData
[03/11/2014 - 16:36:46 | D] - C:\AdwCleaner
[03/11/2014 - 16:55:39 | RD] - C:\Program Files (x86)
[03/11/2014 - 23:51:26 | D] - C:\AdsFix
[04/11/2014 - 08:24:47 | D] - C:\Windows
[04/11/2014 - 08:30:57 | SHD] - C:\System Volume Information
[04/11/2014 - 15:38:28 | D] - C:\UsbFix

################## | D:\ - Fixed drive (NTFS) |

[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1031.txt
[07/11/2007 - 07:00:40 | A | 10 Ko] - D:\eula.1033.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.2052.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1042.txt
[07/11/2007 - 07:00:40 | A | 0 Ko] - D:\eula.1041.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1040.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1036.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.3082.txt
[07/11/2007 - 07:00:40 | A | 17 Ko] - D:\eula.1028.txt
[29/03/2010 - 11:56:23 | D] - D:\msdownld.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_2.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_1.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_3.tmp
[27/09/2010 - 10:33:10 | A | 0 Ko] - D:\2141129_MVM_5.tmp
[27/09/2010 - 11:14:32 | A | 11424 Ko] - D:\2141129_MVM_0.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_1.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_2.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_3.tmp
[27/09/2010 - 11:18:48 | A | 0 Ko] - D:\4879196_MVM_5.tmp
[27/09/2010 - 11:58:09 | A | 1632 Ko] - D:\4879196_MVM_0.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_1.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_3.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_2.tmp
[27/09/2010 - 12:16:16 | A | 0 Ko] - D:\8327380_MVM_5.tmp
[27/09/2010 - 12:17:07 | A | 1632 Ko] - D:\8327380_MVM_0.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_1.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_2.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_3.tmp
[27/09/2010 - 12:22:11 | A | 0 Ko] - D:\8682282_MVM_5.tmp
[27/09/2010 - 12:22:48 | A | 1632 Ko] - D:\8682282_MVM_0.tmp
[07/11/2007 - 07:53:12 | A | 237 Ko] - D:\VC_RED.MSI
[12/05/2014 - 11:37:22 | A | 323621 Ko] - D:\Emmaniversaire.mov
[07/11/2007 - 07:00:40 | A | 1 Ko] - D:\install.ini
[07/11/2007 - 07:00:40 | A | 1 Ko] - D:\globdata.ini
[07/11/2007 - 07:44:20 | A | 835 Ko] - D:\install.exe
[01/12/2006 - 22:37:14 | A | 884 Ko] - D:\msdia80.dll
[07/11/2007 - 07:44:20 | A | 93 Ko] - D:\install.res.1031.dll
[07/11/2007 - 07:44:20 | A | 88 Ko] - D:\install.res.1033.dll
[07/11/2007 - 07:44:20 | A | 94 Ko] - D:\install.res.1036.dll
[07/11/2007 - 07:44:20 | A | 92 Ko] - D:\install.res.1040.dll
[07/11/2007 - 07:44:20 | A | 79 Ko] - D:\install.res.1041.dll
[07/11/2007 - 07:44:20 | A | 77 Ko] - D:\install.res.1042.dll
[07/11/2007 - 07:44:20 | A | 73 Ko] - D:\install.res.2052.dll
[07/11/2007 - 07:44:20 | A | 93 Ko] - D:\install.res.3082.dll
[07/11/2007 - 07:44:20 | A | 74 Ko] - D:\install.res.1028.dll
[07/11/2007 - 07:50:40 | A | 1883 Ko] - D:\VC_RED.cab
[07/11/2007 - 07:00:40 | A | 6 Ko] - D:\vcredist.bmp
[08/05/2010 - 15:24:34 | SHD] - D:\$RECYCLE.BIN
[08/11/2009 - 20:01:30 | SHD] - D:\System Volume Information
[11/11/2009 - 10:11:48 | D] - D:\projetTUT
[11/12/2009 - 14:32:32 | D] - D:\ANIME
[28/02/2010 - 13:22:33 | D] - D:\montageFOTO
[07/03/2010 - 19:56:23 | D] - D:\landArt
[18/03/2010 - 19:44:28 | D] - D:\trucs du telephone
[20/08/2010 - 08:22:20 | D] - D:\pour_dvd
[05/11/2010 - 19:31:02 | D] - D:\plan_caharel
[09/11/2010 - 18:29:26 | D] - D:\Art_du_tao
[27/01/2011 - 11:26:45 | D] - D:\After_effect_tests
[27/01/2011 - 15:32:35 | D] - D:\site_test_flash
[28/01/2011 - 16:59:41 | D] - D:\Tutos
[28/01/2011 - 17:01:35 | D] - D:\KOM
[12/02/2011 - 23:02:27 | D] - D:\116d7391cb87ef9ad2ed
[13/02/2011 - 10:07:21 | D] - D:\faire_son_pain
[04/05/2011 - 19:31:42 | D] - D:\Mexik
[18/06/2011 - 14:46:07 | D] - D:\videographe
[18/06/2011 - 14:49:24 | D] - D:\logo_bati
[24/06/2011 - 19:13:12 | D] - D:\After_effects_templates
[28/06/2011 - 13:18:24 | D] - D:\Essai TL7
[03/10/2011 - 12:21:02 | D] - D:\teaser_perso
[10/10/2011 - 16:29:07 | D] - D:\aa_sauvegardes_ancien_bureau
[13/11/2011 - 13:29:35 | D] - D:\joel
[29/11/2011 - 22:39:35 | D] - D:\Cocktail_diffusion
[23/02/2012 - 18:52:06 | D] - D:\CV Yuppa
[04/06/2012 - 17:20:41 | D] - D:\impots
[10/06/2012 - 20:13:33 | D] - D:\SITE
[29/07/2012 - 18:37:48 | D] - D:\3D
[17/01/2013 - 15:11:05 | D] - D:\sur la route du jeu
[01/03/2013 - 21:09:24 | D] - D:\Van Der Toc et Cie
[19/09/2013 - 12:48:15 | D] - D:\Video rudy 30 ans
[18/12/2013 - 10:35:50 | D] - D:\carte_voeux_baticreateurs
[27/02/2014 - 16:42:08 | D] - D:\CV
[27/02/2014 - 16:50:06 | D] - D:\horoscope Maya
[27/02/2014 - 17:03:06 | D] - D:\EESI
[24/05/2014 - 19:57:45 | D] - D:\Art video of me
[05/06/2014 - 21:02:07 | D] - D:\Mitchosa
[06/07/2014 - 19:36:11 | D] - D:\TL7
[13/07/2014 - 09:20:49 | D] - D:\jeux
[17/07/2014 - 20:11:15 | D] - D:\Mylie trucs
[13/09/2014 - 10:53:10 | D] - D:\film
[15/09/2014 - 09:41:36 | D] - D:\footages
[22/09/2014 - 09:00:41 | D] - D:\photos
[24/09/2014 - 10:07:04 | D] - D:\Licence Pro
[24/09/2014 - 14:11:07 | D] - D:\Cinema 4d tests
[02/10/2014 - 14:40:18 | D] - D:\zik, paroles, tabs
[04/10/2014 - 08:56:58 | D] - D:\Tao
[04/10/2014 - 14:54:30 | D] - D:\logiciels
[09/10/2014 - 16:22:31 | D] - D:\Gerling L
[13/10/2014 - 12:46:09 | D] - D:\La ferme aux abeilles
[22/10/2014 - 13:11:22 | D] - D:\Jeanne
[23/10/2014 - 14:42:27 | D] - D:\LCS
[24/10/2014 - 11:32:20 | D] - D:\Videos Debut

################## | F:\ - Fixed drive (FAT32) |

[26/09/2012 - 12:16:40 | A | 0 Ko] - F:\wifi.txt
[01/01/2012 - 20:03:28 | AH | 4 Ko] - F:\._.Trashes
[01/01/2012 - 20:03:28 | HD] - F:\.Trashes
[30/12/2013 - 13:52:14 | HD] - F:\.Spotlight-V100
[23/07/2014 - 20:23:02 | HD] - F:\.fseventsd
[30/12/2013 - 13:52:20 | N | 4 Ko] - F:\._.com.apple.timemachine.donotpresent
[30/12/2013 - 13:52:20 | N | 0 Ko] - F:\.com.apple.timemachine.donotpresent
[26/12/2011 - 00:24:12 | SHD] - F:\$RECYCLE.BIN
[23/03/2011 - 09:04:46 | D] - F:\Chroniques du Donjon de Naheulbeuk
[11/07/2011 - 09:53:04 | D] - F:\Contes
[20/07/2011 - 13:43:46 | D] - F:\Packard Bell
[26/11/2011 - 00:22:22 | D] - F:\Airs orientaux
[01/12/2011 - 10:42:08 | D] - F:\Trio
[01/12/2011 - 10:46:44 | D] - F:\photos
[25/12/2011 - 17:24:24 | D] - F:\Recycled
[25/12/2011 - 17:24:24 | SHD] - F:\System Volume Information
[16/05/2012 - 10:03:34 | D] - F:\Films
[24/05/2012 - 13:47:12 | D] - F:\Collectage
[23/06/2012 - 00:10:32 | D] - F:\Apiculture
[31/08/2012 - 20:19:10 | D] - F:\Musique
[22/09/2012 - 09:27:46 | D] - F:\Documents
[22/09/2012 - 09:28:56 | D] - F:\Tao
[25/01/2013 - 11:42:52 | D] - F:\8f02b54866f8c06dbc8ed1720dd0ec8b
[14/09/2014 - 11:20:26 | D] - F:\Enregistrements

################## | I:\ - Removable drive (FAT) |

[22/05/2009 - 09:02:30 | A | 27167 Ko] - I:\Mendilat (7tps) Hijaz La.WAV
[04/05/2014 - 09:19:06 | N | 0 Ko] - I:\.vbt5
[24/04/2013 - 20:30:46 | N | 4 Ko] - I:\._.Trashes
[24/04/2013 - 20:30:46 | D] - I:\.Trashes
[11/03/2014 - 13:11:58 | HD] - I:\.TemporaryItems
[11/03/2014 - 13:11:58 | AH | 4 Ko] - I:\._.TemporaryItems
[24/04/2013 - 20:30:46 | D] - I:\.Spotlight-V100
[03/10/2014 - 16:05:10 | A | 907 Ko] - I:\Ramazane Thème.pdf
[03/10/2014 - 16:08:08 | A | 841 Ko] - I:\Mendil Hijaz la.pdf
[03/11/2014 - 13:20:38 | A | 1 Ko] - I:\BOOTEX.LOG
[08/05/2014 - 11:25:48 | HD] - I:\.fseventsd
[04/05/2007 - 14:25:58 | N | 2 Ko] - I:\OLYML_TB.DAT
[01/01/2007 - 00:03:24 | D] - I:\DSS_FLDD
[01/01/2007 - 00:03:24 | D] - I:\DSS_FLDC
[28/01/2008 - 08:18:30 | D] - I:\DSS_FLDA
[31/08/2012 - 19:06:48 | D] - I:\DSS_FLDE
[31/08/2012 - 19:08:38 | D] - I:\MUSIC
[20/09/2012 - 15:45:44 | D] - I:\Papiers famille
[08/03/2013 - 21:20:28 | D] - I:\DSS_FLDB

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | |


:merci2:
#208451
:hello: ,

Il y a des reste de ton infection Vobfus, avec la clé USB F connectée :
  • Télécharge OTM de OldTimer sur ton bureau.
  • Double-clique sur OTM.exe pour le lancer.
  • Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
  • Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.

Image

:services

:files
F:\USER FILES.exe
F:\Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].exe
F:\Trad.exe
F:\van der toc.exe
F:\trucs nouveaux pour site.exe
F:\tutos_realflow.exe
F:\Tutos After Effect CS6 nouveautes.exe

:reg

:commands
[emptytemp]
  • Clique sur "MoveIt!" .
  • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l'ordinateur.
  • Si c'est le cas, acceptes en cliquant sur "YES".
  • Post le rapport dans ta prochaine réponse.
  • Le rapport est situé dans C:\_OTM\MovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).
#208474
Hello,

Voici le rapport de OTM :
Code: Tout sélectionner
All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
F:\USER FILES.exe moved successfully.
F:\Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].exe moved successfully.
F:\Trad.exe moved successfully.
F:\van der toc.exe moved successfully.
F:\trucs nouveaux pour site.exe moved successfully.
F:\tutos_realflow.exe moved successfully.
F:\Tutos After Effect CS6 nouveautes.exe moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: orion
->Temp folder emptied: 18647 bytes
->Temporary Internet Files folder emptied: 3080672 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 163350920 bytes
->Flash cache emptied: 2844207 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524330 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6218644 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 69958 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 168,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11042014_235746

Files moved on Reboot...
C:\Users\orion\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\orion\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
#208487
:hello: ,

Avec tous les disques connectés :
  • Télécharge ESET Online Scanner (de ESET) sur ton bureau.
  • Lance ESET Online Scanner, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Coche "Oui, j'accepte les condiftions d'utilisation"
  • Clic sur Démarrer
  • Laisse cocher la case "Supprimer menaces détectés"
  • Coche "Analyser les archives"

    Note : Tout les éléments néfastes seront supprimés automatiquement
  • Si aucune menace n'est détectée :
    • Dit le moi simplement dans ta réponse.
  • Si des menaces sont détectés :
    • Clique sur "Liste des menaces détectées"
    • Clique sur Exporter vers ...
    • Copie et colle le contenue du rapport sur le forum.
#208599
Salut,

Voici le rapport d'ESET :
Code: Tout sélectionner
C:\UsbFix\Quarantine\F\siuut.exe.vir Win32/Sality.NBA virus
C:\UsbFix\Quarantine\F\siuutx.exe.vir Win32/Sality.NBA virus
C:\UsbFix\Quarantine\F\x.exe.vir Win32/Sality.NBA virus
C:\AdsFix\Quarantine\C\Users\orion\AppData\Local\Temp\prismsetup.exe.AdsFix une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdsFix\Quarantine\C\Users\orion\AppData\Local\Temp\Softonic_France.exe.AdsFix une variante de Win32/Toolbar.Conduit.B application potentiellement indésirable supprimé - mis en quarantaine
C:\AdsFix\Quarantine\C\Users\orion\AppData\Local\Temp\vpsetup.exe.AdsFix une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v1.64.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\uninst.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v1.82.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\uninst.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\uninst.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\vpsetup_v2.41.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic_France\tbSoft.dll.vir une variante de Win32/Toolbar.Conduit.B application potentiellement indésirable supprimé - mis en quarantaine
C:\AdwCleaner\Quarantine\C\Users\orion\AppData\LocalLow\Softonic_France\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir une variante de Win32/PriceGong.A application potentiellement indésirable supprimé - mis en quarantaine
C:\Program Files (x86)\NCH Swift Sound\Switch\switch.exe une variante de Win32/Toolbar.Conduit.J application potentiellement indésirable supprimé - mis en quarantaine
C:\Program Files (x86)\NCH Swift Sound\Switch\switchsetup_v4.07.exe une variante de Win32/Toolbar.Conduit.J application potentiellement indésirable supprimé - mis en quarantaine
C:\Program Files (x86)\NCH Swift Sound\Switch\uninst.exe une variante de Win32/Toolbar.Conduit.J application potentiellement indésirable supprimé - mis en quarantaine
C:\UsbFix\Quarantine\F\ert.dll.vir Win32/AutoRun.VB.RU ver nettoyé par suppression - mis en quarantaine
C:\UsbFix\Quarantine\F\siuut.exe.vir Win32/AutoRun.VB.RU ver nettoyé par suppression - mis en quarantaine
C:\UsbFix\Quarantine\F\siuutx.exe.vir Win32/AutoRun.VB.RU ver nettoyé par suppression - mis en quarantaine
C:\UsbFix\Quarantine\F\x.exe.vir Win32/AutoRun.VB.RU ver nettoyé par suppression - mis en quarantaine
C:\Users\orion\Downloads\debutsetup.exe une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé - mis en quarantaine
C:\Users\orion\Downloads\SoftonicDownloader41044.exe Win32/SoftonicDownloader.A application potentiellement indésirable supprimé - mis en quarantaine
C:\Users\orion\Downloads\the-help-fre-4420416.exe Win32/InstallCore.EE application potentiellement indésirable supprimé - mis en quarantaine
ESET Online Scanner semble être légèrement différent aujourd'hui, au vu des images qui sont en lien dans ton message précédent.
Avant de le fermer, j'ai coché "Désinstaller l'application à la fermeture" et "Suppression des fichiers en quarantaine". J'espère que j'ai bien fait...
suspicion de contamination

ok très bien, merci

ZHPDiag détecte des problèmes

Bonjour Jacques, Peux tu transmettre ton rapport[…]

Bonjour pas de réponse je ferme

Bienvenue sur la zone de Feedback

Ce forum est destiné à recevoir les […]