Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par misspamy
#11889
Woow, un gros merci à toi! :merci2: :bravo1:

j'ai retrouver mes fichiers! :D:D

Je voulais aussi savoir si ma clé USb étais encore bonne ou si le problème allais encore se reproduire ?
#11910
bah vu que tu as réussi à restaurer les fichiers, sauvergade les ailleurs que sur ta clé puis formate la

ensuite :

Nous allons éffectuer un diagnostic de ton ordinateur afin de voir si ton pc contient d'autres types d'infection ou pas.
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

    Image
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier à été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Avatar du membre
par misspamy
#12018
oups..

Voici le rapport de ZHPDiag :
Code: Tout sélectionner
~ Rapport de ZHPDiag v2013.10.18.49 - Nicolas Coolman (2013-10-18)
~ Lancé par anthony (2013-10-19 18:03:42)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v30.0.1599.101 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : G6MF9
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Microsoft Security Client v4.3.0219.0

---\\ Logiciels d'optimisation du système
CCleaner v3.12 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.0 - Français
Java 7 Update 25

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (32% free)
System Restore: Activé (Enable)
System drive C: has 116 GB (65%) free of 177 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-ANTHONY
~ User Name: anthony
~ All Users Names: anthony, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\anthony\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\anthony\AppData\Roaming\
~ %Desktop% : C:\Users\anthony\Desktop\
~ %Favorites% : C:\Users\anthony\Favorites\
~ %LocalAppData% : C:\Users\anthony\AppData\Local\
~ %StartMenu% : C:\Users\anthony\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 116 Go of 177 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Free 5 Go of 8 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 - 01:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-18 - 22:33:38.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-09-22 - 05:13:22.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 - 01:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-21 - 08:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-04-11 - 01:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-01-18 - 20:28:04.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2009-04-10 - 23:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2011-04-14 - 09:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2009-04-10 - 23:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-01-18 - 20:49:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-01-18 - 20:56:30.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-29 - 08:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.2009-04-10 - 23:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-03-03 - 14:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.2006-11-02 - 03:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-01-18 - 20:56:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2006-11-02 - 04:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.2009-04-10 - 23:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.2009-04-10 - 23:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2012-08-21 - 06:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/432
~ Mes musiques (My Musics) : 1/70
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/18
~ Mon Bureau (My Desktop) : 3/191
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.C7281D6A8649446A1EC22F8903438529] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [154136] [PID.2120]
[MD5.939380CCFA97FC56E0EFB6B626CA752D] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [137752] [PID.2132]
[MD5.F07DF80C2207810FA75CF6429ACAF9B1] - (.Sony Corporation - Pas de description.) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe [311296] [PID.2224]
[MD5.8FFCFE3351F51E19B856A2347E19B850] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.2288]
[MD5.317FCC0A1F599A7B7ACCAF1C852561E5] - (.Vimicro - Vimicro.) -- C:\Windows\VM303_STI.exe [61440] [PID.2376]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2544]
[MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3000]
[MD5.76375D7763C9B56C0E96AE30F6160DFF] - (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe [600256] [PID.3376]
[MD5.E1473471169EC64C57B49F9C984DFB1A] - (.Logitech Inc. - Logitech Vid.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe [5458704] [PID.3968]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4148]
[MD5.DF63CAE3488D21AE83C74BED1C317732] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252440] [PID.3344]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [844752] [PID.272]
[MD5.3DEBC4F06BA637D7EE7BB1A69AC79052] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8102912] [PID.5856]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3324]
[MD5.0A7F86657755ADA92C57E597BF5151F7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1020]
[MD5.927754ABF077AEB5504BE4E0F2C60C1B] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1212]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1328]
[MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] - (...) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832] [PID.504]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2088]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2452]
[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\Windows\system32\PSIService.exe [177704] [PID.2788]
[MD5.506B0B498216371D64ABB69145B70E4C] - (...) -- C:\Program Files\Tor\tor.exe [3233806] [PID.2892]
[MD5.8A9F18ADAD471402236CA931553BF79B] - (.Sony Corporation - VAIO Event Service (Service Module).) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392] [PID.2960]
[MD5.4D6644132F26EF055A1F754B1C38C084] - (.Sony Corporation - VAIO Entertainment UPnP Client Adapter.) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432] [PID.2980]
[MD5.B0C84CEA4FE07231BA87A054AF95984D] - (.Sony Corporation - VAIO Event Service(Service Sub Module).) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe [100472] [PID.3168]
[MD5.065E37EC2654516BCDE0907B308CFAD9] - (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\igfxext.exe [166424] [PID.3304]
[MD5.15A317674A08DF26BE65164D959E9203] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.3444]
[MD5.2E785F4F92C4C67CEBB61DD55ED1F6A1] - (.Sony Corporation - VAIO Entertainment Database Service.) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512] [PID.3556]
[MD5.2D876CAD8C7FFB08179DFF361FF851E6] - (.Sony Corporation - VAIO Entertainment File Import Service.) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072] [PID.3840]
[MD5.605AC5F17669767C7A750314753CF8EB] - (.Sony Corporation - SPM Module.) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [921600] [PID.2188]
[MD5.FE56897B27ED266F9C4E7D90A0B5DA47] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.2812]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Service de la passerelle de la couche Appli.) -- C:\Windows\System32\alg.exe [59392] [PID.1468]
[MD5.249D12488F9EE43B0D812C87335E0EF2] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [295376] [PID.2448]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [adpkifcfcacgmnggcbpbjbkdijciiigm] Bejeweled v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ahkpomfjikkjnidanloinomgkfnagkoh] Juicy Truck Games v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [aidjhfmldjkmlimbifiokaokkbkpfjkb] Red Crucible 2 v.2.0.4 (Activé)
G2 - GCE: Preference [User Data\Default] [ajkfgpbadkgkgdjdgkcechmpfdkmdjho] Supercar Racing v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [beegfnmknkfjdnajgannnpiipandjpgo] Bow Master Japon v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [cdflaplodblmnaapklbgemcljomliman] Crash Car Combat v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [cdgafbloileiohkildpoilliifegiijo] Police Pursuit v.3.0 (Activé)
G2 - GCE: Preference [User Data\Default] [cenghabdbpdbpgjjamkandgggaaiocbo] Brick Break v.1.2 (Activé)
G2 - GCE: Preference [User Data\Default] [clipkodmbobgeipjokdkbjnbijkkhmbm] Parking du Centre Commercial 3D v.1.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [cohkjfondhjjfehnehlpmjpljpihfhfc] Street Racers v.1 (Activé)
G2 - GCE: Preference [User Data\Default] [cpeikjapgbmncgiaijjfondlfflajnlb] Concours Tir \u00E0 l'Arc Av.J-C (B.C. Bow Contest) v.1.1.17.0 (Activé)
G2 - GCE: Preference [User Data\Default] [dcfdbmpeeihbpddkneaploeinlbaaodn] Lara Croft and the Guardian of Light v.1.0.0.16 (Activé)
G2 - GCE: Preference [User Data\Default] [dcpkjgdjjdcpjkanhpcjajnoliociigi] Infectonator 2 v.1.25.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [dfiolepojknoifmfmaooacpopandonoc] Mains dangereuses v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [djpbeidibgdgnhcgoamegepdcgmnlbaj] Puzzle & Skill Games v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [dkahlmmbhmnojaligloglaabbacfjijk] X Speed Race v.1.4 (Activé)
G2 - GCE: Preference [User Data\Default] [dkelcbhdkpcdiiancfjhjcpdinbbfolp] Solitaire Card Games v.1.0.0.6 (Activé)
G2 - GCE: Preference [User Data\Default] [dlompojmjagifbkkfchkkjlgdapphgbg] Diner Dash 2 v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [dnalbhgkcocoepphagnnlaiomnnngeln] Bomomo v.1 (Activé)
G2 - GCE: Preference [User Data\Default] [dnjkggjhcbohgnikmegjkodmakmimlkj] Word Search v.1.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [edcedccoiojocodcdnnicjgcnppijdmc] Suburban Road Racing v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [eegbfdjgceebepnmgnmefipjgkoapagb] Car Games v.0.4 (Activé)
G2 - GCE: Preference [User Data\Default] [egkdbighlkdcnhiffgacdlimoobhenpi] 3D Racing Games v.1.7 (Activé)
G2 - GCE: Preference [User Data\Default] [ehehgijaidopomcfpkigakimeoglkjpa] Jewel Quest Deluxe v.1.0.17.0 (Activé)
G2 - GCE: Preference [User Data\Default] [eijmnijghjeefmjkpfhkeojppcpjckdc] 3D Shooting Games v.1.8 (Activé)
G2 - GCE: Preference [User Data\Default] [enlhholpgabnfajcblcglijhianldmjj] bouteille de tournage v.1.0.9 (Activé)
G2 - GCE: Preference [User Data\Default] [fhlchbdakpidmiikaddeffjfikaclbam] CINQ RAPIDE v.1.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [fojnkghiggpfagjciliabphpgnbmehjf] Productivity 3.1 v.2.3.3.3 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gigpgfnabbnlmgljhkmhkbdgonpinbng] Motocross Madness montagne v.1.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [gjkgoneongcjgidecceapgdmibblfijp] pomme tournage v.1.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [glojkngcaeoenbcikfdicahjnaggkcbf] CandyDash v.9 (Activé)
G2 - GCE: Preference [User Data\Default] [gniccccghhpnkijkfdoajaabnmbpmnko] Sand Trap v.1.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [gojagedhadegobocpaokaifiacjiolph] Air Hockey v.2.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [hclgbbaloijjnkpigapgmocdpoblnlec] \u00C9quipe de tireur d'à‰lite v.1.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [hhepndnhfbdjmegechokkbabcphcihdi] Vgrabber1 v.2.3.19.11 (Désactivé) =>Toolbar.vGrabber
G2 - GCE: Preference [User Data\Default] [hjjofhgnhekhkccpcnnloagmdpafifeo] TiltShiftMaker v.1.3.3 (Activé)
G2 - GCE: Preference [User Data\Default] [hkfdgjcfnjiageoifhnfbeilgoplgbon] Flick Headers Euro 2012 v.1.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [hmggblpgblcoomebaelghgmdgdeknmhg] Ozee v.1.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [ibbhkjoamnfmpcilggihmfeebhienpea] Hot Shot Sniper v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ibfamoapbmmmlknoopmmfofgladlinic] Crackle v.7.1.7 (Activé)
G2 - GCE: Preference [User Data\Default] [iehjklkgijkjfcfmmjmjlmcccholamaf] MixiDJ V45 v.10.19.1.700, (Désactivé) =>Toolbar.MixiDJ
G2 - GCE: Preference [User Data\Default] [ifbhccdddhenjmeamogpjhicnoffdood] Fou tournage v.1.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ihhgbldfjlpideboblfbgkccmplmopbc] Sensr.net IP Camera Monitoring v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ildlmpeellfodfagdkabiljcfeppncak] Racing Games v.0.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [jbacnfobpliffdmiickfhceamljbcnjf] Fruity Annie v.1.0.4 (Activé)
G2 - GCE: Preference [User Data\Default] [jcjbcgfmgdinmcljnafppclcmckchoca] LEGO Star Wars - The Quest for R2-D2 v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [jhkhhpjhohechcaihlfieiikgijenaii] Unblock 2 v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [jjmglhglajnejdnihkcngheghkgpfign] Adam's Virtual Guitar v.2.0 (Activé)
G2 - GCE: Preference [User Data\Default] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>Toolbar.Wajam
G2 - GCE: Preference [User Data\Default] [kdnmjhfcpjlodekmgapneacdngggodjp] Vol San Francisco v.1.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [kgbhfjddokcaippnolmocdikbponhpkd] Formation Jeux Parking v.1.5 (Activé)
G2 - GCE: Preference [User Data\Default] [klfneahoibjkdlonilmnkkncopeiomoc] American Racing v.1.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [koiigheakcgfhkijmpihjkngcnlkhbbd] Idées pour la maison v.0.0.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [kpgpocafknpjmefoadkbaahobadhmhcf] Bow Master Japan v.1.0.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [lgmlohhjedlnljheklbjepdfikchfaoe] Graffiti Creator v.1.3 (Activé)
G2 - GCE: Preference [User Data\Default] [lighpcanjnomdcjmfficdanifpdmgmhp] fIRST lOVE v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [lldafiibepdkdipdddckjoamljcnjicl] Game Gems v.1.0.0.3 (Activé)
G2 - GCE: Preference [User Data\Default] [llojoebfpfheijcipgokjllohccfnkoo] 3D Galaxy Bowling v.1.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [lnnipcmogacpldkmpanjmnjmccgdonol] Hitman Sniper Challenge v.1.0.0.3 (Activé)
G2 - GCE: Preference [User Data\Default] [loghiplmfdfhaccgoklgkmkobmknamkj] Sportbike Champion v.1.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [meklndaflopgghbomkdpofehonfclipi] Contract Killer v.1.1.3 (Activé)
G2 - GCE: Preference [User Data\Default] [mpalelnihbfcohbpniljacigfgjmpodb] Candy Crush Saga v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [mpdnbodlklpglokdnlgimdpkafighlbf] Cam Pad v.1.1.2.2 (Activé)
G2 - GCE: Preference [User Data\Default] [mpedbpkelbhcbkdaglillalioeeekbpb] WGT Golf Game v.45.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ndaflanlochpiijbgjgofgmnbgmhgkmd] 3D Débloquer voiture v.1.0.5 (Activé)
G2 - GCE: Preference [User Data\Default] [njgfhnajhpjmlbfpieplfnocnodbkcfh] Shuffler.fm v.0.0.0.6 (Activé)
G2 - GCE: Preference [User Data\Default] [nkdaebmimnhlmgpjoppmdeokffoahpan] Arcade Evolved v.6.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nlnoiomnnknlhopdjhjalnbnngfkhplc] Pro Kicker v.2.3.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nnbdejkkjibfhmcimehcaaepdibpmooo] Diner Dash 3: Flo On The Go v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ohpblkkbmfceapbolfogbfpkcjdlhonb] Where is the red v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [okcmblenemndmonadbmepnbfpkhhiifm] Tirez Bouteille v.1.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [okehlnjpihomkdokiiafpejniofjaoom] Destroyer bombe 3D v.1.0.6 (Activé)
G2 - GCE: Preference [User Data\Default] [okmoaapooikinnfkllfodbdiiifdkaeo] X Speed Race v.1.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [onfiikpnknmpmlclcgcmfdnabaplpabp] Expert bombe v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pniinickecbjegedmgagmgikbolfgaij] Spot The Differences! v.0.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [podpidhgbialcfbgdkaimpcnanhhomak] Renault Trucks Racing v.1.4 (Activé)
~ Google Browser: 107 Legitimates Filtered in 01mn 38s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@exent.com/npExentCtl,version=7.0.0.0] - (.Exent Technologies Ltd. - Exent® AOD Gecko Plugin.) -- C:\Program Files\Free Ride Games\npExentCtl.dll
P2 - FPN: [HKLM] [@flyordie.com/GamesPlugin] - (.Solware - FlyOrDie Games Plugin 1.0.1.) -- C:\Program Files\Flyordie Plugin\npfod.dll
P2 - FPN: [HKLM] [@oberon-media.com/ONCAdapter] - (...) -- C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (.not file.)
P2 - FPN: [HKLM] [www.exent.com/GameTreatWidget] - (...) -- C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll (.not file.)
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.babylon.com =>Toolbar.Babylon
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.sonystyle.ca
~ IE Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: MiniTool Power Data Recovery 6.8.lnk . (.MiniTool Solution Ltd. - Power Data Recovery is an all in one data r.) -- C:\Program Files\PowerDataRecovery\PowerDataRecovery.exe
O4 - GS\Desktop [Public]: More FREE games.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Play Free Games.lnk . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files\Free Ride Games\GPlrLanc.exe
O4 - GS\QuickLaunch [anthony]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [anthony]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [anthony]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\anthony\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [anthony]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [anthony]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [anthony]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [anthony]: Play Diner Dash 2.lnk . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Remote Programs\Diner Dash 2\GPlrLanc.exe https://www.freeridegames.com
O4 - GS\Desktop [anthony]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.sosvirus.net
O4 - GS\Desktop [anthony]: SosVirus sur Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.facebook.com
O4 - GS\Desktop [anthony]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\anthony\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 73 Legitimates Filtered in 00mn 09s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] . (.Sony Corporation - Pas de description.) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe =>.Logitech Inc
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [BigDog303] . (.Vimicro - Vimicro.) -- C:\Windows\VM303_STI.exe
O4 - HKLM\..\Run: [snpstd] . (.Pas de propriétaire - CameraMonitor MFC Application.) -- C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [agentantidote.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid.) -- C:\Program Files\Logitech\Logitech Vid\vid.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-18\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-19\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-21-2542629729-494269980-674747862-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2542629729-494269980-674747862-1000\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid.) -- C:\Program Files\Logitech\Logitech Vid\vid.exe
O4 - HKUS\S-1-5-21-2542629729-494269980-674747862-1000\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-2542629729-494269980-674747862-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2542629729-494269980-674747862-1000\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files\Free Ride Games\GPlayer.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BCACC1E-4E23-423D-9C33-C38FE7A8B64C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C10B10E-4A2F-43FA-BF9D-3EDDAB50562A}: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BCACC1E-4E23-423D-9C33-C38FE7A8B64C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C10B10E-4A2F-43FA-BF9D-3EDDAB50562A}: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
O17 - HKLM\System\CS3\Services\Tcpip\..\{0BCACC1E-4E23-423D-9C33-C38FE7A8B64C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2C10B10E-4A2F-43FA-BF9D-3EDDAB50562A}: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon . (.Sony Corporation - VAIO Event Service (Winlogon Notification M.) -- C:\Windows\System32\VESWinlogon.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files\Tor\tor.exe
O23 - Service: XAudioService (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\System32\DRIVERS\xaudio.exe
~ Services: 12 Legitimates Filtered in 00mn 05s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (SsiEfr.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\d6dedae56feb46]
[HKLM\Software\20602 EasyCam Pro]
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>PUP.Tarma
~ Key Software: 160 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-08-27 - 17:20:16 - [0,609] ----D C:\Program Files\Conduit
O43 - CFD: 2013-08-27 - 17:22:07 - [0,024] ----D C:\Program Files\MixiDJ_V45 =>Toolbar.MixiDJ
O43 - CFD: 2013-08-29 - 18:59:35 - [0,005] ----D C:\Program Files\Wajam =>Toolbar.Wajam
O43 - CFD: 2012-07-08 - 20:22:22 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 2012-10-22 - 17:55:56 - [0,281] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 2012-07-08 - 20:22:22 - [0,020] ----D C:\Users\anthony\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 2013-06-15 - 11:16:00 - [0,308] ----D C:\Users\anthony\AppData\Roaming\File Scout
O43 - CFD: 2013-08-27 - 17:22:04 - [0] ----D C:\Users\anthony\AppData\Local\Conduit
O43 - CFD: 2013-08-27 - 17:19:18 - [0,054] ----D C:\Users\anthony\AppData\Local\Wajam =>Toolbar.Wajam
~ Program Folder: 165 Legitimates Filtered in 00mn 23s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.95ED99C00CEF28788021B23B93A8E3A7] - 2013-10-12 - 16:26:36 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [6645]
O44 - LFC:[MD5.1055107A27CF5C0A01BC6A355FC5F27C] - 2013-10-13 - 12:46:26 ----- . (...) -- C:\UsbFix [Clean 2] PC-DE-ANTHONY.txt [9947]
O44 - LFC:[MD5.9BA227F304BDADBCF95AC37048164171] - 2013-10-13 - 13:04:17 ----- . (...) -- C:\UsbFix [Clean 4] PC-DE-ANTHONY.txt [7315]
O44 - LFC:[MD5.769502FC3FB10D14E1DDD2145B5C826B] - 2013-10-13 - 13:16:02 ----- . (...) -- C:\UsbFix [Scan 1] PC-DE-ANTHONY.txt [7263]
O44 - LFC:[MD5.71EE8EFC5FEFCEB6FD38139F63227FE5] - 2013-10-13 - 13:30:30 ----- . (...) -- C:\UsbFix [Clean 5] PC-DE-ANTHONY.txt [7325]
O44 - LFC:[MD5.6977F44E72F43FAC54F775FBA11F1662] - 2013-10-13 - 13:54:32 ---A- . (...) -- C:\UsbFix [Clean 6] PC-DE-ANTHONY.txt [7403]
O44 - LFC:[MD5.57898047AB22283486557A5ADC1C85BC] - 2013-10-13 - 16:57:26 ---A- . (...) -- C:\UsbFix [Scan 2] PC-DE-ANTHONY.txt [6879]
~ Files: 59 Legitimates Filtered in 00mn 11s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.4B3CCF3F6569C473161F9A17B3C48F65] - 2013-10-18 - 18:08:26 ---A- - C:\Windows\Prefetch\30.0.1599.101_30.0.1599.69_CH-260766D3.pf
~ Prefetcher: 70 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 2006-11-02 - 04:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.5E55C8C6BB1CFCFBBE0E5F678E4D296E] - 2012-08-25 - 14:30:27 RSH-- . (...) -- C:\Windows\System32\4219614437.sys [88]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2013-10-19 - 18:07:07 ---A- . (...) -- C:\Users\anthony\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [257451]
O61 - LFC: 2013-10-19 - 18:08:01 ---A- . (...) -- C:\Users\anthony\AppData\Local\Google\Chrome\User Data\Local State [55283]
O61 - LFC: 2013-10-19 - 18:09:26 ---A- . (...) -- C:\Users\anthony\AppData\Roaming\ZHP\Log.txt [19336] =>.Nicolas Coolman
O61 - LFC: 2013-10-19 - 18:09:26 ---A- . (...) -- C:\Users\anthony\AppData\Roaming\ZHP\TestsZHPDiag.txt [2872] =>.Nicolas Coolman
~ 13 Fichiers temporaires (Temporary files)
~ Files: 110 Legitimates Filtered in 02mn 47s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - https://www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 2012-08-02 - C:\Program Files\Free Ride Games\X6XSEx_Pr143.sys (X6XSEx_Pr143) .(.Exent Technologies Ltd. - X6XSEx Kernel Mode Driver.) - LEGACY_X6XSEX_PR143
~ Legacy: 73 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - https://search.babylon.com =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - https://search.babylon.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {1084EAFE-BCFD-4EA3-A937-87F47C74FB4C} - (Google Search) - https://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com
O69 - SBI: SearchScopes [HKCU] {A531D99C-5A22-449b-83DA-872725C6D0ED} - (ALOT Search) - https://search.alot.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Vgrabber1 Customized Web Search) - https://search.conduit.com =>Toolbar.vGrabber
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\anthony\AppData\Roaming\uTorrent\microsoft office 2010 keygen.rar.torrent =>P2P.µTorrent
C:\Users\anthony\AppData\Roaming\uTorrent\microsoft office 2010 keygen.rar.torrent =>P2P.µTorrent
~ Files: Scanned in 00mn 12s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.416E6664BDB8FA7DDDB6F474CC2B21D2] [SPRF][2013-07-19] (...) -- C:\Users\anthony\AppData\Local\d3d9caps.dat [680]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][2013-02-21] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\anthony\Desktop\FLVMPlayer.exe [4953944]
[MD5.8334A2873C688C1511F5078CFF90C484] [SPRF][2012-09-04] (.Pokki - Instagrille for Pokki Setup Program.) -- C:\Users\anthony\Desktop\Pokki-InstagrilleSetup.exe [766800]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\d6dedae56feb46\2.6.1339.144\upd]:="upd=1"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:version="2.6.1123.78"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:version="2.6.1249.132"
[HKCU\Software\d6dedae56feb46] =>Toolbar.Babylon^
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.3F7FC8AD897DF981A11B567DF5FFF42A] [WIS][2013-03-06] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\6553a1.msi [1638912]
~ WIS: 109 Legitimates Filtered in 00mn 12s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 2007-09-10 124832 | (AdobeActiveFileMonitor6.0) . (...) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 2011-09-17 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 2011-10-11 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-10-11 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2005-11-14 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SR - | Demand 2013-05-31 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 2006-12-14 45056 | (MSCSPTISRV) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
SS - | Demand 2006-12-14 57344 | (PACSPTISVR) . (...) - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
SR - | Auto 2007-06-05 177704 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SS - | Auto 2013-02-07 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 2006-12-14 69632 | (SPTISRV) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
SR - | Auto 2013-08-29 3233806 | (tor) . (...) - C:\Program Files\Tor\tor.exe
SR - | Auto 2011-08-19 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SS - | Demand 2007-06-28 73728 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
SR - | Auto 2007-08-14 182392 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
SS - | Demand 2007-06-20 2523136 | (VAIOMediaPlatform-IntegratedServer-AppServer) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
SS - | Demand 2007-06-20 397312 | (VAIOMediaPlatform-IntegratedServer-HTTP) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
SS - | Demand 2007-06-20 1089536 | (VAIOMediaPlatform-IntegratedServer-UPnP) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
SS - | Demand 2007-06-20 499712 | (VAIOMediaPlatform-Mobile-Gateway) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
SS - | Demand 2007-01-10 745472 | (VAIOMediaPlatform-UCLS-AppServer) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
SS - | Demand 2007-06-20 397312 | (VAIOMediaPlatform-UCLS-HTTP) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
SS - | Demand 2007-06-20 1089536 | (VAIOMediaPlatform-UCLS-UPnP) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
SS - | Demand 2007-09-28 292128 | (VcmIAlzMgr) . (.Sony Corporation.) - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
SS - | Demand 2007-09-20 79136 | (VcmXmlIfHelper) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
SR - | Demand 2007-06-28 274432 | (Vcsw) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
SR - | Auto 2007-08-28 192512 | (VzCdbSvc) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
SR - | Auto 2007-08-28 131072 | (VzFw) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
SS - | Auto 2008-01-18 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2008-01-18 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2007-09-19 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\DRIVERS\xaudio.exe
~ Services: Scanned in 00mn 15s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, https://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by anthony at 2013-10-19 18:10:26

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12949 - (2013-10-18)
Clés trouvées (Keys found) : 28
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 15
Fichiers trouvés (Files found) : 8

[HKLM\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi] =>Toolbar.vGrabber^
[HKLM\Software\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf] =>Toolbar.MixiDJ^
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT3131886] =>Toolbar.Conduit
C:\Program Files\MixiDJ_V45 =>Toolbar.MixiDJ^
C:\Program Files\Wajam =>Toolbar.Wajam^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\anthony\AppData\Roaming\Babylon =>Toolbar.Babylon^
C:\Users\anthony\AppData\Local\Wajam =>Toolbar.Wajam^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\SearchProtect =>Toolbar.Conduit
C:\Program Files\WebplayerToolbar =>Toolbar.Webplayer
C:\Program Files\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\anthony\AppData\Roaming\SearchProtect =>Toolbar.Conduit
C:\Users\anthony\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz
C:\Users\anthony\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\anthony\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\anthony\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi =>Toolbar.vGrabber^
C:\Users\anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf =>Toolbar.MixiDJ^
C:\Users\anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Babylon] =>Toolbar.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\d6dedae56feb46] =>Toolbar.Babylon^^
~ Additionnel Scan: 294979 Items scanned in 00mn 27s



---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber =>Toolbar.vGrabber
~ https://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam
~ https://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ https://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ https://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ https://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ https://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ https://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ https://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ https://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo =>Adware.Yontoo
~ https://nicolascoolman.webs.com/apps/blog/show/26664342-adware-comet =>Adware.Comet
~ https://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
~ https://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ https://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ https://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ MSI: 15 link(s) detected in 00mn 27s



~ 1242 Legitimates filtered by white list
End of the scan (678 lines in 07mn 11s)(2)
Avatar du membre
par H.A.W.X
#12020
Bonsoir,
  • Copie les lignes ci dessous :
Code : Tout sélectionner
Script ZHPFix 
Sysrestore

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.babylon.com =>Toolbar.Babylon
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\d6dedae56feb46]    
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>PUP.Tarma
O43 - CFD: 2012-07-08 - 20:22:22 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 2012-10-22 - 17:55:56 - [0,281] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 2012-07-08 - 20:22:22 - [0,020] ----D C:\Users\anthony\AppData\Roaming\Babylon =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - https://search.babylon.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - 
https://search.babylon.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {A531D99C-5A22-449b-83DA-872725C6D0ED} - (ALOT Search) - https://search.alot.com    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11"    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:version="2.6.1123.78"    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:version="2.6.1125.80"    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"    
[HKCU\Software\d6dedae56feb46\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:version="2.6.1249.132"    
[HKCU\Software\d6dedae56feb46] =>Toolbar.Babylon^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\anthony\AppData\Roaming\Babylon =>Toolbar.Babylon^
C:\Users\anthony\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz
C:\Users\anthony\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKLM\Software\Babylon] =>Toolbar.Babylon^
[HKCU\Software\d6dedae56feb46] =>Toolbar.Babylon^^
O4 - GS\Desktop [Public]: More FREE games.lnk - Clé orpheline
O4 - HKCU\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-2542629729-494269980-674747862-1000\..\Run: [WindowsWelcomeCenter] Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline    
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Conduit] =>Toolbar.Conduit
G2 - GCE: Preference [User Data\Default] [hhepndnhfbdjmegechokkbabcphcihdi] Vgrabber1 v.2.3.19.11 (Désactivé) =>Toolbar.vGrabber
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT3131886] =>Toolbar.Conduit
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\SearchProtect =>Toolbar.Conduit
C:\Users\anthony\AppData\Roaming\SearchProtect =>Toolbar.Conduit
C:\Users\anthony\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\anthony\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi 
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^

FirewallRaz 
EmptyCLSID
EmptyFlash  
  • Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Clique sur Importer
    2. Puis Clic sur "GO"
    Image

    Image
  • Confirmes les nettoyages des données en cliquant sur "Oui"
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
Avatar du membre
par H.A.W.X
#12934
Il est ou ?Bonjour Hello,
Sans réponse de ta part, je considère le problème comme résolu !,
Il est pourtant très important de suivre une désinfection jusqu'au bout. En effet, même si les symptômes qui t'on amené à demander de l'aide on disparu, ton ordinateur reste toutefois infecté. Tu dois savoir également que notre aide est bénévole, voir ton sujet abandonné sans aucune explication est pour nous un manque de respect. Merci de respecter les personnes qui donnent de leur temps afin de vous aider. Quoiqu'il en soit, nous laissons ton sujet ouvert au cas où tu décides de revenir ... @ Bientôt sur SosVirus.
Il est ou ?

coucou ^_^ bah c'est sûr qu' il est beaucou[…]

Suspicion de virus crypto

Ok bonne route :)

Problème avec Adsfix

bonsoir ok , à te lire prochainement :)

suspicion de contamination

ok très bien, merci