Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par inès
#12178
bonsoir à tous
avant de formater j'ai voulu sauver des fichiers dans le disque externe, ils sont devenus des raccourcis .lnk et ne s'ouvrent plus
j'ai tenté de suivre votre procédure en passant ad-aware, malawarebytes, zhpdiag et usbfix
je ne suis pas douée et quand j'essaie de vous joindre les rapports mon message est effacé
merci d'avance pour votre indulgence
Avatar du membre
par inès
#12181
j'essaie encore [attachment=]# AdwCleaner v3.009 - Rapport créé le 20/10/2013 à 16:43:28
# Mis à jour le 19/10/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : serge - MAURICETTE
# Exécuté depuis : C:\Documents and Settings\serge\Local Settings\Temporary Internet Files\Content.IE5\6AWL1BYW\adwcleaner[1].exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\Conduit
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\Duuqu
Dossier Supprimé : C:\Program Files\Jmalaya_LiveTV
Dossier Supprimé : C:\Documents and Settings\serge\Local Settings\Application Data\Conduit
Dossier Supprimé : C:\Documents and Settings\serge\Local Settings\Application Data\Duuqu
Dossier Supprimé : C:\Documents and Settings\serge\Local Settings\Application Data\iac
Dossier Supprimé : C:\Documents and Settings\serge\Local Settings\Application Data\Jmalaya_LiveTV
Dossier Supprimé : C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\Smartbar
Dossier Supprimé : C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\CT3311843
Dossier Supprimé : C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\Extensions\{4844c390-489d-4ad1-9355-e9a9a9162336}
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\searchplugins\Conduit.xml
Fichier Supprimé : C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\user.js

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Toolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT3311843
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4844C390-489D-4AD1-9355-E9A9A9162336}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F4004B74-FBF5-4533-9960-867E7055D44A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4844C390-489D-4AD1-9355-E9A9A9162336}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4844C390-489D-4AD1-9355-E9A9A9162336}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4004B74-FBF5-4533-9960-867E7055D44A}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4844C390-489D-4AD1-9355-E9A9A9162336}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4004B74-FBF5-4533-9960-867E7055D44A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F4004B74-FBF5-4533-9960-867E7055D44A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC6BD22A-5E2C-4C24-9056-212D35741053}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C8B59CC-8876-4A4B-AD6D-B347E017D4D4}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4844C390-489D-4AD1-9355-E9A9A9162336}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4844C390-489D-4AD1-9355-E9A9A9162336}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4844C390-489D-4AD1-9355-E9A9A9162336}]
Clé Supprimée : HKCU\Software\APN PIP
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Duuqu
Clé Supprimée : HKCU\Software\smartbar
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\Jmalaya_LiveTV
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\Duuqu
Clé Supprimée : HKLM\Software\PIP
Clé Supprimée : HKLM\Software\Jmalaya_LiveTV

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (fr)

[ Fichier : C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\prefs.js ]

Ligne Supprimée : user_pref("CT3311843.1000082.isPlayDisplay", "true");
Ligne Supprimée : user_pref("CT3311843.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://\"}");
Ligne Supprimée : user_pref("CT3311843.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Supprimée : user_pref("CT3311843.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Supprimée : user_pref("CT3311843.FF19Solved", "true");
Ligne Supprimée : user_pref("CT3311843.FirstTime", "true");
Ligne Supprimée : user_pref("CT3311843.FirstTimeFF3", "true");
Ligne Supprimée : user_pref("CT3311843.PG_ENABLE", "dHJ1ZQ==");
Ligne Supprimée : user_pref("CT3311843.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Ligne Supprimée : user_pref("CT3311843.SF_STATUS.enc", "RU5BQkxFRA==");
Ligne Supprimée : user_pref("CT3311843.SF_USER_ID.enc", "Y2lkXzIwMTAyMDEzMTExMTEzOTY4NDc3Nw==");
Ligne Supprimée : user_pref("CT3311843.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=");
Ligne Supprimée : user_pref("CT3311843.UserID", "UN17630544022217195");
Ligne Supprimée : user_pref("CT3311843.addressBarTakeOverEnabledInHidden", "true");
Ligne Supprimée : user_pref("CT3311843.browser.search.defaultthis.engineName", "true");
Ligne Supprimée : user_pref("CT3311843.cbfirsttime.enc", "U3VuIE9jdCAyMCAyMDEzIDExOjExOjE1IEdNVCswMjAw");
Ligne Supprimée : user_pref("CT3311843.countryCode", "FR");
Ligne Supprimée : user_pref("CT3311843.defaultSearch", "true");
Ligne Supprimée : user_pref("CT3311843.embeddedsData", "[{\"appId\":\"130209594879407366\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Ligne Supprimée : user_pref("CT3311843.enableAlerts", "true");
Ligne Supprimée : user_pref("CT3311843.enableSearchFromAddressBar", "true");
Ligne Supprimée : user_pref("CT3311843.firstTimeDialogOpened", "true");
Ligne Supprimée : user_pref("CT3311843.fixPageNotFoundError", "true");
Ligne Supprimée : user_pref("CT3311843.fixPageNotFoundErrorByUser", "true");
Ligne Supprimée : user_pref("CT3311843.fixPageNotFoundErrorInHidden", "true");
Ligne Supprimée : user_pref("CT3311843.fullUserID", "UN17630544022217195.IN.20131018170912");
Ligne Supprimée : user_pref("CT3311843.installDate", "18/10/2013 17:09:14");
Ligne Supprimée : user_pref("CT3311843.installId", "cidim27");
Ligne Supprimée : user_pref("CT3311843.installSessionId", "{9D0C6BE7-DE52-4BF3-8055-E0BE4FB99F5F}");
Ligne Supprimée : user_pref("CT3311843.installSp", "TRUE");
Ligne Supprimée : user_pref("CT3311843.installType", "conduitnsisintegration");
Ligne Supprimée : user_pref("CT3311843.installUsage", "2013-10-20T12:10:58.1380744+03:00");
Ligne Supprimée : user_pref("CT3311843.installUsageEarly", "2013-10-20T12:10:58.2671342+03:00");
Ligne Supprimée : user_pref("CT3311843.installerVersion", "1.7.1.7");
Ligne Supprimée : user_pref("CT3311843.isCheckedStartAsHidden", true);
Ligne Supprimée : user_pref("CT3311843.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Supprimée : user_pref("CT3311843.isFirstTimeToolbarLoading", "false");
Ligne Supprimée : user_pref("CT3311843.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Ligne Supprimée : user_pref("CT3311843.keyword", "true");
Ligne Supprimée : user_pref("CT3311843.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3311843&octid=CT3311843&SearchSource=15&CUI=UN17630544022217195&SSPV=&Lay=1&UM=2\"}");
Ligne Supprimée : user_pref("CT3311843.lastVersion", "10.20.3.20");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appStateReportTime.enc", "MTM4MjI2MDI2MDkxOA==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appState_CouponBuddy.enc", "b24=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appState_Easytobook.enc", "b24=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appState_Easytobookcars.enc", "b24=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appState_PriceGong.enc", "b24=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appState_WindowShopper.enc", "b24=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appState_eToro.enc", "b24=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Ligne Supprimée : user_pref("CT3311843.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_calledSetupService.enc", "MQ==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6ImVUb3JvIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiMWU5NjMwZjEtZWFiMS00ZTdiLWEwODctZDRhZTY1Zjg0MDNhIiwiZG9tYWlucyI6WyIiLCI[...]
Ligne Supprimée : user_pref("CT3311843.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_first_time.enc", "MQ==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_lastLoginTime.enc", "MTM4MjI2MDI1NzM0OA==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_localization.enc", "eyJkbWJveDEiOnsiVGV4dCI6IlByb21vXG5kdSBqb3VyIn0sImRtYm94MiI6eyJUZXh0IjoiTGl2cmFpc29uXG5ncmF0dWl0ZSJ9LCJkbWJ1bGxldDEiOnsiVGV4dCI6IkVjb25vbWlzZXogZGUgbOKA[...]
Ligne Supprimée : user_pref("CT3311843.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_new_welcome_experience.enc", "MQ==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiRlIiLCJpc1dlbGNvbWVFeHBl[...]
Ligne Supprimée : user_pref("CT3311843.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Ligne Supprimée : user_pref("CT3311843.mam_gk_userId.enc", "ZThmZTJlYjktODc5Mi00NmU1LWIyZjMtNGNiYjVkOWU2ZGFl");
Ligne Supprimée : user_pref("CT3311843.mam_gk_user_approval_interacted.enc", "MQ==");
Ligne Supprimée : user_pref("CT3311843.mam_gk_welcomeDialogMode.enc", "MQ==");
Ligne Supprimée : user_pref("CT3311843.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Faccount.panzar.com%2Ffr%2Flanding%2F07%2F%3Fpe002%3Dadc%26play%3D1%26cid%3D13999253721382261122%26subId%3D96977%26co[...]
Ligne Supprimée : user_pref("CT3311843.openThankYouPage", "false");
Ligne Supprimée : user_pref("CT3311843.openUninstallPage", "true");
Ligne Supprimée : user_pref("CT3311843.originalHomepage", "hxxp://");
Ligne Supprimée : user_pref("CT3311843.originalSearchAddressUrl", "");
Ligne Supprimée : user_pref("CT3311843.originalSearchEngine", "");
Ligne Supprimée : user_pref("CT3311843.originalSearchEngineName", "");
Ligne Supprimée : user_pref("CT3311843.price-gong.isManagedApp", "true");
Ligne Supprimée : user_pref("CT3311843.revertSettingsEnabled", "false");
Ligne Supprimée : user_pref("CT3311843.search.searchAppId", "130209594879407366");
Ligne Supprimée : user_pref("CT3311843.search.searchCount", "2");
Ligne Supprimée : user_pref("CT3311843.searchFromAddressBarEnabledByUser", "true");
Ligne Supprimée : user_pref("CT3311843.searchInNewTabEnabledByUser", "true");
Ligne Supprimée : user_pref("CT3311843.searchInNewTabEnabledInHidden", "true");
Ligne Supprimée : user_pref("CT3311843.searchRevert", "false");
Ligne Supprimée : user_pref("CT3311843.searchSuggestEnabledByUser", "true");
Ligne Supprimée : user_pref("CT3311843.searchUserMode", "2");
Ligne Supprimée : user_pref("CT3311843.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3311843\"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://JmalayaLiveTVToolbar.OurToolbar.com//xpi\"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Jmalaya LiveTV \"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_Configuration_lastUpdate", "1382260251814");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1382260252875");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_appsMetadata_lastUpdate", "1382260252870");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1382260252704");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1382260255719");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1382260255733");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_login_10.20.3.20_lastUpdate", "1382260252960");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1382260252807");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_searchAPI_lastUpdate", "1382260251962");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_serviceMap_lastUpdate", "1382260251520");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_toolbarContextMenu_lastUpdate", "1382260252670");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_toolbarSettings_lastUpdate", "1382260252007");
Ligne Supprimée : user_pref("CT3311843.serviceLayer_services_translation_lastUpdate", "1382260252852");
Ligne Supprimée : user_pref("CT3311843.settingsINI", true);
Ligne Supprimée : user_pref("CT3311843.shouldFirstTimeDialog", "false");
Ligne Supprimée : user_pref("CT3311843.showToolbarPermission", "false");
Ligne Supprimée : user_pref("CT3311843.smartbar.CTID", "CT3311843");
Ligne Supprimée : user_pref("CT3311843.smartbar.Uninstall", "0");
Ligne Supprimée : user_pref("CT3311843.smartbar.homepage", "true");
Ligne Supprimée : user_pref("CT3311843.smartbar.toolbarName", "Jmalaya LiveTV ");
Ligne Supprimée : user_pref("CT3311843.startPage", "true");
Ligne Supprimée : user_pref("CT3311843.toolbarBornServerTime", "20-10-2013");
Ligne Supprimée : user_pref("CT3311843.toolbarCurrentServerTime", "20-10-2013");
Ligne Supprimée : user_pref("CT3311843.toolbarLoginClientTime", "Sun Oct 20 2013 11:10:52 GMT+0200");
Ligne Supprimée : user_pref("CT3311843.url_history0001.enc", "aHR0cDovL3N0cmVhbXp6ei5jb20vY2F0ZWdvcnkvYXJyb3c6OjpjbGlja2hhbmRsZXI6OjoxMzgyMjYwMzE0OTM1LCwsaHR0cDovL2dldC5hZG9iZS5jb20vZnIvZmxhc2hwbGF5ZXIvZG93bmxvYWQvP2lu[...]
Ligne Supprimée : user_pref("CT3311843.versionFromInstaller", "10.20.3.20");
Ligne Supprimée : user_pref("CT3311843.xpeMode", "0");
Ligne Supprimée : user_pref("CT3311843_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382261116383,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Ligne Supprimée : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13");
Ligne Supprimée : user_pref("Smartbar.ConduitSearchEngineList", "Jmalaya LiveTV Customized Web Search");
Ligne Supprimée : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=");
Ligne Supprimée : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Ligne Supprimée : user_pref("Smartbar.keywordURLSelectedCTID", "CT3311843");
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Jmalaya LiveTV Customized Web Search");
Ligne Supprimée : user_pref("browser.search.defaultthis.engineName", "Jmalaya LiveTV Customized Web Search");
Ligne Supprimée : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=3&q={searchTerms}");
Ligne Supprimée : user_pref("browser.search.selectedEngine", "Jmalaya LiveTV Customized Web Search");
Ligne Supprimée : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13");
Ligne Supprimée : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=");
Ligne Supprimée : user_pref("smartbar.addressBarOwnerCTID", "CT3311843");
Ligne Supprimée : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311843&octid=CT3311843&SearchSource[...]
Ligne Supprimée : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=");
Ligne Supprimée : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311843");
Ligne Supprimée : user_pref("smartbar.homePageOwnerCTID", "CT3311843");
Ligne Supprimée : user_pref("smartbar.machineId", "EIG9P58VQNMUZMXUIZ9NT3UTUMFEJZ/HPEZ7AGMQEEJPVJIZCXLX8RWJDBU3TIED5A6URPTLH2TD+/M7G32EKW");
Ligne Supprimée : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13");

*************************

AdwCleaner[R0].txt - [5634 octets] - [17/10/2013 09:43:51]
AdwCleaner[R1].txt - [18358 octets] - [20/10/2013 16:42:35]
AdwCleaner[S0].txt - [5397 octets] - [17/10/2013 09:45:07]
AdwCleaner[S1].txt - [18615 octets] - [20/10/2013 16:43:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [18676 octets] ##########
[/attachment]
Avatar du membre
par inès
#12182
second rapport
[attachment=]Malwarebytes Anti-Malware (Essai) 1.75.0.1300


Version de la base de données: v2013.10.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
serge :: MAURICETTE [administrateur]

Protection: Activé

20/10/2013 17:28:12
mbam-log-2013-10-20 (17-28-12).txt

Type d'examen: Examen complet (O:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 207004
Temps écoulé: 2 minute(s), 17 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
[/attachment]
Avatar du membre
par inès
#12183
troisième
[attachment=]~ Rapport de ZHPDiag v2013.10.20.55 - Nicolas Coolman (20/10/2013)
~ Lancé par serge (20/10/2013 16:48:21)
~ Adresse du Site Web
~ Forums gratuits d'Assistance à la désinfection :
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 24.0

---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v4.06 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3327 MB (75% free)
System Restore: Activé (Enable)
System drive C: has 38 GB (76%) free of 49 GB

---\\ Mode de connexion au système
~ Computer Name: MAURICETTE
~ User Name: serge
~ All Users Names: SUPPORT_388945a0, serge, HelpAssistant, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\serge\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\serge\Application Data\
~ %Desktop% : C:\Documents and Settings\serge\Bureau\
~ %Favorites% : C:\Documents and Settings\serge\Favoris\
~ %LocalAppData% : C:\Documents and Settings\serge\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\serge\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 38 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 183 Go of 184 Go)
E: Hard drive, Flash drive, Thumb drive (Free 77 Go of 176 Go)
F: Hard drive, Flash drive, Thumb drive (Free 290 Go of 290 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
O: Hard drive, Flash drive, Thumb drive (Free 367 Go of 466 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:33.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/12
~ Mon Bureau (My Desktop) : 0/1113
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.A29F2E883730A91965CE8BB6981D5B37] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [581632] [PID.1024]
[MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1660]
[MD5.E681281D9BFC9D45D3B72532717E5880] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.136]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208] [PID.148]
[MD5.013A269E7AF8B01FF20B384FEEBFFDA5] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16862720] [PID.156]
[MD5.35B236D0A5973CC913990B7E86FF266B] - (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [5964800] [PID.164]
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.172]
[MD5.25CA1677AAA3CDC99CD4FCF940886F3C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [49152] [PID.808]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1184]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1280]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1816]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2440]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2696]
[MD5.F30BF9FC4275156F2AE96FCDF1ED5EE4] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.3288]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.2080]
[MD5.DD425C93255671A5FE81A95E686C03D7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8111104] [PID.1680]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\prefs.js
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [serge]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [serge]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 11 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [Six Engine] . (...) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1060284298-515967899-839522115-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: 6 Legitimates Filtered in 00mn 04s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Allyrics-16-codedownloader.job [1236] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Allyrics-16-enabler.job [1136] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Allyrics-16-updater.job [1330] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [460]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [460]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At3.job [460]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At4.job [460]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Bubble Shooter v1.0 - (.Nowstat.com.) [HKLM] -- {6BB5561C-207B-4D74-9038-FF6FA338F998}_is1
~ Logic: 59 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager
~ Key Software: 121 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/10/2013 - 07:40:28 - [0,934] ----D C:\Program Files\BSHOOTER.com
O43 - CFD: 18/10/2013 - 11:08:07 - [1,102] ----D C:\Program Files\Nowstat.com
O43 - CFD: 16/10/2013 - 21:24:48 - [0] ----D C:\Documents and Settings\All Users\Application Data\APN
O43 - CFD: 18/10/2013 - 07:40:29 - [0,001] ----D C:\Documents and Settings\serge\Application Data\BSHOOTER.com
~ Program Folder: 86 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 16/10/2013 - 13:41:27 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 16/10/2013 - 13:41:31 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.FDA18F513403E67CAE9BF0D2DD948B28] - 16/10/2013 - 13:41:31 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3914]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 16/10/2013 - 13:41:32 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.F9A14C7B36E10052A1B0F071BC3C1C65] - 16/10/2013 - 13:41:32 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [27768]
O44 - LFC:[MD5.9F27B27C8405FEAF7DFC4DA3751DEF22] - 16/10/2013 - 13:41:32 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1263]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 16/10/2013 - 13:41:33 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\Bulles de savon.bmp [65978]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\Rosace bleue 16.bmp [1272]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\Tasse à café.bmp [17062]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 16/10/2013 - 13:41:34 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Granit vert.bmp [26582]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Jour de pêche.bmp [17336]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Mur de Santa Fe.bmp [65832]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Plume.bmp [16730]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Rivière Sumida.bmp [26680]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Vent de prairie.bmp [65954]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 16/10/2013 - 13:41:35 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 16/10/2013 - 13:42:15 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 16/10/2013 - 13:42:15 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 16/10/2013 - 13:43:21 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 16/10/2013 - 13:43:21 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.CE45BE933AA8CF23B3469FE761C27A32] - 16/10/2013 - 13:43:21 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [49102]
O44 - LFC:[MD5.CE45BE933AA8CF23B3469FE761C27A32] - 16/10/2013 - 13:43:21 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [49102]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 13:44:36 ----- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 13:44:36 ----- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 13:44:36 ----- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 13:44:36 ----- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 13:44:36 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.AD05ECA6822949899B39996C9C0DF593] - 16/10/2013 - 14:03:21 R--A- . (...) -- C:\WINDOWS\system32\atiicdxx.dat [176216]
O44 - LFC:[MD5.31B434EDEC919137787CABF10E76266B] - 16/10/2013 - 14:03:21 R--A- . (...) -- C:\WINDOWS\system32\ativvaxx.dat [3107788]
O44 - LFC:[MD5.31B434EDEC919137787CABF10E76266B] - 16/10/2013 - 14:03:25 R--A- . (...) -- C:\WINDOWS\system32\ativva5x.dat [3107788]
O44 - LFC:[MD5.C23E3A4C7004D634A5C2E02841B3E3D4] - 16/10/2013 - 14:03:26 R--A- . (...) -- C:\WINDOWS\system32\ativva6x.dat [887724]
O44 - LFC:[MD5.84086D3595E62266A72CE6B19E9BF569] - 16/10/2013 - 14:03:28 R--A- . (...) -- C:\WINDOWS\system32\atifglpf.xml [7167]
O44 - LFC:[MD5.23848BA090CF6FD1130C27901C0FD1C7] - 16/10/2013 - 14:03:30 R--A- . (...) -- C:\WINDOWS\atiogl.xml [14696]
O44 - LFC:[MD5.292CE38F68F98FC74FFCB3A7D39B1356] - 16/10/2013 - 14:03:32 ---A- . (.Pas de propriétaire - ATI Smart.) -- C:\WINDOWS\system32\ati2sgag.exe [593920]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 14:10:31 ---A- . (...) -- C:\WINDOWS\ativpsrm.bin [0]
O44 - LFC:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 16/10/2013 - 14:15:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [10296]
O44 - LFC:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 16/10/2013 - 14:16:08 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810]
O44 - LFC:[MD5.43C3571EADA5BC1EDEAD7CA22AD66F30] - 16/10/2013 - 14:33:18 R---- . (...) -- C:\WINDOWS\system32\ChCfg.exe [49152]
O44 - LFC:[MD5.C34AFC859EF56561A36969FC8BC4E59F] - 16/10/2013 - 14:33:21 ----- . (...) -- C:\WINDOWS\USetup.iss [636]
O44 - LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] - 16/10/2013 - 14:36:38 ---A- . (...) -- C:\WINDOWS\system32\BuzzingBee.wav [146650]
O44 - LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] - 16/10/2013 - 14:36:38 ---A- . (...) -- C:\WINDOWS\system32\LoopyMusic.wav [940794]
O44 - LFC:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 16/10/2013 - 14:40:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\AsInsHelp32.sys [10216]
O44 - LFC:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 16/10/2013 - 14:40:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\AsInsHelp64.sys [11832]
O44 - LFC:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] - 16/10/2013 - 14:40:13 R--A- . (...) -- C:\WINDOWS\system32\Drivers\AsIO.sys [12400]
O44 - LFC:[MD5.212F87EE837B4E35E43A93BBFC44E7A7] - 16/10/2013 - 14:40:13 R--A- . (.Pas de propriétaire - AsIO DLL.) -- C:\WINDOWS\system32\AsIO.dll [24576]
O44 - LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] - 16/10/2013 - 15:33:23 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1896]
O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 16/10/2013 - 15:33:23 ---A- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [3072]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 16/10/2013 - 15:33:28 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 16/10/2013 - 15:33:34 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 16/10/2013 - 15:33:37 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 16/10/2013 - 15:33:41 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 16/10/2013 - 15:33:45 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 16/10/2013 - 15:33:48 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 15:36:13 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/10/2013 - 15:39:58 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.E6976980F6A8AF277850580F9E883334] - 16/10/2013 - 16:22:26 ---A- . (...) -- C:\WINDOWS\system32\wpa.bak [13688]
O44 - LFC:[MD5.F69E47705350A9A147B7561DCCD3AD64] - 16/10/2013 - 18:17:15 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [23016]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 16/10/2013 - 18:17:32 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 16/10/2013 - 18:17:32 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 16/10/2013 - 18:17:32 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 16/10/2013 - 18:17:32 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 16/10/2013 - 18:17:32 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 16/10/2013 - 18:17:32 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 16/10/2013 - 18:17:36 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 16/10/2013 - 18:17:36 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 16/10/2013 - 18:18:05 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 16/10/2013 - 18:18:15 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 16/10/2013 - 18:18:15 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.9F22340864280CAEF375BB43B5E9C799] - 16/10/2013 - 18:19:58 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [288]
O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 16/10/2013 - 18:51:56 ----- . (...) -- C:\ntldr [252240]
O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 16/10/2013 - 18:52:04 ----- . (...) -- C:\WINDOWS\system32\Drivers\ativmc20.cod [64352]
O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 16/10/2013 - 18:52:04 ----- . (...) -- C:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045]
O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 16/10/2013 - 18:52:04 ----- . (...) -- C:\WINDOWS\system32\Drivers\netwlan5.img [67866]
O44 - LFC:[MD5.A408398F783A9DBFEB0C7B76F5DBF901] - 16/10/2013 - 18:58:53 ---A- . (...) -- C:\WINDOWS\system32\spupdwxp.log [259]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 16/10/2013 - 18:59:12 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.DDB9B5C1CE074274D74B8A7910C97208] - 16/10/2013 - 19:01:58 ---A- . (...) -- C:\WINDOWS\system32\msdvbnp.ax [52224]
O44 - LFC:[MD5.5319BF20F48884E594F84097A600424B] - 16/10/2013 - 19:01:58 ---A- . (...) -- C:\WINDOWS\system32\psisdecd.dll [354816]
O44 - LFC:[MD5.E93D7D262A33D14AEF13398AB83FE08B] - 16/10/2013 - 19:01:58 ---A- . (...) -- C:\WINDOWS\system32\psisrndr.ax [30208]
O44 - LFC:[MD5.40C03F83C21D3D8F2634EF7879755773] - 16/10/2013 - 19:22:03 ----- . (...) -- C:\RHDSetup.log [573]
O44 - LFC:[MD5.2907011680E6EFEC615CD8873A897F12] - 16/10/2013 - 19:25:48 ---A- . (...) -- C:\WINDOWS\Ascd_tmp.ini [38073]
O44 - LFC:[MD5.70509087597627A322EA5882512958EC] - 16/10/2013 - 19:30:19 ---A- . (...) -- C:\WINDOWS\setup.iss [670]
O44 - LFC:[MD5.32A1C6071532FB086A1F705F20BBE727] - 16/10/2013 - 19:30:34 ---A- . (...) -- C:\WINDOWS\Ascd_log.ini [38464]
O44 - LFC:[MD5.7017E85C07D36E624D78232433B1A724] - 17/10/2013 - 06:21:00 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6144]
O44 - LFC:[MD5.9C1DAF23C0CD86BCCC5B5FA0F630AB03] - 17/10/2013 - 06:48:30 ---A- . (...) -- C:\WINDOWS\system32\lvcoinst.log [2497]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 17/10/2013 - 07:28:07 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.5B8F9069273361E81D610962C7901BD6] - 17/10/2013 - 07:28:07 ---A- . (...) -- C:\WINDOWS\win.ini [477]
O44 - LFC:[MD5.69302A2BF605522B06CE7D7928434998] - 19/10/2013 - 12:06:22 ----- . (...) -- C:\RstAssociations.txt [669]
O44 - LFC:[MD5.A50E10B5380F277C90CF0FBA4341678E] - 20/10/2013 - 08:31:25 ----- . (...) -- C:\UsbFix [Clean 2] MAURICETTE.txt [4428]
O44 - LFC:[MD5.388A9F58C76174D4CC7022D0C050D01A] - 20/10/2013 - 14:59:01 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [179326]
O44 - LFC:[MD5.CD8F3C8A9E405BDB35A7CD49279DA093] - 20/10/2013 - 15:05:05 ----- . (...) -- C:\UsbFix [Scan 1] MAURICETTE.txt [2807]
O44 - LFC:[MD5.FA5E9BA6438D641B6EB4047615B3A232] - 20/10/2013 - 15:11:21 ---A- . (...) -- C:\UsbFix [Clean 1] MAURICETTE.txt [5331]
O44 - LFC:[MD5.9BD5156B98D5B3823CEC04FCAEC7F1E4] - 20/10/2013 - 15:34:49 ---A- . (...) -- C:\UsbFix [Scan 2] MAURICETTE.txt [4558]
O44 - LFC:[MD5.DAA64C767C30EDEB7F5E0BDFAE6CE2EC] - 20/10/2013 - 15:44:55 ---A- . (...) -- C:\WINDOWS\system32\ativvaxx.cap [54376]
O44 - LFC:[MD5.DD86E6B8628A07F253A1E04228609E47] - 20/10/2013 - 15:45:18 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.95DD4D20614213001A323D5D7A029305] - 20/10/2013 - 15:45:18 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
~ Files: 470 Legitimates Filtered in 00mn 52s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.53943FD0D53082D794A232E8849EB736] - 18/10/2013 - 15:19:50 ---A- - C:\WINDOWS\Prefetch\CREXTP8H.EXE-1674F5B6.pf
O45 - LFCP:[MD5.8D13446A66750D109F6637DF44EB15E1] - 18/10/2013 - 15:36:38 ---A- - C:\WINDOWS\Prefetch\8HSRCHMN.EXE-119C4D72.pf
O45 - LFCP:[MD5.DCCD3CCBCE13EF191EAE0CCA2668DE26] - 18/10/2013 - 18:52:16 ---A- - C:\WINDOWS\Prefetch\INS50.TMP-27D3581E.pf
O45 - LFCP:[MD5.86C57A7E2C8CBDF200C8EFD628E02795] - 18/10/2013 - 18:52:17 ---A- - C:\WINDOWS\Prefetch\BUBBLESHOOTER.EXE-10615A56.pf
O45 - LFCP:[MD5.54DD9F41BEBE0D857F730C6A83A4C2AC] - 19/10/2013 - 12:06:07 ---A- - C:\WINDOWS\Prefetch\RSTASSOCIATIONS[1].SCR-3A5A704A.pf
O45 - LFCP:[MD5.B2BD4AD4F61D226AD1E5BA3659510D2E] - 19/10/2013 - 12:31:00 ---A- - C:\WINDOWS\Prefetch\WEDOWNLOAD MANAGER-CODEDOWNLO-0A55EBB7.pf =>PUP.weDownloadManager
O45 - LFCP:[MD5.E4474629974B433E51C62D038F457711] - 19/10/2013 - 12:31:00 ---A- - C:\WINDOWS\Prefetch\WEDOWNLOAD MANAGER-ENABLER.EX-120BAD7B.pf =>PUP.weDownloadManager
O45 - LFCP:[MD5.AA0F9C5962D5E5E7B895B24F2E785AD5] - 19/10/2013 - 12:31:01 ---A- - C:\WINDOWS\Prefetch\WEDOWNLOAD MANAGER-UPDATER.EX-07FBE0BE.pf =>PUP.weDownloadManager
O45 - LFCP:[MD5.F9676D3CB71FC15CE8D32DC57295892D] - 19/10/2013 - 13:55:27 ---A- - C:\WINDOWS\Prefetch\TESTDISK_WIN.EXE-05467CD9.pf
O45 - LFCP:[MD5.C32418489A96C5F61C0F468266DEB7EC] - 19/10/2013 - 16:13:00 ---A- - C:\WINDOWS\Prefetch\DUUQUCRASHHANDLER.EXE-30FB2A3D.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.FDD485D00B924EC295FEFE674344FF60] - 19/10/2013 - 16:26:24 ---A- - C:\WINDOWS\Prefetch\NSH11.EXE-13DC7AE2.pf
O45 - LFCP:[MD5.852701B68E91C97997643431846D96C1] - 19/10/2013 - 16:26:39 ---A- - C:\WINDOWS\Prefetch\CLTMNGSVC.EXE-147F4578.pf
O45 - LFCP:[MD5.C81FF7EE250D00BE66B5931CE199DF6E] - 19/10/2013 - 16:26:39 ---A- - C:\WINDOWS\Prefetch\SPRUNNER.EXE-0FC6701B.pf
O45 - LFCP:[MD5.0A42B8784AED55C09BA54B64CAB13FF7] - 19/10/2013 - 16:27:06 ---A- - C:\WINDOWS\Prefetch\UTILS.EXE-3105085B.pf
O45 - LFCP:[MD5.2628B1DFB7793B12957C22EE972C9D2C] - 19/10/2013 - 16:27:10 ---A- - C:\WINDOWS\Prefetch\WEDOWNLOAD MANAGER-ENABLER.EX-1248A1AC.pf =>PUP.weDownloadManager
O45 - LFCP:[MD5.8D9B097028A5C8A659A1F917CD56E609] - 19/10/2013 - 16:57:36 ---A- - C:\WINDOWS\Prefetch\SIXENGINE.EXE-2D5C0F37.pf
O45 - LFCP:[MD5.072EE8F2AE7AA62E5BCB9C6BB6C57C60] - 20/10/2013 - 00:38:52 ---A- - C:\WINDOWS\Prefetch\BUBBLE SHOOTER V1.0.EXE-0288F0BA.pf
O45 - LFCP:[MD5.C53496D2C0AB35645AE72154B93FDF68] - 20/10/2013 - 06:35:01 ---A- - C:\WINDOWS\Prefetch\OPEN-CONFIG[1].EXE-2242C86C.pf
O45 - LFCP:[MD5.F980B62E20AFB2E224C3F332E2C57E0C] - 20/10/2013 - 09:52:16 ---A- - C:\WINDOWS\Prefetch\SHANGHAI_DYNASTY.EXE-0A9EB5D2.pf
O45 - LFCP:[MD5.CCB7D3CA1B546C3D14568F8109846CFD] - 20/10/2013 - 15:30:22 ---A- - C:\WINDOWS\Prefetch\GO.EXE-39722D3E.pf
O45 - LFCP:[MD5.F184BBA0072D0C537E0084CCEAC6122E] - 20/10/2013 - 15:37:36 ---A- - C:\WINDOWS\Prefetch\SIGCHECK.COM-3573C390.pf
~ Prefetcher: 125 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\serge\Local Settings\Temporary Internet Files\Content.IE5\007XON4V\pjjoint_uploader[1].exe" [Enabled] .(...) -- C:\Documents and Settings\serge\Local Settings\Temporary Internet Files\Content.IE5\007XON4V\pjjoint_uploader[1].exe (.not file.)
~ Keys Export: 7 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 11:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk [724]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [742]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20130910160258 [10]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\addons.sqlite [524288]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\blocklist.xml [81365]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\bookmarkbackups\bookmarks-2013-10-17.json [3197]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\content-prefs.sqlite [229376]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\formhistory.sqlite [196608]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\healthreport.sqlite [1146880]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\indexedDB\chrome\.metadata [0]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\indexedDB\chrome\idb\2588645841ssegtnti.sqlite [524288]
O61 - LFC: 17/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\mimeTypes.rdf [3772]
O61 - LFC: 17/10/2013 - 16:49:42 -S-A- . (...) -- C:\Documents and Settings\serge\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1060284298-515967899-839522115-1004\d8558b504e8dac7fdb78814eb7e88dcf_9b94b40f-e7dd-45c5-a95c-344c85121b00 [46]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\permissions.sqlite [65536]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\prefs.js.bak [6069]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\prefs.js.new [6071]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\secmod.db [16384]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\signons.sqlite [327680]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\times.json [29]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\nettoyeurs\Avira Control Center.lnk [1707]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\nettoyeurs\Avira Free Antivirus 2013 - Le blog de jaime.over-blog.fr.url [317]
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\nettoyeurs\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 17/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\nettoyeurs\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 17/10/2013 - 16:49:53 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\VLC media player.lnk [719] =>.VideoLAN
O61 - LFC: 17/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Favoris\Sites Web Microsoft\Microsoft Store.url [134]
O61 - LFC: 17/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url [133]
O61 - LFC: 17/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt [6525]
O61 - LFC: 17/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Mes documents\cc_20131017_092109.reg [12084]
O61 - LFC: 17/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Mes documents\cc_20131017_092126.reg [288]
O61 - LFC: 18/10/2013 - 16:49:39 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\FunnyGames\site.ico [24870]
O61 - LFC: 18/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\jeux\Bubble Shooter.lnk [823]
O61 - LFC: 18/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\jeux\Shanghai Dynasty.lnk [1901]
O61 - LFC: 18/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\jeux\Spider Solitaire.lnk [1496]
O61 - LFC: 18/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\Foxit Reader.lnk [791]
O61 - LFC: 18/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Favoris\Bubble Shooter.url [4523]
O61 - LFC: 18/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Favoris\PC Astuces Aide Informatique.url [3768]
O61 - LFC: 18/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [18128]
O61 - LFC: 18/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat [8728]
O61 - LFC: 18/10/2013 - 16:49:56 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [7010]
O61 - LFC: 18/10/2013 - 16:49:57 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{26125700-00FB-4911-A1AE-6654F9E72460}.ico [1150]
O61 - LFC: 18/10/2013 - 16:49:57 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{BD3873E9-FC9B-41E3-ADAF-9C7CC26DF3A5}.ico [5430]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Menu Démarrer\Programmes\FunnyGames\FunnyGames.lnk [1452]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Menu Démarrer\Programmes\FunnyGames\Shanghai Dynasty.lnk [1917]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Mes documents\cc_20131018_175958.reg [1774]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Report.html [137]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\SendTo\disque D.lnk [275]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\SendTo\disque E.lnk [275]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\SendTo\disque F.lnk [129]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\SendTo\disque ext H.lnk [129]
O61 - LFC: 18/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\SendTo\graveur J.lnk [145]
O61 - LFC: 19/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Microsoft\Windows\Themes\Custom.theme [8234]
O61 - LFC: 19/10/2013 - 16:49:42 -SHA- . (...) -- C:\Documents and Settings\serge\Application Data\Microsoft\Internet Explorer\Desktop.htt [2698]
O61 - LFC: 19/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\vlc\ml.xspf [304]
O61 - LFC: 19/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\vlc\vlcrc [83997]
O61 - LFC: 19/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\63\cygwin [1534]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\caméscope\PRG005\MOV00A.MOD [13959168]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\Get_Files.cmd [5096]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\Help.htm [3201]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\RESET.cmd [103]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\ReadMe.txt [759]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\SCRIPTS\Start_INF.dat [559]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\SCRIPTS\StaticINF.dat [1259]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\start.inf [559]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\BartPE\testdisk_nu2menu.xml [607]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\WinBuilder\Help.htm [3062]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\WinBuilder\ReadMe.txt [812]
O61 - LFC: 19/10/2013 - 16:49:44 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\utilitaires\testdisk-6.14.win\testdisk-6.14\plugins\WinBuilder\TestDisk.script [4887]
O61 - LFC: 19/10/2013 - 16:49:57 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat [7328]
O61 - LFC: 19/10/2013 - 16:49:57 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp [17842230]
O61 - LFC: 19/10/2013 - 16:50:02 ---A- . (...) -- C:\Documents and Settings\serge\Menu Démarrer\Programmes\Accessoires\Bloc-notes.lnk [1519] =>.Microsoft Corporation
O61 - LFC: 19/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Mes documents\fichier.reg [86]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Microsoft\Internet Explorer\UserData\RKUVDNU8\YL[1].xml [98]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\bookmarkbackups\bookmarks-2013-10-20.json [3197]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\cert8.db [98304]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\cookies.sqlite [524288]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\downloads.sqlite [98304]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\extensions.sqlite [458752]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\key3.db [16384]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\localstore.rdf [3294]
O61 - LFC: 20/10/2013 - 16:49:42 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\parent.lock [0]
O61 - LFC: 20/10/2013 - 16:49:42 -SHA- . (...) -- C:\Documents and Settings\serge\Application Data\Microsoft\Internet Explorer\UserData\index.dat [32768]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\places.sqlite [10485760]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\pluginreg.dat [4429]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\prefs.js [7110]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\search.json [12858]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\sessionstore.bak [158613]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\sessionstore.js [162648]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\urlclassifierkey3.txt [154]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\webapps\webapps.json [2]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\webappsstore.sqlite [131072]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\ZHP\Log.txt [66470] =>.Nicolas Coolman
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Application Data\ZHP\TestsZHPDiag.txt [3190] =>.Nicolas Coolman
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\SosVirus Forum Gratuit.lnk [1761]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\UsbFix Faire un Don.lnk [1777]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\nettoyeurs\Malekal's forum • Open-config Programmes utiles.url [2700]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\nettoyeurs\SosVirus Forum Gratuit.lnk [1761]
O61 - LFC: 20/10/2013 - 16:49:43 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\nettoyeurs\UsbFix - Télécharger UsbFix (Gratuit).url [186]
O61 - LFC: 20/10/2013 - 16:49:53 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 20/10/2013 - 16:49:53 ---A- . (...) -- C:\Documents and Settings\serge\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 20/10/2013 - 16:49:56 -SHA- . (...) -- C:\Documents and Settings\serge\IETldCache\index.dat [262144]
O61 - LFC: 20/10/2013 - 16:50:00 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\startupCache\startupCache.4.little [1204230]
O61 - LFC: 20/10/2013 - 16:50:01 ---A- . (...) -- C:\Documents and Settings\serge\Local Settings\Application Data\Mozilla\Firefox\Profiles\p8d2c7fm.default\_CACHE_CLEAN_ [1]
O61 - LFC: 20/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Mes documents\UsbFix [Scan 2] MAURICETTE.txt [4558]
O61 - LFC: 20/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Mes documents\cc_20131016_210743.reg [2214]
O61 - LFC: 20/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Recent\AdwCleaner.lnk [393]
O61 - LFC: 20/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Recent\AdwCleaner[S1].txt.lnk [566]
O61 - LFC: 20/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Recent\Disque local (C).lnk [293]
O61 - LFC: 20/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Recent\UsbFix [Clean 2] MAURICETTE.txt.lnk [528]
O61 - LFC: 20/10/2013 - 16:50:03 ---A- . (...) -- C:\Documents and Settings\serge\Recent\UsbFix [Scan 2] MAURICETTE.txt.lnk [657]
O61 - LFC: 20/10/2013 - 16:50:03 -SHA- . (...) -- C:\Documents and Settings\serge\PrivacIE\index.dat [2260992]
~ 28 Fichiers temporaires (Temporary files)
~ 259 Fichiers cookies (Cookies files)
~ Files: 712 Legitimates Filtered in 00mn 23s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - .) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (...) -- shell32.dll
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (...) -- shell32.dll
~ FASS Keys: 16 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {26125700-00FB-4911-A1AE-6654F9E72460} [DefaultScope] - (Jmalaya LiveTV Customized Web Search) -
O69 - SBI: SearchScopes [HKCU] {BD3873E9-FC9B-41E3-ADAF-9C7CC26DF3A5} - (Google) -
~ Keys: Scanned in 00mn 00s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 17/10/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 17/10/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/09/2008 581632 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Auto 10/09/2008 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
~ Services: Scanned in 00mn 04s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
Run by serge at 20/10/2013 16:50:30

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8A6AEAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13,
Run by serge at 20/10/2013 16:50:32

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (20/10/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}] =>Adware.Allin1Convert
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}] =>Adware.Allin1Convert
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] =>Adware.Allin1Convert
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] =>Adware.Allin1Convert
C:\WINDOWS\Tasks\Allyrics-16-codedownloader.job =>Adware.AddLyrics^
C:\WINDOWS\Tasks\Allyrics-16-enabler.job =>Adware.AddLyrics^
C:\WINDOWS\Tasks\Allyrics-16-updater.job =>Adware.AddLyrics^
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager^
~ Additionnel Scan: 109147 Items scanned in 00mn 10s



---\\ Récapitulatif des détections trouvées sur votre station
~ =>Adware.AddLyrics
~ =>PUP.weDownloadManager
~ =>Toolbar.DeltaSearch
~ =>Adware.MyWebSearch
~ =>Adware.Allin1Convert
~ MSI: 5 link(s) detected in 00mn 10s



~ 1997 Legitimates filtered by white list
End of the scan (670 lines in 02mn 21s)(0)
[/attachment]
Avatar du membre
par inès
#12185
et les usbfix
[attachment=]############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: serge (Administrateur) # MAURICETTE
Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à 16:30:35 | 20/10/2013

Site Web:
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact:

PC: ASUSTeK Computer INC. (P5Q-PRO)
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
RAM -> [Total : 3327 | Free : 2635]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP à‰dition familiale (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) - 77%) [] # NTFS
D:\ -> Disque fixe # 184 Go (183 Go libre(s) - 100%) [] # NTFS
E:\ -> Disque fixe # 176 Go (77 Go libre(s) - 44%) [] # NTFS
F:\ -> Disque fixe # 290 Go (290 Go libre(s) - 100%) [Disque local ] # NTFS
J:\ -> CD-ROM
O:\ -> Disque fixe # 466 Go (367 Go libre(s) - 79%) [disque ext ] # NTFS

################## | Processus Actif |

C:\WINDOWS\System32\smss.exe (ID 444 |ParentID 4)
C:\WINDOWS\system32\winlogon.exe (ID 748 |ParentID 444)
C:\WINDOWS\system32\services.exe (ID 792 |ParentID 748)
C:\WINDOWS\system32\lsass.exe (ID 804 |ParentID 748)
C:\WINDOWS\system32\Ati2evxx.exe (ID 1008 |ParentID 792)
C:\WINDOWS\system32\svchost.exe (ID 1044 |ParentID 792)
C:\WINDOWS\System32\svchost.exe (ID 1212 |ParentID 792)
C:\WINDOWS\system32\Ati2evxx.exe (ID 1424 |ParentID 748)
C:\WINDOWS\system32\spoolsv.exe (ID 1620 |ParentID 792)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID 1656 |ParentID 792)
C:\WINDOWS\Explorer.EXE (ID 1924 |ParentID 1904)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 124 |ParentID 116)
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (ID 136 |ParentID 1924)
C:\WINDOWS\RTHDCPL.EXE (ID 148 |ParentID 1924)
C:\Program Files\ASUS\Six Engine\SixEngine.exe (ID 128 |ParentID 1924)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID 164 |ParentID 1924)
C:\WINDOWS\system32\ctfmon.exe (ID 172 |ParentID 1924)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID 408 |ParentID 792)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 564 |ParentID 792)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ID 1376 |ParentID 124)
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID 1472 |ParentID 792)
C:\WINDOWS\system32\svchost.exe (ID 1724 |ParentID 792)
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID 1876 |ParentID 1472)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID 4036 |ParentID 408)
C:\WINDOWS\System32\svchost.exe (ID 3228 |ParentID 792)
C:\Program Files\Internet Explorer\iexplore.exe (ID 908 |ParentID 1924)
C:\Program Files\Internet Explorer\iexplore.exe (ID 868 |ParentID 908)
C:\UsbFix\Go.exe (ID 2908 |ParentID 1924)
C:\UsbFix\Go.exe (ID 3456 |ParentID 1924)
C:\WINDOWS\system32\wscntfy.exe (ID 2632 |ParentID 1212)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
HKLM\SOFTWARE | Run : [Six Engine] - "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-1060284298-515967899-839522115-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | à‰léments infectieux |


################## | Registre |



################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
O:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | - https://www.sosvirus.net |
[attachment] [attachment=]############################## | UsbFix V 7.145 | [Recherche]

Utilisateur: serge (Administrateur) # MAURICETTE
Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à 09:25:10 | 20/10/2013

Site Web:
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact:

PC: ASUSTeK Computer INC. (P5Q-PRO)
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
RAM -> [Total : 3327 | Free : 2558]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP à‰dition familiale (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) - 78%) [] # NTFS
D:\ -> Disque fixe # 184 Go (183 Go libre(s) - 100%) [] # NTFS
E:\ -> Disque fixe # 176 Go (77 Go libre(s) - 44%) [] # NTFS
F:\ -> Disque fixe # 290 Go (290 Go libre(s) - 100%) [Disque local ] # NTFS
J:\ -> CD-ROM
O:\ -> Disque fixe # 466 Go (367 Go libre(s) - 79%) [disque ext ] # NTFS

################## | Processus Actif |

C:\WINDOWS\System32\smss.exe (ID 444 |ParentID 4)
C:\WINDOWS\system32\winlogon.exe (ID 740 |ParentID 444)
C:\WINDOWS\system32\services.exe (ID 784 |ParentID 740)
C:\WINDOWS\system32\lsass.exe (ID 796 |ParentID 740)
C:\WINDOWS\system32\Ati2evxx.exe (ID 980 |ParentID 784)
C:\WINDOWS\system32\svchost.exe (ID 1000 |ParentID 784)
C:\WINDOWS\System32\svchost.exe (ID 1168 |ParentID 784)
C:\WINDOWS\system32\Ati2evxx.exe (ID 1424 |ParentID 740)
C:\WINDOWS\system32\spoolsv.exe (ID 1568 |ParentID 784)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID 1624 |ParentID 784)
C:\WINDOWS\Explorer.EXE (ID 1892 |ParentID 1860)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2012 |ParentID 2004)
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (ID 2020 |ParentID 1892)
C:\WINDOWS\RTHDCPL.EXE (ID 2028 |ParentID 1892)
C:\Program Files\ASUS\Six Engine\SixEngine.exe (ID 2044 |ParentID 1892)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID 132 |ParentID 1892)
C:\WINDOWS\system32\ctfmon.exe (ID 144 |ParentID 1892)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ID 392 |ParentID 2012)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID 1272 |ParentID 784)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 1472 |ParentID 784)
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID 1840 |ParentID 784)
C:\WINDOWS\system32\svchost.exe (ID 1404 |ParentID 784)
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID 2112 |ParentID 1840)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID 3120 |ParentID 1272)
C:\WINDOWS\System32\svchost.exe (ID 2872 |ParentID 784)
C:\Program Files\Internet Explorer\iexplore.exe (ID 1300 |ParentID 1892)
C:\Program Files\Internet Explorer\iexplore.exe (ID 1800 |ParentID 1300)
C:\WINDOWS\system32\wuauclt.exe (ID 2736 |ParentID 1168)
C:\Program Files\Internet Explorer\iexplore.exe (ID 3572 |ParentID 1300)
C:\UsbFix\Go.exe (ID 1248 |ParentID 120)
C:\WINDOWS\system32\wscntfy.exe (ID 4064 |ParentID 1168)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
HKLM\SOFTWARE | Run : [Six Engine] - "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-1060284298-515967899-839522115-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | à‰léments infectieux |


################## | Registre |



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | - https://www.sosvirus.net |
[/attachement]
Avatar du membre
par El Desaparecido
#12187
Hello Inès :hello: ,

Bienvenue sur SosVirus :welcome:
j'ai voulu sauver des fichiers dans le disque externe, ils sont devenus des raccourcis .lnk
C'est donc le disque O qui est concerné ?
Avatar du membre
par El Desaparecido
#12192
Avec le disque O connecté et allumé, éxécute UsbFix option listing et post le rapport en réponse stp ( copié - collé )
Avatar du membre
par inès
#12193
voici le listing
############################## | UsbFix V 7.145 | [Listing]

Utilisateur: serge (Administrateur) # MAURICETTE
Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à 19:03:09 | 20/10/2013

Site Web:
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact:

PC: ASUSTeK Computer INC. (P5Q-PRO)
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
RAM -> [Total : 3327 | Free : 2499]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows XP à‰dition familiale (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) - 77%) [] # NTFS
D:\ -> Disque fixe # 184 Go (183 Go libre(s) - 100%) [] # NTFS
E:\ -> Disque fixe # 176 Go (77 Go libre(s) - 44%) [] # NTFS
F:\ -> Disque fixe # 290 Go (290 Go libre(s) - 100%) [Disque local ] # NTFS
J:\ -> CD-ROM
O:\ -> Disque fixe # 466 Go (367 Go libre(s) - 79%) [disque ext ] # NTFS

################## | Listing |

[20/10/2013 - 16:46:07 | D ] C:\AdwCleaner
[16/10/2013 - 14:44:36 | N | 0] C:\AUTOEXEC.BAT
[20/10/2013 - 16:11:21 | RASHD ] C:\Autorun.inf
[17/10/2013 - 11:06:38 | N | 218] C:\boot.ini
[05/08/2004 - 14:00:00 | N | 4952] C:\Bootfont.bin
[16/10/2013 - 14:44:36 | N | 0] C:\CONFIG.SYS
[20/10/2013 - 09:47:05 | D ] C:\Documents and Settings
[16/10/2013 - 15:16:46 | D ] C:\Intel
[16/10/2013 - 14:44:36 | N | 0] C:\IO.SYS
[16/10/2013 - 14:44:36 | N | 0] C:\MSDOS.SYS
[05/08/2004 - 14:00:00 | N | 47564] C:\NTDETECT.COM
[16/10/2013 - 19:51:56 | N | 252240] C:\ntldr
[20/10/2013 - 16:44:50 | ASH | 2145386496] C:\pagefile.sys
[20/10/2013 - 16:50:30 | A | 512] C:\PhysicalDisk0_MBR.bin
[20/10/2013 - 16:43:29 | D ] C:\Program Files
[20/10/2013 - 16:07:43 | SHD ] C:\RECYCLER
[16/10/2013 - 20:22:03 | N | 573] C:\RHDSetup.log
[19/10/2013 - 13:06:22 | N | 669] C:\RstAssociations.txt
[16/10/2013 - 19:21:38 | SHD ] C:\System Volume Information
[20/10/2013 - 19:03:11 | D ] C:\UsbFix
[20/10/2013 - 16:11:21 | A | 5331] C:\UsbFix [Clean 1] MAURICETTE.txt
[20/10/2013 - 09:31:25 | N | 4428] C:\UsbFix [Clean 2] MAURICETTE.txt
[20/10/2013 - 19:03:17 | A | 2368] C:\UsbFix [Listing 1 ] MAURICETTE.txt
[20/10/2013 - 16:05:05 | N | 2807] C:\UsbFix [Scan 1] MAURICETTE.txt
[20/10/2013 - 16:34:49 | A | 4558] C:\UsbFix [Scan 2] MAURICETTE.txt
[20/10/2013 - 09:46:54 | D ] C:\WINDOWS
[20/10/2013 - 16:11:21 | RASHD ] D:\Autorun.inf
[17/10/2013 - 14:48:52 | D ] D:\factures
[18/10/2013 - 16:58:12 | D ] D:\jeux
[17/10/2013 - 14:49:39 | D ] D:\ma musique
[16/10/2013 - 10:06:26 | N | 389] D:\Raccourci vers Article marine.pdf.lnk
[20/10/2013 - 16:07:44 | SHD ] D:\RECYCLER
[16/10/2013 - 09:16:29 | N | 5282] D:\Slipstreaming avec nLite.url
[17/10/2013 - 07:28:50 | SHD ] D:\System Volume Information
[19/10/2013 - 18:09:29 | D ] D:\tutos
[20/10/2013 - 16:11:21 | RASHD ] E:\Autorun.inf
[17/10/2013 - 14:48:16 | D ] E:\caméscope
[17/10/2013 - 14:54:55 | D ] E:\mes photos
[17/10/2013 - 13:23:44 | D ] E:\mes vidéos
[19/10/2013 - 18:15:37 | D ] E:\MyWorks
[16/10/2013 - 10:06:26 | N | 304] E:\PC Astuces - Couper une vidéo.url
[20/10/2013 - 16:07:44 | SHD ] E:\RECYCLER
[16/10/2013 - 19:48:37 | SHD ] E:\System Volume Information
[20/10/2013 - 16:11:21 | RASHD ] F:\Autorun.inf
[20/10/2013 - 16:07:44 | SHD ] F:\RECYCLER
[19/10/2013 - 17:56:27 | SHD ] F:\System Volume Information
[20/10/2013 - 16:11:21 | RASHD ] O:\Autorun.inf
[16/10/2013 - 10:27:44 | D ] O:\caméscope
[28/04/2013 - 07:10:07 | D ] O:\factures
[29/05/2009 - 11:15:43 | D ] O:\impots
[15/02/2010 - 15:56:51 | D ] O:\ma musique
[15/10/2013 - 12:57:57 | D ] O:\mes photos
[16/10/2013 - 10:05:15 | D ] O:\mes vidéos
[20/10/2013 - 16:07:44 | SHD ] O:\RECYCLER
[19/10/2013 - 18:19:59 | D ] O:\récupération
[16/10/2013 - 15:03:47 | SHD ] O:\System Volume Information
[14/04/2012 - 18:44:17 | RASH | 8192] O:\Thumbs.db

################## | E.O.F |
Avatar du membre
par El Desaparecido
#12195
Re ,

Que je comprenne bien, depuis que tu as fait UsbFix option suppression :
[20/10/2013 - 16:11:21 | A | 5331] C:\UsbFix [Clean 1] MAURICETTE.txt
[20/10/2013 - 09:31:25 | N | 4428] C:\UsbFix [Clean 2] MAURICETTE.txt
Le disque 0 va bien ou il y a toujours des soucis ?

Salut, :D Je l'ai installé sur mon PC, j[…]

Suspicion de virus crypto

Ok bonne route :)

Problème avec Adsfix

bonsoir ok , à te lire prochainement :)

suspicion de contamination

ok très bien, merci