Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#14672
Bonsoir à  tous !

J'ai depuis quelques temps un gros soucis avec mon pc et mes clés usb : tout les fichiers sont remplacés par des raccourcis pointant vers Windows\system32, les fichiers activator.vbs et ItunesHelper.vbe apparaissent constamment sur mes clés alors que je viens juste de les formater...

J'ai également découvert, suite à  mes pérégrinations sur le net, qu'un processus "wsscript.exe" tournait sur mon pc (et cela semble lié à  au virus activator.vbs). Je n'y ai pas encore touché, je préfère recevoir les bons conseils que vous me donnerez :).

à€ cela, des dossiers "cachés" (j'ai activé l'option de montrer les dossiers cachés) sont apparus dans mes documents, en néerlandais ("mijn muziek" par exemple).

J'ai utilisé les 3programmes recommandé par le topic des instructions à  suivre avant d'ouvrir un sujet (malwarebytes a dégoté une bonne centaine de virus qu'il a éliminé, je l'ai fait tourné plusieurs fois, mais il n'a pas eu le virus dont je vous parle ici). Je mets à  la suite de ce message les 3rapports venant des différents programmes :

Code: Tout sélectionner
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
https://www.malwarebytes.org

Version de la base de données: v2013.11.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Anaà¯s :: ANAàS-HP [administrateur]

Protection: Activé

5/11/2013 18:06:12
mbam-log-2013-11-05 (18-06-12).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 211472
Temps écoulé: 9 minute(s), 47 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 3
C:\Users\Anaà¯s\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Suppression au redémarrage.
C:\Users\Anaà¯s\AppData\Roaming\Babylon\Content (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Anaà¯s\AppData\Roaming\Babylon\updates (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 5
C:\Users\Anaà¯s\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Suppression au redémarrage.
C:\Users\Anaà¯s\AppData\Roaming\Babylon\FLStat.dat (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Anaà¯s\AppData\Roaming\Babylon\ocr_data (PUP.Optional.Babylon.A) -> Suppression au redémarrage.
C:\Users\Anaà¯s\AppData\Roaming\Babylon\updates\convert.dat (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Anaà¯s\AppData\Roaming\Babylon\updates\rates.dat (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.

(fin)
Code: Tout sélectionner
# AdwCleaner v3.011 - Rapport créé le 05/11/2013 à  20:18:57
# Mis à  jour le 03/11/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Anaà¯s - ANAàS-HP
# Exécuté depuis : C:\Users\Anaà¯s\Desktop\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa

***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v11.0 (fr)

[ Fichier : C:\Users\Anaà¯s\AppData\Roaming\Mozilla\Firefox\Profiles\ile1jawy.default\prefs.js ]


-\\ Google Chrome v

[ Fichier : C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : icon_url
Supprimée : search_url
Supprimée : keyword

*************************

AdwCleaner[R0].txt - [33865 octets] - [05/11/2013 19:02:35]
AdwCleaner[R1].txt - [1262 octets] - [05/11/2013 20:16:51]
AdwCleaner[S0].txt - [33287 octets] - [05/11/2013 19:06:40]
AdwCleaner[S1].txt - [1168 octets] - [05/11/2013 20:18:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1228 octets] ##########
Code: Tout sélectionner
~ Rapport de ZHPDiag v2013.11.4.4 - Nicolas Coolman (4/11/2013)
~ Lancé par Anaà¯s (5/11/2013 19:31:08)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à  la désinfection : https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 11.0

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Norton Internet Security v20.4.0.40
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
µTorrent v3.2.0 =>P2P.µTorrent

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 40

---\\ Informations sur le système
~ Processor: AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3561 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 435 GB (75%) free of 574 GB

---\\ Mode de connexion au système
~ Computer Name: ANAàS-HP
~ User Name: Anaà¯s
~ All Users Names: HomeGroupUser$, Anaà¯s, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Anaà¯s\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Anaà¯s\AppData\Roaming\
~ %Desktop% : C:\Users\Anaà¯s\Desktop\
~ %Favorites% : C:\Users\Anaà¯s\Favorites\
~ %LocalAppData% : C:\Users\Anaà¯s\AppData\Local\
~ %StartMenu% : C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 435 Go of 574 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 18 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 4 Go)
F: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.6/08/2011 - 09:38:46.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/09/2011 - 10:38:56.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/839
~ Mes musiques (My Musics) : 5/3047
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 1/307
~ Mon Bureau (My Desktop) : 1/1779
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 13s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2456]
[MD5.1BF9D6476061B31CD7FC2BF848529A56] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368] [PID.2432]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Anaà¯s\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.3648]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.1100]
[MD5.CBEC06E32D0AC9C3D0A9199EDC1FB959] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928] [PID.1924]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.4784]
[MD5.53966C74A69B0CFE51C8BF01C94028F3] - (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504] [PID.192]
[MD5.EF7BCAA82ECE5454B69812484E5D28FF] - (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784] [PID.3516]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2712]
[MD5.8192B2E274607D1D530F5C191698C544] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944] [PID.848]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.4836]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4824]
[MD5.DD347CAFA07433B19C2519E2211955E6] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe [368640] [PID.3024]
[MD5.0C7474BF89FED0FB3D455D5967C7F8F8] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe [1277952] [PID.5584]
[MD5.89BECCA60E9A652934D65EDB72A438A4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8174080] [PID.1096]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1820]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2004]
[MD5.4C4A576818EA028257C624AE36FF7A03] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400] [PID.2028]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1272]
[MD5.B7382BEC806B7B00FC84B3E2061FF48E] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [197536] [PID.2284]
[MD5.2BEC76BDCD1BC080210325E7B5094834] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200] [PID.2308]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2372]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2400]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2744]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.656]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3124]
[MD5.62D38645A251A5742027B0A48672FFE5] - (.Brother Industries, Ltd. - BrYNCSvc.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856] [PID.1964]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.5700]
~ Processes Running: Scanned in 00mn 16s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Translator v.1.4 (Activé) =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [lmblfngognklgemafekefcdjcnkdhmdm] 2YourFace v.1.0 (Activé) =>Adware.2YourFace
G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.17.0.1.12 (Activé) =>Toolbar.AVGSearch
G2 - GCE: Preference [User Data\Default] [pbpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.6 (Activé) =>Spyware.SmartDisplay
~ Google Browser: 15 Legitimates Filtered in 00mn 17s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Anaà¯s\AppData\Roaming\Mozilla\Firefox\Profiles\ile1jawy.default\prefs.js
~ Firefox Browser: 12 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.symantec.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.symantec.com
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Plantes contre Zombies.lnk . (...) -- C:\Program Files (x86)\PopCap Games\Plants vs. Zombies\PlantsVsZombies.exe =>Adware.PopCap
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Anaà¯s]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [Anaà¯s]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Anaà¯s]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Anaà¯s]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Anaà¯s]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Anaà¯s]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Anaà¯s]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 63 Legitimates Filtered in 00mn 52s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Anaà¯s]: OneNote 2010 - Capture d‚écran et lancement.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. - SetDefault.) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [IntelliType Pro] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft Device Center\itype.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft Device Center\ipoint.exe
O4 - HKLM\..\RunOnce: [NCInstallQueue] Clé orpheline
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Anaà¯s\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Activator] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [iTunesHelper] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Wow6432Node\Run: [HPQuickWebProxy] . (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [agentantidote.exe] I:\Antidote 7\Programmes32\agentantidote.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [agentantidote64.exe] I:\Antidote 7\Programmes64\agentantidote64.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1884211010-167994816-3066439192-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Anaà¯s\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1884211010-167994816-3066439192-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1884211010-167994816-3066439192-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1884211010-167994816-3066439192-1001\..\Run: [Activator] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-1884211010-167994816-3066439192-1001\..\Run: [iTunesHelper] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à  OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFB643F-2EF9-4E29-8D10-802765201ED3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpNameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpDomain = coova.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{CCFB643F-2EF9-4E29-8D10-802765201ED3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpNameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpDomain = coova.org
O17 - HKLM\System\CS2\Services\Tcpip\..\{CCFB643F-2EF9-4E29-8D10-802765201ED3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpNameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpDomain = coova.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.238.2.22 195.238.2.21
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5b68bdf]
~ Key Software: 217 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/03/2012 - 18:10:31 - [0,001] ----D C:\Users\Anaà¯s\AppData\Roaming\newfolder3
~ 27 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 220 Legitimates Filtered in 02mn 00s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.8C647507F8B9E179B84C8442C93EAC31] - 4/11/2013 - 08:57:48 ---A- - C:\Windows\Prefetch\BOXORE.EXE-BCDE0609.pf =>Adware.Boxore
O45 - LFCP:[MD5.E8AB371C08F1A3623F9AB565DE6CB4E3] - 4/11/2013 - 08:57:48 ---A- - C:\Windows\Prefetch\VPROT.EXE-2BBCC12F.pf
O45 - LFCP:[MD5.AA4DED5B16BF452244C95BA072040B63] - 4/11/2013 - 14:55:37 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-8B1988C1.pf
O45 - LFCP:[MD5.4A6F1367D3C3B643CB3BCA718176B2BF] - 5/11/2013 - 08:34:20 ---A- - C:\Windows\Prefetch\SYSTRANSERVER.EXE-02795DBE.pf
O45 - LFCP:[MD5.C8E2490CBBBE02C7DCF5A7A9E60E0650] - 5/11/2013 - 18:30:02 ---A- - C:\Windows\Prefetch\BABYLONHELPER64.EXE-31FFE3EB.pf =>Toolbar.Babylon
O45 - LFCP:[MD5.4B10A7C5FC72B6421E858112F3BD586A] - 5/11/2013 - 19:20:13 ---A- - C:\Windows\Prefetch\HPQWUTILS.EXE-EFBF4691.pf
~ Prefetcher: 125 Legitimates Filtered in 00mn 02s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{13255c7a-71f4-11e1-9657-74de2b710c95}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 11/04/2013 - 20:46:33 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
~ Drivers: 21 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 5/11/2013 - 19:38:49 ---A- . (...) -- C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Local State [43032]
O61 - LFC: 5/11/2013 - 19:40:11 ---A- . (...) -- C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Microsoft IntelliPoint\SQM\sqmdata00.sqm [368]
O61 - LFC: 5/11/2013 - 19:40:11 ---A- . (...) -- C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Microsoft IntelliPoint\SQM\sqmdata01.sqm [368]
O61 - LFC: 5/11/2013 - 19:40:11 ---A- . (...) -- C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Microsoft IntelliPoint\SQM\sqmdata02.sqm [368]
O61 - LFC: 5/11/2013 - 19:40:11 ---A- . (...) -- C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Microsoft IntelliPoint\SQM\sqmdata03.sqm [368]
O61 - LFC: 5/11/2013 - 19:40:13 ---A- . (...) -- C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Templates\Normal.dotm [308344]
O61 - LFC: 5/11/2013 - 19:40:23 ---A- . (...) -- C:\Users\Anaà¯s\Documents\Université\Droit comparé\Analyse Donoghue v. Stevenson.docx [27986]
O61 - LFC: 5/11/2013 - 19:42:40 -SHA- . (...) -- C:\Users\Anaà¯s\Thumbs.db [14336]
~ 8 Fichiers temporaires (Temporary files)
~ Files: 124 Legitimates Filtered in 06mn 44s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Anaà¯s\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Anaà¯s - ile1jawy.default] user_pref("avg.install.newtab", true);
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0DF60239-D872-4DE1-BAB9-F7AE3B421534} - (Ask Search) - https://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {35CFDBD1-461A-4599-8672-1C993E7318B2} - (Propositions de recherche Amazon.fr) - https://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - https://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.1C636E46703913B32FBB1EDDC8376164] [SPRF][29/04/2012] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\3959E3D3-2529-4215-99B6-36BB0AA26514.dat [2295]
[MD5.EE216379B77562E14A7B045766B8A6BB] [SPRF][25/10/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\6816CCCD-4570-41E9-91EA-D6E7F7877742.dat [44184]
[MD5.6D9994184A2BE91E1BED05BEF5FE055C] [SPRF][25/10/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\6D5D467E-2591-4508-BF17-2E26F2C17950.dat [44937]
[MD5.C5CDF5F4B0C0FC069C3CC056D00871C1] [SPRF][15/10/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\74411DA7-BE0B-49A1-98C1-D4DD6AF8CD6D.dat [1846]
[MD5.E1F4B6B51A1803032EF81B97CDA69E44] [SPRF][19/03/2012] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\817A62AB-DFE6-4E4B-9174-20B38B6CB4A7.dat [2115]
[MD5.0A9886426F2CD8B200E8F222CFB29434] [SPRF][5/11/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\819BB561-1E4B-437D-A2B2-94260A0F6C47.dat [43756]
[MD5.4313E6525CAECE08CED16E3055A8AF8D] [SPRF][5/11/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\85893609-7BA1-42ED-B141-077647F83E5D.dat [1724]
[MD5.998F2B84DDEF0399445376872FEE9EB5] [SPRF][4/11/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\89769FC4-86A0-43FC-B754-D48FFBC9D04D.dat [1846]
[MD5.FACC2F62D3FC8FAAEC0C5C9EC57FF5FF] [SPRF][28/04/2012] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\8E3C7E4F-D16D-41D4-B88D-3B9C2E7D17EE.dat [2319]
[MD5.7EBC9B3EEAD6500469A617CC16E99D0E] [SPRF][26/03/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\9E8A7037-B27C-44A9-B230-B1D140114C64.dat [25377]
[MD5.DD0582B1B595F85F5AB7678EB084D7C9] [SPRF][29/04/2012] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\A805668E-2516-46A9-8332-908256DB5C64.dat [2323]
[MD5.160EA9BA4F751C488CA4EF4A445FFC69] [SPRF][6/07/2012] (.Ask.com - AskStub Application.) -- C:\Users\Anaà¯s\AppData\Local\Temp\ApnStub.exe [357064]
[MD5.197215658B8015182192E1EBCA3BBCC3] [SPRF][7/01/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Anaà¯s\AppData\Local\Temp\AskSLib.dll [246440]
[MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][11/04/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\bitool.dll [38480]
[MD5.8F0D39370CF945EE65AE63CEB860F843] [SPRF][5/11/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\C3B66A73-86DE-4703-9FCA-464D16BDD17D.dat [44599]
[MD5.84A646C0CC55DC5CFF9BAF9E1226A839] [SPRF][29/04/2012] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\E6B78FE4-1BE0-4466-B521-D2B02D87FEC2.dat [2311]
[MD5.171F1BB73D0238A7A56126D3459ECDCD] [SPRF][15/10/2008] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\Extract.exe [50432]
[MD5.0A90E205FEF72B11356340EF43BD02EF] [SPRF][29/04/2012] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\F47C62D5-4827-4830-BFC5-FDA11ABB1F3E.dat [2319]
[MD5.C13E3F6FF940141F86EE4C47CB9C4A16] [SPRF][29/11/2012] (.Pas de propriétaire - MachineIdCreator Application.) -- C:\Users\Anaà¯s\AppData\Local\Temp\MachineIdCreator.exe [163936]
[MD5.E7EA77F76D8D443E4CEAD2E46A77B06B] [SPRF][29/11/2012] (.Pas de propriétaire - AVG Installer.) -- C:\Users\Anaà¯s\AppData\Local\Temp\oi_{8DAB44D5-2C90-47D1-BDCF-CFABD3C6E7A9}.exe [2985568]
[MD5.991CD458830AE2008BE0C2D8E26C8BD0] [SPRF][28/11/2011] (.Pas de propriétaire - WindowsFormsApplication1.) -- C:\Users\Anaà¯s\AppData\Local\Temp\PingMe.exe [7168]
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][3/11/2013] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\Quarantine.exe [350259]
[MD5.9738475FF9A6A9ADDC1BE56FB55CD3B4] [SPRF][14/02/2013] (.Ask - Wrapper Application.) -- C:\Users\Anaà¯s\AppData\Local\Temp\Setup.exe [4163720]
[MD5.F0BCA9C414B8F2CA3C652FB26D095D17] [SPRF][21/11/2012] (...) -- C:\Users\Anaà¯s\AppData\Local\Temp\temp.bat [447]
~ Files: 51 Legitimates Filtered in 01mn 42s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25BD30E1BC5D83343A835E62DDD4D41B" . (.Bing Bar.) -- C:\Windows\Installer\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 179 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][23/09/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\a6e2ec.msi [45056] =>Adware.Boxore
~ WIS: 182 Legitimates Filtered in 02mn 28s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 3/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/06/2013 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 28/09/2011 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 14/06/2011 138400 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 14/06/2011 97952 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SS - | Demand 1/03/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 15/11/2011 249856 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SS - | Auto 16/02/2011 682040 | (HPAuto) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Auto 10/08/2012 197536 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 5/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 25/06/2013 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/05/2013 144368 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
SR - | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 17/12/2010 276992 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 02mn 34s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Anaà¯s at 5/11/2013 19:49:38
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : 12971 - (4/11/2013)
Clés trouvées (Keys found) : 41
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon^
[HKLM\Software\Google\Chrome\Extensions\lmblfngognklgemafekefcdjcnkdhmdm] =>Adware.2YourFace^
[HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
[HKLM\Software\Google\Chrome\Extensions\pbpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Features\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Classes\Installer\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Classes\Installer\Features\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Classes\Installer\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb =>Toolbar.Babylon^
C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmblfngognklgemafekefcdjcnkdhmdm =>Adware.2YourFace^
C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
C:\Users\Anaà¯s\AppData\Local\Software =>Adware.Boxore
C:\Users\Anaà¯s\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd
C:\Windows\Installer\a6e2ec.msi =>Adware.Boxore^
~ Additionnel Scan: 349426 Items scanned in 00mn 54s



---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ https://nicolascoolman.webs.com/apps/blog/show/26593722-adware-2yourface =>Adware.2YourFace
~ https://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay
~ https://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap =>Adware.PopCap
~ https://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ https://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ https://nicolascoolman.webs.com/apps/blog/show/34702976-toolbar-ebay =>Toolbar.eBay
~ https://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing
~ https://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
~ https://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ MSI: 10 link(s) detected in 00mn 55s



~ 1521 Legitimates filtered by white list
End of the scan (538 lines in 19mn 27s)(0)
#14685
Hello :hello: ,

Bienvenue sur SosVirus :welcome:
  • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
  • Exécute UsbFix
  • Choisi l'option Suppression

    Note : Si UsbFix bloque à  14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
#15155
J'ai essayé à  plusieurs reprises, mais toujours le même résultat : USBfixe ne répond pas à  21% :hein:
Ouais y'a apparemment un soucis avec la version de usbfix qui est en ligne , c'est un soucis au niveau de la reconnaissance des disques, alors elle se bloque sur certains PC.
Je suis actuellement en train de revoir le code source de UsbFix de A à  Z , y'aura plus de bug , je te le garantie ;)

On va faire autrement mais essai ceci stp : connectes tes supports amovibles, lance UsbFix option listing et post le rapport stp.
#15159
Code: Tout sélectionner
############################## | UsbFix V 7.149 | [Listing]

Utilisateur: Anaà¯s (Administrateur) # ANAàS-HP
Mis à  jour le 03/11/2013 par El Desaparecido - Team SosVirus
Lancé à  09:34:06 | 08/11/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Hewlett-Packard (3568)
CPU: AMD A4-3300M APU with Radeon(tm) HD Graphics
RAM -> [Total : 3561 | Free : 1671]
Bios: Insyde
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Mozilla Firefox : 11.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 574 Go (436 Go libre(s) - 76%) [] # NTFS
D:\ -> Disque fixe # 18 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 28%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disque amovible # 7 Go (6 Go libre(s) - 84%) [] # FAT32
H:\ -> CD-ROM

################## | Listing |

[25/06/2013 - 10:27:54 | SHD ] C:\$Recycle.Bin
[10/05/2012 - 17:17:18 | D ] C:\8670621f47a78c90237fbbd6d566ef
[05/11/2013 - 20:19:25 | D ] C:\AdwCleaner
[06/08/2011 - 11:17:23 | SHD ] C:\boot
[21/11/2010 - 04:23:51 | RASH | 383786] C:\bootmgr
[08/09/2012 - 08:47:05 | D ] C:\Brother
[11/10/2013 - 21:06:15 | SHD ] C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[05/05/2012 - 09:05:10 | D ] C:\drivers
[11/04/2012 - 09:18:01 | SHD ] C:\found.000
[08/11/2013 - 09:27:20 | ASH | 2800803840] C:\hiberfil.sys
[15/09/2011 - 01:12:53 | HD ] C:\HP
[13/03/2012 - 13:46:12 | RHD ] C:\MSOCache
[08/11/2013 - 09:27:19 | ASH | 3734405120] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[05/11/2013 - 19:50:00 | A | 512] C:\PhysicalDisk0_MBR.bin
[05/11/2013 - 19:07:11 | RD ] C:\Program Files
[05/11/2013 - 19:29:01 | RD ] C:\Program Files (x86)
[05/11/2013 - 19:06:59 | HD ] C:\ProgramData
[12/03/2012 - 12:55:38 | SHD ] C:\Recovery
[25/06/2013 - 10:42:51 | A | 184] C:\setup.log
[07/09/2013 - 09:09:21 | D ] C:\SWSetup
[08/11/2013 - 07:25:17 | SHD ] C:\System Volume Information
[12/03/2012 - 12:55:44 | HD ] C:\SYSTEM.SAV
[08/11/2013 - 09:34:07 | D ] C:\UsbFix
[07/11/2013 - 19:20:52 | A | 13431] C:\UsbFix [Clean 1] ANAàS-HP.txt
[07/11/2013 - 19:43:11 | A | 13528] C:\UsbFix [Clean 2] ANAàS-HP.txt
[08/11/2013 - 07:31:07 | A | 13727] C:\UsbFix [Clean 3] ANAàS-HP.txt
[08/11/2013 - 09:16:42 | A | 7463] C:\UsbFix [Listing 1 ] ANAàS-HP.txt
[08/11/2013 - 09:34:07 | A | 2837] C:\UsbFix [Listing 2 ] ANAàS-HP.txt
[20/05/2012 - 17:14:22 | RD ] C:\Users
[27/10/2013 - 10:05:27 | D ] C:\Windows
[08/11/2013 - 08:37:46 | A | 3552] C:\{B4DAD339-5B35-4BD8-86C1-3CD364E42903}
[25/06/2013 - 10:27:54 | SHD ] D:\$RECYCLE.BIN
[12/03/2012 - 14:58:14 | RASHD ] D:\boot
[14/07/2009 - 19:39:00 | RASH | 383562] D:\bootmgr
[23/05/2010 - 13:55:46 | RASH | 67] D:\Desktop.ini
[12/03/2012 - 14:58:14 | ASHD ] D:\FactoryUpdate
[12/03/2012 - 14:58:14 | RASHD ] D:\hp
[11/04/2012 - 19:53:41 | A | 20] D:\HPSF_Rep.txt
[12/03/2012 - 14:57:59 | RASH | 8] D:\HP_WSD.dat
[12/03/2012 - 14:58:14 | RSHD ] D:\preload
[18/12/2012 - 20:58:34 | RSD ] D:\recovery
[12/03/2012 - 16:52:07 | AH | 426] D:\RMCStatus.bin
[12/03/2012 - 14:58:14 | SHD ] D:\RM_Reserve
[08/11/2013 - 07:25:18 | SHD ] D:\System Volume Information
[20/08/2013 - 10:51:56 | AD ] E:\Hewlett-Packard
[15/09/2011 - 02:19:38 | SHD ] E:\$RECYCLE.BIN
[06/11/2012 - 15:27:58 | A | 8] E:\HP_WSD.dat
[11/04/2012 - 20:53:42 | A | 20] E:\HPSF_Rep.txt
[06/08/2012 - 17:49:40 | SHD ] G:\Italie 2012
[23/06/2009 - 22:38:40 | SHD ] G:\Organisation Voyage Finlande 2007
[12/09/2012 - 19:14:22 | SHD ] G:\Avocat
[14/09/2012 - 10:38:46 | SHD ] G:\Preuve anais
[17/09/2012 - 12:45:28 | SHD ] G:\Bambois 01-09-2012
[05/11/2012 - 17:29:46 | SHD ] G:\travail de méthodo
[31/08/2013 - 11:32:30 | SH | 73728] G:\Activator.vbs
[08/11/2013 - 09:22:28 | A | 527] G:\math.lnk
[08/11/2012 - 10:02:36 | SHD ] G:\Travaux préparatoires
[08/08/2013 - 20:55:50 | SHD ] G:\math
[27/08/2013 - 18:02:16 | SHD ] G:\croatie
[08/11/2013 - 09:22:28 | A | 545] G:\Italie 2012.lnk
[12/11/2012 - 09:50:44 | SHD ] G:\Loi du 31 mars 1987
[08/11/2013 - 09:22:28 | A | 742] G:\Activator.lnk
[08/11/2013 - 09:22:28 | A | 1654] G:\Travail méthodo Version 2.lnk
[08/11/2013 - 09:22:28 | A | 597] G:\Organisation Voyage Finlande 2007.lnk
[01/11/2013 - 17:01:58 | R | 531] G:\Avocat.lnk
[27/03/2013 - 09:27:40 | SHD ] G:\DOB II
[28/02/2013 - 07:06:16 | SH | 99569] G:\Travail méthodo Version 2.docx
[08/11/2013 - 09:22:28 | A | 547] G:\Preuve anais.lnk
[08/11/2013 - 09:22:28 | A | 559] G:\Bambois 01-09-2012.lnk
[08/11/2013 - 09:22:28 | A | 563] G:\travail de méthodo.lnk
[08/11/2013 - 09:22:28 | A | 565] G:\Travaux préparatoires.lnk
[08/11/2013 - 09:22:28 | A | 533] G:\croatie.lnk
[08/11/2013 - 09:22:28 | A | 1642] G:\BEATRICE AER EX 2012.lnk
[08/11/2013 - 09:22:28 | A | 1612] G:\Declaration.lnk
[08/11/2013 - 09:22:28 | A | 750] G:\DOB II.lnk
[25/09/2013 - 17:59:12 | SH | 134705] G:\BEATRICE AER EX 2012.pdf
[08/11/2013 - 09:22:28 | A | 1632] G:\USConstitution_French.lnk
[08/11/2013 - 09:22:30 | A | 748] G:\Notaire.lnk
[08/11/2013 - 09:22:28 | A | 1772] G:\Vos attestations pour l'obtention d'un abonnement scolaire (train ou bus).lnk
[08/11/2013 - 09:22:28 | A | 1688] G:\Votre confirmation d'inscription provisoire.lnk
[26/09/2013 - 13:32:56 | SH | 57808] G:\Declaration.pdf
[08/11/2013 - 09:22:28 | A | 788] G:\Loi du 31 mars 1987.lnk
[08/11/2013 - 09:22:28 | A | 1602] G:\alloc.lnk
[26/09/2013 - 13:22:04 | SH | 132337] G:\Vos attestations pour l'obtention d'un abonnement scolaire (train ou bus).pdf
[26/09/2013 - 13:20:22 | SH | 44884] G:\Votre confirmation d'inscription provisoire.pdf
[31/10/2013 - 19:44:28 | A | 768] G:\TP à  imprimer.lnk
[08/11/2013 - 09:22:28 | A | 1602] G:\.lnk
[01/11/2013 - 17:14:56 | SHD ] G:\DIVERS
[23/10/2013 - 11:18:18 | SH | 295829] G:\USConstitution_French.pdf
[24/10/2013 - 08:54:04 | SH | 18784] G:\alloc.docx
[13/10/2013 - 22:30:38 | SH | 69554284] G:\iTunesHelper.vbe
[01/11/2013 - 16:56:22 | SH | 37376] G:\Décion ndls.doc
[08/11/2013 - 09:22:28 | A | 1616] G:\Décion ndls.lnk
[01/11/2013 - 17:13:18 | SH | 11264] G:\Nouveau Document Microsoft Word 97 - 2003.doc
[08/11/2013 - 09:22:28 | A | 1696] G:\Nouveau Document Microsoft Word 97 - 2003.lnk
[08/11/2013 - 09:22:28 | A | 746] G:\DIVERS.lnk
[02/11/2013 - 09:58:34 | A | 742] G:\iTunesHelper.lnk
[01/11/2013 - 19:51:32 | SHD ] G:\Nouveau dossier
[08/11/2013 - 09:22:30 | A | 768] G:\Nouveau dossier.lnk
[18/10/2013 - 17:46:58 | SH | 4096] G:\._.Trashes
[10/10/2013 - 11:12:28 | SHD ] G:\Notaire
[18/10/2013 - 17:46:58 | SHD ] G:\.Trashes
[18/10/2013 - 17:48:16 | SHD ] G:\L.P?
[18/10/2013 - 17:48:34 | SHD ] G:\Tuyaux 3ème Bac Droit
[08/11/2013 - 09:22:30 | A | 750] G:\.Trashes.lnk
[31/10/2013 - 19:41:22 | A | 754] G:\.fseventsd.lnk
[31/10/2013 - 19:41:22 | A | 764] G:\.Spotlight-V100.lnk
[08/11/2013 - 09:22:30 | A | 788] G:\Tuyaux 3ème Bac Droit.lnk

################## | E.O.F |
#15160
Re,

Alors je t'explique , là  on va enlever l'infection de ton PC et de la clé usb G , ensuite on fera 2 | 3 autres scan du PC car tu as aussi des Adware.pup et une fois ça terminé, on va restaurer les fichiers et dossiers de ta clé :)

Connecte la clé G , puis :
  • Télécharge OTM de OldTimer sur ton bureau.
  • Double-clique sur OTM.exe pour le lancer.
  • Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
  • Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.

Image
Code : Tout sélectionner
:files 
G:\Activator.vbs
G:\math.lnk
G:\Italie 2012.lnk
G:\Activator.lnk
G:\Travail méthodo Version 2.lnk
G:\Organisation Voyage Finlande 2007.lnk
G:\Avocat.lnk
G:\Preuve anais.lnk
G:\Bambois 01-09-2012.lnk
G:\travail de méthodo.lnk
G:\Travaux préparatoires.lnk
G:\croatie.lnk
G:\BEATRICE AER EX 2012.lnk
G:\Declaration.lnk
G:\DOB II.lnk
G:\USConstitution_French.lnk
G:\Notaire.lnk
G:\Vos attestations pour l'obtention d'un abonnement scolaire (train ou bus).lnk
G:\Votre confirmation d'inscription provisoire.lnk
G:\Loi du 31 mars 1987.lnk
G:\alloc.lnk
G:\TP à  imprimer.lnk
G:\.lnk
G:\iTunesHelper.vbe
G:\Décion ndls.lnk
G:\Nouveau Document Microsoft Word 97 - 2003.lnk
G:\DIVERS.lnk
G:\iTunesHelper.lnk
G:\Nouveau dossier.lnk
G:\.Trashes.lnk
G:\.fseventsd.lnk
G:\.Spotlight-V100.lnk
G:\Tuyaux 3ème Bac Droit.lnk
C:\Users\Anaà¯s\AppData\Roaming\*.vbe
C:\Users\Anaà¯s\AppData\Roaming\*.vbs
C:\Users\Anaà¯s\AppData\Local\Temp\*.vbe
C:\Users\Anaà¯s\AppData\Local\Temp\*.vbs
C:\Users\Anaà¯s\AppData\Local\Temp\*.exe
C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbe
C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs
C:\Users\Anaà¯s\AppData\Roaming\newfolder3

:Reg
[HKEY_USERS\S-1-5-21-1884211010-167994816-3066439192-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"Activator"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"Activator"=-

:commands 
[emptytemp] 
  • Clique sur "MoveIt!" .
  • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l'ordinateur.
  • Si c'est le cas, acceptes en cliquant sur "YES".
  • Post le rapport dans ta prochaine réponse.
  • Le rapport est situé dans C:\_OTM\MovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).
#15183
[/spoiler] killed
Error: Unable to interpret <G:\Nouveau Document Microsoft Word 97 - 2003.lnk> in the current context!
Error: Unable to interpret <G:\DIVERS.lnk> in the current context!
Error: Unable to interpret <G:\iTunesHelper.lnk> in the current context!
Error: Unable to interpret <G:\Nouveau dossier.lnk> in the current context!
Error: Unable to interpret <G:\.Trashes.lnk> in the current context!
Error: Unable to interpret <G:\.fseventsd.lnk> in the current context!
Error: Unable to interpret <G:\.Spotlight-V100.lnk> in the current context!
Error: Unable to interpret <G:\Tuyaux 3ème Bac Droit.lnk> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Roaming\*.vbe> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Roaming\*.vbs> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Local\Temp\*.vbe> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Local\Temp\*.vbs> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Local\Temp\*.exe> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbe> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs> in the current context!
Error: Unable to interpret <C:\Users\Anaà¯s\AppData\Roaming\newfolder3> in the current context!
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-1884211010-167994816-3066439192-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper not found.
Registry value HKEY_USERS\S-1-5-21-1884211010-167994816-3066439192-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Activator not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Activator not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AnaàƒÂ¯s

User: Anaà¯s
->Temp folder emptied: 33933 bytes
->Temporary Internet Files folder emptied: 2624 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8773248 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 779086961 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63408 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95763 bytes
RecycleBin emptied: 44078250 bytes

Total Files Cleaned = 794,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11082013_145041
G:\Nouveau Document Microsoft Word 97 - 2003.lnk moved successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 11082013_145028

Files moved on Reboot...
File G:\Activator.vbs not found!
File G:\iTunesHelper.vbe not found!
C:\Users\Anaà¯s\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot... [/spoiler]
#15187
Désinstalle ta version de UsbFix, on va utiliser la dernière mises à  jours ;) :
  • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
  • Exécute UsbFix
  • Choisi l'option Suppression

    Note : Si UsbFix bloque à  14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
#15785
Usb fixe ne répond toujours pas :unhappy:

Je suis désespérée !
:( Faut pas ;) Y'a toujours des solutions ;)

Nous allons éffectuer un diagnostic de ton ordinateur :
  • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
  • Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'adminsitrateur.
  • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées.
  • Dans le cadre Personnalisation, copie-colle l'intégralité de ce qui suit :
Code : Tout sélectionner
netsvcs 
msconfig 
safebootminimal 
safebootnetwork 
activex 
drivers32 
%ALLUSERSPROFILE%\Application Data\*. 
%ALLUSERSPROFILE%\Application Data\*.exe /s 
%APPDATA%\*. 
%APPDATA%\*.exe /s 
%temp%\*.exe /s 
%SYSTEMDRIVE%\*.exe 
%systemroot%\*. /mp /s 
%systemroot%\system32\consrv.dll 
%systemroot%\system32\*.dll /lockedfiles 
%windir%\Tasks\*.job /lockedfiles 
%systemroot%\system32\drivers\*.sys /lockedfiles 
%systemroot%\System32\config\*.sav 
/md5start 
explorer.exe 
winlogon.exe 
services.exe 
wininit.exe 
/md5stop 
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s 
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s 
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s 
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s 
CREATERESTOREPOINT 
nslookup https://www.google.fr /c 
hklm\software\clients\startmenuinternet|command /rs 
hklm\software\clients\startmenuinternet|command /64 /rs 
CREATERESTOREPOINT
SAVEMBR:0 
  • Clique sur Analyse

    Image
  • Une fois le scan terminé 1 ou 2 rapports vont s'ouvrir OTL.txt et Extras.txt.
  • Héberge les rapports OTL.txt et Extras.txt sur Sosupload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    Note : Au cas oà¹, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
PC bloqué sur une image

salut à vous peut-être tester avec u[…]

[RESOLU] Virus sur pc

Merci à vous pour l'aide :)

Mimisuitou N' installez pas de cracks sur votre […]

virus ou pas

Re, Démarrez en mode sans echec, et lance[…]