soucis sur usb virus

soucis sur usb virus#15650

par pouille - sam. 9 nov. 2013 22:46

- sam. 9 nov. 2013 22:46 #15650

Bonsoir,
j'ai un petit soucis sur ma clef usb je sais pas comment faire ...
en fait tout mes dossier de clef usb se transforment en raccourcis

pourriz vous m'aider s'il vous plait ?

voici le dernier rapport

############################## | UsbFix V 7.149 | [Recherche]

Utilisateur: poe (Administrateur) # POUPOUILLE
Mis à jour le 03/11/2013 par El Desaparecido - Team SosVirus
Lancé à 22:35:40 | 09/11/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3579 | Free : 2018]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft WindowsÂ 7 à‰dition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 445 Go (325 Go libre(s) - 73%) [] # NTFS
D:\ -> Disque fixe # 17 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 28%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [FLASH DRIVE] # FAT32

################## | Référence de comparaison MD5 |

Md5 : 9a193f949004f78f28193859be75f13b -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Md5 : DENIED -> C:\Users\poe\AppData\Local\Temp\Activator.vbs
Md5 : DENIED -> C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Md5 : 885e9eb42889ca547f4e3515dcde5d3d -> C:\Users\poe\AppData\Local\Temp\7za.exe
Md5 : 3b802f9c6dc2c19dbbd55e92ae3c7f33 -> C:\Users\poe\AppData\Local\Temp\Trojan.exe
Md5 : 9a193f949004f78f28193859be75f13b -> F:\Activator.vbs

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 400 |ParentID: 368)
C:\Windows\system32\wininit.exe (ID: 512 |ParentID: 368)
C:\Windows\system32\csrss.exe (ID: 520 |ParentID: 504)
C:\Windows\system32\services.exe (ID: 564 |ParentID: 512)
C:\Windows\system32\lsass.exe (ID: 572 |ParentID: 512)
C:\Windows\system32\lsm.exe (ID: 580 |ParentID: 512)
C:\Windows\system32\svchost.exe (ID: 696 |ParentID: 564)
C:\Windows\system32\winlogon.exe (ID: 764 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 824 |ParentID: 564)
C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 952 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1028 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 564)
C:\Program Files\IDT\WDM\STacSV.exe (ID: 1140 |ParentID: 564)
C:\Windows\system32\Hpservice.exe (ID: 1392 |ParentID: 564)
C:\Windows\system32\atieclxx.exe (ID: 1416 |ParentID: 880)
C:\Windows\system32\svchost.exe (ID: 1464 |ParentID: 564)
C:\Windows\system32\WLANExt.exe (ID: 1600 |ParentID: 1004)
C:\Windows\system32\conhost.exe (ID: 1612 |ParentID: 400)
C:\Windows\System32\spoolsv.exe (ID: 1696 |ParentID: 564)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1736 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1768 |ParentID: 564)
C:\Windows\system32\taskhost.exe (ID: 1984 |ParentID: 564)
C:\Windows\system32\Dwm.exe (ID: 1992 |ParentID: 1004)
C:\Windows\Explorer.EXE (ID: 2016 |ParentID: 1968)
C:\Program Files\IDT\WDM\aestsrv.exe (ID: 1328 |ParentID: 564)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 1452 |ParentID: 564)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 372 |ParentID: 564)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2116 |ParentID: 564)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 2144 |ParentID: 564)
C:\Windows\System32\ezSharedSvcHost.exe (ID: 2212 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 2264 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 2308 |ParentID: 564)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2444 |ParentID: 2016)
C:\Program Files\IDT\WDM\sttray.exe (ID: 2496 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (ID: 2512 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (ID: 2576 |ParentID: 2520)
C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID: 2620 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (ID: 2628 |ParentID: 2520)
C:\Windows\system32\taskeng.exe (ID: 2792 |ParentID: 1088)
C:\Program Files\CyberLink\YouCam\YCMMirage.exe (ID: 2828 |ParentID: 2792)
C:\Program Files\Ask.com\Updater\Updater.exe (ID: 2868 |ParentID: 2016)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 3016 |ParentID: 2016)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3024 |ParentID: 2016)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 3032 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 3040 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 3048 |ParentID: 2016)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3064 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 3120 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 3188 |ParentID: 564)
C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 3228 |ParentID: 2016)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3532 |ParentID: 2016)
C:\Windows\System32\wscript.exe (ID: 3540 |ParentID: 2016)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 3548 |ParentID: 2016)
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 3592 |ParentID: 564)
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (ID: 3868 |ParentID: 564)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 3956 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 4072 |ParentID: 564)
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 2108 |ParentID: 3592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2176 |ParentID: 564)
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (ID: 2732 |ParentID: 564)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4184 |ParentID: 696)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 4204 |ParentID: 2176)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4660 |ParentID: 2408)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 4856 |ParentID: 1452)
C:\Windows\system32\conhost.exe (ID: 4888 |ParentID: 400)
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 4936 |ParentID: 564)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 5068 |ParentID: 4660)
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 5408 |ParentID: 564)
C:\Windows\system32\SearchIndexer.exe (ID: 5596 |ParentID: 564)
C:\Program Files\iPod\bin\iPodService.exe (ID: 6112 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 4132 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1332 |ParentID: 564)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 6084 |ParentID: 2856)
C:\Windows\system32\msiexec.exe (ID: 1944 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 7860 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 8140 |ParentID: 564)
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 8188 |ParentID: 564)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 112 |ParentID: 564)
C:\Windows\System32\WUDFHost.exe (ID: 672 |ParentID: 1004)
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 5460 |ParentID: 696)
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe (ID: 3260 |ParentID: 3548)
C:\Windows\system32\taskhost.exe (ID: 6620 |ParentID: 564)
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 7888 |ParentID: 564)
C:\Users\poe\AppData\Local\Temp\Trojan.exe (ID: 6412 |ParentID: 4612)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 8380 |ParentID: 696)
C:\Windows\system32\svchost.exe (ID: 10032 |ParentID: 564)
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe (ID: 8296 |ParentID: 8688)
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (ID: 9864 |ParentID: 8296)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 2596 |ParentID: 564)
C:\Windows\system32\wuauclt.exe (ID: 628 |ParentID: 1088)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8396 |ParentID: 2016)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1560 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6076 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7728 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8620 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 9084 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7896 |ParentID: 8396)
C:\UsbFix\Go.exe (ID: 7484 |ParentID: 10132)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE | RunOnce : [NCPluginUpdater] - "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify] - "C:\Users\poe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Activator] - wscript.exe //B "C:\Users\poe\AppData\Local\Temp\Activator.vbs"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [5cd8f17f4086744065eb0992a09e05a2] - "C:\Users\poe\AppData\Local\Temp\Trojan.exe" ..
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Présent! C:\Users\poe\AppData\Roaming\BabMaint.exe
Présent! C:\Users\poe\AppData\Local\Temp\Activator.vbs
Présent! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
Présent! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Présent! F:\Activator.vbs
Présent! F:\Curriculum Vitae france.lnk
Présent! F:\Partie 1_chap2.lnk
Présent! F:\Partie1_chap3.lnk
Présent! F:\Partie 1_chap1.lnk
Présent! F:\liste des éléments.lnk
Présent! F:\Résumé 2011.lnk
Présent! F:\Thumbs.lnk
Présent! F:\desktop.lnk
Présent! F:\Â .lnk
Présent! F:\xxx.lnk
Présent! F:\autorun.lnk
Présent! F:\4#QVILEZJNBGT.lnk
Présent! C:\Users\poe\AppData\Local\Temp\Trojan.exe.tmp
Présent! C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Présent! C:\Users\poe\AppData\Local\Temp\7za.exe
Présent! C:\Users\poe\AppData\Local\Temp\Trojan.exe
Présent! D:\desktop.ini
Présent! F:\4#QVILEZJNBGT.ini
Présent! F:\autorun.inf
Présent! F:\desktop.ini

################## | Comparaison MD5 |

Présent! Md5 : 885E9EB42889CA547F4E3515DCDE5D3D -> C:\Users\poe\AppData\Local\Temp\7za.exe
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Local\Temp\Activator.vbs
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Local\Temp\Trojan.exe
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Local\Temp\xp.exe
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> F:\Activator.vbs

################## | Registre |

Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |

Re: soucis sur usb virus#15652

par billmaxime - sam. 9 nov. 2013 22:58

- sam. 9 nov. 2013 22:58 #15652

pouille et :welcome: sur sosvirus,

pour ton soucis, exécute usbfix en mode suppression et poste le rapport s'il te plaît

Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Choisis l'option Suppression

Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)
Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

Re: soucis sur usb virus#15660

par pouille - sam. 9 nov. 2013 23:24

- sam. 9 nov. 2013 23:24 #15660

merci de m'aider c'est gentil

voila j'ai fais ce que tu m'as dis et voici le rapport

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: poe (Administrateur) # POUPOUILLE
Mis à jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à 23:11:58 | 09/11/2013

Site Web : https://www.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : https://www.usbfix.net/contact/

PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3579 | Free : 1872]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft WindowsÂ 7 à‰dition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 445 Go (325 Go libre(s) - 73%) [] # NTFS
D:\ -> Disque fixe # 17 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 28%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [FLASH DRIVE] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 564)
Stoppé! C:\Program Files\IDT\WDM\STacSV.exe (ID: 1140 |ParentID: 564)
Stoppé! C:\Windows\system32\Hpservice.exe (ID: 1392 |ParentID: 564)
Stoppé! C:\Windows\system32\atieclxx.exe (ID: 1416 |ParentID: 880)
Stoppé! C:\Windows\system32\WLANExt.exe (ID: 1600 |ParentID: 1004)
Stoppé! C:\Windows\system32\conhost.exe (ID: 1612 |ParentID: 400)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1696 |ParentID: 564)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1736 |ParentID: 564)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 1984 |ParentID: 564)
Stoppé! C:\Windows\Explorer.EXE (ID: 2016 |ParentID: 1968)
Stoppé! C:\Program Files\IDT\WDM\aestsrv.exe (ID: 1328 |ParentID: 564)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 1452 |ParentID: 564)
Stoppé! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 372 |ParentID: 564)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2116 |ParentID: 564)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 2144 |ParentID: 564)
Stoppé! C:\Windows\System32\ezSharedSvcHost.exe (ID: 2212 |ParentID: 564)
Stoppé! C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 2308 |ParentID: 564)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2444 |ParentID: 2016)
Stoppé! C:\Program Files\IDT\WDM\sttray.exe (ID: 2496 |ParentID: 2016)
Stoppé! C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (ID: 2512 |ParentID: 2016)
Stoppé! C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (ID: 2576 |ParentID: 2520)
Stoppé! C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID: 2620 |ParentID: 2016)
Stoppé! C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (ID: 2628 |ParentID: 2520)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 2792 |ParentID: 1088)
Stoppé! C:\Program Files\CyberLink\YouCam\YCMMirage.exe (ID: 2828 |ParentID: 2792)
Stoppé! C:\Program Files\Ask.com\Updater\Updater.exe (ID: 2868 |ParentID: 2016)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 3016 |ParentID: 2016)
Stoppé! C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3024 |ParentID: 2016)
Stoppé! C:\Program Files\iTunes\iTunesHelper.exe (ID: 3032 |ParentID: 2016)
Stoppé! C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 3040 |ParentID: 2016)
Stoppé! C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 3048 |ParentID: 2016)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3064 |ParentID: 2016)
Stoppé! C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 3120 |ParentID: 564)
Stoppé! C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 3188 |ParentID: 564)
Stoppé! C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 3228 |ParentID: 2016)
Stoppé! C:\Program Files\Skype\Phone\Skype.exe (ID: 3532 |ParentID: 2016)
Stoppé! C:\Windows\System32\wscript.exe (ID: 3540 |ParentID: 2016)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 3548 |ParentID: 2016)
Stoppé! C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 3592 |ParentID: 564)
Stoppé! C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (ID: 3868 |ParentID: 564)
Stoppé! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 3956 |ParentID: 564)
Stoppé! C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 2108 |ParentID: 3592)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2176 |ParentID: 564)
Stoppé! C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (ID: 2732 |ParentID: 564)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 4204 |ParentID: 2176)
Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4660 |ParentID: 2408)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 4856 |ParentID: 1452)
Stoppé! C:\Windows\system32\conhost.exe (ID: 4888 |ParentID: 400)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 4936 |ParentID: 564)
Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 5068 |ParentID: 4660)
Stoppé! C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 5408 |ParentID: 564)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 5596 |ParentID: 564)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (ID: 6112 |ParentID: 564)
Stoppé! C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 6084 |ParentID: 2856)
Stoppé! C:\Windows\system32\msiexec.exe (ID: 1944 |ParentID: 564)
Stoppé! C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 7860 |ParentID: 564)
Stoppé! C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 8188 |ParentID: 564)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 112 |ParentID: 564)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 672 |ParentID: 1004)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 5460 |ParentID: 696)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe (ID: 3260 |ParentID: 3548)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 6620 |ParentID: 564)
Stoppé! C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 7888 |ParentID: 564)
Stoppé! C:\Users\poe\AppData\Local\Temp\Trojan.exe (ID: 6412 |ParentID: 4612)
Stoppé! C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe (ID: 8296 |ParentID: 8688)
Stoppé! C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (ID: 9864 |ParentID: 8296)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 2596 |ParentID: 564)
Stoppé! C:\Windows\system32\wuauclt.exe (ID: 628 |ParentID: 1088)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8396 |ParentID: 2016)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1560 |ParentID: 8396)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6076 |ParentID: 8396)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8620 |ParentID: 8396)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 9084 |ParentID: 8396)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE | RunOnce : [NCPluginUpdater] - "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify] - "C:\Users\poe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Activator] - wscript.exe //B "C:\Users\poe\AppData\Local\Temp\Activator.vbs"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [5cd8f17f4086744065eb0992a09e05a2] - "C:\Users\poe\AppData\Local\Temp\Trojan.exe" ..
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Supprimé! C:\Users\poe\AppData\Roaming\BabMaint.exe
Supprimé! C:\Users\poe\AppData\Local\Temp\Activator.vbs
Supprimé! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
Supprimé! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Supprimé! F:\Activator.vbs
Supprimé! F:\Curriculum Vitae france.lnk
Supprimé! F:\Partie 1_chap2.lnk
Supprimé! F:\Partie1_chap3.lnk
Supprimé! F:\Partie 1_chap1.lnk
Supprimé! F:\liste des éléments.lnk
Supprimé! F:\Résumé 2011.lnk
Supprimé! F:\Autorun.inf.lnk
Supprimé! F:\cours LV1 p4.lnk
Supprimé! F:\Thumbs.lnk
Supprimé! F:\desktop.lnk
Supprimé! F:\Â .lnk
Supprimé! F:\xxx.lnk
Supprimé! F:\autorun.lnk
Supprimé! F:\4#QVILEZJNBGT.lnk
Supprimé! C:\Users\poe\AppData\Local\Temp\Trojan.exe.tmp
Supprimé! C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Supprimé! C:\Users\poe\AppData\Local\Temp\7za.exe
Supprimé! C:\Users\poe\AppData\Local\Temp\Trojan.exe
Supprimé! D:\desktop.ini
Supprimé! F:\4#QVILEZJNBGT.ini
Supprimé! F:\desktop.ini

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Local\Temp\Activator.vbs
Md5 : 67EB1322395D41DDDC9045B4EEF2309D -> C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Md5 : 885E9EB42889CA547F4E3515DCDE5D3D -> C:\Users\poe\AppData\Local\Temp\7za.exe
Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Local\Temp\Trojan.exe
Md5 : 9A193F949004F78F28193859BE75F13B -> F:\Activator.vbs

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Supprimé! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activator

################## | Listing |

[04/04/2012 - 23:07:48 | SHD ] C:\$Recycle.Bin
[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat
[12/08/2011 - 10:59:32 | SHD ] C:\boot
[20/11/2010 - 22:29:06 | RASH | 383786] C:\bootmgr
[05/06/2012 - 20:49:32 | D ] C:\cf7c4178d0fb8ff52087d0b4c116f56d
[10/06/2009 - 22:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[31/12/2011 - 15:27:50 | D ] C:\Firefox
[07/11/2013 - 21:42:15 | ASH | 2814566400] C:\hiberfil.sys
[16/11/2011 - 01:20:56 | D ] C:\HP
[09/07/2012 - 21:23:53 | D ] C:\Kreapixel
[07/03/2012 - 22:17:45 | RHD ] C:\MSOCache
[17/12/2011 - 22:25:53 | D ] C:\ordinateur poë
[07/11/2013 - 21:42:17 | ASH | 3752755200] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[09/10/2013 - 23:09:33 | D ] C:\Program Files
[20/01/2013 - 03:51:29 | HD ] C:\ProgramData
[15/12/2011 - 16:31:59 | SHD ] C:\Recovery
[18/10/2013 - 21:51:43 | D ] C:\SWSetup
[09/11/2013 - 15:22:28 | SHD ] C:\System Volume Information
[15/12/2011 - 16:32:06 | D ] C:\SYSTEM.SAV
[09/11/2013 - 23:17:01 | D ] C:\UsbFix
[09/11/2013 - 23:17:10 | A | 14146] C:\UsbFix [Clean 4] POUPOUILLE.txt
[07/11/2013 - 23:37:05 | N | 13811] C:\UsbFix [Scan 1] POUPOUILLE.txt
[07/11/2013 - 23:35:18 | N | 13929] C:\UsbFix [Scan 2] POUPOUILLE.txt
[09/11/2013 - 22:41:36 | N | 15397] C:\UsbFix [Scan 3] POUPOUILLE.txt
[09/07/2012 - 21:30:29 | N | 4547] C:\user.js
[15/12/2011 - 16:31:06 | RD ] C:\Users
[19/10/2013 - 08:31:09 | D ] C:\Windows
[15/12/2011 - 16:37:32 | SHD ] D:\$RECYCLE.BIN
[15/12/2011 - 16:37:24 | RASHD ] D:\boot
[14/07/2009 - 19:39:00 | RASH | 383562] D:\bootmgr
[15/12/2011 - 16:37:24 | D ] D:\FactoryUpdate
[15/12/2011 - 16:37:24 | D ] D:\hp
[10/03/2012 - 19:20:43 | N | 20] D:\HPSF_Rep.txt
[15/12/2011 - 16:37:04 | N | 8] D:\HP_WSD.dat
[15/12/2011 - 16:37:24 | RSHD ] D:\preload
[15/12/2011 - 16:37:24 | RSD ] D:\recovery
[15/12/2011 - 16:37:24 | D ] D:\RM_Reserve
[14/02/2012 - 01:46:31 | SHD ] D:\System Volume Information
[16/11/2011 - 01:07:04 | D ] E:\Hewlett-Packard
[16/11/2011 - 01:28:24 | SHD ] E:\$RECYCLE.BIN
[07/11/2012 - 12:59:22 | N | 8] E:\HP_WSD.dat
[10/03/2012 - 19:20:46 | N | 20] E:\HPSF_Rep.txt
[11/10/2013 - 01:41:26 | N | 1309886] F:\Partie 1_chap2.docx
[11/10/2013 - 01:42:18 | N | 2306593] F:\Partie1_chap3.docx
[11/10/2013 - 01:40:48 | N | 2079589] F:\Partie 1_chap1.docx
[11/10/2013 - 01:37:00 | N | 62127] F:\liste des éléments.pdf
[11/10/2013 - 01:34:44 | N | 102400] F:\Résumé 2011.doc
[09/11/2013 - 22:47:36 | SHD ] F:\Autorun.inf
[13/09/2011 - 21:48:58 | N | 578752] F:\cours LV1 p4.jpg
[07/10/2013 - 14:25:44 | D ] F:\Â
[07/10/2013 - 14:25:54 | RASH | 320000] F:\Thumbs.db
[11/10/2013 - 07:18:48 | D ] F:\xxx
[11/10/2013 - 00:48:42 | N | 38842] F:\Curriculum Vitae france.docx

################## | Vaccin |

F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |

Re: soucis sur usb virus#15662

par billmaxime - sam. 9 nov. 2013 23:28

- sam. 9 nov. 2013 23:28 #15662

re

pas de soucis pour l'aide

fais ceci s'i te plaît

Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
Installe le logiciel.
Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Clique sur Configurer
Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic Â»)

Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.
Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

Re: soucis sur usb virus#15667

par pouille - dim. 10 nov. 2013 00:05

- dim. 10 nov. 2013 00:05 #15667

voila voila

~ Rapport de ZHPDiag v2013.11.9.20 - Nicolas Coolman (09/11/2013)
~ Lancé par poe (09/11/2013 23:37:56)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v30.0.1599.101 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v12.1.9.2500
Norton Internet Security v19.0.0.128
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Java 7 Update 7

---\\ Informations sur le système
~ Processor: x86 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3578 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 326 GB (73%) free of 445 GB

---\\ Mode de connexion au système
~ Computer Name: POUPOUILLE
~ User Name: poe
~ All Users Names: poe, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\poe\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\poe\AppData\Roaming\
~ %Desktop% : C:\Users\poe\Desktop\
~ %Favorites% : C:\Users\poe\Favorites\
~ %LocalAppData% : C:\Users\poe\AppData\Local\
~ %StartMenu% : C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 326 Go of 445 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.12/08/2011 - 09:40:47.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/09/2013 - 00:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application douverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/08/2011 - 09:44:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/9868
~ Mes musiques (My Musics) : 1/1918
~ Mes Videos (My Videos) : 1/289
~ Mes Favoris (My Favorites) : 1/51
~ Mes Documents (My Documents) : 1/432
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 11s

---\\ Processus lancés
[MD5.9F0BE235A0136EA9E94CF9BD037C30EC] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.3016]
[MD5.F2840DBFE9322F35557219AE82CC4597] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272] [PID.3592]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.9080]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.8160]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [844752] [PID.8484]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8192512] [PID.1836]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.11 (Activé) =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.5.3.0 (Désactivé) =>PUP.DealPly
~ Google Browser: 16 Legitimates Filtered in 00mn 32s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.babylon.com =>Toolbar.Babylon
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - Pas de description.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll =>Toolbar.Babylon
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Layers Runtime.) -- C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll =>Adware.Yontoo
~ BHO: 26 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
O3 - Toolbar: Babylon Toolbar - [HKLM]{98889811-442D-49dd-99D7-DC866BE87DBC} . (.Babylon Ltd. - Pas de description.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll =>Toolbar.Babylon
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll =>Toolbar.Bing
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Découvrez HP webOS.lnk . (...) -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\QuickLaunch [poe]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [poe]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [poe]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [poe]: HP Recommended.LNK . (...) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
O4 - GS\TaskBar [poe]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [poe]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [poe]: WebPlayerV2.lnk . (...) -- C:\Users\poe\AppData\Roaming\Microsoft\Installer\{77236F9C-987C-40EC-832B-5BD6181E4846}\_05C54B1BA48220C27C65AA.exe
O4 - GS\SystemTools [poe]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [poe]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.) -- C:\Program Files\Evernote\Evernote\Evernote.exe
O4 - GS\Desktop [poe]: FoxTab Video Converter.lnk . (...) -- C:\Program Files\FoxTabVideoConverter\VideoConverter.exe
O4 - GS\Desktop [poe]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.sosvirus.net
O4 - GS\Desktop [poe]: SosVirus sur Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.facebook.com
O4 - GS\Desktop [poe]: VirtualDJ Home FREE.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files\VirtualDJ\virtualdj_home.exe
O4 - GS\Desktop [poe]: WebPlayerV2.lnk . (...) -- C:\Users\poe\AppData\Roaming\Microsoft\Installer\{77236F9C-987C-40EC-832B-5BD6181E4846}\_748810A0065ABBFCE0FA2E.exe
~ Global Startup: 81 Legitimates Filtered in 00mn 03s

---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Bluetooth.lnk . (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - CatalystÂ® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] . (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
O4 - HKLM\..\Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. - SetDefault.) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\poe\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (...) -- C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1393359087-3183399950-3005852446-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1393359087-3183399950-3005852446-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\poe\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-1393359087-3183399950-3005852446-1001\..\Run: [Spotify Web Helper] . (...) -- C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1393359087-3183399950-3005852446-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote Clipper for Microsoft Internet Explorer.) -- C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpNameServer = 138.48.208.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{85D9DB7C-7559-4D8E-84D3-6B80688A0595}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpDomain = student.fundp.ac.be
O17 - HKLM\System\CS1\Services\Tcpip\..\{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpNameServer = 138.48.208.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{85D9DB7C-7559-4D8E-84D3-6B80688A0595}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpDomain = student.fundp.ac.be
O17 - HKLM\System\CS2\Services\Tcpip\..\{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpNameServer = 138.48.208.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{85D9DB7C-7559-4D8E-84D3-6B80688A0595}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpDomain = student.fundp.ac.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Tàches planifiées en automatique (O39)
[MD5.1F51E3ABEE4D0A89FC6ED450ECE7877A] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files\DealPly\DealPlyUpdate.exe [77848] =>PUP.DealPly
[MD5.A7188C597DE5B2C250BC713660E31200] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [137864] =>Toolbar.Ask
~ Scheduled Task: 23 Legitimates Filtered in 00mn 11s

---\\ Logiciels installés (O42)
O42 - Logiciel: Babylon toolbar on IE - (...) [HKLM] -- BabylonToolbar =>Toolbar.Babylon
O42 - Logiciel: BabylonObjectInstaller - (.Babylon Ltd.) [HKLM] -- {83AA2913-C123-4146-85BD-AD8F93971D39} =>Toolbar.Babylon
O42 - Logiciel: FoxTab Video Converter - (...) [HKCU] -- FoxTab Video Converter
O42 - Logiciel: WebPlayerV2 - (.Kreapixel.) [HKLM] -- {77236F9C-987C-40EC-832B-5BD6181E4846} =>Adware.SocialSkinz
O42 - Logiciel: Yontoo Layers Runtime 1.10.01 - (.Yontoo LLC.) [HKLM] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo
~ Logic: 135 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]
[HKCU\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Tarma Installer] =>PUP.Tarma
~ Key Software: 170 Legitimates Filtered in 00mn 01s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/10/2013 - 23:11:34 - [4,193] ----D C:\Program Files\Ask.com
O43 - CFD: 31/12/2011 - 13:41:11 - [1,772] ----D C:\Program Files\BabylonToolbar =>Toolbar.Babylon
O43 - CFD: 20/10/2013 - 12:41:01 - [0,337] ----D C:\Program Files\DealPly =>PUP.DealPly
O43 - CFD: 31/12/2011 - 13:40:51 - [13,520] ----D C:\Program Files\FoxTabVideoConverter
O43 - CFD: 31/12/2011 - 15:09:18 - [0,186] ----D C:\Program Files\Yontoo Layers Runtime =>Adware.Yontoo
O43 - CFD: 31/12/2011 - 13:40:53 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 31/12/2011 - 15:09:18 - [3,334] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 20/02/2013 - 12:00:25 - [0,908] ----D C:\Users\poe\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 31/12/2011 - 13:40:53 - [0,021] ----D C:\Users\poe\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 09/07/2012 - 21:22:00 - [2,189] ----D C:\Users\poe\AppData\Roaming\BabylonToolbar =>Toolbar.Babylon
O43 - CFD: 14/02/2012 - 23:13:57 - [0,001] ----D C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Video Converter
~ 56 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 221 Legitimates Filtered in 00mn 08s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F88D69527CB329AC2A1941C1E6B6A626] - 07/11/2013 - 23:35:18 ----- . (...) -- C:\UsbFix [Scan 2] POUPOUILLE.txt [13929]
O44 - LFC:[MD5.C046FC55E2B18B513F50998897981F4E] - 07/11/2013 - 23:37:05 ----- . (...) -- C:\UsbFix [Scan 1] POUPOUILLE.txt [13811]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 09/11/2013 - 20:01:05 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.EAAC4A4F7498325B34235E1576430316] - 09/11/2013 - 22:41:36 ----- . (...) -- C:\UsbFix [Scan 3] POUPOUILLE.txt [15397]
O44 - LFC:[MD5.E0AA645DFADA753D5267697CCDD5C886] - 09/11/2013 - 23:17:13 ---A- . (...) -- C:\UsbFix [Clean 4] POUPOUILLE.txt [16083]
~ Files: 14 Legitimates Filtered in 00mn 05s

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.D5541F0AFB767E85FC412FC609D96A74] - 18/08/2012 - 13:32:55 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [83392]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 06/11/2013 - 23:40:16 ---A- . (...) -- C:\Users\poe\Documents\anthropo test novembre.docx [39335]
O61 - LFC: 06/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Documents\question bio novembre.docx [153041]
O61 - LFC: 06/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Documents\reponse exam de novembre bio.docx [67395]
O61 - LFC: 06/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Downloads\Du leurre de la douleur 2.docx [16548]
O61 - LFC: 06/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Downloads\Le condensateur.docx [165712]
O61 - LFC: 06/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Downloads\Liens internet MEDECINE.pdf [300871]
O61 - LFC: 06/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Downloads\Maladiestraitements.docx [25799]
O61 - LFC: 07/11/2013 - 23:39:53 ---A- . (...) -- C:\Users\poe\AppData\Local\GDIPFONTCACHEV1.DAT [58784]
O61 - LFC: 07/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Documents\UsbFix [Scan 1] POUPOUILLE.txt [13811]
O61 - LFC: 07/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Documents\UsbFix [Scan 2] POUPOUILLEa.txt [13929]
O61 - LFC: 07/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Documents\UsbFix [Scan 2] POUPOUILLEb.txt [27860]
O61 - LFC: 07/11/2013 - 23:40:18 ---A- . (...) -- C:\Users\poe\Downloads\TEST DE NOVEMBRE.docx [18224]
O61 - LFC: 09/11/2013 - 23:39:56 ---A- . (...) -- C:\Users\poe\AppData\Local\Google\Chrome\User Data\Local State [46512]
O61 - LFC: 09/11/2013 - 23:40:14 ---A- . (...) -- C:\Users\poe\AppData\Roaming\BabSolution\Shared\chu.js [2] =>Hijacker.BabSolution
O61 - LFC: 09/11/2013 - 23:40:16 ---A- . (...) -- C:\Users\poe\AppData\Roaming\ZHP\Log.txt [23756] =>.Nicolas Coolman
O61 - LFC: 09/11/2013 - 23:40:16 ---A- . (...) -- C:\Users\poe\AppData\Roaming\ZHP\TestsZHPDiag.txt [2766] =>.Nicolas Coolman
O61 - LFC: 09/11/2013 - 23:40:17 ---A- . (...) -- C:\Users\poe\Documents\Test chimie novembre 2013.docx [75392]
O61 - LFC: 09/11/2013 - 23:40:17 ---A- . (.leyens.) -- C:\Users\poe\Downloads\B141_ch2_1314.doc [71168]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 124 Legitimates Filtered in 00mn 34s

---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - https://www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - https://search.babylon.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - https://eu.ask.com
O69 - SBI: SearchScopes [HKCU] {82F2F16B-E3FE-4235-AA9B-1EC568480404} - (Propositions de recherche Amazon.fr) - https://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - https://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {C20DAE42-6844-4563-8678-0278D3279390} - (Ask Search) - https://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {d43b3890-80c7-4010-a95d-1e77b5924dc3} - (Wikipedia) - https://fr.wikipedia.org
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - https://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CC145E67B909BB879D38292352A90822] [SPRF][25/04/2012] (.CCCP Project - Playback Pack Installer.) -- C:\Users\poe\Desktop\Combined-Community-Codec-Pack-2011-11-11.exe [9889896]
~ Files: 2 Legitimates Filtered in 00mn 01s

---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.VirtualDJ Toolbar.) -- c:\program files\ask.com\cb_70ef.ico
~ Update Products: 130 Legitimates Filtered in 00mn 00s

---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:us="@"
~ Export Key Software: Scanned in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.22C9E7805145D0A0C4C62DDB591D2DAE] [WIS][27/06/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\1c3eac.msi [353280] =>Toolbar.Babylon
~ WIS: 132 Legitimates Filtered in 00mn 25s

---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 03/03/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\aestsrv.exe
SS - | Auto 29/06/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 18/08/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 18/08/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
SS - | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
SS - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 14/07/2011 742688 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SS - | Auto 23/04/2010 514232 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SS - | Auto 18/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SS - | Auto 11/10/2010 246840 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SS - | Auto 10/08/2012 197536 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Auto 27/05/2011 26168 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SS - | Auto 05/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SS - | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 16/06/2012 138272 | (NIS) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
SS - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 01/07/2011 282706 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 28s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, https://www.gmer.net
Run by poe at 09/11/2013 23:41:59

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll amd_xata.sys ACPI.sys storport.sys amd_sata.sys
C:\Windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Company Mobile Data Protection System
C:\Windows\system32\DRIVERS\amd_xata.sys Advanced Micro Devices Stor Filter Driver
C:\Windows\system32\DRIVERS\amd_sata.sys Advanced Micro Devices AHCI 1.2 Device Driver
1 ntkrnlpa!IofCallDriver[0x82E82BBA] >> \Device\Harddisk0\DR0[0x869706F0]
5 hpdskflt[0x8CFF6F92] >> ntkrnlpa!IofCallDriver[0x82E82BBA] >> [0x86897B00]
7 amd_xata[0x8C7DD9D6] >> ntkrnlpa!IofCallDriver[0x82E82BBA] >> [0x8666D170]
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !
copy of MBR has been found in sector 2 !
~ MBR: 20 Legitimates Filtered in 00mn 02s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by poe at 09/11/2013 23:42:01

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

---\\ Scan Additionnel (O88)
Database Version : 12993 - (09/11/2013)
Clés trouvées (Keys found) : 147
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 17
Fichiers trouvés (Files found) : 5

[HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>Toolbar.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}] =>Toolbar.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77236F9C-987C-40EC-832B-5BD6181E4846}] =>Adware.SocialSkinz^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo^
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Classes\b] =>Toolbar.Babylon
[HKLM\Software\Classes\Babylon.dskBnd] =>Toolbar.Babylon
[HKLM\Software\Classes\Babylon.dskBnd.1] =>Toolbar.Babylon
[HKLM\Software\Classes\bbylnApp.appCore] =>Toolbar.Babylon
[HKLM\Software\Classes\bbylnApp.appCore.1] =>Toolbar.Babylon
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escrtBtn.1] =>Toolbar.Babylon
[HKLM\Software\Classes\esrv.BabylonESrvc] =>Toolbar.Babylon
[HKLM\Software\Classes\esrv.BabylonESrvc.1] =>Toolbar.Babylon
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{98889811-442D-49dd-99D7-DC866BE87DBC} =>Toolbar.Babylon^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade
C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb =>Toolbar.Babylon^
C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Program Files\BabylonToolbar =>Toolbar.Babylon^
C:\Program Files\DealPly =>PUP.DealPly^
C:\Program Files\Yontoo Layers Runtime =>Adware.Yontoo^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\poe\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\poe\AppData\Roaming\Babylon =>Toolbar.Babylon^
C:\Users\poe\AppData\Roaming\BabylonToolbar =>Toolbar.Babylon^
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
C:\Users\poe\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz
C:\Users\poe\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\poe\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\poe\AppData\Local\Temp\AskSearch =>Toolbar.AskBarDis
C:\Users\poe\AppData\Local\Temp\BabylonToolbar =>Toolbar.Babylon
C:\Program Files\DealPly\DealPlyUpdate.exe =>PUP.DealPly^
C:\Program Files\Ask.com\UpdateTask.exe =>Toolbar.Ask^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKLM\Software\Babylon] =>Toolbar.Babylon^
C:\Windows\Installer\1c3eac.msi =>Toolbar.Babylon^
~ Additionnel Scan: 284020 Items scanned in 00mn 42s

---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blo ... ar-babylon =>Toolbar.Babylon
~ https://nicolascoolman.webs.com/apps/blo ... up-dealply =>PUP.DealPly
~ https://nicolascoolman.webs.com/apps/blo ... oolbar-ask =>Toolbar.Ask
~ https://nicolascoolman.webs.com/apps/blo ... are-yontoo =>Adware.Yontoo
~ https://nicolascoolman.webs.com/apps/blo ... olbar-bing =>Toolbar.Bing
~ https://nicolascoolman.webs.com/apps/blo ... bar-google =>Toolbar.Google
~ https://nicolascoolman.webs.com/apps/blo ... ocialskinz =>Adware.SocialSkinz
~ https://nicolascoolman.webs.com/apps/blo ... absolution =>Hijacker.BabSolution
~ https://nicolascoolman.webs.com/apps/blo ... nstallcore =>Adware.InstallCore
~ https://nicolascoolman.webs.com/apps/blo ... ar-conduit =>Toolbar.Conduit
~ https://nicolascoolman.webs.com/apps/blo ... lbar-tarma =>PUP.Tarma
~ https://nicolascoolman.webs.com/apps/blo ... -imbooster =>Adware.IMBooster
~ https://nicolascoolman.webs.com/apps/blo ... olbar-ebay =>Toolbar.eBay
~ https://nicolascoolman.webs.com/apps/blo ... lbar-skype =>Toolbar.Skype
~ https://nicolascoolman.webs.com/apps/blo ... lbar-avira =>Toolbar.Avira
~ https://nicolascoolman.webs.com/apps/blo ... p-funmoods =>PUP.Funmoods
~ https://nicolascoolman.webs.com/apps/blo ... ywebsearch =>Adware.MyWebSearch
~ https://nicolascoolman.webs.com/apps/blo ... milarsites =>Adware.SimilarSites
~ https://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =>Toolbar.Yahoo
~ https://nicolascoolman.webs.com/apps/blo ... bprotector =>PUP.BProtector
~ MSI: 20 link(s) detected in 00mn 42s

~ 1320 Legitimates filtered by white list
End of the scan (729 lines in 04mn 48s)(0)

Re: soucis sur usb virus#15668

par billmaxime - dim. 10 nov. 2013 00:17

- dim. 10 nov. 2013 00:17 #15668

re

tu as 2 antivirus>>il n'en faut qu'un sinon il y a conflit entre les 2

désinstalle Norton Internet Security v19.0.0.128 avec son outil de désinstallation>>ftp://ftp.symantec.com/public/francais/ ... l_Tool.exe

ensuite fais ceci et poste le rapport

Télécharges Adwcleaner (de Xplode) sur ton Bureau !
Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
1. Choisi l'option Scanner
2. Choisi l'option Nettoyer
Accepte l'avertissement en cliquant sur OK
Acceptes les avertissements/informations en cliquant sur OK
Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

Re: soucis sur usb virus#15680

par pouille - dim. 10 nov. 2013 00:49

- dim. 10 nov. 2013 00:49 #15680

re ca y est dernier rapport

# AdwCleaner v3.011 - Rapport créé le 10/11/2013 à 00:39:57
# Mis à jour le 03/11/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
# Nom d'utilisateur : poe - POUPOUILLE
# Exécuté depuis : C:\Users\poe\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Kreapixel
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Dossier Supprimé : C:\Program Files\Ask.com
Dossier Supprimé : C:\Program Files\BabylonToolbar
Dossier Supprimé : C:\Program Files\DealPly
Dossier Supprimé : C:\Program Files\Yontoo Layers Runtime
Dossier Supprimé : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Dossier Supprimé : C:\Users\poe\AppData\Local\Temp\AskSearch
Dossier Supprimé : C:\Users\poe\AppData\Local\Temp\BabylonToolbar
Dossier Supprimé : C:\Users\poe\AppData\LocalLow\AskToolbar
Dossier Supprimé : C:\Users\poe\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\poe\AppData\Roaming\BabSolution
Dossier Supprimé : C:\Users\poe\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\poe\AppData\Roaming\BabylonToolbar
Dossier Supprimé : C:\Users\poe\AppData\Roaming\WebPlayerBdd
Dossier Supprimé : C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Dossier Supprimé : C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Fichier Supprimé : C:\Users\Public\Desktop\eBay.lnk
Fichier Supprimé : C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlayerV2.lnk
Fichier Supprimé : C:\Users\poe\Desktop\WebPlayerV2.lnk
Fichier Supprimé : C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Fichier Supprimé : C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Fichier Supprimé : C:\Windows\System32\Tasks\DealPlyUpdate
Fichier Supprimé : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF663FF-E94F-41CD-B757-AEB44293FEE5}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AF663FF-E94F-41CD-B757-AEB44293FEE5}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60B818B0-7B6F-4E6D-BD77-D7FAF19DDF3B}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B818B0-7B6F-4E6D-BD77-D7FAF19DDF3B}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\b
Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Clé Supprimée : HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_virtual-dj_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_virtual-dj_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Clé Supprimée : HKCU\Software\Ask.com
Clé Supprimée : HKCU\Software\BabSolution
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Microsoft\Babylon
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKLM\Software\AskToolbar
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\BabylonToolbar
Clé Supprimée : HKLM\Software\DealPly
Clé Supprimée : HKLM\Software\Tarma Installer
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77236F9C-987C-40EC-832B-5BD6181E4846}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Clé Supprimée : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Clé Supprimée : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16720

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v30.0.1599.101

[ Fichier : C:\Users\poe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [18648 octets] - [10/11/2013 00:37:40]
AdwCleaner[S0].txt - [18680 octets] - [10/11/2013 00:39:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18741 octets] ##########

Re: soucis sur usb virus#15682

par billmaxime - dim. 10 nov. 2013 00:54

- dim. 10 nov. 2013 00:54 #15682

re

ok, relance adwcleaner et choisis désinstaller

ensuite, fais ceci s'il te plaît

https://www.sosvirus.net/canned-speech-j ... -t615.html

Re: soucis sur usb virus#15918

par pouille - dim. 10 nov. 2013 18:09

- dim. 10 nov. 2013 18:09 #15918

voilà c'etait un peu long desolé ...ensuite je doit faire quoi

?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by poe on 10/11/2013 at 1:12:41,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{82F2F16B-E3FE-4235-AA9B-1EC568480404}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C20DAE42-6844-4563-8678-0278D3279390}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{82F2F16B-E3FE-4235-AA9B-1EC568480404}

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{0F0B846A-F39F-438B-A296-C8EE875FA450}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{15BA82BA-5BF8-46A2-B5CD-5806B89C41D8}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{266D44A3-ED83-4E20-955D-914F7147454A}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{2AED8F5B-1827-4738-9151-85FA55C375EE}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{2BEA52DD-8A3B-467A-9E7E-273A5BA3406C}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{2C0C4A69-72A0-4781-A749-B8DAF8A89752}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{33EF2741-4099-433C-B1CF-38AD6F770A18}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{354A8071-D105-4CD5-9FC2-A0FCAB8D05D5}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{3A621B56-F81C-4A17-A21C-D962E1B2D4AE}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{3A9BBBD0-7487-4172-9576-395BA651D1DE}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{464C023A-FB04-461A-A200-CDA68EAC4A2C}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{46AFE552-C76B-4291-9294-9B74525CC0BA}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{5AC5268B-39F8-49BF-8052-7164782D43C6}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{5CBBF4B0-6D19-43B7-8B0A-1F441353F768}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{5CEA39A8-CD54-42A9-B15F-F91691CCD985}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{6121ED50-58A5-4F86-9C37-E24CBE6B21FA}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{6391DFA9-1497-42B8-BF37-DCB7AF6FDCFA}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{677558BD-3C40-4DD4-AE7A-E7FFBFCAFD25}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{67C42A1E-457D-490C-A900-F888F855081A}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{68A91FAF-FEE9-410B-8AFA-5EE31BCA230C}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{6E27B186-2934-4633-AD01-B41A262474F5}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{73139D01-6329-47EB-BB23-129D83934764}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{7BFD6AB2-EA29-4719-A218-69106F2DB3E3}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{7E806BC0-80E8-4069-A128-4AAAA8FB48FA}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{809EE87B-264C-45F3-A8C6-3885ED537BB0}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{81B0BC2E-F960-42C0-B991-D5CF0BC07432}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{8C437E55-363A-4B4D-8E2A-B1F242811328}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{8FECF97E-1351-464E-A576-BB5B679FF84F}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{9502402D-B1F6-4A4E-9599-AD2EEB16CAD0}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{967ADF6B-3EB7-42F4-A7B6-02D6C2C53289}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{9BB4A2E8-03CC-43C6-BD9C-2EDFD8A97C3A}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{9C3FA034-9C99-4D5D-B5CB-3A93FC65EE57}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{A17A4C06-2F22-44A6-ABEB-ED9B4FA10034}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{A1B94F81-13D8-4195-B630-E7954D6F56DF}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{A79E8928-3767-463C-902C-B224CA74C951}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{AB1555D5-016E-44C5-B747-6B2211D518F7}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{AD7A1B62-7FFC-4A44-A888-C2BCEA904767}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{B0017CA2-0FE4-402B-85A3-2FDFDA308132}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{B50B3503-D698-43BB-8189-3CA34F6984D1}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{B710ABFD-FCF1-4A03-8BC1-05C30F26D79E}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{BAAF6ABD-74E0-44A7-A4AD-16CB78DDF98B}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{BCB42A54-01B8-4576-86A5-D99F887238B4}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{BFB1560E-30A7-4527-B9FC-C705ABB42F32}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{C57D4BD4-72D2-42F2-9F58-5A3E118C31FA}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{C6731E46-EE61-4DFB-9313-D0BEF558322D}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{C7ED6D21-E6D5-4B4D-B3A7-575899089E7F}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{CEC86B09-B8C0-48CF-A920-07F449B7EE65}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{D23E40B2-317D-4860-AD10-C69CA6D2546C}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{D83AD622-651E-4EC8-8CFC-0EE278C713E6}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{DA3E3EDF-DB8C-4831-9BFF-CF1DFA08C16C}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{DCED3CE9-CAFD-4031-A3F6-CC744A0A0E29}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{E21C2C28-9153-4469-BE8E-D2723847E4A1}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{E2CEE006-CD7E-444E-997F-8B6C62F82476}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{E6C744EA-C3AA-4F30-A601-D2F4767564DA}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{E9E775DE-D3B0-403F-B710-BD5A9349476D}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{FA607524-624F-419A-BE6C-772EEB5C40F8}
Successfully deleted: [Empty Folder] C:\Users\poe\appdata\local\{FFF9E15F-CFAB-45F9-B511-07156FC06E1E}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/11/2013 at 1:19:40,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: soucis sur usb virus#15923

par billmaxime - dim. 10 nov. 2013 18:21

- dim. 10 nov. 2013 18:21 #15923

pouille,

fais ceci et poste le rapport s'il te plaît

Télécharge MalwareBytes
Procède à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO"
Sélectionne Examen rapide
Clic sur Rechercher
Supprime tout les éléments trouvés !
Poste le rapport sur le forum

Nouveaux Sujets

Hot topics

Top utilisateurs actif

buckhulk

billmaxime

guugues

Fish66

Victor

-Souris

alainadam

El Magnifico