Clés usb et pc infectés, création de raccourcis; Activator.vbs et ItunesHelper.vbe 2013-11-05T19:37:26+00:00

SOSVirus : Dépannage PC Gratuit Support Aide à la désinfection – Forum Virus Sécurité Clés usb et pc infectés, création de raccourcis; Activator.vbs et ItunesHelper.vbe

  • Auteur
    Messages
  • Simi
    Participant
    Nombre d'articles : 4

    Bonsoir à tous !

    J’ai depuis quelques temps un gros soucis avec mon pc et mes clés usb : tout les fichiers sont remplacés par des raccourcis pointant vers Windowssystem32, les fichiers activator.vbs et ItunesHelper.vbe apparaissent constamment sur mes clés alors que je viens juste de les formater…

    J’ai également découvert, suite à mes pérégrinations sur le net, qu’un processus “wsscript.exe” tournait sur mon pc (et cela semble lié à au virus activator.vbs). Je n’y ai pas encore touché, je préfère recevoir les bons conseils que vous me donnerez :).

    À cela, des dossiers “cachés” (j’ai activé l’option de montrer les dossiers cachés) sont apparus dans mes documents, en néerlandais (“mijn muziek” par exemple).

    J’ai utilisé les 3programmes recommandé par le topic des instructions à suivre avant d’ouvrir un sujet (malwarebytes a dégoté une bonne centaine de virus qu’il a éliminé, je l’ai fait tourné plusieurs fois, mais il n’a pas eu le virus dont je vous parle ici). Je mets à la suite de ce message les 3rapports venant des différents programmes :

    [spoiler:g832epp1]Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.11.05.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Anaïs :: ANAÏS-HP [administrateur]

    Protection: Activé

    5/11/2013 18:06:12
    mbam-log-2013-11-05 (18-06-12).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 211472
    Temps écoulé: 9 minute(s), 47 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 3
    C:UsersAnaïsAppDataRoamingBabylon (PUP.Optional.Babylon.A) -> Suppression au redémarrage.
    C:UsersAnaïsAppDataRoamingBabylonContent (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersAnaïsAppDataRoamingBabylonupdates (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.

    Fichier(s) détecté(s): 5
    C:UsersAnaïsAppDataRoamingBabylonlog_file.txt (PUP.Optional.Babylon.A) -> Suppression au redémarrage.
    C:UsersAnaïsAppDataRoamingBabylonFLStat.dat (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersAnaïsAppDataRoamingBabylonocr_data (PUP.Optional.Babylon.A) -> Suppression au redémarrage.
    C:UsersAnaïsAppDataRoamingBabylonupdatesconvert.dat (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersAnaïsAppDataRoamingBabylonupdatesrates.dat (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.

    (fin)[/spoiler:g832epp1]

    [spoiler:g832epp1]# AdwCleaner v3.011 – Rapport créé le 05/11/2013 à 20:18:57
    # Mis à jour le 03/11/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Anaïs – ANAÏS-HP
    # Exécuté depuis : C:UsersAnaïsDesktopDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultExtensionspbpohikckhbcljgombipcdoinkaedlfa

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16720

    -\ Mozilla Firefox v11.0 (fr)

    [ Fichier : C:UsersAnaïsAppDataRoamingMozillaFirefoxProfilesile1jawy.defaultprefs.js ]

    -\ Google Chrome v

    [ Fichier : C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée : icon_url
    Supprimée : search_url
    Supprimée : keyword

    *************************

    AdwCleaner[R0].txt – [33865 octets] – [05/11/2013 19:02:35]
    AdwCleaner[R1].txt – [1262 octets] – [05/11/2013 20:16:51]
    AdwCleaner[S0].txt – [33287 octets] – [05/11/2013 19:06:40]
    AdwCleaner[S1].txt – [1168 octets] – [05/11/2013 20:18:57]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [1228 octets] ##########[/spoiler:g832epp1]

    [spoiler:g832epp1]~ Rapport de ZHPDiag v2013.11.4.4 – Nicolas Coolman (4/11/2013)
    ~ Lancé par Anaïs (5/11/2013 19:31:08)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC):

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16721
    MFIE: Mozilla Firefox 11.0

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Norton Internet Security v20.4.0.40
    Windows Defender W7

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer
    µTorrent v3.2.0 =>P2P.µTorrent

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X
    Java 7 Update 40

    —\ Informations sur le système
    ~ Processor: AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3561 MB (47% free)
    System Restore: Activé (Enable)
    System drive C: has 435 GB (75%) free of 574 GB

    —\ Mode de connexion au système
    ~ Computer Name: ANAÏS-HP
    ~ User Name: Anaïs
    ~ All Users Names: HomeGroupUser$, Anaïs, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersAnaïsAppDataRoamingZHP
    ~ %AppData% : C:UsersAnaïsAppDataRoaming
    ~ %Desktop% : C:UsersAnaïsDesktop
    ~ %Favorites% : C:UsersAnaïsFavorites
    ~ %LocalAppData% : C:UsersAnaïsAppDataLocal
    ~ %StartMenu% : C:UsersAnaïsAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 435 Go of 574 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 18 Go)
    E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 4 Go)
    F: CD-ROM drive (Not Inserted)
    H: CD-ROM drive (Not Inserted)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.6/08/2011 – 09:38:46.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/09/2011 – 10:38:56.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/839
    ~ Mes musiques (My Musics) : 5/3047
    ~ Mes Videos (My Videos) : 1/6
    ~ Mes Favoris (My Favorites) : 1/20
    ~ Mes Documents (My Documents) : 1/307
    ~ Mon Bureau (My Desktop) : 1/1779
    ~ Menu demarrer (Programs) : 1/39
    ~ Hidden Files: Scanned in 00mn 13s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2456]
    [MD5.1BF9D6476061B31CD7FC2BF848529A56] – (.Symantec Corporation – Symantec Service Framework.) — C:Program Files (x86)Norton Internet SecurityEngine20.4.0.40ccSvcHst.exe [144368] [PID.2432]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] – (.Google Inc. – Programme d'installation de Google.) — C:UsersAnaïsAppDataLocalGoogleUpdateGoogleUpdate.exe [116648] [PID.3648]
    [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program Files (x86)CyberLinkYouCamYCMMirage.exe [136488] [PID.1100]
    [MD5.CBEC06E32D0AC9C3D0A9199EDC1FB959] – (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe [17418928] [PID.1924]
    [MD5.C64E9B1C9EA057DCECDCB98F34377811] – (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe [228552] [PID.4784]
    [MD5.53966C74A69B0CFE51C8BF01C94028F3] – (.Hewlett-Packard Company – HP QuickWeb Utilities.) — C:Program Files (x86)Hewlett-PackardHP QuickWebhpqwutils.exe [168504] [PID.192]
    [MD5.EF7BCAA82ECE5454B69812484E5D28FF] – (.Brother Industries, Ltd. – Status Monitor Application.) — C:Program Files (x86)Browny02BrotherBrStMonW.exe [2678784] [PID.3516]
    [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.2712]
    [MD5.8192B2E274607D1D530F5C191698C544] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [578944] [PID.848]
    [MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.4836]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4824]
    [MD5.DD347CAFA07433B19C2519E2211955E6] – (.Brother Industries, Ltd. – ControlCenter Main Process.) — C:Program Files (x86)ControlCenter4BrCtrlCntr.exe [368640] [PID.3024]
    [MD5.0C7474BF89FED0FB3D455D5967C7F8F8] – (.Brother Industries, Ltd. – ControlCenter UX System.) — C:Program Files (x86)ControlCenter4BrCcUxSys.exe [1277952] [PID.5584]
    [MD5.89BECCA60E9A652934D65EDB72A438A4] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8174080] [PID.1096]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1820]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2004]
    [MD5.4C4A576818EA028257C624AE36FF7A03] – (.Atheros – Atheros Coex Service Application.) — C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe [138400] [PID.2028]
    [MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.1272]
    [MD5.B7382BEC806B7B00FC84B3E2061FF48E] – (.Hewlett-Packard Company – HP Quick Synchronization Service.) — C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [197536] [PID.2284]
    [MD5.2BEC76BDCD1BC080210325E7B5094834] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [35200] [PID.2308]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2372]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2400]
    [MD5.39B1D0A636A400304565D4521FAD6D77] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [207528] [PID.2744]
    [MD5.77C5A741A7452812F278EF2C18478862] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [523944] [PID.656]
    [MD5.FD557A50A65E44041CD2FCEF4BEB04DB] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [822504] [PID.3124]
    [MD5.62D38645A251A5742027B0A48672FFE5] – (.Brother Industries, Ltd. – BrYNCSvc.) — C:Program Files (x86)Browny02BrYNSvc.exe [249856] [PID.1964]
    [MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1001376] [PID.5700]
    ~ Processes Running: Scanned in 00mn 16s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Translator v.1.4 (Activé) =>Toolbar.Babylon
    G2 – GCE: Preference [User DataDefault] [lmblfngognklgemafekefcdjcnkdhmdm] 2YourFace v.1.0 (Activé) =>Adware.2YourFace
    G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.17.0.1.12 (Activé) =>Toolbar.AVGSearch
    G2 – GCE: Preference [User DataDefault] [pbpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.6 (Activé) =>Spyware.SmartDisplay
    ~ Google Browser: 15 Legitimates Filtered in 00mn 17s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersAnaïsAppDataRoamingMozillaFirefoxProfilesile1jawy.defaultprefs.js
    ~ Firefox Browser: 12 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.symantec.com” onclick=”window.open(this.href);return false;
    R0 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Start Page = http://www.symantec.com” onclick=”window.open(this.href);return false;
    ~ IE Browser: 15 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Plantes contre Zombies.lnk . (…) — C:Program Files (x86)PopCap GamesPlants vs. ZombiesPlantsVsZombies.exe =>Adware.PopCap
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Anaïs]: GOM Player.lnk . (.Gretech Corp. – GOM Player.) — C:Program Files (x86)GRETECHGomPlayerGOM.exe
    O4 – GSQuickLaunch [Anaïs]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [Anaïs]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSTaskBar [Anaïs]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Anaïs]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSProgram [Anaïs]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Anaïs]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Global Startup: 63 Legitimates Filtered in 00mn 52s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Anaïs]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
    O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray64.exe
    O4 – HKLM..Run: [AtherosBtStack] . (.Atheros Communications – Serveur Stack Bluetooth.) — C:Program Files (x86)Bluetooth SuiteBtvStack.exe
    O4 – HKLM..Run: [AthBtTray] . (.Atheros Commnucations – Bluetooth Tray.) — C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
    O4 – HKLM..Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. – SetDefault.) — C:Program FilesHewlett-PackardHP LaunchBoxSetDefault.exe
    O4 – HKLM..Run: [IntelliType Pro] . (.Microsoft Corporation – IType.exe.) — c:Program FilesMicrosoft Device Centeritype.exe
    O4 – HKLM..Run: [IntelliPoint] . (.Microsoft Corporation – IPoint.exe.) — c:Program FilesMicrosoft Device Centeripoint.exe
    O4 – HKLM..RunOnce: [NCInstallQueue] Clé orpheline
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersAnaïsAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKCU..Run: [Activator] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKCU..Run: [iTunesHelper] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKLM..Wow6432NodeRun: [HPQuickWebProxy] . (.Hewlett-Packard Company – HP QuickWeb Utilities.) — C:Program Files (x86)Hewlett-PackardHP QuickWebhpqwutils.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [Easybits Recovery] . (.EasyBits Software AS – Pas de description.) — C:Program Files (x86)EasyBits For KidsezRecover.exe =>.EasyBits Software AS
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [beid] C:Program Files (x86)Belgium Identity Cardbeid35gui.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [ControlCenter4] . (.Brother Industries, Ltd. – ControlCenter Launcher.) — C:Program Files (x86)ControlCenter4BrCcBoot.exe
    O4 – HKLM..Wow6432NodeRun: [BrStsMon00] . (.Brother Industries, Ltd. – Status Monitor Application.) — C:Program Files (x86)Browny02BrotherBrStMonW.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [agentantidote.exe] I:Antidote 7Programmes32agentantidote.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [agentantidote64.exe] I:Antidote 7Programmes64agentantidote64.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1884211010-167994816-3066439192-1001..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersAnaïsAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-1884211010-167994816-3066439192-1001..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKUSS-1-5-21-1884211010-167994816-3066439192-1001..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKUSS-1-5-21-1884211010-167994816-3066439192-1001..Run: [Activator] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKUSS-1-5-21-1884211010-167994816-3066439192-1001..Run: [iTunesHelper] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{CCFB643F-2EF9-4E29-8D10-802765201ED3}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpNameServer = 195.238.2.22 195.238.2.21
    O17 – HKLMSystemCCSServicesTcpip..{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpDomain = coova.org
    O17 – HKLMSystemCS1ServicesTcpip..{CCFB643F-2EF9-4E29-8D10-802765201ED3}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpNameServer = 195.238.2.22 195.238.2.21
    O17 – HKLMSystemCS1ServicesTcpip..{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpDomain = coova.org
    O17 – HKLMSystemCS2ServicesTcpip..{CCFB643F-2EF9-4E29-8D10-802765201ED3}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpNameServer = 195.238.2.22 195.238.2.21
    O17 – HKLMSystemCS2ServicesTcpip..{F6784FD1-CD8E-4443-944D-FF0328B38144}: DhcpDomain = coova.org
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 195.238.2.22 195.238.2.21
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: video/x-flv [64Bits] – {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices – MIME Video Detector for IE.) — C:Program FilesAMDSteadyVideoVideoMIMEFilter.dll
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftware5b68bdf]
    ~ Key Software: 217 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 13/03/2012 – 18:10:31 – [0,001] —-D C:UsersAnaïsAppDataRoamingnewfolder3
    ~ 27 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 220 Legitimates Filtered in 02mn 00s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.8C647507F8B9E179B84C8442C93EAC31] – 4/11/2013 – 08:57:48 —A- – C:WindowsPrefetchBOXORE.EXE-BCDE0609.pf =>Adware.Boxore
    O45 – LFCP:[MD5.E8AB371C08F1A3623F9AB565DE6CB4E3] – 4/11/2013 – 08:57:48 —A- – C:WindowsPrefetchVPROT.EXE-2BBCC12F.pf
    O45 – LFCP:[MD5.AA4DED5B16BF452244C95BA072040B63] – 4/11/2013 – 14:55:37 —A- – C:WindowsPrefetchSOFTWARECRASHHANDLER.EXE-8B1988C1.pf
    O45 – LFCP:[MD5.4A6F1367D3C3B643CB3BCA718176B2BF] – 5/11/2013 – 08:34:20 —A- – C:WindowsPrefetchSYSTRANSERVER.EXE-02795DBE.pf
    O45 – LFCP:[MD5.C8E2490CBBBE02C7DCF5A7A9E60E0650] – 5/11/2013 – 18:30:02 —A- – C:WindowsPrefetchBABYLONHELPER64.EXE-31FFE3EB.pf =>Toolbar.Babylon
    O45 – LFCP:[MD5.4B10A7C5FC72B6421E858112F3BD586A] – 5/11/2013 – 19:20:13 —A- – C:WindowsPrefetchHPQWUTILS.EXE-EFBF4691.pf
    ~ Prefetcher: 125 Legitimates Filtered in 00mn 02s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{13255c7a-71f4-11e1-9657-74de2b710c95}AutoRuncommand. (…) — G:LaunchU3.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “DisableStatusMessages”=0
    ~ MWPS: 21 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] – 11/04/2013 – 20:46:33 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [283200]
    ~ Drivers: 21 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 5/11/2013 – 19:38:49 —A- . (…) — C:UsersAnaïsAppDataLocalGoogleChromeUser DataLocal State [43032]
    O61 – LFC: 5/11/2013 – 19:40:11 —A- . (…) — C:UsersAnaïsAppDataRoamingMicrosoftMicrosoft IntelliPointSQMsqmdata00.sqm [368]
    O61 – LFC: 5/11/2013 – 19:40:11 —A- . (…) — C:UsersAnaïsAppDataRoamingMicrosoftMicrosoft IntelliPointSQMsqmdata01.sqm [368]
    O61 – LFC: 5/11/2013 – 19:40:11 —A- . (…) — C:UsersAnaïsAppDataRoamingMicrosoftMicrosoft IntelliPointSQMsqmdata02.sqm [368]
    O61 – LFC: 5/11/2013 – 19:40:11 —A- . (…) — C:UsersAnaïsAppDataRoamingMicrosoftMicrosoft IntelliPointSQMsqmdata03.sqm [368]
    O61 – LFC: 5/11/2013 – 19:40:13 —A- . (…) — C:UsersAnaïsAppDataRoamingMicrosoftTemplatesNormal.dotm [308344]
    O61 – LFC: 5/11/2013 – 19:40:23 —A- . (…) — C:UsersAnaïsDocumentsUniversitéDroit comparéAnalyse Donoghue v. Stevenson.docx [27986]
    O61 – LFC: 5/11/2013 – 19:42:40 -SHA- . (…) — C:UsersAnaïsThumbs.db [14336]
    ~ 8 Fichiers temporaires (Temporary files)
    ~ Files: 124 Legitimates Filtered in 06mn 44s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersAnaïsAppDataLocalGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [Anaïs – ile1jawy.default] user_pref(“avg.install.newtab”, true);
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0DF60239-D872-4DE1-BAB9-F7AE3B421534} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    O69 – SBI: SearchScopes [HKCU] {35CFDBD1-461A-4599-8672-1C993E7318B2} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.1C636E46703913B32FBB1EDDC8376164] [SPRF][29/04/2012] (…) — C:UsersAnaïsAppDataLocalTemp3959E3D3-2529-4215-99B6-36BB0AA26514.dat [2295]
    [MD5.EE216379B77562E14A7B045766B8A6BB] [SPRF][25/10/2013] (…) — C:UsersAnaïsAppDataLocalTemp6816CCCD-4570-41E9-91EA-D6E7F7877742.dat [44184]
    [MD5.6D9994184A2BE91E1BED05BEF5FE055C] [SPRF][25/10/2013] (…) — C:UsersAnaïsAppDataLocalTemp6D5D467E-2591-4508-BF17-2E26F2C17950.dat [44937]
    [MD5.C5CDF5F4B0C0FC069C3CC056D00871C1] [SPRF][15/10/2013] (…) — C:UsersAnaïsAppDataLocalTemp74411DA7-BE0B-49A1-98C1-D4DD6AF8CD6D.dat [1846]
    [MD5.E1F4B6B51A1803032EF81B97CDA69E44] [SPRF][19/03/2012] (…) — C:UsersAnaïsAppDataLocalTemp817A62AB-DFE6-4E4B-9174-20B38B6CB4A7.dat [2115]
    [MD5.0A9886426F2CD8B200E8F222CFB29434] [SPRF][5/11/2013] (…) — C:UsersAnaïsAppDataLocalTemp819BB561-1E4B-437D-A2B2-94260A0F6C47.dat [43756]
    [MD5.4313E6525CAECE08CED16E3055A8AF8D] [SPRF][5/11/2013] (…) — C:UsersAnaïsAppDataLocalTemp85893609-7BA1-42ED-B141-077647F83E5D.dat [1724]
    [MD5.998F2B84DDEF0399445376872FEE9EB5] [SPRF][4/11/2013] (…) — C:UsersAnaïsAppDataLocalTemp89769FC4-86A0-43FC-B754-D48FFBC9D04D.dat [1846]
    [MD5.FACC2F62D3FC8FAAEC0C5C9EC57FF5FF] [SPRF][28/04/2012] (…) — C:UsersAnaïsAppDataLocalTemp8E3C7E4F-D16D-41D4-B88D-3B9C2E7D17EE.dat [2319]
    [MD5.7EBC9B3EEAD6500469A617CC16E99D0E] [SPRF][26/03/2013] (…) — C:UsersAnaïsAppDataLocalTemp9E8A7037-B27C-44A9-B230-B1D140114C64.dat [25377]
    [MD5.DD0582B1B595F85F5AB7678EB084D7C9] [SPRF][29/04/2012] (…) — C:UsersAnaïsAppDataLocalTempA805668E-2516-46A9-8332-908256DB5C64.dat [2323]
    [MD5.160EA9BA4F751C488CA4EF4A445FFC69] [SPRF][6/07/2012] (.Ask.com – AskStub Application.) — C:UsersAnaïsAppDataLocalTempApnStub.exe [357064]
    [MD5.197215658B8015182192E1EBCA3BBCC3] [SPRF][7/01/2012] (.Ask.com – AskIC Dynamic Link Library.) — C:UsersAnaïsAppDataLocalTempAskSLib.dll [246440]
    [MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][11/04/2013] (…) — C:UsersAnaïsAppDataLocalTempbitool.dll [38480]
    [MD5.8F0D39370CF945EE65AE63CEB860F843] [SPRF][5/11/2013] (…) — C:UsersAnaïsAppDataLocalTempC3B66A73-86DE-4703-9FCA-464D16BDD17D.dat [44599]
    [MD5.84A646C0CC55DC5CFF9BAF9E1226A839] [SPRF][29/04/2012] (…) — C:UsersAnaïsAppDataLocalTempE6B78FE4-1BE0-4466-B521-D2B02D87FEC2.dat [2311]
    [MD5.171F1BB73D0238A7A56126D3459ECDCD] [SPRF][15/10/2008] (…) — C:UsersAnaïsAppDataLocalTempExtract.exe [50432]
    [MD5.0A90E205FEF72B11356340EF43BD02EF] [SPRF][29/04/2012] (…) — C:UsersAnaïsAppDataLocalTempF47C62D5-4827-4830-BFC5-FDA11ABB1F3E.dat [2319]
    [MD5.C13E3F6FF940141F86EE4C47CB9C4A16] [SPRF][29/11/2012] (.Pas de propriétaire – MachineIdCreator Application.) — C:UsersAnaïsAppDataLocalTempMachineIdCreator.exe [163936]
    [MD5.E7EA77F76D8D443E4CEAD2E46A77B06B] [SPRF][29/11/2012] (.Pas de propriétaire – AVG Installer.) — C:UsersAnaïsAppDataLocalTempoi_{8DAB44D5-2C90-47D1-BDCF-CFABD3C6E7A9}.exe [2985568]
    [MD5.991CD458830AE2008BE0C2D8E26C8BD0] [SPRF][28/11/2011] (.Pas de propriétaire – WindowsFormsApplication1.) — C:UsersAnaïsAppDataLocalTempPingMe.exe [7168]
    [MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][3/11/2013] (…) — C:UsersAnaïsAppDataLocalTempQuarantine.exe [350259]
    [MD5.9738475FF9A6A9ADDC1BE56FB55CD3B4] [SPRF][14/02/2013] (.Ask – Wrapper Application.) — C:UsersAnaïsAppDataLocalTempSetup.exe [4163720]
    [MD5.F0BCA9C414B8F2CA3C652FB26D095D17] [SPRF][21/11/2012] (…) — C:UsersAnaïsAppDataLocalTemptemp.bat [447]
    ~ Files: 51 Legitimates Filtered in 01mn 42s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “25BD30E1BC5D83343A835E62DDD4D41B” . (.Bing Bar.) — C:WindowsInstaller{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}icon_installer_ico =>Toolbar.Bing
    ~ Update Products: 179 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][23/09/2012] (.Boxore OU. – Software Update Helper.) — C:WindowsInstallera6e2ec.msi [45056] =>Adware.Boxore
    ~ WIS: 182 Legitimates Filtered in 02mn 28s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 3/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 25/06/2013 204288 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 28/09/2011 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) – C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 14/06/2011 138400 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe
    SR – | Auto 14/06/2011 97952 | (AtherosSvc) . (.Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
    SS – | Demand 1/03/2011 183560 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBarBBSvc.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Demand 15/11/2011 249856 | (BrYNSvc) . (.Brother Industries, Ltd..) – C:Program Files (x86)Browny02BrYNSvc.exe
    SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SS – | Auto 16/02/2011 682040 | (HPAuto) . (.Hewlett-Packard.) – C:Program FilesHewlett-PackardHP AutoHPAuto.exe
    SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
    SR – | Auto 10/08/2012 197536 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe
    SR – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 5/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
    SR – | Auto 25/06/2013 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
    SR – | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SR – | Auto 20/05/2013 144368 | (NIS) . (.Symantec Corporation.) – C:Program Files (x86)Norton Internet SecurityEngine20.4.0.40ccSvcHst.exe
    SR – | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftBingBarSeaPort.exe
    SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SR – | Auto 17/12/2010 276992 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 02mn 34s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Anaïs at 5/11/2013 19:49:38
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Scan Additionnel (O88)
    Database Version : 12971 – (4/11/2013)
    Clés trouvées (Keys found) : 41
    Valeurs trouvées (Values found) : 3
    Dossiers trouvés (Folders found) : 6
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareGoogleChromeExtensionsdhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon^
    [HKLMSoftwareGoogleChromeExtensionslmblfngognklgemafekefcdjcnkdhmdm] =>Adware.2YourFace^
    [HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
    [HKLMSoftwareGoogleChromeExtensionspbpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
    [HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesBA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
    [HKLMSoftwareClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultExtensionsdhkplhfnhceodhffomolpfigojocbpcb =>Toolbar.Babylon^
    C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultExtensionslmblfngognklgemafekefcdjcnkdhmdm =>Adware.2YourFace^
    C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
    C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultExtensionspbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
    C:UsersAnaïsAppDataLocalSoftware =>Adware.Boxore
    C:UsersAnaïsAppDataLocalGoogleChromeUser DataDefaultExtensionsdlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd
    C:WindowsInstallera6e2ec.msi =>Adware.Boxore^
    ~ Additionnel Scan: 349426 Items scanned in 00mn 54s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/26593722-adware-2yourface” onclick=”window.open(this.href);return false; =>Adware.2YourFace
    ~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay” onclick=”window.open(this.href);return false; =>Spyware.SmartDisplay
    ~ http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap” onclick=”window.open(this.href);return false; =>Adware.PopCap
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ http://nicolascoolman.webs.com/apps/blog/show/34702976-toolbar-ebay” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing” onclick=”window.open(this.href);return false; =>Toolbar.Bing
    ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ MSI: 10 link(s) detected in 00mn 55s

    ~ 1521 Legitimates filtered by white list
    End of the scan (538 lines in 19mn 27s)(0)[/spoiler:g832epp1]

  • Anonyme
    Nombre d'articles : 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
    • Exécute UsbFix
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • Simi
    Participant
    Nombre d'articles : 4

    Bonjour,

    merci de m’avoir répondu 🙂

    J’ai essayé à plusieurs reprises, mais toujours le même résultat : USBfixe ne répond pas à 21% :hein:

  • Anonyme
    Nombre d'articles : 0

    J’ai essayé à plusieurs reprises, mais toujours le même résultat : USBfixe ne répond pas à 21% :hein:

    Ouais y’a apparemment un soucis avec la version de usbfix qui est en ligne , c’est un soucis au niveau de la reconnaissance des disques, alors elle se bloque sur certains PC.
    Je suis actuellement en train de revoir le code source de UsbFix de A à Z , y’aura plus de bug , je te le garantie 😉

    On va faire autrement mais essai ceci stp : connectes tes supports amovibles, lance UsbFix option listing et post le rapport stp.

  • Simi
    Participant
    Nombre d'articles : 4

    [spoiler:294kdo59]############################## | UsbFix V 7.149 | [Listing]

    Utilisateur: Anaïs (Administrateur) # ANAÏS-HP
    Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 09:34:06 | 08/11/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (3568)
    CPU: AMD A4-3300M APU with Radeon(tm) HD Graphics
    RAM -> [Total : 3561 | Free : 1671]
    Bios: Insyde
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 11.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Norton Internet Security [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 574 Go (436 Go libre(s) – 76%) [] # NTFS
    D: -> Disque fixe # 18 Go (2 Go libre(s) – 11%) [Recovery] # NTFS
    E: -> Disque fixe # 4 Go (1 Go libre(s) – 28%) [HP_TOOLS] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 7 Go (6 Go libre(s) – 84%) [] # FAT32
    H: -> CD-ROM

    ################## | Listing |

    [25/06/2013 – 10:27:54 | SHD ] C:$Recycle.Bin
    [10/05/2012 – 17:17:18 | D ] C:8670621f47a78c90237fbbd6d566ef
    [05/11/2013 – 20:19:25 | D ] C:AdwCleaner
    [06/08/2011 – 11:17:23 | SHD ] C:boot
    [21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
    [08/09/2012 – 08:47:05 | D ] C:Brother
    [11/10/2013 – 21:06:15 | SHD ] C:Config.Msi
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [05/05/2012 – 09:05:10 | D ] C:drivers
    [11/04/2012 – 09:18:01 | SHD ] C:found.000
    [08/11/2013 – 09:27:20 | ASH | 2800803840] C:hiberfil.sys
    [15/09/2011 – 01:12:53 | HD ] C:HP
    [13/03/2012 – 13:46:12 | RHD ] C:MSOCache
    [08/11/2013 – 09:27:19 | ASH | 3734405120] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [05/11/2013 – 19:50:00 | A | 512] C:PhysicalDisk0_MBR.bin
    [05/11/2013 – 19:07:11 | RD ] C:Program Files
    [05/11/2013 – 19:29:01 | RD ] C:Program Files (x86)
    [05/11/2013 – 19:06:59 | HD ] C:ProgramData
    [12/03/2012 – 12:55:38 | SHD ] C:Recovery
    [25/06/2013 – 10:42:51 | A | 184] C:setup.log
    [07/09/2013 – 09:09:21 | D ] C:SWSetup
    [08/11/2013 – 07:25:17 | SHD ] C:System Volume Information
    [12/03/2012 – 12:55:44 | HD ] C:SYSTEM.SAV
    [08/11/2013 – 09:34:07 | D ] C:UsbFix
    [07/11/2013 – 19:20:52 | A | 13431] C:UsbFix [Clean 1] ANAÏS-HP.txt
    [07/11/2013 – 19:43:11 | A | 13528] C:UsbFix [Clean 2] ANAÏS-HP.txt
    [08/11/2013 – 07:31:07 | A | 13727] C:UsbFix [Clean 3] ANAÏS-HP.txt
    [08/11/2013 – 09:16:42 | A | 7463] C:UsbFix [Listing 1 ] ANAÏS-HP.txt
    [08/11/2013 – 09:34:07 | A | 2837] C:UsbFix [Listing 2 ] ANAÏS-HP.txt
    [20/05/2012 – 17:14:22 | RD ] C:Users
    [27/10/2013 – 10:05:27 | D ] C:Windows
    [08/11/2013 – 08:37:46 | A | 3552] C:{B4DAD339-5B35-4BD8-86C1-3CD364E42903}
    [25/06/2013 – 10:27:54 | SHD ] D:$RECYCLE.BIN
    [12/03/2012 – 14:58:14 | RASHD ] D:boot
    [14/07/2009 – 19:39:00 | RASH | 383562] D:bootmgr
    [23/05/2010 – 13:55:46 | RASH | 67] D:Desktop.ini
    [12/03/2012 – 14:58:14 | ASHD ] D:FactoryUpdate
    [12/03/2012 – 14:58:14 | RASHD ] D:hp
    [11/04/2012 – 19:53:41 | A | 20] D:HPSF_Rep.txt
    [12/03/2012 – 14:57:59 | RASH | 8] D:HP_WSD.dat
    [12/03/2012 – 14:58:14 | RSHD ] D:preload
    [18/12/2012 – 20:58:34 | RSD ] D:recovery
    [12/03/2012 – 16:52:07 | AH | 426] D:RMCStatus.bin
    [12/03/2012 – 14:58:14 | SHD ] D:RM_Reserve
    [08/11/2013 – 07:25:18 | SHD ] D:System Volume Information
    [20/08/2013 – 10:51:56 | AD ] E:Hewlett-Packard
    [15/09/2011 – 02:19:38 | SHD ] E:$RECYCLE.BIN
    [06/11/2012 – 15:27:58 | A | 8] E:HP_WSD.dat
    [11/04/2012 – 20:53:42 | A | 20] E:HPSF_Rep.txt
    [06/08/2012 – 17:49:40 | SHD ] G:Italie 2012
    [23/06/2009 – 22:38:40 | SHD ] G:Organisation Voyage Finlande 2007
    [12/09/2012 – 19:14:22 | SHD ] G:Avocat
    [14/09/2012 – 10:38:46 | SHD ] G:Preuve anais
    [17/09/2012 – 12:45:28 | SHD ] G:Bambois 01-09-2012
    [05/11/2012 – 17:29:46 | SHD ] G:travail de méthodo
    [31/08/2013 – 11:32:30 | SH | 73728] G:Activator.vbs
    [08/11/2013 – 09:22:28 | A | 527] G:math.lnk
    [08/11/2012 – 10:02:36 | SHD ] G:Travaux préparatoires
    [08/08/2013 – 20:55:50 | SHD ] G:math
    [27/08/2013 – 18:02:16 | SHD ] G:croatie
    [08/11/2013 – 09:22:28 | A | 545] G:Italie 2012.lnk
    [12/11/2012 – 09:50:44 | SHD ] G:Loi du 31 mars 1987
    [08/11/2013 – 09:22:28 | A | 742] G:Activator.lnk
    [08/11/2013 – 09:22:28 | A | 1654] G:Travail méthodo Version 2.lnk
    [08/11/2013 – 09:22:28 | A | 597] G:Organisation Voyage Finlande 2007.lnk
    [01/11/2013 – 17:01:58 | R | 531] G:Avocat.lnk
    [27/03/2013 – 09:27:40 | SHD ] G:DOB II
    [28/02/2013 – 07:06:16 | SH | 99569] G:Travail méthodo Version 2.docx
    [08/11/2013 – 09:22:28 | A | 547] G:Preuve anais.lnk
    [08/11/2013 – 09:22:28 | A | 559] G:Bambois 01-09-2012.lnk
    [08/11/2013 – 09:22:28 | A | 563] G:travail de méthodo.lnk
    [08/11/2013 – 09:22:28 | A | 565] G:Travaux préparatoires.lnk
    [08/11/2013 – 09:22:28 | A | 533] G:croatie.lnk
    [08/11/2013 – 09:22:28 | A | 1642] G:BEATRICE AER EX 2012.lnk
    [08/11/2013 – 09:22:28 | A | 1612] G:Declaration.lnk
    [08/11/2013 – 09:22:28 | A | 750] G:DOB II.lnk
    [25/09/2013 – 17:59:12 | SH | 134705] G:BEATRICE AER EX 2012.pdf
    [08/11/2013 – 09:22:28 | A | 1632] G:USConstitution_French.lnk
    [08/11/2013 – 09:22:30 | A | 748] G:Notaire.lnk
    [08/11/2013 – 09:22:28 | A | 1772] G:Vos attestations pour l'obtention d'un abonnement scolaire (train ou bus).lnk
    [08/11/2013 – 09:22:28 | A | 1688] G:Votre confirmation d'inscription provisoire.lnk
    [26/09/2013 – 13:32:56 | SH | 57808] G:Declaration.pdf
    [08/11/2013 – 09:22:28 | A | 788] G:Loi du 31 mars 1987.lnk
    [08/11/2013 – 09:22:28 | A | 1602] G:alloc.lnk
    [26/09/2013 – 13:22:04 | SH | 132337] G:Vos attestations pour l'obtention d'un abonnement scolaire (train ou bus).pdf
    [26/09/2013 – 13:20:22 | SH | 44884] G:Votre confirmation d'inscription provisoire.pdf
    [31/10/2013 – 19:44:28 | A | 768] G:TP à imprimer.lnk
    [08/11/2013 – 09:22:28 | A | 1602] G:.lnk
    [01/11/2013 – 17:14:56 | SHD ] G:DIVERS
    [23/10/2013 – 11:18:18 | SH | 295829] G:USConstitution_French.pdf
    [24/10/2013 – 08:54:04 | SH | 18784] G:alloc.docx
    [13/10/2013 – 22:30:38 | SH | 69554284] G:iTunesHelper.vbe
    [01/11/2013 – 16:56:22 | SH | 37376] G:Décion ndls.doc
    [08/11/2013 – 09:22:28 | A | 1616] G:Décion ndls.lnk
    [01/11/2013 – 17:13:18 | SH | 11264] G:Nouveau Document Microsoft Word 97 – 2003.doc
    [08/11/2013 – 09:22:28 | A | 1696] G:Nouveau Document Microsoft Word 97 – 2003.lnk
    [08/11/2013 – 09:22:28 | A | 746] G:DIVERS.lnk
    [02/11/2013 – 09:58:34 | A | 742] G:iTunesHelper.lnk
    [01/11/2013 – 19:51:32 | SHD ] G:Nouveau dossier
    [08/11/2013 – 09:22:30 | A | 768] G:Nouveau dossier.lnk
    [18/10/2013 – 17:46:58 | SH | 4096] G:._.Trashes
    [10/10/2013 – 11:12:28 | SHD ] G:Notaire
    [18/10/2013 – 17:46:58 | SHD ] G:.Trashes
    [18/10/2013 – 17:48:16 | SHD ] G:L.P?
    [18/10/2013 – 17:48:34 | SHD ] G:Tuyaux 3ème Bac Droit
    [08/11/2013 – 09:22:30 | A | 750] G:.Trashes.lnk
    [31/10/2013 – 19:41:22 | A | 754] G:.fseventsd.lnk
    [31/10/2013 – 19:41:22 | A | 764] G:.Spotlight-V100.lnk
    [08/11/2013 – 09:22:30 | A | 788] G:Tuyaux 3ème Bac Droit.lnk

    ################## | E.O.F |[/spoiler:294kdo59]

  • Anonyme
    Nombre d'articles : 0

    Re,

    Alors je t’explique , là on va enlever l’infection de ton PC et de la clé usb G , ensuite on fera 2 | 3 autres scan du PC car tu as aussi des Adware.pup et une fois ça terminé, on va restaurer les fichiers et dossiers de ta clé 🙂

    Connecte la clé G , puis :

    • Télécharge OTM de OldTimer sur ton bureau.
    • Double-clique sur OTM.exe pour le lancer.
    • Sous Vista/Seven , clic droit -> lancer en tant qu’administrateur
    • Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.


    :files
    G:Activator.vbs
    G:math.lnk
    G:Italie 2012.lnk
    G:Activator.lnk
    G:Travail méthodo Version 2.lnk
    G:Organisation Voyage Finlande 2007.lnk
    G:Avocat.lnk
    G:Preuve anais.lnk
    G:Bambois 01-09-2012.lnk
    G:travail de méthodo.lnk
    G:Travaux préparatoires.lnk
    G:croatie.lnk
    G:BEATRICE AER EX 2012.lnk
    G:Declaration.lnk
    G:DOB II.lnk
    G:USConstitution_French.lnk
    G:Notaire.lnk
    G:Vos attestations pour l'obtention d'un abonnement scolaire (train ou bus).lnk
    G:Votre confirmation d'inscription provisoire.lnk
    G:Loi du 31 mars 1987.lnk
    G:alloc.lnk
    G:TP à imprimer.lnk
    G:.lnk
    G:iTunesHelper.vbe
    G:Décion ndls.lnk
    G:Nouveau Document Microsoft Word 97 - 2003.lnk
    G:DIVERS.lnk
    G:iTunesHelper.lnk
    G:Nouveau dossier.lnk
    G:.Trashes.lnk
    G:.fseventsd.lnk
    G:.Spotlight-V100.lnk
    G:Tuyaux 3ème Bac Droit.lnk
    C:UsersAnaïsAppDataRoaming*.vbe
    C:UsersAnaïsAppDataRoaming*.vbs
    C:UsersAnaïsAppDataLocalTemp*.vbe
    C:UsersAnaïsAppDataLocalTemp*.vbs
    C:UsersAnaïsAppDataLocalTemp*.exe
    C:UsersAnaïsAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup*.vbe
    C:UsersAnaïsAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup*.vbs
    C:UsersAnaïsAppDataRoamingnewfolder3

    :Reg
    [HKEY_USERSS-1-5-21-1884211010-167994816-3066439192-1001SoftwareMicrosoftWindowsCurrentVersionRun]
    "iTunesHelper"=-
    "Activator"=-
    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    "iTunesHelper"=-
    "Activator"=-

    :commands
    [emptytemp]
    • Clique sur “MoveIt!” .
    • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l’ordinateur.
    • Si c’est le cas, acceptes en cliquant sur “YES”.
    • Post le rapport dans ta prochaine réponse.
    • Le rapport est situé dans C:_OTMMovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).
  • Simi
    Participant
    Nombre d'articles : 4

    [/spoiler] killed
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    Error: Unable to interpret in the current context!
    ========== REGISTRY ==========
    Registry value HKEY_USERSS-1-5-21-1884211010-167994816-3066439192-1001SoftwareMicrosoftWindowsCurrentVersionRun\iTunesHelper not found.
    Registry value HKEY_USERSS-1-5-21-1884211010-167994816-3066439192-1001SoftwareMicrosoftWindowsCurrentVersionRun\Activator not found.
    Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\iTunesHelper not found.
    Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Activator not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Anaïs

    User: Anaïs
    ->Temp folder emptied: 33933 bytes
    ->Temporary Internet Files folder emptied: 2624 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8773248 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 779086961 bytes
    %systemroot%system32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 63408 bytes
    %systemroot%system32configsystemprofileAppDataLocalLowSunJavaDeployment folder emptied: 755 bytes
    %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 95763 bytes
    RecycleBin emptied: 44078250 bytes

    Total Files Cleaned = 794,00 mb

    OTM by OldTimer – Version 3.1.21.0 log created on 11082013_145041
    G:Nouveau Document Microsoft Word 97 – 2003.lnk moved successfully.

    OTM by OldTimer – Version 3.1.21.0 log created on 11082013_145028

    Files moved on Reboot…
    File G:Activator.vbs not found!
    File G:iTunesHelper.vbe not found!
    C:UsersAnaïsAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
    C:WindowsSysWow64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.

    Registry entries deleted on Reboot… [/spoiler]

  • Anonyme
    Nombre d'articles : 0

    Désinstalle ta version de UsbFix, on va utiliser la dernière mises à jours 😉 :

    • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
    • Exécute UsbFix
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • Simi
    Participant
    Nombre d'articles : 4

    Usb fixe ne répond toujours pas :unhappy:

    Je suis désespérée !

  • Anonyme
    Nombre d'articles : 0

    Usb fixe ne répond toujours pas :unhappy:

    Je suis désespérée !

    🙁 Faut pas 😉 Y’a toujours des solutions 😉

    Nous allons éffectuer un diagnostic de ton ordinateur :

    • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    • Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu’adminsitrateur.
    • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées.
    • Dans le cadre Personnalisation, copie-colle l’intégralité de ce qui suit :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%Application Data*.
    %ALLUSERSPROFILE%Application Data*.exe /s
    %APPDATA%*.
    %APPDATA%*.exe /s
    %temp%*.exe /s
    %SYSTEMDRIVE%*.exe
    %systemroot%*. /mp /s
    %systemroot%system32consrv.dll
    %systemroot%system32*.dll /lockedfiles
    %windir%Tasks*.job /lockedfiles
    %systemroot%system32drivers*.sys /lockedfiles
    %systemroot%System32config*.sav
    /md5start
    explorer.exe
    winlogon.exe
    services.exe
    wininit.exe
    /md5stop
    HKEY_CLASSES_ROOTCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InprocServer32 /s
    HKEY_LOCAL_MACHINESYSTEMSYSTEMCurrentControlSetServiceslanmanserverparameters /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerAppCertDlls /s
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList /s
    HKEY_LOCAL_MACHINESoftwareMicrosoftCommand Processor /s
    HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor /s
    CREATERESTOREPOINT
    nslookup http://www.google.fr /c
    hklmsoftwareclientsstartmenuinternet|command /rs
    hklmsoftwareclientsstartmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    SAVEMBR:0

    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur Sosupload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

Le sujet ‘Clés usb et pc infectés, création de raccourcis; Activator.vbs et ItunesHelper.vbe’ est fermé à de nouvelles réponses.