SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité Crash à l’ouverture de certains logiciels.

15 sujets de 1 à 15 (sur un total de 50)
  • Auteur
    Messages
  • JohnBeacon
    Participant
    Nombre d'articles : 29

    Bonjour,

    Avant tout bravo pour ce site vraiment agréable dans sa navigation.
    Et avant tout n°2, merci de lire mon message avec un si grand intérêt ;)
    Voilà mon problème : depuis plus d’une semaine, je ne peux ouvrir certains logiciels qui me sont indispensables pour mon boulot (donc grosse urgence quoi…) sans que mon PC ne plante, avec un écran bleu. Windows m’a alerté d’un certain virus nommé win32/Small.ca.
    La semaine dernière donc, en suivant des conseils vus sur un forum, j’ai lancé une analyse à l’aide de Malwarebytes’ Anti-Malware, dont voici le rapport :
    [spoiler:3pwrcgg0]Malwarebytes Anti-Malware
    http://www.malwarebytes.org » onclick= »window.open(this.href);return false;

    Scan Date: 26/10/2014
    Scan Time: 23:46:33
    Logfile: MBAM.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.10.26.08
    Rootkit Database: v2014.10.22.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: orion

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 346856
    Time Elapsed: 17 min, 28 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.PriceGong.A, HKUS-1-5-21-4173547603-675645401-1036151855-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREAPPDATALOWSOFTWAREPriceGong, , [361a67b2027a82b4141e6aead33058a8],
    PUP.Optional.Softonic.A, HKUS-1-5-21-4173547603-675645401-1036151855-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWARESOFTONICUniversal Downloader, , [10409a7f6715310547abf5532ad95ca4],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGong, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongData, , [252b6dac1666fb3b6522e01653af0cf4],

    Files: 30
    Trojan.Agent.CK, C:UsersorionDocumentsxf-a2010.exe, , [113fb465f785092d1e5316136d95eb15],
    PUP.OfferBundler.ST, C:UsersorionDownloadsSoftonicDownloader_pour_asio4all.exe, , [c68af6230379ec4aca494b564ab652ae],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongData1.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDataa.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatab.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatac.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatad.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatae.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDataf.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatag.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatah.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatai.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDataj.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatak.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatal.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatam.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatan.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatao.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatap.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDataq.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatar.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatas.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatat.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatau.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatav.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDataw.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatawlu.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatax.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDatay.txt, , [252b6dac1666fb3b6522e01653af0cf4],
    PUP.Optional.PriceGong.A, C:UsersorionAppDataLocalLowPriceGongDataz.txt, , [252b6dac1666fb3b6522e01653af0cf4],

    Physical Sectors: 0
    (No malicious items detected)

    (end)[/spoiler:3pwrcgg0]

    Après ça j’ai mis en quarantaine tout ce que Malwarebytes m’a conseillé de mettre en quarantaine.

    Mais après avoir découvert votre site, j’ai repris toute la procédure depuis le début, comme vous conseillez de le faire. Donc voici le rapport de AdwCleaner :
    [spoiler:3pwrcgg0]# AdwCleaner v3.311 – Report created 03/11/2014 at 16:36:41
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : orion – ORION-PC
    # Running from : C:UsersorionDesktopadwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    Folder Deleted : C:ProgramDataNCH Software
    Folder Deleted : C:ProgramDataParetoLogic
    Folder Deleted : C:Program Files (x86)Conduit
    Folder Deleted : C:Program Files (x86)DAEMON Tools Toolbar
    Folder Deleted : C:Program Files (x86)NCH Software
    Folder Deleted : C:Program Files (x86)Softonic_France
    Folder Deleted : C:UsersorionAppDataLocalPackageAware
    Folder Deleted : C:UsersorionAppDataLocalLowConduit
    Folder Deleted : C:UsersorionAppDataLocalLowSoftonic_France
    Folder Deleted : C:UsersorionAppDataRoamingDriverCure
    Folder Deleted : C:UsersorionAppDataRoamingNCH Software
    Folder Deleted : C:UsersorionAppDataRoamingParetoLogic
    Folder Deleted : C:UsersorionAppDataRoamingMicrosoftWindowsStart MenuProgramsParetoLogic

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsbopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerLowRegistryDOMStorageconduitapps.com
    Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
    Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
    Key Deleted : HKLMSOFTWAREMicrosoftTracingregistrybooster_RASAPI32
    Key Deleted : HKLMSOFTWAREMicrosoftTracingregistrybooster_RASMANCS
    Key Deleted : HKLMSOFTWAREClassesToolbar.CT2542115
    Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader41044_RASAPI32
    Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader41044_RASMANCS
    Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_asio4all_RASAPI32
    Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_asio4all_RASMANCS
    Key Deleted : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLMSOFTWAREClassesCLSID{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
    Key Deleted : HKLMSOFTWAREClassesCLSID{C58ABC47-8E11-4F02-889C-BBDAE55E8EB0}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C58ABC47-8E11-4F02-889C-BBDAE55E8EB0}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{C58ABC47-8E11-4F02-889C-BBDAE55E8EB0}
    Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
    Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
    Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
    Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
    Key Deleted : HKCUSoftwareConduit
    Key Deleted : HKCUSoftwareParetoLogic
    Key Deleted : HKCUSoftwareSoftonic
    Key Deleted : HKCUSoftwareAppDataLowToolbar
    Key Deleted : HKCUSoftwareAppDataLowSoftwareConduit
    Key Deleted : HKCUSoftwareAppDataLowSoftwareSoftonic_France
    Key Deleted : HKLMSOFTWAREConduit
    Key Deleted : HKLMSOFTWAREdt softdaemon tools toolbar
    Key Deleted : HKLMSOFTWAREParetoLogic
    Key Deleted : HKLMSOFTWARESoftonic_France
    Key Deleted : HKLMSOFTWAREUniblue
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstalldaemon tools toolbar
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSoftonic_France Toolbar

    ***** [ Browsers ] *****

    -\ Internet Explorer v11.0.9600.17344

    -\ Mozilla Firefox v33.0.2 (x86 fr)

    [ File : C:UsersorionAppDataRoamingMozillaFirefoxProfilesbof15fui.defaultprefs.js ]

    *************************

    AdwCleaner[R0].txt – [5560 octets] – [03/11/2014 16:30:18]
    AdwCleaner[S0].txt – [4345 octets] – [03/11/2014 16:36:41]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [4405 octets] ##########[/spoiler:3pwrcgg0]

    …suivi du nouveau rapport de Malwarebytes :
    [spoiler:3pwrcgg0]Malwarebytes Anti-Malware
    http://www.malwarebytes.org » onclick= »window.open(this.href);return false;

    Scan Date: 03/11/2014
    Scan Time: 16:45:18
    Logfile: MBAM2.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.03.06
    Rootkit Database: v2014.11.01.02
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: orion

    Scan Type: Hyper Scan
    Result: Completed
    Objects Scanned: 264322
    Time Elapsed: 7 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Disabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)[/spoiler:3pwrcgg0]

    …Et enfin le rapport de ZHPDiag
    [spoiler:3pwrcgg0]~ Rapport de ZHPDiag v2014.11.3.157 – Nicolas Coolman (03/11/2014)
    ~ Lancé par orion (03/11/2014 16:57:21)
    ~ Adresse du Site Web http://nicolascoolman.fr » onclick= »window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr » onclick= »window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17358
    MFIE: Mozilla Firefox 33.0.2 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, RETAIL channel
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2018
    Malwarebytes Anti-Malware version 2.0.3.1025
    McAfee Security Scan Plus v3.8.150.1
    Windows Defender W7 (Activate)

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 9 ActiveX
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4095 MB (54% free)
    System Restore: Activé (Enable)
    System drive C: has 14 GB (13%) free of 98 GB

    —\ Mode de connexion au système
    ~ Computer Name: ORION-PC
    ~ User Name: orion
    ~ All Users Names: orion, HomeGroupUser$, Guest, Administrator,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersorionAppDataRoamingZHP
    ~ %AppData% : C:UsersorionAppDataRoaming
    ~ %Desktop% : C:UsersorionDesktop
    ~ %Favorites% : C:UsersorionFavorites
    ~ %LocalAppData% : C:UsersorionAppDataLocal
    ~ %StartMenu% : C:UsersorionAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 14 Go of 98 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 24 Go of 360 Go)
    E: CD-ROM drive (Not Inserted)
    G: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Windows Explorer.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Windows Start-Up Application.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9D98D4F390F0B14A782F3B931E613A1A] – (.Microsoft Corporation – Internet Extensions for Win32.) (.19/09/2014 – 01:33:18.) — C:WindowsSystem32wininet.dll [2309632]
    [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] – (.Microsoft Corporation – Windows Logon Application.) (.17/07/2014 – 03:07:24.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Software Licensing Library.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – i8042 Port Driver.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – NT File System Driver.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Parallel Port Driver.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Volume Shadow Copy Driver.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/568
    ~ Mes musiques (My Musics) : 1/221
    ~ Mes Videos (My Videos) : 1/2
    ~ Mes Favoris (My Favorites) : 1/20
    ~ Mes Documents (My Documents) : 1/14230
    ~ Mon Bureau (My Desktop) : 1/529
    ~ Menu demarrer (Programs) : 1/57
    ~ Hidden Files: Scanned in 00mn 10s

    —\ Processus lancés
    [MD5.1542D48BEF0C07513453CDEF1577BB79] – (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools Litedaemon.exe [691656] [PID.1816]
    [MD5.DE1C19537602BAF9BC79BB35B794E257] – (.Skype Technologies S.A. – Skype.) — C:Windows.oldProgram FilesSkypePhoneSkype.exe [22065760] [PID.1712]
    [MD5.A7672FFFC0830198D082E2A5C4BEC34E] – (.Huawei Technologies Co., Ltd. – DataCardMonitor MFC Application.) — C:ProgramDataDatacardServiceDCSHelper.exe [228352] [PID.2184]
    [MD5.4D042B1F1375CF371AFBE0E0276BA627] – (.Adobe Systems Inc. – AcroTray.) — C:Program Files (x86)AdobeAcrobat 8.0Acrobatacrotray.exe [624248] [PID.2544]
    [MD5.52DB6CDAC5BC7A1FC884E97C41C91213] – (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [248040] [PID.2588]
    [MD5.EF1FDB2A4B30AA4761376183FD81CC18] – (.France Telecom SA – Pas de description.) — C:Program Files (x86)CardDetectorHUAWEI1752_1552CardDetector.exe [282624] [PID.2620]
    [MD5.4EB0C6C3EF4D8885CF2B5D0062F31E44] – (.Pas de propriétaire – DivX Update.) — C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe [1259376] [PID.2668]
    [MD5.21B8FAAFA5CCD89663AAD5833ABF4B35] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3890208] [PID.2704]
    [MD5.569E547273C25B019054A12A40400ECE] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [11318784] [PID.2792]
    [MD5.4B723F33D7331F20E06F3A2FD76EC1D5] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [11312128] [PID.2824]
    [MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [7229752] [PID.1476]
    [MD5.BA7E0BAD9AFF2E62F10F74DFB4783986] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.2076]
    [MD5.9ED34A82F8FBF6001F127420834DD793] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8118784] [PID.3868]
    [MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1296]
    [MD5.C5679E5186B2FC95BC76A8A9870D5456] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [64704] [PID.1096]
    [MD5.73686FE0B2E0469F89FD2075BE724704] – (.Apple Computer, Inc. – Bonjour Service.) — C:Program Files (x86)BonjourmDNSResponder.exe [229376] [PID.2064]
    [MD5.9AC09551F559A1EEAFC0B19F624C233E] – (.Pas de propriétaire – DCSHOST.) — C:ProgramDataDatacardServiceDCService.exe [249856] [PID.2092]
    [MD5.10DBAA1703253FB511D0F5C5F6064B00] – (.France Telecom SA – Pas de description.) — C:Program Files (x86)Common FilesFrance TelecomShared ModulesFTRTSVCFTRTSVC.exe [77824] [PID.2164]
    [MD5.6D8A2EE4244630B290A837E79C0F37A1] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1871160] [PID.2556]
    [MD5.09D4503CBB6ADB3A54E7C7A75090B728] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [968504] [PID.2768]
    [MD5.0AF89452A8CE3928168F4E5B2208C68B] – (…) — C:Program Files (x86)Autodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_32server.exe [86016] [PID.2920]
    [MD5.0AF89452A8CE3928168F4E5B2208C68B] – (…) — C:Program FilesAutodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_64server.exe [86016] [PID.2884]
    [MD5.2BBB318EA9F34FDC508CEA4AAB98D770] – (.TeamViewer GmbH – TeamViewer Remote Control Application.) — C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe [2673064] [PID.3360]
    [MD5.F76D04F7413B07DAA029F6520B64B4E8] – (.Macrovision Europe Ltd. – Activation Licensing Service.) — C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [651720] [PID.4976]
    [MD5.78D1DFE903224ECA05C517E9AAC9D063] – (.AVAST Software – avast! Antivirus Installer.) — C:Program FilesAVAST SoftwareAvastsetupinstup.exe [149808] [PID.4828]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M2 – MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (…) — C:ProgramDataMcAfee Security ScanExtensions{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    ~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (36)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools Litedaemon.exe =>.DT Soft Ltd
    O4 – HKCU..Run: [msnmsgr] C:Program Files (x86)Windows LiveMessengermsnmsgr.exe (.not file.)
    O4 – HKCU..Run: [AdobeBridge] Clé orpheline
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Sticky Notes.) — C:WindowsSystem32StikyNot.exe
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Windows.oldProgram FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKLM..Wow6432NodeRun: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. – AcroTray.) — C:Program Files (x86)AdobeAcrobat 8.0AcrobatAcrotray.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA – Pas de description.) — C:Program Files (x86)OrangeIEWInternetSessionManagerSessionManager.exe
    O4 – HKLM..Wow6432NodeRun: [CardDetectorHUAWEI1752_1552] . (.France Telecom SA – Pas de description.) — C:Program Files (x86)CardDetectorHUAWEI1752_1552CardDetector.exe
    O4 – HKLM..Wow6432NodeRun: [DivXUpdate] . (.Pas de propriétaire – DivX Update.) — C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Windows Desktop Gadgets.) — C:Program Files (x86)Windows SidebarSidebar.exe
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Windows Desktop Gadgets.) — C:Program Files (x86)Windows SidebarSidebar.exe
    O4 – HKUS.DEFAULT..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-18..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-4173547603-675645401-1036151855-1000..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools Litedaemon.exe =>.DT Soft Ltd
    O4 – HKUSS-1-5-21-4173547603-675645401-1036151855-1000..Run: [msnmsgr] C:Program Files (x86)Windows LiveMessengermsnmsgr.exe (.not file.)
    O4 – HKUSS-1-5-21-4173547603-675645401-1036151855-1000..Run: [AdobeBridge] Clé orpheline
    O4 – HKUSS-1-5-21-4173547603-675645401-1036151855-1000..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Sticky Notes.) — C:WindowsSystem32StikyNot.exe
    O4 – HKUSS-1-5-21-4173547603-675645401-1036151855-1000..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Windows.oldProgram FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCCSServicesTcpip..{536F8981-86B2-46E7-8F34-8E706525BA1B}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpDomain = lan
    O17 – HKLMSystemCS1ServicesTcpip..{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{536F8981-86B2-46E7-8F34-8E706525BA1B}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpDomain = lan
    O17 – HKLMSystemCS2ServicesTcpip..{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS2ServicesTcpip..{536F8981-86B2-46E7-8F34-8E706525BA1B}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{32FC0DAB-E53D-428A-B1FF-40C9CC4DEB18}: DhcpDomain = lan
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Microsoft (R) HTML Viewer.) — C:WindowsSystem32mshtml.dll
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{D07F7B55-E3F5-4075-B9B7-4D9776FC3B36}] (…) — E:setup.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [830]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1064]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1068]
    ~ Scheduled Task: 19 Legitimates Filtered in 00mn 06s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Addictive Drums – (…) [HKLM][64Bits] — Addictive Drums
    O42 – Logiciel: Cortona3D Viewer – (.ParallelGraphics.) [HKLM][64Bits] — {DEACDFFA-D424-416F-B849-FA282F55B2CE}
    O42 – Logiciel: EASYnatMAX – (…) [HKLM][64Bits] — {708E6085-E2D1-45D7-89D0-E7B936E9D3B4}
    O42 – Logiciel: ReaPlugs/x64 – (…) [HKLM][64Bits] — ReaPlugs
    O42 – Logiciel: Urban PAD 2.5.3.2.a – (.Gamr7.) [HKLM][64Bits] — Urban PAD
    O42 – Logiciel: VideoLightBox – (…) [HKLM][64Bits] — VideoLightBox
    O42 – Logiciel: Virtos DeNoiser – (.Virtos GmbH.) [HKLM][64Bits] — Virtos DeNoiser
    O42 – Logiciel: Vue 8.5 xStream 64bit – (.e-on software.) [HKLM][64Bits] — Vue 8.5 xStream 64bit
    ~ Logic: 30 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAokip]
    [HKCUSoftwareCalculator]
    [HKCUSoftwareNextLimit]
    [HKCUSoftwareVideoLightBox.com]
    [HKCUSoftwareXLN Audio]
    [HKCUSoftwarevirtos]
    [HKLMSoftwareWow6432NodeVirtos]
    [HKLMSoftwareWow6432NodeXLN Audio]
    ~ Key Software: 375 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 11/10/2010 – 12:30:07 – [] —-D C:Program Files (x86)Gamr7
    O43 – CFD: 09/05/2011 – 19:54:56 – [] —-D C:Program Files (x86)VideoLightBox
    O43 – CFD: 02/10/2014 – 11:11:07 – [] —-D C:Program Files (x86)Virtos
    O43 – CFD: 12/01/2011 – 15:07:21 – [] —-D C:Program Files (x86)XLN Audio
    O43 – CFD: 11/10/2010 – 12:30:35 – [] —-D C:UsersorionAppDataRoamingGamr7
    O43 – CFD: 30/12/2012 – 16:47:14 – [] –H-D C:UsersorionAppDataLocalAbRo1ZLrBHm3ff
    O43 – CFD: 30/12/2012 – 16:47:14 – [] –H-D C:UsersorionAppDataLocalfjudjGt073cGw
    O43 – CFD: 11/10/2010 – 12:30:08 – [] —-D C:UsersorionAppDataRoamingMicrosoftWindowsStart MenuProgramsGamr7
    O43 – CFD: 09/05/2011 – 19:54:56 – [] —-D C:UsersorionAppDataRoamingMicrosoftWindowsStart MenuProgramsVideoLightBox
    O43 – CFD: 02/10/2014 – 11:11:08 – [0] —-D C:UsersorionAppDataRoamingMicrosoftWindowsStart MenuProgramsVirtos DeNoiser
    ~ Program Folder: 204 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.895F9D772D8BDC09D94F837785F3094F] – 03/11/2014 – 14:19:17 —A- . (…) — C:Windowsntbtlog.txt [88860]
    ~ Files: 15 Legitimates Filtered in 00mn 05s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{b09b6be6-1918-11e0-b940-0022fbb55ba2}AutoRuncommand. (…) — F:AutoRunCardDetector.exe (.not file.)
    O51 – MPSK:{bb0498f8-36d7-11e0-9f6a-0022fbb55ba2}AutoRuncommand. (…) — F:AutoRunCardDetector.exe (.not file.)
    O51 – MPSK:{e738ba0d-5aae-11df-b0a1-0022fbb55ba2}AutoRuncommand. (…) — G:setup.exe (.not file.)
    O51 – MPSK:{f90759ad-1919-11e0-a8e2-0022fbb55ba2}AutoRuncommand. (…) — F:AutoRunCardDetector.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktopChanges »=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:01/05/2014 – 20:36:09 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
    O58 – SDL:01/05/2014 – 20:36:09 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
    O58 – SDL:01/05/2014 – 20:36:09 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [208416] =>.ALWIL Software
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:06/03/2012 – 01:23:14 —A- . (.Huawei Tech. Co., Ltd. – HUAWEI USB Smart Card Driver.) — C:WindowsSystem32Driversewdcsc.sys [32768]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:06/03/2012 – 01:23:42 —A- . (.MBB Incorporated – CDROM Filter.) — C:WindowsSystem32Driversmassfilter.sys [11776]
    O58 – SDL:06/03/2012 – 01:23:14 —A- . (.DiBcom SA – DiBcom AVSTREAM BDA driver.) — C:WindowsSystem32Driversmod7700.sys [1001472]
    O58 – SDL:02/01/1601 – 23:00:00 —A- . (…) — C:WindowsSystem32Driverssptd.sys [871408]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:09/04/2001 – 02:03:56 —A- . (.Syncrosoft Hard- und Software GmbH – Internet Protection Hardware Driver.) — C:WindowsSysWOW64driversNSynas32.sys [17784]
    O58 – SDL:25/11/2002 – 02:46:16 —A- . (.Syncrosoft GmbH – SynasUSB.sys.) — C:WindowsSysWOW64driversSynasUSB.sys [16896]
    O58 – SDL:05/01/2011 – 12:40:29 —A- . (…) — C:WindowsSysWOW64audcon.sys [2892]
    ~ Drivers: 83 Legitimates Filtered in 00mn 02s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 03/11/2014 – 16:58:51 —A- . (…) — C:UsersorionDesktopadwcleaner_3.311.exe [1375089]
    ~ 3483 Fichiers temporaires (Temporary files)
    ~ 176 Fichiers cookies (Cookies files)
    ~ Files: 4 Legitimates Filtered in 00mn 32s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 01/05/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 83 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:UsersorionDownloadsAdobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.ComAdobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.Comkeygen.exe =>.Crack,Keygen
    C:UsersorionDownloadsAdobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.ComAdobe.Creative.Suite.5.Master.Collection.Multilingual.ESD.ISO-CORE-wWw.Extreme-Down.Comkeygen.exe =>.Crack,Keygen
    ~ Files: Scanned in 01mn 37s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.63BA4D223A0D6D3B0965414A2D4494DA] [SPRF][08/05/2010] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.12EFD5FA51597F188E5DB50BE20EE597] [SPRF][03/11/2014] (…) — C:UsersorionDesktopadwcleaner_3.311.exe [1375089]
    [MD5.27B0372F02BBD2D05D9CFBEA7830402E] [SPRF][28/05/2011] (…) — C:UsersorionDesktopASIO4ALL_2_9_French.exe [401268]
    ~ Files: 5 Legitimates Filtered in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: « D28D155E65D47FA42A9C88797D0ABC00 » . (.Autodesk 3ds Max 2010 Tutorials Files.) — C:WindowsInstaller{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}ico_product =>PUP.AgenceExclusive
    ~ Update Products: 1 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 25/10/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 14/06/2010 1030600 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe
    SS – | Auto 19/10/2014 107912 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 19/10/2014 107912 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.150McCHSvc.exe
    SS – | Demand 30/10/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) – C:Windows.oldProgram FilesSkypeUpdaterUpdater.exe
    SR – | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 18/08/2009 203264 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 01/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) – C:Program Files (x86)BonjourmDNSResponder.exe
    SR – | Auto 29/09/2010 249856 | (DCService.exe) . (…) – C:ProgramDataDatacardServiceDCService.exe
    SR – | Demand 14/06/2010 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SR – | Auto 25/08/2009 77824 | C:Program Files (x86)COMMON~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) – C:Program Files (x86)Common FilesFrance TelecomShared ModulesFTRTSVCFTRTSVC.exe
    SR – | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 12/03/2009 86016 | (mi-raysat_3dsmax2010_32) . (…) – C:Program Files (x86)Autodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_32server.exe
    SR – | Auto 12/03/2009 86016 | (mi-raysat_3dsmax2010_64) . (…) – C:Program FilesAutodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_64server.exe
    SR – | Auto 16/07/2012 2673064 | (TeamViewer7) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 10s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by orion at 03/11/2014 17:00:56
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
    Run by orion at 03/11/2014 17:00:58
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:02/01/1601 – 23:00:00 —A- . (…) — C:WindowsSystem32Driverssptd.sys [871408]
    ~ Emulateurs: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (03/11/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 0

    ~ Additionnel Scan: 667735 Items scanned in 01mn 00s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ » onclick= »window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ » onclick= »window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ » onclick= »window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ » onclick= »window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
    ~ AMI: 4 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/spyware-agenceexclusive » onclick= »window.open(this.href);return false; =>PUP.AgenceExclusive
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 852 Legitimates filtered by white list
    End of the scan (460 lines in 04mn 38s)(2)[/spoiler:3pwrcgg0]

    Voilà, je viens d’essayer de relancer un de mes logiciels qui plantait, au cas où, avant d’envoyer ce message, mais c’est la même chose. Un immense merci, et dans l’attente de news.
    :merci2:

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8208

    salut

    • Désactive ton antivirus le temps du téléchargement et de l’utilisation.
    • Télécharge AdsFix sur ton bureau.
      Note : Enregistrer votre travail avant de continuer !
    • Lance AdsFix
    • Pour un pc assez infecté , il peut mettre plusieurs secondes à se charger
    • Inscrit ton pays
    • Clique sur Nettoyer , après l’avoir débloqué dans les options

      Note : Patiente le temps du scan
    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : « Supprimer le proxy« 
    • Héberge le rapport C:AdsFix_date_heure.txt sur SOSUpload puis donne le lien obtenu.

    Aide:

    JohnBeacon
    Participant
    Nombre d'articles : 29

    Merci beaucoup pour cette réponse rapide !
    J’ai téléchargé AdsFix, j’ai lancé une analyse mais j’ai dû l’interrompre pour un truc important de dernière minute à faire sur l’ordi. Et l’analyse prend un temps fou. (à 55% j’avais déjà 35 infections).
    Donc je la relance pendant la nuit, j’espère que tout va bien se passer. Je reviens ici demain.
    Merci encore !

    JohnBeacon
    Participant
    Nombre d'articles : 29

    Salut,

    Je ne sais pas jusqu’où est allé AdsFix car après l’avoir lancé cette nuit, je retrouve ce matin un écran bleu. C’est typique, dès que je laisse une application tourner, quand je reviens, j’ai du bleu…
    Bon, il y a quand même un rapport (peut-être incomplet ?) : http://upload.sosvirus.net/www/?a=d&i=CpuHJ8UPIA » onclick= »window.open(this.href);return false;
    Merci

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8208

    re

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    JohnBeacon
    Participant
    Nombre d'articles : 29

    Re,

    J’ai fait 2 scans, chacun comprenant 2 modules externes branchés en USB.
    Le 1er :

    ############################## | UsbFix V 7.184 | [Clean]

    User: orion (Administrator) # ORION-PC
    Updated 20/10/2014 by El Desaparecido – SosVirus
    Started at 15:27:33 | 04/11/2014

    Website : http://www.en.usbfix.net/
    Changelog : http://www.en.usbfix.net/changelog/
    Support : http://www.sosvirus.net/
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Live detection : http://how-to-remove.us/
    Contact : http://www.en.usbfix.net/contact/

    ################## | System information |

    MB: MSI (MS-1722)
    CPU: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz
    GC: ATI Mobility Radeon HD 4850
    RAM -> [Total : 4095 Mo | Free : 2252 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Mozilla Firefox : 33.0.2

    ################## | Security Information |

    AV: avast! Antivirus [(!) Disabled |Updated]
    AS: Windows Defender [Enabled |Updated]
    AS: avast! Antivirus [(!) Disabled |Updated]
    AS: Malwarebytes Anti-Malware : 2.0.3.1025
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Fixed disk # 98 Gb (19 Gb free – 20%) [] # NTFS
    D: -> Fixed disk # 360 Gb (24 Gb free – 7%) [] # NTFS
    F: -> Removable disk # 15 Gb (2 Gb free – 12%) [KINGSTON] # FAT32
    H: -> Fixed disk # 466 Gb (19 Gb free – 4%) [My Passport] # FAT32

    ################## | Generic Research |

    Deleted! F:x.exe
    Deleted! F:New Folder.lnk
    Deleted! F:Passwords.lnk
    Deleted! F:Documents.lnk
    Deleted! F:Pictures.lnk
    Deleted! F:Music.lnk
    Deleted! F:Video.lnk
    Deleted! F:.Trashes.lnk
    Deleted! F:.Spotlight-V100.lnk
    Deleted! F:old.lnk
    Deleted! F:Premiere6.5.lnk
    Deleted! F:TL7.lnk
    Deleted! F:clips.lnk
    Deleted! F:USER FILES.lnk
    Deleted! F:Cambodge.lnk
    Deleted! F:films.lnk
    Deleted! F:templates.lnk
    Deleted! F:trucs nouveaux pour site.lnk
    Deleted! F:Photos papa et maman.lnk
    Deleted! F:site 2012.lnk
    Deleted! F:bat.lnk
    Deleted! F:CV.lnk
    Deleted! F:sur la route du jeu.lnk
    Deleted! F:Trad.lnk
    Deleted! F:album_photos.lnk
    Deleted! F:blue-grass.lnk
    Deleted! F:tutos_realflow.lnk
    Deleted! F:Ressources.lnk
    Deleted! F:mix_spectacle.lnk
    Deleted! F:logiciels.lnk
    Deleted! F:photos_maison.lnk
    Deleted! F:Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].lnk
    Deleted! F:van der toc.lnk
    Deleted! F:Nepal Photo.lnk
    Deleted! F:Tor Browser.lnk
    Deleted! F:Tutos After Effect CS6 nouveautes.lnk
    Deleted! F:SUrf.lnk
    Deleted! F:Guitare voix, flute ou violon.lnk
    Deleted! F:.fseventsd.lnk
    Deleted! F:Nepal Video.lnk
    Deleted! F:mix.lnk
    Deleted! F:ert.dll
    Deleted! F:syncguid.dat
    Deleted! H:autorun.in_2.org
    Deleted! H:Autorun.inf
    Deleted! F:siuut.exe
    Deleted! F:siuutx.exe

    (!) Temporary files deleted. (14.1440343856812 MB)

    ################## | Registry |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools Litedaemon.exe » -autorun
    04 – HKCU..Run : [msnmsgr] « C:Program Files (x86)Windows LiveMessengermsnmsgr.exe » /background
    04 – HKCU..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKCU..Run : [Skype] « C:Windows.oldProgram FilesSkypePhoneSkype.exe » /minimized /regrun
    04 – HKLM..Run : [Acrobat Assistant 8.0] « C:Program Files (x86)AdobeAcrobat 8.0AcrobatAcrotray.exe »
    04 – HKLM..Run : [QuickTime Task] « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    04 – HKLM..Run : [SunJavaUpdateSched] « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
    04 – HKLM..Run : [BEWINTERNET-FR-DMGP-V2SessionManager] « C:Program Files (x86)OrangeIEWInternetSessionManagerSessionManager.exe »
    04 – HKLM..Run : [CardDetectorHUAWEI1752_1552] C:Program Files (x86)CardDetectorHUAWEI1752_1552CardDetector.exe
    04 – HKLM..Run : [DivXUpdate] « C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe » /CHECKNOW
    04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools Litedaemon.exe » -autorun
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [msnmsgr] « C:Program Files (x86)Windows LiveMessengermsnmsgr.exe » /background
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [AdobeBridge]
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [Skype] « C:Windows.oldProgram FilesSkypePhoneSkype.exe » /minimized /regrun
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18..RunOnce : [SPReview] « C:WindowsSystem32SPReviewSPReview.exe » /sp:1 /errorfwlink: »http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | UsbFix – Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?

    ################## | Hijack |

    Restored! [N] F:._lexetat.avi
    Restored! [N] F:._video Qi Gong François.mp4
    Restored! [N] F:.vbt5
    Restored! [N] F:._trek_final.mov
    Restored! [N] F:._tao3.we3.7(1).WMA
    Restored! [N] F:._Emmaniversaire.mov

    ################## | C: %SystemDrive% – Fixed drive (NTFS) |

    [02/05/2010 – 14:45:05 | A | 0 Ko] – C:debug.txt
    [04/11/2014 – 04:59:00 | A | 38 Ko] – C:AdsFix_4novembre2014_8h30.txt
    [20/03/2009 – 16:42:25 | A | 0 Ko] – C:config.sys
    [04/11/2014 – 08:23:14 | ASH | 3145080 Ko] – C:hiberfil.sys
    [04/11/2014 – 08:23:18 | ASH | 4193440 Ko] – C:pagefile.sys
    [26/10/2014 – 13:19:44 | D] – C:Windows.old
    [13/12/2009 – 19:52:15 | A | 0 Ko] – C:Setup.log
    [03/11/2014 – 17:00:57 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [04/11/2014 – 08:23:59 | SHD] – C:$Recycle.Bin
    [20/03/2009 – 16:42:25 | A | 0 Ko] – C:autoexec.bat
    [09/05/2010 – 01:09:16 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [14/07/2009 – 04:20:08 | D] – C:PerfLogs
    [14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
    [29/03/2010 – 15:54:33 | D] – C:SwarmCache
    [08/05/2010 – 15:24:11 | SHD] – C:Recovery
    [08/05/2010 – 15:24:20 | RD] – C:Users
    [29/05/2010 – 11:16:47 | D] – C:Securitoo
    [20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
    [23/12/2010 – 23:52:58 | D] – C:temporaire_directx
    [05/01/2011 – 17:36:49 | D] – C:Games
    [20/03/2013 – 08:51:17 | SHD] – C:Boot
    [02/10/2014 – 11:02:04 | RD] – C:Program Files
    [03/11/2014 – 16:36:41 | HD] – C:ProgramData
    [03/11/2014 – 16:36:46 | D] – C:AdwCleaner
    [03/11/2014 – 16:55:39 | RD] – C:Program Files (x86)
    [03/11/2014 – 23:51:26 | D] – C:AdsFix
    [04/11/2014 – 08:24:47 | D] – C:Windows
    [04/11/2014 – 08:30:57 | SHD] – C:System Volume Information
    [04/11/2014 – 15:26:33 | D] – C:UsbFix

    ################## | D: – Fixed drive (NTFS) |

    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1031.txt
    [07/11/2007 – 07:00:40 | A | 10 Ko] – D:eula.1033.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.2052.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1042.txt
    [07/11/2007 – 07:00:40 | A | 0 Ko] – D:eula.1041.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1040.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1036.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.3082.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1028.txt
    [29/03/2010 – 11:56:23 | D] – D:msdownld.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_2.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_1.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_3.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_5.tmp
    [27/09/2010 – 11:14:32 | A | 11424 Ko] – D:2141129_MVM_0.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_1.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_2.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_3.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_5.tmp
    [27/09/2010 – 11:58:09 | A | 1632 Ko] – D:4879196_MVM_0.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_1.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_3.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_2.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_5.tmp
    [27/09/2010 – 12:17:07 | A | 1632 Ko] – D:8327380_MVM_0.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_1.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_2.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_3.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_5.tmp
    [27/09/2010 – 12:22:48 | A | 1632 Ko] – D:8682282_MVM_0.tmp
    [07/11/2007 – 07:53:12 | A | 237 Ko] – D:VC_RED.MSI
    [12/05/2014 – 11:37:22 | A | 323621 Ko] – D:Emmaniversaire.mov
    [07/11/2007 – 07:00:40 | A | 1 Ko] – D:install.ini
    [07/11/2007 – 07:00:40 | A | 1 Ko] – D:globdata.ini
    [07/11/2007 – 07:44:20 | A | 835 Ko] – D:install.exe
    [01/12/2006 – 22:37:14 | A | 884 Ko] – D:msdia80.dll
    [07/11/2007 – 07:44:20 | A | 93 Ko] – D:install.res.1031.dll
    [07/11/2007 – 07:44:20 | A | 88 Ko] – D:install.res.1033.dll
    [07/11/2007 – 07:44:20 | A | 94 Ko] – D:install.res.1036.dll
    [07/11/2007 – 07:44:20 | A | 92 Ko] – D:install.res.1040.dll
    [07/11/2007 – 07:44:20 | A | 79 Ko] – D:install.res.1041.dll
    [07/11/2007 – 07:44:20 | A | 77 Ko] – D:install.res.1042.dll
    [07/11/2007 – 07:44:20 | A | 73 Ko] – D:install.res.2052.dll
    [07/11/2007 – 07:44:20 | A | 93 Ko] – D:install.res.3082.dll
    [07/11/2007 – 07:44:20 | A | 74 Ko] – D:install.res.1028.dll
    [07/11/2007 – 07:50:40 | A | 1883 Ko] – D:VC_RED.cab
    [07/11/2007 – 07:00:40 | A | 6 Ko] – D:vcredist.bmp
    [08/05/2010 – 15:24:34 | SHD] – D:$RECYCLE.BIN
    [08/11/2009 – 20:01:30 | SHD] – D:System Volume Information
    [11/11/2009 – 10:11:48 | D] – D:projetTUT
    [11/12/2009 – 14:32:32 | D] – D:ANIME
    [28/02/2010 – 13:22:33 | D] – D:montageFOTO
    [07/03/2010 – 19:56:23 | D] – D:landArt
    [18/03/2010 – 19:44:28 | D] – D:trucs du telephone
    [20/08/2010 – 08:22:20 | D] – D:pour_dvd
    [05/11/2010 – 19:31:02 | D] – D:plan_caharel
    [09/11/2010 – 18:29:26 | D] – D:Art_du_tao
    [27/01/2011 – 11:26:45 | D] – D:After_effect_tests
    [27/01/2011 – 15:32:35 | D] – D:site_test_flash
    [28/01/2011 – 16:59:41 | D] – D:Tutos
    [28/01/2011 – 17:01:35 | D] – D:KOM
    [12/02/2011 – 23:02:27 | D] – D:116d7391cb87ef9ad2ed
    [13/02/2011 – 10:07:21 | D] – D:faire_son_pain
    [04/05/2011 – 19:31:42 | D] – D:Mexik
    [18/06/2011 – 14:46:07 | D] – D:videographe
    [18/06/2011 – 14:49:24 | D] – D:logo_bati
    [24/06/2011 – 19:13:12 | D] – D:After_effects_templates
    [28/06/2011 – 13:18:24 | D] – D:Essai TL7
    [03/10/2011 – 12:21:02 | D] – D:teaser_perso
    [10/10/2011 – 16:29:07 | D] – D:aa_sauvegardes_ancien_bureau
    [13/11/2011 – 13:29:35 | D] – D:joel
    [29/11/2011 – 22:39:35 | D] – D:Cocktail_diffusion
    [23/02/2012 – 18:52:06 | D] – D:CV Yuppa
    [04/06/2012 – 17:20:41 | D] – D:impots
    [10/06/2012 – 20:13:33 | D] – D:SITE
    [29/07/2012 – 18:37:48 | D] – D:3D
    [17/01/2013 – 15:11:05 | D] – D:sur la route du jeu
    [01/03/2013 – 21:09:24 | D] – D:Van Der Toc et Cie
    [19/09/2013 – 12:48:15 | D] – D:Video rudy 30 ans
    [18/12/2013 – 10:35:50 | D] – D:carte_voeux_baticreateurs
    [27/02/2014 – 16:42:08 | D] – D:CV
    [27/02/2014 – 16:50:06 | D] – D:horoscope Maya
    [27/02/2014 – 17:03:06 | D] – D:EESI
    [24/05/2014 – 19:57:45 | D] – D:Art video of me
    [05/06/2014 – 21:02:07 | D] – D:Mitchosa
    [06/07/2014 – 19:36:11 | D] – D:TL7
    [13/07/2014 – 09:20:49 | D] – D:jeux
    [17/07/2014 – 20:11:15 | D] – D:Mylie trucs
    [13/09/2014 – 10:53:10 | D] – D:film
    [15/09/2014 – 09:41:36 | D] – D:footages
    [22/09/2014 – 09:00:41 | D] – D:photos
    [24/09/2014 – 10:07:04 | D] – D:Licence Pro
    [24/09/2014 – 14:11:07 | D] – D:Cinema 4d tests
    [02/10/2014 – 14:40:18 | D] – D:zik, paroles, tabs
    [04/10/2014 – 08:56:58 | D] – D:Tao
    [04/10/2014 – 14:54:30 | D] – D:logiciels
    [09/10/2014 – 16:22:31 | D] – D:Gerling L
    [13/10/2014 – 12:46:09 | D] – D:La ferme aux abeilles
    [22/10/2014 – 13:11:22 | D] – D:Jeanne
    [23/10/2014 – 14:42:27 | D] – D:LCS
    [24/10/2014 – 11:32:20 | D] – D:Videos Debut

    ################## | F: – Removable drive (FAT32) |

    [13/01/2014 – 16:56:04 | A | 46107 Ko] – F:tao3.we3.7(1).WMA
    [13/01/2014 – 16:57:54 | N | 4 Ko] – F:._tao3.we3.7(1).WMA
    [16/05/2008 – 23:01:40 | A | 16200 Ko] – F:p’tite zik.wav
    [06/11/2012 – 21:03:50 | A | 26109 Ko] – F:for_something.wav
    [18/01/2014 – 13:41:40 | N | 0 Ko] – F:.vbt5
    [19/07/2012 – 09:56:34 | A | 2 Ko] – F:git along little dogies.txt
    [19/07/2012 – 11:51:40 | A | 1 Ko] – F:there’s a man going round taking names.txt
    [18/01/2012 – 17:23:54 | D] – F:.Trashes
    [18/01/2012 – 17:23:54 | N | 4 Ko] – F:._.Trashes
    [18/01/2012 – 17:23:54 | D] – F:.Spotlight-V100
    [28/03/2012 – 14:47:24 | A | 786 Ko] – F:Leclerc reduit.pdf
    [23/05/2012 – 09:30:18 | A | 6714 Ko] – F:l_homme_qui_parle_aux_plantes.pdf
    [07/12/2012 – 12:51:52 | A | 13776 Ko] – F:repertoire 2012PDF.pdf
    [27/12/2012 – 22:31:14 | A | 128 Ko] – F:Yo%20Ho%20Ho%20and%20a%20Bottle%20of%20Rum.pdf
    [12/04/2013 – 08:49:36 | A | 469 Ko] – F:cv2013.pdf
    [11/02/2013 – 17:00:18 | A | 8 Ko] – F:lettre de rupture conventionnelle.odt
    [11/07/2012 – 13:00:58 | A | 96 Ko] – F:text_3d_2.obj
    [11/07/2012 – 13:00:58 | A | 0 Ko] – F:text_3d_2.mtl
    [11/06/2012 – 16:50:46 | A | 1132 Ko] – F:IMGP8558.mpg_Video
    [11/06/2012 – 16:50:46 | A | 88 Ko] – F:IMGP8558.mpg_Audio
    [11/06/2012 – 16:43:44 | A | 6373 Ko] – F:27758537.mpa
    [24/07/2012 – 12:52:00 | A | 4902 Ko] – F:There_s a Man Going Around Taking Names.mp4
    [25/09/2012 – 22:21:14 | A | 3170 Ko] – F:Vidéo0013.mp4
    [25/09/2012 – 22:22:42 | A | 901 Ko] – F:Vidéo0012.mp4
    [19/12/2012 – 16:58:22 | A | 33064 Ko] – F:France Gall – Laisse Tomber Les Filles (1964) HD 1080p.mp4
    [30/12/2012 – 11:08:54 | A | 513 Ko] – F:compo_640.mp4
    [10/05/2013 – 14:28:26 | A | 122304 Ko] – F:video Qi Gong François.mp4
    [31/07/2013 – 21:47:56 | N | 4 Ko] – F:._video Qi Gong François.mp4
    [24/07/2012 – 12:53:34 | A | 1382 Ko] – F:There_s a Man Going Around Taking Names.mp3
    [07/11/2012 – 10:20:42 | A | 2176 Ko] – F:for_something.mp3
    [30/12/2013 – 16:37:24 | A | 843823 Ko] – F:trek_final.mov
    [30/12/2013 – 17:19:56 | N | 4 Ko] – F:._trek_final.mov
    [12/05/2014 – 12:37:22 | A | 323621 Ko] – F:Emmaniversaire.mov
    [12/05/2014 – 12:45:30 | N | 4 Ko] – F:._Emmaniversaire.mov
    [11/07/2012 – 14:07:22 | A | 192 Ko] – F:texte_3d_2.max
    [01/02/2012 – 23:12:26 | A | 209 Ko] – F:chambre_interieur_nuit_leger.jpg
    [02/02/2012 – 19:51:40 | A | 326 Ko] – F:chambre_interieur_presque_nuit_leger.jpg
    [21/05/2012 – 13:52:30 | A | 68 Ko] – F:logo sans adresse internet.jpg
    [23/12/2012 – 23:51:40 | A | 276 Ko] – F:imuvrini copie.jpg
    [27/12/2012 – 22:31:26 | A | 344 Ko] – F:derelict-melody.JPG
    [30/12/2012 – 11:12:52 | A | 91 Ko] – F:image_voeux_2013.jpg
    [27/09/2012 – 12:03:00 | D] – F:Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx]
    [20/06/2012 – 18:27:36 | A | 5 Ko] – F:index_copy.html
    [03/07/2012 – 16:02:06 | A | 9 Ko] – F:portfolio-1.html
    [01/08/2014 – 17:17:52 | HD] – F:.fseventsd
    [30/12/2012 – 16:50:02 | A | 2161 Ko] – F:voeux_baticreateurs_2013.flv
    [15/05/2012 – 21:34:26 | A | 241 Ko] – F:USER FILES.exe
    [15/05/2012 – 21:34:26 | A | 241 Ko] – F:Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].exe
    [15/05/2012 – 21:34:26 | A | 241 Ko] – F:Trad.exe
    [15/05/2012 – 21:34:26 | A | 241 Ko] – F:van der toc.exe
    [15/05/2012 – 21:34:26 | A | 241 Ko] – F:trucs nouveaux pour site.exe
    [15/05/2012 – 21:34:26 | A | 241 Ko] – F:tutos_realflow.exe
    [15/05/2012 – 21:34:26 | A | 241 Ko] – F:Tutos After Effect CS6 nouveautes.exe
    [26/07/2012 – 16:37:48 | A | 3559 Ko] – F:TeamViewer_Setup_fr-cka.exe
    [27/12/2012 – 16:52:06 | A | 23488 Ko] – F:tor-browser-2.3.25-1_en-US.exe
    [01/10/2012 – 15:03:06 | A | 12 Ko] – F:services_anglais.docx
    [25/06/2012 – 00:54:48 | N | 4 Ko] – F:._lexetat.avi
    [03/08/2013 – 16:35:12 | AH | 0 Ko] – F:.apdisk
    [23/05/2007 – 14:46:28 | D] – F:SUrf
    [08/01/2008 – 17:46:20 | D] – F:USER FILES
    [24/10/2011 – 15:20:54 | D] – F:TL7
    [26/01/2012 – 17:05:30 | D] – F:mix
    [06/03/2012 – 12:33:24 | D] – F:clips
    [05/06/2012 – 15:51:18 | D] – F:templates
    [08/06/2012 – 18:39:50 | D] – F:Cambodge
    [10/06/2012 – 21:14:08 | D] – F:site 2012
    [15/06/2012 – 11:43:32 | D] – F:trucs nouveaux pour site
    [25/06/2012 – 00:55:08 | D] – F:films
    [03/07/2012 – 09:30:16 | D] – F:old
    [04/07/2012 – 09:20:28 | D] – F:blue-grass
    [13/07/2012 – 16:03:00 | D] – F:tutos_realflow
    [24/07/2012 – 10:56:00 | D] – F:photos_maison
    [18/08/2012 – 19:25:50 | D] – F:Photos papa et maman
    [05/09/2012 – 14:38:08 | D] – F:mix_spectacle
    [09/09/2012 – 17:57:44 | D] – F:sur la route du jeu
    [28/10/2012 – 11:37:40 | D] – F:van der toc
    [02/12/2012 – 17:18:02 | D] – F:Tor Browser
    [19/12/2012 – 16:49:20 | D] – F:Trad
    [02/01/2013 – 09:41:18 | D] – F:bat
    [03/04/2013 – 11:43:42 | D] – F:Ressources
    [03/04/2013 – 12:34:00 | D] – F:logiciels
    [03/04/2013 – 12:47:30 | D] – F:Tutos After Effect CS6 nouveautes
    [19/06/2013 – 09:19:14 | D] – F:Guitare voix, flute ou violon
    [06/08/2013 – 10:03:06 | D] – F:CV
    [07/10/2013 – 14:37:06 | D] – F:album_photos
    [31/10/2013 – 22:58:34 | D] – F:Nepal Photo
    [17/12/2013 – 11:35:56 | D] – F:Mitcho’sa
    [30/12/2013 – 17:21:04 | AD] – F:nepal_selection
    [03/06/2014 – 09:18:14 | D] – F:fotos ferme zabeilles
    [29/07/2014 – 17:41:36 | D] – F:Crack-Windows

    ################## | H: – Fixed drive (FAT32) |

    [16/07/2008 – 09:14:58 | A | 42 Ko] – H:WDInstaller.xml
    [24/10/2009 – 12:54:22 | HD] – H:.Trashes
    [24/10/2009 – 12:54:22 | AH | 4 Ko] – H:._.Trashes
    [27/09/2010 – 12:14:34 | A | 0 Ko] – H:2141129_MVM_6.tmp
    [27/09/2010 – 12:14:34 | A | 0 Ko] – H:2141129_MVM_4.tmp
    [27/09/2010 – 12:58:10 | A | 0 Ko] – H:4879196_MVM_4.tmp
    [27/09/2010 – 12:58:14 | A | 0 Ko] – H:4879196_MVM_6.tmp
    [27/09/2010 – 13:17:08 | A | 0 Ko] – H:8327380_MVM_4.tmp
    [27/09/2010 – 13:17:08 | A | 0 Ko] – H:8327380_MVM_6.tmp
    [27/09/2010 – 13:22:50 | A | 0 Ko] – H:8682282_MVM_4.tmp
    [27/09/2010 – 13:22:50 | A | 0 Ko] – H:8682282_MVM_6.tmp
    [03/02/2013 – 18:03:14 | AH | 4 Ko] – H:._.TemporaryItems
    [03/02/2013 – 18:03:14 | HD] – H:.TemporaryItems
    [24/10/2009 – 12:54:22 | HD] – H:.Spotlight-V100
    [11/01/2009 – 14:19:48 | A | 0 Ko] – H:wdEULA.log
    [11/01/2009 – 14:19:50 | A | 0 Ko] – H:wdstatus.log
    [11/01/2009 – 14:27:40 | A | 0 Ko] – H:wdinstaller.log
    [24/04/2004 – 12:38:56 | A | 37 Ko] – H:JSTART.exe
    [08/02/2008 – 13:44:38 | A | 4467 Ko] – H:WDSync.exe
    [08/07/2008 – 11:53:30 | A | 1719 Ko] – H:WDSetup.exe
    [18/07/2008 – 11:23:04 | A | 312 Ko] – H:Setup.exe
    [08/07/2009 – 20:39:22 | SHD] – H:$RECYCLE.BIN
    [04/05/2011 – 19:27:28 | SHD] – H:FOUND.000
    [22/07/2008 – 14:29:30 | D] – H:WD_Windows_Tools
    [22/07/2008 – 14:30:50 | D] – H:WDsync
    [22/07/2008 – 14:30:50 | D] – H:Documentation
    [22/07/2008 – 14:30:54 | D] – H:autorun
    [26/12/2008 – 11:01:44 | D] – H:WD Sync Data
    [26/12/2008 – 11:01:44 | SHD] – H:System Volume Information
    [28/12/2008 – 12:40:06 | D] – H:Recycled
    [11/01/2009 – 14:32:04 | D] – H:HOP
    [18/08/2010 – 11:32:46 | D] – H:Backup HDD G7
    [27/09/2010 – 16:27:52 | D] – H:Art_Du_Tao_videos
    [27/09/2010 – 16:30:08 | D] – H:FileZilla
    [16/11/2010 – 11:12:26 | D] – H:Travaux
    [04/07/2014 – 11:01:44 | D] – H:mitcho’sa tribaba

    ################## | Vaccin |

    C:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

    …Et le 2ème :

    ############################## | UsbFix V 7.184 | [Clean]

    User: orion (Administrator) # ORION-PC
    Updated 20/10/2014 by El Desaparecido – SosVirus
    Started at 15:38:41 | 04/11/2014

    Website : http://www.en.usbfix.net/
    Changelog : http://www.en.usbfix.net/changelog/
    Support : http://www.sosvirus.net/
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Live detection : http://how-to-remove.us/
    Contact : http://www.en.usbfix.net/contact/

    ################## | System information |

    MB: MSI (MS-1722)
    CPU: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz
    GC: ATI Mobility Radeon HD 4850
    RAM -> [Total : 4095 Mo | Free : 2785 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Mozilla Firefox : 33.0.2

    ################## | Security Information |

    AV: avast! Antivirus [(!) Disabled |Updated]
    AS: Windows Defender [Enabled |Updated]
    AS: avast! Antivirus [(!) Disabled |Updated]
    AS: Malwarebytes Anti-Malware : 2.0.3.1025
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Fixed disk # 98 Gb (19 Gb free – 20%) [] # NTFS
    D: -> Fixed disk # 360 Gb (24 Gb free – 7%) [] # NTFS
    F: -> Fixed disk # 931 Gb (281 Gb free – 30%) [GO JEANNE] # FAT32
    I: -> Removable disk # 1000 Mb (152 Mb free – 15%) [WS_321M] # FAT

    ################## | Generic Research |

    Deleted! F:syncguid.dat
    Deleted! F:Thumbs.db
    Deleted! I:syncguid.dat

    (!) Temporary files deleted. (0.0634346008300781 MB)

    ################## | Registry |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools Litedaemon.exe » -autorun
    04 – HKCU..Run : [msnmsgr] « C:Program Files (x86)Windows LiveMessengermsnmsgr.exe » /background
    04 – HKCU..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKCU..Run : [Skype] « C:Windows.oldProgram FilesSkypePhoneSkype.exe » /minimized /regrun
    04 – HKLM..Run : [Acrobat Assistant 8.0] « C:Program Files (x86)AdobeAcrobat 8.0AcrobatAcrotray.exe »
    04 – HKLM..Run : [QuickTime Task] « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    04 – HKLM..Run : [SunJavaUpdateSched] « C:Program Files (x86)Common FilesJavaJava Updatejusched.exe »
    04 – HKLM..Run : [BEWINTERNET-FR-DMGP-V2SessionManager] « C:Program Files (x86)OrangeIEWInternetSessionManagerSessionManager.exe »
    04 – HKLM..Run : [CardDetectorHUAWEI1752_1552] C:Program Files (x86)CardDetectorHUAWEI1752_1552CardDetector.exe
    04 – HKLM..Run : [DivXUpdate] « C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe » /CHECKNOW
    04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools Litedaemon.exe » -autorun
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [msnmsgr] « C:Program Files (x86)Windows LiveMessengermsnmsgr.exe » /background
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [AdobeBridge]
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-4173547603-675645401-1036151855-1000..Run : [Skype] « C:Windows.oldProgram FilesSkypePhoneSkype.exe » /minimized /regrun
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18..RunOnce : [SPReview] « C:WindowsSystem32SPReviewSPReview.exe » /sp:1 /errorfwlink: »http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | UsbFix – Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?

    ################## | Hijack |

    Restored! [N] I:.vbt5

    ################## | C: %SystemDrive% – Fixed drive (NTFS) |

    [02/05/2010 – 14:45:05 | A | 0 Ko] – C:debug.txt
    [04/11/2014 – 04:59:00 | A | 38 Ko] – C:AdsFix_4novembre2014_8h30.txt
    [20/03/2009 – 16:42:25 | A | 0 Ko] – C:config.sys
    [04/11/2014 – 08:23:14 | ASH | 3145080 Ko] – C:hiberfil.sys
    [04/11/2014 – 08:23:18 | ASH | 4193440 Ko] – C:pagefile.sys
    [26/10/2014 – 13:19:44 | D] – C:Windows.old
    [13/12/2009 – 19:52:15 | A | 0 Ko] – C:Setup.log
    [03/11/2014 – 17:00:57 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [04/11/2014 – 08:23:59 | SHD] – C:$Recycle.Bin
    [20/03/2009 – 16:42:25 | A | 0 Ko] – C:autoexec.bat
    [09/05/2010 – 01:09:16 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [14/07/2009 – 04:20:08 | D] – C:PerfLogs
    [14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
    [29/03/2010 – 15:54:33 | D] – C:SwarmCache
    [08/05/2010 – 15:24:11 | SHD] – C:Recovery
    [08/05/2010 – 15:24:20 | RD] – C:Users
    [29/05/2010 – 11:16:47 | D] – C:Securitoo
    [20/11/2010 – 13:40:07 | RASH | 375 Ko] – C:bootmgr
    [23/12/2010 – 23:52:58 | D] – C:temporaire_directx
    [05/01/2011 – 17:36:49 | D] – C:Games
    [20/03/2013 – 08:51:17 | SHD] – C:Boot
    [02/10/2014 – 11:02:04 | RD] – C:Program Files
    [03/11/2014 – 16:36:41 | HD] – C:ProgramData
    [03/11/2014 – 16:36:46 | D] – C:AdwCleaner
    [03/11/2014 – 16:55:39 | RD] – C:Program Files (x86)
    [03/11/2014 – 23:51:26 | D] – C:AdsFix
    [04/11/2014 – 08:24:47 | D] – C:Windows
    [04/11/2014 – 08:30:57 | SHD] – C:System Volume Information
    [04/11/2014 – 15:38:28 | D] – C:UsbFix

    ################## | D: – Fixed drive (NTFS) |

    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1031.txt
    [07/11/2007 – 07:00:40 | A | 10 Ko] – D:eula.1033.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.2052.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1042.txt
    [07/11/2007 – 07:00:40 | A | 0 Ko] – D:eula.1041.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1040.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1036.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.3082.txt
    [07/11/2007 – 07:00:40 | A | 17 Ko] – D:eula.1028.txt
    [29/03/2010 – 11:56:23 | D] – D:msdownld.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_2.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_1.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_3.tmp
    [27/09/2010 – 10:33:10 | A | 0 Ko] – D:2141129_MVM_5.tmp
    [27/09/2010 – 11:14:32 | A | 11424 Ko] – D:2141129_MVM_0.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_1.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_2.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_3.tmp
    [27/09/2010 – 11:18:48 | A | 0 Ko] – D:4879196_MVM_5.tmp
    [27/09/2010 – 11:58:09 | A | 1632 Ko] – D:4879196_MVM_0.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_1.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_3.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_2.tmp
    [27/09/2010 – 12:16:16 | A | 0 Ko] – D:8327380_MVM_5.tmp
    [27/09/2010 – 12:17:07 | A | 1632 Ko] – D:8327380_MVM_0.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_1.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_2.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_3.tmp
    [27/09/2010 – 12:22:11 | A | 0 Ko] – D:8682282_MVM_5.tmp
    [27/09/2010 – 12:22:48 | A | 1632 Ko] – D:8682282_MVM_0.tmp
    [07/11/2007 – 07:53:12 | A | 237 Ko] – D:VC_RED.MSI
    [12/05/2014 – 11:37:22 | A | 323621 Ko] – D:Emmaniversaire.mov
    [07/11/2007 – 07:00:40 | A | 1 Ko] – D:install.ini
    [07/11/2007 – 07:00:40 | A | 1 Ko] – D:globdata.ini
    [07/11/2007 – 07:44:20 | A | 835 Ko] – D:install.exe
    [01/12/2006 – 22:37:14 | A | 884 Ko] – D:msdia80.dll
    [07/11/2007 – 07:44:20 | A | 93 Ko] – D:install.res.1031.dll
    [07/11/2007 – 07:44:20 | A | 88 Ko] – D:install.res.1033.dll
    [07/11/2007 – 07:44:20 | A | 94 Ko] – D:install.res.1036.dll
    [07/11/2007 – 07:44:20 | A | 92 Ko] – D:install.res.1040.dll
    [07/11/2007 – 07:44:20 | A | 79 Ko] – D:install.res.1041.dll
    [07/11/2007 – 07:44:20 | A | 77 Ko] – D:install.res.1042.dll
    [07/11/2007 – 07:44:20 | A | 73 Ko] – D:install.res.2052.dll
    [07/11/2007 – 07:44:20 | A | 93 Ko] – D:install.res.3082.dll
    [07/11/2007 – 07:44:20 | A | 74 Ko] – D:install.res.1028.dll
    [07/11/2007 – 07:50:40 | A | 1883 Ko] – D:VC_RED.cab
    [07/11/2007 – 07:00:40 | A | 6 Ko] – D:vcredist.bmp
    [08/05/2010 – 15:24:34 | SHD] – D:$RECYCLE.BIN
    [08/11/2009 – 20:01:30 | SHD] – D:System Volume Information
    [11/11/2009 – 10:11:48 | D] – D:projetTUT
    [11/12/2009 – 14:32:32 | D] – D:ANIME
    [28/02/2010 – 13:22:33 | D] – D:montageFOTO
    [07/03/2010 – 19:56:23 | D] – D:landArt
    [18/03/2010 – 19:44:28 | D] – D:trucs du telephone
    [20/08/2010 – 08:22:20 | D] – D:pour_dvd
    [05/11/2010 – 19:31:02 | D] – D:plan_caharel
    [09/11/2010 – 18:29:26 | D] – D:Art_du_tao
    [27/01/2011 – 11:26:45 | D] – D:After_effect_tests
    [27/01/2011 – 15:32:35 | D] – D:site_test_flash
    [28/01/2011 – 16:59:41 | D] – D:Tutos
    [28/01/2011 – 17:01:35 | D] – D:KOM
    [12/02/2011 – 23:02:27 | D] – D:116d7391cb87ef9ad2ed
    [13/02/2011 – 10:07:21 | D] – D:faire_son_pain
    [04/05/2011 – 19:31:42 | D] – D:Mexik
    [18/06/2011 – 14:46:07 | D] – D:videographe
    [18/06/2011 – 14:49:24 | D] – D:logo_bati
    [24/06/2011 – 19:13:12 | D] – D:After_effects_templates
    [28/06/2011 – 13:18:24 | D] – D:Essai TL7
    [03/10/2011 – 12:21:02 | D] – D:teaser_perso
    [10/10/2011 – 16:29:07 | D] – D:aa_sauvegardes_ancien_bureau
    [13/11/2011 – 13:29:35 | D] – D:joel
    [29/11/2011 – 22:39:35 | D] – D:Cocktail_diffusion
    [23/02/2012 – 18:52:06 | D] – D:CV Yuppa
    [04/06/2012 – 17:20:41 | D] – D:impots
    [10/06/2012 – 20:13:33 | D] – D:SITE
    [29/07/2012 – 18:37:48 | D] – D:3D
    [17/01/2013 – 15:11:05 | D] – D:sur la route du jeu
    [01/03/2013 – 21:09:24 | D] – D:Van Der Toc et Cie
    [19/09/2013 – 12:48:15 | D] – D:Video rudy 30 ans
    [18/12/2013 – 10:35:50 | D] – D:carte_voeux_baticreateurs
    [27/02/2014 – 16:42:08 | D] – D:CV
    [27/02/2014 – 16:50:06 | D] – D:horoscope Maya
    [27/02/2014 – 17:03:06 | D] – D:EESI
    [24/05/2014 – 19:57:45 | D] – D:Art video of me
    [05/06/2014 – 21:02:07 | D] – D:Mitchosa
    [06/07/2014 – 19:36:11 | D] – D:TL7
    [13/07/2014 – 09:20:49 | D] – D:jeux
    [17/07/2014 – 20:11:15 | D] – D:Mylie trucs
    [13/09/2014 – 10:53:10 | D] – D:film
    [15/09/2014 – 09:41:36 | D] – D:footages
    [22/09/2014 – 09:00:41 | D] – D:photos
    [24/09/2014 – 10:07:04 | D] – D:Licence Pro
    [24/09/2014 – 14:11:07 | D] – D:Cinema 4d tests
    [02/10/2014 – 14:40:18 | D] – D:zik, paroles, tabs
    [04/10/2014 – 08:56:58 | D] – D:Tao
    [04/10/2014 – 14:54:30 | D] – D:logiciels
    [09/10/2014 – 16:22:31 | D] – D:Gerling L
    [13/10/2014 – 12:46:09 | D] – D:La ferme aux abeilles
    [22/10/2014 – 13:11:22 | D] – D:Jeanne
    [23/10/2014 – 14:42:27 | D] – D:LCS
    [24/10/2014 – 11:32:20 | D] – D:Videos Debut

    ################## | F: – Fixed drive (FAT32) |

    [26/09/2012 – 12:16:40 | A | 0 Ko] – F:wifi.txt
    [01/01/2012 – 20:03:28 | AH | 4 Ko] – F:._.Trashes
    [01/01/2012 – 20:03:28 | HD] – F:.Trashes
    [30/12/2013 – 13:52:14 | HD] – F:.Spotlight-V100
    [23/07/2014 – 20:23:02 | HD] – F:.fseventsd
    [30/12/2013 – 13:52:20 | N | 4 Ko] – F:._.com.apple.timemachine.donotpresent
    [30/12/2013 – 13:52:20 | N | 0 Ko] – F:.com.apple.timemachine.donotpresent
    [26/12/2011 – 00:24:12 | SHD] – F:$RECYCLE.BIN
    [23/03/2011 – 09:04:46 | D] – F:Chroniques du Donjon de Naheulbeuk
    [11/07/2011 – 09:53:04 | D] – F:Contes
    [20/07/2011 – 13:43:46 | D] – F:Packard Bell
    [26/11/2011 – 00:22:22 | D] – F:Airs orientaux
    [01/12/2011 – 10:42:08 | D] – F:Trio
    [01/12/2011 – 10:46:44 | D] – F:photos
    [25/12/2011 – 17:24:24 | D] – F:Recycled
    [25/12/2011 – 17:24:24 | SHD] – F:System Volume Information
    [16/05/2012 – 10:03:34 | D] – F:Films
    [24/05/2012 – 13:47:12 | D] – F:Collectage
    [23/06/2012 – 00:10:32 | D] – F:Apiculture
    [31/08/2012 – 20:19:10 | D] – F:Musique
    [22/09/2012 – 09:27:46 | D] – F:Documents
    [22/09/2012 – 09:28:56 | D] – F:Tao
    [25/01/2013 – 11:42:52 | D] – F:8f02b54866f8c06dbc8ed1720dd0ec8b
    [14/09/2014 – 11:20:26 | D] – F:Enregistrements

    ################## | I: – Removable drive (FAT) |

    [22/05/2009 – 09:02:30 | A | 27167 Ko] – I:Mendilat (7tps) Hijaz La.WAV
    [04/05/2014 – 09:19:06 | N | 0 Ko] – I:.vbt5
    [24/04/2013 – 20:30:46 | N | 4 Ko] – I:._.Trashes
    [24/04/2013 – 20:30:46 | D] – I:.Trashes
    [11/03/2014 – 13:11:58 | HD] – I:.TemporaryItems
    [11/03/2014 – 13:11:58 | AH | 4 Ko] – I:._.TemporaryItems
    [24/04/2013 – 20:30:46 | D] – I:.Spotlight-V100
    [03/10/2014 – 16:05:10 | A | 907 Ko] – I:Ramazane Thème.pdf
    [03/10/2014 – 16:08:08 | A | 841 Ko] – I:Mendil Hijaz la.pdf
    [03/11/2014 – 13:20:38 | A | 1 Ko] – I:BOOTEX.LOG
    [08/05/2014 – 11:25:48 | HD] – I:.fseventsd
    [04/05/2007 – 14:25:58 | N | 2 Ko] – I:OLYML_TB.DAT
    [01/01/2007 – 00:03:24 | D] – I:DSS_FLDD
    [01/01/2007 – 00:03:24 | D] – I:DSS_FLDC
    [28/01/2008 – 08:18:30 | D] – I:DSS_FLDA
    [31/08/2012 – 19:06:48 | D] – I:DSS_FLDE
    [31/08/2012 – 19:08:38 | D] – I:MUSIC
    [20/09/2012 – 15:45:44 | D] – I:Papiers famille
    [08/03/2013 – 21:20:28 | D] – I:DSS_FLDB

    ################## | Vaccin |

    C:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    I:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

    :merci2:

    Anonyme
    Nombre d'articles : 0

    :hello: ,

    Il y a des reste de ton infection Vobfus, avec la clé USB F connectée :

    • Télécharge OTM de OldTimer sur ton bureau.
    • Double-clique sur OTM.exe pour le lancer.
    • Sous Vista/Seven , clic droit -> lancer en tant qu’administrateur
    • Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.

    :services

    :files
    F:USER FILES.exe
    F:Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].exe
    F:Trad.exe
    F:van der toc.exe
    F:trucs nouveaux pour site.exe
    F:tutos_realflow.exe
    F:Tutos After Effect CS6 nouveautes.exe

    :reg

    :commands
    [emptytemp]

    • Clique sur « MoveIt! » .
    • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l’ordinateur.
    • Si c’est le cas, acceptes en cliquant sur « YES ».
    • Post le rapport dans ta prochaine réponse.
    • Le rapport est situé dans C:_OTMMovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).
    JohnBeacon
    Participant
    Nombre d'articles : 29

    Hello,

    Voici le rapport de OTM :

    [spoiler:3oy8docl]All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    F:USER FILES.exe moved successfully.
    F:Zaxwerks Pro Animator v.4.5 [VR.j&k] [Eng] [Arx].exe moved successfully.
    F:Trad.exe moved successfully.
    F:van der toc.exe moved successfully.
    F:trucs nouveaux pour site.exe moved successfully.
    F:tutos_realflow.exe moved successfully.
    F:Tutos After Effect CS6 nouveautes.exe moved successfully.
    ========== REGISTRY ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: orion
    ->Temp folder emptied: 18647 bytes
    ->Temporary Internet Files folder emptied: 3080672 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 163350920 bytes
    ->Flash cache emptied: 2844207 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 524330 bytes
    %systemroot%system32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 6218644 bytes
    %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 69958 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 168,00 mb

    OTM by OldTimer – Version 3.1.21.0 log created on 11042014_235746

    Files moved on Reboot…
    C:UsersorionAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
    C:UsersorionAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.
    File move failed. C:Windowstemp_avast_AvastLock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot…[/spoiler:3oy8docl]

    Anonyme
    Nombre d'articles : 0

    :hello: ,

    Avec tous les disques connectés :

    • Télécharge ESET Online Scanner (de ESET) sur ton bureau.
    • Lance ESET Online Scanner, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche « Oui, j’accepte les condiftions d’utilisation« 
    • Clic sur Démarrer
    • Laisse cocher la case « Supprimer menaces détectés« 
    • Coche « Analyser les archives »

      Note : Tout les éléments néfastes seront supprimés automatiquement

    • Si aucune menace n’est détectée :
      • Dit le moi simplement dans ta réponse.
    • Si des menaces sont détectés :
      • Clique sur « Liste des menaces détectées »
      • Clique sur Exporter vers …
      • Copie et colle le contenue du rapport sur le forum.

    ~~ Aide en Image ~~

    JohnBeacon
    Participant
    Nombre d'articles : 29

    Salut,

    Voici le rapport d’ESET :

    [spoiler:34cs0izf]C:UsbFixQuarantineFsiuut.exe.vir Win32/Sality.NBA virus
    C:UsbFixQuarantineFsiuutx.exe.vir Win32/Sality.NBA virus
    C:UsbFixQuarantineFx.exe.vir Win32/Sality.NBA virus
    C:AdsFixQuarantineCUsersorionAppDataLocalTempprismsetup.exe.AdsFix une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdsFixQuarantineCUsersorionAppDataLocalTempSoftonic_France.exe.AdsFix une variante de Win32/Toolbar.Conduit.B application potentiellement indésirable supprimé – mis en quarantaine
    C:AdsFixQuarantineCUsersorionAppDataLocalTempvpsetup.exe.AdsFix une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)ConduitCommunity AlertsAlert.dll.vir Win32/Toolbar.Conduit.Y application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwareDebutdebut.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwareDebutdebutsetup_v1.64.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwareDebutuninst.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwarePrismprism.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwarePrismprismsetup_v1.82.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwarePrismuninst.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwareVideoPaduninst.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwareVideoPadvideopad.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)NCH SoftwareVideoPadvpsetup_v2.41.exe.vir une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCProgram Files (x86)Softonic_FrancetbSoft.dll.vir une variante de Win32/Toolbar.Conduit.B application potentiellement indésirable supprimé – mis en quarantaine
    C:AdwCleanerQuarantineCUsersorionAppDataLocalLowSoftonic_Franceplugins{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}3.6.12binPriceGongIE.dll.vir une variante de Win32/PriceGong.A application potentiellement indésirable supprimé – mis en quarantaine
    C:Program Files (x86)NCH Swift SoundSwitchswitch.exe une variante de Win32/Toolbar.Conduit.J application potentiellement indésirable supprimé – mis en quarantaine
    C:Program Files (x86)NCH Swift SoundSwitchswitchsetup_v4.07.exe une variante de Win32/Toolbar.Conduit.J application potentiellement indésirable supprimé – mis en quarantaine
    C:Program Files (x86)NCH Swift SoundSwitchuninst.exe une variante de Win32/Toolbar.Conduit.J application potentiellement indésirable supprimé – mis en quarantaine
    C:UsbFixQuarantineFert.dll.vir Win32/AutoRun.VB.RU ver nettoyé par suppression – mis en quarantaine
    C:UsbFixQuarantineFsiuut.exe.vir Win32/AutoRun.VB.RU ver nettoyé par suppression – mis en quarantaine
    C:UsbFixQuarantineFsiuutx.exe.vir Win32/AutoRun.VB.RU ver nettoyé par suppression – mis en quarantaine
    C:UsbFixQuarantineFx.exe.vir Win32/AutoRun.VB.RU ver nettoyé par suppression – mis en quarantaine
    C:UsersorionDownloadsdebutsetup.exe une variante de Win32/Toolbar.Conduit.H application potentiellement indésirable supprimé – mis en quarantaine
    C:UsersorionDownloadsSoftonicDownloader41044.exe Win32/SoftonicDownloader.A application potentiellement indésirable supprimé – mis en quarantaine
    C:UsersorionDownloadsthe-help-fre-4420416.exe Win32/InstallCore.EE application potentiellement indésirable supprimé – mis en quarantaine[/spoiler:34cs0izf]

    ESET Online Scanner semble être légèrement différent aujourd’hui, au vu des images qui sont en lien dans ton message précédent.
    Avant de le fermer, j’ai coché « Désinstaller l’application à la fermeture » et « Suppression des fichiers en quarantaine ». J’espère que j’ai bien fait…

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8208

    bonjour ;)

    Télécharger drWeb , et l’enregistrer sur le bureau , grace à ce lien :

    https://www.sosvirus.net/telecharger/dr-web-cureit/ » onclick= »window.open(this.href);return false;

    Branche tous tes periphériques USB (mp3 , mp4 , disques durs externes , clés usb , appareil photo….) , tout ce qui a pu etre connecté à l’ordinateur.

    Lance DrWeb CureIt , Clique sur OK

    Le programme va vérifier qu’il soit bien à jour.

    Coche la case « j’accepte de participer blablabla…… , puis clique sur continuer

    Sur la page d’accueil , clique sur « sélectionner des objets pour l’analyse »

    Coche tout à gauche , puis selectionne « Cliquez ici pour selectionner des fichiers et dossiers » .

    Coche « Mon ordinateur » , ce qui aura pour effet de cocher tous les stockages de mémoires préalablement branchés comme précité , puis clique sur « OK »

    Clique sur « OK » puis sur « lancer l’analyse »

    L’analyse complète s’ effectue ….

    Une fois terminée , laisser toutes les infections trouvées sur « Désinfecter » , puis cliquer sur « neutraliser »

    DrWeb va neutraliser les menaces et afficher le résultat

    DrWeb va demander de redémarrer l’ordinateur pour parfaire le nettoyage , faites-le

    Pour poster le rapport ensuite , se rendre dans :

    C:(généralement)La sessionDrWeb

    Dans ce dossier se trouve « CureIt.log« .

    Cliquer droit dessus puis sélectionner « envoyer vers » => dossiers compressés

    Héberger l’archive ainsi créée sur http://upload.sosvirus.net » onclick= »window.open(this.href);return false; et donner le lien sur le forum où l’on s’est fait aider.

    JohnBeacon
    Participant
    Nombre d'articles : 29

    Voici le rapport de Doctor Web :

    http://upload.sosvirus.net/www/?a=d&i=elODCqroBq » onclick= »window.open(this.href);return false;

    :merci2:

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8208

    Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.
    Télécharge https://www.sosvirus.net/telecharger/otm/ » onclick= »window.open(this.href);return false; OTM (OldTimer) sur ton Bureau :
    Double-clique sur OTM.exe afin de le lancer. (clic droit « executer en tant qu’administrateur » pour Vista/7/8 )

    Copie (Ctrl+C) le texte suivant ci-dessous :

    :commands
    [resethosts]
    [emptytemp]

    Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton MoveIt!
    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:_OTMMovedFiles

    *Le nom du rapport correspond au moment de sa création : date_heure.log

    JohnBeacon
    Participant
    Nombre d'articles : 29

    Hello,

    Voici le rapport de OTM :

    [spoiler:27hy54ya]All processes killed
    ========== COMMANDS ==========
    C:WindowsSystem32driversetcHosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: orion
    ->Temp folder emptied: 50590 bytes
    ->Temporary Internet Files folder emptied: 42617 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 77210144 bytes
    ->Flash cache emptied: 1361 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3032 bytes
    %systemroot%system32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 128 bytes
    %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 74,00 mb

    OTM by OldTimer – Version 3.1.21.0 log created on 11062014_170231

    Files moved on Reboot…
    C:UsersorionAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
    C:UsersorionAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.
    File move failed. C:Windowstemp_avast_AvastLock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot…[/spoiler:27hy54ya]

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8208

    bien , a-t-on de l’évolution ?

15 sujets de 1 à 15 (sur un total de 50)

Vous devez être connecté pour répondre à ce sujet.