SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité Disque Dur Externe inaccessible car fichiers transformés en raccourcis

10 sujets de 1 à 10 (sur un total de 10)
  • Auteur
    Messages
  • DaleCooper
    Nombre d'articles : 0

    Bonjour,
    Mon disque dur externe sur le Drive F: m’est devenu inaccessible car les fichiers ont été transformés en raccourcis.
    En revanche les dossiers qui sont dessus existent toujours bien.
    Je suis preneur de votre aide.
    DC

    Ci-dessous le rapport SOSvirus :

    ############################## | UsbFix V 7.150 | [Research]

    User: berber (Administrator) # BERBER1
    Updated 08/11/2013 by El Desaparecido – Team SosVirus
    Started at 16:52:34 | 18/11/2013

    Website : http://www.en.usbfix.net » onclick= »window.open(this.href);return false;
    Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.en.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

    PC: Hewlett-Packard (161D)
    CPU: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
    RAM -> [Total : 4030 | Free : 1061]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Enterprise (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Google Chrome : 31.0.1650.57

    SC: Security Center Service [(!) Disabled]
    WU: Windows Update Service [(!) Disabled]
    AV: McAfee VirusScan Enterprise [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [(!) Disabled]

    C: (%systemdrive%) -> Fixed drive # 466 Gb (370 Mb free – 80%) [PC COE] # NTFS
    D: -> CD-ROM
    F: -> Fixed drive # 465 Gb (394 Mb free – 85%) [Local Disk] # NTFS

    ################## | Active Processes |

    C:Windowssystem32csrss.exe (ID: 504 |ParentID: 436)
    C:Windowssystem32wininit.exe (ID: 556 |ParentID: 436)
    C:Windowssystem32csrss.exe (ID: 580 |ParentID: 564)
    C:Windowssystem32services.exe (ID: 620 |ParentID: 556)
    C:Windowssystem32lsass.exe (ID: 636 |ParentID: 556)
    C:Windowssystem32lsm.exe (ID: 644 |ParentID: 556)
    C:Windowssystem32winlogon.exe (ID: 708 |ParentID: 564)
    C:Windowssystem32svchost.exe (ID: 792 |ParentID: 620)
    C:Windowssystem32svchost.exe (ID: 880 |ParentID: 620)
    C:WindowsSystem32svchost.exe (ID: 944 |ParentID: 620)
    C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 620)
    C:Windowssystem32svchost.exe (ID: 396 |ParentID: 620)
    C:Windowssystem32svchost.exe (ID: 516 |ParentID: 620)
    C:Program FilesIDTWDMSTacSV64.exe (ID: 612 |ParentID: 620)
    C:Windowssystem32Hpservice.exe (ID: 1328 |ParentID: 620)
    C:Windowssystem32WUDFHost.exe (ID: 1432 |ParentID: 1012)
    C:Windowssystem32vcsFPService.exe (ID: 1472 |ParentID: 620)
    C:Windowssystem32svchost.exe (ID: 1520 |ParentID: 620)
    C:WindowsSystem32spoolsv.exe (ID: 1648 |ParentID: 620)
    C:Program FilesCommon FilesActivIdentityac.sharedstore.exe (ID: 1696 |ParentID: 620)
    C:Windowssystem32svchost.exe (ID: 1736 |ParentID: 620)
    C:Program FilesActivIdentityActivClientacevents.exe (ID: 1800 |ParentID: 1696)
    C:Windowssystem32svchost.exe (ID: 1820 |ParentID: 620)
    C:Program Files (x86)McAfeeEndpoint Encryption for PCSbClientManager.exe (ID: 1912 |ParentID: 620)
    C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ID: 1948 |ParentID: 620)
    C:Program FilesIDTWDMAESTSr64.exe (ID: 1972 |ParentID: 620)
    C:Program FilesLSI SoftModemagr64svc.exe (ID: 2000 |ParentID: 620)
    C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 2020 |ParentID: 620)
    C:Program Files (x86)McAfeeHost Intrusion PreventionFireSvc.exe (ID: 1212 |ParentID: 620)
    C:Program FilesMicrosoft Forefront Identity Manager2010Password Reset Client ServicePwdMgmtProxy.exe (ID: 1376 |ParentID: 620)
    C:Program Files (x86)McAfeeHost Intrusion PreventionHIPSCorex64HIPSvc.exe (ID: 2052 |ParentID: 620)
    C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (ID: 2084 |ParentID: 620)
    C:Program Files (x86)Hewlett-PackardHP Hotkey SupportHpHotkeyMonitor.exe (ID: 2116 |ParentID: 620)
    C:ProgramDataIBUpdaterServiceibsvc.exe (ID: 2148 |ParentID: 620)
    c:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 2296 |ParentID: 620)
    C:Program Files (x86)McAfeeSiteAdvisor EnterpriseMcSACore.exe (ID: 2332 |ParentID: 620)
    C:Program Files (x86)McAfeeVirusScan Enterprisex64EngineServer.exe (ID: 2456 |ParentID: 620)
    C:Program Files (x86)McAfeeCommon FrameworkFrameworkService.exe (ID: 2500 |ParentID: 620)
    C:Program Files (x86)McAfeeVirusScan EnterpriseVsTskMgr.exe (ID: 2040 |ParentID: 620)
    C:Windowssystem32mfevtps.exe (ID: 2420 |ParentID: 620)
    C:WindowsSystem32svchost.exe (ID: 2560 |ParentID: 620)
    C:Program Files (x86)Common FilesPortrait DisplaysDriverspdisrvc.exe (ID: 2792 |ParentID: 620)
    C:WindowsSystem32svchost.exe (ID: 2788 |ParentID: 620)
    C:Windowssystem32svchost.exe (ID: 2912 |ParentID: 620)
    C:Program Files (x86)Hewlett-PackardPC COE 3OV CMSradexecd.exe (ID: 2572 |ParentID: 620)
    C:Program Files (x86)Hewlett-PackardPC COE 3OV CMSradsched.exe (ID: 2980 |ParentID: 620)
    C:Program Files (x86)Hewlett-PackardPC COE 3OV CMSRadstgms.exe (ID: 2672 |ParentID: 620)
    C:PROGRA~2HEWLET~1PCCOE3~1OVCMS~1radalert.exe (ID: 3000 |ParentID: 2572)
    C:Windowssystem32svchost.exe (ID: 2264 |ParentID: 620)
    C:Program Files (x86)ProductsTime Servicesvctimehpc.exe (ID: 2644 |ParentID: 620)
    C:Program Files (x86)ArcSoftHP Webcam Software SuiteMagic-i Visual Effects 2uCamMonitor.exe (ID: 3104 |ParentID: 620)
    C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe (ID: 3252 |ParentID: 620)
    C:Program Files (x86)McAfeeCommon FrameworknaPrdMgr.exe (ID: 3304 |ParentID: 792)
    C:Program Files (x86)YontooY2Desktop.Updater.exe (ID: 3392 |ParentID: 620)
    C:Program Files (x86)McAfeeVirusScan Enterprisex64McShield.exe (ID: 3488 |ParentID: 620)
    C:Program Files (x86)McAfeeVirusScan Enterprisex64mfeann.exe (ID: 3540 |ParentID: 3488)
    C:Windowssystem32conhost.exe (ID: 3548 |ParentID: 504)
    C:Windowssystem32wbemunsecapp.exe (ID: 3912 |ParentID: 792)
    C:Windowssystem32wbemunsecapp.exe (ID: 3944 |ParentID: 792)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4028 |ParentID: 792)
    C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4304 |ParentID: 620)
    C:Windowssystem32svchost.exe (ID: 4528 |ParentID: 620)
    C:Windowssystem32Dwm.exe (ID: 4876 |ParentID: 1012)
    C:WindowsExplorer.EXE (ID: 4896 |ParentID: 2740)
    C:Program FilesActivIdentityActivClientacevents.exe (ID: 4660 |ParentID: 4896)
    C:Program FilesActivIdentityActivClientaccrdsub.exe (ID: 4604 |ParentID: 4896)
    C:Program FilesRA2HPHPRAService.exe (ID: 1064 |ParentID: 4896)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 972 |ParentID: 4896)
    C:WindowsSystem32igfxtray.exe (ID: 5020 |ParentID: 4896)
    C:WindowsSystem32hkcmd.exe (ID: 4916 |ParentID: 4896)
    C:WindowsSystem32igfxpers.exe (ID: 680 |ParentID: 4896)
    C:Program FilesIDTWDMsttray64.exe (ID: 164 |ParentID: 4896)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 1156 |ParentID: 972)
    C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 5248 |ParentID: 4896)
    C:Windowssystem32SearchIndexer.exe (ID: 5272 |ParentID: 620)
    C:Windowssystem32DllHost.exe (ID: 5672 |ParentID: 792)
    C:UsersberberAppDataRoamingYontooYontooDesktop.exe (ID: 5812 |ParentID: 3392)
    C:Program FilesActivIdentityActivClientacsagent.exe (ID: 5820 |ParentID: 4896)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 5900 |ParentID: 4896)
    C:Program Files (x86)HP Button ManagerBM.exe (ID: 5944 |ParentID: 4896)
    C:ProgramDataU3U3LauncherLaunchU3.exe (ID: 5980 |ParentID: 4896)
    C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE (ID: 6064 |ParentID: 4896)
    C:Program Files (x86)Hewlett-PackardPC COECOEMsgDisplay.exe (ID: 6080 |ParentID: 5652)
    C:WindowsSysWOW64WerFault.exe (ID: 6096 |ParentID: 5664)
    C:Program Files (x86)McAfeeHost Intrusion PreventionFireTray.exe (ID: 5164 |ParentID: 5652)
    C:Program Files (x86)Hewlett-PackardPC COEida.exe (ID: 5512 |ParentID: 5652)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 5544 |ParentID: 5652)
    C:Program Files (x86)Hewlett-PackardHP HotKey SupportQLBController.exe (ID: 3420 |ParentID: 5652)
    C:Program Files (x86)SafeBoot Tray ManagerSbTrayManager.exe (ID: 5124 |ParentID: 5652)
    C:Program Files (x86)McAfeeEndpoint Encryption for PCSbTokWatch.exe (ID: 5160 |ParentID: 5652)
    C:Program Files (x86)Hewlett-PackardGetITIconGetITShell.exe (ID: 5960 |ParentID: 5652)
    C:Program Files (x86)GoogleGoogle Desktop SearchGoogleDesktop.exe (ID: 820 |ParentID: 5652)
    C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe (ID: 5404 |ParentID: 5652)
    C:Program Files (x86)McAfeeCommon FrameworkUdaterUI.exe (ID: 4448 |ParentID: 5652)
    C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.EXE (ID: 5364 |ParentID: 4896)
    C:Program Files (x86)AdobeAcrobat 9.0Acrobatacrotray.exe (ID: 3616 |ParentID: 5652)
    C:Program Files (x86)Common FilesArcSoftConnection ServiceBinArcCon.ac (ID: 5652 |ParentID: 5404)
    C:Windowssystem32wbemwmiprvse.exe (ID: 6176 |ParentID: 792)
    C:Program Files (x86)McAfeeCommon FrameworkMcTray.exe (ID: 6608 |ParentID: 4448)
    C:WindowsSysWOW64RunDll32.exe (ID: 6664 |ParentID: 5900)
    C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID: 6828 |ParentID: 792)
    C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe (ID: 7004 |ParentID: 6828)
    C:Program FilesHewlett-PackardHP Power AssistantHPPA_Service.exe (ID: 6912 |ParentID: 620)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 3928 |ParentID: 620)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 7184 |ParentID: 620)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 7352 |ParentID: 620)
    C:Windowssystem32sppsvc.exe (ID: 7504 |ParentID: 620)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 7692 |ParentID: 620)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 7012 |ParentID: 5220)
    C:Program FilesHewlett-PackardHP Power AssistantHPPA_Main.exe (ID: 8100 |ParentID: 1964)
    C:Program Files (x86)Common FilesPortrait DisplaysDriversSDKCOMServer.exe (ID: 1344 |ParentID: 792)
    C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe (ID: 1964 |ParentID: 7012)
    C:Program Files (x86)Common FilesPortrait DisplaysDriverspdiSdkHelperx64.exe (ID: 7044 |ParentID: 1344)
    C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 4788 |ParentID: 620)
    C:Windowssystem32igfxext.exe (ID: 5224 |ParentID: 792)
    C:Windowssystem32igfxsrvc.exe (ID: 6856 |ParentID: 792)
    C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat.exe (ID: 7280 |ParentID: 5364)
    C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (ID: 6908 |ParentID: 620)
    C:Program FilesInternet ExplorerIEXPLORE.EXE (ID: 9008 |ParentID: 8360)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 7344 |ParentID: 9008)
    C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 8484 |ParentID: 620)
    C:Program Files (x86)TeamViewerVersion8TeamViewer.exe (ID: 9000 |ParentID: 8484)
    C:Program Files (x86)TeamViewerVersion8tv_w32.exe (ID: 6784 |ParentID: 8484)
    C:Program Files (x86)TeamViewerVersion8tv_x64.exe (ID: 8520 |ParentID: 8484)
    C:Program Files (x86)Microsoft OfficeOffice12WINWORD.EXE (ID: 8876 |ParentID: 4896)
    C:Windowssplwow64.exe (ID: 7036 |ParentID: 8876)
    C:Windowssystem32cmd.exe (ID: 8384 |ParentID: 4896)
    C:Windowssystem32conhost.exe (ID: 5472 |ParentID: 580)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 10100 |ParentID: 9008)
    C:Program Files (x86)McAfeeVirusScan Enterprisex64SCAN64.EXE (ID: 7616 |ParentID: 3304)
    C:UsbFixGo.exe (ID: 10712 |ParentID: 10556)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [COEMsgDisplay] – c:Program Files (x86)Hewlett-PackardPC COECOEMsgDisplay.exe
    04 – HKLMSOFTWARE | Run : [ShStatEXE] – « C:Program Files (x86)McAfeeVirusScan EnterpriseSHSTAT.EXE » /STANDALONE
    04 – HKLMSOFTWARE | Run : [McAfee Host Intrusion Prevention Tray] – « C:Program Files (x86)McAfeeHost Intrusion PreventionFireTray.exe »
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLMSOFTWARE | Run : [IDA] – C:Program Files (x86)Hewlett-PackardPC COEIDA.EXE
    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP HotKey SupportQLBController.exe /start
    04 – HKLMSOFTWARE | Run : [eepc_SmartClient] – C:Program Files (x86)SmartClientSmart.exe
    04 – HKLMSOFTWARE | Run : [SafeBootTrayManager] – « C:Program Files (x86)SafeBoot Tray ManagerSbTrayManager.exe »
    04 – HKLMSOFTWARE | Run : [SafeBootTokenWatcher] – « C:Program Files (x86)McAfeeEndpoint Encryption for PCSbTokWatch.exe »
    04 – HKLMSOFTWARE | Run : [GetITIcon] – C:Program Files (x86)Hewlett-PackardGetITIconGetITShell.exe
    04 – HKLMSOFTWARE | Run : [Communicator] – « C:Program Files (x86)Microsoft Lynccommunicator.exe » /fromrunkey
    04 – HKLMSOFTWARE | Run : [Google Desktop Search] – « C:Program Files (x86)GoogleGoogle Desktop SearchGoogleDesktop.exe » /startup
    04 – HKLMSOFTWARE | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWARE | Run : [McAfeeUpdaterUI] – « C:Program Files (x86)McAfeeCommon Frameworkudaterui.exe » /StartedFromRunKey
    04 – HKLMSOFTWARE | Run : [Adobe Acrobat Speed Launcher] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe »
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [Acrobat Assistant 8.0] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [COEMsgDisplay] – c:Program Files (x86)Hewlett-PackardPC COECOEMsgDisplay.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ShStatEXE] – « C:Program Files (x86)McAfeeVirusScan EnterpriseSHSTAT.EXE » /STANDALONE
    04 – HKLMSOFTWAREwow6432Node | Run : [McAfee Host Intrusion Prevention Tray] – « C:Program Files (x86)McAfeeHost Intrusion PreventionFireTray.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [IDA] – C:Program Files (x86)Hewlett-PackardPC COEIDA.EXE
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP HotKey SupportQLBController.exe /start
    04 – HKLMSOFTWAREwow6432Node | Run : [eepc_SmartClient] – C:Program Files (x86)SmartClientSmart.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [SafeBootTrayManager] – « C:Program Files (x86)SafeBoot Tray ManagerSbTrayManager.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [SafeBootTokenWatcher] – « C:Program Files (x86)McAfeeEndpoint Encryption for PCSbTokWatch.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [GetITIcon] – C:Program Files (x86)Hewlett-PackardGetITIconGetITShell.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Communicator] – « C:Program Files (x86)Microsoft Lynccommunicator.exe » /fromrunkey
    04 – HKLMSOFTWAREwow6432Node | Run : [Google Desktop Search] – « C:Program Files (x86)GoogleGoogle Desktop SearchGoogleDesktop.exe » /startup
    04 – HKLMSOFTWAREwow6432Node | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [McAfeeUpdaterUI] – « C:Program Files (x86)McAfeeCommon Frameworkudaterui.exe » /StartedFromRunKey
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Acrobat Speed Launcher] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [Acrobat Assistant 8.0] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe »
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [Yontoo Desktop] – « C:UsersberberAppDataRoamingYontooYontooDesktop.exe »
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [Uftiux] – C:UsersberberAppDataRoamingFiqyaquerq.exe
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [Screen Saver Pro 3.1] – C:UsersberberAppDataRoamingScreenSaverPro.scr
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [hbweaaa] – C:RECYCLERS-1-5-21-0243556031-888888379-781863308-5135689hbweaaa.exe
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [ActiveUpdate] – WindowsExplorer.exe
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [Xfogod] – C:UsersberberAppDataRoamingMicrosoftXfogod.exe
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Generic Research |

    Found ! F:$RECYCLE.BIN.lnk
    Found ! F:92b598d5c25eaab268d0b4.lnk
    Found ! F:System Volume Information.lnk
    Found ! F:TBE.lnk
    Found ! C:UsersberberAppDataRoamingtemp.bin
    Found ! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5135689

    ################## | Reference of comparison MD5 |

    Md5 : 8FC4380C035CCB452FFFD4802A13EB2B -> C:UsersberberAppDataRoamingtemp.bin

    ################## | Comparison MD5 |

    ################## | Registry |

    Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 0
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 0
    Found ! HKUS-1-5-21-1957994488-842925246-40105171-559050SoftwareMicrosoftWindowsCurrentVersionRun|Screen Saver Pro 3.1
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Screen Saver Pro 3.1

    ################## | Vaccin |

    (!) This computer is not vaccinated!

    ################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |

    Anonyme
    Nombre d'articles : 0

    Hello :hello:,

    T’as une infection DorkBot :(

    • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    • Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu’adminsitrateur.
    • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées.
    • Dans le cadre Personnalisation, copie-colle l’intégralité de ce qui suit :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%Application Data*.
    %ALLUSERSPROFILE%Application Data*.exe /s
    %APPDATA%*.
    %APPDATA%*.exe /s
    %temp%*.exe /s
    %SYSTEMDRIVE%*.exe
    %systemroot%*. /mp /s
    %systemroot%system32consrv.dll
    %systemroot%system32*.dll /lockedfiles
    %windir%Tasks*.job /lockedfiles
    %systemroot%system32drivers*.sys /lockedfiles
    %systemroot%System32config*.sav
    /md5start
    explorer.exe
    winlogon.exe
    services.exe
    wininit.exe
    /md5stop
    HKEY_CLASSES_ROOTCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InprocServer32 /s
    HKEY_LOCAL_MACHINESYSTEMSYSTEMCurrentControlSetServiceslanmanserverparameters /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerAppCertDlls /s
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList /s
    HKEY_LOCAL_MACHINESoftwareMicrosoftCommand Processor /s
    HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor /s
    CREATERESTOREPOINT
    nslookup http://www.google.fr /c
    hklmsoftwareclientsstartmenuinternet|command /rs
    hklmsoftwareclientsstartmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    SAVEMBR:0

    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur cjoint.com, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

    DaleCooper
    Nombre d'articles : 0

    Merci beaucoup pour ton aide.
    Voici les liens vers les deux rapports OTL:
    http://cjoint.com/?3Ktl6k9PpYV » onclick= »window.open(this.href);return false;
    http://cjoint.com/?3KtmaBGkIcX » onclick= »window.open(this.href);return false;

    Anonyme
    Nombre d'articles : 0
    • Relance OTL.
    • Sous Persfonnalisation (Custom Scan), copie-colle le contenu du cadre ci dessous (bien prendre :OTL en début).

      :OTL
      IE - HKLM..SearchScopes{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm010^YY^fr&si=CJu6n_3Xw7YCFSXLtAodaWIAPA&ptb=6B1B5B10-7F17-40AC-AE44-6B5D42749DB8&ind=2013041118&n=77fc91de&psa=&st=sb&searchfor={searchTerms}
      IE - HKUS-1-5-21-1957994488-842925246-40105171-559050..SearchScopes{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm010^YY^fr&si=CJu6n_3Xw7YCFSXLtAodaWIAPA&ptb=6B1B5B10-7F17-40AC-AE44-6B5D42749DB8&ind=2013041118&n=77fc91de&psa=&st=sb&searchfor={searchTerms}
      O3:64bit: - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKUS-1-5-21-1957994488-842925246-40105171-559050..Run: [ActiveUpdate] WindowsExplorer.exe ()
      O4 - HKUS-1-5-21-1957994488-842925246-40105171-559050..Run: [hbweaaa] C:RECYCLERS-1-5-21-0243556031-888888379-781863308-5135689hbweaaa.exe File not found
      O4 - HKUS-1-5-21-1957994488-842925246-40105171-559050..Run: [Screen Saver Pro 3.1] C:UsersberberAppDataRoamingScreenSaverPro.scr File not found
      O4 - HKUS-1-5-21-1957994488-842925246-40105171-559050..Run: [Uftiux] C:UsersberberAppDataRoamingFiqyaquerq.exe File not found
      O4 - HKUS-1-5-21-1957994488-842925246-40105171-559050..Run: [Xfogod] C:UsersberberAppDataRoamingMicrosoftXfogod.exe File not found
      O4 - HKUS-1-5-21-1957994488-842925246-40105171-559050..Run: [Yontoo Desktop] C:UsersberberAppDataRoamingYontooYontooDesktop.exe (Yontoo LLC)
      O20 - HKLM Winlogon: TaskMan - (C:RECYCLERS-1-5-21-0243556031-888888379-781863308-5135689hbweaaa.exe) - File not found
      O20 - HKUS-1-5-21-1957994488-842925246-40105171-559050 Winlogon: Shell - (C:RECYCLERS-1-5-21-0243556031-888888379-781863308-5135689hbweaaa.exe) - File not found

      :files
      C:UsersberberAppDataRoamingScreenSaverPro.scr
      C:UsersberberAppDataRoamingFiqya
      C:UsersberberAppDataRoamingMicrosoftXfogod.exe
      C:UsersberberAppDataRoamingYontoo
      C:RECYCLERS-1-5-21-*
      C:Usersberber.Trashes
      C:ProgramDatasvchost0
      C:UsersberberAppDataRoamingtemp.bin
      C:UsersberberAppDataRoamingZiete
      C:UsersberberAppDataRoamingSuibr

      :Commands
      [emptytemp]
      [emptyflash]
      [resethosts]
      [reboot]

    • Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
    • Redemarre le pc et poste le rapport dans ta prochaine réponse.
    • Le rapport est sauvegardé sous C:_OTLMovedFilesdate_heure.log

    [hr:3fubnvtd]

    • Exécute UsbFix
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, éxécute UsbFix en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    DaleCooper
    Nombre d'articles : 0

    Merci pour le suivi :-)
    Alors voici le rapport OTC: http://cjoint.com/?3KtnRSHIFkh » onclick= »window.open(this.href);return false;
    Et le rapport d’USBFix :

    ############################## | UsbFix V 7.150 | [Deletion]

    User: berber (Administrator) # BERBER1
    Updated 08/11/2013 by El Desaparecido – Team SosVirus
    Started at 13:37:44 | 19/11/2013

    Website : http://www.en.usbfix.net » onclick= »window.open(this.href);return false;
    Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.en.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

    PC: Hewlett-Packard (161D)
    CPU: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
    RAM -> [Total : 4030 | Free : 2320]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Enterprise (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Google Chrome : 31.0.1650.57

    SC: Security Center Service [(!) Disabled]
    WU: Windows Update Service [(!) Disabled]
    AV: McAfee VirusScan Enterprise [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [(!) Disabled]

    C: (%systemdrive%) -> Fixed drive # 466 Gb (374 Mb free – 80%) [PC COE] # NTFS
    D: -> CD-ROM
    F: -> Fixed drive # 465 Gb (398 Mb free – 86%) [Local Disk] # NTFS

    ################## | Stopped processes |

    Stopped! C:Program FilesIDTWDMSTacSV64.exe (ID: 424 |ParentID: 696)
    Stopped! C:Windowssystem32Hpservice.exe (ID: 1244 |ParentID: 696)
    Stopped! C:Windowssystem32vcsFPService.exe (ID: 1424 |ParentID: 696)
    Stopped! C:WindowsSystem32spoolsv.exe (ID: 1600 |ParentID: 696)
    Stopped! C:Program FilesCommon FilesActivIdentityac.sharedstore.exe (ID: 1628 |ParentID: 696)
    Stopped! C:Program FilesActivIdentityActivClientacevents.exe (ID: 1756 |ParentID: 1628)
    Stopped! C:Program Files (x86)McAfeeEndpoint Encryption for PCSbClientManager.exe (ID: 1912 |ParentID: 696)
    Stopped! C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ID: 1944 |ParentID: 696)
    Stopped! C:Program FilesIDTWDMAESTSr64.exe (ID: 1968 |ParentID: 696)
    Stopped! C:Program FilesLSI SoftModemagr64svc.exe (ID: 1996 |ParentID: 696)
    Stopped! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 2016 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeHost Intrusion PreventionFireSvc.exe (ID: 1120 |ParentID: 696)
    Stopped! C:Program FilesMicrosoft Forefront Identity Manager2010Password Reset Client ServicePwdMgmtProxy.exe (ID: 1340 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeHost Intrusion PreventionHIPSCorex64HIPSvc.exe (ID: 1908 |ParentID: 696)
    Stopped! C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (ID: 400 |ParentID: 696)
    Stopped! C:Program Files (x86)Hewlett-PackardHP Hotkey SupportHpHotkeyMonitor.exe (ID: 1660 |ParentID: 696)
    Stopped! C:ProgramDataIBUpdaterServiceibsvc.exe (ID: 1676 |ParentID: 696)
    Stopped! c:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID: 2296 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeSiteAdvisor EnterpriseMcSACore.exe (ID: 2336 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeVirusScan Enterprisex64EngineServer.exe (ID: 2360 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeCommon FrameworkFrameworkService.exe (ID: 2392 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeVirusScan EnterpriseVsTskMgr.exe (ID: 2768 |ParentID: 696)
    Stopped! C:Windowssystem32mfevtps.exe (ID: 2944 |ParentID: 696)
    Stopped! C:Program Files (x86)Common FilesPortrait DisplaysDriverspdisrvc.exe (ID: 2728 |ParentID: 696)
    Stopped! C:Program Files (x86)Hewlett-PackardPC COE 3OV CMSradexecd.exe (ID: 2916 |ParentID: 696)
    Stopped! C:Program Files (x86)Hewlett-PackardPC COE 3OV CMSradsched.exe (ID: 2540 |ParentID: 696)
    Stopped! C:Program Files (x86)Hewlett-PackardPC COE 3OV CMSRadstgms.exe (ID: 3056 |ParentID: 696)
    Stopped! C:PROGRA~2HEWLET~1PCCOE3~1OVCMS~1radalert.exe (ID: 2548 |ParentID: 2916)
    Stopped! C:Program Files (x86)ProductsTime Servicesvctimehpc.exe (ID: 2672 |ParentID: 696)
    Stopped! C:WindowsExplorer.EXE (ID: 3180 |ParentID: 3100)
    Stopped! C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 3296 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeCommon FrameworknaPrdMgr.exe (ID: 3616 |ParentID: 820)
    Stopped! C:Program Files (x86)ArcSoftHP Webcam Software SuiteMagic-i Visual Effects 2uCamMonitor.exe (ID: 3692 |ParentID: 696)
    Stopped! C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe (ID: 3740 |ParentID: 696)
    Stopped! C:Program Files (x86)YontooY2Desktop.Updater.exe (ID: 1396 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeVirusScan Enterprisex64McShield.exe (ID: 1672 |ParentID: 696)
    Stopped! C:Program Files (x86)McAfeeVirusScan Enterprisex64mfeann.exe (ID: 3376 |ParentID: 1672)
    Stopped! C:Program Files (x86)McAfeeCommon FrameworkUdaterUI.exe (ID: 4300 |ParentID: 2392)
    Stopped! C:Program Files (x86)McAfeeCommon FrameworkMcTray.exe (ID: 4344 |ParentID: 4300)
    Stopped! C:Windowsnotepad.exe (ID: 4544 |ParentID: 4396)
    Stopped! C:Program FilesActivIdentityActivClientacevents.exe (ID: 4684 |ParentID: 3180)
    Stopped! C:Program FilesActivIdentityActivClientaccrdsub.exe (ID: 4692 |ParentID: 3180)
    Stopped! C:Program FilesRA2HPHPRAService.exe (ID: 4932 |ParentID: 3180)
    Stopped! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 5000 |ParentID: 3180)
    Stopped! C:WindowsSystem32igfxtray.exe (ID: 5008 |ParentID: 3180)
    Stopped! C:WindowsSystem32hkcmd.exe (ID: 5032 |ParentID: 3180)
    Stopped! C:WindowsSystem32igfxpers.exe (ID: 4108 |ParentID: 3180)
    Stopped! C:Program FilesIDTWDMsttray64.exe (ID: 4232 |ParentID: 3180)
    Stopped! C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID: 4444 |ParentID: 3180)
    Stopped! C:Program FilesActivIdentityActivClientacsagent.exe (ID: 3936 |ParentID: 3180)
    Stopped! C:Program Files (x86)Hewlett-PackardPC COECOEMsgDisplay.exe (ID: 4284 |ParentID: 4460)
    Stopped! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 4248 |ParentID: 3180)
    Stopped! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4400 |ParentID: 5000)
    Stopped! C:Program Files (x86)HP Button ManagerBM.exe (ID: 4812 |ParentID: 3180)
    Stopped! C:ProgramDataU3U3LauncherLaunchU3.exe (ID: 4876 |ParentID: 3180)
    Stopped! C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE (ID: 4888 |ParentID: 3180)
    Stopped! C:Program Files (x86)McAfeeHost Intrusion PreventionFireTray.exe (ID: 3836 |ParentID: 4460)
    Stopped! C:Program Files (x86)Hewlett-PackardPC COEida.exe (ID: 3960 |ParentID: 4460)
    Stopped! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 5124 |ParentID: 4460)
    Stopped! C:Program Files (x86)Hewlett-PackardHP HotKey SupportQLBController.exe (ID: 5156 |ParentID: 4460)
    Stopped! C:Program Files (x86)SmartClientSmart.exe (ID: 5184 |ParentID: 4460)
    Stopped! C:Program Files (x86)SafeBoot Tray ManagerSbTrayManager.exe (ID: 5192 |ParentID: 4460)
    Stopped! C:Program Files (x86)McAfeeEndpoint Encryption for PCSbTokWatch.exe (ID: 5320 |ParentID: 4460)
    Stopped! C:Program Files (x86)Hewlett-PackardGetITIconGetITShell.exe (ID: 5332 |ParentID: 4460)
    Stopped! C:Program Files (x86)GoogleGoogle Desktop SearchGoogleDesktop.exe (ID: 5408 |ParentID: 4460)
    Stopped! C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe (ID: 5416 |ParentID: 4460)
    Stopped! C:Program Files (x86)Common FilesArcSoftConnection ServiceBinArcCon.ac (ID: 5476 |ParentID: 5416)
    Stopped! C:Program Files (x86)AdobeAcrobat 9.0Acrobatacrotray.exe (ID: 5520 |ParentID: 4460)
    Stopped! C:Windowssystem32SearchIndexer.exe (ID: 1020 |ParentID: 696)
    Stopped! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 280 |ParentID: 696)
    Stopped! C:Windowssystem32DllHost.exe (ID: 3336 |ParentID: 820)
    Stopped! C:WindowsSysWOW64RunDll32.exe (ID: 3252 |ParentID: 4248)
    Stopped! C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID: 5500 |ParentID: 820)
    Stopped! C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe (ID: 7008 |ParentID: 5500)
    Stopped! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe (ID: 972 |ParentID: 4352)
    Stopped! C:Program FilesHewlett-PackardHP Power AssistantHPPA_Main.exe (ID: 6760 |ParentID: 4292)
    Stopped! C:Program FilesHewlett-PackardHP Power AssistantHPPA_Service.exe (ID: 6152 |ParentID: 696)
    Stopped! C:Program Files (x86)Common FilesPortrait DisplaysDriversSDKCOMServer.exe (ID: 3436 |ParentID: 820)
    Stopped! C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe (ID: 1800 |ParentID: 696)
    Stopped! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 924 |ParentID: 696)
    Stopped! C:Program Files (x86)Common FilesPortrait DisplaysDriverspdiSdkHelperx64.exe (ID: 7160 |ParentID: 3436)
    Stopped! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5840 |ParentID: 696)
    Stopped! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 3136 |ParentID: 696)
    Stopped! C:Windowssystem32sppsvc.exe (ID: 6404 |ParentID: 696)
    Stopped! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 4240 |ParentID: 696)
    Stopped! C:Windowssystem32igfxext.exe (ID: 2320 |ParentID: 820)
    Stopped! C:Windowssystem32igfxsrvc.exe (ID: 2648 |ParentID: 820)
    Stopped! C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe (ID: 4256 |ParentID: 972)
    Stopped! \?C:Windowssystem32wbemWMIADAP.EXE (ID: 7700 |ParentID: 508)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [COEMsgDisplay] – c:Program Files (x86)Hewlett-PackardPC COECOEMsgDisplay.exe
    04 – HKLMSOFTWARE | Run : [ShStatEXE] – « C:Program Files (x86)McAfeeVirusScan EnterpriseSHSTAT.EXE » /STANDALONE
    04 – HKLMSOFTWARE | Run : [McAfee Host Intrusion Prevention Tray] – « C:Program Files (x86)McAfeeHost Intrusion PreventionFireTray.exe »
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLMSOFTWARE | Run : [IDA] – C:Program Files (x86)Hewlett-PackardPC COEIDA.EXE
    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP HotKey SupportQLBController.exe /start
    04 – HKLMSOFTWARE | Run : [eepc_SmartClient] – C:Program Files (x86)SmartClientSmart.exe
    04 – HKLMSOFTWARE | Run : [SafeBootTrayManager] – « C:Program Files (x86)SafeBoot Tray ManagerSbTrayManager.exe »
    04 – HKLMSOFTWARE | Run : [SafeBootTokenWatcher] – « C:Program Files (x86)McAfeeEndpoint Encryption for PCSbTokWatch.exe »
    04 – HKLMSOFTWARE | Run : [GetITIcon] – C:Program Files (x86)Hewlett-PackardGetITIconGetITShell.exe
    04 – HKLMSOFTWARE | Run : [Communicator] – « C:Program Files (x86)Microsoft Lynccommunicator.exe » /fromrunkey
    04 – HKLMSOFTWARE | Run : [Google Desktop Search] – « C:Program Files (x86)GoogleGoogle Desktop SearchGoogleDesktop.exe » /startup
    04 – HKLMSOFTWARE | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWARE | Run : [McAfeeUpdaterUI] – « C:Program Files (x86)McAfeeCommon Frameworkudaterui.exe » /StartedFromRunKey
    04 – HKLMSOFTWARE | Run : [Adobe Acrobat Speed Launcher] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe »
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [Acrobat Assistant 8.0] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [COEMsgDisplay] – c:Program Files (x86)Hewlett-PackardPC COECOEMsgDisplay.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ShStatEXE] – « C:Program Files (x86)McAfeeVirusScan EnterpriseSHSTAT.EXE » /STANDALONE
    04 – HKLMSOFTWAREwow6432Node | Run : [McAfee Host Intrusion Prevention Tray] – « C:Program Files (x86)McAfeeHost Intrusion PreventionFireTray.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – « C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [IDA] – C:Program Files (x86)Hewlett-PackardPC COEIDA.EXE
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [QLBController] – C:Program Files (x86)Hewlett-PackardHP HotKey SupportQLBController.exe /start
    04 – HKLMSOFTWAREwow6432Node | Run : [eepc_SmartClient] – C:Program Files (x86)SmartClientSmart.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [SafeBootTrayManager] – « C:Program Files (x86)SafeBoot Tray ManagerSbTrayManager.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [SafeBootTokenWatcher] – « C:Program Files (x86)McAfeeEndpoint Encryption for PCSbTokWatch.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [GetITIcon] – C:Program Files (x86)Hewlett-PackardGetITIconGetITShell.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Communicator] – « C:Program Files (x86)Microsoft Lynccommunicator.exe » /fromrunkey
    04 – HKLMSOFTWAREwow6432Node | Run : [Google Desktop Search] – « C:Program Files (x86)GoogleGoogle Desktop SearchGoogleDesktop.exe » /startup
    04 – HKLMSOFTWAREwow6432Node | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [McAfeeUpdaterUI] – « C:Program Files (x86)McAfeeCommon Frameworkudaterui.exe » /StartedFromRunKey
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Acrobat Speed Launcher] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe »
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [Acrobat Assistant 8.0] – « C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe »
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1957994488-842925246-40105171-559050SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Generic Research |

    Deleted ! F:$RECYCLE.BIN.lnk
    Deleted ! F:92b598d5c25eaab268d0b4.lnk
    Deleted ! F:System Volume Information.lnk
    Deleted ! F:TBE.lnk

    (!) Temporary files deleted.

    ################## | Registry |

    Repaired ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
    Repaired ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 1
    Deleted ! HKUS-1-5-21-1957994488-842925246-40105171-559050Software….Mountpoints2{d709baaa-ae5f-11e0-bdf4-806e6f6e6963}

    ################## | Listing |

    [03/09/2012 – 11:03:06 | SHD ] C:$Recycle.Bin
    [20/11/2012 – 09:20:36 | N | 268] C:ab_1.gif
    [07/11/2012 – 13:52:40 | N | 177] C:BMSetup.log
    [14/07/2011 – 23:25:06 | RSHD ] C:Boot
    [21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
    [14/07/2011 – 23:25:07 | RASH | 8192] C:BOOTSECT.BAK
    [18/11/2013 – 14:13:06 | N | 3288] C:bootsqm.dat
    [20/11/2012 – 09:20:33 | N | 1406] C:cayas2.ico
    [20/11/2012 – 09:20:28 | D ] C:Data
    [20/11/2012 – 09:20:37 | N | 113] C:del_1.gif
    [20/11/2012 – 09:20:36 | N | 304] C:dir.bmp
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [13/09/2012 – 15:32:29 | D ] C:DriveKey
    [20/11/2012 – 09:20:38 | D ] C:e
    [20/11/2012 – 09:20:37 | N | 380] C:edu.bmp
    [20/11/2012 – 09:20:37 | N | 138] C:flk2.gif
    [19/08/2013 – 09:21:01 | D ] C:found.000
    [19/11/2013 – 13:33:02 | ASH | 3169579008] C:hiberfil.sys
    [20/11/2012 – 09:20:36 | N | 279] C:hj_1.gif
    [20/06/2011 – 16:41:59 | D ] C:HP
    [03/09/2012 – 11:09:56 | D ] C:HPExperience
    [03/09/2012 – 10:46:27 | D ] C:Intel
    [03/09/2012 – 11:43:47 | N | 23] C:invalid.txt
    [14/11/2013 – 16:03:02 | D ] C:Logs
    [20/11/2012 – 09:20:38 | N | 277] C:mov_1.gif
    [14/07/2011 – 18:32:04 | RHD ] C:MSOCache
    [03/09/2012 – 13:29:59 | D ] C:OCSETUPDIR
    [19/11/2013 – 13:33:07 | ASH | 4226105344] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [18/11/2013 – 23:38:17 | N | 512] C:PhysicalMBR.bin
    [22/05/2013 – 07:52:40 | D ] C:Program Files
    [18/11/2013 – 16:08:32 | D ] C:Program Files (x86)
    [19/11/2013 – 13:23:13 | HD ] C:ProgramData
    [18/11/2013 – 09:15:55 | D ] C:Quarantine
    [03/09/2012 – 08:50:36 | SHD ] C:Recovery
    [19/11/2013 – 13:23:13 | D ] C:RECYCLER
    [03/09/2012 – 11:47:42 | A | 21102592] C:SafeBoot.fs
    [03/09/2012 – 11:52:15 | RSH | 589824] C:SafeBoot.rsv
    [20/11/2012 – 09:20:35 | N | 235] C:srch_1.gif
    [20/11/2012 – 09:20:36 | N | 265] C:srch_ans_1.gif
    [20/11/2012 – 09:20:36 | N | 113] C:srch_aud_1.gif
    [20/11/2012 – 09:20:35 | N | 112] C:srch_img_1.gif
    [20/11/2012 – 09:20:35 | N | 131] C:srch_loc_1.gif
    [20/11/2012 – 09:20:37 | N | 284] C:srch_map_1.gif
    [20/11/2012 – 09:20:36 | N | 121] C:srch_nws_1.gif
    [20/11/2012 – 09:20:35 | N | 123] C:srch_sh_1.gif
    [20/11/2012 – 09:20:38 | N | 240] C:srch_site_1.gif
    [20/11/2012 – 09:20:37 | N | 273] C:srch_stk_1.gif
    [20/11/2012 – 09:20:35 | N | 112] C:srch_vid_1.gif
    [20/08/2013 – 08:47:47 | D ] C:ssm
    [18/11/2013 – 23:38:00 | SHD ] C:System Volume Information
    [03/09/2012 – 08:54:16 | D ] C:system.sav
    [29/10/2012 – 17:39:19 | D ] C:TBE Documents
    [03/09/2012 – 13:14:19 | D ] C:Temp
    [20/11/2012 – 09:20:38 | N | 274] C:trav_1.gif
    [19/11/2013 – 13:38:19 | D ] C:UsbFix
    [19/11/2013 – 13:39:08 | A | 18138] C:UsbFix [Clean 1] BERBER1.txt
    [18/11/2013 – 17:07:27 | N | 18771] C:UsbFix [Scan 1] BERBER1.txt
    [03/09/2012 – 11:02:19 | RD ] C:Users
    [19/11/2013 – 13:24:51 | D ] C:Windows
    [08/10/2012 – 08:27:26 | N | 5136] C:ZLOCAL.EDM
    [19/11/2013 – 13:23:12 | D ] C:_OTL
    [13/09/2012 – 16:11:31 | SHD ] F:$RECYCLE.BIN
    [26/01/2013 – 09:05:03 | D ] F:92b598d5c25eaab268d0b4
    [18/11/2013 – 16:18:18 | SHD ] F:System Volume Information
    [26/01/2013 – 07:45:44 | D ] F:TBE
    [18/11/2013 – 15:27:08 | D ] F:test

    ################## | Vaccin |

    (!) This computer is not vaccinated!

    ################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |

    Anonyme
    Nombre d'articles : 0

    Impec , ça devrait aller mieux du coté du disque F

    • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisi l’option Scanner
      2. Choisi l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Acceptes les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    [hr:klj4oqsu]

    • Télécharge Malwarebytes’ Anti-Malware et installe le.
    • Lance Malwarebytes’ Anti-Malware.
    • Clique sur l’onglet « Mises à jours » puis sur « Rechercher des mises à jours ».
    • Clique sur l’onglet « Recherche », coche « éxécuter un examen rapide » puis clic sur Rechercher.

    A la fin de l’analyse, si MBAM n’a rien trouvé :

    • Clique sur OK, le rapport s’ouvre spontanément.

    Si des menaces ont été détectées :

    • Clique sur OK puis « Afficher les résultats ».
    • Coches toutes les cases.
    • Choisis l’option « Supprimer la sélection ».

    • Si MBAM demande le redémarrage de Windows : Clique sur « Oui ».
    • Une fois le PC redémarré, le rapport se trouve dans l’onglet « Rapports/Logs ».
    • Sinon le rapport s’ouvre automatiquement après la suppression.
    • Post le rapport dans ta prochaine réponse.
    DaleCooper
    Nombre d'articles : 0

    Le F est accessible, un grand merci !

    Voici le rapport adwCleaner:

    # AdwCleaner v3.012 – Report created 19/11/2013 at 14:00:01
    # Updated 11/11/2013 by Xplode
    # Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
    # Username : berber – BERBER1
    # Running from : C:UsersberberDesktopadwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : IBUpdaterService
    [#] Service Deleted : Yontoo Desktop Updater

    ***** [ Files / Folders ] *****

    Folder Deleted : C:ProgramDataIBUpdaterService
    Folder Deleted : C:ProgramDataTarma Installer
    Folder Deleted : C:Program Files (x86)SpecialSavings
    Folder Deleted : C:Program Files (x86)Yontoo
    Folder Deleted : C:UsersberberAppDataLocaliac
    Folder Deleted : C:UsersberberAppDataRoamingfile scout
    Folder Deleted : C:UsersberberAppDataRoamingSpecialSavings
    Folder Deleted : C:UsersberberAppDataLocalGoogleChromeUser DataDefaultExtensionsbfcpnihmbfoaeoakalclfalkdepgiaje

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Value Deleted : HKCUSoftwareMozillaFirefoxExtensions [SpecialSavings@SpecialSavings.com]
    Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [SpecialSavings@SpecialSavings.com]
    Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsbfcpnihmbfoaeoakalclfalkdepgiaje
    Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsniapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLMSOFTWAREClassesAppIDAddonsFramework.DLL
    Key Deleted : HKLMSOFTWAREClassesAppIDButtonSite.DLL
    Key Deleted : HKLMSOFTWAREClassesAppIDPropertySync.EXE
    Key Deleted : HKLMSOFTWAREClassesAppIDScriptHost.DLL
    Key Deleted : HKLMSOFTWAREClassesAppIDsecman.DLL
    Key Deleted : HKLMSOFTWAREClassesAppIDYontooIEClient.DLL
    Key Deleted : HKLMSOFTWAREClassesprotector_dll.protectorbho
    Key Deleted : HKLMSOFTWAREClassesprotector_dll.protectorbho.1
    Key Deleted : HKLMSOFTWAREClassesScriptHost.Tool
    Key Deleted : HKLMSOFTWAREClassesScriptHost.Tool.1
    Key Deleted : HKLMSOFTWAREClassesYontooIEClient.Api
    Key Deleted : HKLMSOFTWAREClassesYontooIEClient.Api.1
    Key Deleted : HKLMSOFTWAREClassesYontooIEClient.Layers
    Key Deleted : HKLMSOFTWAREClassesYontooIEClient.Layers.1
    Key Deleted : HKLMSOFTWAREClassesAppID{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
    Key Deleted : HKLMSOFTWAREClassesAppID{19975B78-1907-4DD6-A437-4C48120F46A4}
    Key Deleted : HKLMSOFTWAREClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLMSOFTWAREClassesAppID{562B9316-C08A-444A-9482-62080DD851AE}
    Key Deleted : HKLMSOFTWAREClassesAppID{562B9317-C08A-444A-9482-62080DD851AE}
    Key Deleted : HKLMSOFTWAREClassesAppID{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLMSOFTWAREClassesCLSID{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLMSOFTWAREClassesCLSID{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLMSOFTWAREClassesCLSID{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
    Key Deleted : HKLMSOFTWAREClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLMSOFTWAREClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLMSOFTWAREClassesCLSID{938958E8-355C-49FF-92B0-53C1B87ACEA9}
    Key Deleted : HKLMSOFTWAREClassesCLSID{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLMSOFTWAREClassesCLSID{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLMSOFTWAREClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLMSOFTWAREClassesCLSID{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLMSOFTWAREClassesCLSID{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLMSOFTWAREClassesInterface{045F91B3-695F-423A-98C7-8DE3C47AA020}
    Key Deleted : HKLMSOFTWAREClassesInterface{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLMSOFTWAREClassesInterface{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
    Key Deleted : HKLMSOFTWAREClassesInterface{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLMSOFTWAREClassesInterface{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
    Key Deleted : HKLMSOFTWAREClassesInterface{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
    Key Deleted : HKLMSOFTWAREClassesInterface{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
    Key Deleted : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLMSOFTWAREClassesInterface{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
    Key Deleted : HKLMSOFTWAREClassesInterface{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
    Key Deleted : HKLMSOFTWAREClassesInterface{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
    Key Deleted : HKLMSOFTWAREClassesInterface{A1440EC3-F0FA-407A-B811-DE6668C06D29}
    Key Deleted : HKLMSOFTWAREClassesInterface{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
    Key Deleted : HKLMSOFTWAREClassesInterface{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
    Key Deleted : HKLMSOFTWAREClassesInterface{C815E3DA-0823-49B0-9270-D1771D58B317}
    Key Deleted : HKLMSOFTWAREClassesInterface{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
    Key Deleted : HKLMSOFTWAREClassesInterface{E4A994B0-5550-4680-A4C6-B9470B888069}
    Key Deleted : HKLMSOFTWAREClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLMSOFTWAREClassesTypeLib{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{938958E8-355C-49FF-92B0-53C1B87ACEA9}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{938958E8-355C-49FF-92B0-53C1B87ACEA9}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{938958E8-355C-49FF-92B0-53C1B87ACEA9}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{70D46D94-BF1E-45ED-B567-48701376298E}
    Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{045F91B3-695F-423A-98C7-8DE3C47AA020}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{23119123-0854-469D-807A-171568457991}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{36B445BF-1B84-466A-A623-A360A8CFF8C3}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{A1440EC3-F0FA-407A-B811-DE6668C06D29}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{C815E3DA-0823-49B0-9270-D1771D58B317}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{D97143C2-4282-496B-BDC4-7EC852F1497C}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{E4A994B0-5550-4680-A4C6-B9470B888069}
    Key Deleted : HKCUSoftwarefilescout
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSpecialSavings
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallUpdater Service
    Key Deleted : [x64] HKLMSOFTWARETarma Installer
    Key Deleted : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

    ***** [ Browsers ] *****

    -\ Internet Explorer v10.0.9200.16720

    -\ Google Chrome v31.0.1650.57

    [ File : C:UsersberberAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [9961 octets] – [19/11/2013 13:58:45]
    AdwCleaner[S0].txt – [9874 octets] – [19/11/2013 14:00:01]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [9934 octets] ##########





    Et le rapport de MBAM qui a effectivement trouvé deux malwares:

    Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.11.19.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    berber :: BERBER1 [administrateur]

    Protection: Activé

    19/11/2013 14:16:33
    mbam-log-2013-11-19 (14-16-33).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 230191
    Temps écoulé: 4 minute(s), 55 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 1
    HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsHEMXCCAPE.EXE (Spyware.Passwords.ED) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:ProgramDataActiveU0hemxccape.exe (Spyware.Passwords.ED) -> Mis en quarantaine et supprimé avec succès.

    (fin)

    Anonyme
    Nombre d'articles : 0

    Pour MBAM, c’était des résidu Dorbot ;)

    Je t’ai pas fait utiliser UsbFix directement car il prend en charge dorkbot mais t’as eu le droit à une nouvelle variante , j’suis jaloux ^^, une mises à jours UsbFix est en cours de préparation ;)

    • Pour supprimer les fichiers temporaires :
    • Télécharge SFTGC.exe (de Pierre13) sur ton Bureau et pas ailleurs !.
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
    • Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    [hr:f8d0ys2a]

    • Pour supprimer les outils de désinfections utilisés :
    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche la case suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

    DaleCooper
    Nombre d'articles : 0

    Je suis flatté par cette marque particulière d’attention :-D
    Voici le lien vers le rapport SFTGC: http://cjoint.com/?3KtoQcbpIFY » onclick= »window.open(this.href);return false;
    Je pense qu’on y est maintenant.
    Je tenais à te remercier pour ton temps, ton aide précieuse et ton efficacité.
    Super boulot de pro !
    Bien cordialement,
    DC

    Anonyme
    Nombre d'articles : 0

    Je suis flatté par cette marque particulière d’attention :-D

    ^^

    Je pense qu’on y est maintenant.
    Je tenais à te remercier pour ton temps, ton aide précieuse et ton efficacité.
    Super boulot de pro !

    Oui on y est :) , je te souhaite de passer une agréable semaine ;)

    [hr:h3g1j52q]

    [fin2desinf:h3g1j52q][/fin2desinf:h3g1j52q]

10 sujets de 1 à 10 (sur un total de 10)

Vous devez être connecté pour répondre à ce sujet.