15 sujets de 1 à 15 (sur un total de 35)
  • Auteur
    Messages
  • Telma
    Nombre d'articles : 0

    [font=Century Gothic:306yzz9d]Bonjour,

    Ma clé USB est infectée par un virus qui transforme les dossiers/fichiers en raccourcis.
    Je pense que mon pc et du coup infecté aussi… ma deuxième clé usb a aussi ce problème de fichiers/ dossiers en raccoucis !!

    J'ai téléchargé Usbfix…
    Pouvez-vous m'indiquer la procédure à suivre pour la suite?

    Merci par avance[/font:306yzz9d]

    lilidurhone
    Nombre d'articles : 0

    Hello

    Je vais te prendre en charge ;)

    • Relance UsbFix depuis ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Choisi l’option Recherche

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    Telma
    Nombre d'articles : 0

    [font=Century Gothic:2t93k0ne]Voici mon rapport USBfix :

    ############################## | UsbFix V 7.156 | [Recherche]

    Utilisateur: Marie-Estelle (Administrateur) # PC-MARIE-ESTELL
    Mis à jour le 27/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:28:47 | 29/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (30FD)
    CPU: AMD Athlon(tm) X2 Dual-Core QL-62
    RAM -> [Total : 3069 | Free : 1114]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 31.0.1650.63
    WB: Mozilla Firefox : 26.0
    WB: Safari : 531.22.7

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Avira Desktop [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 224 Go (57 Go libre(s) – 25%) [] # NTFS
    D: -> Disque fixe # 9 Go (2 Go libre(s) – 18%) [HP_RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 1010 Mo (1008 Mo libre(s) – 100%) [] # FAT
    G: -> Disque amovible # 64 Mo (64 Mo libre(s) – 100%) [] # FAT

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 568 |ParentID: 556)
    C:Windowssystem32wininit.exe (ID: 632 |ParentID: 556)
    C:Windowssystem32csrss.exe (ID: 640 |ParentID: 624)
    C:Windowssystem32services.exe (ID: 680 |ParentID: 632)
    C:Windowssystem32lsass.exe (ID: 692 |ParentID: 632)
    C:Windowssystem32lsm.exe (ID: 700 |ParentID: 632)
    C:Windowssystem32svchost.exe (ID: 836 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 908 |ParentID: 680)
    C:WindowsSystem32svchost.exe (ID: 944 |ParentID: 680)
    C:Windowssystem32winlogon.exe (ID: 992 |ParentID: 624)
    C:WindowsSystem32svchost.exe (ID: 1040 |ParentID: 680)
    C:WindowsSystem32svchost.exe (ID: 1068 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1084 |ParentID: 680)
    C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046STacSV.exe (ID: 1128 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1308 |ParentID: 680)
    C:Windowssystem32SLsvc.exe (ID: 1324 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1356 |ParentID: 680)
    C:Windowssystem32Hpservice.exe (ID: 1428 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1488 |ParentID: 680)
    C:Windowssystem32WLANExt.exe (ID: 1736 |ParentID: 1068)
    C:WindowsSystem32spoolsv.exe (ID: 1876 |ParentID: 680)
    C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1900 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1920 |ParentID: 680)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 396 |ParentID: 680)
    C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046aestsrv.exe (ID: 432 |ParentID: 680)
    C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 524 |ParentID: 680)
    C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 540 |ParentID: 680)
    C:Program FilesBonjourmDNSResponder.exe (ID: 560 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 724 |ParentID: 680)
    C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 968 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 416 |ParentID: 680)
    C:Program FilesHPQuickPlayKernelTVQPCapSvc.exe (ID: 2156 |ParentID: 680)
    C:Program FilesHPQuickPlayKernelTVQPSched.exe (ID: 2180 |ParentID: 680)
    C:WindowsSMINSTBLService.exe (ID: 2220 |ParentID: 680)
    C:Program FilesCyberLinkShared FilesRichVideo.exe (ID: 2276 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 2332 |ParentID: 680)
    C:WindowsSystem32svchost.exe (ID: 2376 |ParentID: 680)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2468 |ParentID: 680)
    C:Windowssystem32SearchIndexer.exe (ID: 2516 |ParentID: 680)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2556 |ParentID: 2468)
    C:Windowssystem32taskeng.exe (ID: 2736 |ParentID: 1084)
    C:Windowssystem32Dwm.exe (ID: 3088 |ParentID: 1068)
    C:Windowssystem32taskeng.exe (ID: 3144 |ParentID: 1084)
    C:WindowsExplorer.EXE (ID: 3192 |ParentID: 3072)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3456 |ParentID: 836)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3548 |ParentID: 3192)
    C:Program FilesHPQuickPlayQPService.exe (ID: 3556 |ParentID: 3192)
    C:Program FilesWindows DefenderMSASCui.exe (ID: 3580 |ParentID: 3192)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3588 |ParentID: 3192)
    C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe (ID: 3596 |ParentID: 3192)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3628 |ParentID: 3192)
    C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 3676 |ParentID: 3192)
    C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (ID: 3688 |ParentID: 3192)
    C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3740 |ParentID: 3192)
    C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 3752 |ParentID: 3192)
    C:Program FilesIDTWDMsttray.exe (ID: 3800 |ParentID: 3192)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 3816 |ParentID: 3192)
    C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3848 |ParentID: 3192)
    C:Program FilesSamsungKiesKies.exe (ID: 3864 |ParentID: 3192)
    C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe (ID: 3896 |ParentID: 3192)
    C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 3908 |ParentID: 3192)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 1204 |ParentID: 3816)
    C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 1700 |ParentID: 524)
    C:WindowsSystem32alg.exe (ID: 4032 |ParentID: 680)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1584 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 4152 |ParentID: 680)
    C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 4316 |ParentID: 680)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4368 |ParentID: 836)
    C:Program FilesHewlett-PackardHP wireless AssistantWiFiMsg.EXE (ID: 4832 |ParentID: 3628)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 5012 |ParentID: 680)
    C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 5084 |ParentID: 3936)
    C:Program FilesHewlett-PackardSharedHpqToaster.exe (ID: 5104 |ParentID: 836)
    c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 6092 |ParentID: 680)
    C:Program FilesMonAlbumPhotomonAlbumPhoto.exe (ID: 4268 |ParentID: 3192)
    C:Program FilesMozilla Firefoxfirefox.exe (ID: 5500 |ParentID: 3192)
    C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 3616 |ParentID: 680)
    C:Program FilesMozilla Firefoxplugin-container.exe (ID: 6012 |ParentID: 5500)
    C:Program FilesMozilla Firefoxplugin-container.exe (ID: 3440 |ParentID: 5500)
    C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 1912 |ParentID: 3440)
    C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 176 |ParentID: 1912)
    C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID: 2480 |ParentID: 3192)
    C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID: 4120 |ParentID: 2480)
    C:Windowssystem32taskeng.exe (ID: 2072 |ParentID: 1084)
    C:WindowsSystem32WUDFHost.exe (ID: 4840 |ParentID: 1068)
    C:Windowssystem32conime.exe (ID: 2976 |ParentID: 4164)
    C:WindowsSystem32mobsync.exe (ID: 6036 |ParentID: 836)
    C:Program FilesWindows Media Playerwmplayer.exe (ID: 4624 |ParentID: 6036)
    C:UsbFixGo.exe (ID: 1400 |ParentID: 5196)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [OnScreenDisplay] – C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe
    04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [RIMBBLaunchAgent.exe] – C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
    04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [ehTray.exe] – C:WindowsehomeehTray.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [OfferBox] – C:Program FilesOfferBoxOfferBox.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesPreload] – C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesAirMessage] – C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [] – C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Mozilla] – wscript.exe //B “C:UsersMarie-EstelleAppDataRoamingMozilla.vbs”

    ################## | Recherche générique |

    Présent! C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Présent! C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Présent! C:UsersMARIE-~1AppDataLocalTempavgnt.exe
    Présent! G:Mozilla.vbs
    Présent! F:FOUND.000.lnk

    ################## | Référence de comparaison MD5 |

    Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Md5 : 959D7A16B9EA04C5356088803C9805FA -> G:Mozilla.vbs

    ################## | Comparaison MD5 |

    Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> G:Mozilla.vbs

    ################## | Registre |

    Présent! HKUS-1-5-21-1917961054-784476770-3265431197-1000SoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
    Présent! HKUS-1-5-21-1917961054-784476770-3265431197-1000SoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Mozilla

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    Merci par avance pour voter aide[/font:2t93k0ne]

    lilidurhone
    Nombre d'articles : 0

    Pas de quoi ;)

    • Relance UsbFix depuis ton Bureau !
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    Telma
    Nombre d'articles : 0

    [font=Century Gothic:x91scau2]Voici mon rapport du scan usb fixe :
    ############################## | UsbFix V 7.156 | [Recherche]

    Utilisateur: Marie-Estelle (Administrateur) # PC-MARIE-ESTELL
    Mis à jour le 27/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:28:47 | 29/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (30FD)
    CPU: AMD Athlon(tm) X2 Dual-Core QL-62
    RAM -> [Total : 3069 | Free : 1114]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 31.0.1650.63
    WB: Mozilla Firefox : 26.0
    WB: Safari : 531.22.7

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Avira Desktop [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 224 Go (57 Go libre(s) – 25%) [] # NTFS
    D: -> Disque fixe # 9 Go (2 Go libre(s) – 18%) [HP_RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 1010 Mo (1008 Mo libre(s) – 100%) [] # FAT
    G: -> Disque amovible # 64 Mo (64 Mo libre(s) – 100%) [] # FAT

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 568 |ParentID: 556)
    C:Windowssystem32wininit.exe (ID: 632 |ParentID: 556)
    C:Windowssystem32csrss.exe (ID: 640 |ParentID: 624)
    C:Windowssystem32services.exe (ID: 680 |ParentID: 632)
    C:Windowssystem32lsass.exe (ID: 692 |ParentID: 632)
    C:Windowssystem32lsm.exe (ID: 700 |ParentID: 632)
    C:Windowssystem32svchost.exe (ID: 836 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 908 |ParentID: 680)
    C:WindowsSystem32svchost.exe (ID: 944 |ParentID: 680)
    C:Windowssystem32winlogon.exe (ID: 992 |ParentID: 624)
    C:WindowsSystem32svchost.exe (ID: 1040 |ParentID: 680)
    C:WindowsSystem32svchost.exe (ID: 1068 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1084 |ParentID: 680)
    C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046STacSV.exe (ID: 1128 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1308 |ParentID: 680)
    C:Windowssystem32SLsvc.exe (ID: 1324 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1356 |ParentID: 680)
    C:Windowssystem32Hpservice.exe (ID: 1428 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1488 |ParentID: 680)
    C:Windowssystem32WLANExt.exe (ID: 1736 |ParentID: 1068)
    C:WindowsSystem32spoolsv.exe (ID: 1876 |ParentID: 680)
    C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1900 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 1920 |ParentID: 680)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 396 |ParentID: 680)
    C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046aestsrv.exe (ID: 432 |ParentID: 680)
    C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 524 |ParentID: 680)
    C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 540 |ParentID: 680)
    C:Program FilesBonjourmDNSResponder.exe (ID: 560 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 724 |ParentID: 680)
    C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 968 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 416 |ParentID: 680)
    C:Program FilesHPQuickPlayKernelTVQPCapSvc.exe (ID: 2156 |ParentID: 680)
    C:Program FilesHPQuickPlayKernelTVQPSched.exe (ID: 2180 |ParentID: 680)
    C:WindowsSMINSTBLService.exe (ID: 2220 |ParentID: 680)
    C:Program FilesCyberLinkShared FilesRichVideo.exe (ID: 2276 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 2332 |ParentID: 680)
    C:WindowsSystem32svchost.exe (ID: 2376 |ParentID: 680)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2468 |ParentID: 680)
    C:Windowssystem32SearchIndexer.exe (ID: 2516 |ParentID: 680)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2556 |ParentID: 2468)
    C:Windowssystem32taskeng.exe (ID: 2736 |ParentID: 1084)
    C:Windowssystem32Dwm.exe (ID: 3088 |ParentID: 1068)
    C:Windowssystem32taskeng.exe (ID: 3144 |ParentID: 1084)
    C:WindowsExplorer.EXE (ID: 3192 |ParentID: 3072)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3456 |ParentID: 836)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3548 |ParentID: 3192)
    C:Program FilesHPQuickPlayQPService.exe (ID: 3556 |ParentID: 3192)
    C:Program FilesWindows DefenderMSASCui.exe (ID: 3580 |ParentID: 3192)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3588 |ParentID: 3192)
    C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe (ID: 3596 |ParentID: 3192)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3628 |ParentID: 3192)
    C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 3676 |ParentID: 3192)
    C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (ID: 3688 |ParentID: 3192)
    C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3740 |ParentID: 3192)
    C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 3752 |ParentID: 3192)
    C:Program FilesIDTWDMsttray.exe (ID: 3800 |ParentID: 3192)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 3816 |ParentID: 3192)
    C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3848 |ParentID: 3192)
    C:Program FilesSamsungKiesKies.exe (ID: 3864 |ParentID: 3192)
    C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe (ID: 3896 |ParentID: 3192)
    C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 3908 |ParentID: 3192)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 1204 |ParentID: 3816)
    C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 1700 |ParentID: 524)
    C:WindowsSystem32alg.exe (ID: 4032 |ParentID: 680)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1584 |ParentID: 680)
    C:Windowssystem32svchost.exe (ID: 4152 |ParentID: 680)
    C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 4316 |ParentID: 680)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4368 |ParentID: 836)
    C:Program FilesHewlett-PackardHP wireless AssistantWiFiMsg.EXE (ID: 4832 |ParentID: 3628)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 5012 |ParentID: 680)
    C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 5084 |ParentID: 3936)
    C:Program FilesHewlett-PackardSharedHpqToaster.exe (ID: 5104 |ParentID: 836)
    c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 6092 |ParentID: 680)
    C:Program FilesMonAlbumPhotomonAlbumPhoto.exe (ID: 4268 |ParentID: 3192)
    C:Program FilesMozilla Firefoxfirefox.exe (ID: 5500 |ParentID: 3192)
    C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 3616 |ParentID: 680)
    C:Program FilesMozilla Firefoxplugin-container.exe (ID: 6012 |ParentID: 5500)
    C:Program FilesMozilla Firefoxplugin-container.exe (ID: 3440 |ParentID: 5500)
    C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 1912 |ParentID: 3440)
    C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 176 |ParentID: 1912)
    C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID: 2480 |ParentID: 3192)
    C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID: 4120 |ParentID: 2480)
    C:Windowssystem32taskeng.exe (ID: 2072 |ParentID: 1084)
    C:WindowsSystem32WUDFHost.exe (ID: 4840 |ParentID: 1068)
    C:Windowssystem32conime.exe (ID: 2976 |ParentID: 4164)
    C:WindowsSystem32mobsync.exe (ID: 6036 |ParentID: 836)
    C:Program FilesWindows Media Playerwmplayer.exe (ID: 4624 |ParentID: 6036)
    C:UsbFixGo.exe (ID: 1400 |ParentID: 5196)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [OnScreenDisplay] – C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe
    04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [RIMBBLaunchAgent.exe] – C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
    04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [ehTray.exe] – C:WindowsehomeehTray.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [OfferBox] – C:Program FilesOfferBoxOfferBox.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesPreload] – C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesAirMessage] – C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [] – C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Mozilla] – wscript.exe //B “C:UsersMarie-EstelleAppDataRoamingMozilla.vbs”

    ################## | Recherche générique |

    Présent! C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Présent! C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Présent! C:UsersMARIE-~1AppDataLocalTempavgnt.exe
    Présent! G:Mozilla.vbs
    Présent! F:FOUND.000.lnk

    ################## | Référence de comparaison MD5 |

    Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Md5 : 959D7A16B9EA04C5356088803C9805FA -> G:Mozilla.vbs

    ################## | Comparaison MD5 |

    Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> G:Mozilla.vbs

    ################## | Registre |

    Présent! HKUS-1-5-21-1917961054-784476770-3265431197-1000SoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
    Présent! HKUS-1-5-21-1917961054-784476770-3265431197-1000SoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Mozilla

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    :merci2:[/font:x91scau2]

    lilidurhone
    Nombre d'articles : 0

    Tu t’es trompé ;)

    Fais suppression ;)

    Telma
    Nombre d'articles : 0

    [font=Century Gothic:26xdpbhg]Oui dsl j'avais recliqué sur recherche -_-

    du coup le rapport après avoir cliqué sur supprimer donne ça :

    ############################## | UsbFix V 7.156 | [Suppression]

    Utilisateur: Marie-Estelle (Administrateur) # PC-MARIE-ESTELL
    Mis à jour le 27/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 21:01:58 | 29/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (30FD)
    CPU: AMD Athlon(tm) X2 Dual-Core QL-62
    RAM -> [Total : 3069 | Free : 1422]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 31.0.1650.63
    WB: Mozilla Firefox : 26.0
    WB: Safari : 531.22.7

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Avira Desktop [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 224 Go (57 Go libre(s) – 25%) [] # NTFS
    D: -> Disque fixe # 9 Go (2 Go libre(s) – 18%) [HP_RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 1010 Mo (1008 Mo libre(s) – 100%) [] # FAT
    G: -> Disque amovible # 64 Mo (64 Mo libre(s) – 100%) [] # FAT

    ################## | Processus Stoppés |

    Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046STacSV.exe (ID: 1128 |ParentID: 680)
    Stoppé! C:Windowssystem32SLsvc.exe (ID: 1324 |ParentID: 680)
    Stoppé! C:Windowssystem32Hpservice.exe (ID: 1428 |ParentID: 680)
    Stoppé! C:Windowssystem32WLANExt.exe (ID: 1736 |ParentID: 1068)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1876 |ParentID: 680)
    Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1900 |ParentID: 680)
    Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 396 |ParentID: 680)
    Stoppé! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046aestsrv.exe (ID: 432 |ParentID: 680)
    Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 524 |ParentID: 680)
    Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 540 |ParentID: 680)
    Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 560 |ParentID: 680)
    Stoppé! C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 968 |ParentID: 680)
    Stoppé! C:Program FilesHPQuickPlayKernelTVQPCapSvc.exe (ID: 2156 |ParentID: 680)
    Stoppé! C:Program FilesHPQuickPlayKernelTVQPSched.exe (ID: 2180 |ParentID: 680)
    Stoppé! C:WindowsSMINSTBLService.exe (ID: 2220 |ParentID: 680)
    Stoppé! C:Program FilesCyberLinkShared FilesRichVideo.exe (ID: 2276 |ParentID: 680)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2468 |ParentID: 680)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2516 |ParentID: 680)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2556 |ParentID: 2468)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2736 |ParentID: 1084)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 3144 |ParentID: 1084)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3548 |ParentID: 3192)
    Stoppé! C:Program FilesHPQuickPlayQPService.exe (ID: 3556 |ParentID: 3192)
    Stoppé! C:Program FilesWindows DefenderMSASCui.exe (ID: 3580 |ParentID: 3192)
    Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3588 |ParentID: 3192)
    Stoppé! C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe (ID: 3596 |ParentID: 3192)
    Stoppé! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3628 |ParentID: 3192)
    Stoppé! C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 3676 |ParentID: 3192)
    Stoppé! C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (ID: 3688 |ParentID: 3192)
    Stoppé! C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3740 |ParentID: 3192)
    Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 3752 |ParentID: 3192)
    Stoppé! C:Program FilesIDTWDMsttray.exe (ID: 3800 |ParentID: 3192)
    Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 3816 |ParentID: 3192)
    Stoppé! C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3848 |ParentID: 3192)
    Stoppé! C:Program FilesSamsungKiesKies.exe (ID: 3864 |ParentID: 3192)
    Stoppé! C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe (ID: 3896 |ParentID: 3192)
    Stoppé! C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 3908 |ParentID: 3192)
    Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 1204 |ParentID: 3816)
    Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 1700 |ParentID: 524)
    Stoppé! C:WindowsSystem32alg.exe (ID: 4032 |ParentID: 680)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1584 |ParentID: 680)
    Stoppé! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 4316 |ParentID: 680)
    Stoppé! C:Program FilesHewlett-PackardHP wireless AssistantWiFiMsg.EXE (ID: 4832 |ParentID: 3628)
    Stoppé! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 5012 |ParentID: 680)
    Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 5084 |ParentID: 3936)
    Stoppé! C:Program FilesHewlett-PackardSharedHpqToaster.exe (ID: 5104 |ParentID: 836)
    Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 6092 |ParentID: 680)
    Stoppé! C:Program FilesMonAlbumPhotomonAlbumPhoto.exe (ID: 4268 |ParentID: 3192)
    Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 5500 |ParentID: 3192)
    Stoppé! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 3616 |ParentID: 680)
    Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 6012 |ParentID: 5500)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2072 |ParentID: 1084)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4840 |ParentID: 1068)
    Stoppé! C:Windowssystem32conime.exe (ID: 2976 |ParentID: 4164)
    Stoppé! C:WindowsSystem32mobsync.exe (ID: 6036 |ParentID: 836)
    Stoppé! C:Program FilesWindows Media Playerwmplayer.exe (ID: 4624 |ParentID: 6036)
    Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 3980 |ParentID: 1400)
    Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 5584 |ParentID: 5500)
    Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 1680 |ParentID: 5584)
    Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 3496 |ParentID: 1680)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [OnScreenDisplay] – C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe
    04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [RIMBBLaunchAgent.exe] – C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program FilesSamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
    04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [ehTray.exe] – C:WindowsehomeehTray.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [OfferBox] – C:Program FilesOfferBoxOfferBox.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesPreload] – C:Program FilesSamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesAirMessage] – C:Program FilesSamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [] – C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Mozilla] – wscript.exe //B “C:UsersMarie-EstelleAppDataRoamingMozilla.vbs”

    ################## | Recherche générique |

    Supprimé! C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Supprimé! C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Supprimé! C:UsersMARIE-~1AppDataLocalTempavgnt.exe
    Supprimé! G:Mozilla.vbs
    Supprimé! F:FOUND.000.lnk

    (!) Fichiers temporaires supprimés. (107634 Ko)

    ################## | Référence de comparaison MD5 |

    Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
    Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
    Md5 : 959D7A16B9EA04C5356088803C9805FA -> G:Mozilla.vbs

    ################## | Comparaison MD5 |

    -> Pas de valeur Md5 identique trouvée.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-1917961054-784476770-3265431197-1000SoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
    Supprimé! HKUS-1-5-21-1917961054-784476770-3265431197-1000Software….Mountpoints2{461f4531-f421-11df-883e-001eece86790}

    ################## | Listing |

    [07/11/2007 – 08:00:40 | N | 17 Ko] – C:eula.1031.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – C:eula.2052.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – C:eula.1042.txt
    [07/11/2007 – 08:00:40 | N | 0 Ko] – C:eula.1041.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – C:eula.1040.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – C:eula.1036.txt
    [07/11/2007 – 08:00:40 | N | 10 Ko] – C:eula.1033.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – C:eula.1028.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – C:eula.3082.txt
    [29/12/2013 – 20:20:07 | N | 13 Ko] – C:UsbFix [Scan 1] PC-MARIE-ESTELL.txt
    [29/12/2013 – 20:43:49 | N | 13 Ko] – C:UsbFix [Scan 2] PC-MARIE-ESTELL.txt
    [29/12/2013 – 21:15:49 | A | 12 Ko] – C:UsbFix [Clean 1] PC-MARIE-ESTELL.txt
    [29/08/2010 – 23:14:40 | N | 0 Ko] – C:t.tmp
    [18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
    [29/12/2013 – 12:04:30 | ASH | 3449944 Ko] – C:pagefile.sys
    [29/12/2013 – 12:04:33 | ASH | 3143512 Ko] – C:hiberfil.sys
    [25/12/2008 – 20:27:10 | D] – C:System.sav
    [25/12/2008 – 20:28:53 | N | 0 Ko] – C:IPH.PH
    [07/11/2007 – 08:12:28 | N | 228 Ko] – C:VC_RED.MSI
    [07/11/2007 – 08:00:40 | N | 1 Ko] – C:globdata.ini
    [07/11/2007 – 08:00:40 | N | 1 Ko] – C:install.ini
    [07/11/2007 – 08:03:18 | N | 550 Ko | 520A6D1CBCC9CF642C625FE814C93C58] – C:install.exe
    [07/11/2007 – 08:03:18 | N | 89 Ko] – C:install.res.1033.dll
    [07/11/2007 – 08:03:18 | N | 95 Ko] – C:install.res.1036.dll
    [07/11/2007 – 08:03:18 | N | 75 Ko] – C:install.res.1028.dll
    [07/11/2007 – 08:03:18 | N | 94 Ko] – C:install.res.1031.dll
    [07/11/2007 – 08:03:18 | N | 80 Ko] – C:install.res.1041.dll
    [07/11/2007 – 08:03:18 | N | 78 Ko] – C:install.res.1042.dll
    [07/11/2007 – 08:03:18 | N | 74 Ko] – C:install.res.2052.dll
    [07/11/2007 – 08:03:18 | N | 94 Ko] – C:install.res.3082.dll
    [07/11/2007 – 08:03:18 | N | 93 Ko] – C:install.res.1040.dll
    [07/11/2007 – 08:09:22 | N | 1409 Ko] – C:VC_RED.cab
    [29/02/2004 – 16:44:34 | N | 51 Ko] – C:orange.bmp
    [07/11/2007 – 08:00:40 | N | 6 Ko] – C:vcredist.bmp
    [12/01/2009 – 21:47:52 | SHD] – C:$RECYCLE.BIN
    [13/06/2008 – 04:29:47 | A | 0 Ko] – C:autoexec.bat
    [02/11/2006 – 14:02:03 | SHD] – C:Documents and Settings
    [13/06/2008 – 04:39:23 | RHD] – C:MSOCache
    [25/12/2008 – 20:28:53 | D] – C:HP
    [25/12/2008 – 22:20:03 | D] – C:Temp
    [11/04/2009 – 07:36:36 | RASH | 325 Ko] – C:bootmgr
    [17/09/2009 – 18:25:54 | SHD] – C:boot
    [10/05/2011 – 18:01:18 | D] – C:PerfLogs
    [03/06/2013 – 22:07:20 | D] – C:SWSETUP
    [12/06/2013 – 23:15:19 | D] – C:b0776cdd3896d86f0a
    [12/11/2013 – 19:58:33 | D] – C:Users
    [12/12/2013 – 20:19:52 | D] – C:Windows
    [13/12/2013 – 10:20:40 | HD] – C:ProgramData
    [23/12/2013 – 17:34:21 | D] – C:Program Files
    [29/12/2013 – 12:18:59 | SHD] – C:System Volume Information
    [29/12/2013 – 21:14:48 | D] – C:UsbFix
    [12/08/2003 – 10:37:30 | SH | 178 Ko] – D:protect.turkish
    [25/12/2008 – 21:11:44 | N | 0 Ko] – D:RCBoot.sys
    [25/12/2008 – 22:19:50 | N | 0 Ko] – D:HPCD.sys
    [10/09/2002 – 14:15:06 | SH | 177 Ko] – D:protect.swedish
    [03/11/2005 – 15:11:46 | SH | 177 Ko] – D:protect.spanish
    [28/06/2004 – 08:52:46 | SH | 207 Ko] – D:protect.russian
    [25/12/2008 – 20:25:35 | N | 0 Ko] – D:BLOCK.RIN
    [27/10/2005 – 19:24:10 | SH | 178 Ko] – D:protect.portuguese brazilian
    [03/11/2005 – 15:13:12 | SH | 177 Ko] – D:protect.portuguese
    [25/04/2006 – 14:44:10 | SH | 178 Ko] – D:protect.polish
    [03/11/2005 – 15:15:12 | SH | 177 Ko] – D:protect.norwegian
    [29/12/2013 – 21:01:58 | N | 0 Ko] – D:MASTER.LOG
    [24/11/2005 – 11:24:44 | SH | 213 Ko] – D:protect.korean
    [10/07/2013 – 20:19:36 | N | 24 Ko] – D:moifb.jpg
    [10/07/2013 – 20:22:52 | N | 182 Ko] – D:292811_10150358090226407_3621149_n.jpg
    [10/08/2013 – 01:00:42 | N | 37 Ko] – D:24793_1415179460517_1346827_n.jpg
    [02/10/2013 – 20:36:54 | N | 88 Ko] – D:1379801_10151686437841270_520956424_n.jpg
    [19/06/2007 – 15:22:10 | SH | 178 Ko] – D:protect.japanese
    [03/11/2005 – 15:17:00 | SH | 177 Ko] – D:protect.italian
    [26/03/2008 – 16:08:32 | SH | 1 Ko] – D:Desktop.ini
    [29/12/2013 – 20:43:47 | RASHD] – D:Autorun.inf
    [28/08/2007 – 14:58:08 | N | 177 Ko] – D:protect.hungarian
    [10/09/2002 – 16:14:28 | N | 8 Ko] – D:Folder.htt
    [23/01/2006 – 09:18:00 | SH | 178 Ko] – D:protect.hebrew
    [23/11/2005 – 15:56:46 | SH | 178 Ko] – D:protect.greek
    [03/11/2005 – 15:18:10 | SH | 177 Ko] – D:protect.german
    [03/11/2005 – 15:19:52 | SH | 177 Ko] – D:protect.french
    [03/11/2005 – 15:20:20 | SH | 177 Ko] – D:protect.finnish
    [22/11/2004 – 15:28:30 | SH | 177 Ko] – D:protect.english
    [10/09/2002 – 13:50:18 | SH | 177 Ko] – D:protect.ed
    [10/09/2002 – 13:56:12 | SH | 177 Ko] – D:protect.dutch
    [03/11/2005 – 15:21:26 | SH | 177 Ko] – D:protect.danish
    [27/04/2006 – 16:19:40 | SH | 178 Ko] – D:protect.czech
    [16/09/2002 – 14:37:48 | SH | 178 Ko] – D:protect.chinese traditional
    [16/09/2002 – 14:37:40 | SH | 178 Ko] – D:protect.chinese simplified
    [16/09/2002 – 14:37:48 | SH | 178 Ko] – D:protect.chinese hong kong
    [12/01/2009 – 21:47:52 | SHD] – D:$RECYCLE.BIN
    [03/10/2006 – 23:02:44 | SH | 428 Ko] – D:bootmgr
    [29/10/2008 – 03:44:03 | SHD] – D:System Volume Information
    [29/10/2008 – 10:23:05 | RD] – D:RECOVERY
    [29/10/2008 – 10:23:06 | RSHD] – D:boot
    [29/10/2008 – 10:23:09 | RSHD] – D:SOURCES
    [29/10/2008 – 10:23:11 | D] – D:WINDOWS
    [29/10/2008 – 10:23:31 | D] – D:Tools
    [29/10/2008 – 10:23:39 | D] – D:HP
    [25/12/2008 – 22:19:51 | RSHD] – D:PRELOAD
    [29/12/2013 – 20:43:48 | RASHD] – F:Autorun.inf
    [29/12/2013 – 20:27:44 | D] – F:FOUND.001
    [08/09/2013 – 23:16:36 | D] – F:FOUND.000
    [29/12/2013 – 20:43:50 | RASHD] – G:Autorun.inf

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    Je dois faire quoi après ça?

    Encore merci,

    J'espère que ça va marcher!!![/font:26xdpbhg]

    lilidurhone
    Nombre d'articles : 0

    :)

    Plus de raccourcis sur tes clés?

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
    Telma
    Nombre d'articles : 0

    [font=Century Gothic:35avaxtq]Ok j'ai téléchargé ZHPdiag2 … j'ai pas trouvé si c'était de Nicolas Coolman ou nn par contre…

    En ce qui concerne mes clefs usb j'avais copié/collé leur contenue (sur le serveur pour pas perdre mes données) à la fac (d'où provient le virus) et déjà supprimé leur contenu pour essayer de les formater mais bien sur ça n'avait rien changé! …
    Mais l'une des deux a toujours deux fichiers : FOUND.000 et FOUND.001 qui ne peuvent pas être supprimés, je ne sais pas ce que c'est!!!

    Je lance le scan du ZHPdiag2 et j’envoie le rapport :)[/font:35avaxtq]

    Telma
    Nombre d'articles : 0

    [font=Century Gothic:z46lm42b]En fait j'ai installé ZHPFix mais qd je clique sur configuré y a pas la loupe ac le + !

    -_- …[/font:z46lm42b]

    lilidurhone
    Nombre d'articles : 0

    Tu t’es trompée mdr

    Faut lancer zhpdiag (icône parchemin ;) )

    On continue demain ;)

    Telma
    Nombre d'articles : 0

    -_-
    J’ai réussi !voilà le scan de ZHPdiag:
    (trop long alors je le met ds deux msg!)

    ~ Rapport de ZHPDiag v2013.12.26.23 – Nicolas Coolman (26/12/2013)
    ~ Lancé par Marie-Estelle (30/12/2013 00:30:35)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC):

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421
    MFIE: Mozilla Firefox 26.0 (Defaut)
    GCIE: Google Chrome v31.0.1650.63
    OBIE: Safari v5.31.22.7

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
    Windows Server License Manager Script : OK
    ~ Vista, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : WQD8Q
    Windows License : OK
    Windows Automatic Updates : OK

    —\ Logiciels de protection du système
    Avira Free Antivirus v14.0.2.286

    —\ Logiciels d’optimisation du système
    CCleaner v3.17 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X
    Java 7 Update 21

    —\ Informations sur le système
    ~ Processor: x86 Family 17 Model 3 Stepping 1, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3069 MB (63% free)
    System Restore: Activé (Enable)
    System drive C: has 58 GB (25%) free of 224 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-MARIE-ESTELL
    ~ User Name: Marie-Estelle
    ~ All Users Names: Marie-Estelle, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersMarie-EstelleAppDataRoamingZHP
    ~ %AppData% : C:UsersMarie-EstelleAppDataRoaming
    ~ %Desktop% : C:UsersMarie-EstelleDesktop
    ~ %Favorites% : C:UsersMarie-EstelleFavorites
    ~ %LocalAppData% : C:UsersMarie-EstelleAppDataLocal
    ~ %StartMenu% : C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 58 Go of 224 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 9 Go)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)
    G: Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 42 Legitimates Filtered in 00mn 00s

    Telma
    Nombre d'articles : 0

    Suite :

    —\ Recherche particulière de fichiers génériques
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.11/04/2009 – 07:27:36.) — C:WindowsExplorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:23:42.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.4CC9DF09C3D915BA0A101A11DB684F26] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.14/11/2013 – 23:42:41.) — C:WindowsSystem32wininet.dll [1129472]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/04/2009 – 07:28:13.) — C:WindowsSystem32Winlogon.exe [314368]
    [MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.11/04/2009 – 07:32:26.) — C:Windowssystem32Driversatapi.sys [19944]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:23:51.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.11/04/2009 – 05:39:17.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.11/04/2009 – 05:42:42.) — C:Windowssystem32DriversHDAudBus.sys [561152]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:23:20.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:24:25.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
    [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.11/04/2009 – 05:45:37.) — C:Windowssystem32DriversnetBT.sys [185856]
    [MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.03/03/2013 – 20:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
    [MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:24:55.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.FBC0BACD9C3D7F6956853F64A66E252D] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.21/01/2008 – 03:23:01.) — C:Windowssystem32Driversrdpdr.sys [248832]
    [MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.11/04/2009 – 05:45:22.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.11/04/2009 – 05:45:56.) — C:Windowssystem32Driverstdx.sys [72192]
    [MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/08/2012 – 12:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
    ~ Generic Processes: Scanned in 00mn 02s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/1055
    ~ Mes musiques (My Musics) : 123/2452
    ~ Mes Videos (My Videos) : 1/38
    ~ Mes Favoris (My Favorites) : 49/120
    ~ Mes Documents (My Documents) : 4/9523
    ~ Mon Bureau (My Desktop) : 1/1382
    ~ Menu demarrer (Programs) : 1/38
    ~ Hidden Files: Scanned in 00mn 06s

    —\ Processus lancés
    [MD5.DD231039B13EC2ABDE315D76E658EF0E] – (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program FilesAviraAntiVir Desktopavgnt.exe [684600] [PID.3752]
    [MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.2304]
    [MD5.870DF389D7676EDBB635141336A867C6] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8302080] [PID.2976]
    [MD5.FE79366FECD444A16CCA9979134DBEA8] – (.Avira Operations GmbH & Co. KG – Antivirus Host Framework Service.) — C:Program FilesAviraAntiVir Desktopsched.exe [440376] [PID.1900]
    [MD5.FDE9C7030FB1E9E2715E113EE6A10F90] – (.Avira Operations GmbH & Co. KG – Antivirus Host Framework Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [440376] [PID.524]
    [MD5.6F1E9AB820B3DD8BD38C0190A206205D] – (.Avira Operations GmbH & Co. KG – AntiVir shadow copy service.) — C:Program FilesAviraAntiVir Desktopavshadow.exe [431672] [PID.1700]
    [MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] – (.Microsoft Corporation – PresentationFontCache.exe.) — C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [43904] [PID.4436]
    [MD5.F401929EE0CC92BFE7F15161CA535383] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55184] [PID.1892]
    [MD5.A19B0BB5A7EB6DF2DD4A0711D36955EE] – (.Hewlett-Packard – HP Health Check Service.) — c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe [94208] [PID.4092]
    [MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1788]
    [MD5.A1545B731579895D8CC44FC0481C1192] – (.Microsoft Corporation – Service de la passerelle de la couche Appli.) — C:WindowsSystem32alg.exe [59392] [PID.2128]
    [MD5.5DAF7081A4BB112FA3F1915819330A3E] – (…) — C:Program FilesZHPDiagpv.exe [61440] [PID.0]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersMarie-EstelleAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.15.5.0.2 (Désactivé) =>Toolbar.AVGSearch
    G2 – GCE: Preference [User DataDefault] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.4 (Désactivé) =>Adware.MyWebSearch
    ~ Google Browser: 15 Legitimates Filtered in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultprefs.js
    C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultuser.js
    M3 – MFPP: Plugins – [Marie-Estelle] — C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultsearchpluginsavg-secure-search.xml
    M3 – MFPP: Plugins – [Marie-Estelle] — C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultsearchpluginsfissa.xml =>PUP.OfferBox
    M3 – MFPP: Plugins – [Marie-Estelle] — C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultsearchpluginsMysearchdial.xml =>Adware.MyWebSearch
    M3 – MFPP: Plugins – [Marie-Estelle] — C:Program FilesMozilla FireFoxsearchpluginsavg-secure-search.xml
    M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default@FissaPlugin] [] Fissa v1.0 (..) =>PUP.OfferBox
    M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.defaultzigboom.designs@gmail.com] [] BlackFox V2-Blue v2.1.6 (..)
    M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default{19803860-b306-423c-bbb5-f60a7d82cde5}] [] WiseConvert 1.5 v10.23.0.822 (..) =>Toolbar.Conduit
    M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v3.1.0.20130818030116 (..)
    M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] [] MySearchDial NewTab v3.1.0.20130818030116 (..) =>Adware.MyWebSearch
    P2 – FPN: [HKLM] [@viewpoint.com/VMP] – (.Pas de propriétaire – MetaStream 3 Plugin r4.) — C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll =>Adware.MetaStream
    ~ Firefox Browser: 46 Legitimates Filtered in 00mn 02s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    R4 – HKCUSOFTWAREMicrosoftInternet ExplorerPhishingFilter,Enabled = 1
    ~ IE Browser: 12 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{A057A204-BACC-4D26-9E83-2DB586E27190} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{472734EA-242A-422B-ADF8-83D1E48CC825} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Aide et Support d’HP.lnk . (.Hewlett-Packard – HPHS Launcher.) — C:WindowsHelpOEMscriptsHPHS_Launcher.exe
    O4 – GSDesktop [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
    O4 – GSDesktop [Public]: Octave.lnk . (…) — C:Program FilesOctave3.0.5_gcc-4.3.0binoctave-3.0.5.exe
    O4 – GSProgram [Public]: cellule_3D.lnk . (…) — C:Program Filesplanetes3Dplanet3D.exe
    O4 – GSProgram [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Public]: Pour les enfants.lnk . (.EasyBits Software AS – For Kids.) — C:Program FilesEasyBits For KidsPromoezKidsReady.exe =>.EasyBits Software AS
    O4 – GSProgram [Public]: QuickPlay Manager.lnk . (.CyberLink Corp. – HP QuickPlay Manage Program.) — C:Program FilesHPQuickPlayQPManager.exe
    O4 – GSProgram [Public]: QuickPlay.lnk . (.CyberLink Corp. – HP QuickPlay.) — C:Program FilesHPQuickPlayQP.exe
    O4 – GSProgram [Public]: Starzik Download Manager.lnk . (…) — C:Program FilesStarzik Download ManagerStarzik Download Manager.exe
    O4 – GSQuickLaunch [Marie-Estelle]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSQuickLaunch [Marie-Estelle]: Mozilla Firefox (2).lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Marie-Estelle]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Marie-Estelle]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSystemTools [Marie-Estelle]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSDesktop [Marie-Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Marie-Estelle]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSDesktop [Marie-Estelle]: planete3D.lnk . (…) — C:Program Filesplanetes3Dplanet3D.exe
    ~ Global Startup: 73 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – HKLM..Run: [SynTPEnh] . (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 – HKLM..Run: [QPService] . (.CyberLink Corp. – HP QuickPlay Resident Program.) — C:Program FilesHPQuickPlayQPService.exe
    O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
    O4 – HKLM..Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. – Quick Launch Buttons.) — C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
    O4 – HKLM..Run: [OnScreenDisplay] . (. Hewlett-Packard Development Company, L.P. – HP QuickTouch On Screen Display.) — C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe
    O4 – HKLM..Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. – HPWAMain Module.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    O4 – HKLM..Run: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    O4 – HKLM..Run: [HP Health Check Scheduler] . (.Hewlett-Packard – HP Health Check Scheduler.) — c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited – Launch Agent Service.) — C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program FilesAviraAntiVir Desktopavgnt.exe
    O4 – HKLM..Run: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program FilesMicrosoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
    O4 – HKCU..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
    O4 – HKCU..Run: [OfferBox] C:Program FilesOfferBoxOfferBox.exe (.not file.) =>PUP.OfferBox
    O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
    O4 – HKCU..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
    O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [OfferBox] C:Program FilesOfferBoxOfferBox.exe (.not file.) =>PUP.OfferBox
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{212736AF-65FB-4B36-80D0-E3E27259B6CB}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCCSServicesTcpip..{3434B8B3-FC47-4D27-9E78-6631641D3D74}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{212736AF-65FB-4B36-80D0-E3E27259B6CB}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS1ServicesTcpip..{3434B8B3-FC47-4D27-9E78-6631641D3D74}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{212736AF-65FB-4B36-80D0-E3E27259B6CB}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS3ServicesTcpip..{3434B8B3-FC47-4D27-9E78-6631641D3D74}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_HP_rmv.job [350]
    O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_TB_rmv.job [350]
    [MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_HP_rmv] (…) — C:WindowsTEMP{42442D61-6FB2-4A99-80CC-3EC4D9DAA021}.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (…) — C:WindowsTEMP{26E15C44-6DA3-4EC0-8164-B7DB49238A7F}.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{035CB9B0-6A3E-4FE4-ACA5-FD5D6152ED3F}] (…) — E:.Autorun.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{04D6F92F-F963-48C0-9F4B-4511D0CE659E}] (…) — C:Program FilesAIM6uninst.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{4B671E64-3D31-445D-9676-FDA18A328F2A}] (…) — C:Program FilesQuickTimeQTSystemQuickTime.cpl” -c QuickTime (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{7AF94D5F-8C16-4F20-A002-9E0F874B8576}] (…) — E:.Autorun.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{85943581-0889-40CE-AB2D-C77F3FA636B7}] (…) — C:UsersMarie-EstelleDownloads601_b021_multilanguage.exe (.not file.) [0]
    ~ Scheduled Task: 28 Legitimates Filtered in 00mn 08s

    —\ Logiciels installés (O42)
    O42 – Logiciel: OfferBox – (.Secure Digital Services.) [HKLM] — {2C8574B5-6935-4FCE-860E-F4E8602378FF} =>Adware.SPointer
    ~ Logic: 51 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareBabylon] =>PUP.Babylon
    [HKCUSoftwareConduit] =>Toolbar.Conduit
    [HKCUSoftwareFissaSearch] =>PUP.OfferBox
    [HKCUSoftwareIGearSettings]
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKCUSoftwareOfferBox] =>PUP.OfferBox
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwareVittalia] =>PUP.Vittalia
    [HKCUSoftwareWideStream] =>Adware.SPointer
    [HKCUSoftwareYahooPartnerToolbar]
    [HKCUSoftwaremysearchdial.com] =>Adware.MyWebSearch
    [HKLMSoftwareMetaStream] =>Adware.MetaStream
    ~ Key Software: 332 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 29/08/2010 – 23:15:42 – [0] —-D C:Program FilesCrazyLoader =>Adware.SPointer
    O43 – CFD: 12/12/2013 – 21:15:15 – [0,015] —-D C:Program FilesMyPC Backup =>PUP.MyPCBackup
    O43 – CFD: 18/11/2010 – 21:33:05 – [1,658] —-D C:Program Filesplanetes3D
    O43 – CFD: 24/02/2010 – 10:33:36 – [1,760] —-D C:Program FilesSpyware Doctor
    O43 – CFD: 21/02/2013 – 21:26:24 – [0] —-D C:Program FilesWidestream6 =>Adware.SPointer
    O43 – CFD: 05/04/2011 – 10:38:07 – [0] –H-D C:ProgramDatacJb31001dNaIa31001
    O43 – CFD: 06/06/2012 – 19:13:46 – [0,024] —-D C:UsersMarie-EstelleAppDataRoamingFissaSearch =>PUP.OfferBox
    O43 – CFD: 17/06/2010 – 19:37:16 – [0,353] —-D C:UsersMarie-EstelleAppDataRoamingOfferBox =>PUP.OfferBox
    O43 – CFD: 04/04/2012 – 14:46:35 – [14,360] —-D C:UsersMarie-EstelleAppDataRoamingOpenCandy =>Adware.OpenCandy
    O43 – CFD: 06/06/2010 – 18:26:17 – [0,001] –H-D C:UsersMarie-EstelleAppDataRoamingwidestream =>Adware.SPointer
    O43 – CFD: 17/05/2011 – 16:40:50 – [0,525] –H-D C:UsersMarie-EstelleAppDataLocalwidestream6 Air =>Adware.SPointer
    O43 – CFD: 04/07/2011 – 04:38:31 – [0,003] —-D C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsCrazyLoader =>Adware.SPointer
    ~ 4 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 233 Legitimates Filtered in 00mn 58s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] – 23/12/2013 – 23:00:18 —A- . (…) — C:WindowsSystem32DOErrors.log [52]
    O44 – LFC:[MD5.6361D50FE0AD8ECC249D6A7CB37B514B] – 29/12/2013 – 20:20:07


    . (…) — C:UsbFix [Scan 1] PC-MARIE-ESTELL.txt [12880]
    O44 – LFC:[MD5.5F8BDF657FD65DE8803D7C494611679C] – 29/12/2013 – 20:43:49


    . (…) — C:UsbFix [Scan 2] PC-MARIE-ESTELL.txt [13094]
    O44 – LFC:[MD5.36A47F2E5C9049A2464D134386FFBF23] – 29/12/2013 – 21:15:53 —A- . (…) — C:UsbFix [Clean 1] PC-MARIE-ESTELL.txt [17272]
    ~ Files: 13 Legitimates Filtered in 01mn 31s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAppleSyncNotifier [Key] . (…) — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe (.not file.)
    O53 – SMSR:HKLM…startupregVeoh [Key] . (…) — C:Program FilesVeoh NetworksVeohVeohClient.exe (.not file.)
    ~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 15 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “AllowLegacyWebView”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “AllowUnhashedWebView”=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] – 29/10/2012 – 12:09:26 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x86).) — C:WindowsSystem32Driversdgderdrv.sys [20032]
    O58 – SDL:[MD5.23B62471681A124889978F6295B3F4C6] – 21/01/2008 – 03:23:22 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [342584]
    O58 – SDL:[MD5.4CD6B056C5FD9E97C06FE74C81479517] – 24/01/2008 – 14:23:12 —A- . (.ENE TECHNOLOGY INC. – ENE CIR Driver for eHome.) — C:WindowsSystem32Driversenecir.sys [52736]
    O58 – SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] – 02/11/2006 – 10:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
    O58 – SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] – 02/11/2006 – 10:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
    O58 – SDL:[MD5.1FC8A7E5C3AED31F00940C6AB2FD9B49] – 31/07/2006 – 06:44:00 —A- . (.Omnivision Technologies, Inc. – Stream Class Mini Driver.) — C:WindowsSystem32Driversov550i.sys [580992]
    O58 – SDL:[MD5.A36EE93698802CD899F98BFD553D8185] – 27/07/2013 – 08:41:54 —A- . (.Avira GmbH – AVIRA SnapShot Driver.) — C:WindowsSystem32Driversssmdrv.sys [28520]
    O58 – SDL:[MD5.6CC6C4B9D7B906A151AA094CA087B9F0] – 20/09/2012 – 05:35:36 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudbus.sys [83168]
    O58 – SDL:[MD5.359FEE084F1173FFFFD7F9CCBD43D47F] – 20/09/2012 – 05:35:36 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudmdm.sys [181344]
    O58 – SDL:[MD5.E69A606872650B46DE54EC15DCC93529] – 21/07/2009 – 22:33:32 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt.sys [409088]
    O58 – SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] – 21/01/2008 – 03:23:20 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [238648]
    O58 – SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] – 02/11/2006 – 10:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
    O58 – SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] – 21/01/2008 – 03:23:23 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
    O58 – SDL:[MD5.EAFE1E00739AFE6C51487A050E772E17] – 15/02/2012 – 10:01:50 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [43520]
    O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 15 Legitimates Filtered in 00mn 02s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 29/12/2013 – 00:35:34 —A- . (…) — C:UsersMarie-EstelleDocumentsmonAlbumPhotoRomeRome.ldb [64]
    O61 – LFC: 29/12/2013 – 00:35:34 —A- . (…) — C:UsersMarie-EstelleDocumentsmonAlbumPhotoRomeRome.mapalb [688128]
    O61 – LFC: 30/12/2013 – 00:35:00 —A- . (…) — C:UsersMarie-EstelleAppDataRoamingZHPLog.txt [18561] =>.Nicolas Coolman
    O61 – LFC: 30/12/2013 – 00:35:00 —A- . (…) — C:UsersMarie-EstelleAppDataRoamingZHPTestsZHPDiag.txt [3056] =>.Nicolas Coolman
    ~ 3 Fichiers temporaires (Temporary files)
    ~ Files: 314 Legitimates Filtered in 02mn 58s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program FilesSafariSafari.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“CT3242339.http___pricegong_conduitapps_com_v4.APP_WIN_FEATURES.enc”, “cmVzaXphYmxlPTAsc2F2ZWxvY2F0aW9uPTAsb3BlbnBvc2l0a[…] =>Adware.PriceGong
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“CT3242339.lastNewTabSettings”, “{“isEnabled”:false,”newTabUrl”:”http://search.conduit.com/?ctid=CT3242339&octid=CT[…]
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“browser.search.order.1”, “Mysearchdial”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.Fissa.lastRunTime”, “Sat, 28 Aug 2010 18:09:57 GMT”); =>PUP.OfferBox
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.aflt”, “irmsd1202aw”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzutDtDtBtAyE0EtBtAtBtDtDtAyB0EyEyEtN0D0Tzu0CyBtCtBtN1L2XzutBtFtBtFtCyEtFtCt[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.cntry”, “FR”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.cr”, “627028764”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dfltLng”, “”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dfltSrch”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dnsErr”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dpkLst”, “3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.excTlbr”, false); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.hdrMd5”, “0A199B406364F49189CCE1F3B14CB697”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.hmpg”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.hmpgUrl”, “http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0EtBtA[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.id”, “00234E2320037E44”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.instlDay”, “16051”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.instlRef”, “”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.lastB”, “http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0EtBtAtB[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.21.020:58:49”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.newTabUrl”, “http://start.mysearchdial.com/?f=2&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0EtB[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.pnu_base”, “{“newVrsn”:”89″,”lastVrsn”:”89″,”vrsnLoad”:””,”showMsg”:”false”,”s[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.sg”, “none”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.tlbrId”, “base”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “http://start.mysearchdial.com/?f=3&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0E[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.vrsn”, “1.8.21.0”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.vrsni”, “1.8.21.0”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.hmpg”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.newTab”, false); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.smplGrp”, “none”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.21.020:58:49”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“plugin.state.npconduitfirefoxplugin”, 2);
    O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Search the web) – http://search.babylon.com” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    O69 – SBI: SearchScopes [HKCU] {114C8D1F-DE4F-4720-933A-00D3637B24BA} – (Google) – http://www.google.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} – (Fissa) – http://www.fissa.com” onclick=”window.open(this.href);return false; =>PUP.OfferBox
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.EFB2EE170955A1DC38485D66EB480174] [SPRF][29/11/2009] (…) — C:ProgramDataezsid.dat [32]
    [MD5.F3793DD012EDADFE655CF93DD818855B] [SPRF][12/06/2013] (…) — C:UsersMarie-EstelleAppDataLocald3d9caps.dat [7620]
    [MD5.C5650C059185D351AEF801D90A93B0D7] [SPRF][27/04/2011] (…) — C:UsersMarie-EstelleAppDataRoamingwklnhst.dat [1166]
    [MD5.1027DF7F909776789D9D1C2C30410166] [SPRF][28/01/2013] (…) — C:UsersMarie-EstelleDesktopOOo_3.3.0_Win_x86_install-wJRE_fr.exe [152474936]
    [MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][25/12/2008] (…) — C:WindowsDownloaded Program Filesunagiuninst.exe [38428]
    ~ Files: 6 Legitimates Filtered in 00mn 05s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{8D1EEC39-0DB9-4591-97A8-8B8481061181}C:program fileswinampwinamp.exe” |In – Public – P6 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
    O87 – FAEL: “UDP Query User{39F01690-A65D-4079-8BFD-DF83BBCDAC78}C:program fileswinampwinamp.exe” |In – Public – P17 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
    O87 – FAEL: “TCP Query User{A7D07372-ADC0-4D00-8CB8-0A91F8EC5267}C:program fileswinampwinamp.exe” |In – Private – P6 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
    O87 – FAEL: “UDP Query User{26BB64F8-EF4A-43A7-AD52-BAFC1227F783}C:program fileswinampwinamp.exe” |In – Private – P17 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
    ~ Firewall: 208 Legitimates Filtered in 00mn 01s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “5B4758C25396ECF468E04F8E063287FF” . (.OfferBox.) — C:WindowsInstaller{2C8574B5-6935-4FCE-860E-F4E8602378FF}ARPPRODUCTICON.exe =>PUP.OfferBox
    O90 – PUC: “EFE665B6D1CDF17439DD483862361F04” . (.OVT Scanner X86.) — C:WindowsInstaller{6B566EFE-DC1D-471F-93DD-84832663F140}ARPPRODUCTICON.exe
    ~ Update Products: 119 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.899D66C970CC0581A87DD871DAEA812A] [WIS][06/03/2013] (.STARZIK INVEST – Starzik Download Manager.) — C:WindowsInstaller1533872.msi [48128]
    [MD5.AA5F8DEF4C6C587D88EE5A7791B8D1D6] [WIS][06/06/2010] (.Secure Digital Services – OfferBox.) — C:WindowsInstaller4b06e9.msi [3062272] =>Adware.SPointer
    ~ WIS: 122 Legitimates Filtered in 00mn 15s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
    SS – | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 02/03/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046aestsrv.exe
    SS – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Demand 03/04/2008 193840 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
    SS – | Demand 21/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
    SS – | Auto 11/12/2009 133104 | (gupdate1ca7aad806c04f5) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/12/2009 133104 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Auto 31/10/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 25/01/2008 148832 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardSharedhpqwmiex.exe
    SS – | Auto 13/05/2011 26168 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
    SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
    SS – | Demand 07/06/2012 821648 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SS – | Auto 26/02/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – C:Program FilesCommon FilesLightScribeLSSrvc.exe
    SS – | Demand 22/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 14/05/2008 292248 | (QPCapSvc) . (…) – C:Program FilesHPQuickPlayKernelTVQPCapSvc.exe
    SS – | Auto 14/05/2008 116112 | (QPSched) . (…) – C:Program FilesHPQuickPlayKernelTVQPSched.exe
    SS – | Auto 26/03/2008 341328 | (Recovery Service for Windows) . (…) – C:WindowsSMINSTBLService.exe
    SS – | Auto 09/01/2007 272024 | (RichVideo) . (…) – C:Program FilesCyberLinkShared FilesRichVideo.exe
    SS – | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SS – | Auto 21/07/2009 221266 | (STacSV) . (.IDT, Inc..) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046STacSV.exe

    SR – | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
    SR – | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
    SR – | Auto 24/05/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) – C:WindowsSystem32svchost.exe
    SR – | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) – c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
    SR – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 00mn 17s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;

    ~ MBR: 1 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Marie-Estelle at 30/12/2013 00:39:09

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13013 – (26/12/2013)
    Clés trouvées (Keys found) : 81
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 18
    Fichiers trouvés (Files found) : 6

    [HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
    [HKLMSoftwareGoogleChromeExtensionspflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{2C8574B5-6935-4FCE-860E-F4E8602378FF}] =>Adware.SPointer^
    [HKLMSoftwareClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
    [HKLMSoftwareClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
    [HKLMSoftwareClassesCLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
    [HKLMSoftwareMicrosoftActive SetupInstalled Components{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{2C8574B5-6935-4FCE-860E-F4E8602378FF}] =>PUP.OfferBox
    [HKLMSoftwareClassesTypeLib{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
    [HKLMSoftwareClassesInterface{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
    [HKLMSoftwareClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKLMSoftwareClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{723328FF-22D0-497f-9EB5-1AC919582DE1}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{761f6a83-f007-49e4-8eac-cdb6808ef06f}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{76c45b18-a29e-43ea-aaf8-af55c2e1ae17}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}] =>PUP.Fbsearch
    [HKLMSoftwareClassesCLSID{96ef404c-24c7-43d0-9096-4ccc8bb7ccac}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{97720195-206a-42ae-8e65-260b9ba5589f}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{97d69524-bb57-4185-9c7f-5f05593b771a}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{986f7a5a-9676-47e1-8642-f41f8c3fcf82}] =>PUP.Eorezo
    [HKLMSoftwareClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesTypeLib{9dbb28c1-1925-11d3-a498-00104b6eb52e}] =>Adware.MetaStream
    [HKLMSoftwareClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
    [HKLMSoftwareClassesCLSID{b18788a4-92bd-440e-a4d1-380c36531119}] =>PUP.Eorezo
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{b41306c6-96d0-442a-bcc4-b0f621e82ce9}] =>PUP.OfferBox
    [HKLMSoftwareClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesCLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}] =>Toolbar.Conduit
    [HKCU{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}] =>Adware.DoubleD
    [HKLMSoftwareClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F0626A63-410B-45E2-99A1-3F2475B2D695}] =>PUP.Fbsearch
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F0626A63-410B-45E2-99A1-3F2475B2D695}] =>PUP.Fbsearch
    [HKLMSoftwareClassesAppIDScriptHelper.EXE] =>Toolbar.AVGSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheViewpointMediaPlayer] =>Adware.MetaStream
    [HKLMSoftwareClassesaxmetastream.metastreamctl] =>Adware.MetaStream
    [HKLMSoftwareClassesaxmetastream.metastreamctl.1] =>Adware.MetaStream
    [HKLMSoftwareClassesAxMetaStream.MetaStreamCtlSecondary] =>Adware.MetaStream
    [HKLMSoftwareClassesAxMetaStream.MetaStreamCtlSecondary.1] =>Adware.MetaStream
    [HKLMSoftwareClassesURLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
    [HKLMSoftwareClassesurlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
    [HKLMSoftwareClassesInstallerFeatures5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
    [HKLMSoftwareClassesInstallerProducts5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
    [HKCUSoftwareFissaSearch] =>PUP.OfferBox
    [HKLMSoftwareMetaStream] =>Adware.MetaStream
    [HKCUSoftwareOfferBox] =>PUP.OfferBox
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwareSpointer] =>Adware.SPointer
    [HKLMSoftwareViewpoint] =>Adware.MetaStream
    [HKCUSoftwareWideStream] =>Adware.SPointer
    [HKLMSoftwareClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallViewpointMediaPlayer] =>Adware.MetaStream
    [HKLMSoftwareMozillaPlugins@viewpoint.com/VMP] =>Adware.MetaStream
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKLMSoftwareClassesAppIDsecman.DLL] =>PUP.Babylon
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components48A0552292E14244E8F3980FD3D01541] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components503398D5204CBDD48A5EE476D0CFCFEC] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5BDF578D2C71DDC4997692F83B0A5C75] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components67909B00FA069BE4E80548738FE558FB] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components698B1BCDAEA97B945AE4001A96F1E755] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7E6611210321F8640B41F98B10A8BD0A] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components88ADFBDCA3E069A47B07ECC2CED1E2B2] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9ED6CAB2F119182EB7D8CE7156DC0915] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA3D6A80A87E22324A91C14AEBDF78525] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB2F30BE10C5A9DD43A593262265CA298] =>PUP.OfferBox
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
    [HKLMSoftwareClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
    [HKLMSoftwareClassesprotector_dll.protectorbho] =>PUP.BProtector
    [HKLMSoftwareClassesprotector_dll.protectorbho.1] =>PUP.BProtector
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1322A677E76161CFC67C36E4B6D42B49] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components281E074C2C4344E4A8BB2BAE65BE729B] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components51C83A2C2B5C63748ACD3028A6DD53A5] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8385B8BE0F211B245956C67BB4BAC17E] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9CC2018422A9EAF40A57249F42102B13] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAA606EFD77B9CB34BB2DA2F45B67425E] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB767C33B25DCECA4FAD0D3B7D84B0A8E] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA177F87B6B147649BD37D43B50863E5] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCEF27165872C9BEAACED23660032D2F2] =>PUP.Offerbox^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFAEE3E72CC44004C998EBEE081CA40A] =>PUP.Offerbox^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:OfferBox =>PUP.OfferBox^
    [HKCUSoftwareMozillaFirefoxExtensions]:offerboxffx@offerbox.com =>PUP.OfferBox
    C:UsersMarie-EstelleAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
    C:UsersMarie-EstelleAppDataLocalGoogleChromeUser DataDefaultExtensionspflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
    C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultextensions@FissaPlugin =>PUP.OfferBox^
    C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultextensions{19803860-b306-423c-bbb5-f60a7d82cde5} =>Toolbar.Conduit^
    C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultextensions{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} =>Adware.MyWebSearch^
    C:Program FilesCrazyLoader =>Adware.SPointer^
    C:Program FilesMyPC Backup =>PUP.MyPCBackup^
    C:Program FilesWidestream6 =>Adware.SPointer^
    C:UsersMarie-EstelleAppDataRoamingFissaSearch =>PUP.OfferBox^
    C:UsersMarie-EstelleAppDataRoamingOfferBox =>PUP.OfferBox^
    C:UsersMarie-EstelleAppDataRoamingOpenCandy =>Adware.OpenCandy^
    C:UsersMarie-EstelleAppDataRoamingwidestream =>Adware.SPointer^
    C:UsersMarie-EstelleAppDataLocalwidestream6 Air =>Adware.SPointer^
    C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsCrazyLoader =>Adware.SPointer^
    C:Program FilesViewpoint =>Adware.MetaStream
    C:ProgramDataViewpoint =>Adware.MetaStream
    C:ProgramDataMicrosoftWindowsStart MenuProgramsOfferBox =>PUP.OfferBox
    C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultSmartbar =>Hijacker.SmartBar
    C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultSearchPluginsfissa.xml =>PUP.OfferBox
    [HKCUSoftwareBabylon] =>PUP.Babylon^
    [HKCUSoftwareConduit] =>Toolbar.Conduit^
    [HKCUSoftwareVittalia] =>PUP.Vittalia^
    [HKCUSoftwaremysearchdial.com] =>Adware.MyWebSearch^
    C:WindowsInstaller4b06e9.msi =>Adware.SPointer^
    ~ Additionnel Scan: 431394 Items scanned in 00mn 36s

    Telma
    Nombre d'articles : 0

    [font=Century Gothic:sycne83c]ET FIN !!!! :

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/27046242-adware-metastream” onclick=”window.open(this.href);return false; =>Adware.MetaStream
    ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore” onclick=”window.open(this.href);return false; =>Adware.InstallCore
    ~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia” onclick=”window.open(this.href);return false; =>PUP.Vittalia
    ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
    ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy” onclick=”window.open(this.href);return false; =>Adware.OpenCandy
    ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong” onclick=”window.open(this.href);return false; =>Adware.PriceGong
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz” onclick=”window.open(this.href);return false; =>Adware.SocialSkinz
    ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke” onclick=”window.open(this.href);return false; =>PUP.WhiteSmoke
    ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo” onclick=”window.open(this.href);return false; =>PUP.EoRezo
    ~ http://nicolascoolman.webs.com/apps/blog/show/27629963-pup-fbsearch” onclick=”window.open(this.href);return false; =>PUP.Fbsearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits” onclick=”window.open(this.href);return false; =>PUP.ToparcadeHits
    ~ http://nicolascoolman.webs.com/apps/blog/show/26668292-adware-doubled” onclick=”window.open(this.href);return false; =>Adware.DoubleD
    ~ http://nicolascoolman.webs.com/apps/blog/show/29344956-adware-similarsites” onclick=”window.open(this.href);return false; =>Adware.SimilarSites
    ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox” onclick=”window.open(this.href);return false; =>Adware.BrowseFox
    ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector” onclick=”window.open(this.href);return false; =>PUP.BProtector
    ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
    ~ MSI: 22 link(s) detected in 00mn 37s

    ~ 1613 Legitimates filtered by white list
    End of the scan (726 lines in 09mn 12s)(0)

    J'dois faire quoi now ?

    :merci2:[/font:sycne83c][/font][/font]

    lilidurhone
    Nombre d'articles : 0

    :)

    • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisi l’option Scanner
      2. Clique sur Rapport
    • Copie et Colle le contenu du rapport

15 sujets de 1 à 15 (sur un total de 35)
  • Vous devez être connecté pour répondre à ce sujet.