raccourcis lnk 2013-10-20T15:59:50+00:00

Dépannage Informatique : raccourcis lnk

  • Auteur
    Messages
  • ines
    Participant
    Nombre d'articles : 11

    bonsoir à tous
    avant de formater j’ai voulu sauver des fichiers dans le disque externe, ils sont devenus des raccourcis .lnk et ne s’ouvrent plus
    j’ai tenté de suivre votre procédure en passant ad-aware, malawarebytes, zhpdiag et usbfix
    je ne suis pas douée et quand j’essaie de vous joindre les rapports mon message est effacé
    merci d’avance pour votre indulgence

  • ines
    Participant
    Nombre d'articles : 11

    j’essaie encore [attachment=]# AdwCleaner v3.009 – Rapport créé le 20/10/2013 à 16:43:28
    # Mis à jour le 19/10/2013 par Xplode
    # Système d’exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d’utilisateur : serge – MAURICETTE
    # Exécuté depuis : C:Documents and SettingssergeLocal SettingsTemporary Internet FilesContent.IE56AWL1BYWadwcleaner[1].exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Documents and SettingsAll UsersApplication DataConduit
    Dossier Supprimé : C:Program FilesConduit
    Dossier Supprimé : C:Program FilesDuuqu
    Dossier Supprimé : C:Program FilesJmalaya_LiveTV
    Dossier Supprimé : C:Documents and SettingssergeLocal SettingsApplication DataConduit
    Dossier Supprimé : C:Documents and SettingssergeLocal SettingsApplication DataDuuqu
    Dossier Supprimé : C:Documents and SettingssergeLocal SettingsApplication Dataiac
    Dossier Supprimé : C:Documents and SettingssergeLocal SettingsApplication DataJmalaya_LiveTV
    Dossier Supprimé : C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultSmartbar
    Dossier Supprimé : C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultCT3311843
    Dossier Supprimé : C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultExtensions{4844c390-489d-4ad1-9355-e9a9a9162336}
    Fichier Supprimé : C:END
    Fichier Supprimé : C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsearchpluginsConduit.xml
    Fichier Supprimé : C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultuser.js

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKCUToolbar
    Clé Supprimée : HKLMSOFTWAREClassesToolbar.CT3311843
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{4844C390-489D-4AD1-9355-E9A9A9162336}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{F4004B74-FBF5-4533-9960-867E7055D44A}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4844C390-489D-4AD1-9355-E9A9A9162336}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{4844C390-489D-4AD1-9355-E9A9A9162336}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F4004B74-FBF5-4533-9960-867E7055D44A}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{4844C390-489D-4AD1-9355-E9A9A9162336}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{F4004B74-FBF5-4533-9960-867E7055D44A}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{F4004B74-FBF5-4533-9960-867E7055D44A}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{EC6BD22A-5E2C-4C24-9056-212D35741053}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{5C8B59CC-8876-4A4B-AD6D-B347E017D4D4}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{4844C390-489D-4AD1-9355-E9A9A9162336}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{4844C390-489D-4AD1-9355-E9A9A9162336}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{4844C390-489D-4AD1-9355-E9A9A9162336}]
    Clé Supprimée : HKCUSoftwareAPN PIP
    Clé Supprimée : HKCUSoftwareConduit
    Clé Supprimée : HKCUSoftwareDuuqu
    Clé Supprimée : HKCUSoftwaresmartbar
    Clé Supprimée : HKCUSoftwareSoftonic
    Clé Supprimée : HKCUSoftwareJmalaya_LiveTV
    Clé Supprimée : HKLMSoftwareConduit
    Clé Supprimée : HKLMSoftwareDuuqu
    Clé Supprimée : HKLMSoftwarePIP
    Clé Supprimée : HKLMSoftwareJmalaya_LiveTV

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v8.0.6001.18702

    -\ Mozilla Firefox v24.0 (fr)

    [ Fichier : C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js ]

    Ligne Supprimée : user_pref(“CT3311843.1000082.isPlayDisplay”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.1000082.state”, “{“state”:”stopped”,”text”:”Californi…”,”description”:”California Rock – Rock”,”url”:”hxxp://www.feedlive.net/california.asx”}”);
    Ligne Supprimée : user_pref(“CT3311843.ENABALE_HISTORY”, “{“dataType”:”string”,”data”:”true”}”);
    Ligne Supprimée : user_pref(“CT3311843.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE”, “{“dataType”:”string”,”data”:”true”}”);
    Ligne Supprimée : user_pref(“CT3311843.FF19Solved”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.FirstTime”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.FirstTimeFF3”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.PG_ENABLE”, “dHJ1ZQ==”);
    Ligne Supprimée : user_pref(“CT3311843.SF_JUST_INSTALLED.enc”, “RkFMU0U=”);
    Ligne Supprimée : user_pref(“CT3311843.SF_STATUS.enc”, “RU5BQkxFRA==”);
    Ligne Supprimée : user_pref(“CT3311843.SF_USER_ID.enc”, “Y2lkXzIwMTAyMDEzMTExMTEzOTY4NDc3Nw==”);
    Ligne Supprimée : user_pref(“CT3311843.SearchFromAddressBarUrl”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=”);
    Ligne Supprimée : user_pref(“CT3311843.UserID”, “UN17630544022217195”);
    Ligne Supprimée : user_pref(“CT3311843.addressBarTakeOverEnabledInHidden”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.browser.search.defaultthis.engineName”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.cbfirsttime.enc”, “U3VuIE9jdCAyMCAyMDEzIDExOjExOjE1IEdNVCswMjAw”);
    Ligne Supprimée : user_pref(“CT3311843.countryCode”, “FR”);
    Ligne Supprimée : user_pref(“CT3311843.defaultSearch”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.embeddedsData”, “[{“appId”:”130209594879407366″,”apiPermissions”:{“crossDomainAjax”:true,”getMainFrameTitle”:true,”getMainFrameUrl”:true,”getSearchTerm”:true,”insta[…]
    Ligne Supprimée : user_pref(“CT3311843.enableAlerts”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.enableSearchFromAddressBar”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.firstTimeDialogOpened”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.fixPageNotFoundError”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.fixPageNotFoundErrorByUser”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.fixPageNotFoundErrorInHidden”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.fullUserID”, “UN17630544022217195.IN.20131018170912”);
    Ligne Supprimée : user_pref(“CT3311843.installDate”, “18/10/2013 17:09:14”);
    Ligne Supprimée : user_pref(“CT3311843.installId”, “cidim27”);
    Ligne Supprimée : user_pref(“CT3311843.installSessionId”, “{9D0C6BE7-DE52-4BF3-8055-E0BE4FB99F5F}”);
    Ligne Supprimée : user_pref(“CT3311843.installSp”, “TRUE”);
    Ligne Supprimée : user_pref(“CT3311843.installType”, “conduitnsisintegration”);
    Ligne Supprimée : user_pref(“CT3311843.installUsage”, “2013-10-20T12:10:58.1380744+03:00”);
    Ligne Supprimée : user_pref(“CT3311843.installUsageEarly”, “2013-10-20T12:10:58.2671342+03:00”);
    Ligne Supprimée : user_pref(“CT3311843.installerVersion”, “1.7.1.7”);
    Ligne Supprimée : user_pref(“CT3311843.isCheckedStartAsHidden”, true);
    Ligne Supprimée : user_pref(“CT3311843.isEnableAllDialogs”, “{“dataType”:”string”,”data”:”true”}”);
    Ligne Supprimée : user_pref(“CT3311843.isFirstTimeToolbarLoading”, “false”);
    Ligne Supprimée : user_pref(“CT3311843.isToolbarShrinked”, “{“dataType”:”string”,”data”:”false”}”);
    Ligne Supprimée : user_pref(“CT3311843.keyword”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.lastNewTabSettings”, “{“isEnabled”:true,”newTabUrl”:”hxxp://search.conduit.com/?ctid=CT3311843&octid=CT3311843&SearchSource=15&CUI=UN17630544022217195&SSPV=&Lay=1&UM=2″}”);
    Ligne Supprimée : user_pref(“CT3311843.lastVersion”, “10.20.3.20”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appStateReportTime.enc”, “MTM4MjI2MDI2MDkxOA==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appState_CouponBuddy.enc”, “b24=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appState_Easytobook.enc”, “b24=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appState_Easytobook_targeted.enc”, “b24=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appState_Easytobookcars.enc”, “b24=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appState_PriceGong.enc”, “b24=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appState_WindowShopper.enc”, “b24=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appState_eToro.enc”, “b24=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appsData.enc”, “eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[…]
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_appsDefaultEnabled.enc”, “bnVsbA==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_calledSetupService.enc”, “MQ==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_configuration.enc”, “eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6ImVUb3JvIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiMWU5NjMwZjEtZWFiMS00ZTdiLWEwODctZDRhZTY1Zjg0MDNhIiwiZG9tYWlucyI6WyIiLCI[…]
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_currentVersion.enc”, “MS4xMC40LjA=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_existingUsersRecoveryDone.enc”, “MQ==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_first_time.enc”, “MQ==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_installer_preapproved.enc”, “ZmFsc2U=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_lastLoginTime.enc”, “MTM4MjI2MDI1NzM0OA==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_localization.enc”, “eyJkbWJveDEiOnsiVGV4dCI6IlByb21vXG5kdSBqb3VyIn0sImRtYm94MiI6eyJUZXh0IjoiTGl2cmFpc29uXG5ncmF0dWl0ZSJ9LCJkbWJ1bGxldDEiOnsiVGV4dCI6IkVjb25vbWlzZXogZGUgbOKA[…]
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_mamEnabled.enc”, “dHJ1ZQ==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_new_welcome_experience.enc”, “MQ==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_pgUnloadedOnce.enc”, “dHJ1ZQ==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_settings1.10.4.0.enc”, “eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiRlIiLCJpc1dlbGNvbWVFeHBl[…]
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_showWelcomeGadget.enc”, “ZmFsc2U=”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_userId.enc”, “ZThmZTJlYjktODc5Mi00NmU1LWIyZjMtNGNiYjVkOWU2ZGFl”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_user_approval_interacted.enc”, “MQ==”);
    Ligne Supprimée : user_pref(“CT3311843.mam_gk_welcomeDialogMode.enc”, “MQ==”);
    Ligne Supprimée : user_pref(“CT3311843.navigationAliasesJson”, “{“EB_MAIN_FRAME_URL”:”hxxp%3A%2F%2Faccount.panzar.com%2Ffr%2Flanding%2F07%2F%3Fpe002%3Dadc%26play%3D1%26cid%3D13999253721382261122%26subId%3D96977%26co[…]
    Ligne Supprimée : user_pref(“CT3311843.openThankYouPage”, “false”);
    Ligne Supprimée : user_pref(“CT3311843.openUninstallPage”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.originalHomepage”, “hxxp://www.google”);
    Ligne Supprimée : user_pref(“CT3311843.originalSearchAddressUrl”, “”);
    Ligne Supprimée : user_pref(“CT3311843.originalSearchEngine”, “”);
    Ligne Supprimée : user_pref(“CT3311843.originalSearchEngineName”, “”);
    Ligne Supprimée : user_pref(“CT3311843.price-gong.isManagedApp”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.revertSettingsEnabled”, “false”);
    Ligne Supprimée : user_pref(“CT3311843.search.searchAppId”, “130209594879407366”);
    Ligne Supprimée : user_pref(“CT3311843.search.searchCount”, “2”);
    Ligne Supprimée : user_pref(“CT3311843.searchFromAddressBarEnabledByUser”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.searchInNewTabEnabledByUser”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.searchInNewTabEnabledInHidden”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.searchRevert”, “false”);
    Ligne Supprimée : user_pref(“CT3311843.searchSuggestEnabledByUser”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.searchUserMode”, “2”);
    Ligne Supprimée : user_pref(“CT3311843.selectToSearchBoxEnabled”, “{“dataType”:”string”,”data”:”true”}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_service_login_isFirstLoginInvoked”, “{“dataType”:”boolean”,”data”:”true”}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_service_login_loginCount”, “{“dataType”:”number”,”data”:”3″}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_service_toolbarGrouping_activeCTID”, “{“dataType”:”string”,”data”:”CT3311843″}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_service_toolbarGrouping_activeDownloadUrl”, “{“dataType”:”string”,”data”:”hxxp://JmalayaLiveTVToolbar.OurToolbar.com//xpi”}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_service_toolbarGrouping_activeToolbarName”, “{“dataType”:”string”,”data”:”Jmalaya LiveTV “}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_service_toolbarGrouping_invoked”, “{“dataType”:”string”,”data”:”true”}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_service_usage_toolbarUsageCount”, “{“dataType”:”number”,”data”:”2″}”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_Configuration_lastUpdate”, “1382260251814”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_appTrackingFirstTime_lastUpdate”, “1382260252875”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_appsMetadata_lastUpdate”, “1382260252870”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_gottenAppsContextMenu_lastUpdate”, “1382260252704”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate”, “1382260255719”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate”, “1382260255733”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_login_10.20.3.20_lastUpdate”, “1382260252960”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_otherAppsContextMenu_lastUpdate”, “1382260252807”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_searchAPI_lastUpdate”, “1382260251962”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_serviceMap_lastUpdate”, “1382260251520”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_toolbarContextMenu_lastUpdate”, “1382260252670”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_toolbarSettings_lastUpdate”, “1382260252007”);
    Ligne Supprimée : user_pref(“CT3311843.serviceLayer_services_translation_lastUpdate”, “1382260252852”);
    Ligne Supprimée : user_pref(“CT3311843.settingsINI”, true);
    Ligne Supprimée : user_pref(“CT3311843.shouldFirstTimeDialog”, “false”);
    Ligne Supprimée : user_pref(“CT3311843.showToolbarPermission”, “false”);
    Ligne Supprimée : user_pref(“CT3311843.smartbar.CTID”, “CT3311843”);
    Ligne Supprimée : user_pref(“CT3311843.smartbar.Uninstall”, “0”);
    Ligne Supprimée : user_pref(“CT3311843.smartbar.homepage”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.smartbar.toolbarName”, “Jmalaya LiveTV “);
    Ligne Supprimée : user_pref(“CT3311843.startPage”, “true”);
    Ligne Supprimée : user_pref(“CT3311843.toolbarBornServerTime”, “20-10-2013”);
    Ligne Supprimée : user_pref(“CT3311843.toolbarCurrentServerTime”, “20-10-2013”);
    Ligne Supprimée : user_pref(“CT3311843.toolbarLoginClientTime”, “Sun Oct 20 2013 11:10:52 GMT+0200”);
    Ligne Supprimée : user_pref(“CT3311843.url_history0001.enc”, “aHR0cDovL3N0cmVhbXp6ei5jb20vY2F0ZWdvcnkvYXJyb3c6OjpjbGlja2hhbmRsZXI6OjoxMzgyMjYwMzE0OTM1LCwsaHR0cDovL2dldC5hZG9iZS5jb20vZnIvZmxhc2hwbGF5ZXIvZG93bmxvYWQvP2lu[…]
    Ligne Supprimée : user_pref(“CT3311843.versionFromInstaller”, “10.20.3.20”);
    Ligne Supprimée : user_pref(“CT3311843.xpeMode”, “0”);
    Ligne Supprimée : user_pref(“CT3311843_Firefox.csv”, “[{“from”:”Abs Layer”,”action”:”loading toolbar”,”time”:1382261116383,”isWithState”:””,”timeFromStart”:0,”timeFromPrev”:0}]”);
    Ligne Supprimée : user_pref(“Smartbar.ConduitHomepagesList”, “hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13”);
    Ligne Supprimée : user_pref(“Smartbar.ConduitSearchEngineList”, “Jmalaya LiveTV Customized Web Search”);
    Ligne Supprimée : user_pref(“Smartbar.ConduitSearchUrlList”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=”);
    Ligne Supprimée : user_pref(“Smartbar.SearchFromAddressBarSavedUrl”, “”);
    Ligne Supprimée : user_pref(“Smartbar.keywordURLSelectedCTID”, “CT3311843”);
    Ligne Supprimée : user_pref(“browser.search.defaultenginename”, “Jmalaya LiveTV Customized Web Search”);
    Ligne Supprimée : user_pref(“browser.search.defaultthis.engineName”, “Jmalaya LiveTV Customized Web Search”);
    Ligne Supprimée : user_pref(“browser.search.defaulturl”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=3&q={searchTerms}”);
    Ligne Supprimée : user_pref(“browser.search.selectedEngine”, “Jmalaya LiveTV Customized Web Search”);
    Ligne Supprimée : user_pref(“browser.startup.homepage”, “hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13”);
    Ligne Supprimée : user_pref(“keyword.URL”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=”);
    Ligne Supprimée : user_pref(“smartbar.addressBarOwnerCTID”, “CT3311843”);
    Ligne Supprimée : user_pref(“smartbar.conduitHomepageList”, “hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311843&octid=CT3311843&SearchSource[…]
    Ligne Supprimée : user_pref(“smartbar.conduitSearchAddressUrlList”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311843&SearchSource=2&CUI=UN17630544022217195&UM=2&q=”);
    Ligne Supprimée : user_pref(“smartbar.defaultSearchOwnerCTID”, “CT3311843”);
    Ligne Supprimée : user_pref(“smartbar.homePageOwnerCTID”, “CT3311843”);
    Ligne Supprimée : user_pref(“smartbar.machineId”, “EIG9P58VQNMUZMXUIZ9NT3UTUMFEJZ/HPEZ7AGMQEEJPVJIZCXLX8RWJDBU3TIED5A6URPTLH2TD+/M7G32EKW”);
    Ligne Supprimée : user_pref(“smartbar.originalHomepage”, “hxxp://search.conduit.com/?ctid=CT3311843&CUI=UN17630544022217195&UM=2&SearchSource=13”);

    *************************

    AdwCleaner[R0].txt – [5634 octets] – [17/10/2013 09:43:51]
    AdwCleaner[R1].txt – [18358 octets] – [20/10/2013 16:42:35]
    AdwCleaner[S0].txt – [5397 octets] – [17/10/2013 09:45:07]
    AdwCleaner[S1].txt – [18615 octets] – [20/10/2013 16:43:28]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [18676 octets] ##########
    [/attachment]

  • ines
    Participant
    Nombre d'articles : 11

    second rapport
    [attachment=]Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.10.19.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    serge :: MAURICETTE [administrateur]

    Protection: Activé

    20/10/2013 17:28:12
    mbam-log-2013-10-20 (17-28-12).txt

    Type d’examen: Examen complet (O:|)
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 207004
    Temps écoulé: 2 minute(s), 17 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    (fin)
    [/attachment]

  • ines
    Participant
    Nombre d'articles : 11

    troisième
    [attachment=]~ Rapport de ZHPDiag v2013.10.20.55 – Nicolas Coolman (20/10/2013)
    ~ Lancé par serge (20/10/2013 16:48:21)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
    MFIE: Mozilla Firefox 24.0

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows XP Home Edition Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : KO

    —\ Logiciels de protection du système
    Avira Free Antivirus v13.0.0.4042
    Malwarebytes Anti-Malware version 1.75.0.1300

    —\ Logiciels d’optimisation du système
    CCleaner v4.06 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer
    eMule

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 ActiveX

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3327 MB (75% free)
    System Restore: Activé (Enable)
    System drive C: has 38 GB (76%) free of 49 GB

    —\ Mode de connexion au système
    ~ Computer Name: MAURICETTE
    ~ User Name: serge
    ~ All Users Names: SUPPORT_388945a0, serge, HelpAssistant, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and SettingssergeApplication DataZHP
    ~ %AppData% : C:Documents and SettingssergeApplication Data
    ~ %Desktop% : C:Documents and SettingssergeBureau
    ~ %Favorites% : C:Documents and SettingssergeFavoris
    ~ %LocalAppData% : C:Documents and SettingssergeLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingssergeMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 38 Go of 49 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 183 Go of 184 Go)
    E: Hard drive, Flash drive, Thumb drive (Free 77 Go of 176 Go)
    F: Hard drive, Flash drive, Thumb drive (Free 290 Go of 290 Go)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)
    H: Floppy drive, Flash card reader, USB Key (Not Inserted)
    I: Floppy drive, Flash card reader, USB Key (Not Inserted)
    J: CD-ROM drive (Not Inserted)
    K: Floppy drive, Flash card reader, USB Key (Not Inserted)
    O: Hard drive, Flash drive, Thumb drive (Free 367 Go of 466 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 42 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.13/04/2008 – 18:34:04.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.F8DD21FC65131E064FBF11F01E4F4BFD] – (.Microsoft Corporation – Internet Extensions for Win32.) (.23/09/2013 – 19:23:33.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.13/04/2008 – 18:34:30.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 11:14:22.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 10:40:48.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.13/04/2008 – 17:57:40.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 08:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 10:41:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 10:57:16.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 11:19:44.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 11:21:02.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 11:15:54.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/04/2008 – 18:09:42.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 11:19:44.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.13/04/2008 – 17:56:06.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/2
    ~ Mes musiques (My Musics) : 1/2
    ~ Mes Videos (My Videos) : 0/0
    ~ Mes Favoris (My Favorites) : 1/6
    ~ Mes Documents (My Documents) : 1/12
    ~ Mon Bureau (My Desktop) : 0/1113
    ~ Menu demarrer (Programs) : 1/25
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.A29F2E883730A91965CE8BB6981D5B37] – (.ATI Technologies Inc. – ATI External Event Utility EXE Module.) — C:WINDOWSsystem32Ati2evxx.exe [581632] [PID.1024]
    [MD5.8769E2D1072B62AB071F166F03B3E3DC] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program FilesAviraAntiVir Desktopsched.exe [84024] [PID.1660]
    [MD5.E681281D9BFC9D45D3B72532717E5880] – (.Advanced Micro Devices Inc. – Catalyst Control Center: Monitoring program.) — C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe [49152] [PID.136]
    [MD5.D658AB1B55127D18DCFBCAC8CAAEA522] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe [49208] [PID.148]
    [MD5.013A269E7AF8B01FF20B384FEEBFFDA5] – (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe [16862720] [PID.156]
    [MD5.35B236D0A5973CC913990B7E86FF266B] – (…) — C:Program FilesASUSSix EngineSixEngine.exe [5964800] [PID.164]
    [MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe [347192] [PID.172]
    [MD5.25CA1677AAA3CDC99CD4FCF940886F3C] – (.ATI Technologies Inc. – Catalyst Control Centre: Host application.) — C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe [49152] [PID.808]
    [MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [108088] [PID.1184]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.1280]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.1816]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2440]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.2696]
    [MD5.F30BF9FC4275156F2AE96FCDF1ED5EE4] – (.Avira Operations GmbH & Co. KG – Avira Shadow Copy Service.) — C:Program FilesAviraAntiVir Desktopavshadow.exe [76856] [PID.3288]
    [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [638816] [PID.2080]
    [MD5.DD425C93255671A5FE81A95E686C03D7] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8111104] [PID.1680]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js
    ~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [AllUsers]: MSN.lnk . (.Microsoft Corporation – Win32 Cabinet Self-Extractor.) — C:Program FilesMSNMSNCoreFilesInstallmsnsusii.exe =>.Microsoft Corporation
    O4 – GSProgram [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    O4 – GSProgram [serge]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSProgram [serge]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
    O4 – GSProgram [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
    ~ Global Startup: 11 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – HKLM..Run: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Alcmtr] . (.Realtek Semiconductor Corp. – Realtek Azalia Audio – Event Monitor.) — C:WINDOWSALCMTR.exe
    O4 – HKLM..Run: [Six Engine] . (…) — C:Program FilesASUSSix EngineSixEngine.exe
    O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe
    O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-1060284298-515967899-839522115-1004..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. – ATI External Event Utility DLL Module.) — C:WINDOWSsystem32Ati2evxx.dll
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: (MBAMService) . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    ~ Services: 6 Legitimates Filtered in 00mn 04s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksAllyrics-16-codedownloader.job [1236] =>Adware.AddLyrics
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksAllyrics-16-enabler.job [1136] =>Adware.AddLyrics
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksAllyrics-16-updater.job [1330] =>Adware.AddLyrics
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt1.job [460]
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt2.job [460]
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt3.job [460]
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt4.job [460]
    ~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Bubble Shooter v1.0 – (.Nowstat.com.) [HKLM] — {6BB5561C-207B-4D74-9038-FF6FA338F998}_is1
    ~ Logic: 59 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareWEDLMNGR] =>PUP.weDownloadManager
    ~ Key Software: 121 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 18/10/2013 – 07:40:28 – [0,934] —-D C:Program FilesBSHOOTER.com
    O43 – CFD: 18/10/2013 – 11:08:07 – [1,102] —-D C:Program FilesNowstat.com
    O43 – CFD: 16/10/2013 – 21:24:48 – [0] —-D C:Documents and SettingsAll UsersApplication DataAPN
    O43 – CFD: 18/10/2013 – 07:40:29 – [0,001] —-D C:Documents and SettingssergeApplication DataBSHOOTER.com
    ~ Program Folder: 86 Legitimates Filtered in 00mn 04s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] – 16/10/2013 – 13:41:27 —A- . (…) — C:WINDOWSsystem32wmimgmt.msc [63488]
    O44 – LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] – 16/10/2013 – 13:41:31 —A- . (…) — C:WINDOWSsystem32msdtcprf.h [768]
    O44 – LFC:[MD5.FDA18F513403E67CAE9BF0D2DD948B28] – 16/10/2013 – 13:41:31 —A- . (…) — C:WINDOWSsystem32msdtcprf.ini [3914]
    O44 – LFC:[MD5.4A547D74B435E78418BE06406250C1D3] – 16/10/2013 – 13:41:32 —A- . (…) — C:WINDOWSsystem32tslabels.h [3286]
    O44 – LFC:[MD5.F9A14C7B36E10052A1B0F071BC3C1C65] – 16/10/2013 – 13:41:32 —A- . (…) — C:WINDOWSsystem32tslabels.ini [27768]
    O44 – LFC:[MD5.9F27B27C8405FEAF7DFC4DA3751DEF22] – 16/10/2013 – 13:41:32 —A- . (…) — C:WINDOWSsystem32usrlogon.cmd [1263]
    O44 – LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] – 16/10/2013 – 13:41:33 —A- . (…) — C:WINDOWSsystem32bopomofo.uce [22984]
    O44 – LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSBulles de savon.bmp [65978]
    O44 – LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSRosace bleue 16.bmp [1272]
    O44 – LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSTasse à café.bmp [17062]
    O44 – LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32gb2312.uce [24006]
    O44 – LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32ideograf.uce [60458]
    O44 – LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32kanji_1.uce [6948]
    O44 – LFC:[MD5.529BBD63519BBD654EF328454019693F] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32kanji_2.uce [8484]
    O44 – LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32korean.uce [12876]
    O44 – LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32shiftjis.uce [16740]
    O44 – LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32subrange.uce [93702]
    O44 – LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSGranit vert.bmp [26582]
    O44 – LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSJour de pêche.bmp [17336]
    O44 – LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSMur de Santa Fe.bmp [65832]
    O44 – LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSPlume.bmp [16730]
    O44 – LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSRhododendron.bmp [17362]
    O44 – LFC:[MD5.5B4AC407E566076BB726BA91E067D313] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSRivière Sumida.bmp [26680]
    O44 – LFC:[MD5.280920B6773C74C3649A934257112BE1] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSVent de prairie.bmp [65954]
    O44 – LFC:[MD5.5290EA6951F4724259F423B12C8E1393] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSZapotec.bmp [9522]
    O44 – LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] – 16/10/2013 – 13:42:15 —A- . (…) — C:WINDOWSvb.ini [36]
    O44 – LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] – 16/10/2013 – 13:42:15 —A- . (…) — C:WINDOWSvbaddin.ini [37]
    O44 – LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] – 16/10/2013 – 13:43:21 —A- . (…) — C:WINDOWSdesktop.ini [2]
    O44 – LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] – 16/10/2013 – 13:43:21 —A- . (…) — C:WINDOWSsystem32desktop.ini [2]
    O44 – LFC:[MD5.CE45BE933AA8CF23B3469FE761C27A32] – 16/10/2013 – 13:43:21 -SH– . (…) — C:WINDOWSwinnt.bmp [49102]
    O44 – LFC:[MD5.CE45BE933AA8CF23B3469FE761C27A32] – 16/10/2013 – 13:43:21 -SH– . (…) — C:WINDOWSwinnt256.bmp [49102]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


    . (…) — C:AUTOEXEC.BAT [0]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


    . (…) — C:CONFIG.SYS [0]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


    . (…) — C:IO.SYS [0]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


    . (…) — C:MSDOS.SYS [0]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36 —A- . (…) — C:WINDOWScontrol.ini [0]
    O44 – LFC:[MD5.AD05ECA6822949899B39996C9C0DF593] – 16/10/2013 – 14:03:21 R–A- . (…) — C:WINDOWSsystem32atiicdxx.dat [176216]
    O44 – LFC:[MD5.31B434EDEC919137787CABF10E76266B] – 16/10/2013 – 14:03:21 R–A- . (…) — C:WINDOWSsystem32ativvaxx.dat [3107788]
    O44 – LFC:[MD5.31B434EDEC919137787CABF10E76266B] – 16/10/2013 – 14:03:25 R–A- . (…) — C:WINDOWSsystem32ativva5x.dat [3107788]
    O44 – LFC:[MD5.C23E3A4C7004D634A5C2E02841B3E3D4] – 16/10/2013 – 14:03:26 R–A- . (…) — C:WINDOWSsystem32ativva6x.dat [887724]
    O44 – LFC:[MD5.84086D3595E62266A72CE6B19E9BF569] – 16/10/2013 – 14:03:28 R–A- . (…) — C:WINDOWSsystem32atifglpf.xml [7167]
    O44 – LFC:[MD5.23848BA090CF6FD1130C27901C0FD1C7] – 16/10/2013 – 14:03:30 R–A- . (…) — C:WINDOWSatiogl.xml [14696]
    O44 – LFC:[MD5.292CE38F68F98FC74FFCB3A7D39B1356] – 16/10/2013 – 14:03:32 —A- . (.Pas de propriétaire – ATI Smart.) — C:WINDOWSsystem32ati2sgag.exe [593920]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 14:10:31 —A- . (…) — C:WINDOWSativpsrm.bin [0]
    O44 – LFC:[MD5.19166026A93206F9C6A8CD3A1F010AE4] – 16/10/2013 – 14:15:57 —A- . (…) — C:WINDOWSsystem32DriversASUSHWIO.SYS [10296]
    O44 – LFC:[MD5.D48659BB24C48345D926ECB45C1EBDF5] – 16/10/2013 – 14:16:08 R–A- . (.Pas de propriétaire – ATK0110 ACPI Utility.) — C:WINDOWSsystem32DriversASACPI.sys [5810]
    O44 – LFC:[MD5.43C3571EADA5BC1EDEAD7CA22AD66F30] – 16/10/2013 – 14:33:18 R—- . (…) — C:WINDOWSsystem32ChCfg.exe [49152]
    O44 – LFC:[MD5.C34AFC859EF56561A36969FC8BC4E59F] – 16/10/2013 – 14:33:21


    . (…) — C:WINDOWSUSetup.iss [636]
    O44 – LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] – 16/10/2013 – 14:36:38 —A- . (…) — C:WINDOWSsystem32BuzzingBee.wav [146650]
    O44 – LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] – 16/10/2013 – 14:36:38 —A- . (…) — C:WINDOWSsystem32LoopyMusic.wav [940794]
    O44 – LFC:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] – 16/10/2013 – 14:40:11 —A- . (…) — C:WINDOWSsystem32DriversAsInsHelp32.sys [10216]
    O44 – LFC:[MD5.EDAA17CE771C696655B6585F7CAD2100] – 16/10/2013 – 14:40:11 —A- . (…) — C:WINDOWSsystem32DriversAsInsHelp64.sys [11832]
    O44 – LFC:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] – 16/10/2013 – 14:40:13 R–A- . (…) — C:WINDOWSsystem32DriversAsIO.sys [12400]
    O44 – LFC:[MD5.212F87EE837B4E35E43A93BBFC44E7A7] – 16/10/2013 – 14:40:13 R–A- . (.Pas de propriétaire – AsIO DLL.) — C:WINDOWSsystem32AsIO.dll [24576]
    O44 – LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] – 16/10/2013 – 15:33:23 —A- . (…) — C:WINDOWSsystem32AUTOEXEC.NT [1896]
    O44 – LFC:[MD5.486E0B1BC94C346E5C352C295388C803] – 16/10/2013 – 15:33:23 —A- . (…) — C:WINDOWSsystem32CONFIG.TMP [3072]
    O44 – LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] – 16/10/2013 – 15:33:28 —A- . (…) — C:WINDOWSsystem32c_20127.nls [66082]
    O44 – LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] – 16/10/2013 – 15:33:34 —A- . (…) — C:WINDOWSsystem32C_28594.NLS [66082]
    O44 – LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] – 16/10/2013 – 15:33:37 —A- . (…) — C:WINDOWSsystem32C_28597.NLS [66082]
    O44 – LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] – 16/10/2013 – 15:33:41 —A- . (…) — C:WINDOWSsystem32C_28595.NLS [66082]
    O44 – LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] – 16/10/2013 – 15:33:45 —A- . (…) — C:WINDOWSsystem32c_28599.nls [66082]
    O44 – LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] – 16/10/2013 – 15:33:48 —A- . (…) — C:WINDOWSsystem32c_28603.nls [66082]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 15:36:13


    . (…) — C:WINDOWSSti_Trace.log [0]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 15:39:58 —A- . (…) — C:WINDOWSsystem32h323log.txt [0]
    O44 – LFC:[MD5.E6976980F6A8AF277850580F9E883334] – 16/10/2013 – 16:22:26 —A- . (…) — C:WINDOWSsystem32wpa.bak [13688]
    O44 – LFC:[MD5.F69E47705350A9A147B7561DCCD3AD64] – 16/10/2013 – 18:17:15 —A- . (…) — C:WINDOWSsystem32emptyregdb.dat [23016]
    O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSWindowsShell.Manifest [749]
    O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32cdplayer.exe.manifest [749]
    O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32ncpa.cpl.manifest [749]
    O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32nwc.cpl.manifest [749]
    O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32sapi.cpl.manifest [749]
    O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32wuaucpl.cpl.manifest [749]
    O44 – LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] – 16/10/2013 – 18:17:36 R-HA- . (…) — C:WINDOWSsystem32WindowsLogon.manifest [488]
    O44 – LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] – 16/10/2013 – 18:17:36 R-HA- . (…) — C:WINDOWSsystem32logonui.exe.manifest [488]
    O44 – LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] – 16/10/2013 – 18:18:05 —A- . (…) — C:WINDOWSODBCINST.INI [4205]
    O44 – LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] – 16/10/2013 – 18:18:15 —A- . (…) — C:WINDOWSsystem32amcompat.tlb [16832]
    O44 – LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] – 16/10/2013 – 18:18:15 —A- . (…) — C:WINDOWSsystem32nscompat.tlb [23392]
    O44 – LFC:[MD5.9F22340864280CAEF375BB43B5E9C799] – 16/10/2013 – 18:19:58 —A- . (…) — C:WINDOWSsystem32$winnt$.inf [288]
    O44 – LFC:[MD5.7794C3221F670DE270586A2CF6E68383] – 16/10/2013 – 18:51:56


    . (…) — C:ntldr [252240]
    O44 – LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] – 16/10/2013 – 18:52:04


    . (…) — C:WINDOWSsystem32Driversativmc20.cod [64352]
    O44 – LFC:[MD5.3194C32E8A2403073B812183355E25C6] – 16/10/2013 – 18:52:04


    . (…) — C:WINDOWSsystem32Driverscxthsfs2.cty [129045]
    O44 – LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] – 16/10/2013 – 18:52:04


    . (…) — C:WINDOWSsystem32Driversnetwlan5.img [67866]
    O44 – LFC:[MD5.A408398F783A9DBFEB0C7B76F5DBF901] – 16/10/2013 – 18:58:53 —A- . (…) — C:WINDOWSsystem32spupdwxp.log [259]
    O44 – LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] – 16/10/2013 – 18:59:12 —A- . (…) — C:WINDOWSWMSysPr9.prx [316640]
    O44 – LFC:[MD5.DDB9B5C1CE074274D74B8A7910C97208] – 16/10/2013 – 19:01:58 —A- . (…) — C:WINDOWSsystem32msdvbnp.ax [52224]
    O44 – LFC:[MD5.5319BF20F48884E594F84097A600424B] – 16/10/2013 – 19:01:58 —A- . (…) — C:WINDOWSsystem32psisdecd.dll [354816]
    O44 – LFC:[MD5.E93D7D262A33D14AEF13398AB83FE08B] – 16/10/2013 – 19:01:58 —A- . (…) — C:WINDOWSsystem32psisrndr.ax [30208]
    O44 – LFC:[MD5.40C03F83C21D3D8F2634EF7879755773] – 16/10/2013 – 19:22:03


    . (…) — C:RHDSetup.log [573]
    O44 – LFC:[MD5.2907011680E6EFEC615CD8873A897F12] – 16/10/2013 – 19:25:48 —A- . (…) — C:WINDOWSAscd_tmp.ini [38073]
    O44 – LFC:[MD5.70509087597627A322EA5882512958EC] – 16/10/2013 – 19:30:19 —A- . (…) — C:WINDOWSsetup.iss [670]
    O44 – LFC:[MD5.32A1C6071532FB086A1F705F20BBE727] – 16/10/2013 – 19:30:34 —A- . (…) — C:WINDOWSAscd_log.ini [38464]
    O44 – LFC:[MD5.7017E85C07D36E624D78232433B1A724] – 17/10/2013 – 06:21:00 —A- . (…) — C:WINDOWSsystem32TZLog.log [6144]
    O44 – LFC:[MD5.9C1DAF23C0CD86BCCC5B5FA0F630AB03] – 17/10/2013 – 06:48:30 —A- . (…) — C:WINDOWSsystem32lvcoinst.log [2497]
    O44 – LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] – 17/10/2013 – 07:28:07 —A- . (…) — C:WINDOWSsystem.ini [227]
    O44 – LFC:[MD5.5B8F9069273361E81D610962C7901BD6] – 17/10/2013 – 07:28:07 —A- . (…) — C:WINDOWSwin.ini [477]
    O44 – LFC:[MD5.69302A2BF605522B06CE7D7928434998] – 19/10/2013 – 12:06:22


    . (…) — C:RstAssociations.txt [669]
    O44 – LFC:[MD5.A50E10B5380F277C90CF0FBA4341678E] – 20/10/2013 – 08:31:25


    . (…) — C:UsbFix [Clean 2] MAURICETTE.txt [4428]
    O44 – LFC:[MD5.388A9F58C76174D4CC7022D0C050D01A] – 20/10/2013 – 14:59:01 —A- . (…) — C:WINDOWSntbtlog.txt [179326]
    O44 – LFC:[MD5.CD8F3C8A9E405BDB35A7CD49279DA093] – 20/10/2013 – 15:05:05


    . (…) — C:UsbFix [Scan 1] MAURICETTE.txt [2807]
    O44 – LFC:[MD5.FA5E9BA6438D641B6EB4047615B3A232] – 20/10/2013 – 15:11:21 —A- . (…) — C:UsbFix [Clean 1] MAURICETTE.txt [5331]
    O44 – LFC:[MD5.9BD5156B98D5B3823CEC04FCAEC7F1E4] – 20/10/2013 – 15:34:49 —A- . (…) — C:UsbFix [Scan 2] MAURICETTE.txt [4558]
    O44 – LFC:[MD5.DAA64C767C30EDEB7F5E0BDFAE6CE2EC] – 20/10/2013 – 15:44:55 —A- . (…) — C:WINDOWSsystem32ativvaxx.cap [54376]
    O44 – LFC:[MD5.DD86E6B8628A07F253A1E04228609E47] – 20/10/2013 – 15:45:18 —A- . (…) — C:WINDOWSwiadebug.log [159]
    O44 – LFC:[MD5.95DD4D20614213001A323D5D7A029305] – 20/10/2013 – 15:45:18 —A- . (…) — C:WINDOWSwiaservc.log [50]
    ~ Files: 470 Legitimates Filtered in 00mn 52s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.53943FD0D53082D794A232E8849EB736] – 18/10/2013 – 15:19:50 —A- – C:WINDOWSPrefetchCREXTP8H.EXE-1674F5B6.pf
    O45 – LFCP:[MD5.8D13446A66750D109F6637DF44EB15E1] – 18/10/2013 – 15:36:38 —A- – C:WINDOWSPrefetch8HSRCHMN.EXE-119C4D72.pf
    O45 – LFCP:[MD5.DCCD3CCBCE13EF191EAE0CCA2668DE26] – 18/10/2013 – 18:52:16 —A- – C:WINDOWSPrefetchINS50.TMP-27D3581E.pf
    O45 – LFCP:[MD5.86C57A7E2C8CBDF200C8EFD628E02795] – 18/10/2013 – 18:52:17 —A- – C:WINDOWSPrefetchBUBBLESHOOTER.EXE-10615A56.pf
    O45 – LFCP:[MD5.54DD9F41BEBE0D857F730C6A83A4C2AC] – 19/10/2013 – 12:06:07 —A- – C:WINDOWSPrefetchRSTASSOCIATIONS[1].SCR-3A5A704A.pf
    O45 – LFCP:[MD5.B2BD4AD4F61D226AD1E5BA3659510D2E] – 19/10/2013 – 12:31:00 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-CODEDOWNLO-0A55EBB7.pf =>PUP.weDownloadManager
    O45 – LFCP:[MD5.E4474629974B433E51C62D038F457711] – 19/10/2013 – 12:31:00 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-ENABLER.EX-120BAD7B.pf =>PUP.weDownloadManager
    O45 – LFCP:[MD5.AA0F9C5962D5E5E7B895B24F2E785AD5] – 19/10/2013 – 12:31:01 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-UPDATER.EX-07FBE0BE.pf =>PUP.weDownloadManager
    O45 – LFCP:[MD5.F9676D3CB71FC15CE8D32DC57295892D] – 19/10/2013 – 13:55:27 —A- – C:WINDOWSPrefetchTESTDISK_WIN.EXE-05467CD9.pf
    O45 – LFCP:[MD5.C32418489A96C5F61C0F468266DEB7EC] – 19/10/2013 – 16:13:00 —A- – C:WINDOWSPrefetchDUUQUCRASHHANDLER.EXE-30FB2A3D.pf =>Toolbar.DeltaSearch
    O45 – LFCP:[MD5.FDD485D00B924EC295FEFE674344FF60] – 19/10/2013 – 16:26:24 —A- – C:WINDOWSPrefetchNSH11.EXE-13DC7AE2.pf
    O45 – LFCP:[MD5.852701B68E91C97997643431846D96C1] – 19/10/2013 – 16:26:39 —A- – C:WINDOWSPrefetchCLTMNGSVC.EXE-147F4578.pf
    O45 – LFCP:[MD5.C81FF7EE250D00BE66B5931CE199DF6E] – 19/10/2013 – 16:26:39 —A- – C:WINDOWSPrefetchSPRUNNER.EXE-0FC6701B.pf
    O45 – LFCP:[MD5.0A42B8784AED55C09BA54B64CAB13FF7] – 19/10/2013 – 16:27:06 —A- – C:WINDOWSPrefetchUTILS.EXE-3105085B.pf
    O45 – LFCP:[MD5.2628B1DFB7793B12957C22EE972C9D2C] – 19/10/2013 – 16:27:10 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-ENABLER.EX-1248A1AC.pf =>PUP.weDownloadManager
    O45 – LFCP:[MD5.8D9B097028A5C8A659A1F917CD56E609] – 19/10/2013 – 16:57:36 —A- – C:WINDOWSPrefetchSIXENGINE.EXE-2D5C0F37.pf
    O45 – LFCP:[MD5.072EE8F2AE7AA62E5BCB9C6BB6C57C60] – 20/10/2013 – 00:38:52 —A- – C:WINDOWSPrefetchBUBBLE SHOOTER V1.0.EXE-0288F0BA.pf
    O45 – LFCP:[MD5.C53496D2C0AB35645AE72154B93FDF68] – 20/10/2013 – 06:35:01 —A- – C:WINDOWSPrefetchOPEN-CONFIG[1].EXE-2242C86C.pf
    O45 – LFCP:[MD5.F980B62E20AFB2E224C3F332E2C57E0C] – 20/10/2013 – 09:52:16 —A- – C:WINDOWSPrefetchSHANGHAI_DYNASTY.EXE-0A9EB5D2.pf
    O45 – LFCP:[MD5.CCB7D3CA1B546C3D14568F8109846CFD] – 20/10/2013 – 15:30:22 —A- – C:WINDOWSPrefetchGO.EXE-39722D3E.pf
    O45 – LFCP:[MD5.F184BBA0072D0C537E0084CCEAC6122E] – 20/10/2013 – 15:37:36 —A- – C:WINDOWSPrefetchSIGCHECK.COM-3573C390.pf
    ~ Prefetcher: 125 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “C:Documents and SettingssergeLocal SettingsTemporary Internet FilesContent.IE507XON4Vpjjoint_uploader[1].exe” [Enabled] .(…) — C:Documents and SettingssergeLocal SettingsTemporary Internet FilesContent.IE507XON4Vpjjoint_uploader[1].exe (.not file.)
    ~ Keys Export: 7 Legitimates Filtered in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] – 13/08/2004 – 11:56:20 R–A- . (.Pas de propriétaire – ATK0110 ACPI Utility.) — C:WINDOWSsystem32DriversASACPI.sys [5810]
    O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    ~ Drivers: 5 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox (2).lnk [724]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk [742]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxCrash ReportsInstallTime20130910160258 [10]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultaddons.sqlite [524288]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultblocklist.xml [81365]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultbookmarkbackupsbookmarks-2013-10-17.json [3197]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultcontent-prefs.sqlite [229376]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultformhistory.sqlite [196608]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaulthealthreport.sqlite [1146880]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultindexedDBchrome.metadata [0]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultindexedDBchromeidb2588645841ssegtnti.sqlite [524288]
    O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultmimeTypes.rdf [3772]
    O61 – LFC: 17/10/2013 – 16:49:42 -S-A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftCryptoRSAS-1-5-21-1060284298-515967899-839522115-1004d8558b504e8dac7fdb78814eb7e88dcf_9b94b40f-e7dd-45c5-a95c-344c85121b00 [46]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultpermissions.sqlite [65536]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js.bak [6069]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js.new [6071]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsecmod.db [16384]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsignons.sqlite [327680]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaulttimes.json [29]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursAvira Control Center.lnk [1707]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursAvira Free Antivirus 2013 – Le blog de jaime.over-blog.fr.url [317]
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursZHPDiag.lnk [1523] =>.Nicolas Coolman
    O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursZHPFix.lnk [1628] =>.Nicolas Coolman
    O61 – LFC: 17/10/2013 – 16:49:53 —A- . (…) — C:Documents and SettingssergeBureauutilitairesVLC media player.lnk [719] =>.VideoLAN
    O61 – LFC: 17/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisSites Web MicrosoftMicrosoft Store.url [134]
    O61 – LFC: 17/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisSites Web MicrosoftSite Internet Explorer sur Microsoft.com.url [133]
    O61 – LFC: 17/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet Explorerbrndlog.txt [6525]
    O61 – LFC: 17/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131017_092109.reg [12084]
    O61 – LFC: 17/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131017_092126.reg [288]
    O61 – LFC: 18/10/2013 – 16:49:39 —A- . (…) — C:Documents and SettingssergeApplication DataFunnyGamessite.ico [24870]
    O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaujeuxBubble Shooter.lnk [823]
    O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaujeuxShanghai Dynasty.lnk [1901]
    O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaujeuxSpider Solitaire.lnk [1496]
    O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauutilitairesFoxit Reader.lnk [791]
    O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisBubble Shooter.url [4523]
    O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisPC Astuces Aide Informatique.url [3768]
    O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataGDIPFONTCACHEV1.DAT [18128]
    O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftHelpCtrHelpSessionHistory.dat [8728]
    O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet Explorerframeiconcache.dat [7010]
    O61 – LFC: 18/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet ExplorerServicessearch_{26125700-00FB-4911-A1AE-6654F9E72460}.ico [1150]
    O61 – LFC: 18/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet ExplorerServicessearch_{BD3873E9-FC9B-41E3-ADAF-9C7CC26DF3A5}.ico [5430]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMenu DémarrerProgrammesFunnyGamesFunnyGames.lnk [1452]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMenu DémarrerProgrammesFunnyGamesShanghai Dynasty.lnk [1917]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131018_175958.reg [1774]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeReport.html [137]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque D.lnk [275]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque E.lnk [275]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque F.lnk [129]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque ext H.lnk [129]
    O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTograveur J.lnk [145]
    O61 – LFC: 19/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftWindowsThemesCustom.theme [8234]
    O61 – LFC: 19/10/2013 – 16:49:42 -SHA- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerDesktop.htt [2698]
    O61 – LFC: 19/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication Datavlcml.xspf [304]
    O61 – LFC: 19/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication Datavlcvlcrc [83997]
    O61 – LFC: 19/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.1463cygwin [1534]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14caméscopePRG005MOV00A.MOD [13959168]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEGet_Files.cmd [5096]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEHelp.htm [3201]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPERESET.cmd [103]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEReadMe.txt [759]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPESCRIPTSStart_INF.dat [559]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPESCRIPTSStaticINF.dat [1259]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEstart.inf [559]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEtestdisk_nu2menu.xml [607]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsWinBuilderHelp.htm [3062]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsWinBuilderReadMe.txt [812]
    O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsWinBuilderTestDisk.script [4887]
    O61 – LFC: 19/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet Explorertabiconcache.dat [7328]
    O61 – LFC: 19/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftWallpaper1.bmp [17842230]
    O61 – LFC: 19/10/2013 – 16:50:02 —A- . (…) — C:Documents and SettingssergeMenu DémarrerProgrammesAccessoiresBloc-notes.lnk [1519] =>.Microsoft Corporation
    O61 – LFC: 19/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentsfichier.reg [86]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerUserDataRKUVDNU8YL[1].xml [98]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultbookmarkbackupsbookmarks-2013-10-20.json [3197]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultcert8.db [98304]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultcookies.sqlite [524288]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultdownloads.sqlite [98304]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultextensions.sqlite [458752]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultkey3.db [16384]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultlocalstore.rdf [3294]
    O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultparent.lock [0]
    O61 – LFC: 20/10/2013 – 16:49:42 -SHA- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerUserDataindex.dat [32768]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultplaces.sqlite [10485760]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultpluginreg.dat [4429]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js [7110]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsearch.json [12858]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsessionstore.bak [158613]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsessionstore.js [162648]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaulturlclassifierkey3.txt [154]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultwebappswebapps.json [2]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultwebappsstore.sqlite [131072]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataZHPLog.txt [66470] =>.Nicolas Coolman
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataZHPTestsZHPDiag.txt [3190] =>.Nicolas Coolman
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauSosVirus Forum Gratuit.lnk [1761]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauUsbFix Faire un Don.lnk [1777]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursMalekal’s forum • Open-config Programmes utiles.url [2700]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursSosVirus Forum Gratuit.lnk [1761]
    O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursUsbFix – Télécharger UsbFix (Gratuit).url [186]
    O61 – LFC: 20/10/2013 – 16:49:53 —A- . (…) — C:Documents and SettingssergeBureauZHPDiag.lnk [1523] =>.Nicolas Coolman
    O61 – LFC: 20/10/2013 – 16:49:53 —A- . (…) — C:Documents and SettingssergeBureauZHPFix.lnk [1628] =>.Nicolas Coolman
    O61 – LFC: 20/10/2013 – 16:49:56 -SHA- . (…) — C:Documents and SettingssergeIETldCacheindex.dat [262144]
    O61 – LFC: 20/10/2013 – 16:50:00 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultstartupCachestartupCache.4.little [1204230]
    O61 – LFC: 20/10/2013 – 16:50:01 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMozillaFirefoxProfilesp8d2c7fm.default_CACHE_CLEAN_ [1]
    O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentsUsbFix [Scan 2] MAURICETTE.txt [4558]
    O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131016_210743.reg [2214]
    O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentAdwCleaner.lnk [393]
    O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentAdwCleaner[S1].txt.lnk [566]
    O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentDisque local (C).lnk [293]
    O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentUsbFix [Clean 2] MAURICETTE.txt.lnk [528]
    O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentUsbFix [Scan 2] MAURICETTE.txt.lnk [657]
    O61 – LFC: 20/10/2013 – 16:50:03 -SHA- . (…) — C:Documents and SettingssergePrivacIEindex.dat [2260992]
    ~ 28 Fichiers temporaires (Temporary files)
    ~ 259 Fichiers cookies (Cookies files)
    ~ Files: 712 Legitimates Filtered in 00mn 23s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..cplopenCommand] (…) — shell32.dll
    O67 – Shell Spawning: [HKCR..cplopenCommand] (…) — shell32.dll
    ~ FASS Keys: 16 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {26125700-00FB-4911-A1AE-6654F9E72460} [DefaultScope] – (Jmalaya LiveTV Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {BD3873E9-FC9B-41E3-ADAF-9C7CC26DF3A5} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 20/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 17/10/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
    SR – | Auto 17/10/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
    SR – | Auto 11/09/2008 581632 | (Ati HotKey Poller) . (.ATI Technologies Inc..) – C:WINDOWSsystem32Ati2evxx.exe
    SS – | Auto 10/09/2008 593920 | (ATI Smart) . (…) – C:WINDOWSsystem32ati2sgag.exe
    SS – | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    SS – | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    ~ Services: Scanned in 00mn 04s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by serge at 20/10/2013 16:50:30

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x8A6AEAB8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 13 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by serge at 20/10/2013 16:50:32

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 12960 – (20/10/2013)
    Clés trouvées (Keys found) : 6
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 4

    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}] =>Adware.Allin1Convert
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}] =>Adware.Allin1Convert
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] =>Adware.Allin1Convert
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] =>Adware.Allin1Convert
    C:WINDOWSTasksAllyrics-16-codedownloader.job =>Adware.AddLyrics^
    C:WINDOWSTasksAllyrics-16-enabler.job =>Adware.AddLyrics^
    C:WINDOWSTasksAllyrics-16-updater.job =>Adware.AddLyrics^
    [HKCUSoftwareWEDLMNGR] =>PUP.weDownloadManager^
    ~ Additionnel Scan: 109147 Items scanned in 00mn 10s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
    ~ http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager” onclick=”window.open(this.href);return false; =>PUP.weDownloadManager
    ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/30478407-adware-allin1convert” onclick=”window.open(this.href);return false; =>Adware.Allin1Convert
    ~ MSI: 5 link(s) detected in 00mn 10s

    ~ 1997 Legitimates filtered by white list
    End of the scan (670 lines in 02mn 21s)(0)
    [/attachment]

  • ines
    Participant
    Nombre d'articles : 11

    et les usbfix
    [attachment=]############################## | UsbFix V 7.145 | [Recherche]

    Utilisateur: serge (Administrateur) # MAURICETTE
    Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 16:30:35 | 20/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer INC. (P5Q-PRO)
    CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    RAM -> [Total : 3327 | Free : 2635]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
    WB: Windows Internet Explorer 8.0.6001.18702

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) – 77%) [] # NTFS
    D: -> Disque fixe # 184 Go (183 Go libre(s) – 100%) [] # NTFS
    E: -> Disque fixe # 176 Go (77 Go libre(s) – 44%) [] # NTFS
    F: -> Disque fixe # 290 Go (290 Go libre(s) – 100%) [Disque local ] # NTFS
    J: -> CD-ROM
    O: -> Disque fixe # 466 Go (367 Go libre(s) – 79%) [disque ext ] # NTFS

    ################## | Processus Actif |

    C:WINDOWSSystem32smss.exe (ID 444 |ParentID 4)
    C:WINDOWSsystem32winlogon.exe (ID 748 |ParentID 444)
    C:WINDOWSsystem32services.exe (ID 792 |ParentID 748)
    C:WINDOWSsystem32lsass.exe (ID 804 |ParentID 748)
    C:WINDOWSsystem32Ati2evxx.exe (ID 1008 |ParentID 792)
    C:WINDOWSsystem32svchost.exe (ID 1044 |ParentID 792)
    C:WINDOWSSystem32svchost.exe (ID 1212 |ParentID 792)
    C:WINDOWSsystem32Ati2evxx.exe (ID 1424 |ParentID 748)
    C:WINDOWSsystem32spoolsv.exe (ID 1620 |ParentID 792)
    C:Program FilesAviraAntiVir Desktopsched.exe (ID 1656 |ParentID 792)
    C:WINDOWSExplorer.EXE (ID 1924 |ParentID 1904)
    C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID 124 |ParentID 116)
    C:Program FilesHpHP Software UpdateHPWuSchd2.exe (ID 136 |ParentID 1924)
    C:WINDOWSRTHDCPL.EXE (ID 148 |ParentID 1924)
    C:Program FilesASUSSix EngineSixEngine.exe (ID 128 |ParentID 1924)
    C:Program FilesAviraAntiVir Desktopavgnt.exe (ID 164 |ParentID 1924)
    C:WINDOWSsystem32ctfmon.exe (ID 172 |ParentID 1924)
    C:Program FilesAviraAntiVir Desktopavguard.exe (ID 408 |ParentID 792)
    C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe (ID 564 |ParentID 792)
    C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe (ID 1376 |ParentID 124)
    C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe (ID 1472 |ParentID 792)
    C:WINDOWSsystem32svchost.exe (ID 1724 |ParentID 792)
    C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe (ID 1876 |ParentID 1472)
    C:Program FilesAviraAntiVir Desktopavshadow.exe (ID 4036 |ParentID 408)
    C:WINDOWSSystem32svchost.exe (ID 3228 |ParentID 792)
    C:Program FilesInternet Exploreriexplore.exe (ID 908 |ParentID 1924)
    C:Program FilesInternet Exploreriexplore.exe (ID 868 |ParentID 908)
    C:UsbFixGo.exe (ID 2908 |ParentID 1924)
    C:UsbFixGo.exe (ID 3456 |ParentID 1924)
    C:WINDOWSsystem32wscntfy.exe (ID 2632 |ParentID 1212)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWARE | Run : [] –
    HKLMSOFTWARE | Run : [RTHDCPL] – RTHDCPL.EXE
    HKLMSOFTWARE | Run : [Alcmtr] – ALCMTR.EXE
    HKLMSOFTWARE | Run : [Six Engine] – “C:Program FilesASUSSix EngineSixEngine.exe” -r
    HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
    HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
    HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
    HKUS-1-5-21-1060284298-515967899-839522115-1004SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
    HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

    ################## | Éléments infectieux |

    ################## | Registre |

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    O:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
    [attachment] [attachment=]############################## | UsbFix V 7.145 | [Recherche]

    Utilisateur: serge (Administrateur) # MAURICETTE
    Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 09:25:10 | 20/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer INC. (P5Q-PRO)
    CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    RAM -> [Total : 3327 | Free : 2558]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
    WB: Windows Internet Explorer 8.0.6001.18702

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) – 78%) [] # NTFS
    D: -> Disque fixe # 184 Go (183 Go libre(s) – 100%) [] # NTFS
    E: -> Disque fixe # 176 Go (77 Go libre(s) – 44%) [] # NTFS
    F: -> Disque fixe # 290 Go (290 Go libre(s) – 100%) [Disque local ] # NTFS
    J: -> CD-ROM
    O: -> Disque fixe # 466 Go (367 Go libre(s) – 79%) [disque ext ] # NTFS

    ################## | Processus Actif |

    C:WINDOWSSystem32smss.exe (ID 444 |ParentID 4)
    C:WINDOWSsystem32winlogon.exe (ID 740 |ParentID 444)
    C:WINDOWSsystem32services.exe (ID 784 |ParentID 740)
    C:WINDOWSsystem32lsass.exe (ID 796 |ParentID 740)
    C:WINDOWSsystem32Ati2evxx.exe (ID 980 |ParentID 784)
    C:WINDOWSsystem32svchost.exe (ID 1000 |ParentID 784)
    C:WINDOWSSystem32svchost.exe (ID 1168 |ParentID 784)
    C:WINDOWSsystem32Ati2evxx.exe (ID 1424 |ParentID 740)
    C:WINDOWSsystem32spoolsv.exe (ID 1568 |ParentID 784)
    C:Program FilesAviraAntiVir Desktopsched.exe (ID 1624 |ParentID 784)
    C:WINDOWSExplorer.EXE (ID 1892 |ParentID 1860)
    C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2012 |ParentID 2004)
    C:Program FilesHpHP Software UpdateHPWuSchd2.exe (ID 2020 |ParentID 1892)
    C:WINDOWSRTHDCPL.EXE (ID 2028 |ParentID 1892)
    C:Program FilesASUSSix EngineSixEngine.exe (ID 2044 |ParentID 1892)
    C:Program FilesAviraAntiVir Desktopavgnt.exe (ID 132 |ParentID 1892)
    C:WINDOWSsystem32ctfmon.exe (ID 144 |ParentID 1892)
    C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe (ID 392 |ParentID 2012)
    C:Program FilesAviraAntiVir Desktopavguard.exe (ID 1272 |ParentID 784)
    C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe (ID 1472 |ParentID 784)
    C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe (ID 1840 |ParentID 784)
    C:WINDOWSsystem32svchost.exe (ID 1404 |ParentID 784)
    C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe (ID 2112 |ParentID 1840)
    C:Program FilesAviraAntiVir Desktopavshadow.exe (ID 3120 |ParentID 1272)
    C:WINDOWSSystem32svchost.exe (ID 2872 |ParentID 784)
    C:Program FilesInternet Exploreriexplore.exe (ID 1300 |ParentID 1892)
    C:Program FilesInternet Exploreriexplore.exe (ID 1800 |ParentID 1300)
    C:WINDOWSsystem32wuauclt.exe (ID 2736 |ParentID 1168)
    C:Program FilesInternet Exploreriexplore.exe (ID 3572 |ParentID 1300)
    C:UsbFixGo.exe (ID 1248 |ParentID 120)
    C:WINDOWSsystem32wscntfy.exe (ID 4064 |ParentID 1168)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWARE | Run : [] –
    HKLMSOFTWARE | Run : [RTHDCPL] – RTHDCPL.EXE
    HKLMSOFTWARE | Run : [Alcmtr] – ALCMTR.EXE
    HKLMSOFTWARE | Run : [Six Engine] – “C:Program FilesASUSSix EngineSixEngine.exe” -r
    HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
    HKLMSOFTWARE | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
    HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
    HKUS-1-5-21-1060284298-515967899-839522115-1004SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
    HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

    ################## | Éléments infectieux |

    ################## | Registre |

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
    [/attachement]

  • Anonyme
    Nombre d'articles : 0

    Hello Inès :hello: ,

    Bienvenue sur SosVirus :welcome:

    j’ai voulu sauver des fichiers dans le disque externe, ils sont devenus des raccourcis .lnk

    C’est donc le disque O qui est concerné ?

  • ines
    Participant
    Nombre d'articles : 11

    bonsoir
    oui il s’agit bien du disque O
    merci d’avance

  • Anonyme
    Nombre d'articles : 0

    Avec le disque O connecté et allumé, éxécute UsbFix option listing et post le rapport en réponse stp ( copié – collé )

  • ines
    Participant
    Nombre d'articles : 11

    voici le listing
    ############################## | UsbFix V 7.145 | [Listing]

    Utilisateur: serge (Administrateur) # MAURICETTE
    Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 19:03:09 | 20/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer INC. (P5Q-PRO)
    CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    RAM -> [Total : 3327 | Free : 2499]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
    WB: Windows Internet Explorer 8.0.6001.18702

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 49 Go (38 Go libre(s) – 77%) [] # NTFS
    D: -> Disque fixe # 184 Go (183 Go libre(s) – 100%) [] # NTFS
    E: -> Disque fixe # 176 Go (77 Go libre(s) – 44%) [] # NTFS
    F: -> Disque fixe # 290 Go (290 Go libre(s) – 100%) [Disque local ] # NTFS
    J: -> CD-ROM
    O: -> Disque fixe # 466 Go (367 Go libre(s) – 79%) [disque ext ] # NTFS

    ################## | Listing |

    [20/10/2013 – 16:46:07 | D ] C:AdwCleaner
    [16/10/2013 – 14:44:36 | N | 0] C:AUTOEXEC.BAT
    [20/10/2013 – 16:11:21 | RASHD ] C:Autorun.inf
    [17/10/2013 – 11:06:38 | N | 218] C:boot.ini
    [05/08/2004 – 14:00:00 | N | 4952] C:Bootfont.bin
    [16/10/2013 – 14:44:36 | N | 0] C:CONFIG.SYS
    [20/10/2013 – 09:47:05 | D ] C:Documents and Settings
    [16/10/2013 – 15:16:46 | D ] C:Intel
    [16/10/2013 – 14:44:36 | N | 0] C:IO.SYS
    [16/10/2013 – 14:44:36 | N | 0] C:MSDOS.SYS
    [05/08/2004 – 14:00:00 | N | 47564] C:NTDETECT.COM
    [16/10/2013 – 19:51:56 | N | 252240] C:ntldr
    [20/10/2013 – 16:44:50 | ASH | 2145386496] C:pagefile.sys
    [20/10/2013 – 16:50:30 | A | 512] C:PhysicalDisk0_MBR.bin
    [20/10/2013 – 16:43:29 | D ] C:Program Files
    [20/10/2013 – 16:07:43 | SHD ] C:RECYCLER
    [16/10/2013 – 20:22:03 | N | 573] C:RHDSetup.log
    [19/10/2013 – 13:06:22 | N | 669] C:RstAssociations.txt
    [16/10/2013 – 19:21:38 | SHD ] C:System Volume Information
    [20/10/2013 – 19:03:11 | D ] C:UsbFix
    [20/10/2013 – 16:11:21 | A | 5331] C:UsbFix [Clean 1] MAURICETTE.txt
    [20/10/2013 – 09:31:25 | N | 4428] C:UsbFix [Clean 2] MAURICETTE.txt
    [20/10/2013 – 19:03:17 | A | 2368] C:UsbFix [Listing 1 ] MAURICETTE.txt
    [20/10/2013 – 16:05:05 | N | 2807] C:UsbFix [Scan 1] MAURICETTE.txt
    [20/10/2013 – 16:34:49 | A | 4558] C:UsbFix [Scan 2] MAURICETTE.txt
    [20/10/2013 – 09:46:54 | D ] C:WINDOWS
    [20/10/2013 – 16:11:21 | RASHD ] D:Autorun.inf
    [17/10/2013 – 14:48:52 | D ] D:factures
    [18/10/2013 – 16:58:12 | D ] D:jeux
    [17/10/2013 – 14:49:39 | D ] D:ma musique
    [16/10/2013 – 10:06:26 | N | 389] D:Raccourci vers Article marine.pdf.lnk
    [20/10/2013 – 16:07:44 | SHD ] D:RECYCLER
    [16/10/2013 – 09:16:29 | N | 5282] D:Slipstreaming avec nLite.url
    [17/10/2013 – 07:28:50 | SHD ] D:System Volume Information
    [19/10/2013 – 18:09:29 | D ] D:tutos
    [20/10/2013 – 16:11:21 | RASHD ] E:Autorun.inf
    [17/10/2013 – 14:48:16 | D ] E:caméscope
    [17/10/2013 – 14:54:55 | D ] E:mes photos
    [17/10/2013 – 13:23:44 | D ] E:mes vidéos
    [19/10/2013 – 18:15:37 | D ] E:MyWorks
    [16/10/2013 – 10:06:26 | N | 304] E:PC Astuces – Couper une vidéo.url
    [20/10/2013 – 16:07:44 | SHD ] E:RECYCLER
    [16/10/2013 – 19:48:37 | SHD ] E:System Volume Information
    [20/10/2013 – 16:11:21 | RASHD ] F:Autorun.inf
    [20/10/2013 – 16:07:44 | SHD ] F:RECYCLER
    [19/10/2013 – 17:56:27 | SHD ] F:System Volume Information
    [20/10/2013 – 16:11:21 | RASHD ] O:Autorun.inf
    [16/10/2013 – 10:27:44 | D ] O:caméscope
    [28/04/2013 – 07:10:07 | D ] O:factures
    [29/05/2009 – 11:15:43 | D ] O:impots
    [15/02/2010 – 15:56:51 | D ] O:ma musique
    [15/10/2013 – 12:57:57 | D ] O:mes photos
    [16/10/2013 – 10:05:15 | D ] O:mes vidéos
    [20/10/2013 – 16:07:44 | SHD ] O:RECYCLER
    [19/10/2013 – 18:19:59 | D ] O:récupération
    [16/10/2013 – 15:03:47 | SHD ] O:System Volume Information
    [14/04/2012 – 18:44:17 | RASH | 8192] O:Thumbs.db

    ################## | E.O.F |

  • Anonyme
    Nombre d'articles : 0

    Re ,

    Que je comprenne bien, depuis que tu as fait UsbFix option suppression :

    [20/10/2013 – 16:11:21 | A | 5331] C:UsbFix [Clean 1] MAURICETTE.txt
    [20/10/2013 – 09:31:25 | N | 4428] C:UsbFix [Clean 2] MAURICETTE.txt

    Le disque 0 va bien ou il y a toujours des soucis ?

  • ines
    Participant
    Nombre d'articles : 11

    non je ne peux toujours pas ouvrir les fichiers que j’avais envoyé de mon pc infecté

  • Anonyme
    Nombre d'articles : 0

    On va faire un scan de ce disque car il n’y a rien d’évident sur tes rapports.

    Ce scan va afficher le contenu complet de ton disque …. donc héberge le rapport sur SoSupload : https://antimalware.top/” onclick=”window.open(this.href);return false; et transmet moi le lien stp.

    Voici l’outil pour scanner :

    Télécharge ce fichier : partage/Serge.zip , dézippe le , fait un clic droit sur Serge.bat et choisi éxécuter en tant qu’administrateur.
    Héberge le rapport C:Disque_O.txt sur SosUpload : https://antimalware.top/” onclick=”window.open(this.href);return false;

  • ines
    Participant
    Nombre d'articles : 11

    pardon d’être aussi longue je n’ai jamais fait ce genre de truc
    l’hébergement bloque à la moitié, je ne sais pas si c’est normal

  • Anonyme
    Nombre d'articles : 0

    Essai de l’héberger ici alors : http://pjjoint.malekal.com/index.php?lang=fr” onclick=”window.open(this.href);return false;

  • ines
    Participant
    Nombre d'articles : 11

    http://pjjoint.malekal.com/files.php?id=20131020_g10o8y8z6u15” onclick=”window.open(this.href);return false;

  • Anonyme
    Nombre d'articles : 0

    Re,

    Je vais diner et je reviens vers toi .

  • Anonyme
    Nombre d'articles : 0

    Re ,

    non je ne peux toujours pas ouvrir les fichiers que j’avais envoyé de mon pc infecté

    Quels sont ces fichiers ? Je ne vois pas de .lnk infectieux dans ce disque .. Explique moi au mieux ce que tu as fait stp et ce qu’il se passe si t’essai d’ouvrir un fichier en me donnant le nom du fichier qui est sur le disque O stp

  • ines
    Participant
    Nombre d'articles : 11

    dans ce disque il y a un fichier nommé récupération: en cliquant dessus il ouvre des raccourcis:
    article marine
    cérébral
    ce que le jour doit à la nuit
    dessins animés
    récupération 1
    récupération 2
    ceux-ci sont lnk quand je clique dessus

  • Anonyme
    Nombre d'articles : 0

    Pour le reste du contenu du disque tout est ok , exact ?

    Tu parles de ce dossier :

    O:r‚cup‚rationMes documents.lnk
    Fichier : [16/10/2013 10:06|–a——|389] O:r‚cup‚rationRaccourci vers Article marine.pdf.lnk
    Fichier : [16/10/2013 10:06|–a——|434] O:r‚cup‚rationRaccourci vers Ce que le jour doit … la nuit.lnk
    Fichier : [16/10/2013 10:06|–a——|347] O:r‚cup‚rationRaccourci vers cerebral.lnk
    Fichier : [16/10/2013 10:06|–a——|365] O:r‚cup‚rationRaccourci vers Dessins anim‚s.lnk
    Fichier : [16/10/2013 10:06|–a——|344] O:r‚cup‚rationRaccourci vers JEUX DS.lnk
    Fichier : [16/10/2013 10:06|–a——|353] O:r‚cup‚rationRaccourci vers Mes vid‚os.lnk
    Fichier : [16/10/2013 10:06|–a——|358] O:r‚cup‚rationRaccourci vers recup_dir.1.lnk
    Fichier : [16/10/2013 10:06|–a——|358] O:r‚cup‚rationRaccourci vers recup_dir.2.lnk

    Si ces raccourcis ne fonctionnent pas, les supprimer.

    Actuellement si tu transfert des fichiers ou des dossiers vers le disque O , tout ce passe bien ou ça se transforme encore en raccourci ?

  • ines
    Participant
    Nombre d'articles : 11

    bonjour
    oui je parlais bien de ces raccourcis, je vais les supprimer tant pis
    pour le reste c’est ok

    merci pour ton aide et bonne journée

  • Anonyme
    Nombre d'articles : 0

    oui je parlais bien de ces raccourcis, je vais les supprimer tant pis

    Oui car il n’y a pas de soucis particulier sur ton disque 0 , après ton pc est infecté mais pas d’infections qui vont se transmettre au disque O pour tes sauvegardes.
    Donc inutil d’aller plus loin, vu que tu vas formater et réinstaller ton système ..

    Bonne semaine 😉

Le sujet ‘raccourcis lnk’ est fermé à de nouvelles réponses.