Suppression impossible USB fix 2013-10-13T18:25:19+00:00
  • Auteur
    Messages
  • H.A.W.X
    Participant
    Post count: 1704

    [norephelpe:4cszuonp][/norephelpe:4cszuonp]

  • H.A.W.X
    Participant
    Post count: 1704

    Bonsoir,

    • Copie les lignes ci dessous :

    Script ZHPFix
    Sysrestore

    R0 - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.babylon.com =>Toolbar.Babylon
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution
    [HKCUSoftwareDataMngr] =>PUP.Datamngr
    [HKCUSoftwared6dedae56feb46]
    [HKLMSoftwareBabylon] =>Toolbar.Babylon
    [HKLMSoftwareDataMngr] =>PUP.Datamngr
    [HKLMSoftwareTarma Installer] =>PUP.Tarma
    O43 - CFD: 2012-07-08 - 20:22:22 - [0] ----D C:ProgramDataBabylon =>Toolbar.Babylon
    O43 - CFD: 2012-10-22 - 17:55:56 - [0,281] ----D C:ProgramDataTarma Installer =>PUP.Tarma
    O43 - CFD: 2012-07-08 - 20:22:22 - [0,020] ----D C:UsersanthonyAppDataRoamingBabylon =>Toolbar.Babylon
    O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.babylon.com
    O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) -
    http://search.babylon.com =>Adware.IMBooster
    O69 - SBI: SearchScopes [HKCU] {A531D99C-5A22-449b-83DA-872725C6D0ED} - (ALOT Search) - http://search.alot.com
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11"
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:version="2.6.1123.78"
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:version="2.6.1125.80"
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:guid="{16cdff19-861d-48e3-a751-d99a27784753}"
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:version="2.6.1249.132"
    [HKCUSoftwared6dedae56feb46] =>Toolbar.Babylon^
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
    [HKLMSoftwareClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
    [HKLMSoftwareClassesCLSID{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
    [HKLMSoftwareClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
    [HKLMSoftwareClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheBabylonToolbar] =>Toolbar.Babylon
    [HKCUSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareTarma Installer] =>PUP.Tarma
    [HKLMSoftwareClassesProd.cap] =>Toolbar.Babylon
    C:ProgramDataBabylon =>Toolbar.Babylon^
    C:ProgramDataTarma Installer =>PUP.Tarma^
    C:UsersanthonyAppDataRoamingBabylon =>Toolbar.Babylon^
    C:UsersanthonyAppDataRoamingWebPlayerBdd =>Adware.SocialSkinz
    C:UsersanthonyAppDataLocalLowBabylonToolbar =>Toolbar.Babylon
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKLMSoftwareBabylon] =>Toolbar.Babylon^
    [HKCUSoftwared6dedae56feb46] =>Toolbar.Babylon^^
    O4 - GSDesktop [Public]: More FREE games.lnk - Clé orpheline
    O4 - HKCU..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 - HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 - HKUSS-1-5-21-2542629729-494269980-674747862-1000..Run: [WindowsWelcomeCenter] Clé orpheline
    O3 - ToolbarWebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    [HKCUSoftwareConduit] =>Toolbar.Conduit
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKLMSoftwareConduit] =>Toolbar.Conduit
    G2 - GCE: Preference [User DataDefault] [hhepndnhfbdjmegechokkbabcphcihdi] Vgrabber1 v.2.3.19.11 (Désactivé) =>Toolbar.vGrabber
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheDelta] =>Toolbar.DeltaSearch
    [HKLMSoftwareClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
    [HKLMSoftwareClassesToolbar.CT3131886] =>Toolbar.Conduit
    C:Program FilesConduit =>Toolbar.Conduit
    C:Program FilesSearchProtect =>Toolbar.Conduit
    C:UsersanthonyAppDataRoamingSearchProtect =>Toolbar.Conduit
    C:UsersanthonyAppDataLocalConduit =>Toolbar.Conduit
    C:UsersanthonyAppDataLocalLowConduit =>Toolbar.Conduit
    C:UsersanthonyAppDataLocalGoogleChromeUser DataDefaultExtensionshhepndnhfbdjmegechokkbabcphcihdi
    [HKCUSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareConduit] =>Toolbar.Conduit^

    FirewallRaz
    EmptyCLSID
    EmptyFlash

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • misspamy
    Participant
    Post count: 9

    oups..

    Voici le rapport de ZHPDiag :

    [spoiler:2wxfetcg]~ Rapport de ZHPDiag v2013.10.18.49 – Nicolas Coolman (2013-10-18)
    ~ Lancé par anthony (2013-10-19 18:03:42)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421
    GCIE: Google Chrome v30.0.1599.101 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
    Windows Server License Manager Script : OK
    ~ Vista, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : G6MF9
    Windows License : OK
    Windows Automatic Updates : OK

    —\ Logiciels de protection du système
    Microsoft Security Client v4.3.0219.0

    —\ Logiciels d'optimisation du système
    CCleaner v3.12 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.0 – Français
    Java 7 Update 25

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2037 MB (32% free)
    System Restore: Activé (Enable)
    System drive C: has 116 GB (65%) free of 177 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-DE-ANTHONY
    ~ User Name: anthony
    ~ All Users Names: anthony, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersanthonyAppDataRoamingZHP
    ~ %AppData% : C:UsersanthonyAppDataRoaming
    ~ %Desktop% : C:UsersanthonyDesktop
    ~ %Favorites% : C:UsersanthonyFavorites
    ~ %LocalAppData% : C:UsersanthonyAppDataLocal
    ~ %StartMenu% : C:UsersanthonyAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 116 Go of 177 Go)
    D: Floppy drive, Flash card reader, USB Key (Not Inserted)
    E: Floppy drive, Flash card reader, USB Key (Not Inserted)
    F: CD-ROM drive (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Free 5 Go of 8 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 43 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.2009-04-11 – 01:27:36.) — C:WindowsExplorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.2008-01-18 – 22:33:38.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.C8ADAA6948993D839D14524847EA5B75] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.2013-09-22 – 05:13:22.) — C:WindowsSystem32wininet.dll [1129472]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d'ouverture de session Windows.) (.2009-04-11 – 01:28:13.) — C:WindowsSystem32Winlogon.exe [314368]
    [MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.2011-04-21 – 08:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.2009-04-11 – 01:32:26.) — C:Windowssystem32Driversatapi.sys [19944]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.2008-01-18 – 20:28:04.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.2009-04-10 – 23:39:17.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.2011-04-14 – 09:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.2009-04-10 – 23:42:42.) — C:Windowssystem32DriversHDAudBus.sys [561152]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.2008-01-18 – 20:49:20.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.2008-01-18 – 20:56:30.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.2011-04-29 – 08:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
    [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.2009-04-10 – 23:45:37.) — C:Windowssystem32DriversnetBT.sys [185856]
    [MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.2013-03-03 – 14:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
    [MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.2006-11-02 – 03:51:30.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.2008-01-18 – 20:56:36.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.2006-11-02 – 04:03:00.) — C:Windowssystem32Driversrdpdr.sys [242688]
    [MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.2009-04-10 – 23:45:22.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.2009-04-10 – 23:45:56.) — C:Windowssystem32Driverstdx.sys [72192]
    [MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.2012-08-21 – 06:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/432
    ~ Mes musiques (My Musics) : 1/70
    ~ Mes Videos (My Videos) : 1/4
    ~ Mes Favoris (My Favorites) : 1/24
    ~ Mes Documents (My Documents) : 1/18
    ~ Mon Bureau (My Desktop) : 3/191
    ~ Menu demarrer (Programs) : 1/26
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.C7281D6A8649446A1EC22F8903438529] – (.Intel Corporation – hkcmd Module.) — C:WindowsSystem32hkcmd.exe [154136] [PID.2120]
    [MD5.939380CCFA97FC56E0EFB6B626CA752D] – (.Intel Corporation – persistence Module.) — C:WindowsSystem32igfxpers.exe [137752] [PID.2132]
    [MD5.F07DF80C2207810FA75CF6429ACAF9B1] – (.Sony Corporation – Pas de description.) — C:Program FilesSonyISB UtilityISBMgr.exe [311296] [PID.2224]
    [MD5.8FFCFE3351F51E19B856A2347E19B850] – (.Logitech Inc. – Logitech Webcam Software.) — C:Program FilesLogitechLWSWebcam SoftwareLWS.exe [205336] [PID.2288]
    [MD5.317FCC0A1F599A7B7ACCAF1C852561E5] – (.Vimicro – Vimicro.) — C:WindowsVM303_STI.exe [61440] [PID.2376]
    [MD5.D63797E8E7781EE1500A810CB6194FA6] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [253816] [PID.2544]
    [MD5.A9F9D081518AC03A51C1195986076F42] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [152392] [PID.3000]
    [MD5.76375D7763C9B56C0E96AE30F6160DFF] – (.Druide informatique inc. – AgentAntidote.) — C:Program FilesDruideAntidote 7Programmes32agentantidote.exe [600256] [PID.3376]
    [MD5.E1473471169EC64C57B49F9C984DFB1A] – (.Logitech Inc. – Logitech Vid.) — C:Program FilesLogitechLogitech VidVid.exe [5458704] [PID.3968]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:Windowssystem32wuauclt.exe [53784] [PID.4148]
    [MD5.DF63CAE3488D21AE83C74BED1C317732] – (.Intel Corporation – igfxsrvc Module.) — C:Windowssystem32igfxsrvc.exe [252440] [PID.3344]
    [MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [844752] [PID.272]
    [MD5.3DEBC4F06BA637D7EE7BB1A69AC79052] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8102912] [PID.5856]
    [MD5.6080A176D09435FC8E6E800996656E18] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.3324]
    [MD5.0A7F86657755ADA92C57E597BF5151F7] – (.Microsoft Corporation – Antimalware Service Executable.) — c:Program FilesMicrosoft Security ClientMsMpEng.exe [22208] [PID.1020]
    [MD5.927754ABF077AEB5504BE4E0F2C60C1B] – (.Logitech Inc. – Logitech User mode UMVPF service.) — C:Program FilesCommon FileslogishrdLVMVFMUMVPFSrv.exe [450848] [PID.1212]
    [MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1328]
    [MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] – (…) — C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe [124832] [PID.504]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2088]
    [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.2452]
    [MD5.F115AF58ABE5605D7D709CBFBD83F418] – (.Pas de propriétaire – nTitles PSIService.) — C:Windowssystem32PSIService.exe [177704] [PID.2788]
    [MD5.506B0B498216371D64ABB69145B70E4C] – (…) — C:Program FilesTortor.exe [3233806] [PID.2892]
    [MD5.8A9F18ADAD471402236CA931553BF79B] – (.Sony Corporation – VAIO Event Service (Service Module).) — C:Program FilesSonyVAIO Event ServiceVESMgr.exe [182392] [PID.2960]
    [MD5.4D6644132F26EF055A1F754B1C38C084] – (.Sony Corporation – VAIO Entertainment UPnP Client Adapter.) — C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe [274432] [PID.2980]
    [MD5.B0C84CEA4FE07231BA87A054AF95984D] – (.Sony Corporation – VAIO Event Service(Service Sub Module).) — C:Program FilesSonyVAIO Event ServiceVESMgrSub.exe [100472] [PID.3168]
    [MD5.065E37EC2654516BCDE0907B308CFAD9] – (.Intel Corporation – igfxext Module.) — C:Windowssystem32igfxext.exe [166424] [PID.3304]
    [MD5.15A317674A08DF26BE65164D959E9203] – (.Conexant Systems, Inc. – Modem Audio Service.) — C:Windowssystem32DRIVERSxaudio.exe [386560] [PID.3444]
    [MD5.2E785F4F92C4C67CEBB61DD55ED1F6A1] – (.Sony Corporation – VAIO Entertainment Database Service.) — C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe [192512] [PID.3556]
    [MD5.2D876CAD8C7FFB08179DFF361FF851E6] – (.Sony Corporation – VAIO Entertainment File Import Service.) — C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe [131072] [PID.3840]
    [MD5.605AC5F17669767C7A750314753CF8EB] – (.Sony Corporation – SPM Module.) — C:Program FilesSonyVAIO Power ManagementSPMgr.exe [921600] [PID.2188]
    [MD5.FE56897B27ED266F9C4E7D90A0B5DA47] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [553288] [PID.2812]
    [MD5.A1545B731579895D8CC44FC0481C1192] – (.Microsoft Corporation – Service de la passerelle de la couche Appli.) — C:WindowsSystem32alg.exe [59392] [PID.1468]
    [MD5.249D12488F9EE43B0D812C87335E0EF2] – (.Microsoft Corporation – Microsoft Network Realtime Inspection Servi.) — c:Program FilesMicrosoft Security ClientNisSrv.exe [295376] [PID.2448]
    ~ Processes Running: Scanned in 00mn 03s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersanthonyAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [adpkifcfcacgmnggcbpbjbkdijciiigm] Bejeweled v.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [ahkpomfjikkjnidanloinomgkfnagkoh] Juicy Truck Games v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [aidjhfmldjkmlimbifiokaokkbkpfjkb] Red Crucible 2 v.2.0.4 (Activé)
    G2 – GCE: Preference [User DataDefault] [ajkfgpbadkgkgdjdgkcechmpfdkmdjho] Supercar Racing v.1.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [beegfnmknkfjdnajgannnpiipandjpgo] Bow Master Japon v.1.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [cdflaplodblmnaapklbgemcljomliman] Crash Car Combat v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [cdgafbloileiohkildpoilliifegiijo] Police Pursuit v.3.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [cenghabdbpdbpgjjamkandgggaaiocbo] Brick Break v.1.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [clipkodmbobgeipjokdkbjnbijkkhmbm] Parking du Centre Commercial 3D v.1.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [cohkjfondhjjfehnehlpmjpljpihfhfc] Street Racers v.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [cpeikjapgbmncgiaijjfondlfflajnlb] Concours Tir u00E0 l'Arc Av.J-C (B.C. Bow Contest) v.1.1.17.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [dcfdbmpeeihbpddkneaploeinlbaaodn] Lara Croft and the Guardian of Light v.1.0.0.16 (Activé)
    G2 – GCE: Preference [User DataDefault] [dcpkjgdjjdcpjkanhpcjajnoliociigi] Infectonator 2 v.1.25.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [dfiolepojknoifmfmaooacpopandonoc] Mains dangereuses v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [djpbeidibgdgnhcgoamegepdcgmnlbaj] Puzzle & Skill Games v.1.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [dkahlmmbhmnojaligloglaabbacfjijk] X Speed Race v.1.4 (Activé)
    G2 – GCE: Preference [User DataDefault] [dkelcbhdkpcdiiancfjhjcpdinbbfolp] Solitaire Card Games v.1.0.0.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [dlompojmjagifbkkfchkkjlgdapphgbg] Diner Dash 2 v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [dnalbhgkcocoepphagnnlaiomnnngeln] Bomomo v.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [dnjkggjhcbohgnikmegjkodmakmimlkj] Word Search v.1.0.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [edcedccoiojocodcdnnicjgcnppijdmc] Suburban Road Racing v.1.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [eegbfdjgceebepnmgnmefipjgkoapagb] Car Games v.0.4 (Activé)
    G2 – GCE: Preference [User DataDefault] [egkdbighlkdcnhiffgacdlimoobhenpi] 3D Racing Games v.1.7 (Activé)
    G2 – GCE: Preference [User DataDefault] [ehehgijaidopomcfpkigakimeoglkjpa] Jewel Quest Deluxe v.1.0.17.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [eijmnijghjeefmjkpfhkeojppcpjckdc] 3D Shooting Games v.1.8 (Activé)
    G2 – GCE: Preference [User DataDefault] [enlhholpgabnfajcblcglijhianldmjj] bouteille de tournage v.1.0.9 (Activé)
    G2 – GCE: Preference [User DataDefault] [fhlchbdakpidmiikaddeffjfikaclbam] CINQ RAPIDE v.1.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [fojnkghiggpfagjciliabphpgnbmehjf] Productivity 3.1 v.2.3.3.3 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [gigpgfnabbnlmgljhkmhkbdgonpinbng] Motocross Madness montagne v.1.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [gjkgoneongcjgidecceapgdmibblfijp] pomme tournage v.1.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [glojkngcaeoenbcikfdicahjnaggkcbf] CandyDash v.9 (Activé)
    G2 – GCE: Preference [User DataDefault] [gniccccghhpnkijkfdoajaabnmbpmnko] Sand Trap v.1.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [gojagedhadegobocpaokaifiacjiolph] Air Hockey v.2.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [hclgbbaloijjnkpigapgmocdpoblnlec] u00C9quipe de tireur d'Élite v.1.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [hhepndnhfbdjmegechokkbabcphcihdi] Vgrabber1 v.2.3.19.11 (Désactivé) =>Toolbar.vGrabber
    G2 – GCE: Preference [User DataDefault] [hjjofhgnhekhkccpcnnloagmdpafifeo] TiltShiftMaker v.1.3.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [hkfdgjcfnjiageoifhnfbeilgoplgbon] Flick Headers Euro 2012 v.1.1.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [hmggblpgblcoomebaelghgmdgdeknmhg] Ozee v.1.0.7 (Activé)
    G2 – GCE: Preference [User DataDefault] [ibbhkjoamnfmpcilggihmfeebhienpea] Hot Shot Sniper v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [ibfamoapbmmmlknoopmmfofgladlinic] Crackle v.7.1.7 (Activé)
    G2 – GCE: Preference [User DataDefault] [iehjklkgijkjfcfmmjmjlmcccholamaf] MixiDJ V45 v.10.19.1.700, (Désactivé) =>Toolbar.MixiDJ
    G2 – GCE: Preference [User DataDefault] [ifbhccdddhenjmeamogpjhicnoffdood] Fou tournage v.1.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [ihhgbldfjlpideboblfbgkccmplmopbc] Sensr.net IP Camera Monitoring v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [ildlmpeellfodfagdkabiljcfeppncak] Racing Games v.0.1.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [jbacnfobpliffdmiickfhceamljbcnjf] Fruity Annie v.1.0.4 (Activé)
    G2 – GCE: Preference [User DataDefault] [jcjbcgfmgdinmcljnafppclcmckchoca] LEGO Star Wars – The Quest for R2-D2 v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [jhkhhpjhohechcaihlfieiikgijenaii] Unblock 2 v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [jjmglhglajnejdnihkcngheghkgpfign] Adam's Virtual Guitar v.2.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>Toolbar.Wajam
    G2 – GCE: Preference [User DataDefault] [kdnmjhfcpjlodekmgapneacdngggodjp] Vol San Francisco v.1.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [kgbhfjddokcaippnolmocdikbponhpkd] Formation Jeux Parking v.1.5 (Activé)
    G2 – GCE: Preference [User DataDefault] [klfneahoibjkdlonilmnkkncopeiomoc] American Racing v.1.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [koiigheakcgfhkijmpihjkngcnlkhbbd] Idées pour la maison v.0.0.0.7 (Activé)
    G2 – GCE: Preference [User DataDefault] [kpgpocafknpjmefoadkbaahobadhmhcf] Bow Master Japan v.1.0.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [lgmlohhjedlnljheklbjepdfikchfaoe] Graffiti Creator v.1.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [lighpcanjnomdcjmfficdanifpdmgmhp] fIRST lOVE v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [lldafiibepdkdipdddckjoamljcnjicl] Game Gems v.1.0.0.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [llojoebfpfheijcipgokjllohccfnkoo] 3D Galaxy Bowling v.1.0.7 (Activé)
    G2 – GCE: Preference [User DataDefault] [lnnipcmogacpldkmpanjmnjmccgdonol] Hitman Sniper Challenge v.1.0.0.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [loghiplmfdfhaccgoklgkmkobmknamkj] Sportbike Champion v.1.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [meklndaflopgghbomkdpofehonfclipi] Contract Killer v.1.1.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [mpalelnihbfcohbpniljacigfgjmpodb] Candy Crush Saga v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [mpdnbodlklpglokdnlgimdpkafighlbf] Cam Pad v.1.1.2.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [mpedbpkelbhcbkdaglillalioeeekbpb] WGT Golf Game v.45.0.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [ndaflanlochpiijbgjgofgmnbgmhgkmd] 3D Débloquer voiture v.1.0.5 (Activé)
    G2 – GCE: Preference [User DataDefault] [njgfhnajhpjmlbfpieplfnocnodbkcfh] Shuffler.fm v.0.0.0.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkdaebmimnhlmgpjoppmdeokffoahpan] Arcade Evolved v.6.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nlnoiomnnknlhopdjhjalnbnngfkhplc] Pro Kicker v.2.3.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [nnbdejkkjibfhmcimehcaaepdibpmooo] Diner Dash 3: Flo On The Go v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [ohpblkkbmfceapbolfogbfpkcjdlhonb] Where is the red v.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [okcmblenemndmonadbmepnbfpkhhiifm] Tirez Bouteille v.1.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [okehlnjpihomkdokiiafpejniofjaoom] Destroyer bombe 3D v.1.0.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [okmoaapooikinnfkllfodbdiiifdkaeo] X Speed Race v.1.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [onfiikpnknmpmlclcgcmfdnabaplpabp] Expert bombe v.1.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pniinickecbjegedmgagmgikbolfgaij] Spot The Differences! v.0.0.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [podpidhgbialcfbgdkaimpcnanhhomak] Renault Trucks Racing v.1.4 (Activé)
    ~ Google Browser: 107 Legitimates Filtered in 01mn 38s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    P2 – FPN: [HKLM] [@exent.com/npExentCtl,version=7.0.0.0] – (.Exent Technologies Ltd. – Exent® AOD Gecko Plugin.) — C:Program FilesFree Ride GamesnpExentCtl.dll
    P2 – FPN: [HKLM] [@flyordie.com/GamesPlugin] – (.Solware – FlyOrDie Games Plugin 1.0.1.) — C:Program FilesFlyordie Pluginnpfod.dll
    P2 – FPN: [HKLM] [@oberon-media.com/ONCAdapter] – (…) — C:Program FilesCommon FilesOberon MediaNCAdapter1.0.0.14npapicomadapter.dll (.not file.)
    P2 – FPN: [HKLM] [www.exent.com/GameTreatWidget] – (…) — C:Program FilesFree Ride GamesNPGameTreatPlugin.dll (.not file.)
    ~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.babylon.com” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.sonystyle.ca” onclick=”window.open(this.href);return false;
    ~ IE Browser: 9 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: MiniTool Power Data Recovery 6.8.lnk . (.MiniTool Solution Ltd. – Power Data Recovery is an all in one data r.) — C:Program FilesPowerDataRecoveryPowerDataRecovery.exe
    O4 – GSDesktop [Public]: More FREE games.lnk – Clé orpheline
    O4 – GSDesktop [Public]: Play Free Games.lnk . (.Exent Technologies Ltd. – EXETender Player.) — C:Program FilesFree Ride GamesGPlrLanc.exe
    O4 – GSQuickLaunch [anthony]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [anthony]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSQuickLaunch [anthony]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersanthonyAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSProgram [anthony]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSystemTools [anthony]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSDesktop [anthony]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSDesktop [anthony]: Play Diner Dash 2.lnk . (.Exent Technologies Ltd. – EXETender Player.) — C:Remote ProgramsDiner Dash 2GPlrLanc.exe http://www.freeridegames.com” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [anthony]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [anthony]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [anthony]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersanthonyAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Global Startup: 73 Legitimates Filtered in 00mn 09s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – HD Audio Control Panel.) — C:WindowsRtHDVCpl.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
    O4 – HKLM..Run: [ISBMgr.exe] . (.Sony Corporation – Pas de description.) — C:Program FilesSonyISB UtilityISBMgr.exe
    O4 – HKLM..Run: [Skytel] . (.Realtek Semiconductor Corp. – Realtek Voice Manager.) — C:WindowsSkytel.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [LWS] . (.Logitech Inc. – Logitech Webcam Software.) — C:Program FilesLogitechLWSWebcam SoftwareLWS.exe =>.Logitech Inc
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [BigDog303] . (.Vimicro – Vimicro.) — C:WindowsVM303_STI.exe
    O4 – HKLM..Run: [snpstd] . (.Pas de propriétaire – CameraMonitor MFC Application.) — C:Windowsvsnpstd.exe
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKLM..Run: [agentantidote.exe] . (.Druide informatique inc. – AgentAntidote.) — C:Program FilesDruideAntidote 7Programmes32agentantidote.exe
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [Logitech Vid] . (.Logitech Inc. – Logitech Vid.) — C:Program FilesLogitechLogitech Vidvid.exe
    O4 – HKCU..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersanthonyAppDataLocalFacebookUpdateFacebookUpdate.exe
    O4 – HKCU..Run: [Exetender] . (.Exent Technologies Ltd. – EXETender Player.) — C:Program FilesFree Ride GamesGPlayer.exe
    O4 – HKUSS-1-5-18..Run: [Exetender] . (.Exent Technologies Ltd. – EXETender Player.) — C:Program FilesFree Ride GamesGPlayer.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-19..Run: [Exetender] . (.Exent Technologies Ltd. – EXETender Player.) — C:Program FilesFree Ride GamesGPlayer.exe
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-20..Run: [Exetender] . (.Exent Technologies Ltd. – EXETender Player.) — C:Program FilesFree Ride GamesGPlayer.exe
    O4 – HKUSS-1-5-21-2542629729-494269980-674747862-1000..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2542629729-494269980-674747862-1000..Run: [Logitech Vid] . (.Logitech Inc. – Logitech Vid.) — C:Program FilesLogitechLogitech Vidvid.exe
    O4 – HKUSS-1-5-21-2542629729-494269980-674747862-1000..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-21-2542629729-494269980-674747862-1000..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersanthonyAppDataLocalFacebookUpdateFacebookUpdate.exe
    O4 – HKUSS-1-5-21-2542629729-494269980-674747862-1000..Run: [Exetender] . (.Exent Technologies Ltd. – EXETender Player.) — C:Program FilesFree Ride GamesGPlayer.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: Console Java (Sun) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} — Clé orpheline
    O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{0BCACC1E-4E23-423D-9C33-C38FE7A8B64C}: DhcpNameServer = 192.168.0.1
    O17 – HKLMSystemCCSServicesTcpip..{2C10B10E-4A2F-43FA-BF9D-3EDDAB50562A}: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
    O17 – HKLMSystemCS1ServicesTcpip..{0BCACC1E-4E23-423D-9C33-C38FE7A8B64C}: DhcpNameServer = 192.168.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{2C10B10E-4A2F-43FA-BF9D-3EDDAB50562A}: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
    O17 – HKLMSystemCS3ServicesTcpip..{0BCACC1E-4E23-423D-9C33-C38FE7A8B64C}: DhcpNameServer = 192.168.0.1
    O17 – HKLMSystemCS3ServicesTcpip..{2C10B10E-4A2F-43FA-BF9D-3EDDAB50562A}: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 72.0.240.16 72.0.240.17 72.0.240.110
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    O20 – Winlogon Notify: VESWinlogon . (.Sony Corporation – VAIO Event Service (Winlogon Notification M.) — C:WindowsSystem32VESWinlogon.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l'interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Tor Win32 Service (tor) . (…) – C:Program FilesTortor.exe
    O23 – Service: XAudioService (XAudioService) . (.Conexant Systems, Inc. – Modem Audio Service.) – C:WindowsSystem32DRIVERSxaudio.exe
    ~ Services: 12 Legitimates Filtered in 00mn 05s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (SsiEfr.exe) – File not found
    ~ BEX: 2 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution
    [HKCUSoftwareConduit] =>Toolbar.Conduit
    [HKCUSoftwareDataMngr] =>PUP.Datamngr
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwared6dedae56feb46]
    [HKLMSoftware20602 EasyCam Pro]
    [HKLMSoftware685D6D1C-D73A-4F37-B7E5E53660311DDB]
    [HKLMSoftwareBabylon] =>Toolbar.Babylon
    [HKLMSoftwareConduit] =>Toolbar.Conduit
    [HKLMSoftwareDataMngr] =>PUP.Datamngr
    [HKLMSoftwareTarma Installer] =>PUP.Tarma
    ~ Key Software: 160 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 2013-08-27 – 17:20:16 – [0,609] —-D C:Program FilesConduit
    O43 – CFD: 2013-08-27 – 17:22:07 – [0,024] —-D C:Program FilesMixiDJ_V45 =>Toolbar.MixiDJ
    O43 – CFD: 2013-08-29 – 18:59:35 – [0,005] —-D C:Program FilesWajam =>Toolbar.Wajam
    O43 – CFD: 2012-07-08 – 20:22:22 – [0] —-D C:ProgramDataBabylon =>Toolbar.Babylon
    O43 – CFD: 2012-10-22 – 17:55:56 – [0,281] —-D C:ProgramDataTarma Installer =>PUP.Tarma
    O43 – CFD: 2012-07-08 – 20:22:22 – [0,020] —-D C:UsersanthonyAppDataRoamingBabylon =>Toolbar.Babylon
    O43 – CFD: 2013-06-15 – 11:16:00 – [0,308] —-D C:UsersanthonyAppDataRoamingFile Scout
    O43 – CFD: 2013-08-27 – 17:22:04 – [0] —-D C:UsersanthonyAppDataLocalConduit
    O43 – CFD: 2013-08-27 – 17:19:18 – [0,054] —-D C:UsersanthonyAppDataLocalWajam =>Toolbar.Wajam
    ~ Program Folder: 165 Legitimates Filtered in 00mn 23s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.95ED99C00CEF28788021B23B93A8E3A7] – 2013-10-12 – 16:26:36 —A- . (…) — C:WindowsSystem32lvcoinst.log [6645]
    O44 – LFC:[MD5.1055107A27CF5C0A01BC6A355FC5F27C] – 2013-10-13 – 12:46:26


    . (…) — C:UsbFix [Clean 2] PC-DE-ANTHONY.txt [9947]
    O44 – LFC:[MD5.9BA227F304BDADBCF95AC37048164171] – 2013-10-13 – 13:04:17


    . (…) — C:UsbFix [Clean 4] PC-DE-ANTHONY.txt [7315]
    O44 – LFC:[MD5.769502FC3FB10D14E1DDD2145B5C826B] – 2013-10-13 – 13:16:02


    . (…) — C:UsbFix [Scan 1] PC-DE-ANTHONY.txt [7263]
    O44 – LFC:[MD5.71EE8EFC5FEFCEB6FD38139F63227FE5] – 2013-10-13 – 13:30:30


    . (…) — C:UsbFix [Clean 5] PC-DE-ANTHONY.txt [7325]
    O44 – LFC:[MD5.6977F44E72F43FAC54F775FBA11F1662] – 2013-10-13 – 13:54:32 —A- . (…) — C:UsbFix [Clean 6] PC-DE-ANTHONY.txt [7403]
    O44 – LFC:[MD5.57898047AB22283486557A5ADC1C85BC] – 2013-10-13 – 16:57:26 —A- . (…) — C:UsbFix [Scan 2] PC-DE-ANTHONY.txt [6879]
    ~ Files: 59 Legitimates Filtered in 00mn 11s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.4B3CCF3F6569C473161F9A17B3C48F65] – 2013-10-18 – 18:08:26 —A- – C:WindowsPrefetch30.0.1599.101_30.0.1599.69_CH-260766D3.pf
    ~ Prefetcher: 70 Legitimates Filtered in 00mn 01s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] – 2006-11-02 – 04:51:34 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [316520]
    O58 – SDL:[MD5.5E55C8C6BB1CFCFBBE0E5F678E4D296E] – 2012-08-25 – 14:30:27 RSH– . (…) — C:WindowsSystem324219614437.sys [88]
    ~ Drivers: 16 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 2013-10-19 – 18:07:07 —A- . (…) — C:UsersanthonyAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [257451]
    O61 – LFC: 2013-10-19 – 18:08:01 —A- . (…) — C:UsersanthonyAppDataLocalGoogleChromeUser DataLocal State [55283]
    O61 – LFC: 2013-10-19 – 18:09:26 —A- . (…) — C:UsersanthonyAppDataRoamingZHPLog.txt [19336] =>.Nicolas Coolman
    O61 – LFC: 2013-10-19 – 18:09:26 —A- . (…) — C:UsersanthonyAppDataRoamingZHPTestsZHPDiag.txt [2872] =>.Nicolas Coolman
    ~ 13 Fichiers temporaires (Temporary files)
    ~ Files: 110 Legitimates Filtered in 02mn 47s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 2012-08-02 – C:Program FilesFree Ride GamesX6XSEx_Pr143.sys (X6XSEx_Pr143) .(.Exent Technologies Ltd. – X6XSEx Kernel Mode Driver.) – LEGACY_X6XSEX_PR143
    ~ Legacy: 73 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – () – http://search.babylon.com” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Search the web (Babylon)) – http://search.babylon.com” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    O69 – SBI: SearchScopes [HKCU] {1084EAFE-BCFD-4EA3-A937-87F47C74FB4C} – (Google Search) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {A531D99C-5A22-449b-83DA-872725C6D0ED} – (ALOT Search) – http://search.alot.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} – (Vgrabber1 Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false; =>Toolbar.vGrabber
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:UsersanthonyAppDataRoaminguTorrentmicrosoft office 2010 keygen.rar.torrent =>P2P.µTorrent
    C:UsersanthonyAppDataRoaminguTorrentmicrosoft office 2010 keygen.rar.torrent =>P2P.µTorrent
    ~ Files: Scanned in 00mn 12s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.416E6664BDB8FA7DDDB6F474CC2B21D2] [SPRF][2013-07-19] (…) — C:UsersanthonyAppDataLocald3d9caps.dat [680]
    [MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][2013-02-21] (.FLVMPlayer – FLV Media Player Setup.) — C:UsersanthonyDesktopFLVMPlayer.exe [4953944]
    [MD5.8334A2873C688C1511F5078CFF90C484] [SPRF][2012-09-04] (.Pokki – Instagrille for Pokki Setup Program.) — C:UsersanthonyDesktopPokki-InstagrilleSetup.exe [766800]
    ~ Files: 5 Legitimates Filtered in 00mn 00s

    —\ Export de clés de registre aléatoires (O91)
    [HKCUSoftwared6dedae56feb462.6.1339.144upd]:=”upd=1″
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid=”{16cdff19-861d-48e3-a751-d99a27784753}”
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version=”2.3.796.11″
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid=”{16cdff19-861d-48e3-a751-d99a27784753}”
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:version=”2.6.1123.78″
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:guid=”{16cdff19-861d-48e3-a751-d99a27784753}”
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:version=”2.6.1125.80″
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:guid=”{16cdff19-861d-48e3-a751-d99a27784753}”
    [HKCUSoftwared6dedae56feb46history{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:version=”2.6.1249.132″
    [HKCUSoftwared6dedae56feb46] =>Toolbar.Babylon^
    ~ Export Key Software: Scanned in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.3F7FC8AD897DF981A11B567DF5FFF42A] [WIS][2013-03-06] (.Skype Technologies S.A. – Skype.) — C:WindowsInstaller6553a1.msi [1638912]
    ~ WIS: 109 Legitimates Filtered in 00mn 12s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 2007-09-10 124832 | (AdobeActiveFileMonitor6.0) . (…) – C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
    SR – | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Demand 2011-09-17 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Auto 2011-10-11 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 2011-10-11 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 2005-11-14 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
    SR – | Demand 2013-05-31 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SS – | Demand 2006-12-14 45056 | (MSCSPTISRV) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
    SS – | Demand 2006-12-14 57344 | (PACSPTISVR) . (…) – C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
    SR – | Auto 2007-06-05 177704 | (ProtexisLicensing) . (…) – C:Windowssystem32PSIService.exe
    SS – | Auto 2013-02-07 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SS – | Demand 2006-12-14 69632 | (SPTISRV) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
    SR – | Auto 2013-08-29 3233806 | (tor) . (…) – C:Program FilesTortor.exe
    SR – | Auto 2011-08-19 450848 | (UMVPFSrv) . (.Logitech Inc..) – C:Program FilesCommon FileslogishrdLVMVFMUMVPFSrv.exe
    SS – | Demand 2007-06-28 73728 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCsVzHardwareResourceManagerVzHardwareResourceManager.exe
    SR – | Auto 2007-08-14 182392 | (VAIO Event Service) . (.Sony Corporation.) – C:Program FilesSonyVAIO Event ServiceVESMgr.exe
    SS – | Demand 2007-06-20 2523136 | (VAIOMediaPlatform-IntegratedServer-AppServer) . (.Sony Corporation.) – C:Program FilesSonyVAIO Media Integrated ServerVMISrv.exe
    SS – | Demand 2007-06-20 397312 | (VAIOMediaPlatform-IntegratedServer-HTTP) . (.Sony Corporation.) – C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
    SS – | Demand 2007-06-20 1089536 | (VAIOMediaPlatform-IntegratedServer-UPnP) . (.Sony Corporation.) – C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
    SS – | Demand 2007-06-20 499712 | (VAIOMediaPlatform-Mobile-Gateway) . (.Sony Corporation.) – C:Program FilesSonyVAIO Media Integrated ServerPlatformVmGateway.exe
    SS – | Demand 2007-01-10 745472 | (VAIOMediaPlatform-UCLS-AppServer) . (.Sony Corporation.) – C:Program FilesSonyVAIO Media Integrated ServerUCLS.exe
    SS – | Demand 2007-06-20 397312 | (VAIOMediaPlatform-UCLS-HTTP) . (.Sony Corporation.) – C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
    SS – | Demand 2007-06-20 1089536 | (VAIOMediaPlatform-UCLS-UPnP) . (.Sony Corporation.) – C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
    SS – | Demand 2007-09-28 292128 | (VcmIAlzMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
    SS – | Demand 2007-09-20 79136 | (VcmXmlIfHelper) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper.exe
    SR – | Demand 2007-06-28 274432 | (Vcsw) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
    SR – | Auto 2007-08-28 192512 | (VzCdbSvc) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
    SR – | Auto 2007-08-28 131072 | (VzFw) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe
    SS – | Auto 2008-01-18 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 2008-01-18 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 2007-09-19 386560 | (XAudioService) . (.Conexant Systems, Inc..) – C:WindowsSystem32DRIVERSxaudio.exe
    ~ Services: Scanned in 00mn 15s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    ~ MBR: 1 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by anthony at 2013-10-19 18:10:26

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 12949 – (2013-10-18)
    Clés trouvées (Keys found) : 28
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 15
    Fichiers trouvés (Files found) : 8

    [HKLMSoftwareGoogleChromeExtensionshhepndnhfbdjmegechokkbabcphcihdi] =>Toolbar.vGrabber^
    [HKLMSoftwareGoogleChromeExtensionsiehjklkgijkjfcfmmjmjlmcccholamaf] =>Toolbar.MixiDJ^
    [HKLMSoftwareGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam^
    [HKLMSoftwareClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
    [HKLMSoftwareClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
    [HKLMSoftwareClassesCLSID{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] =>Adware.CometSystems
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
    [HKLMSoftwareClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A531D99C-5A22-449b-83DA-872725C6D0ED}] =>Adware.CometSystems
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKLMSoftwareClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKLMSoftwareClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheAVG Secure Search] =>Toolbar.AVGSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheBabylonToolbar] =>Toolbar.Babylon
    [HKCUSoftwareAppDataLowSoftwareConduitSearchScopes] =>Toolbar.Conduit
    [HKCUSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareDataMngr] =>Adware.Bandoo
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKLMSoftwareTarma Installer] =>PUP.Tarma
    [HKLMSoftwareClassesProd.cap] =>Toolbar.Babylon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheDelta] =>Toolbar.DeltaSearch
    [HKLMSoftwareClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
    [HKLMSoftwareClassesToolbar.CT3131886] =>Toolbar.Conduit
    C:Program FilesMixiDJ_V45 =>Toolbar.MixiDJ^
    C:Program FilesWajam =>Toolbar.Wajam^
    C:ProgramDataBabylon =>Toolbar.Babylon^
    C:ProgramDataTarma Installer =>PUP.Tarma^
    C:UsersanthonyAppDataRoamingBabylon =>Toolbar.Babylon^
    C:UsersanthonyAppDataLocalWajam =>Toolbar.Wajam^
    C:Program FilesConduit =>Toolbar.Conduit
    C:Program FilesSearchProtect =>Toolbar.Conduit
    C:Program FilesWebplayerToolbar =>Toolbar.Webplayer
    C:Program FilesCommon FilesAVG Secure Search =>Toolbar.AVGSearch
    C:UsersanthonyAppDataRoamingSearchProtect =>Toolbar.Conduit
    C:UsersanthonyAppDataRoamingWebPlayerBdd =>Adware.SocialSkinz
    C:UsersanthonyAppDataLocalConduit =>Toolbar.Conduit
    C:UsersanthonyAppDataLocalLowBabylonToolbar =>Toolbar.Babylon
    C:UsersanthonyAppDataLocalLowConduit =>Toolbar.Conduit
    C:UsersanthonyAppDataLocalGoogleChromeUser DataDefaultExtensionshhepndnhfbdjmegechokkbabcphcihdi =>Toolbar.vGrabber^
    C:UsersanthonyAppDataLocalGoogleChromeUser DataDefaultExtensionsiehjklkgijkjfcfmmjmjlmcccholamaf =>Toolbar.MixiDJ^
    C:UsersanthonyAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam^
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKCUSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareBabylon] =>Toolbar.Babylon^
    [HKLMSoftwareConduit] =>Toolbar.Conduit^
    [HKCUSoftwared6dedae56feb46] =>Toolbar.Babylon^^
    ~ Additionnel Scan: 294979 Items scanned in 00mn 27s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber” onclick=”window.open(this.href);return false; =>Toolbar.vGrabber
    ~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam” onclick=”window.open(this.href);return false; =>Toolbar.Wajam
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade” onclick=”window.open(this.href);return false; =>Adware.iWinArcade
    ~ http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo” onclick=”window.open(this.href);return false; =>Adware.Yontoo
    ~ http://nicolascoolman.webs.com/apps/blog/show/26664342-adware-comet” onclick=”window.open(this.href);return false; =>Adware.Comet
    ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits” onclick=”window.open(this.href);return false; =>PUP.ToparcadeHits
    ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz” onclick=”window.open(this.href);return false; =>Adware.SocialSkinz
    ~ MSI: 15 link(s) detected in 00mn 27s

    ~ 1242 Legitimates filtered by white list
    End of the scan (678 lines in 07mn 11s)(2)[/spoiler:2wxfetcg]

  • H.A.W.X
    Participant
    Post count: 1704

    Bonsoir,

    car tu lances ZHPFix est non ZHPDiag ! ;)

  • misspamy
    Participant
    Post count: 9

    Je ne suis pas capable de lancer le diagnostic surZHPdiac, lorsque je clique sur configurer la loupe n”est pas la voici ce qui apparait : https://antimalware.top/5L

  • misspamy
    Participant
    Post count: 9

    Ma Clé ne veut pas se formater, je ne peux pas cliquer sur le bouton démarrer.

  • Anonyme
    Post count: 0

    bah vu que tu as réussi à restaurer les fichiers, sauvergade les ailleurs que sur ta clé puis formate la

    ensuite :

    Nous allons éffectuer un diagnostic de ton ordinateur afin de voir si ton pc contient d’autres types d’infection ou pas.

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  • misspamy
    Participant
    Post count: 9

    Woow, un gros merci à toi! :merci2: :bravo1:

    j’ai retrouver mes fichiers! :D :D

    Je voulais aussi savoir si ma clé USb étais encore bonne ou si le problème allais encore se reproduire ?

  • Anonyme
    Post count: 0

    J’espère qu’il y en a une .

    Télécharge ce programme : http://download.cnet.com/MiniTool-Power-Data-Recovery-Free-Edition/3000-2094_4-10561431.html” onclick=”window.open(this.href);return false; et analyse ta clé avec, voir si il trouve tes fichiers mais dans le bon format. Si c’est la cas, tente de les restaurer

  • misspamy
    Participant
    Post count: 9

    y-a-t-il quelque chose que je peux faire pour récupérer mes fichiers..

  • misspamy
    Participant
    Post count: 9

    Non je n’en ai malheureusment aucune copie…

  • Anonyme
    Post count: 0

    Re,

    Le problème est que la cause de ton soucis n’est pas un “virus” mais à priori un soucis matériel. Tu n’as aucune copies des fichiers présents sur cette clé ?

  • misspamy
    Participant
    Post count: 9

    Je t’ai envoyer une photo de ce qu”ils est écrit après avoir fais cela. Mais ma clé USB est rester comme elle étaitéé :unhappy:

  • Anonyme
    Post count: 0

    Hello ,

    Va dans menu démarrer -> ordinateur.
    Fait un clic droit sur le disque G , choisi Propriété.

    Dans la fenêtre qui s’ouvre, va sur l’onglet Outils, clic ensuite sur Vérifier :

    Dis moi ce que ça donne stp.

  • misspamy
    Participant
    Post count: 9

    Parfait, merci beaucoup!!

  • H.A.W.X
    Participant
    Post count: 1704

    Bonsoir,

    C’est bien ce que je craignais au vu du nom de la clé connecté au PC sur le rapport de UsbFix :(

    Tu n’auras la réponse que demain car la il faut attendre les développeurs qui eux pourront faire le nécessaire ! (Mais la ils dorment)

    On ne te laisse pas tombé ne t’inquiète pas ! ;)

  • misspamy
    Participant
    Post count: 9

    oui je l’avais bien brancher pendant le scan…je pourrais le refaire pour vérifier! et non mon problème n’est malheureusement pas réglé.. :unhappy:
    J’ai fait une capture de ce qui apparait sur ma clé USB. :

    J’espère que cela pourra t’aider..
    merci

  • H.A.W.X
    Participant
    Post count: 1704

    Bonsoir et bienvenue ici :)

    As tu toujours ton soucis ? Il n’y a aucun élément infectieux dans ton rapport :shame:

    Avais tu bien branchée la clé infectieuse dans le PC pendant le scan ?

    Peux tu nous faire un imprim écran des fichiers présents sur ta clé USB ?

    Bonne soirée ;)

  • misspamy
    Participant
    Post count: 9

    J’ai essayer de faire la suppression ,mais rendu a 93% une fenêtre apparait et lorsque je quiite sur OK, tout ferme.
    J’ai lu sur un forum et ils ont dit de lancer la recherche avant et de le poster.
    Aidez-moi s.v.p. je dois absolument récépérer mes fichier!!!

    [spoiler:30cvu5c0]############################## | UsbFix V 7.144 | [Recherche]

    Utilisateur: anthony (Administrateur) # PC-DE-ANTHONY
    Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 14:12:59 | 13/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Sony Corporation (VAIO)
    CPU: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
    RAM -> [Total : 2038 | Free : 883]
    Bios: Phoenix Technologies LTD
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
    WB: Windows Internet Explorer 9.0.8112.16421

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 177 Go (117 Go libre(s) – 66%) [pc-de pammy] # NTFS
    F: -> CD-ROM
    G: -> Disque amovible # 8 Go (5 Go libre(s) – 68%) [< }F)¡« å_µ] # FAT32 ################## | Processus Actif | C:Windowssystem32csrss.exe (ID 580 |ParentID 568)
    C:Windowssystem32wininit.exe (ID 624 |ParentID 568)
    C:Windowssystem32csrss.exe (ID 636 |ParentID 616)
    C:Windowssystem32services.exe (ID 676 |ParentID 624)
    C:Windowssystem32lsass.exe (ID 688 |ParentID 624)
    C:Windowssystem32lsm.exe (ID 716 |ParentID 624)
    C:Windowssystem32winlogon.exe (ID 732 |ParentID 616)
    C:Windowssystem32svchost.exe (ID 884 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 944 |ParentID 676)
    c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 980 |ParentID 676)
    C:WindowsSystem32svchost.exe (ID 1176 |ParentID 676)
    C:WindowsSystem32svchost.exe (ID 1204 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1216 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1332 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1456 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1568 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1844 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1928 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1288 |ParentID 676)
    C:WindowsSystem32svchost.exe (ID 2208 |ParentID 676)
    C:Windowssystem32Dwm.exe (ID 3588 |ParentID 1204)
    C:WindowsExplorer.EXE (ID 3668 |ParentID 3532)
    C:Windowssystem32wbemunsecapp.exe (ID 1044 |ParentID 884)
    C:Windowssystem32wbemwmiprvse.exe (ID 1104 |ParentID 884)
    c:Program FilesMicrosoft Security ClientNisSrv.exe (ID 1688 |ParentID 676)
    C:Windowssystem32svchost.exe (ID 1292 |ParentID 676)
    C:Windowssystem32wbemwmiprvse.exe (ID 3352 |ParentID 884)
    C:WindowsSystem32WUDFHost.exe (ID 4104 |ParentID 1204)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 616 |ParentID 676)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 4980 |ParentID 616)
    C:Windowssystem32wuauclt.exe (ID 276 |ParentID 1216)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID 4724 |ParentID 676)
    C:Windowssystem32SearchIndexer.exe (ID 5372 |ParentID 676)
    C:Windowssystem32taskeng.exe (ID 3872 |ParentID 1216)
    C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 4060 |ParentID 676)
    C:WindowsSystem32spoolsv.exe (ID 2272 |ParentID 676)
    C:Windowssystem32taskeng.exe (ID 2344 |ParentID 1216)
    C:WindowsSystem32alg.exe (ID 5432 |ParentID 676)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID 6072 |ParentID 3668)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID 5496 |ParentID 6072)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID 6128 |ParentID 6072)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID 548 |ParentID 6072)
    C:Windowssystem32SLsvc.exe (ID 3064 |ParentID 676)
    C:Program FilesWindows Media Playerwmpnscfg.exe (ID 3692 |ParentID 3668)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID 316 |ParentID 6072)
    C:UsbFixGo.exe (ID 2756 |ParentID 5304)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Windows Defender] – “C:Program FilesWindows DefenderMSASCui.exe” -hide
    HKLMSOFTWARE | Run : [RtHDVCpl] – RtHDVCpl.exe
    HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
    HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
    HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [ISBMgr.exe] – “C:Program FilesSonyISB UtilityISBMgr.exe”
    HKLMSOFTWARE | Run : [Skytel] – Skytel.exe
    HKLMSOFTWARE | Run : [LWS] – C:Program FilesLogitechLWSWebcam SoftwareLWS.exe -hide
    HKLMSOFTWARE | Run : [MSC] – “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    HKLMSOFTWARE | Run : [BigDog303] – C:WindowsVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    HKLMSOFTWARE | Run : [snpstd] – C:Windowsvsnpstd.exe
    HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
    HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
    HKLMSOFTWARE | Run : [agentantidote.exe] – “C:Program FilesDruideAntidote 7Programmes32agentantidote.exe” /LancementSession
    HKLMSOFTWARE | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKUS-1-5-19SOFTWARE | Run : [Exetender] – “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKUS-1-5-20SOFTWARE | Run : [Exetender] – “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup
    HKUS-1-5-21-2542629729-494269980-674747862-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    HKUS-1-5-21-2542629729-494269980-674747862-1000SOFTWARE | Run : [Logitech Vid] – “C:Program FilesLogitechLogitech Vidvid.exe” -bootmode
    HKUS-1-5-21-2542629729-494269980-674747862-1000SOFTWARE | Run : [WindowsWelcomeCenter] – “rundll32.exe” oobefldr.dll,ShowWelcomeCenter
    HKUS-1-5-21-2542629729-494269980-674747862-1000SOFTWARE | Run : [Facebook Update] – “C:UsersanthonyAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-21-2542629729-494269980-674747862-1000SOFTWARE | Run : [Exetender] – “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup
    HKUS-1-5-18SOFTWARE | Run : [Exetender] – “C:Program FilesFree Ride GamesGPlayer.exe” /runonstartup

    ################## | Éléments infectieux |

    ################## | Registre |

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:30cvu5c0]

Le sujet ‘Suppression impossible USB fix’ est fermé à de nouvelles réponses.