nicoferra

Voila Rapport de ZHPFix 2013.7.20.5 par Nicolas Coolman, Update du 20/07/2013 Fichier d'export Registre : Run by Ghislaine at 11/08/2013 17:30:28 High Elevated Privileges : OK Windows XP Professional Service Pack 3 (Build 2600) Corbeille vidée ========== Processus mémoire ========== SUPPRIME Memory Process: C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0202}\ToolbarIcon.exe ========== Clé(s) du Registre ========== SUPPRIME Key: StartupReg: cacaoweb ABSENT Key: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb SUPPRIME Key: CLSID BHO: {41564952-412D-5637-00A7-7A786E7484D7} SUPPRIME Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}] SUPPRIME Key: \Software\Classes\Installer\Products\\25946514D2147365007A7A857BC02020 SUPPRIME Key: \Software\Classes\Installer\Features\25946514D2147365007A7A857BC02020 ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} ========== Valeur(s) du Registre ========== SUPPRIME AAKE KeyValue: C:\Program Files\cacaoweb\cacaoweb.exe SUPPRIME Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} ABSENT [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} SUPPRIME FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (SP) : %windir%\system32\sessmgr.exe SUPPRIME FirewallRaz (SP) : C:\Program Files\Steam\Steam.exe SUPPRIME FirewallRaz (SP) : C:\Documents and Settings\PAOLO\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe SUPPRIME FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (DP) : %windir%\system32\sessmgr.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Dossier(s) ========== Aucun dossiers CLSID Local utilisateur vide ========== Fichier(s) ========== ABSENT File: c:\program files\cacaoweb\cacaoweb.exe ABSENT File: c:\documents and settings\ghislaine\menu démarrer\programmes\favoris bluetooth.lnk SUPPRIME File: c:\windows\wmsetup.log ABSENT File: c:\program files\askpartnernetwork\toolbar\avira-v7\passport.dll SUPPRIME File: C:\Windows\Installer\2f5c79.msi ABSENT Folder/File: c:\program files\askpartnernetwork\toolbar\avira-v7\passport.dll SUPPRIME File*: c:\windows\installer\{41564952-412d-5637-00a7-a758b70c0202}\toolbaricon.exe ABSENT Folder/File: c:\windows\installer\2f5c79.msi SUPPRIME Temporaires Windows ========== Restauration Système ========== Point de restauration du système créé avec succès ========== Récapitulatif ========== 1 : Processus mémoire 7 : Clé(s) du Registre 10 : Valeur(s) du Registre 1 : Dossier(s) 9 : Fichier(s) 1 : Restauration Système End of clean in 00mn 11s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 11/08/2013 17:30:29 [2862]

Voici l'ensemble des rapportse dans l'ordre © CJoint.com, 2012 © CJoint.com, 2012 © CJoint.com, 2012 © CJoint.com, 2012 © CJoint.com, 2012

Bonjour à tous J'ai un rapport Zdiag qui m'indique pas mal de malware Voici le rapport : © CJoint.com, 2012 Merci pour votre aide

Bonjour, ZHPDiag m'indique une infection malwares. Je vous remercie pour votre aide Voici le rapport : © CJoint.com, 2012

Le rapport ZHPFIx : Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-09-05-2013-23-58-05.txt Run by nico at 09/05/2013 23:58:04 High Elevated Privileges : OK Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601) Corbeille vidée ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\OB.exe SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\uninst1.exe SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\UpdateCheckerSetup.exe SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.0 SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.1 SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.2 SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.3 SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.4 SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.5 SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.6 SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.7 ========== Clé(s) du Registre ========== SUPPRIME Key: HKCU\Software\BI SUPPRIME Key: HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32 SUPPRIME Key: HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller ========== Valeur(s) du Registre ========== SUPPRIME RunValue: SDP ABSENT RunValue: SDP ABSENT TCP Query User{B2DC5203-1FA9-4827-A767-F13DB79F29E4}C:/users/nico/appdata/roaming/cacaoweb/cacaoweb.exe ABSENT UDP Query User{2BA3A5DF-058A-4E1B-8894-E4EDC28D4F43}C:/users/nico/appdata/roaming/cacaoweb/cacaoweb.exe ABSENT [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:SDP ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (Private) : TCP Query User{B2DC5203-1FA9-4827-A767-F13DB79F29E4}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe SUPPRIME FirewallRaz (Private) : UDP Query User{2BA3A5DF-058A-4E1B-8894-E4EDC28D4F43}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe ========== Dossier(s) ========== SUPPRIME Folder: C:\Users\nico\AppData\Local\Savings Wave SUPPRIME Folder: c:\users\nico\appdata\local\bundled software uninstaller SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Fichier(s) ========== ABSENT File: c:\program files\filesfrog update checker\update_checker.exe SUPPRIME File: c:\users\nico\desktop\check for updates.lnk SUPPRIME File*: c:\users\nico\appdata\local\temp\ob.exe SUPPRIME File*: c:\users\nico\appdata\local\temp\uninst1.exe SUPPRIME File*: c:\users\nico\appdata\local\temp\updatecheckersetup.exe ABSENT Folder/File: c:\users\nico\appdata\local\savings wave ABSENT Folder/File: c:\users\nico\appdata\local\temp\ob.exe ABSENT Folder/File: c:\users\nico\appdata\local\temp\uninst1.exe SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.0 SUPPRIME File*: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.1 SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.2 SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.3 SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.4 SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.5 SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.6 SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.7 ABSENT Folder/File: c:\users\nico\appdata\local\temp\updatecheckersetup.exe SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Récapitulatif ========== 11 : Processus mémoire 4 : Clé(s) du Registre 9 : Valeur(s) du Registre 4 : Dossier(s) 19 : Fichier(s) End of clean in 00mn 05s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 02/04/2013 18:01:09 [7240] C:\ZHP\ZHPFix[R2].txt - 09/05/2013 23:58:05 [4031]

Voici le dernier rapport : © CJoint.com, 2012 Apparemment j'ai toujours des malwares d'après ZEB HELP PROCESS

Merci pour ton aide Apollo, Voici les rapports dans l'ordre demandé : © CJoint.com, 2012 © CJoint.com, 2012 © CJoint.com, 2012 © CJoint.com, 2012

Bonjour, J'ai un rapport ZHP Diag pas jolie jolie ! Merci pour votre aide. Rapport de ZHPDiag v2013.5.8.70 par Nicolas Coolman, Update du 07/05/2013 Run by nico at 09/05/2013 12:36:56 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v8.0.7601.17514 MFIE: Mozilla Firefox 20.0.1 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : K678W Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Avira Free Antivirus v13.0.0.2678 Windows Defender W7 ---\\ System Optimizer ---\\ Peer To Peer (P2P) eMule ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader 9.5.4 - Français Java 7 Update 17 ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3326 MB (62% free) System Restore: Activé (Enable) System drive C: has 102 GB (52%) free of 195 GB ---\\ Logged in mode ~ Computer Name: FERRARIS-PC ~ User Name: nico ~ All Users Names: Sonos, nico, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\nico\AppData\Roaming\ ~ %Desktop% : C:\Users\nico\Desktop\ ~ %Favorites% : C:\Users\nico\Favorites\ ~ %LocalAppData% : C:\Users\nico\AppData\Local\ ~ %StartMenu% : C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 102 Go of 195 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 71 Go of 401 Go) E:\ CD-ROM drive (Free 0 Go of 7 Go) G:\ CD-ROM drive (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Free 9 Go of 15 Go) ---\\ Security Center & Tools Informations ~ Security Center: 34 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.C3D43E21FA49657BC1645E9D745656C6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 05:58:26.) -- C:\Windows\System32\wininet.dll [981504] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/776 ~ Mes musiques (My Musics) : 1/675 ~ Mes Videos (My Videos) : 2/8 ~ Mes Favoris (My Favorites) : 1/29 ~ Mes Documents (My Documents) : 1/506 ~ Mon Bureau (My Desktop) : 2/1863 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 02s ---\\ Processus lancés [MD5.A74AC411798DA32CFC655A9A9F2EB74A] - (...) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168] [PID.1944] =>Toolbar.Babylon [MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.2572] [MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.2580] [MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152544] [PID.2628] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.2652] [MD5.DCBAE6E09552EFFCA9B78B5184D49D12] - (...) -- C:\Users\nico\AppData\Roaming\cacaoweb\cacaoweb.exe [451072] [PID.2660] =>PUP.CacaoWeb [MD5.9B8B01150C02F965289BD8856757412A] - (.Michel Krämer - Spamihilator.) -- C:\Program Files\Spamihilator\spamihilator.exe [2024960] [PID.2668] [MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.2844] [MD5.74EF310FAC89341CE2897B7F2C4A7B0F] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [65536] [PID.3016] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.1068] [MD5.899E8C9723A2EEF9D977A86C07561682] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7254016] [PID.8172] [MD5.8B4D4F514D330759468E35E35299487C] - (.Avira Operations GmbH & Co. KG - Avira Updater remote GUI.) -- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe [46960] [PID.6316] [MD5.5FE81700B1C45E6AE9727DFD6EBF8DF7] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [172032] [PID.828] [MD5.AC6A44D143F5B5089A5404EAE2C0A508] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [360448] [PID.1212] [MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1472] [MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1696] [MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1720] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1856] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.548] [MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3432] [MD5.E8A39D41474BE42FD8830CED32932D6C] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553440] [PID.3508] [MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4948] [MD5.136044F7DB2FFA66F88994E4CF48479F] - (.Avira Operations GmbH & Co. KG - Avira Updater.) -- C:\Program Files\Avira\AntiVir Desktop\update.exe [600288] [PID.6228] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\nico\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [user Data\Default][HomePage] Delta Search =>Toolbar.DeltaSearch G0 - GCSP: Preference [user Data\Default] Delta Search =>Toolbar.DeltaSearch G2 - GCE: Preference [user Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.2 (Désactivé) G2 - GCE: Preference [user Data\Default] [jfmjfhklogoienhpfnppmbcbjfjnkonk] RealPlayer HTML5Video Downloader Extension v.1.5 (Désactivé) G2 - GCE: Preference [user Data\Default] [pgafcinpmmpklohkojmllohdhomoefph] BrowserProtect v.1.0 (Désactivé) =>Toolbar.Babylon ~ Google Browser: 11 Legitimates Filtered in 00mn 10s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\prefs.js C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\user.js M3 - MFPP: Plugins - [nico] -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [nico] -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\searchplugins\delta.xml M3 - MFPP: Plugins - [nico] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M0 - MFSP: prefs.js [nico - 95ts5mqw.default-1347390472428] M2 - MFEP: prefs.js [nico - 95ts5mqw.default-1347390472428\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.30 (..) =>PUP.CacaoWeb M2 - MFEP: prefs.js [nico - 95ts5mqw.default-1347390472428\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) ~ Firefox Browser: 63 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search =>Toolbar.DeltaSearch R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pucuy.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = Delta Search =>Toolbar.DeltaSearch ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll =>Toolbar.DeltaSearch ~ BHO: 7 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll =>Toolbar.DeltaSearch ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\nico\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-2526033556-873220062-2426088063-1005\..\Run: [cacaoweb] . (...) -- C:\Users\nico\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: OUTLOOK.EXE.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.exe O4 - GS\TaskBar: VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Démarrer Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Samsung PC Studio 3.lnk . (...) -- C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - Global Startup: C:\Users\nico\Desktop\Dictionnaire des accords de guitare - Copie (2).URL . (...) -- C:\Users\nico\Desktop\Dictionnaire des accords de guitare - Copie (2).URL O4 - GS\Desktop: Downloads.lnk . (...) -- C:\Users\nico\Downloads ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Internet Explorer Plugins (O12) O12 - Plugin for .mu3 .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mus .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mxl .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mya .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .myr .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .myt .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .xmz .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll ~ IE Extra Buttons: 7 Legitimates Filtered in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.canalplay.com O15 - Trusted Zone: [HKCU\...\Domains] *.canalplusactive.com O15 - Trusted Zone: [HKLM\...\Domains] *.canalplay.com O15 - Trusted Zone: [HKLM\...\Domains] *.canalplusactive.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{502A2182-9A11-4C17-8483-C7D7F0E340EC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{502A2182-9A11-4C17-8483-C7D7F0E340EC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{502A2182-9A11-4C17-8483-C7D7F0E340EC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon ~ Services: 6 Legitimates Filtered in 00mn 18s ---\\ Tâches planifiées en automatique (O39) [MD5.7F91A8D7192B1664D4C4B19996ED8281] [APT] [Test TimeTrigger] (...) -- C:\Users\nico\AppData\Local\Temp\Runner.exe [40587] [MD5.00000000000000000000000000000000] [APT] [{D70097E3-297F-4AAC-9B1F-A62BB0DA6779}] (...) -- E:\setup.exe (.not file.) [0] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 02s ---\\ Logiciels installés (O42) O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta ~ Logic: 88 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Delta] [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\delta LTD] [HKCU\Software\f53df8ce63bbd14] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Delta] [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\f53df8ce63bbd14] ~ Key Software: 226 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 09/04/2013 - 20:03:11 - [2,786] ----D C:\Program Files\Delta O43 - CFD: 09/04/2013 - 20:02:42 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 09/04/2013 - 20:03:29 - [8,210] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon O43 - CFD: 09/04/2013 - 20:02:42 - [0,008] ----D C:\Users\nico\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 09/05/2013 - 11:39:44 - [334,174] ----D C:\Users\nico\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 09/04/2013 - 20:03:10 - [0,259] ----D C:\Users\nico\AppData\Roaming\Delta O43 - CFD: 10/04/2013 - 08:19:57 - [0,449] ----D C:\Users\nico\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 02/04/2013 - 18:59:59 - [0] ----D C:\Users\nico\AppData\Local\Savings Wave =>PUP.CrossRider O43 - CFD: 09/04/2013 - 20:03:32 - [0,001] ----D C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon ~ Program Folder: 223 Legitimates Filtered in 00mn 03s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 09/05/2013 - 11:20:12 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0] ~ Files: 10 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.0A57DCD73C232A7D82069FBF9745D260] - 03/05/2013 - 19:49:23 ---A- - C:\Windows\Prefetch\A57B.TMP-C1279D47.pf O45 - LFCP:[MD5.063D7EE8AB1F02DE9ED222DEC3BB1781] - 04/05/2013 - 07:53:40 ---A- - C:\Windows\Prefetch\MSOHELP.EXE-DF0446AB.pf O45 - LFCP:[MD5.AAEB1963D26762EBECA4476C5EE65732] - 04/05/2013 - 20:46:04 ---A- - C:\Windows\Prefetch\8C95.TMP-12E07611.pf O45 - LFCP:[MD5.4E26F0D0C4A22C7535809FD73DF9FA1C] - 05/05/2013 - 21:31:55 ---A- - C:\Windows\Prefetch\4AB8.TMP-815538A7.pf O45 - LFCP:[MD5.5AE879F92F88C0BFA2FF4CCE21D77DCE] - 08/05/2013 - 12:31:52 ---A- - C:\Windows\Prefetch\DC59.TMP-DA27784D.pf O45 - LFCP:[MD5.66F9E3E854370D9A84225FB0B77C6B9D] - 09/05/2013 - 11:09:39 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-9BC18116.pf =>Toolbar.Babylon ~ Prefetcher: 113 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{2ed8a8e3-e1f7-11e1-9f8e-0024215c5470}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.) O51 - MPSK:{6e04f40d-b8f2-11de-9981-0024215c5470}\AutoRun\command. (...) -- H:\LaunchU3.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 20 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 06/05/2013 - 03:12:47 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingD06213DE59171D14D34CCC95AE8B4437.cacao [74281341] =>PUP.CacaoWeb O61 - LFC: 06/05/2013 - 03:23:23 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingF5CD7100E32A268DE6FE88702054F471.cacao [130729278] =>PUP.CacaoWeb O61 - LFC: 06/05/2013 - 05:14:01 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingC6BDE46BE47694C08F11B6FC2FC3AF00.cacao [117156978] =>PUP.CacaoWeb O61 - LFC: 06/05/2013 - 06:12:33 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingE23252D0A80B35736B48FFA9F1DB97E0.cacao [103917305] =>PUP.CacaoWeb O61 - LFC: 06/05/2013 - 07:39:49 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicating510A9C7CA9089B1EE44D85E552136A80.cacao [353954895] =>PUP.CacaoWeb O61 - LFC: 06/05/2013 - 08:27:18 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicating30E52FBCA31E940074004BBA744555A2.cacao [510089724] =>PUP.CacaoWeb O61 - LFC: 08/05/2013 - 05:18:40 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingDE7FB3F49135356057B83438755ADA27.cacao [116907785] =>PUP.CacaoWeb O61 - LFC: 08/05/2013 - 07:08:04 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicating160B4F026B651524664125481FA5DA39.cacao [194226258] =>PUP.CacaoWeb O61 - LFC: 08/05/2013 - 07:56:19 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingA04DEAEA1A4F2AA9CEBA51D3AC286793.cacao [584025513] =>PUP.CacaoWeb O61 - LFC: 09/05/2013 - 00:45:40 ---A- C:\Users\nico\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269830] O61 - LFC: 09/05/2013 - 06:42:18 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingE4ACAD2A4469651B60AC78B0403DCE5E.cacao [47196] =>PUP.CacaoWeb O61 - LFC: 09/05/2013 - 11:20:27 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\npdfile.dat [202] =>PUP.CacaoWeb O61 - LFC: 09/05/2013 - 11:34:55 ---A- C:\Users\nico\AppData\Local\Google\Chrome\User Data\Local State [41941] O61 - LFC: 09/05/2013 - 11:37:52 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\storage.db [5447] =>PUP.CacaoWeb ~ 3 Fichiers temporaires (Temporary files) ~ Files: 216 Legitimates Filtered in 00mn 19s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (...) -- undll32.exe O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (...) -- undll32.exe ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("avg.install.userHPSettings", ""); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("avg.install.userSPSettings", ""); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.bbDpng", "9"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.cntry", "FR"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.dfltLng", "en"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.ffxUnstlRst", true); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.hdrMd5", "F9C9D631245A57D4F679C8DAD6DF2309"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.id", "de1eb7ae0000000000000024215c5470"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.instlDay", "15804"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.lastVrsnTs", "1.8.16.1620:03:12"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.sg", "azb"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.smplGrp", "azb"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.vrsn", "1.8.16.16"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.vrsni", "1.8.16.16"); O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.vrsnTs", "1.8.16.1620:03:12"); O69 - SBI: SearchScopes [HKCU] {0633EE93-1111-472f-A0FF-E1416B8B2EAA} - (Search) - pucuy.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - Delta Search =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - Bing O69 - SBI: SearchScopes [HKCU] {79DB772F-1A45-42EB-8C7F-A6ACFC7BE21F} - (Yahoo! Search) - Yahoo! Search - Recherche Web ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.44C9E30CD65C7E829BEBEF40A0609108] [sPRF][09/04/2013] (.Aedge Performance BCN SL - OfferBox setup.) -- C:\Users\nico\AppData\Local\Temp\OB.exe [3435912] =>PUP.OfferBox [MD5.7F91A8D7192B1664D4C4B19996ED8281] [sPRF][02/11/2012] (...) -- C:\Users\nico\AppData\Local\Temp\Runner.exe [40587] [MD5.8A0F4351919BC63848CEFA14F0115B10] [sPRF][07/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\nico\AppData\Local\Temp\uninst1.exe [394312] =>Toolbar.Babylon [MD5.5B2DA96D90C95228239806D40B720BD2] [sPRF][13/03/2008] (...) -- C:\Users\nico\AppData\Local\Temp\VP6.reg [340] [MD5.C88C0C118CBEDD5C9D9227A5E39C6BBF] [sPRF][13/03/2008] (...) -- C:\Users\nico\AppData\Local\Temp\VP6Install.exe [26176] [MD5.EC96E3D04A2CFEFA37E95A03C87EA284] [sPRF][13/03/2008] (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Users\nico\AppData\Local\Temp\VP6VFW.dll [445504] [MD5.0BFA8EF43FFA27D7A5A3E15216795A25] [sPRF][13/01/2013] (...) -- C:\Users\nico\Desktop\MorphVOXJunior_Install-1.exe [2889608] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{B2DC5203-1FA9-4827-A767-F13DB79F29E4}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{2BA3A5DF-058A-4E1B-8894-E4EDC28D4F43}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb ~ Firewall: 250 Legitimates Filtered in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.11971 - (07/05/2013) Clés trouvées (Keys found) : 59 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 8 Fichiers trouvés (Files found) : 6 [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKCU\Software\delta LTD] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox [HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods [HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods [HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb [HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} =>Toolbar.Babylon C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\BrowserProtect =>Hijacker.Eazel C:\Users\nico\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\nico\AppData\Roaming\cacaoweb =>PUP.CacaoWeb C:\Users\nico\AppData\Roaming\OfferBox =>PUP.OfferBox C:\Users\nico\AppData\Local\Savings Wave =>PUP.CrossRider C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\Extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\Extensions\ffxtlbr@delta.com =>PUP.Funmoods C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\bprotector_extensions.sqlite =>PUP.BProtector C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\bprotector_prefs.js =>PUP.BProtector C:\Users\nico\AppData\Local\Temp\OB.exe =>PUP.OfferBox C:\Users\nico\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon ~ Additionnel Scan: 274925 Items scanned in 00mn 30s ---\\ Random Export Key (O91) [HKCU\Software\f53df8ce63bbd14] =>Toolbar.Babylon^ [HKCU\Software\f53df8ce63bbd14]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\f53df8ce63bbd14]:version="2.6.1125.80" [HKLM\Software\f53df8ce63bbd14] =>Toolbar.Babylon^ [HKLM\Software\f53df8ce63bbd14]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKLM\Software\f53df8ce63bbd14]:version="2.6.1125.80" ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 22/11/2009 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe SS - | Demand 21/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 23/09/2009 172032 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 28/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 28/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon SS - | Disabled 30/12/2009 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 30/12/2009 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Disabled 02/05/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 71096 | (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe SS - | Disabled 19/01/2008 4388192 | (Norton Ghost) . (.Symantec Corporation.) - C:\Program Files\Norton Ghost\Agent\VProSvc.exe SS - | Disabled 12/08/2011 932240 | (Service CANALPLAY) . (.Canal+ Distribution.) - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe SS - | Disabled 20/12/2007 1553896 | (SymSnapService) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by nico at 09/05/2013 12:39:42 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85D431F8]<< 1 ntkrnlpa!IofCallDriver[0x8328CBC5] >> \Device\Harddisk0\DR0[0x86BA1200] \Driver\atapi[0x86A4EC08] >> IRP_MJ_CREATE >> 0x85D431F8 kernel: MBR read successfully user & kernel MBR OK ~ MBR: 14 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by nico at 09/05/2013 12:39:44 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1592 Legitimates filtered by white list End of the scan (644 lines in 02mn 48s)(0)

Voici le rapport pjjoint.malekal.com - Submit a file

Voici les rapports dans l'ordre pjjoint.malekal.com - Submit a file pjjoint.malekal.com - Submit a file pjjoint.malekal.com - Submit a file pjjoint.malekal.com - Submit a file

Bonjour à tous, j'aurai besoin d'un gros nettoyage. j'ai un rapport ZHP pas jolie jolie. Voici mont rapport ZDiag Merci © CJoint.com, 2012

Ça à l'air OK. Je te remercie pour tout.

Voici le rapport : Rapport de ZHPFix 1.2.07 par Nicolas Coolman, Update du 20/07/2012 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-20-08-2012-11-04-12.txt Run by sylvain at 20/08/2012 11:04:12 Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Clé(s) du Registre ========== SUPPRIME Key*: HKCU\Software\AppDataLow\Software\alot SUPPRIME Key*: SearchScopes :{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} ========== Valeur(s) du Registre ========== SUPPRIME {113C39E3-6FB5-41A6-AB5C-08F41ACCE8AB} SUPPRIME {48ECAF15-7553-4FA6-A30C-713949C2A083} SUPPRIME {9C54816B-E4D9-429E-B167-C3A66AB4F6C0} SUPPRIME {66C11F6C-218F-4A1E-8270-2FBDDC6AFAE9} ABSENT [HKLM\Software\Mozilla\Firefox\Extensions]:ffox@bandoo.com ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (None) : {8033A3A8-7EDA-46DB-8959-981733CBE7C5} SUPPRIME FirewallRaz (None) : {DA3DFDAE-84FB-4CB7-8C37-816261C76001} SUPPRIME FirewallRaz (None) : {250863E3-FE33-4960-BCD0-6CD668A79C0C} SUPPRIME FirewallRaz (None) : {4C926D1E-E233-4A25-80DE-6BEBF95674A1} SUPPRIME FirewallRaz (Public) : {4DBD5ABE-DC34-4853-A65F-F19647B2EAAF} SUPPRIME FirewallRaz (Public) : {997ABEAE-4419-4508-B6DC-C1A28FFF7085} ========== Elément(s) de donnée du Registre ========== SUPPRIME AppInit: \Program Files\wi9130~1\datamngr\datamngr.dll ========== Dossier(s) ========== SUPPRIME Folder: C:\Program Files\alot SUPPRIME Folder: C:\Program Files\Everest Poker SUPPRIME Folder: c:\users\sylvain\appdata\locallow\alot SUPPRIME Temporaires Windows: SUPPRIME Flash Cookies: ========== Fichier(s) ========== ABSENT File: \program files\wi9130~1\datamngr\datamngr.dll ABSENT Folder/File: c:\program files\alot ABSENT Folder/File: c:\program files\everest poker SUPPRIME Temporaires Windows: SUPPRIME Flash Cookies: ========== Restauration Système ========== Point de restauration du système créé avec succès ========== Récapitulatif ========== 3 : Clé(s) du Registre 13 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 5 : Dossier(s) 5 : Fichier(s) 1 : Restauration Système End of clean in 00mn 56s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 20/08/2012 11:04:12 [2404]

Ben c'mieux mais j'ai toujours 14 malwares detectés par ZHP O20 - AppInit_DLLs: . (...) - C:\Program Files\wi9130~1\datamngr\datamngr.dll (.not file.) => Infection BT (Adware.Bandoo) [HKCU\Software\AppDataLow\Software\alot] => Infection BT (AdWare.Comet) O43 - CFD: 19/04/2010 - 10:34:24 - [1,740] ----D C:\Program Files\alot => Infection BT (AdWare.Comet) O43 - CFD: 28/05/2008 - 22:28:02 - [0,144] ----D C:\Program Files\Everest Poker => Infection BT (PUP.Casino) O69 - SBI: SearchScopes [HKCU] {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - (ALOT Recherche) - ALOT Search Powered by Google => Infection BT (AdWare.Comet) O87 - FAEL: "{113C39E3-6FB5-41A6-AB5C-08F41ACCE8AB}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo) O87 - FAEL: "{48ECAF15-7553-4FA6-A30C-713949C2A083}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo) O87 - FAEL: "{9C54816B-E4D9-429E-B167-C3A66AB4F6C0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo) O87 - FAEL: "{66C11F6C-218F-4A1E-8270-2FBDDC6AFAE9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo) [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet) [HKLM\Software\Mozilla\Firefox\Extensions]:ffox@bandoo.com C:\Program Files\alot => Infection BT (AdWare.Comet) C:\Program Files\Everest Poker => Infection BT (PUP.Casino) C:\Users\sylvain\AppData\LocalLow\alot => Infection BT (AdWare.Comet) Malware (14)

Voici le rapport SFT : Lien CJoint.com 3HujCLX6Fnl et le rapport MAM Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Version de la base de données: v2012.08.19.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 sylvain :: PC-DE-SYLVAIN [administrateur] 19/08/2012 16:59:47 mbam-log-2012-08-19 (16-59-47).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 558630 Temps écoulé: 1 heure(s), 27 minute(s), 12 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 C:\Users\babou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Zylom\ZylomGamesPlayer\zylom\doggiedash\fr-FR\ZylomHost.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès. (fin)

Voici le rapport : # AdwCleaner v1.801 - Rapport créé le 19/08/2012 à 15:13:51 # Mis à jour le 14/08/2012 par Xplode # Système d'exploitation : Windows Vista Home Premium Service Pack 2 (32 bits) # Nom d'utilisateur : sylvain - PC-DE-SYLVAIN # Mode de démarrage : Normal # Exécuté depuis : C:\Users\sylvain\Desktop\adwcleaner.exe # Option [suppression] ***** [services] ***** Arrêté & Supprimé : Bandoo Coordinator ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\sylvain\AppData\LocalLow\Bandoo Dossier Supprimé : C:\Users\sylvain\AppData\LocalLow\PriceGong Dossier Supprimé : C:\Users\sylvain\AppData\LocalLow\searchquband Dossier Supprimé : C:\Users\sylvain\AppData\LocalLow\Searchqutoolbar Dossier Supprimé : C:\Users\sylvain\AppData\LocalLow\SweetIM Dossier Supprimé : C:\Users\YES\AppData\LocalLow\Bandoo Dossier Supprimé : C:\Users\YES\AppData\LocalLow\Searchqutoolbar Dossier Supprimé : C:\Users\sylvain\AppData\Roaming\Bandoo Dossier Supprimé : C:\Users\sylvain\AppData\Roaming\Nosibay Dossier Supprimé : C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\fqepvfey.default\Searchqutoolbar Dossier Supprimé : C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\fqepvfey.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Dossier Supprimé : C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\fqepvfey.default\extensions\ffox@bandoo.com Dossier Supprimé : C:\Users\YES\AppData\Roaming\Mozilla\Firefox\Profiles\txztxy8t.default\Searchqutoolbar Dossier Supprimé : C:\Users\YES\AppData\Roaming\Mozilla\Firefox\Profiles\txztxy8t.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Dossier Supprimé : C:\Users\YES\AppData\Roaming\Mozilla\Firefox\Profiles\txztxy8t.default\extensions\ffox@bandoo.com Dossier Supprimé : C:\ProgramData\Bandoo Dossier Supprimé : C:\ProgramData\boost_interprocess Dossier Supprimé : C:\ProgramData\SweetIM Dossier Supprimé : C:\ProgramData\Viewpoint Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong Dossier Supprimé : C:\Program Files\Bandoo Dossier Supprimé : C:\Program Files\Nosibay Dossier Supprimé : C:\Program Files\PriceGong Dossier Supprimé : C:\Program Files\SweetIM Dossier Supprimé : C:\Program Files\Viewpoint Dossier Supprimé : C:\Program Files\Windows Searchqu Toolbar Fichier Supprimé : C:\Users\sylvain\AppData\Local\Temp\Searchqu.ini Fichier Supprimé : C:\Users\sylvain\AppData\Local\Temp\searchqutoolbar-manifest.xml Fichier Supprimé : C:\Users\sylvain\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Fichier Supprimé : C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\fqepvfey.default\searchplugins\Search_Results.xml Fichier Supprimé : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Fichier Supprimé : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml ***** [Registre] ***** Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong Clé Supprimée : HKCU\Software\AppDataLow\Software\searchqutoolbar Clé Supprimée : HKCU\Software\DataMngr Clé Supprimée : HKCU\Software\DataMngr_Toolbar Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Clé Supprimée : HKCU\Software\Nosibay Clé Supprimée : HKCU\Software\Softonic Clé Supprimée : HKCU\Software\SweetIm Clé Supprimée : HKLM\SOFTWARE\bandoo Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\EoEngineBHO.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.BandooCore Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr Clé Supprimée : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin Clé Supprimée : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl Clé Supprimée : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1 Clé Supprimée : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl Clé Supprimée : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1 Clé Supprimée : HKLM\SOFTWARE\Classes\EoEngineBHO.EOBHO Clé Supprimée : HKLM\SOFTWARE\Classes\EoEngineBHO.EOBHO.1 Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Clé Supprimée : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Clé Supprimée : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Clé Supprimée : HKLM\SOFTWARE\Classes\sim-packages Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Clé Supprimée : HKLM\SOFTWARE\DataMngr Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dloejdefkancmfajekobpfoacecnhpgp Clé Supprimée : HKLM\SOFTWARE\MetaStream Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Clé Supprimée : HKLM\SOFTWARE\SearchquMediabarTb Clé Supprimée : HKLM\SOFTWARE\SweetIM Clé Supprimée : HKLM\SOFTWARE\Viewpoint Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM] Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [ffox@bandoo.com] ***** [Registre - GUID] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16421 Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com --> hxxp://www.google.com -\\ Mozilla Firefox v10.0.1 (fr) Nom du profil : default Fichier : C:\Users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\fqepvfey.default\prefs.js Supprimée : user_pref("browser.search.defaultenginename", "Search Results"); Supprimée : user_pref("browser.search.order.1", "Search Results"); Supprimée : user_pref("browser.search.selectedEngine", "Search Results"); Supprimée : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com"); Supprimée : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=2&systemid=101&sr=0&q="); Supprimée : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Supprimée : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", ""); Supprimée : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Supprimée : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.fr/"); Supprimée : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=2&barid={5ED8C021-E85E-11E0-[...] Nom du profil : default Fichier : C:\Users\YES\AppData\Roaming\Mozilla\Firefox\Profiles\txztxy8t.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. -\\ Google Chrome v21.0.1180.79 Fichier : C:\Users\sylvain\AppData\Local\Google\Chrome\User Data\Default\Preferences Supprimée : "homepage": "hxxp://www.searchnu.com", Supprimée : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com", "hxxp://home.sweetim.com/?st=2&b[...] Supprimée : "name": "Search Results", Supprimée : "search_url": "hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=101&sr=0&q={searchTer[...] Supprimée : "update_url": "hxxp://inst.pricegong.com/update/sweetim/-/update.xml", Supprimée : "homepage": "hxxp://www.searchnu.com", Supprimée : "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll", Supprimée : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com", "hxxp://home.sweetim.com/?st=2&bari[...] ************************* AdwCleaner[R1].txt - [12711 octets] - [17/01/2012 23:37:12] AdwCleaner[s1].txt - [20942 octets] - [19/08/2012 15:13:51] ########## EOF - C:\AdwCleaner[s1].txt - [21071 octets] ##########

Bonjour, j'ai un PC portable dont le rapport ZHPDiag indique plus de 200 malwares. Voici le rapport : Lien CJoint.com 0Htn22gEp0u De plus très souvent il reste bloqué au demarrage (ecran noir figé) Merci pour votre aide

Pas mal. je refais un ZHP Diag ?

Voici les 2 rapports All processes killed ========== FILES ========== C:\Program Files\pdfforge Toolbar\Res folder moved successfully. C:\Program Files\pdfforge Toolbar folder moved successfully. C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com\COMPONENTS folder moved successfully. C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com\CHROME\LOCALE\EN-US folder moved successfully. C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com\CHROME\LOCALE folder moved successfully. C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com\CHROME\CONTENT folder moved successfully. C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com\CHROME folder moved successfully. C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com folder moved successfully. C:\Documents and Settings\EURADIF\Application Data\pdfforge\temp folder moved successfully. C:\Documents and Settings\EURADIF\Application Data\pdfforge\res folder moved successfully. C:\Documents and Settings\EURADIF\Application Data\pdfforge folder moved successfully. C:\Documents and Settings\EURADIF\Application Data\Search Settings\kb128\temp folder moved successfully. C:\Documents and Settings\EURADIF\Application Data\Search Settings\kb128 folder moved successfully. C:\Documents and Settings\EURADIF\Application Data\Search Settings folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: EURADIF ->Temp folder emptied: 677953241 bytes ->Temporary Internet Files folder emptied: 168050347 bytes ->FireFox cache emptied: 118725214 bytes ->Flash cache emptied: 27835 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138958 bytes %systemroot%\System32 .tmp files removed: 2940416 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22413205 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 205420440 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 98374690 bytes Total Files Cleaned = 1 235,00 mb OTM by OldTimer - Version 3.1.21.0 log created on 07312012_183400 Files moved on Reboot... Registry entries deleted on Reboot... Rapport de ZHPFix 1.2.07 par Nicolas Coolman, Update du 20/07/2012 Fichier d'export Registre : Run by EURADIF at 31/07/2012 19:04:32 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Logiciel(s) ========== SUPPRIME pdfforge Toolbar v1.0 ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Temp Afdobe Photoshop 7\Photoshop Plugins\AGE_PlaidMaker_PLUS_v_1.1\!keygen\KEYMAKER.EXE ========== Clé(s) du Registre ========== ABSENT Key: HKCU\Software\Search Settings ABSENT Key: HKCU\Software\pdfforge ABSENT Key: HKLM\Software\Search Settings ABSENT Key: HKLM\Software\pdfforge SUPPRIME Key*: HKCR\CLSID\MADOWN ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\lowregistry\search settings SUPPRIME Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} ========== Valeur(s) du Registre ========== ABSENT Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} ABSENT RunValue: SearchSettings ABSENT [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{B922D405-6D13-4A2B-AE89-08A030DA4402} ABSENT [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:SearchSettings SUPPRIME AAKE KeyValue: C:\Documents and Settings\EURADIF\Bureau\IM92265.JPG-www.myspace.com.exe SUPPRIME AAKE KeyValue: E:\WRE54Gv3_Setup_Wizard_v3_0_0_21\Setup.exe SUPPRIME FirewallRaz (SP) : %windir%\system32\sessmgr.exe SUPPRIME FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (DP) : %windir%\system32\sessmgr.exe SUPPRIME FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ProxyFix : Configuration proxy supprimée avec succès SUPPRIME ProxyServer Value SUPPRIME ProxyEnable Value SUPPRIME EnableHttp1_1 Value SUPPRIME ProxyHttp1.1 Value SUPPRIME ProxyOverride Value ========== Elément(s) de donnée du Registre ========== SUPPRIME R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page ========== Dossier(s) ========== ABSENT C:\Program Files\pdfforge Toolbar ABSENT C:\Documents and Settings\EURADIF\Application Data\pdfforge ABSENT C:\Documents and Settings\EURADIF\Application Data\Search Settings SUPPRIME Flash Cookies: SUPPRIME Temporaires Windows: ========== Fichier(s) ========== ABSENT Folder/File: c:\program files\pdfforge toolbar\searchsettings.exe ABSENT File: c:\program files\pdfforge toolbar\searchsettings.exe ABSENT Folder/File: c:\program files\pdfforge toolbar ABSENT Folder/File: c:\program files\mozilla firefox\extensions\search@searchsettings.com ABSENT Folder/File: c:\documents and settings\euradif\application data\pdfforge ABSENT Folder/File: c:\documents and settings\euradif\application data\search settings ABSENT File: c:\windows\infocard.exe ABSENT File: e:\wre54gv3_setup_wizard_v3_0_0_21\setup.exe ABSENT Folder/File: c:\temp afdobe photoshop 7\keygen\keygen.exe SUPPRIME File***: c:\temp afdobe photoshop 7\photoshop plugins\age_plaidmaker_plus_v_1.1\!keygen\keymaker.exe SUPPRIME File: C:\Temp Afdobe Photoshop 7\Photoshop Plugins\Flaming.Pear.Flexify.v1.4.Photoshop.PlugIn.Incl.Keygen-ECLiP.zip SUPPRIME File***: c:\temp afdobe photoshop 7\photoshop plugins\flaming.pear.flexify.v1.4.photoshop.plugin.incl.keygen-eclip.zip SUPPRIME File: C:\Temp Afdobe Photoshop 7\Photoshop Plugins\Flaming.Pear.LunarCell.v1.3.Photoshop.PlugIn.Incl.Keygen-ECL.zip SUPPRIME File***: c:\temp afdobe photoshop 7\photoshop plugins\flaming.pear.lunarcell.v1.3.photoshop.plugin.incl.keygen-ecl.zip SUPPRIME File: C:\Temp Afdobe Photoshop 7\Photoshop Plugins\Flaming.Pear.Mr.Contrast.v1.0.Photoshop.PlugIn.Incl.Keygen-E.zip SUPPRIME File***: c:\temp afdobe photoshop 7\photoshop plugins\flaming.pear.mr.contrast.v1.0.photoshop.plugin.incl.keygen-e.zip SUPPRIME Flash Cookies: SUPPRIME Temporaires Windows: ========== Restauration Système ========== Point de restauration non crée ========== Récapitulatif ========== 1 : Processus mémoire 7 : Clé(s) du Registre 17 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 5 : Dossier(s) 18 : Fichier(s) 1 : Logiciel(s) 1 : Restauration Système End of clean in 01mn 14s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 31/07/2012 19:04:32 [4364]

Tout à l'air ok Je te remercie

Le rapport ZHPFix : Rapport de ZHPFix 1.12.3376 par Nicolas Coolman, Update du 20/12/2011 Fichier d'export Registre : Run by Administrateur at 31/07/2012 13:47:16 Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601) Web site : ZHPFix Fix de rapport ========== Logiciel(s) ========== ABSENT Uninstall Process: c:\program files\pokerstars.fr\pokerstarsuninstall.exe ========== Clé(s) du Registre ========== SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars.fr] ========== Dossier(s) ========== SUPPRIME Folder: C:\Program Files\PokerStars SUPPRIME Folder: C:\Program Files\PokerStars.FR SUPPRIME Folder: C:\Users\Administrateur\AppData\Local\PokerStars.FR SUPPRIME Folder: C:\Users\Administrateur\AppData\Local\Thermo SUPPRIME Folder: C:\Users\Administrateur\AppData\Local\{0DBFFBED-876B-434F-B9B4-5176EB2D4427} SUPPRIME Folder: C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR SUPPRIME Temporaires Windows: : 105 SUPPRIME Flash Cookies: 77 ========== Fichier(s) ========== SUPPRIME File: D:\Sauvegarde\Téléchargement\Autocad\autodeskarchitecturaldesktopv2005keygenagain.zip SUPPRIME File*: d:\sauvegarde\téléchargement\autocad\autodeskarchitecturaldesktopv2005keygenagain.zip SUPPRIME File: D:\Sauvegarde\Téléchargement\Autocad\autodeskautocad2005keygenagain.zip SUPPRIME File*: d:\sauvegarde\téléchargement\autocad\autodeskautocad2005keygenagain.zip SUPPRIME Temporaires Windows: : 57 SUPPRIME Flash Cookies: 40 ========== Récapitulatif ========== 1 : Clé(s) du Registre 8 : Dossier(s) 6 : Fichier(s) 1 : Logiciel(s) End of clean in 00mn 36s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 28/06/2012 07:26:05 [4623] C:\ZHP\ZHPFix[R2].txt - 31/07/2012 13:47:16 [1790] Le rapport SFT Lien CJoint.com BGFpo72WIs2 Le rapport MBAM : Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Version de la base de données: v2012.07.31.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Administrateur :: NICO-PC [administrateur] 31/07/2012 13:57:10 mbam-log-2012-07-31 (13-57-10).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|Z:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 436340 Temps écoulé: 1 heure(s), 4 minute(s), 43 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 2 D:\Sauvegarde\Téléchargement\Flex3\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès. D:\Sauvegarde\Téléchargement\Crack tout log\MS_CRK\w7lxe-v10.exe (Riskware.Tool.CK) -> Mis en quarantaine et supprimé avec succès. (fin)

Bonjour, Ci-joint un rapport ZHPDiag d'un PC pas en forme. Merci pour votre aide Lien CJoint.com BGFocHeCFln

Voici le lien pour le rapport ZHP Diag Lien CJoint.com BGFnsL5YDzC Le rapport USB Fix : ############################## | UsbFix V 7.094 | [suppression] Utilisateur: Administrateur (Administrateur) # NICO-PC Mis à jour le 20/07/2012 par El Desaparecido Lancé à 13:07:36 | 31/07/2012 Site Web: http://eldesaparecido.com Forum: http://forum.eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: Dell Inc. (Studio XPS 8100) (X86-based PC) # Desktop Computer CPU: Intel® Core i7 CPU 860 @ 2.80GHz (2801) RAM -> [Total : 3031 | Free : 1635] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Avira Desktop [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 293 Go (242 Go libre(s) - 83%) [] # NTFS D:\ -> Disque fixe # 639 Go (382 Go libre(s) - 60%) [Fichiers] # NTFS E:\ -> Disque amovible # 7 Go (7 Go libre(s) - 96%) [] # FAT32 J:\ -> CD-ROM Z:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (560) C:\Windows\system32\wininit.exe (644) C:\Windows\system32\csrss.exe (652) C:\Windows\system32\services.exe (692) C:\Windows\system32\lsass.exe (708) C:\Windows\system32\lsm.exe (716) C:\Windows\system32\winlogon.exe (748) C:\Windows\system32\svchost.exe (876) C:\Windows\system32\svchost.exe (964) C:\Windows\system32\atiesrxx.exe (1024) C:\Windows\System32\svchost.exe (1092) C:\Windows\System32\svchost.exe (1128) C:\Windows\system32\svchost.exe (1176) C:\Windows\system32\svchost.exe (1340) C:\Windows\system32\svchost.exe (1472) C:\Windows\system32\atieclxx.exe (1568) C:\Windows\System32\spoolsv.exe (1752) C:\Program Files\Avira\AntiVir Desktop\sched.exe (1780) C:\Windows\system32\svchost.exe (1804) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1920) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1940) C:\Program Files\Azur\azurCfrService.exe (1964) C:\PVSW\Bin\WGE_SRV.exe (2020) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (152) C:\PVSW\BIN\W3dbsmgr.EXE (464) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (640) C:\Program Files\Norton Ghost\Agent\VProSvc.exe (892) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2116) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (2152) C:\Windows\system32\svchost.exe (2180) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (2208) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2268) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2600) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (3096) C:\Windows\system32\conhost.exe (3104) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (3164) C:\Windows\system32\taskhost.exe (3488) C:\Windows\system32\Dwm.exe (3564) C:\Windows\Explorer.EXE (3684) C:\Windows\system32\svchost.exe (3876) C:\Windows\system32\WUDFHost.exe (3988) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (564) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (1636) C:\Program Files\Logitech\SetPointP\SetPoint.exe (3064) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3236) C:\Program Files\Norton Ghost\Agent\VProTray.exe (3452) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (3664) C:\Program Files\Common Files\Java\Java Update\jusched.exe (3612) C:\Program Files\Navionics World\NavService.exe (3728) C:\Windows\System32\wscript.exe (3744) C:\Program Files\KeyyoFax\KeyyoFax.exe (3976) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (1124) C:\Windows\system32\wbem\wmiprvse.exe (4272) C:\Windows\system32\SearchIndexer.exe (4808) C:\Program Files\Windows Media Player\wmpnetwk.exe (5000) C:\Windows\system32\svchost.exe (5044) C:\Windows\System32\svchost.exe (5468) C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (5476) C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (5784) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (5988) C:\Windows\system32\DllHost.exe (4552) C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (4636) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (4956) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (4964) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (4904) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2564) C:\Windows\System32\svchost.exe (2440) C:\Windows\system32\SearchProtocolHost.exe (3952) C:\Windows\system32\SearchFilterHost.exe (3444) C:\UsbFix\Go.exe (3344) ################## | Processus Stoppés | Stoppé! C:\Windows\system32\atiesrxx.exe (1024) Stoppé! C:\Windows\system32\atieclxx.exe (1568) Stoppé! C:\Windows\System32\spoolsv.exe (1752) Stoppé! C:\Program Files\Avira\AntiVir Desktop\sched.exe (1780) Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1920) Stoppé! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1940) Stoppé! C:\Program Files\Azur\azurCfrService.exe (1964) Stoppé! C:\PVSW\Bin\WGE_SRV.exe (2020) Stoppé! C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (152) Stoppé! C:\PVSW\BIN\W3dbsmgr.EXE (464) Stoppé! C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (640) Stoppé! C:\Program Files\Norton Ghost\Agent\VProSvc.exe (892) Stoppé! C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2116) Stoppé! C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (2152) Stoppé! C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (2208) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2268) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2600) Stoppé! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (3096) Stoppé! C:\Windows\system32\conhost.exe (3104) Stoppé! C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (3164) Stoppé! C:\Windows\system32\taskhost.exe (3488) Stoppé! C:\Windows\system32\WUDFHost.exe (3988) Stoppé! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (564) Stoppé! C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (1636) Stoppé! C:\Program Files\Logitech\SetPointP\SetPoint.exe (3064) Stoppé! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3236) Stoppé! C:\Program Files\Norton Ghost\Agent\VProTray.exe (3452) Stoppé! C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (3664) Stoppé! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3612) Stoppé! C:\Program Files\Navionics World\NavService.exe (3728) Stoppé! C:\Windows\System32\wscript.exe (3744) Stoppé! C:\Program Files\KeyyoFax\KeyyoFax.exe (3976) Stoppé! C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (1124) Stoppé! C:\Windows\system32\SearchIndexer.exe (4808) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (5000) Stoppé! C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (5476) Stoppé! C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (5784) Stoppé! C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (5988) Stoppé! C:\Windows\system32\DllHost.exe (4552) Stoppé! C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (4636) Stoppé! C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (4956) Stoppé! C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (4964) Stoppé! C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (4904) Stoppé! C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2564) ################## | Éléments infectieux | Supprimé! C:\$RECYCLE.BIN\S-1-5-20 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2045970671-1828043621-611455015-1000 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2045970671-1828043621-611455015-1004 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2045970671-1828043621-611455015-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-20 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2045970671-1828043621-611455015-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2045970671-1828043621-611455015-1004 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2045970671-1828043621-611455015-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-372798983-2346360800-2972772344-1000 Supprimé! E:\autorun.inf.Désactivé par USB-set Supprimé! E:\MS32DLL.dll.vbs (!) Fichiers temporaires supprimés. ################## | Registre | ################## | Mountpoints2 | ################## | Listing | [31/07/2012 - 13:10:00 | SHD ] C:\$Recycle.Bin [21/12/2011 - 20:10:49 | N | 3400] C:\AdwCleaner[R1].txt [21/12/2011 - 20:13:07 | N | 1248] C:\AdwCleaner[R2].txt [21/12/2011 - 20:11:34 | N | 3695] C:\AdwCleaner[s1].txt [26/09/2011 - 14:49:41 | D ] C:\AMD [03/03/2011 - 16:31:04 | D ] C:\ATI [10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat [21/12/2011 - 20:52:29 | RSHD ] C:\autorun.inf [25/08/2011 - 08:14:13 | D ] C:\CIEL [25/07/2012 - 10:29:40 | D ] C:\Config.Msi [10/06/2009 - 23:42:20 | N | 10] C:\config.sys [25/09/2010 - 17:04:00 | D ] C:\dell [25/08/2011 - 08:32:43 | D ] C:\Données Ciel [27/09/2010 - 19:03:27 | D ] C:\finnforest [31/07/2012 - 12:18:53 | ASH | 2383736832] C:\hiberfil.sys [24/09/2010 - 18:12:24 | D ] C:\Intel [29/03/2012 - 12:03:56 | N | 0] C:\IO.SYS [29/03/2012 - 12:03:56 | N | 0] C:\MSDOS.SYS [24/09/2010 - 21:39:34 | RHD ] C:\MSOCache [31/07/2012 - 12:18:59 | ASH | 3178315776] C:\pagefile.sys [14/07/2009 - 04:37:05 | D ] C:\PerfLogs [21/12/2011 - 20:22:31 | N | 512] C:\PhysicalDisk0_MBR.bin [15/07/2012 - 10:52:26 | D ] C:\Program Files [12/07/2012 - 10:02:07 | HD ] C:\ProgramData [24/09/2010 - 19:41:05 | D ] C:\PVSW [24/09/2010 - 18:01:23 | SHD ] C:\Recovery [31/07/2012 - 08:24:24 | SHD ] C:\System Volume Information [07/05/2012 - 14:28:13 | D ] C:\Temp [31/07/2012 - 13:10:00 | D ] C:\UsbFix [31/07/2012 - 13:07:43 | A | 10258] C:\UsbFix.txt [07/10/2011 - 12:25:10 | D ] C:\Users [15/07/2012 - 20:54:10 | D ] C:\Windows [05/05/2012 - 18:43:34 | D ] C:\WinSetupFromUSB [31/07/2012 - 10:41:18 | D ] C:\ZHP [31/07/2012 - 13:10:00 | SHD ] D:\$RECYCLE.BIN [31/07/2012 - 12:04:42 | RSHD ] D:\autorun.inf [23/04/2012 - 09:03:42 | D ] D:\Datalys [20/09/2011 - 14:48:18 | D ] D:\Dropbox [07/11/2007 - 09:00:40 | N | 17734] D:\eula.1028.txt [07/11/2007 - 09:00:40 | N | 17734] D:\eula.1031.txt [07/11/2007 - 09:00:40 | N | 10134] D:\eula.1033.txt [07/11/2007 - 09:00:40 | N | 17734] D:\eula.1036.txt [07/11/2007 - 09:00:40 | N | 17734] D:\eula.1040.txt [07/11/2007 - 09:00:40 | N | 118] D:\eula.1041.txt [07/11/2007 - 09:00:40 | N | 17734] D:\eula.1042.txt [07/11/2007 - 09:00:40 | N | 17734] D:\eula.2052.txt [07/11/2007 - 09:00:40 | N | 17734] D:\eula.3082.txt [21/12/2011 - 15:31:52 | D ] D:\Euradif [07/10/2011 - 11:31:33 | N | 80592] D:\favoris_07_10_11.html [09/05/2012 - 18:17:06 | D ] D:\Fax [14/06/2012 - 09:41:53 | D ] D:\Ferradam [07/10/2011 - 11:45:13 | N | 5168] D:\fireFTPsites.dat [07/11/2007 - 09:00:40 | N | 1110] D:\globdata.ini [07/07/2012 - 11:19:59 | D ] D:\IDE [26/09/2011 - 15:28:18 | N | 11440] D:\images.jpg [07/11/2007 - 09:03:18 | N | 562688] D:\install.exe [07/11/2007 - 09:00:40 | N | 843] D:\install.ini [07/11/2007 - 09:03:18 | N | 76304] D:\install.res.1028.dll [07/11/2007 - 09:03:18 | N | 96272] D:\install.res.1031.dll [07/11/2007 - 09:03:18 | N | 91152] D:\install.res.1033.dll [07/11/2007 - 09:03:18 | N | 97296] D:\install.res.1036.dll [07/11/2007 - 09:03:18 | N | 95248] D:\install.res.1040.dll [07/11/2007 - 09:03:18 | N | 81424] D:\install.res.1041.dll [07/11/2007 - 09:03:18 | N | 79888] D:\install.res.1042.dll [07/11/2007 - 09:03:18 | N | 75792] D:\install.res.2052.dll [07/11/2007 - 09:03:18 | N | 96272] D:\install.res.3082.dll [01/11/2011 - 12:21:54 | N | 347920] D:\MicrosoftFixit.devices.Run.zzzzz [25/07/2012 - 08:39:57 | D ] D:\Perso [08/03/2012 - 10:34:47 | D ] D:\Sauvegarde [27/09/2010 - 09:34:09 | D ] D:\Site Web [09/05/2012 - 18:23:11 | N | 18952] D:\Stewan.docx [27/02/2012 - 09:31:09 | SHD ] D:\System Volume Information [16/06/2011 - 11:10:32 | N | 57568] D:\TraceGC_method.zip [07/11/2007 - 09:00:40 | N | 5686] D:\vcredist.bmp [07/11/2007 - 09:09:22 | N | 1442522] D:\VC_RED.cab [07/11/2007 - 09:12:28 | N | 232960] D:\VC_RED.MSI [15/11/2011 - 19:32:33 | D ] D:\VProRecovery [23/09/2011 - 10:20:42 | D ] D:\Winilab [08/10/2011 - 11:24:18 | D ] E:\INSTRU [08/10/2011 - 14:55:24 | D ] E:\.fseventsd [31/07/2012 - 12:56:02 | RSHD ] E:\autorun.inf [14/08/2011 - 15:31:16 | HD ] E:\.Trashes [07/07/2011 - 08:48:30 | N | 23040] E:\CV STRIPPOLI Christophe.doc [08/08/2011 - 14:55:24 | N | 2760339] E:\7368_psp_max_media_manager__convert___transfer_movies_to_psp_.exe [14/08/2011 - 15:31:16 | N | 4096] E:\._.Trashes [14/08/2011 - 15:31:16 | D ] E:\.Spotlight-V100 [15/08/2011 - 13:02:10 | N | 4096] E:\._La rue te guette (Sekal & Ris-K).mp3 [15/08/2011 - 16:48:58 | N | 4096] E:\._Photo du 60465112-08- à 16.47.jpg [15/08/2011 - 16:49:06 | N | 4096] E:\._Photo du 60280326-08- à 16.44.jpg ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F |

Voici le rapport : ############################## | UsbFix V 7.094 | [Recherche] Utilisateur: Administrateur (Administrateur) # NICO-PC Mis à jour le 20/07/2012 par El Desaparecido Lancé à 12:56:31 | 31/07/2012 Site Web: http://eldesaparecido.com Forum: http://forum.eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: Dell Inc. (Studio XPS 8100) (X86-based PC) # Desktop Computer CPU: Intel® Core i7 CPU 860 @ 2.80GHz (2801) RAM -> [Total : 3031 | Free : 1788] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Avira Desktop [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 293 Go (242 Go libre(s) - 83%) [] # NTFS D:\ -> Disque fixe # 639 Go (382 Go libre(s) - 60%) [Fichiers] # NTFS E:\ -> Disque amovible # 7 Go (7 Go libre(s) - 96%) [] # FAT32 J:\ -> CD-ROM Z:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (560) C:\Windows\system32\wininit.exe (644) C:\Windows\system32\csrss.exe (652) C:\Windows\system32\services.exe (692) C:\Windows\system32\lsass.exe (708) C:\Windows\system32\lsm.exe (716) C:\Windows\system32\winlogon.exe (748) C:\Windows\system32\svchost.exe (876) C:\Windows\system32\svchost.exe (964) C:\Windows\system32\atiesrxx.exe (1024) C:\Windows\System32\svchost.exe (1092) C:\Windows\System32\svchost.exe (1128) C:\Windows\system32\svchost.exe (1176) C:\Windows\system32\svchost.exe (1340) C:\Windows\system32\svchost.exe (1472) C:\Windows\system32\atieclxx.exe (1568) C:\Windows\System32\spoolsv.exe (1752) C:\Program Files\Avira\AntiVir Desktop\sched.exe (1780) C:\Windows\system32\svchost.exe (1804) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1920) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1940) C:\Program Files\Azur\azurCfrService.exe (1964) C:\PVSW\Bin\WGE_SRV.exe (2020) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (152) C:\PVSW\BIN\W3dbsmgr.EXE (464) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (640) C:\Program Files\Norton Ghost\Agent\VProSvc.exe (892) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2116) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (2152) C:\Windows\system32\svchost.exe (2180) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (2208) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2268) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2600) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (3096) C:\Windows\system32\conhost.exe (3104) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (3164) C:\Windows\system32\taskhost.exe (3488) C:\Windows\system32\Dwm.exe (3564) C:\Windows\Explorer.EXE (3684) C:\Windows\system32\svchost.exe (3876) C:\Windows\system32\WUDFHost.exe (3988) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (564) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (1636) C:\Program Files\Logitech\SetPointP\SetPoint.exe (3064) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3236) C:\Program Files\Norton Ghost\Agent\VProTray.exe (3452) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (3664) C:\Program Files\Common Files\Java\Java Update\jusched.exe (3612) C:\Program Files\Navionics World\NavService.exe (3728) C:\Windows\System32\wscript.exe (3744) C:\Program Files\KeyyoFax\KeyyoFax.exe (3976) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (1124) C:\Windows\system32\wbem\wmiprvse.exe (4272) C:\Windows\system32\SearchIndexer.exe (4808) C:\Program Files\Windows Media Player\wmpnetwk.exe (5000) C:\Windows\system32\svchost.exe (5044) C:\Windows\System32\svchost.exe (5468) C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (5476) C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (5784) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (5988) C:\Windows\system32\DllHost.exe (4552) C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe (4636) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (4956) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (4964) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (4904) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2564) C:\Windows\System32\svchost.exe (2440) C:\Windows\system32\wbem\wmiprvse.exe (4780) C:\Windows\system32\SearchProtocolHost.exe (2332) C:\Windows\system32\SearchFilterHost.exe (5636) C:\UsbFix\Go.exe (4704) ################## | Éléments infectieux | Présent! E:\autorun.inf.Désactivé par USB-set Présent! E:\MS32DLL.dll.vbs ################## | Registre | ################## | Mountpoints2 | ################## | Vaccin |

Bonjour à tous, je suis chargée de désinfecter une clé USB probablement vérolée. Je suis sous SEVEN avec Antivir. Pourriez-vous m'indiquer la procédure à suivre pour la désinfection sans contamination de mon PC ? Merci à toutes et à tous d'avance