Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par julia
#22368
Bonsoir, j'ai eu un soucis avec ma clef usb en la branchant sur un ordi et ensuite sur le mien, n'affichant plus que des raccourcis. J'ai suivis les étapes de la procédure préliminaire de désinfection, des documents disparus sont réapparus sur ma clef et plus de raccourcis. Tout semble réglé mais comment en être sà»re ? Merci d'avance :)
Avatar du membre
par g3n-h@ckm@n
#22369
salut transmets tous les rapports que tu as eu
Avatar du membre
par julia
#22370
très bien alors voici le 1er de usbfix : ############################## | UsbFix V 7.154 | [Suppression]

Utilisateur: julia (Administrateur) # JULIA-PC
Mis à  jour le 13/12/2013 par El Desaparecido - Team SosVirus
Lancé à  14:45:48 | 16/12/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (K55VD)
CPU: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
RAM -> [Total : 3981 | Free : 1837]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 372 Go (221 Go libre(s) - 59%) [OS] # NTFS
D:\ -> Disque fixe # 534 Go (534 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 15 Go (15 Go libre(s) - 100%) [JU'S KEY] # FAT32
G:\ -> Disque amovible # 4 Go (20 Mo libre(s) - 1%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1524 |ParentID: 964)
Stoppé! C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (ID: 2884 |ParentID: 964)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 6756 |ParentID: 2940)
Stoppé! C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 5156 |ParentID: 964)
Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 7028 |ParentID: 964)
Stoppé! C:\Windows\System32\rundll32.exe (ID: 6796 |ParentID: 444)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 1940 |ParentID: 1100)
Stoppé! C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (ID: 4508 |ParentID: 964)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 5608 |ParentID: 964)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 8048 |ParentID: 5608)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2788 |ParentID: 964)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2716 |ParentID: 964)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 7256 |ParentID: 964)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1892 |ParentID: 964)
Stoppé! C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (ID: 1692 |ParentID: 964)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 8140 |ParentID: 444)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (ID: 7732 |ParentID: 7196)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5436 |ParentID: 6860)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5096 |ParentID: 5436)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7616 |ParentID: 5436)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7392 |ParentID: 5436)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3644 |ParentID: 5436)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3900 |ParentID: 5436)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE | Run : [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
04 - HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE | Run : [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
04 - HKLM\SOFTWARE | Run : [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe
04 - HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE | Run : [CLMLServer] - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
04 - HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\0b3a5ea5-8211-43d5-99b6-11c462662820.exe /check
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
04 - HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\SOFTWARE\wow6432Node | Run : [CLMLServer] - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\0b3a5ea5-8211-43d5-99b6-11c462662820.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2960389178-2688341492-1248310896-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2960389178-2688341492-1248310896-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2960389178-2688341492-1248310896-1001\SOFTWARE | Run : [AdobeBridge] -
04 - HKU\S-1-5-21-2960389178-2688341492-1248310896-1001\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent
04 - HKU\S-1-5-21-2960389178-2688341492-1248310896-1001\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\julia\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Supprimé! F:\iTunesHelper.vbe
Supprimé! G:\iTunesHelper.vbe
Supprimé! C:\Users\julia\AppData\Local\Temp\iTunesHelper.vbe
Supprimé! C:\Users\julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Supprimé! F:\7.lnk
Supprimé! F:\schema.lnk
Supprimé! F:\Nouveau dossier.lnk
Supprimé! F:\fab.lnk
Supprimé! C:\Users\julia\AppData\Local\Temp\Drives.vbs

(!) Fichiers temporaires supprimés. (4 Ko)

################## | Référence de comparaison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Users\julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Users\julia\AppData\Local\Temp\iTunesHelper.vbe
Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\julia\AppData\Local\Temp\Drives.vbs
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> F:\iTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> G:\iTunesHelper.vbe

################## | Comparaison MD5 |

-> Pas de valeur Md5 identique trouvée.

################## | Registre |

Supprimé! HKU\S-1-5-21-2960389178-2688341492-1248310896-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Supprimé! HKU\S-1-5-21-2960389178-2688341492-1248310896-1001\Software\.\.\.\.\Mountpoints2\{9d9d404e-f4c4-11e2-be68-806e6f6e6963}

################## | Listing |

[25/07/2013 - 02:22:30 | N | 16 Ko] - C:\devlist.txt
[21/10/2013 - 11:29:37 | N | 2 Ko] - C:\logFileUI.txt
[16/12/2013 - 14:32:10 | N | 17 Ko] - C:\UsbFix [Scan 1] JULIA-PC.txt
[16/12/2013 - 14:51:40 | A | 10 Ko] - C:\UsbFix [Clean 1] JULIA-PC.txt
[16/12/2013 - 13:54:16 | ASH | 3057788 Ko] - C:\hiberfil.sys
[16/12/2013 - 13:54:21 | ASH | 4077052 Ko] - C:\pagefile.sys
[25/07/2013 - 01:57:51 | N | 0 Ko] - C:\setup.log
[25/07/2013 - 01:58:21 | N | 2 Ko] - C:\RHDSetup.log
[25/07/2013 - 02:22:30 | N | 0 Ko] - C:\Finish.log
[16/12/2011 - 07:37:40 | N | 0 Ko] - C:\RECOVERY.DAT
[13/06/2012 - 04:14:47 | N | 6146 Ko] - C:\K55VD.BIN
[13/06/2012 - 07:15:10 | N | 6146 Ko] - C:\K55A.BIN
[09/08/2013 - 14:18:59 | SHD] - C:\$Recycle.Bin
[29/07/2009 - 07:03:37 | N | 8 Ko] - C:\BOOTSECT.BAK
[24/07/2012 - 13:21:06 | N | 0 Ko] - C:\K55A_K55VD_WIN7.60
[14/07/2009 - 02:38:58 | RASH | 375 Ko] - C:\bootmgr
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[29/07/2009 - 07:03:34 | SHD] - C:\Boot
[13/04/2011 - 03:49:40 | D] - C:\AsusVibeData
[25/07/2013 - 01:49:02 | D] - C:\Intel
[25/07/2013 - 02:09:54 | D] - C:\eSupport
[27/07/2013 - 14:45:51 | SHD] - C:\Recovery
[27/07/2013 - 14:48:03 | D] - C:\Users
[01/08/2013 - 22:19:41 | D] - C:\temp
[15/09/2013 - 15:42:47 | D] - C:\$AVG
[21/10/2013 - 11:19:35 | N | 0 Ko] - C:\END
[04/11/2013 - 14:13:38 | HD] - C:\ProgramData
[28/11/2013 - 01:51:39 | D] - C:\Program Files (x86)
[08/12/2013 - 15:07:32 | D] - C:\Program Files
[08/12/2013 - 15:08:08 | D] - C:\Windows
[12/12/2013 - 20:24:03 | SHD] - C:\System Volume Information
[16/12/2013 - 14:51:05 | D] - C:\UsbFix
[25/11/2013 - 14:28:30 | N | 1 Ko] - D:\Bibliothèques - Raccourci.lnk
[16/12/2013 - 14:32:09 | RASHD] - D:\Autorun.inf
[27/07/2013 - 14:48:27 | SHD] - D:\$RECYCLE.BIN
[25/07/2013 - 01:39:42 | SHD] - D:\System Volume Information
[02/09/2013 - 10:32:56 | D] - D:\exposés designers dp112-13
[09/02/2013 - 15:18:42 | N | 65 Ko] - F:\00090700-t0.jpg
[09/02/2013 - 16:42:12 | N | 7 Ko] - F:\000005958_5.jpg
[09/02/2013 - 16:45:08 | N | 24 Ko] - F:\plus-de-la-moitie-des-francais-mange-des-cereales-au-petit-dejeuner_large.jpg
[09/02/2013 - 16:48:26 | N | 7 Ko] - F:\7.jpg
[09/02/2013 - 16:51:14 | N | 64 Ko] - F:\1006807-Récolte_des_feuilles_de_thé.jpg
[01/12/2013 - 18:47:08 | N | 33 Ko] - F:\gobelet-_-dent.jpg
[01/12/2013 - 18:47:14 | N | 40 Ko] - F:\gobelet-pour-brosse-_-dent_1_1.jpg
[02/12/2013 - 23:10:24 | N | 167 Ko] - F:\schema.jpg
[03/12/2013 - 15:07:58 | N | 79 Ko] - F:\1456929_10202667390906331_303771704_n.jpg
[03/12/2013 - 15:08:06 | N | 28 Ko] - F:\1454441_10202667391026334_2116177913_n.jpg
[03/12/2013 - 15:08:08 | N | 58 Ko] - F:\1472292_10202667391066335_1693845153_n.jpg
[03/12/2013 - 15:08:12 | N | 67 Ko] - F:\1454536_10202667390946332_1192339752_n.jpg
[03/12/2013 - 15:08:24 | N | 42 Ko] - F:\1474415_10202753184691122_217632509_n.jpg
[03/12/2013 - 15:08:28 | N | 46 Ko] - F:\1461058_10202753185131133_906339968_n.jpg
[03/12/2013 - 15:08:36 | N | 39 Ko] - F:\1477705_10202753185611145_1598535469_n.jpg
[03/12/2013 - 15:08:38 | N | 45 Ko] - F:\1479504_10202753186371164_39298145_n.jpg
[03/12/2013 - 15:08:42 | N | 54 Ko] - F:\1422346_10202753187171184_1847181697_n.jpg
[03/12/2013 - 15:08:46 | N | 64 Ko] - F:\1002636_10202753187331188_1418965331_n.jpg
[03/12/2013 - 15:09:04 | N | 81 Ko] - F:\1486853_10202753194451366_663846217_n.jpg
[03/12/2013 - 15:09:08 | N | 90 Ko] - F:\1450719_10202753194851376_1835322514_n.jpg
[03/12/2013 - 15:09:10 | N | 64 Ko] - F:\1467324_10202753195171384_2027473911_n.jpg
[03/12/2013 - 15:09:18 | N | 61 Ko] - F:\1480740_10202753195531393_546411305_n.jpg
[03/12/2013 - 21:52:20 | N | 214 Ko] - F:\fab.jpg
[16/12/2013 - 14:32:10 | RASHD] - F:\Autorun.inf
[04/12/2013 - 23:14:30 | D] - F:\ccf
[04/12/2013 - 23:20:18 | D] - F:\bts
[04/12/2013 - 23:20:52 | D] - F:\Nouveau dossier
[02/09/2013 - 14:15:54 | N | 0 Ko] - G:\_disk_id.pod
[16/12/2013 - 14:32:10 | RASHD] - G:\Autorun.inf
[26/10/2012 - 20:25:04 | N | 1 Ko] - G:\NIKON001.DSC
[26/10/2012 - 20:25:04 | D] - G:\DCIM

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Avatar du membre
par julia
#22371
puis celui de ZHPDiag : :~ Rapport de ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
~ Lancé par julia (16/12/2013 17:04:49)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006
AVG 2014 v14.0.4158
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3981 MB (33% free)
System Restore: Activé (Enable)
System drive C: has 222 GB (59%) free of 372 GB

---\\ Mode de connexion au système
~ Computer Name: JULIA-PC
~ User Name: julia
~ All Users Names: UpdatusUser, julia, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\julia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\julia\AppData\Roaming\
~ %Desktop% : C:\Users\julia\Desktop\
~ %Favorites% : C:\Users\julia\Favorites\
~ %LocalAppData% : C:\Users\julia\AppData\Local\
~ %StartMenu% : C:\Users\julia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 222 Go of 372 Go)
D: Hard drive, Flash drive, Thumb drive (Free 534 Go of 534 Go)
E: CD-ROM drive (Free 0 Go of 8 Go)
F: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)
G: Floppy drive, Flash card reader, USB Key (Free 0 Go of 4 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.20/11/2010 - 14:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/6602
~ Mes musiques (My Musics) : 9/585
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/1511
~ Mon Bureau (My Desktop) : 1/760
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 14s



---\\ Processus lancés
[MD5.AC33AA3B1C532A8B5FAEC60862270A2A] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1121448] [PID.2648]
[MD5.1E1C105D5EDE1F219AD8EA4C3FD56F0F] - (.ASUSTeK Computer Inc. - A program that manage wireless devices in s.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321624] [PID.2664]
[MD5.6B3BA5BB455D7A4FD16B697B8F73858F] - (.ASUSTek Computer Inc. - ASUS FaceLogon Application.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [473728] [PID.2804]
[MD5.A9D30971B24700531BEB70C85D1B8328] - (.Intel Corporation - Intel Services Manager Launcher.) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792] [PID.2864]
[MD5.DC4044C6102DE12837143B257C25EDDC] - (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe [648512] [PID.2348]
[MD5.EAECD65EE3B7751F75DC464C80EE82A3] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [17376] [PID.2636]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.1612]
[MD5.E9ACE8568F9F906996B16363E9861829] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe [1823656] [PID.3192]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3780]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4708]
[MD5.BA48CCEC781FD10B6C869F7C45CAA23E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208] [PID.5960]
[MD5.DA544EE19F1ABC4A2B6D998D998E1E4A] - (...) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe [119808] [PID.5780]
[MD5.5041D28614C0278A089BEF977C501439] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752] [PID.5660]
[MD5.55EBF29F3E2C88DDABB1DA39A356270E] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1556640] [PID.5900]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.6124]
[MD5.64A7C84C0A8C79B22033F92D43919062] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568] [PID.5952]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.5428]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.4304]
[MD5.98CADC34741738CFC24F5CDFDAA408FA] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [162456] [PID.5776]
[MD5.C9413FF055110B0830516BDC1B94E459] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328] [PID.6372]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.6408]
[MD5.A12BAE32D24CB4960266DC8FFC45DE7E] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.6452]
[MD5.D3242FF9E28EAFC77EACB2B8956724C3] - (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240] [PID.6656]
[MD5.C433EE35C183E085DB54EE23E7FA016C] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.4656]
[MD5.F1BA2F00F892B3C029C5B88E0C1C103E] - (.Pas de propriétaire - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [4624240] [PID.5904]
[MD5.A51008DA51494B89E1593076B7AFE7B1] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [395120] [PID.7976]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8295936] [PID.5420]
[MD5.A3626C6D3F2DC95497F3F61842D7FD89] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512] [PID.1452]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1512]
[MD5.4BE7EC02133544CDE7A580875E130208] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1548]
[MD5.6A122B4F0E5293CACFA8A5F2CBA9B356] - (.ASUS - ASUS InstantOn Program.) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120] [PID.2020]
[MD5.369C1928C9BBED65C9E347448BD376B0] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [193696] [PID.1208]
[MD5.6D625A18DDFCD0464B914B71293AD837] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.1388]
[MD5.2504725939338177E1F627DA0EDA2FEF] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [178848] [PID.2220]
[MD5.EDDC3BE5235C25590DC3BB3F40E4EAC6] - (.ASUS - ASUS InstantOn Program.) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe [309888] [PID.2252]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720] [PID.2312]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2516]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.2728]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] - (.ASUSTek Computer Inc. - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113312] [PID.2900]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.2944]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3540]
[MD5.F5CE2FAE5D119A978745A6AB632564FD] - (.Robert McNeel & Associates - McNeelUpdateService.) -- C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192] [PID.3664]
[MD5.707BF27D30ADAB7798C69D5BF41C7131] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.3384]
[MD5.74B2BF80D966CFE8BC8005D19E40608D] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.6168]
[MD5.A87A39F9B42D82F5D60D36BB1D3CC9D3] - (.Valve Corporation - Steam Client Service (buildbot_winslave04_s.) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe [569768] [PID.6128]
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856] [PID.6500]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824] [PID.7892]
[MD5.6AAB18AD52B106230B247E0D9E20B97E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2458944] [PID.8964]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376] [PID.1064]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\julia\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 17 Legitimates Filtered in 00mn 54s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: eManual.Lnk . (.ASUSTek Computer Inc. - EManual Application.) -- C:\eSupport\Manual\eManual.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Rhinoceros 5 (64-bit).lnk . (...) -- C:\Program Files (x86)\Rhinoceros 5 (64-bit)\System\Rhino.exe (.not file.)
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\QuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [julia]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [julia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [julia]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [julia]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [julia]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [julia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [julia]: Adobe Illustrator CC.lnk . (.Adobe Systems Inc. - Adobe Illustrator CC.) -- C:\Program Files (x86)\Adobe\Adobe Illustrator CC\Support Files\Contents\Windows\Illustrator.exe
O4 - GS\Desktop [julia]: Enregistrement des produits ASUS.lnk - Clé orpheline
O4 - GS\Desktop [julia]: KeyShot 4 64.lnk . (.Luxion - KeyShot 4.) -- C:\Program Files\KeyShot4\bin\keyshot4.exe
O4 - GS\Desktop [julia]: KeyShot 4 Resources.lnk . (...) -- C:\Users\julia\Documents\KeyShot 4
O4 - GS\Desktop [julia]: Navigateur Internet.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Global Startup: 89 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: AsusVibeLauncher.lnk . (...) -- C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ASUS Quick Gesture (x86)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
O4 - HKLM\..\Run: [ASUS TP Center (x64)] . (.AsusTek - ASUS Smart Gesture Center.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
O4 - HKLM\..\Run: [ASUS Quick Gesture (x64)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd (.not file.)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2960389178-2688341492-1248310896-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2960389178-2688341492-1248310896-1000\..\Run: [ISUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
O4 - HKUS\S-1-5-21-2960389178-2688341492-1248310896-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FAAC89A-8BEC-4DE2-834F-6854F26C776C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA0B6315-ED71-4131-92D5-31BFA0939210}: DhcpNameServer = 10.188.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FAAC89A-8BEC-4DE2-834F-6854F26C776C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EA0B6315-ED71-4131-92D5-31BFA0939210}: DhcpNameServer = 10.188.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3FAAC89A-8BEC-4DE2-834F-6854F26C776C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EA0B6315-ED71-4131-92D5-31BFA0939210}: DhcpNameServer = 10.188.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.188.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 296.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Pare-feu AVG (avgfws) . (...) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (.not file.)
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (...) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (.not file.)
O23 - Service: AVG WatchDog (avgwd) . (...) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (.not file.)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: 22 Legitimates Filtered in 00mn 19s



---\\ Logiciels installés (O42)
O42 - Logiciel: KeyShot4 4.2 64 bit - (.Luxion ApS.) [HKLM][64Bits] -- KeyShot4_64
~ Logic: 26 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Luxion]
[HKLM\Software\Luxion]
[HKLM\Software\Wow6432Node\Luxion]
~ Key Software: 235 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/11/2013 - 14:17:39 - [0] ----D C:\Users\julia\AppData\Local\3dmouse
O43 - CFD: 23/11/2013 - 17:41:15 - [0] ----D C:\Users\julia\AppData\Local\Luxion
O43 - CFD: 23/11/2013 - 17:08:03 - [0,004] ----D C:\Users\julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyShot4 64
~ 32 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 173 Legitimates Filtered in 00mn 58s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.3CCD957EC7B1958C394576B45B758B3B] - 16/12/2013 - 14:32:10 ----- . (...) -- C:\UsbFix [Scan 1] JULIA-PC.txt [17266]
O44 - LFC:[MD5.CF2E0D806F7292185EF7E75B8136CFC9] - 16/12/2013 - 14:51:43 ---A- . (...) -- C:\UsbFix [Clean 1] JULIA-PC.txt [14660]
~ Files: 55 Legitimates Filtered in 00mn 23s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.5080F126C365C3F759E3E2E5845681F9] - 16/12/2013 - 16:06:03 ---A- - C:\Windows\Prefetch\INSTUP.EXE-DCA24DB4.pf
O45 - LFCP:[MD5.56A3ED76EE772BE80748F083C046B76F] - 16/12/2013 - 16:52:16 ---A- - C:\Windows\Prefetch\CREATIVE CLOUD.EXE-799E662B.pf
O45 - LFCP:[MD5.3A48B1EC2A2062F5B62B1D63F6F1F813] - 16/12/2013 - 16:59:27 ---A- - C:\Windows\Prefetch\MCNEELUPDATESERVICE.EXE-3BE9B06C.pf
O45 - LFCP:[MD5.026AEF0A851490B5D6C30540CD8F0AB9] - 16/12/2013 - 17:00:02 ---A- - C:\Windows\Prefetch\CORESYNC.EXE-828489DA.pf
~ Prefetcher: 111 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.1C591C1A0CB8ABE215FF66F9A1D8E955] - 09/01/2012 - 13:13:12 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
O58 - SDL:[MD5.CBF4C9263F35A9E80E4AD5CBBAE6049C] - 14/07/2012 - 01:37:48 ---A- . (.Windows (R) Win 7 DDK provider - ASUS Virtual Bus.) -- C:\Windows\System32\Drivers\AsusVBus.sys [35968]
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 08/12/2013 - 15:08:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 08/12/2013 - 15:08:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/07/2009 - 10:29:40 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 16/12/2013 - 17:08:18 ---A- . (...) -- C:\Users\julia\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268598]
O61 - LFC: 16/12/2013 - 17:08:25 ---A- . (...) -- C:\Users\julia\AppData\Local\Google\Chrome\User Data\Local State [49513]
O61 - LFC: 16/12/2013 - 17:11:51 ---A- . (...) -- C:\Users\julia\AppData\Roaming\ASUS WebStorage\Logs\AWS-notepad.txt [0]
O61 - LFC: 16/12/2013 - 17:11:54 ---A- . (...) -- C:\Users\julia\AppData\Roaming\ZHP\Log.txt [18845] =>.Nicolas Coolman
O61 - LFC: 16/12/2013 - 17:11:54 ---A- . (...) -- C:\Users\julia\AppData\Roaming\ZHP\TestsZHPDiag.txt [2858] =>.Nicolas Coolman
O61 - LFC: 16/12/2013 - 17:11:54 ---A- . (...) -- C:\Users\julia\AppData\Roaming\sp_data.sys [387]
O61 - LFC: 16/12/2013 - 17:12:06 ---A- . (...) -- C:\Users\julia\Downloads\adwcleaner (1).exe [1226750]
O61 - LFC: 16/12/2013 - 17:12:06 ---A- . (...) -- C:\Users\julia\Downloads\adwcleaner.exe [1226750]
~ 26 Fichiers temporaires (Temporary files)
~ Files: 126 Legitimates Filtered in 05mn 36s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false;.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {3EDD1E58-27C5-48D8-9E6C-59EAD83F0469} - (01NET.com V1 Customized Web Search) - http://search.conduit.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
[MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (...) -- C:\Users\julia\AppData\Local\Temp\Quarantine.exe [360051]
[MD5.A68D6536B8179EE6519C350C45D89F82] [SPRF][16/12/2013] (...) -- C:\Users\julia\AppData\Roaming\sp_data.sys [387]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "F7CF0B7DE7284664D98C23DA238C577A" . (.Rhinoceros 5 (64-bit).) -- C:\Windows\Installer\{D7B0FC7F-827E-4664-9DC8-32AD32C875A7}\icon.ico
~ Update Products: 248 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 10/07/1658 0 | (avgfws) . (...) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
SS - | Auto 10/07/1658 0 | (AVGIDSAgent) . (...) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Auto 10/07/1658 0 | (avgwd) . (...) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SS - | Demand 22/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 13/04/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 09/01/2012 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
SR - | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
SR - | Auto 27/03/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 27/03/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 27/03/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 12/01/2012 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 02/02/2002 68192 | (McNeelUpdate) . (.Robert McNeel & Associates.) - C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
SR - | Auto 23/04/2012 889664 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 24/04/2012 2458944 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Demand 11/12/2013 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

~ Services: Scanned in 01mn 05s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by julia at 16/12/2013 17:16:29
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by julia at 16/12/2013 17:16:31

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (14/12/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
~ Additionnel Scan: 326369 Items scanned in 00mn 37s



---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 37s



~ 1478 Legitimates filtered by white list
End of the scan (501 lines in 12mn 20s)(0)
Avatar du membre
par julia
#22372
Et il y avait encore celui-ci ^^ Malwarebytes Anti-Malware (Essai) 1.75.0.1300
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Version de la base de données: v2013.12.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
julia :: JULIA-PC [administrateur]

Protection: Activé

16/12/2013 15:10:55
MBAM-log-2013-12-16 (15-20-28).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 253079
Temps écoulé: 9 minute(s), 14 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 2
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Aucune action effectuée.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 1
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Données: http://search.conduit.com?SearchSource= ... =CT3307695" onclick="window.open(this.href);return false; -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Mauvais: (http://search.conduit.com/?ctid=CT33076 ... 174FCBAAE6" onclick="window.open(this.href);return false;) Bon: (http://www.google.com" onclick="window.open(this.href);return false;) -> Aucune action effectuée.

Dossier(s) détecté(s): 28
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695 (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\plugins (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\xpi (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\xpi\defaults (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\ProgramData\Conduit\IE\CT3307695 (PUP.Optional.Conduit.A) -> Aucune action effectuée.

Fichier(s) détecté(s): 77
C:\Users\julia\AppData\Local\Temp\ct3307695\ctbe.exe (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\spch.exe (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\spff.exe (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\statisticsStub.exe (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\stub.exe (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\Downloads\01net_AVG_Antivirus_Free_Edition.exe (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\FR (PUP.Optional.SearchProtect.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\chromeid.txt (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\conduit.xml (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\CT3307695.txt (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\CT3307695.xpi (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\initdata.json (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\manifest.json (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\setup.ini.txt (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\version.txt (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\xpi\install.rdf (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\Users\julia\AppData\Local\Temp\ct3307695\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\ProgramData\Conduit\IE\CT3307695\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Aucune action effectuée.

(fin)

j'ai un court truc sur adwcleaner. Je ne sais plus dans quel ordre j'ai fait tout ça..
Avatar du membre
par g3n-h@ckm@n
#22377
change tous tes mots de passe d'accès sur sur internet ils ont été volés ^^
Avatar du membre
par julia
#22388
oula d'accord merci beaucoup!! j'en avais déjà  changé la pluspart. Comment tu arrives à  voir ça ? que ce soit fb , hotmail, banque ..?
Avatar du membre
par julia
#22389
Dernière question : si j'ai branché mon téléphone portable à  mon pc pdt que j'avais ce virus faut-il que je recommence tout le processus ?
Avatar du membre
par g3n-h@ckm@n
#22396
oui refais une suppression avec usbfix avec le portable (il est bien stipulé "Tous vos peripheriques"

et debranche le pc d'internet pendant , ca sera plus sur on sait jamais

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)