Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#28929
Bonsoir,

Mes clés usb sont infectées par un virus qui transforme les dossiers et fichiers en raccourcis.
J'avais déjà  essayé de supprimer ce virus toute seule avec usbfix, mais cela ne semble pas avoir complètement marché puisque depuis quelques jours le virus est revenu, je me tourne donc vers vous pour m'aider.

Merci :)
Code: Tout sélectionner
# AdwCleaner v3.017 - Rapport créé le 15/01/2014 à  20:12:49
# Mis à  jour le 12/01/2014 par Xplode
# Système d'exploitation : Windows 8.1 (64 bits)
# Nom d'utilisateur : Alice - PC-ALICE
# Exécuté depuis : C:\Users\Alice\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Program Files (x86)\Softonic
Dossier Supprimé : C:\Users\Alice\AppData\LocalLow\Softonic
Dossier Supprimé : C:\Users\Alice\AppData\Roaming\cacaoweb
Dossier Supprimé : C:\Users\Alice\AppData\Roaming\OpenCandy
Dossier Supprimé : C:\Users\Alice\AppData\Roaming\Softonic
Dossier Supprimé : C:\Users\Alice\AppData\Roaming\Systweak
Fichier Supprimé : C:\END
Fichier Supprimé : C:\WINDOWS\System32\roboot64.exe
Fichier Supprimé : C:\Users\Alice\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\Users\Alice\Desktop\cacaoweb.exe

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\S
Clé Supprimée : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Clé Supprimée : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\cacaoweb
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\Vittalia
Clé Supprimée : HKCU\Software\Wajam
Clé Supprimée : HKLM\Software\Softonic
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16384

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.63

[ Fichier : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10040 octets] - [15/01/2014 20:10:14]
AdwCleaner[S0].txt - [8930 octets] - [15/01/2014 20:12:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8990 octets] ##########
Code: Tout sélectionner
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Version de la base de données: v2014.01.15.08

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Alice :: PC-ALICE [administrateur]

Protection: Activé

15/01/2014 20:33:09
mbam-log-2014-01-15 (20-33-09).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 216476
Temps écoulé: 9 minute(s), 24 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\Alice\Downloads\installer_gimp_French.exe (PUP.Optional.InstallCore.A) -> Mis en quarantaine et supprimé avec succès.

(fin)
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.1.12.13 - Nicolas Coolman (12/01/2014)
~ Lancé par Alice (15/01/2014 20:57:39)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : XTJYG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader X
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3969 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 389 GB (88%) free of 441 GB

---\\ Mode de connexion au système
~ Computer Name: PC-ALICE
~ User Name: Alice
~ All Users Names: Alice, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alice\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alice\AppData\Roaming\
~ %Desktop% : C:\Users\Alice\Desktop\
~ %Favorites% : C:\Users\Alice\Favorites\
~ %LocalAppData% : C:\Users\Alice\AppData\Local\
~ %StartMenu% : C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 389 Go of 441 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.19/11/2013 - 01:58:08.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.30/09/2013 - 05:14:00.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/09/2013 - 05:13:57.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/30
~ Mes musiques (My Musics) : 1/62
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/207
~ Mon Bureau (My Desktop) : 1/667
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2356]
[MD5.EBB6E052762BDC16A3A8927D1E6E91F5] - (.Samsung Electronics CO., LTD. - Settings.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2624048] [PID.3736]
[MD5.1AF1360E070BD8EA402F793EF6FBAAEB] - (.Macrovision Corporation - Macrovision Software Manager.) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128] [PID.4444]
[MD5.AE29724E282EDBE7D0F49E9982642EFD] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392] [PID.4464]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4968]
[MD5.D2756EDAAA3089C3256749439C1CBF97] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640] [PID.4504]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.4588]
[MD5.4738DC864215B00B886E27A8D18CC326] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.2540]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.1060]
[MD5.EE889775E0F9755C90FAEBFB93FBD781] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [805992] [PID.1856]
[MD5.1ACCA74287FE5D7449FBB2B9F0C83341] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [309328] [PID.4636] =>Toolbar.Google
[MD5.4C9D9C380E70FF2103E5C33EDF7599AD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8334336] [PID.5580]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé) =>Adware.MyWebSearch
~ Google Browser: 19 Legitimates Filtered in 00mn 04s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: AllShare Play.lnk . (...) -- C:\WINDOWS\Installer\{CE1836A8-3F2B-49BD-8395-93DD414068D2}\_1D242327D514C581C4AA2F.exe
O4 - GS\Desktop [Public]: GanttProject.lnk . (...) -- C:\Program Files (x86)\GanttProject-2.6\ganttproject.exe
O4 - GS\Desktop [Public]: Help Desk.lnk . (...) -- C:\Program Files (x86)\Samsung\Help Desk\HelpDesk.exe (.not file.)
O4 - GS\Desktop [Public]: Quick Starter.lnk . (.Samsung Electronics CO., LTD. - Quick Starter.) -- C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
O4 - GS\Desktop [Public]: Recovery.lnk . (.SEC - Recovery.) -- C:\Program Files\Samsung\Recovery\Manager1.exe
O4 - GS\Desktop [Public]: Support Center.lnk . (...) -- C:\Program Files (x86)\Samsung\Support Center\GuaranaMain.exe (.not file.)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Gantt Designer v2.lnk . (...) -- C:\WINDOWS\Installer\{AF1BEB72-E02B-4F0D-8FB2-E24280700414}\_83DA2DE11E7337D13CB691.exe
O4 - GS\QuickLaunch [Alice]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Alice]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Alice]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Alice]: User Guide.lnk . (.Samsung Electronics CO,. LTD. - Runmanual.) -- C:\Program Files (x86)\Samsung\User Guide\RunManual.exe
O4 - GS\Program [Alice]: Gantt Designer.lnk . (...) -- C:\Users\Alice\AppData\Roaming\Microsoft\Installer\{2E6567D5-BCDA-4A7B-855F-687480D0835C}\_bb32ea6.exe
O4 - GS\Program [Alice]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Alice]: S Agent.lnk . (...) -- C:\Program Files (x86)\Samsung\S Agent\CommonAgent.exe (.not file.)
~ Global Startup: 49 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Bitcasa] . (.Bitcasa, Inc - Bitcasa for Windows.) -- C:\Program Files\Bitcasa\Bitcasa.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtsCM] . (.Realtek Semiconductor Corp. - Realtek Camera Man.) -- C:\Windows\RTSCM64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
O4 - HKCU\..\Run: [iTunesHelper] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm®Atheros® - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
O4 - HKUS\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run: [iTunesHelper] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{547FE11F-2D32-46BF-9BE7-2E8C7963B740}: DhcpNameServer = 192.168.1.254 80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{86AB3AF4-B217-4E36-A594-090B2E4C2520}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{547FE11F-2D32-46BF-9BE7-2E8C7963B740}: DhcpNameServer = 192.168.1.254 80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{86AB3AF4-B217-4E36-A594-090B2E4C2520}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\windows\system32\CbFsMntNtf3.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\windows\SysWow64\CbFsMntNtf3.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: 17 Legitimates Filtered in 00mn 13s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppInventor Setup]
[HKLM\Software\Airplane]
~ Key Software: 211 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/11/2013 - 13:38:26 - [173,536] ----D C:\Program Files (x86)\AppInventor
O43 - CFD: 12/12/2013 - 00:08:52 - [0,622] ----D C:\Program Files (x86)\Timios
O43 - CFD: 12/12/2013 - 00:12:06 - [0,765] ----D C:\Program Files (x86)\Timios Ideas
O43 - CFD: 12/12/2013 - 00:12:44 - [0,001] ----D C:\ProgramData\Timios Ideas
O43 - CFD: 16/11/2013 - 00:40:58 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 15/11/2013 - 22:09:06 - [1,063] ----D C:\Users\Alice\AppData\Roaming\0V1L2Z2Z1T1I1L1T
O43 - CFD: 12/12/2013 - 00:12:42 - [0,003] ----D C:\Users\Alice\AppData\Local\Timios Ideas
O43 - CFD: 12/12/2013 - 00:12:44 - [0,013] ----D C:\Users\Alice\AppData\Local\Timios_Ideas
~ Program Folder: 147 Legitimates Filtered in 01mn 06s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F87990FDBDD4DC037343A80BD7E67538] - 10/01/2014 - 10:01:46 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys.bak [44640]
O44 - LFC:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 10/01/2014 - 10:01:49 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys.bak [17624]
O44 - LFC:[MD5.194ED3C117525613E701FF257882303E] - 10/01/2014 - 10:02:39 ---A- . (.Windows (R) Win 7 DDK provider - HID Radio Switch mini driver for USB Fx2 De.) -- C:\Windows\System32\Drivers\RadioHIDMini.sys.bak [23408]
O44 - LFC:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 10/01/2014 - 10:02:52 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [31072]
O44 - LFC:[MD5.C8C7EAD8098EA7468D651F3459657240] - 11/01/2014 - 11:13:53 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [681905]
O44 - LFC:[MD5.1EF2A77F3F4951CC25EEEA882376A769] - 11/01/2014 - 11:13:58 ---A- . (...) -- C:\Windows\System32\Drivers\rtvienna.dat [5681192]
~ Files: 307 Legitimates Filtered in 00mn 16s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.3EDF4624562373127C528564E4983264] - 03/01/2014 - 13:00:47 ---A- - C:\Windows\Prefetch\OLRSUBMISSION.EXE-20A4D5ED.pf
O45 - LFCP:[MD5.9CA840D646254CAD43B77EEB2DFF27A7] - 04/01/2014 - 17:22:06 ---A- - C:\Windows\Prefetch\BETASERIESW8.EXE-71F62B92.pf
O45 - LFCP:[MD5.A3731A16E0BD8AC5E52515F3B4A86699] - 04/01/2014 - 17:23:04 ---A- - C:\Windows\Prefetch\VOYAGES-SNCF.EXE-FF00F9AB.pf
O45 - LFCP:[MD5.AFA574FC31B4968FD816015FA88F2AF0] - 05/01/2014 - 17:58:12 ---A- - C:\Windows\Prefetch\FICTIONBOOKREADER.EXE-CBB473EC.pf
O45 - LFCP:[MD5.13757E8C7F1B1B1AC640BDE7C0389551] - 08/01/2014 - 18:46:39 ---A- - C:\Windows\Prefetch\GANTT.EXE-EF3C9849.pf
O45 - LFCP:[MD5.9012625BADBBA62AC75EE6C105A18392] - 09/01/2014 - 19:59:16 ---A- - C:\Windows\Prefetch\REDETECTVODAFONEMODEM.EXE-D4E00CC9.pf
O45 - LFCP:[MD5.E2F8F5E9BE250477DEF83B07F3C7E5AE] - 10/01/2014 - 09:51:42 ---A- - C:\Windows\Prefetch\GO.EXE-34414F70.pf
O45 - LFCP:[MD5.8314F52BCB61009A37453EAFEE9EB87A] - 10/01/2014 - 11:47:09 ---A- - C:\Windows\Prefetch\GANTT.EXE-07D1EA5F.pf
O45 - LFCP:[MD5.B4C7E648C8DE9267128B42E30C35CC3A] - 10/01/2014 - 12:03:10 ---A- - C:\Windows\Prefetch\GANTTPROJECT-2.6.1-R1499.EXE-F35C216D.pf
O45 - LFCP:[MD5.4F36F34D092AD1F55333CF130582E4BF] - 11/01/2014 - 11:07:11 ---A- - C:\Windows\Prefetch\64BIT_WIN7_WIN8_WIN81_R273.EX-B7F22FF5.pf
O45 - LFCP:[MD5.320625EB0C4671167DDD279EC280231B] - 11/01/2014 - 11:19:57 ---A- - C:\Windows\Prefetch\WIN64_15338.EXE-0A8D2B93.pf
O45 - LFCP:[MD5.C80ABEAB1F8D21ED102B54EAFAB057A4] - 11/01/2014 - 18:49:45 ---A- - C:\Windows\Prefetch\CACAOWEB.EXE-EE386D20.pf =>PUP.CacaoWeb
O45 - LFCP:[MD5.FAAB720C5AF666B31530242866F2ED58] - 12/01/2014 - 14:50:29 ---A- - C:\Windows\Prefetch\RUNMANUAL.EXE-FC60AB7D.pf
O45 - LFCP:[MD5.05D35B346960A2981274C480D061AB92] - 12/01/2014 - 15:10:46 ---A- - C:\Windows\Prefetch\GANTTPROJECT.EXE-3BDEB64C.pf
O45 - LFCP:[MD5.3039A33B7C53B30A5B02E215B86B741B] - 12/01/2014 - 15:52:13 ---A- - C:\Windows\Prefetch\FILEMANAGER.EXE-D7E24B17.pf
O45 - LFCP:[MD5.13FAF67105E4D62389E9A1BC4805DC4C] - 12/01/2014 - 15:55:37 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf
O45 - LFCP:[MD5.7E7580E8323F0318BFCEC158C4F4F52D] - 12/01/2014 - 15:56:13 ---A- - C:\Windows\Prefetch\BULKOPERATIONHOST.EXE-1D031CC3.pf
O45 - LFCP:[MD5.A3E57DBD26B1103403E3875E9478B5BE] - 14/01/2014 - 12:47:22 ---A- - C:\Windows\Prefetch\NUMBERS.EXE-56AB8A28.pf
O45 - LFCP:[MD5.5776A3BD67D77759A31AC6A24A5E7ADB] - 14/01/2014 - 19:35:45 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.57C3D72AA52B91FADE19AC0A48E961D2] - 15/01/2014 - 12:31:16 ---A- - C:\Windows\Prefetch\CACAOWEB.EXE-32004E0F.pf =>PUP.CacaoWeb
O45 - LFCP:[MD5.0F12C493A8192D42D8BA7FD0A75DC873] - 15/01/2014 - 19:54:13 ---A- - C:\Windows\Prefetch\1389811981.EXE-06615761.pf
O45 - LFCP:[MD5.5E285D4B933DF805D25E02A8936536C4] - 15/01/2014 - 20:16:02 ---A- - C:\Windows\Prefetch\ETDTOUCH.EXE-A8BF29A4.pf
O45 - LFCP:[MD5.E7539AC352563413E404E27FEA1F55B4] - 15/01/2014 - 20:16:29 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.9F7CEC09181007E1186769CD6134FAE7] - 15/01/2014 - 20:16:31 ---A- - C:\Windows\Prefetch\CLMLSVC_P2G8.EXE-B2D16FDB.pf
O45 - LFCP:[MD5.1A9EAC1E3B785E16F9CAD8D8D9AC2531] - 15/01/2014 - 20:18:03 ---A- - C:\Windows\Prefetch\SETTOUCHPADCONTROL64.EXE-CAF017E2.pf
O45 - LFCP:[MD5.9CAA4F9563C53F1D058300B256E2BE5C] - 15/01/2014 - 20:46:35 ---A- - C:\Windows\Prefetch\EASYSETTINGSCMDSERVER.EXE-1B8CA773.pf
O45 - LFCP:[MD5.70C2162A703315B43973C97913C01435] - 15/01/2014 - 20:46:38 ---A- - C:\Windows\Prefetch\PfPre_9fef4ec8.db
O45 - LFCP:[MD5.8B49469B3C37D86DE809B932ECDD30E6] - 15/01/2014 - 20:48:52 ---A- - C:\Windows\Prefetch\MOBILEAPSET.EXE-2C67F0CE.pf
O45 - LFCP:[MD5.DECFED0F98CFE16A249B13EBAE55FC44] - 15/01/2014 - 20:48:58 ---A- - C:\Windows\Prefetch\RTSCM64.EXE-553D11DB.pf
O45 - LFCP:[MD5.39275BB0963B91F2C296F7F85413D84A] - 15/01/2014 - 20:49:11 ---A- - C:\Windows\Prefetch\VIRTUALDRIVE.EXE-018D4C1C.pf
O45 - LFCP:[MD5.278BEFF8DB53A394F5A138990AB1B016] - 15/01/2014 - 20:52:33 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.6D9CF6681F1BBE706622E39E323217D4] - 15/01/2014 - 20:53:53 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.E27AC873F8098E7603C46CAC57FD2557] - 15/01/2014 - 20:58:48 ---A- - C:\Windows\Prefetch\VENDORAPIRUN64.EXE-358606D0.pf
O45 - LFCP:[MD5.3F9B13B67CC3B1A54CC8485FBF68A259] - 22/12/2013 - 20:38:31 ---A- - C:\Windows\Prefetch\POWERMODEMANAGER.EXE-87B80BF0.pf
O45 - LFCP:[MD5.CA31D535B55B762D59E8E39B56FCF0DB] - 27/12/2013 - 23:03:12 ---A- - C:\Windows\Prefetch\GLCND.EXE-02A191A6.pf
O45 - LFCP:[MD5.0CD2C14305BD95653FF6CBA1332E8392] - 28/12/2013 - 15:22:20 ---A- - C:\Windows\Prefetch\FICTIONBOOKREADER.EXE-DAC34042.pf
O45 - LFCP:[MD5.40988C955E5F1E3C287EFB840D17253B] - 30/12/2013 - 18:16:42 ---A- - C:\Windows\Prefetch\FILEHISTORY.EXE-982E7044.pf
~ Prefetcher: 251 Legitimates Filtered in 00mn 07s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{ed35c8a5-7958-11e3-be93-1867b04b8f20}\AutoRun\command. (...) -- E:\StartVMCLite.exe (.not file.)
O51 - MPSK:{ed35c927-7958-11e3-be93-1867b04b8f20}\AutoRun\command. (...) -- E:\StartVMCLite.exe (.not file.)
O51 - MPSK:{ed35c947-7958-11e3-be93-1867b04b8f20}\AutoRun\command. (...) -- E:\StartVMCLite.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 11/11/2013 - 14:34:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.F87990FDBDD4DC037343A80BD7E67538] - 11/11/2013 - 14:34:03 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:[MD5.F87990FDBDD4DC037343A80BD7E67538] - 10/01/2014 - 10:01:46 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys.bak [44640]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 11/11/2013 - 14:34:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 10/01/2014 - 10:01:49 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys.bak [17624]
O58 - SDL:[MD5.ED65FFD263521A1D98C82DBF2241DAD6] - 06/09/2013 - 14:19:20 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [358664]
O58 - SDL:[MD5.ED65FFD263521A1D98C82DBF2241DAD6] - 10/01/2014 - 10:02:03 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys.bak [358664]
O58 - SDL:[MD5.194ED3C117525613E701FF257882303E] - 27/07/2012 - 13:00:03 ---A- . (.Windows (R) Win 7 DDK provider - HID Radio Switch mini driver for USB Fx2 Device.) -- C:\Windows\System32\Drivers\RadioHIDMini.sys [23408]
O58 - SDL:[MD5.194ED3C117525613E701FF257882303E] - 10/01/2014 - 10:02:39 ---A- . (.Windows (R) Win 7 DDK provider - HID Radio Switch mini driver for USB Fx2 Device.) -- C:\Windows\System32\Drivers\RadioHIDMini.sys.bak [23408]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 10/01/2014 - 10:02:52 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [31072]
~ Drivers: 18 Legitimates Filtered in 00mn 12s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 12/01/2014 - 21:00:15 ---A- . (...) -- C:\Users\Alice\.ganttproject [3500]
O61 - LFC: 12/01/2014 - 21:00:45 ---A- . (...) -- C:\Users\Alice\AppData\Roaming\Microsoft\Templates\Normal.dotm [15386]
O61 - LFC: 12/01/2014 - 21:01:20 ---A- . (...) -- C:\Users\Alice\SkyDrive\Documents\2013-2014 - MBA2 International Travel Management\Ultra-Spécialisation\Gantt-GEODIS.gan [9129]
O61 - LFC: 12/01/2014 - 21:01:20 ---A- . (...) -- C:\Users\Alice\SkyDrive\Documents\2013-2014 - MBA2 International Travel Management\Ultra-Spécialisation\US4-FeuilledeRouteProjetGEODIS.docx [637529]
O61 - LFC: 12/01/2014 - 21:01:20 ---A- . (...) -- C:\Users\Alice\SkyDrive\Documents\2013-2014 - MBA2 International Travel Management\Ultra-Spécialisation\US4-FeuilledeRouteProjetGEODIS.pdf [695253]
O61 - LFC: 14/01/2014 - 21:01:01 ---A- . (...) -- C:\Users\Alice\Downloads\c142456.ics [3315]
O61 - LFC: 14/01/2014 - 21:01:01 ---A- . (...) -- C:\Users\Alice\Downloads\noname.html [1632]
O61 - LFC: 14/01/2014 - 21:01:20 ---A- . (...) -- C:\Users\Alice\SkyDrive\Documents\2013-2014 - MBA2 International Travel Management\Ultra-Spécialisation\2014 01 09 Présentation Escaet Janvier 2014 FINAL.pdf [599496]
O61 - LFC: 15/01/2014 - 21:00:16 ---A- . (...) -- C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273221]
O61 - LFC: 15/01/2014 - 21:00:26 ---A- . (...) -- C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Local State [54061]
O61 - LFC: 15/01/2014 - 21:00:45 ---A- . (...) -- C:\Users\Alice\AppData\Roaming\ZHP\Log.txt [17736] =>.Nicolas Coolman
O61 - LFC: 15/01/2014 - 21:00:45 ---A- . (...) -- C:\Users\Alice\AppData\Roaming\ZHP\TestsZHPDiag.txt [2827] =>.Nicolas Coolman
O61 - LFC: 15/01/2014 - 21:01:00 ---A- . (...) -- C:\Users\Alice\Downloads\Analyse financière.xlsx [12068]
O61 - LFC: 15/01/2014 - 21:01:00 ---A- . (...) -- C:\Users\Alice\Downloads\adwcleaner.exe [1236282]
O61 - LFC: 15/01/2014 - 21:01:20 ---A- . (...) -- C:\Users\Alice\SkyDrive\Documents\2013-2014 - MBA2 International Travel Management\Ultra-Spécialisation\Analyse fi.xlsx [29400]
O61 - LFC: 15/01/2014 - 21:01:20 ---A- . (...) -- C:\Users\Alice\SkyDrive\Documents\2013-2014 - MBA2 International Travel Management\Ultra-Spécialisation\Analyse financière.xlsx [12068]
~ 14 Fichiers temporaires (Temporary files)
~ Files: 156 Legitimates Filtered in 01mn 05s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net.)" onclick="window.open(this.href);return false; [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\Alice\AppData\Local\Temp\Quarantine.exe [360073]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{282C57D1-4C69-4FDC-AEE9-9B2413EE29A4}C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{42E00E7A-2850-4784-A5FE-E7DC1614DD40}C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "TCP Query User{22B865C8-C4D3-4AFA-A5D3-D96D45338CD2}C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{4CF07201-4F9A-4F54-9CE4-F4B93D17B90B}C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\alice\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ Firewall: 219 Legitimates Filtered in 00mn 04s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "27BEB1FAB20ED0F4F82B2E2408074041" . (.Gantt Designer v2.) -- C:\WINDOWS\Installer\{AF1BEB72-E02B-4F0D-8FB2-E24280700414}\_21F3885A18D238E15AAE81.exe
O90 - PUC: "515C20FD5B04CA546A10D56CD93088C5" . (.Phone Screen Sharing.) -- C:\WINDOWS\Installer\{DF02C515-40B5-45AC-A601-5DC69D03885C}\ARPPRODUCTICON.exe
O90 - PUC: "864786959EC8FBA4C9A6C5130F0EF9B8" . (.SideSync.) -- C:\WINDOWS\Installer\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}\_853F67D554F05449430E7E.exe
O90 - PUC: "F142CE28ACFD66148A3CAED5B2A9144C" . (.HomeSync Lite.) -- C:\WINDOWS\Installer\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}\ARPPRODUCTICON.exe
~ Update Products: 92 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.FC0C921189E6B2BF41C363678B37BD9F] [WIS][11/11/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\1c3e74.msi [28672] =>Toolbar.Google
~ WIS: 93 Legitimates Filtered in 00mn 45s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 23/10/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/11/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 26/01/2013 172104 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/09/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 12/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/02/2013 1594416 | (Easy Launcher) . (.Samsung Electronics CO., LTD..) - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
SR - | Auto 06/09/2013 100104 | (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe
SR - | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 16/09/2013 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 16/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 08/01/2014 2768720 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 21/10/2013 3018800 | (SWUpdateService) . (.Samsung Electronics CO., LTD..) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 25/09/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

~ Services: Scanned in 00mn 49s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Alice at 15/01/2014 21:03:33
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Alice at 15/01/2014 21:03:35

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13022 - (12/01/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 3

[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe =>Toolbar.Google^
C:\Windows\Installer\1c3e74.msi =>Toolbar.Google^
C:\Users\Alice\Downloads\cacaoweb.exe =>PUP.CacaoWeb
~ Additionnel Scan: 301429 Items scanned in 00mn 45s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb" onclick="window.open(this.href);return false; =>PUP.CacaoWeb
~ MSI: 2 link(s) detected in 00mn 45s



~ 1588 Legitimates filtered by white list
End of the scan (538 lines in 06mn 43s)(0)
#28930
Bonjour ,

Bienvenue sur SosVirus :)

Afin qu'un membre du groupe d'entraide (Helper) puisse t'aider au mieux, prend connaissance de ce qui suit :



Image La désinfection doit être suivie jusqu'à  la fin, même si tes problèmes ont disparu.
Image La désinfection sera terminée quand tu verras : Ce message (Clique sur le lien pour le visualiser)
Image Les Helper's sont tous bénévoles et ne peuvent pas toujours répondre de suite.
Image Les logiciels de désinfection devront être lancés uniquement depuis ton bureau.
Image Si tu as ouvert un sujet sur un autre forum, indique le lien de ce sujet afin que ton Helper puisse déjà  avoir une idée des problèmes.


  • Si tu as des questions sur les 'informations' ci-dessus, posent les en réponses :)
Image Message de l'administration :

[list][*] Les intervenants (Helper) sont en droit de fermer ton sujet s'ils constatent que ta version de Windows n'est pas légale.
[*] Les intervenants (Helper) sont en droit de refuser de t'aider s'ils constatent que tu utilises des cracks, keygens et autres systèmes de piratage.[/list]
Image Une fois que tu auras pris connaissance de ce qui est ci dessus et répondu,
un Helper prendra ton sujet en charge.

Bonne désinfection sur SosVirus
:)
#29863
Voila la recherche usbfix.

Je l'ai fais sur 3 de mes clés usb (je n'ai que 3 port usb) mais j'ai deux autres supports amovibles o๠le virus est peut être aussi présent.

Code: Tout sélectionner
############################## | UsbFix V 7.161 | [Recherche]

Utilisateur: Alice (Administrateur) # PC-ALICE
Mis à  jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à  22:22:26 | 16/01/2014

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/" onclick="window.open(this.href);return false;
Support : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (NP270E5E-K03FR)
CPU: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
RAM -> [Total : 3970 Mo| Free : 2736 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.76

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 441 Go (389 Go libre(s) - 88%) [] # NTFS
D:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (3 Mo libre(s) - 0%) [USB DISK] # FAT32

################## | Processus Actif |

C:\WINDOWS\system32\wininit.exe (ID: 716 |ParentID: 640)
C:\WINDOWS\system32\winlogon.exe (ID: 776 |ParentID: 724)
C:\WINDOWS\system32\lsass.exe (ID: 828 |ParentID: 716)
C:\WINDOWS\system32\svchost.exe (ID: 896 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 944 |ParentID: 820)
C:\WINDOWS\System32\svchost.exe (ID: 300 |ParentID: 820)
C:\WINDOWS\system32\dwm.exe (ID: 388 |ParentID: 776)
C:\WINDOWS\system32\svchost.exe (ID: 668 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 728 |ParentID: 820)
C:\WINDOWS\System32\svchost.exe (ID: 680 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 1140 |ParentID: 820)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1256 |ParentID: 820)
C:\WINDOWS\System32\spoolsv.exe (ID: 1424 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 1452 |ParentID: 820)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1712 |ParentID: 820)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1736 |ParentID: 820)
C:\WINDOWS\system32\dashost.exe (ID: 1792 |ParentID: 680)
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (ID: 1856 |ParentID: 820)
C:\Program Files\Elantech\ETDService.exe (ID: 2044 |ParentID: 820)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 1128 |ParentID: 820)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 1280 |ParentID: 820)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 1684 |ParentID: 820)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 1788 |ParentID: 820)
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ID: 2160 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 2464 |ParentID: 820)
C:\WINDOWS\system32\svchost.exe (ID: 2548 |ParentID: 820)
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ID: 2940 |ParentID: 1856)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 3032 |ParentID: 2044)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 1568 |ParentID: 1788)
C:\WINDOWS\Explorer.EXE (ID: 1220 |ParentID: 3036)
C:\Program Files\Elantech\ETDTouch.exe (ID: 3088 |ParentID: 3032)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 3560 |ParentID: 3032)
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe (ID: 4032 |ParentID: 896)
C:\WINDOWS\system32\taskhostex.exe (ID: 3204 |ParentID: 668)
C:\Program Files (x86)\Samsung\Settings\sSettings.exe (ID: 3500 |ParentID: 668)
C:\Windows\System32\RuntimeBroker.exe (ID: 3924 |ParentID: 896)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 4008 |ParentID: 820)
C:\Windows\System32\skydrive.exe (ID: 1048 |ParentID: 896)
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ID: 464 |ParentID: 1220)
C:\Windows\System32\hkcmd.exe (ID: 2628 |ParentID: 1220)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 2860 |ParentID: 896)
C:\Windows\System32\igfxpers.exe (ID: 2416 |ParentID: 1220)
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ID: 2788 |ParentID: 820)
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (ID: 3756 |ParentID: 1220)
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (ID: 3652 |ParentID: 464)
C:\Windows\System32\wscript.exe (ID: 2528 |ParentID: 1220)
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 3760 |ParentID: 3648)
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (ID: 2092 |ParentID: 3648)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 2452 |ParentID: 3648)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 1336 |ParentID: 3648)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 4828 |ParentID: 896)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 4848 |ParentID: 896)
C:\Program Files\Samsung\S Agent\CommonAgent.exe (ID: 4416 |ParentID: 668)
C:\WINDOWS\system32\igfxext.exe (ID: 4524 |ParentID: 896)
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (ID: 4044 |ParentID: 820)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 5108 |ParentID: 820)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 4640 |ParentID: 820)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 2140 |ParentID: 820)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1480 |ParentID: 820)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 3308 |ParentID: 4016)
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (ID: 4476 |ParentID: 820)
C:\Windows\System32\SettingSyncHost.exe (ID: 3888 |ParentID: 896)
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (ID: 2484 |ParentID: 4688)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 3812 |ParentID: 1188)
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (ID: 5856 |ParentID: 4416)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID: 5448 |ParentID: 4292)
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (ID: 4152 |ParentID: 5552)
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (ID: 3440 |ParentID: 4152)
C:\WINDOWS\system32\SearchProtocolHost.exe (ID: 2296 |ParentID: 4008)
C:\Windows\System32\WUDFHost.exe (ID: 6036 |ParentID: 680)
C:\WINDOWS\system32\SearchFilterHost.exe (ID: 4628 |ParentID: 4008)
C:\WINDOWS\SysWOW64\ctfmon.exe (ID: 6192 |ParentID: 1336)

################## | Regedit Run |

04 - HKLM\..\Run : [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\..\Run : [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
04 - HKLM\..\Run : [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - HKLM64\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKLM64\..\Run : [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
04 - HKLM64\..\Run : [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
04 - HKLM64\..\Run : [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
04 - HKLM64\..\Run : [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
04 - HKLM64\..\Run : [RtsCM] RTSCM64.EXE
04 - HKLM64\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM64\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run : [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
04 - HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\Alice\AppData\Local\Temp\iTunesHelper.vbe"

################## | Recherche générique |

Présent! C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! C:\Users\Alice\AppData\Local\Temp\iTunesHelper.vbe
Présent! G:\Stage GEODIS.lnk
Présent! G:\Articles.lnk
Présent! G:\Catégorie achat.lnk

################## | Registre |

Présent! HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccin |

G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
#30471
Voila la suppression
Code: Tout sélectionner
############################## | UsbFix V 7.161 | [Suppression]

Utilisateur: Alice (Administrateur) # PC-ALICE
Mis à  jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à  20:17:25 | 17/01/2014

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/" onclick="window.open(this.href);return false;
Support : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (NP270E5E-K03FR)
CPU: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
RAM -> [Total : 3970 Mo| Free : 2689 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.76

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 441 Go (389 Go libre(s) - 88%) [] # NTFS
D:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (3 Mo libre(s) - 0%) [USB DISK] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1208 |ParentID: 816)
Stoppé! C:\WINDOWS\System32\spoolsv.exe (ID: 1396 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1520 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1624 |ParentID: 816)
Stoppé! C:\WINDOWS\system32\dashost.exe (ID: 1672 |ParentID: 972)
Stoppé! C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (ID: 1704 |ParentID: 816)
Stoppé! C:\Program Files\Elantech\ETDService.exe (ID: 1760 |ParentID: 816)
Stoppé! C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 1796 |ParentID: 816)
Stoppé! C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 1832 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 1848 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 1984 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ID: 1644 |ParentID: 816)
Stoppé! C:\WINDOWS\system32\SearchIndexer.exe (ID: 2604 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ID: 2592 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (ID: 4956 |ParentID: 816)
Stoppé! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 4624 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 4824 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 2648 |ParentID: 816)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4756 |ParentID: 816)
Stoppé! C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (ID: 2256 |ParentID: 816)
Stoppé! C:\WINDOWS\Explorer.EXE (ID: 4504 |ParentID: 4012)
Stoppé! C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ID: 5168 |ParentID: 1704)
Stoppé! C:\Program Files\Elantech\ETDCtrl.exe (ID: 3324 |ParentID: 1760)
Stoppé! C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe (ID: 3796 |ParentID: 896)
Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 5184 |ParentID: 1984)
Stoppé! C:\Windows\System32\skydrive.exe (ID: 4496 |ParentID: 896)
Stoppé! C:\WINDOWS\system32\DllHost.exe (ID: 4696 |ParentID: 896)
Stoppé! C:\Program Files\Elantech\ETDTouch.exe (ID: 5684 |ParentID: 3324)
Stoppé! C:\Windows\System32\RuntimeBroker.exe (ID: 1596 |ParentID: 896)
Stoppé! C:\WINDOWS\system32\igfxext.exe (ID: 5400 |ParentID: 896)
Stoppé! C:\WINDOWS\system32\taskhostex.exe (ID: 4400 |ParentID: 500)
Stoppé! C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 4024 |ParentID: 3324)
Stoppé! C:\Program Files (x86)\Samsung\Settings\sSettings.exe (ID: 2408 |ParentID: 500)
Stoppé! C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ID: 6108 |ParentID: 4504)
Stoppé! C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (ID: 1064 |ParentID: 6108)
Stoppé! C:\WINDOWS\system32\igfxsrvc.exe (ID: 3036 |ParentID: 896)
Stoppé! C:\Windows\System32\hkcmd.exe (ID: 5216 |ParentID: 4504)
Stoppé! C:\Windows\System32\igfxpers.exe (ID: 3040 |ParentID: 4504)
Stoppé! C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (ID: 4664 |ParentID: 4504)
Stoppé! C:\Windows\System32\wscript.exe (ID: 4704 |ParentID: 4504)
Stoppé! C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ID: 4036 |ParentID: 3456)
Stoppé! C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (ID: 3244 |ParentID: 3456)
Stoppé! C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 1000 |ParentID: 3456)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 5512 |ParentID: 3456)
Stoppé! C:\Program Files\Samsung\S Agent\CommonAgent.exe (ID: 5780 |ParentID: 500)
Stoppé! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 4136 |ParentID: 632)
Stoppé! C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 2804 |ParentID: 3168)
Stoppé! C:\Windows\System32\SettingSyncHost.exe (ID: 4736 |ParentID: 896)
Stoppé! C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (ID: 4032 |ParentID: 5780)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (ID: 5844 |ParentID: 6060)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (ID: 3280 |ParentID: 5844)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (ID: 6152 |ParentID: 4864)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ID: 7000 |ParentID: 1632)
Stoppé! C:\Users\Alice\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 8056 |ParentID: 7360)
Stoppé! C:\WINDOWS\system32\wwahost.exe (ID: 5748 |ParentID: 896)
Stoppé! C:\WINDOWS\System32\BackgroundTaskHost.exe (ID: 8080 |ParentID: 896)
Stoppé! C:\WINDOWS\system32\backgroundTaskHost.exe (ID: 5324 |ParentID: 896)
Stoppé! C:\WINDOWS\servicing\TrustedInstaller.exe (ID: 2844 |ParentID: 816)
Stoppé! C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe (ID: 6760 |ParentID: 896)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 5156 |ParentID: 972)
Stoppé! C:\WINDOWS\system32\DllHost.exe (ID: 2600 |ParentID: 896)

################## | Regedit Run |

04 - HKLM\..\Run : [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\..\Run : [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
04 - HKLM\..\Run : [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - HKLM64\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKLM64\..\Run : [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
04 - HKLM64\..\Run : [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
04 - HKLM64\..\Run : [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
04 - HKLM64\..\Run : [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
04 - HKLM64\..\Run : [RtsCM] RTSCM64.EXE
04 - HKLM64\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM64\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run : [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
04 - HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\Alice\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\..\Run : [cacaoweb] "C:\Users\Alice\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer

################## | Recherche générique |

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)