Rapport usbfix

[Groownsfeld]

Bonjour voici mon rapport USBFix.

Code: Tout sélectionner

############################## | UsbFix V 7.145 |

Utilisateur: Lucas (Administrateur) # VAIO
Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à 16:58:49 | 27/10/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
RAM -> [Total : 4063 | Free : 1879]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 455 Go (7 Go libre(s) - 2%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> Disque amovible # 4 Go (2 Go libre(s) - 63%) [] # FAT32

################## | Regedit Run |

HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [jSugLyCC] - wscript.exe //B "C:\Users\Lucas\AppData\Local\Temp\jSugLyCC.vbs"
HKLM\SOFTWARE | Run : [jusched7] - C:\Users\Public\jusched.exe
HKLM\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Lucas\AppData\Local\Temp\iTunesHelper.vbe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [jSugLyCC] - wscript.exe //B "C:\Users\Lucas\AppData\Local\Temp\jSugLyCC.vbs"
HKLM\SOFTWARE\wow6432Node | Run : [jusched7] - C:\Users\Public\jusched.exe
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Lucas\AppData\Local\Temp\iTunesHelper.vbe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | Policies\Explorer\run : [37364] - C:\PROGRA~3\LOCALS~1\Temp\mscuiu.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [adapter] - C:\Windows\adapter.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [cacaoweb] - "C:\Users\Lucas\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Lucas\AppData\Local\Temp\iTunesHelper.vbe"
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [8jusched] - C:\Users\Public\jusched.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [jSugLyCC] - wscript.exe //B "C:\Users\Lucas\AppData\Local\Temp\jSugLyCC.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Public\jusched.exe

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\nvvsvc.exe (ID 848 |ParentID 596)
Stoppé! C:\Windows\system32\nvvsvc.exe (ID 1176 |ParentID 848)
Stoppé! C:\Windows\System32\spoolsv.exe (ID 1400 |ParentID 596)
Stoppé! C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (ID 1516 |ParentID 596)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 1608 |ParentID 596)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (ID 1668 |ParentID 596)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 1700 |ParentID 596)
Stoppé! C:\Windows\system32\taskhost.exe (ID 1988 |ParentID 596)
Stoppé! C:\Windows\Explorer.EXE (ID 1300 |ParentID 1036)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 1824 |ParentID 1300)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ID 1820 |ParentID 1300)
Stoppé! C:\Windows\system32\taskeng.exe (ID 1952 |ParentID 488)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID 2064 |ParentID 1824)
Stoppé! C:\Windows\adapter.exe (ID 2132 |ParentID 1300)
Stoppé! C:\Users\Lucas\AppData\Roaming\cacaoweb\cacaoweb.exe (ID 2184 |ParentID 1300)
Stoppé! C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (ID 2212 |ParentID 1952)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (ID 2432 |ParentID 1300)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (ID 2544 |ParentID 1300)
Stoppé! C:\Windows\SysWOW64\explorer.exe (ID 2592 |ParentID 1224)
Stoppé! C:\Windows\SysWOW64\wscript.exe (ID 2656 |ParentID 2568)
Stoppé! C:\Windows\SysWOW64\wscript.exe (ID 2696 |ParentID 2568)
Stoppé! C:\Users\Public\jusched.exe (ID 3020 |ParentID 1224)
Stoppé! C:\Users\Public\jusched.exe (ID 2728 |ParentID 2976)
Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (ID 2288 |ParentID 596)
Stoppé! C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (ID 2396 |ParentID 596)
Stoppé! C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ID 3040 |ParentID 596)
Stoppé! C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (ID 3032 |ParentID 596)
Stoppé! C:\Program Files\Sony\VAIO Power Management\SPMService.exe (ID 3100 |ParentID 596)
Stoppé! C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (ID 3128 |ParentID 596)
Stoppé! C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (ID 3192 |ParentID 596)
Stoppé! C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (ID 3236 |ParentID 596)
Stoppé! C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (ID 3268 |ParentID 596)
Stoppé! C:\Windows\SysWOW64\DllHost.exe (ID 3312 |ParentID 788)
Stoppé! C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (ID 3320 |ParentID 596)
Stoppé! C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe (ID 3352 |ParentID 596)
Stoppé! C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe (ID 3536 |ParentID 596)
Stoppé! C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (ID 3620 |ParentID 3032)
Stoppé! C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (ID 3688 |ParentID 3236)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3804 |ParentID 596)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (ID 3852 |ParentID 596)
Stoppé! C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (ID 3980 |ParentID 596)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 4044 |ParentID 3804)
Stoppé! C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (ID 1244 |ParentID 596)
Stoppé! C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (ID 4244 |ParentID 596)
Stoppé! C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (ID 4492 |ParentID 4348)
Stoppé! C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (ID 4636 |ParentID 596)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID 4160 |ParentID 596)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID 5132 |ParentID 284)
Stoppé! C:\Program Files (x86)\Opera\opera.exe (ID 5832 |ParentID 1300)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (ID 5544 |ParentID 788)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 5776 |ParentID 596)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (ID 3524 |ParentID 1832)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3968 |ParentID 1804)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 776 |ParentID 3968)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4736 |ParentID 3968)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (ID 5064 |ParentID 4160)
Stoppé! C:\Windows\system32\SearchFilterHost.exe (ID 4420 |ParentID 4160)

################## | à‰léments infectieux |

Supprimé! I:\iTunesHelper.vbe
Supprimé! I:\jSugLyCC.vbs
Supprimé! C:\Users\Lucas\AppData\Local\Temp\iTunesHelper.vbe
Supprimé! C:\Users\Lucas\AppData\Local\Temp\jSugLyCC.vbs
Supprimé! C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Supprimé! C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSugLyCC.vbs
Supprimé! C:\Users\Lucas\AppData\Roaming\D48191F4\ak.tmp
Supprimé! C:\Users\Lucas\AppData\Roaming\D48191F4
Supprimé! I:\NAVI.lnk
Supprimé! I:\Radios.lnk
Supprimé! I:\Perso.lnk
Supprimé! I:\PDF D1.lnk
Supprimé! I:\iTunesHelper.lnk
Supprimé! I:\jSugLyCC.lnk
Supprimé! I:\Autorun.inf.lnk
Supprimé! C:\Users\Public\4z1z.VBE
Supprimé! C:\Users\Public\jusched.exe
Supprimé! C:\Users\Lucas\AppData\Roaming\Lucas-wchelper.dll
Supprimé! C:\Users\Lucas\AppData\Local\Temp\Lucas7
Supprimé! C:\Users\Lucas\AppData\Local\Temp\Skype.pif
Supprimé! C:\Users\Lucas\AppData\Local\Temp\utt15AE.tmp.exe
Supprimé! C:\Users\Lucas\AppData\Local\Temp\utt3A8B.tmp.exe
Supprimé! C:\Users\Lucas\AppData\Local\Temp\f1ag.hta
Supprimé! C:\Users\Lucas\AppData\Local\Temp\1d4b1ae4-2eef-4f3a-8a4e-65d42c3d85da.exe
Supprimé! C:\Users\Lucas\AppData\Local\Temp\7769d0cc-98e9-4565-a635-0dc582f192e4.exe
Supprimé! C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HPLCDM2\Skype[1].pif

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Supprimé! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Supprimé! HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\Software\Microsoft\Windows\CurrentVersion\Run|jSugLyCC
Supprimé! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|jSugLyCC
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{bfe729d4-47f7-11df-baae-0024beb2d14f}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{db9a7e68-1662-11e0-9385-60380e07c432}

################## | Listing |

[06/06/2010 - 21:33:58 | SHD ] C:\$Recycle.Bin
[27/10/2013 - 16:55:01 | RASHD ] C:\Autorun.inf
[25/10/2013 - 11:50:16 | HD ] C:\Config.Msi
[08/09/2009 - 08:43:46 | D ] C:\Documentation
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[27/10/2013 - 16:33:44 | ASH | 3195318272] C:\hiberfil.sys
[17/08/2009 - 13:05:16 | D ] C:\Intel
[14/01/2010 - 18:44:28 | RHD ] C:\MSOCache
[27/10/2013 - 16:33:49 | ASH | 4260425728] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[25/10/2013 - 11:47:29 | D ] C:\Program Files
[27/10/2013 - 16:27:56 | D ] C:\Program Files (x86)
[27/10/2013 - 16:02:14 | HD ] C:\ProgramData
[25/10/2013 - 11:45:22 | SHD ] C:\System Volume Information
[17/02/2013 - 03:24:29 | D ] C:\TuneUp Duplicates
[19/04/2010 - 21:08:11 | D ] C:\Update
[27/10/2013 - 17:02:36 | D ] C:\UsbFix
[27/10/2013 - 17:04:33 | A | 11825] C:\UsbFix [Clean 1] VAIO.txt
[27/10/2013 - 16:52:26 | N | 13784] C:\UsbFix [Scan 1] VAIO.txt
[12/01/2010 - 18:05:13 | RD ] C:\Users
[12/01/2010 - 18:08:54 | D ] C:\VAIO Entertainment
[22/10/2013 - 21:18:57 | D ] C:\Windows
[08/09/2009 - 08:43:46 | D ] C:\_FS_SWRINFO
[05/07/2013 - 10:44:26 | D ] I:\Perso
[05/07/2013 - 10:44:36 | D ] I:\NAVI
[22/10/2013 - 12:19:16 | D ] I:\PDF D1
[22/10/2013 - 14:44:04 | D ] I:\Radios
[27/10/2013 - 16:55:10 | SHD ] I:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |

Quelqu'un pourrait il m'aider à localiser le virus?

[El Desaparecido]

Hello

Bienvenue sur SosVirus :welcome:

Nous allons éffectuer un diagnostic de ton ordinateur .

• Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
• Installe le logiciel.
• Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  
  
• Clique sur Configurer
• Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)
  
  Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.
  
  
• Une fois le scan terminé rends toi sur le bureau, le fichier à été créé.
• Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

[groownsfeld]

Premièrement merci pour cette réponse rapide.
Ensuite ma version de ZHPFix ne m'affiche pas de +
Il est seulement ecrit retour au menu principal ou personnalisation

[groownsfeld]

Premièrement merci pour cette réponse rapide.
Ensuite ma version de ZHPFix ne m'affiche pas de +
Il est seulement ecrit retour au menu principal ou personnalisation

[El Desaparecido]

Re ,

Laisse ZHPDiag pour l'instant

Désinstalle ta version de UsbFix

Télécharge cette version Béta de UsbFix : https://www.sosvirus.net/partage/UsbFix_Beta.exe

exécute UsbFix_Beta, choisi l'option Recherche et post le rapport en réponse stp.

[groownsfeld]

Erreur de ma part, le voici:

Code: Tout sélectionner

~ Rapport de ZHPDiag v2013.10.27.68 - Nicolas Coolman (27/10/2013)
~ Lancé par Lucas (27/10/2013 18:53:12)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 12.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)
OPIE: Opera v12.16
OBIE: Safari v5.34.57.2

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : CGKHQ
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 - Français

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4063 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 19 GB (4%) free of 455 GB

---\\ Mode de connexion au système
~ Computer Name: VAIO
~ User Name: Lucas
~ All Users Names: Lucas, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Lucas\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Lucas\AppData\Roaming\
~ %Desktop% : C:\Users\Lucas\Desktop\
~ %Favorites% : C:\Users\Lucas\Favorites\
~ %LocalAppData% : C:\Users\Lucas\AppData\Local\
~ %StartMenu% : C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 19 Go of 455 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/935
~ Mes musiques (My Musics) : 1/31956
~ Mes Videos (My Videos) : 1/19
~ Mes Favoris (My Favorites) : 1/50
~ Mes Documents (My Documents) : 2/10974
~ Mon Bureau (My Desktop) : 1/1307
~ Menu demarrer (Programs) : 1/53
~ Hidden Files: Scanned in 00mn 27s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.4480]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.4620]
[MD5.D1AE166A53427B55EDDB332099CCCEC3] - (...) -- C:\Windows\adapter.exe [353847] [PID.4652]
[MD5.23C2FCAA50C4F80F7D1B8A0771D45328] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4748]
[MD5.5883D86F8C22B1E5F78627E4AF19B234] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.4824]
[MD5.E89028D8068170E606AA0996D457AAA3] - (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\iAStorIcon.exe [85470352] [PID.4884]
[MD5.E89028D8068170E606AA0996D457AAA3] - (.Intel Corporation - Intel Corporation.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe [85470352] [PID.4272]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.5540]
[MD5.237A6C6BAAD638608F1B38EDA9E480B6] - (.OpenOffice.org - OpenOffice.org Writer.) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe [307200] [PID.1452]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.5180]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.5228]
[MD5.D6B7DDB68436F13C3CAE2B92524F1FEC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770648] [PID.3036]
[MD5.084D14D1283EC4D78A1D0B8C3D0187DD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8137728] [PID.4528]
[MD5.6D9FC1E7EA3C548F4D3455F0C3FEEF8C] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 7.0 (component).) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312] [PID.1396]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1608]
[MD5.831883B107684301F48ACE752C963984] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [66872] [PID.2068]
[MD5.442A13F395546F4564C377296D43B564] - (.Sony Corporation - VAIO Media plus Database Manager.) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952] [PID.2188]
[MD5.63F6D08C54D5B3C1B12A6172032055C7] - (.ArcSoft, Inc. - MgiSvr.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960] [PID.2300]
[MD5.D4197CF0C8567046FD4AF28FF47AF528] - (.Sony Corporation - VAIO Event Service (Service Module).) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [204648] [PID.2356]
[MD5.06FE5BEDDADB158D84E6DE33CBE19F3E] - (.Sony Corporation - VAIO Content Folder Watcher.) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920] [PID.2428]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.2456]
[MD5.34063C0B842E73662067F9B03947C55C] - (.Sony Corporation - VCM Intelligent Analyzing Manager.) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [468264] [PID.2472]
[MD5.D8BEF4AC1EAC809DBDBD441D6CFF6C4C] - (.Sony Corporation - VAIO Entertainment Database Service.) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336] [PID.2552]
[MD5.A787A567B3470C91C487ECE90CF7509C] - (.Pas de propriétaire - WD File Management Engine.) -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752] [PID.2684]
[MD5.7CD368DFF5D7D4BA9F8F46F31EA8877D] - (.Sony Corporation - VAIO Event Service(Service Sub Module).) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [112488] [PID.2760]
[MD5.7548066DF68A8A1A56B043359F915F37] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.1228]
[MD5.72B46103E4111439109ACF5882627C24] - (.Sony Corporation - VAIO Media plus Device Searcher.) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [75048] [PID.3176]
[MD5.725B6E9CD1959271AC993DC035E1606D] - (.Sony Corporation - VAIO Media plus Playlist Manager.) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432] [PID.3240]
[MD5.98886C88A1CB13D61672AE2C638B7E1C] - (.Sony Corporation - VAIO Media plus Content Importer.) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [120104] [PID.3472]
[MD5.313CE91F1B734E2E02F0F4465B52115A] - (.Sony Corporation - VAIO Entertainment UPnP Client Adapter.) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264] [PID.3744]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.4184]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.4400]
~ Processes Running: Scanned in 00mn 06s



---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B1 - OSP: search.ini [Lucas] URL=https://www.astroburn-search.com/search?q=%s
B1 - OSP: search.ini [Lucas] URL=https://start.mysearchdial.com/?f=4&q=%s =>Adware.MyWebSearch
~ Opera Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 6 Legitimates Filtered in 00mn 08s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\ys6h2fs0.default\prefs.js
M3 - MFPP: Plugins - [Lucas] -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\ys6h2fs0.default\searchplugins\absearch-search.xml
M2 - MFEP: prefs.js [Lucas - ys6h2fs0.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (..)
~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 17



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{EFEED92A-A33D-4873-BA8F-32BAA631E54D} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{EF79F67A-6AD7-4715-A0F8-932FCA442023} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{EFEED92A-A33D-4873-BA8F-32BAA631E54D} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Astroburn Lite.lnk . (.DT Soft Ltd - Astroburn Lite.) -- C:\Program Files (x86)\Astroburn Lite\AstroburnLite.exe
O4 - GS\Desktop [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe
O4 - GS\Desktop [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Program [Public]: Click to Disc Editor.lnk . (.Sony Corporation - ctdEditor.) -- C:\Program Files (x86)\Sony\Click to Disc Editor\ctdEditor.exe
O4 - GS\Program [Public]: Click to Disc.lnk . (.Sony Corporation - AutoModeEntrance.) -- C:\Program Files (x86)\Sony\VAIO VP Utilities\VCAutoModeEntrance.exe
O4 - GS\Program [Public]: Dolby Control Center.lnk . (...) -- C:\Windows\Installer\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}\_DF30B6672BAD027FB62666.exe
O4 - GS\Program [Public]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Program Files (x86)\Securitoo\Controle Parental\Controle_parental.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Nerf.lnk . (.studioP - Nerf (version avec commentaires).) -- C:\Program Files (x86)\Nerf\nerfC.exe
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [Lucas]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [Lucas]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Lucas]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Lucas]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Lucas]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Lucas]: PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe (.not file.)
O4 - GS\TaskBar [Lucas]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Lucas]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe
O4 - GS\Program [Lucas]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Lucas]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Lucas]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Lucas]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - GS\Desktop [Lucas]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Lucas]: MediaCoder iPod Edition.lnk . (.Broad Intelligence - MediaCoder.) -- C:\Program Files (x86)\MediaCoder iPod Edition\mediacoder.exe
O4 - GS\Desktop [Lucas]: RegCleaner.lnk . (...) -- C:\Program Files (x86)\RegCleaner\RegCleanr.exe
O4 - GS\Desktop [Lucas]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe https://www.sosvirus.net
O4 - GS\Desktop [Lucas]: SosVirus sur Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe https://www.facebook.com
~ Global Startup: 104 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Lucas]: 5z1z.lnk . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\iAStorIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [adapter] . (...) -- C:\Windows\adapter.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Lucas\AppData\Roaming\Public\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [jusched7] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Lucas\AppData\Roaming\Public\jusched.exe
O4 - HKLM\..\policies\Explorer\Run: [37364] C:\PROGRA~3\LOCALS~1\Temp\mscuiu.exe (.not file.)
O4 - HKCU\..\policies\Explorer\Run: [jusched9] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Lucas\AppData\Roaming\Public\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2381913200-3018708405-1333756505-1000\..\Run: [adapter] . (...) -- C:\Windows\adapter.exe
O4 - HKUS\S-1-5-21-2381913200-3018708405-1333756505-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-2381913200-3018708405-1333756505-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-2381913200-3018708405-1333756505-1000\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Lucas\AppData\Roaming\Public\jusched.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{145BE677-2E36-44BF-B092-52AACB9B8504}: DhcpNameServer = 62.201.142.102
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E20B541-6D19-439E-BCAA-21986777F650}: DhcpNameServer = 62.201.129.202 62.201.129.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{578A9BB9-3BCA-44D7-8FAA-BEA8EE7D5FFC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{145BE677-2E36-44BF-B092-52AACB9B8504}: DhcpNameServer = 62.201.142.102
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E20B541-6D19-439E-BCAA-21986777F650}: DhcpNameServer = 62.201.129.202 62.201.129.203
O17 - HKLM\System\CS1\Services\Tcpip\..\{578A9BB9-3BCA-44D7-8FAA-BEA8EE7D5FFC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{145BE677-2E36-44BF-B092-52AACB9B8504}: DhcpNameServer = 62.201.142.102
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E20B541-6D19-439E-BCAA-21986777F650}: DhcpNameServer = 62.201.129.202 62.201.129.203
O17 - HKLM\System\CS2\Services\Tcpip\..\{578A9BB9-3BCA-44D7-8FAA-BEA8EE7D5FFC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DMEPeriodicTask.job [312]
[MD5.00000000000000000000000000000000] [APT] [{06924568-028C-4A89-B1E2-AFA7F26231BA}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{095BADCC-B05C-4916-818E-E301CD65906D}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{097F1524-453B-4A15-B8BE-6FCFDE384470}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{15060F2D-7848-4AE6-BE64-DC81A5793F28}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{15856E54-D16A-435A-BFA7-9CE8E8FFA90F}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{1B05568A-5B14-4F63-B4CD-C0E885D89C8E}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{2F26486B-AC12-480E-B456-6C6BC0E72991}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{3E95CAFE-BC19-4BE0-9FCF-7049787B2F8E}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{55A51F8A-7CDD-4300-B00C-189309D0327D}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{57A210FB-771E-4115-A28B-A5C98AAA7625}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{5C96A891-EF38-493A-8372-232ADB10C7BA}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{646B2996-F75C-47DA-99AC-4FB351345A88}] (...) -- F:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6744F725-5A39-48A9-BC64-44CBCE3FBCF5}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{693B4173-D1A2-4351-88E0-EF61F889CC21}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{724D6EB8-4CD8-481B-AAF4-C305FE597B96}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{7B20C59B-8C27-43A8-AF50-9A5891E129BB}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{8141494F-DBA0-418A-8C94-AC3706C0EECC}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{8A2BD78E-99CC-4CDF-9F4E-47A2636E90C2}] (...) -- C:\Users\Lucas\Desktop\RegCleaner.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9A1664D6-5B9F-484E-B04B-0D8E0677F085}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{AC2E3301-6C11-47E7-9C54-0FD15FE3E050}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{BB697069-36FB-4FC7-855B-809A47597113}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{C2D8B57B-CB3D-4A5C-B60D-A3F41F0D20B2}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{C4782DDD-7AED-40CB-8300-259553868E30}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{C493C542-3B13-4AA7-9AA8-AD06233F4879}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{D10C5DB9-1941-495F-8AFC-8F1BD63C199E}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{E63BB57A-576C-4454-A8C8-225A996C33E6}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{EE8FAA9D-9ECB-45C9-A443-CFDA8BFD7056}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
[MD5.00000000000000000000000000000000] [APT] [{F7EA5910-2B1D-4A61-B578-869639B458D8}] (...) -- G:\Programmes\BitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
~ Scheduled Task: 44 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: Eufloria - (...) [HKLM][64Bits] -- Steam App 41210
O42 - Logiciel: Mini Ninjas - Demo - (.IO Interactive.) [HKLM][64Bits] -- Steam App 35050
O42 - Logiciel: Nerf version 2.0.0.C - (...) [HKLM][64Bits] -- Codage du message nerveux_is1
O42 - Logiciel: Nuclear Coffee - VideoGet - (.Nuclear Coffee.) [HKLM][64Bits] -- VideoGet_is1
~ Logic: 179 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Nuclear Coffee]
[HKCU\Software\PartyFrance]
[HKCU\Software\Totem]
[HKCU\Software\à€ classé]
[HKLM\Software\Wow6432Node\DicomWorks]
[HKLM\Software\Wow6432Node\Nuclear Coffee]
[HKLM\Software\Wow6432Node\jSugLyCC]
[HKLM\Software\jSugLyCC]
~ Key Software: 292 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/10/2013 - 16:16:31 - [0,002] ----D C:\Program Files (x86)\DicomWorks
O43 - CFD: 18/09/2010 - 12:53:08 - [2,491] ----D C:\Program Files (x86)\Nerf
O43 - CFD: 14/03/2010 - 19:03:30 - [40,195] ----D C:\Program Files (x86)\Nuclear Coffee
O43 - CFD: 11/02/2010 - 13:28:23 - [1098,722] ----D C:\Program Files (x86)\Soldier of Fortune II - Double Helix
O43 - CFD: 27/10/2013 - 18:24:32 - [0,004] --H-D C:\Users\Lucas\AppData\Roaming\D48191F4
O43 - CFD: 15/10/2010 - 18:34:56 - [0,396] ----D C:\Users\Lucas\AppData\Roaming\Lumen
O43 - CFD: 27/10/2013 - 18:12:59 - [81,511] ----D C:\Users\Lucas\AppData\Roaming\Public
O43 - CFD: 20/03/2013 - 18:28:51 - [0,032] ----D C:\Users\Lucas\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 15/10/2010 - 18:37:31 - [0] ----D C:\Users\Lucas\AppData\Local\._Revolution_
O43 - CFD: 14/10/2013 - 08:36:53 - [0,877] ----D C:\Users\Lucas\AppData\Local\1A62F342-73E8-4C21-A008-7954B7852C7E.aplzod
O43 - CFD: 03/10/2010 - 16:33:18 - [0] ----D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PartyPoker.fr
~ 136 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 408 Legitimates Filtered in 00mn 50s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4BF30D0522594A29026DA744D1996BD0] - 27/10/2013 - 16:52:26 ----- . (...) -- C:\UsbFix [Scan 1] VAIO.txt [13784]
O44 - LFC:[MD5.4BFEEEF6B0DD8F523C4BE04A5A820680] - 27/10/2013 - 17:04:53 ---A- . (...) -- C:\UsbFix [Clean 1] VAIO.txt [12586]
~ Files: 24 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.090A2F8516E2C523DA220FEF13B5597F] - 12/10/2013 - 15:49:18 ---A- - C:\Windows\Prefetch\UTT3A8B.TMP.EXE-CC0BFBE8.pf
O45 - LFCP:[MD5.66187024CD7AAA977B25753917FE826B] - 12/10/2013 - 15:49:59 ---A- - C:\Windows\Prefetch\UTT15AE.TMP.EXE-1C4AD986.pf
O45 - LFCP:[MD5.0E3268D769E6EB8D5BFD8053B4701B13] - 12/10/2013 - 15:50:01 ---A- - C:\Windows\Prefetch\NSB1DD8.EXE-284B1E4A.pf
O45 - LFCP:[MD5.8D466283FBB09762015A3701FDBF3E95] - 12/10/2013 - 15:50:18 ---A- - C:\Windows\Prefetch\NSC296D.EXE-A7209F3B.pf
O45 - LFCP:[MD5.E9307D900BC7FF79F2078C0980B73614] - 12/10/2013 - 15:51:19 ---A- - C:\Windows\Prefetch\NSH2B05.EXE-E2767F58.pf
O45 - LFCP:[MD5.70F6828539AB6A825F0FED46AC2C351F] - 12/10/2013 - 15:51:19 ---A- - C:\Windows\Prefetch\NSH364C.EXE-519A9383.pf
O45 - LFCP:[MD5.76DA36F20E0EED2027A1CBEA138E9189] - 12/10/2013 - 15:51:19 ---A- - C:\Windows\Prefetch\NSS279B.EXE-2561EDCE.pf
O45 - LFCP:[MD5.CC1D063B0992BED4672564B4418D2D85] - 12/10/2013 - 15:51:27 ---A- - C:\Windows\Prefetch\CLTMNG.EXE-67B8F8A7.pf
O45 - LFCP:[MD5.3CFB672D6B6FE2F53A8724A62DED1C5A] - 12/10/2013 - 15:51:27 ---A- - C:\Windows\Prefetch\CLTMNGUI.EXE-E74F72C8.pf
O45 - LFCP:[MD5.8FA2EFA255568709BF74E9A89ECEDA63] - 12/10/2013 - 15:51:43 ---A- - C:\Windows\Prefetch\NSSBF5A.EXE-7588F940.pf
O45 - LFCP:[MD5.731AD4760FCC62298AAB2F4723BF7138] - 12/10/2013 - 15:51:44 ---A- - C:\Windows\Prefetch\NSSC747.EXE-9668AD23.pf
O45 - LFCP:[MD5.C54A40F5ACBE0E36050A21BCBED19710] - 12/10/2013 - 15:51:44 ---A- - C:\Windows\Prefetch\NSXCE1B.EXE-7DC89E82.pf
O45 - LFCP:[MD5.1E4667CC19F9B958208E242D92E62D86] - 12/10/2013 - 16:07:40 ---A- - C:\Windows\Prefetch\TU_RMDIR.EXE-59985335.pf
O45 - LFCP:[MD5.87CC610182E9193A0DD93E0B12FC1C96] - 12/10/2013 - 16:24:14 ---A- - C:\Windows\Prefetch\SYSLOG.EXE-FBEE0F3C.pf
O45 - LFCP:[MD5.8A50CF9705021D6E114C1078B1E4D546] - 12/10/2013 - 16:24:32 ---A- - C:\Windows\Prefetch\KILLDIR.EXE-4EF1286E.pf
O45 - LFCP:[MD5.711F1E57C75A96C09BD04A1A15FF23ED] - 12/10/2013 - 16:24:34 ---A- - C:\Windows\Prefetch\TU_CLEARSTATE.EXE-AFF6C1AF.pf
O45 - LFCP:[MD5.FDFDCA7C202C4CE46DBA34EE2C5531BF] - 12/10/2013 - 16:24:41 ---A- - C:\Windows\Prefetch\LATESTDLMGR.EXE-2FEC99AA.pf =>Adware.OpenCandy
O45 - LFCP:[MD5.7D943866EA0817819E20C4DF709208EB] - 12/10/2013 - 16:24:59 ---A- - C:\Windows\Prefetch\TU_PREFS.EXE-3FFBD38F.pf
O45 - LFCP:[MD5.DF36E68F76A3438CE517C6739FC1CE42] - 12/10/2013 - 16:25:00 ---A- - C:\Windows\Prefetch\HIDE.EXE-384945B1.pf
O45 - LFCP:[MD5.EA6352F5723E887ACD47C140EADF1923] - 12/10/2013 - 16:25:01 ---A- - C:\Windows\Prefetch\ALL_ACCESS.EXE-0019D471.pf
O45 - LFCP:[MD5.E2D88F2F126F7BCDC8195B77887B560C] - 12/10/2013 - 16:25:17 ---A- - C:\Windows\Prefetch\TU_RAD.EXE-DFC393BA.pf
O45 - LFCP:[MD5.50A7AD2513865FA1BD7290DC1B1B6606] - 12/10/2013 - 17:34:04 ---A- - C:\Windows\Prefetch\NSX7B3B.EXE-B5F4F641.pf
O45 - LFCP:[MD5.A9B11554E7F27BC171A7786C29B87423] - 12/10/2013 - 17:34:14 ---A- - C:\Windows\Prefetch\CLTMNGSVC.EXE-DB1AC051.pf
O45 - LFCP:[MD5.59F2A2480FEE5360548996EE896E4539] - 13/10/2013 - 15:44:09 ---A- - C:\Windows\Prefetch\ICLOUD.EXE-907CF11D.pf
O45 - LFCP:[MD5.4C5FBAAB5A83CF9F19305B80894DFE89] - 21/10/2013 - 19:38:33 ---A- - C:\Windows\Prefetch\NODE.EXE-89050794.pf
O45 - LFCP:[MD5.568EBE6ECFC0C35271AD69592FC667B9] - 22/10/2013 - 20:03:57 ---A- - C:\Windows\Prefetch\LOGROTATE.EXE-420D9660.pf
O45 - LFCP:[MD5.15C88B5E15892D8700B1F1BDCEB6464F] - 22/10/2013 - 20:04:10 ---A- - C:\Windows\Prefetch\JSONRPCBROKER.EXE-6CED2B67.pf
O45 - LFCP:[MD5.472A0515ACE5BF925995C301D12A6042] - 23/10/2013 - 06:34:44 ---A- - C:\Windows\Prefetch\VCSW.EXE-5899050E.pf
O45 - LFCP:[MD5.C743D064CA802286E7E701C0669D1E0C] - 25/10/2013 - 11:41:14 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-AE0501A8.pf
O45 - LFCP:[MD5.4AEF978C7D18BE0771FB139DA0F835BA] - 25/10/2013 - 11:47:14 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-7EBE59A4.pf =>P2P.BitTorrent
O45 - LFCP:[MD5.0CE60A081219B76EB879D10BB818C8FC] - 25/10/2013 - 11:49:14 ---A- - C:\Windows\Prefetch\DIFXINST64.EXE-1F7CE36D.pf
O45 - LFCP:[MD5.32ED6B0724EC330F9C52DB432D6E8BCF] - 27/10/2013 - 16:23:17 ---A- - C:\Windows\Prefetch\VDAU.EXE-0151EFFE.pf
O45 - LFCP:[MD5.9D3D30096A013D93A678C07807D24631] - 27/10/2013 - 16:35:49 ---A- - C:\Windows\Prefetch\ROXIOUPNPSERVICE10.EXE-F36925CD.pf
O45 - LFCP:[MD5.BB7041472816B00AE1CB63803AEE59FA] - 27/10/2013 - 18:22:31 ---A- - C:\Windows\Prefetch\GETPOPUPINFO.EXE-B860C564.pf
~ Prefetcher: 142 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Internet Download Accelerator [Key] . (...) -- C:\Program Files (x86)\IDA\ida.exe (.not file.)
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
~ Drivers: 18 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 26/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\Mozilla\TuneUpMedia\cookies.sqlite-shm [32768]
O61 - LFC: 26/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\Mozilla\TuneUpMedia\cookies.sqlite-wal [524704]
O61 - LFC: 26/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\Mozilla\TuneUpMedia\parent.lock [0]
O61 - LFC: 26/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\Mozilla\TuneUpMedia\places.sqlite [10485760]
O61 - LFC: 26/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\Mozilla\TuneUpMedia\places.sqlite-shm [32768]
O61 - LFC: 26/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\Mozilla\TuneUpMedia\places.sqlite-wal [787040]
O61 - LFC: 26/10/2013 - 18:55:43 R--A- . (...) -- C:\Users\Lucas\Downloads\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9.nfo [614]
O61 - LFC: 26/10/2013 - 18:55:43 R--A- . (...) -- C:\Users\Lucas\Downloads\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9.iso [8108191744]
O61 - LFC: 26/10/2013 - 18:55:43 R--A- . (...) -- C:\Users\Lucas\Downloads\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9\Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9.mds [4314]
O61 - LFC: 27/10/2013 - 18:55:25 ---A- . (...) -- C:\Users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT [128440]
O61 - LFC: 27/10/2013 - 18:55:29 ---A- . (...) -- C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Local State [43452]
O61 - LFC: 27/10/2013 - 18:55:36 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\Media Player Classic\default.mpcpl [106]
O61 - LFC: 27/10/2013 - 18:55:36 --H-- . (...) -- C:\Users\Lucas\AppData\Roaming\D48191F4\27-10-2013 [3692]
O61 - LFC: 27/10/2013 - 18:55:36 --H-- . (...) -- C:\Users\Lucas\AppData\Roaming\Lucas-wchelper.dll [154283]
O61 - LFC: 27/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\ZHP\Log.txt [18187] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 18:55:37 ---A- . (...) -- C:\Users\Lucas\AppData\Roaming\ZHP\TestsZHPDiag.txt [2858] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 18:55:44 ---A- . (...) -- C:\Users\Lucas\Links\Photos iCloud.lnk [160]
~ 33 Fichiers temporaires (Temporary files)
~ Files: 379 Legitimates Filtered in 00mn 30s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - https://www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {1BA9D07A-1FDB-4C68-81F3-BA1735A92E23} [DefaultScope] - (Google) - https://www.google.fr
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\Lucas\AppData\Roaming\BitTorrent\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.1.torrent =>P2P.BitTorrent
C:\Users\Lucas\AppData\Roaming\BitTorrent\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.torrent =>P2P.BitTorrent
C:\Users\Lucas\Documents\Jeux\Battlefield 2\A Crack & Keygen\Battlefield_2_keygen.exe
C:\Users\Lucas\Documents\Jeux\Battlefield 2\A Crack & Keygen\BF2.exe
C:\Users\Lucas\Documents\Jeux\Battlefield 2\A Crack & Keygen\Fichiers Originaux\BF2 - Original.exe
C:\Users\Lucas\Documents\Jeux\Call of Duty4-Razor1911+Keygen and Crack\iw3sp.exe
C:\Users\Lucas\Downloads\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah\Keygen\embrace.rar
C:\Users\Lucas\AppData\Roaming\BitTorrent\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.1.torrent =>P2P.BitTorrent
C:\Users\Lucas\AppData\Roaming\BitTorrent\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.torrent =>P2P.BitTorrent
C:\Users\Lucas\Documents\Jeux\Battlefield 2\A Crack & Keygen\Battlefield_2_keygen.exe
C:\Users\Lucas\Documents\Jeux\Battlefield 2\A Crack & Keygen\BF2.exe
C:\Users\Lucas\Documents\Jeux\Battlefield 2\A Crack & Keygen\Fichiers Originaux\BF2 - Original.exe
C:\Users\Lucas\Documents\Jeux\Call of Duty4-Razor1911+Keygen and Crack\iw3sp.exe
C:\Users\Lucas\Downloads\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah\Keygen\embrace.rar
~ Files: Scanned in 00mn 36s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Lucas\AppData\Local\Temp\nsh2B05.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Lucas\AppData\Local\Temp\nsh364C.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Lucas\AppData\Local\Temp\nss279B.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Lucas\AppData\Local\Temp\nssBF5A.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Lucas\AppData\Local\Temp\nssC747.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Lucas\AppData\Local\Temp\nsx7B3B.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Lucas\AppData\Local\Temp\nsxCE1B.exe [167812] =>Toolbar.Conduit
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (...) -- C:\Users\Lucas\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.617E5F409B524E69A8892D7DA516DB64] [SPRF][24/05/2013] (...) -- C:\Users\Lucas\AppData\Local\Temp\utt4B72.tmp.bat [95]
[MD5.4D6AD791776F16834671898E31796C0A] [SPRF][22/04/2013] (...) -- C:\Users\Lucas\AppData\Local\Temp\utt57E2.tmp.bat [95]
[MD5.7ECE1BEF537B32F34B18012DB14501E0] [SPRF][12/10/2013] (...) -- C:\Users\Lucas\AppData\Local\Temp\utt7BFD.tmp.bat [95]
[MD5.CF43D0F929AE3335692D014F4DF05E6D] [SPRF][27/10/2013] (...) -- C:\Users\Lucas\AppData\Roaming\Lucas-wchelper.dll [154283]
[MD5.AC1318D2E9FE1BC78EEC4EC308B15E9E] [SPRF][18/04/2010] (...) -- C:\Users\Lucas\AppData\Roaming\wklnhst.dat [190]
[MD5.30FADBA93E9430A63F19DA9935DE4369] [SPRF][14/02/2010] (.Gabest - Media Player Classic.) -- C:\Users\Lucas\Desktop\mplayerc.exe [4411392]
~ Files: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D3544EBE-D088-4DE0-882C-38C6C613622F}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\adawaretb\dtUser.exe (.not file.) =>Toolbar.Adaware
O87 - FAEL: "{9EABBF6E-3556-4823-A34E-8E60DDB44B88}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\adawaretb\dtUser.exe (.not file.) =>Toolbar.Adaware
~ Firewall: 181 Legitimates Filtered in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A41930FA9C4EC2090BEC28131EEEA1C4] [WIS][17/10/2010] (.Mobipocket.com - eBook Reader.) -- C:\Windows\Installer\1ada703.msi [5606400]
[MD5.EC37C69FC4DB82A4070EB540177852C6] [WIS][07/04/2010] (.Adobe - Blank Project Template.) -- C:\Windows\Installer\ad18e.msi [9998336]
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][13/05/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\b9a68.msi [459264]
~ WIS: 166 Legitimates Filtered in 00mn 25s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 08/12/2008 169312 | (AdobeActiveFileMonitor7.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
SS - | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 01/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SS - | Demand 08/09/2009 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 11/12/2007 65536 | C:\Program Files (x86)\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Auto 09/09/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/09/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 23/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 14/07/2012 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 29/07/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SS - | Demand 26/06/2009 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
SS - | Auto 26/06/2009 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 27/07/2009 120104 | (SOHCImp) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
SR - | Auto 27/07/2009 70952 | (SOHDBSvr) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
SS - | Auto 27/07/2009 427304 | (SOHDms) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
SR - | Auto 27/07/2009 75048 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
SR - | Auto 27/07/2009 91432 | (SOHPlMgr) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
SS - | Demand 04/05/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 18/09/2008 104960 | (uCamMonitor) . (.ArcSoft, Inc..) - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
SS - | Demand 23/07/2009 69632 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
SR - | Auto 01/07/2009 204648 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
SR - | Auto 16/07/2009 411496 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SR - | Auto 22/07/2009 642920 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
SR - | Auto 26/06/2009 468264 | (VcmIAlzMgr) . (.Sony Corporation.) - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
SS - | Demand 26/06/2009 357672 | (VcmINSMgr) . (.Sony Corporation.) - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
SS - | Demand 17/06/2009 110888 | (VcmXmlIfHelper) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
SR - | Demand 23/07/2009 313264 | (Vcsw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
SR - | Auto 12/08/2009 522240 | (VSNService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
SR - | Auto 23/07/2009 206336 | (VzCdbSvc) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
SR - | Auto 08/09/2010 288256 | (WDDMService) . (.WDC.) - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
SR - | Auto 08/09/2010 1034752 | (WDFME) . (...) - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
SR - | Auto 08/09/2010 485376 | (WDSC) . (...) - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\yk62x64.dll (yksvc) . (.Marvell.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 27s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Lucas at 27/10/2013 18:57:06
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by Lucas at 27/10/2013 18:57:08

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (27/10/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 14

[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\Totem] =>Adware.VirtualGirl
C:\Users\Lucas\AppData\LocalLow\BittorrentBar_FR =>Toolbar.Conduit
C:\Users\Lucas\AppData\Local\Temp\nsh2B05.exe =>Toolbar.Conduit^
C:\Users\Lucas\AppData\Local\Temp\nsh364C.exe =>Toolbar.Conduit^
C:\Users\Lucas\AppData\Local\Temp\nss279B.exe =>Toolbar.Conduit^
C:\Users\Lucas\AppData\Local\Temp\nssBF5A.exe =>Toolbar.Conduit^
C:\Users\Lucas\AppData\Local\Temp\nssC747.exe =>Toolbar.Conduit^
C:\Users\Lucas\AppData\Local\Temp\nsx7B3B.exe =>Toolbar.Conduit^
C:\Users\Lucas\AppData\Local\Temp\nsxCE1B.exe =>Toolbar.Conduit^
~ Additionnel Scan: 476513 Items scanned in 00mn 31s



---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ https://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ https://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ https://nicolascoolman.webs.com/apps/blog/show/28346035-adware-virtualgirl =>Adware.VirtualGirl
~ MSI: 4 link(s) detected in 00mn 31s



~ 2060 Legitimates filtered by white list
End of the scan (676 lines in 04mn 28s)(14)

[El Desaparecido]

Tu peux faire ceci maintenant stp : https://www.sosvirus.net/rapport-usbfix- ... tml#p13112 (UsbFix_Beta)

[groownsfeld]

Et voici le rapport de USBFix beta:

Code: Tout sélectionner

############################## | UsbFix V 7.146 | [Recherche]

Utilisateur: Lucas (Administrateur) # VAIO
Mis à jour le 27/10/2013 par El Desaparecido - Team SosVirus
Lancé à 19:09:12 | 27/10/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
RAM -> [Total : 4063 | Free : 1600]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 12.0
WB: Safari : 534.57.2

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 455 Go (19 Go libre(s) - 4%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> Disque amovible # 4 Go (2 Go libre(s) - 65%) [] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 488 |ParentID: 408)
C:\Windows\system32\csrss.exe (ID: 552 |ParentID: 544)
C:\Windows\system32\wininit.exe (ID: 560 |ParentID: 408)
C:\Windows\system32\services.exe (ID: 608 |ParentID: 560)
C:\Windows\system32\lsass.exe (ID: 624 |ParentID: 560)
C:\Windows\system32\lsm.exe (ID: 636 |ParentID: 560)
C:\Windows\system32\winlogon.exe (ID: 664 |ParentID: 544)
C:\Windows\system32\svchost.exe (ID: 776 |ParentID: 608)
C:\Windows\system32\nvvsvc.exe (ID: 836 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 876 |ParentID: 608)
C:\Windows\System32\svchost.exe (ID: 976 |ParentID: 608)
C:\Windows\System32\svchost.exe (ID: 1012 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 328 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 360 |ParentID: 608)
C:\Windows\System32\svchost.exe (ID: 1088 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 1116 |ParentID: 608)
C:\Windows\System32\spoolsv.exe (ID: 1296 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 1328 |ParentID: 608)
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (ID: 1396 |ParentID: 608)
C:\Windows\system32\nvvsvc.exe (ID: 1476 |ParentID: 836)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1608 |ParentID: 608)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1680 |ParentID: 608)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1712 |ParentID: 608)
C:\Windows\system32\taskhost.exe (ID: 2008 |ParentID: 608)
C:\Windows\system32\Dwm.exe (ID: 860 |ParentID: 1012)
C:\Windows\Explorer.EXE (ID: 1380 |ParentID: 1200)
C:\Windows\SysWOW64\svchost.exe (ID: 1840 |ParentID: 608)
C:\Windows\System32\svchost.exe (ID: 1928 |ParentID: 608)
C:\Windows\System32\svchost.exe (ID: 792 |ParentID: 608)
C:\Windows\SysWOW64\PnkBstrA.exe (ID: 2068 |ParentID: 608)
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (ID: 2188 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 2248 |ParentID: 608)
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ID: 2300 |ParentID: 608)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (ID: 2356 |ParentID: 608)
C:\Program Files\Sony\VAIO Power Management\SPMService.exe (ID: 2384 |ParentID: 608)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (ID: 2428 |ParentID: 608)
C:\Windows\SysWOW64\DllHost.exe (ID: 2456 |ParentID: 776)
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (ID: 2472 |ParentID: 608)
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (ID: 2528 |ParentID: 608)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (ID: 2552 |ParentID: 608)
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (ID: 2596 |ParentID: 608)
C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe (ID: 2684 |ParentID: 608)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (ID: 2760 |ParentID: 2356)
C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe (ID: 2904 |ParentID: 608)
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (ID: 2988 |ParentID: 2528)
C:\Windows\System32\svchost.exe (ID: 3056 |ParentID: 608)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2128 |ParentID: 608)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (ID: 1228 |ParentID: 608)
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (ID: 2352 |ParentID: 3004)
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (ID: 3176 |ParentID: 608)
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (ID: 3240 |ParentID: 608)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3272 |ParentID: 2128)
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (ID: 3472 |ParentID: 608)
C:\Windows\system32\taskeng.exe (ID: 3568 |ParentID: 360)
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (ID: 3600 |ParentID: 3568)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (ID: 3744 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 3836 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 2712 |ParentID: 608)
C:\Windows\System32\WUDFHost.exe (ID: 1236 |ParentID: 1012)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 4184 |ParentID: 608)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 4400 |ParentID: 608)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 4480 |ParentID: 4400)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 4608 |ParentID: 1380)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ID: 4620 |ParentID: 1380)
C:\Windows\adapter.exe (ID: 4652 |ParentID: 1380)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4684 |ParentID: 4608)
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (ID: 4748 |ParentID: 1380)
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (ID: 4824 |ParentID: 1380)
C:\Windows\system32\NOTEPAD.EXE (ID: 4260 |ParentID: 1380)
C:\Windows\system32\SearchIndexer.exe (ID: 4468 |ParentID: 608)
C:\Windows\SysWOW64\explorer.exe (ID: 4328 |ParentID: 4700)
C:\Users\Public\iAStorIcon.exe (ID: 4884 |ParentID: 4700)
C:\Windows\SysWOW64\explorer.exe (ID: 1964 |ParentID: 4920)
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe (ID: 4272 |ParentID: 4920)
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (ID: 5540 |ParentID: 776)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1804 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 1640 |ParentID: 608)
C:\Windows\system32\svchost.exe (ID: 2892 |ParentID: 608)
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (ID: 1452 |ParentID: 1380)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ID: 5180 |ParentID: 1452)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ID: 5228 |ParentID: 5180)
C:\Windows\splwow64.exe (ID: 5188 |ParentID: 5228)
C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID: 3036 |ParentID: 4336)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 4032 |ParentID: 3036)
C:\Windows\system32\taskhost.exe (ID: 5752 |ParentID: 608)
C:\Windows\sysWOW64\wbem\wmiprvse.exe (ID: 2844 |ParentID: 776)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 3924 |ParentID: 776)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3640 |ParentID: 3036)
C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe (ID: 4528 |ParentID: 5488)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 1932 |ParentID: 3036)
C:\Windows\system32\taskhost.exe (ID: 6584 |ParentID: 608)
C:\Windows\system32\taskeng.exe (ID: 5892 |ParentID: 360)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3364 |ParentID: 4468)
C:\Windows\system32\SearchFilterHost.exe (ID: 732 |ParentID: 4468)
C:\UsbFix\Go.exe (ID: 3552 |ParentID: 2792)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5660 |ParentID: 776)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [jusched7] - C:\Users\Lucas\AppData\Roaming\Public\jusched.exe
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [jusched7] - C:\Users\Lucas\AppData\Roaming\Public\jusched.exe
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKLM\SOFTWARE | Policies\Explorer\run : [37364] - C:\PROGRA~3\LOCALS~1\Temp\mscuiu.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [adapter] - C:\Windows\adapter.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Run : [8jusched] - C:\Users\Lucas\AppData\Roaming\Public\jusched.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\SOFTWARE | Policies\Explorer\run : [jusched9] - C:\Users\Lucas\AppData\Roaming\Public\jusched.exe

################## | Référence de comparaison MD5 |

Md5 : e89028d8068170e606aa0996d457aaa3 -> C:\Users\Public\jusched.exe

################## | Recherche générique |

Présent! C:\Users\Lucas\AppData\Roaming\D48191F4\ak.tmp
Présent! C:\Users\Lucas\AppData\Roaming\D48191F4
Présent! C:\Users\Public\iAStorIcon.exe
Présent! C:\Users\Public\jusched.exe
Présent! C:\Users\Lucas\AppData\Roaming\Lucas-wchelper.dll
Présent! C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5z1z.lnk
Présent! C:\Users\Lucas\AppData\Local\Temp\Lucas7
Présent! C:\Users\Lucas\AppData\Local\Temp\Lucas8

################## | Comparaison MD5 |


################## | Registre |

Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Présent! HKU\S-1-5-21-2381913200-3018708405-1333756505-1000\Software\Microsoft\Windows\CurrentVersion\Run|8jusched
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|8jusched

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |

[El Desaparecido]

• Télécharge OTM de OldTimer sur ton bureau.
• Double-clique sur OTM.exe pour le lancer.
• Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
• Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.

Code : Tout sélectionner

:files 
C:\Users\Lucas\AppData\Roaming\Public
C:\Users\Lucas\AppData\Roaming\D48191F4
C:\Users\Public\iAStorIcon.exe
C:\Users\Public\jusched.exe
C:\Users\Lucas\AppData\Roaming\Lucas-wchelper.dll
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5z1z.lnk
C:\Users\Lucas\AppData\Local\Temp\Lucas7
C:\Users\Lucas\AppData\Local\Temp\Lucas8
C:\Windows\adapter.exe
C:\PROGRA~3\LOCALS~1\Temp\mscuiu.exe

:Reg
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\jSugLyCC]
[-HKEY_LOCAL_MACHINE\Software\jSugLyCC]
[HKEY_USERS\S-1-5-21-2381913200-3018708405-1333756505-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"8jusched"=-
"adapter"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"8jusched"=-
"adapter"=-
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jusched7"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"jusched7"=-
[HKEY_USERS\S-1-5-21-2381913200-3018708405-1333756505-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
"jusched9"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
"37364"=-

:commands 
[emptytemp] 

• Clique sur "MoveIt!" .
• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l'ordinateur.
• Si c'est le cas, acceptes en cliquant sur "YES".
• Post le rapport dans ta prochaine réponse.
• Le rapport est situé dans C:\_OTM\MovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).

Relance ensuite UsbFix_Beta option suppression et post également le rapport stp

---