Besoin d’aide pour une désinfection :) 2014-05-05T13:54:37+00:00
  • Auteur
    Messages
  • Veto666
    Participant
    Nombre d'articles : 4

    Bonjour à toutes/tous !

    Cela fait déjà plusieurs mois que je sais mon ordinateur portable vérolé, j’ai essayé de m’en débarrasser via un scan complet d’Avast version gratuite, il s’en est suivi une grande portion de fichiers mis en quarantaine et pour certains d’entre eux je n’avais pas d’autres choix que d’ignorer… Je pensais faire durer mon ordinateur encore quelques mois avant d’en changer mais je subis de plus en plus de ralentissements et de pop-ups intempestifs, et étant étudiant c’est mon principal outil de travail, alors au secours !!

    J’ai suivi les instructions, voici les rapports:

    1)AdwCleaner

    [spoiler:8wrwng92]# AdwCleaner v3.207 – Rapport créé le 05/05/2014 à 15:06:11
    # Mis à jour le 05/05/2014 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Robin – ROBIN-PC
    # Exécuté depuis : C:UsersRobinDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataBabylon
    Dossier Supprimé : C:ProgramDataSoftSafe
    Dossier Supprimé : C:ProgramDataNetoCoupon
    Dossier Supprimé : C:ProgramDataRegularDEAlS
    Dossier Supprimé : C:Program Files (x86)BrowseToSave
    Dossier Supprimé : C:UsersRobinAppDataLocalgenienext
    Dossier Supprimé : C:UsersRobinAppDataLocalMobogenie
    Dossier Supprimé : C:UsersRobinAppDataLocalPutLockerDownloader
    Dossier Supprimé : C:UsersRobinAppDataRoamingBabylon
    Dossier Supprimé : C:UsersRobinAppDataRoamingnewnext.me
    Dossier Supprimé : C:UsersRobinDocumentsMobogenie
    Fichier Supprimé : C:UsersRobinAppDataRoamingMozillaFirefoxProfilespmqgylol.defaultExtensions{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
    Fichier Supprimé : C:UsersRobindaemonprocess.txt
    Fichier Supprimé : C:UsersRobinAppDataRoamingMozillaFirefoxProfilespmqgylol.defaultinvalidprefs.js
    Fichier Supprimé : C:UsersRobinAppDataRoamingMozillaFirefoxProfilespmqgylol.defaultsearchpluginsBabylon.xml

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsbbffdhejhaoiflnpooogkckfdcmmjppn
    Clé Supprimée : HKLMSOFTWAREClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Clé Supprimée : HKLMSOFTWAREClassesFTDownloader
    Clé Supprimée : HKLMSOFTWAREClassesProd.cap
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskPIP_FF__RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskPIP_FF__RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingFTDownloader_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingFTDownloader_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp PathsMobogenieAdd
    Valeur Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [mobilegeni daemon]
    Clé Supprimée : HKLMSOFTWAREClassesRegularDeallss.RegularDeallss
    Clé Supprimée : HKLMSOFTWAREClassesRegularDeallss.RegularDeallss.7.2
    Clé Supprimée : HKLMSOFTWARE5d2dbd0e135bd47
    Clé Supprimée : HKCUSoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{5F189DF5-2D05-472B-9091-84D9848AE48B}{a1851772}
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_7-zip_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_7-zip_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_format-factory_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_format-factory_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_videospin_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_videospin_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_winzip_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_winzip_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{266BB0A1-4893-35F1-7F3E-25B229557094}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{266BB0A1-4893-35F1-7F3E-25B229557094}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{266BB0A1-4893-35F1-7F3E-25B229557094}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{266BB0A1-4893-35F1-7F3E-25B229557094}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{266BB0A1-4893-35F1-7F3E-25B229557094}
    Valeur Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
    Clé Supprimée : HKCUSoftware1ClickDownload
    Clé Supprimée : HKCUSoftwareAPN PIP
    Clé Supprimée : HKCUSoftwareBabylonToolbar
    Clé Supprimée : HKCUSoftwareDataMngr
    [#] Clé Supprimée : HKCUSoftwareDataMngr_Toolbar
    Clé Supprimée : HKCUSoftwarePIP
    Clé Supprimée : HKCUSoftwareSoftonic
    Clé Supprimée : HKCUSoftwareWEDLMNGR
    Clé Supprimée : HKCUSoftwareAppDataLowSProtector
    Clé Supprimée : HKLMSoftware{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Clé Supprimée : HKLMSoftware{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Clé Supprimée : HKLMSoftware{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Clé Supprimée : HKLMSoftwareBabylon
    Clé Supprimée : HKLMSoftwareDataMngr
    Clé Supprimée : HKLMSoftwarePIP
    Clé Supprimée : HKLMSoftwareSP Global
    Clé Supprimée : HKLMSoftwareSProtector
    Clé Supprimée : HKLMSoftwareTrymedia Systems

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17041

    -\ Mozilla Firefox v29.0 (fr)

    [ Fichier : C:UsersRobinAppDataRoamingMozillaFirefoxProfilespmqgylol.defaultprefs.js ]

    Ligne Supprimée : user_pref(“aol_toolbar.default.homepage.check”, false);
    Ligne Supprimée : user_pref(“aol_toolbar.default.search.check”, false);
    Ligne Supprimée : user_pref(“extensions.BabylonToolbar.prtkDS”, 0);
    Ligne Supprimée : user_pref(“extensions.BabylonToolbar.prtkHmpg”, 0);
    Ligne Supprimée : user_pref(“sweetim.toolbar.previous.browser.search.defaultenginename”, “”);
    Ligne Supprimée : user_pref(“sweetim.toolbar.previous.browser.search.selectedEngine”, “”);
    Ligne Supprimée : user_pref(“sweetim.toolbar.previous.browser.startup.homepage”, “”);
    Ligne Supprimée : user_pref(“sweetim.toolbar.previous.keyword.URL”, “”);
    Ligne Supprimée : user_pref(“sweetim.toolbar.scripts.1.domain-blacklist”, “.*”);
    Ligne Supprimée : user_pref(“sweetim.toolbar.searchguard.UserRejectedGuard_DS”, “1”);
    Ligne Supprimée : user_pref(“sweetim.toolbar.searchguard.UserRejectedGuard_HP”, “1”);
    Ligne Supprimée : user_pref(“sweetim.toolbar.searchguard.enable”, “false”);

    -\ Google Chrome v15.0.874.120

    *************************

    AdwCleaner[R0].txt – [7921 octets] – [05/05/2014 15:02:16]
    AdwCleaner[S0].txt – [7265 octets] – [05/05/2014 15:06:11]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [7325 octets] ##########[/spoiler:8wrwng92]

    2) MBAM

    [spoiler:8wrwng92]Malwarebytes Anti-Malware
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Scan Date: 5/05/2014
    Scan Time: 15:33:56
    Logfile: rapportMBAM.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.05.07
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Robin

    Scan Type: Hyper Scan
    Result: Completed
    Objects Scanned: 205943
    Time Elapsed: 9 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Disabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)[/spoiler:8wrwng92]

    Et enfin 3) ZHPdiag

    [spoiler:8wrwng92]~ Rapport de ZHPDiag v2014.5.4.54 – Nicolas Coolman (4/05/2014)
    ~ Lancé par Robin (5/05/2014 15:36:35)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17041
    MFIE: Mozilla Firefox 29.0 (Defaut)
    GCIE: Google Chrome v15.0.874.120

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 9YQTR
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2018
    Malwarebytes Anti-Malware version 2.0.1.1004
    Spybot – Search & Destroy v2.1.19
    Windows Defender W7

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 13 Plugin
    Adobe Reader X
    Java 7 Update 55

    —\ Informations sur le système
    ~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4075 MB (54% free)
    System Restore: Activé (Enable)
    System drive C: has 159 GB (52%) free of 300 GB

    —\ Mode de connexion au système
    ~ Computer Name: ROBIN-PC
    ~ User Name: Robin
    ~ All Users Names: Robin, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersRobinAppDataRoamingZHP
    ~ %AppData% : C:UsersRobinAppDataRoaming
    ~ %Desktop% : C:UsersRobinDesktop
    ~ %Favorites% : C:UsersRobinFavorites
    ~ %LocalAppData% : C:UsersRobinAppDataLocal
    ~ %StartMenu% : C:UsersRobinAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 159 Go of 300 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 229 Go of 373 Go)
    E: CD-ROM drive (Not Inserted)
    F: CD-ROM drive (Free 0 Go of 1 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.24/02/2012 – 01:55:29.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.F220BA78AB542C70211D73AE4729B2CD] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.6/03/2014 – 07:22:40.) — C:WindowsSystem32wininet.dll [2260480]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:32.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:28.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:22.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:34.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:44.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.24/02/2012 – 02:02:21.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:22.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:36.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:58.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.24/02/2012 – 01:35:34.) — C:Windowssystem32Driversvolsnap.sys [296320]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes musiques (My Musics) : 1/347
    ~ Mes Favoris (My Favorites) : 1/8
    ~ Mes Documents (My Documents) : 1/204
    ~ Mon Bureau (My Desktop) : 5/20114
    ~ Menu demarrer (Programs) : 1/36
    ~ Hidden Files: Scanned in 00mn 24s

    —\ Processus lancés
    [MD5.6B3BA5BB455D7A4FD16B697B8F73858F] – (.ASUSTek Computer Inc. – ASUS FaceLogon Application.) — C:Program Files (x86)ASUSFaceLogonsensorsrv.exe [473728] [PID.2168]
    [MD5.D9AB754613208112B840C75B6762B909] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322176] [PID.2432]
    [MD5.64A7C84C0A8C79B22033F92D43919062] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [102568] [PID.536]
    [MD5.98CADC34741738CFC24F5CDFDAA408FA] – (.ASUSTeK – ACEngSvr Module.) — C:WindowsSysWOW64ACEngSvr.exe [162456] [PID.1160]
    [MD5.37DEB76A2CF005841C4E45DE2B94D84F] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3058304] [PID.3384]
    [MD5.35048D8E8A0BF7A797CD5757ACD7EED0] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [107816] [PID.3712]
    [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [958576] [PID.3148]
    [MD5.7EE22E13DEC8A6D18F4643C1EA34B0F0] – (.Virage Logic Corporation / Sonic Focus – ASUS_MATray.exe.) — C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe [984400] [PID.3400]
    [MD5.BC31B27061F27E8968CD0435C038F712] – (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [174720] [PID.4156]
    [MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] – (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe [105016] [PID.4176]
    [MD5.B9BF29CC884BDD499803C3ED1F97FA41] – (.ASUSTeK Computer Inc. – A program that manage wireless devices in s.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [2321072] [PID.4284]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4428]
    [MD5.CDC5106D846A7006AD3FA099367457C1] – (…) — C:Program Files (x86)PhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe [380416] [PID.4472]
    [MD5.3E364978E4C74D3BCEA29FB41743CB5A] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3873704] [PID.4484]
    [MD5.09E9425AD8C61664A37ED84B8B58BDCF] – (.Safer-Networking Ltd. – Spybot – Search & Destroy tray access.) — C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe [3830224] [PID.4604]
    [MD5.3FDBC28DEF3378089C5EE301637970BA] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.4408]
    [MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:DESKTOPMalwarebytes Anti-Malwarembam.exe [6963512] [PID.4076]
    [MD5.8858F7FE986DD156F88488EDA50CC446] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.3592]
    [MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] – (.Adobe Systems, Inc. – Adobe Flash Player 13.0 r0.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.5048]
    [MD5.700803AC9B451FB67DF35EF0E05382E7] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7869952] [PID.1196]
    [MD5.A3626C6D3F2DC95497F3F61842D7FD89] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [80512] [PID.1384]
    [MD5.DBC598E47E7A382E60E2A4745D41FEF9] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1440]
    [MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1484]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1908]
    [MD5.20DDC9CED8BC8390138F3187E0FF7411] – (.ASUSTek Computer Inc. – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [174720] [PID.1580]
    [MD5.F02A533F517EB38333CB12A9E8963773] – (.Google Inc. – Programme d'installation de Google.) — C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [136176] [PID.2124]
    [MD5.D31398D4BB4907B517B6E784C2100C4A] – (.Safer-Networking Ltd. – Spybot-S&D 2 Background update service.) — C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe [1033688] [PID.2912]
    [MD5.6AE8E702D1027A9627DDE2B77BB9992B] – (.Safer-Networking Ltd. – Windows Security Center integration..) — C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe [171928] [PID.3192]
    [MD5.95AA9E165C7DE1B64A11E8B18E91E499] – (.Safer-Networking Ltd. – Spybot-S&D 2 Scanner Service.) — C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe [1817560] [PID.3296]
    [MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.3376]
    [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] – (.ASUS – KBFiltr.) — C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe [113208] [PID.3416]
    [MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.3484]
    [MD5.A8E7F3DB083EB0839DFC1C763CDD2594] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:DESKTOPMalwarebytes Anti-Malwarembamservice.exe [857912] [PID.4512]
    [MD5.0E08BDD7326E657D59DB40BAD23D8169] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:DESKTOPMalwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.3772]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersRobinAppDataRoamingMozillaFirefoxProfilespmqgylol.defaultprefs.js
    M3 – MFPP: Plugins – [Robin] — C:UsersRobinAppDataRoamingMozillaFirefoxProfilespmqgylol.defaultsearchpluginsbing-avast.xml
    ~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = localhost:21320
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 18s
    ~ Nombre de lignes (Lines number): 15516

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: BitTorrent.lnk . (.BitTorrent, Inc. – BitTorrent.) — C:Program Files (x86)BitTorrentBitTorrent.exe =>P2P.BitTorrent
    ~ Global Startup: 1 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
    O4 – HKLM..Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPAPRP.exe
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ecareme – AsusWebStorage.) — C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [SonicMasterTray] . (.Virage Logic Corporation / Sonic Focus – ASUS_MATray.exe.) — C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe
    O4 – HKLM..Wow6432NodeRun: [ATKOSD2] . (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    O4 – HKLM..Wow6432NodeRun: [ATKMEDIA] . (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    O4 – HKLM..Wow6432NodeRun: [HControlUser] . (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    O4 – HKLM..Wow6432NodeRun: [Wireless Console 3] . (.ASUSTeK Computer Inc. – A program that manage wireless devices in s.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [Philips Device Listener] . (…) — C:Program Files (x86)PhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKLM..Wow6432NodeRun: [SDTray] . (.Safer-Networking Ltd. – Spybot – Search & Destroy tray access.) — C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-348317675-1859411710-1871747330-1001..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKUSS-1-5-21-348317675-1859411710-1871747330-1001..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{CAC23DC2-B482-4F30-9051-B02F5B24F451}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{CAC23DC2-B482-4F30-9051-B02F5B24F451}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{CAC23DC2-B482-4F30-9051-B02F5B24F451}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (…) – C:PROGRA~3SYSTEM~1SYSTEM~2.dll (.not file.)
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. – Windows Security Center integration..) – C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe
    ~ Services: 14 Legitimates Filtered in 00mn 37s

    —\ Tâches planifiées en automatique (O39)
    [MD5.1FF033E93713C97593280B3B9537318D] [APT] [{C6FE11D5-EB69-4C13-80C6-33697C030B29}] (…) — C:UsersRobinDownloadsRegCleaner.exe [553687]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [908]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [912]
    ~ Scheduled Task: 17 Legitimates Filtered in 00mn 11s

    —\ Logiciels installés (O42)
    O42 – Logiciel: ThEEBlockeir – (.ThheBulockeeR.) [HKLM][64Bits] — {A5A8BEFB-ACE9-1A21-C178-51D86182FB16}
    ~ Logic: 22 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 18/05/2013 – 18:21:33 – [] —-D C:Program Files (x86)Blood Omen
    O43 – CFD: 31/01/2014 – 20:29:30 – [] —-D C:ProgramData85a93ac36f72f73
    O43 – CFD: 23/04/2013 – 23:16:18 – [] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 31/01/2014 – 20:28:54 – [] —-D C:ProgramDatanecpahemfpmfiipjhcbcblopaajjkdap
    O43 – CFD: 3/03/2014 – 08:21:55 – [0] —-D C:ProgramDataSystem Booster
    O43 – CFD: 31/01/2014 – 20:29:30 – [] —-D C:ProgramDataThEEBlockeir
    ~ 6 Dossier CLSID vide (CLSID Empty Folder)
    ~ Program Folder: 173 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] – 29/04/2014 – 05:48:23 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208]
    O44 – LFC:[MD5.6EA6576480072D2EAFD20874C7EA857C] – 5/05/2014 – 14:14:11 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [1557]
    O44 – LFC:[MD5.B7F3C82A5E68A0D5A8886DFB5BDF0D26] – 5/05/2014 – 14:15:22 —A- . (…) — C:WindowsSystem32AutoRunFilter.ini [2032]
    ~ Files: 52 Legitimates Filtered in 00mn 13s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{507146b0-8231-11e3-a5f3-10bf4858fc03}AutoRuncommand. (…) — G:PMCsetup.exe (.not file.)
    O51 – MPSK:{7e87e7b9-23fa-11e2-8112-10bf4858fc03}AutoRuncommand. (…) — F:DVAP.exe (.not file.)
    O51 – MPSK:{9eb9b3df-b3ec-11e2-8621-10bf4858fc03}AutoRuncommand. (…) — F:Splash.exe
    O51 – MPSK:{ea262bde-f728-11e1-b001-10bf4858fc03}AutoRuncommand. (…) — G:LaunchU3.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:29/04/2014 – 05:48:23 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
    O58 – SDL:29/04/2014 – 05:48:23 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
    O58 – SDL:29/04/2014 – 05:48:23 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [208416] =>.ALWIL Software
    O58 – SDL:13/09/2012 – 12:25:56 —A- . (…) — C:WindowsSystem32Driversatksgt.sys [88480]
    O58 – SDL:4/05/2013 – 15:35:28 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [283200]
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:31/12/2010 – 11:30:10 —A- . (.ELAN Microelectronics Corp. – ETD Kernel Center.) — C:WindowsSystem32DriversETD.sys [138024]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:20/07/2009 – 10:29:40 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
    O58 – SDL:13/09/2012 – 12:25:55 —A- . (…) — C:WindowsSystem32Driverslirsgt.sys [46400]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    ~ Drivers: 86 Legitimates Filtered in 00mn 03s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 1/05/2014 – 15:39:48 —A- . (…) — C:UsersRobinDownloadsRegCleaner.exe [553687]
    O61 – LFC: 5/05/2014 – 15:39:46 —A- . (…) — C:UsersRobinAppDataRoamingsp_data.sys [380]
    O61 – LFC: 5/05/2014 – 15:39:46 —A- . (…) — C:UsersRobinDesktopadwcleaner.exe [1316991]
    O61 – LFC: 5/05/2014 – 15:39:48 —A- . (…) — C:UsersRobinDownloadsadwcleaner.exe [1316991]
    ~ 39 Fichiers temporaires (Temporary files)
    ~ 188 Fichiers cookies (Cookies files)
    ~ Files: 10 Legitimates Filtered in 00mn 09s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 29/04/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 94 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} – (Microsoft (Bing)) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {AFB29F59-A49D-4106-BA26-7C415DC44B00} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:UsersRobinAppDataRoamingBitTorrentGovernor of Poker FULL + CRACKED.rar.torrent =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 ENOffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinAppDataRoamingBitTorrentGovernor of Poker FULL + CRACKED.rar.torrent =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 ENOffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen
    ~ Files: Scanned in 01mn 42s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][6/10/2010] (…) — C:ProgramDataFullRemove.exe [131984]
    [MD5.7D6BF59DA24881B1F21CBEBDFD384474] [SPRF][5/05/2014] (…) — C:UsersRobinAppDataRoamingsp_data.sys [380]
    [MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][5/05/2014] (…) — C:UsersRobinDesktopadwcleaner.exe [1316991]
    [MD5.547EFD86A0EBA8E973D3F545E36581E0] [SPRF][2/08/2013] (…) — C:UsersRobinDesktopVideoSpin_2_0_Setup.exe [170203312]
    ~ Files: 6 Legitimates Filtered in 00mn 05s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{AF427BF4-E48C-4C62-9C1A-A4633FB27E67}” | In – None – P6 – TRUE | .(.BitTorrent, Inc. – BitTorrent.) — C:Program Files (x86)BitTorrentBitTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{3285FF48-F8CA-4123-BC55-529B26991A0F}” | In – None – P17 – TRUE | .(.BitTorrent, Inc. – BitTorrent.) — C:Program Files (x86)BitTorrentBitTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 2 Legitimates Filtered in 00mn 02s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBingBar_RASAPI32 =>Toolbar.Bing
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBitTorrent9_RASAPI32 =>P2P.BitTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBitTorrent9_RASMANCS =>P2P.BitTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBitTorrent_RASAPI32 =>P2P.BitTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBitTorrent_RASMANCS =>P2P.BitTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingbi_client_RASAPI32 =>Adware.MegaSearch
    HKLMSOFTWAREWow6432NodeMicrosoftTracingbi_client_RASMANCS =>Adware.MegaSearch
    ~ BTK: 153 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 5/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 24/02/2012 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 24/02/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 29/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 9/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 25/01/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
    SR – | Auto 22/03/2012 235520 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 22/03/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) – C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
    SR – | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 8/01/2014 2768720 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 3/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:DESKTOPMalwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 3/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:DESKTOPMalwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) – C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe
    SR – | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) – C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe
    SR – | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) – C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 15s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Robin at 5/05/2014 15:42:15
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Robin at 5/05/2014 15:42:17
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (4/05/2014)
    Clés trouvées (Keys found) : 1
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    C:ProgramDataInstallMate =>PUP.Tarma^
    ~ Additionnel Scan: 240958 Items scanned in 01mn 08s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.byethost7.com/wordpress/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch” onclick=”window.open(this.href);return false; =>Adware.MegaSearch
    ~ MSI: 2 link(s) detected in 00mn 00s

    ~ 829 Legitimates filtered by white list
    End of the scan (480 lines in 06mn 52s)(12)[/spoiler:8wrwng92]

    J’espère n’avoir rien oublié, et en tout cas un grand merci pour le temps que vous prenez pour nous pauvres inconscients du net !

    Si besoin de quoi que ce soit d’autres, n’hésitez pas à me le dire !

    Véto666 (Robin)

  • buckhulk
    Participant
    Nombre d'articles : 2391

    bonsoir Véto666

    bon j’ai vu lesz rapports , c ela doit déjà aller un peut mieux.

    tu vas passer USBFix et Shortcut_Module s’il te plait :

    USBFix :

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Suppression

      Note : L’ordinateur va redémarrer automatiquement, au redémarrage, clique sur le message transmis par UsbFix et laisse le programme travailler.

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    Shortcut_Module :

    • Désactive ton antivirus sinon l’outil ne pourra pas travailler convenablement.
    • Télécharge Shortcut_Module sur ton bureau.

      Note : Enregistrer votre travail avant de continuer !

    • Lance Shortcut_Module,
    • Clic sur Nettoyer

      Note : Patiente le temps du scan

    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : “Supprimer le proxy
    • Héberge le rapport C:Shortcut_Module_date_heure.txt sur https://antimalware.top/” onclick=”window.open(this.href);return false; puis donne le lien obtenu

    :merci2:

  • Veto666
    Participant
    Nombre d'articles : 4

    Voilà, il vient de finir pour le shortcutmodule, ça a pris pas mal de temps et visiblement j’ai pas mal de fichiers infectés 🙁

    1) USBfix
    a) report
    [spoiler:2928glgq]############################## | UsbFix V 7.169 | [Suppression]

    Utilisateur: Robin (Administrateur) # ROBIN-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 18:15:37 | 05/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (K73BR)
    CPU: AMD E-450 APU with Radeon(tm) HD Graphics
    RAM -> [Total : 4076 Mo| Free : 2753 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17041
    WB: Google Chrome : 15.0.874.120
    WB: Mozilla Firefox : 29.0

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender [(!) Disabled | Updated]
    AS: Spybot – Search and Destroy [(!) Disabled | Updated]
    AS: avast! Antivirus [(!) Disabled | Updated]
    FW: avast! Antivirus [(!) Disabled]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 300 Go (159 Go libre(s) – 53%) [OS] # NTFS
    D: -> Disque fixe # 373 Go (227 Go libre(s) – 61%) [DATA] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (1 Go libre(s) – 34%) [KINGSTON] # FAT32
    I: -> Disque fixe # 443 Go (281 Go libre(s) – 63%) [Disque ext] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 464 |ParentID: 452)
    C:Windowssystem32wininit.exe (ID: 548 |ParentID: 452)
    C:Windowssystem32csrss.exe (ID: 560 |ParentID: 540)
    C:Windowssystem32services.exe (ID: 604 |ParentID: 548)
    C:Windowssystem32lsass.exe (ID: 620 |ParentID: 548)
    C:Windowssystem32lsm.exe (ID: 628 |ParentID: 548)
    C:Windowssystem32winlogon.exe (ID: 664 |ParentID: 540)
    C:Windowssystem32svchost.exe (ID: 788 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 884 |ParentID: 604)
    C:Windowssystem32atiesrxx.exe (ID: 932 |ParentID: 604)
    C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 604)
    C:WindowsSystem32svchost.exe (ID: 404 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 392 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 564 |ParentID: 604)
    C:Windowssystem32atieclxx.exe (ID: 1120 |ParentID: 932)
    C:Windowssystem32svchost.exe (ID: 1172 |ParentID: 604)
    C:Windowssystem32FBAgent.exe (ID: 1276 |ParentID: 604)
    C:Windowssystem32WLANExt.exe (ID: 1284 |ParentID: 404)
    C:Windowssystem32conhost.exe (ID: 1296 |ParentID: 464)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1316 |ParentID: 604)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1456 |ParentID: 604)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1492 |ParentID: 604)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1712 |ParentID: 1316)
    C:Windowssystem32Dwm.exe (ID: 1812 |ParentID: 404)
    C:WindowsSystem32spoolsv.exe (ID: 1844 |ParentID: 604)
    C:Windowssystem32taskeng.exe (ID: 1852 |ParentID: 564)
    C:WindowsExplorer.EXE (ID: 1872 |ParentID: 1780)
    C:Windowssystem32taskhost.exe (ID: 1900 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 1928 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 2012 |ParentID: 604)
    C:WindowsSystem32lpksetup.exe (ID: 2020 |ParentID: 1852)
    C:Windowssystem32runonce.exe (ID: 1104 |ParentID: 1872)
    C:WindowsSysWOW64runonce.exe (ID: 1536 |ParentID: 1104)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1352 |ParentID: 604)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID: 1672 |ParentID: 1276)
    C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1940 |ParentID: 604)
    C:Windowssystem32lpksetup.exe (ID: 2052 |ParentID: 788)
    C:Program Filesma-config.comMaConfigAgent.exe (ID: 2108 |ParentID: 604)
    C:WindowsSysWOW64ACEngSvr.exe (ID: 2188 |ParentID: 788)
    C:Windowssystem32taskeng.exe (ID: 2236 |ParentID: 564)
    C:Program FilesASUSP4GBatteryLife.exe (ID: 2276 |ParentID: 2236)
    C:Program Files (x86)ASUSFaceLogonsensorsrv.exe (ID: 2296 |ParentID: 2236)
    C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe (ID: 2304 |ParentID: 1276)
    C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2316 |ParentID: 2236)
    C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 2336 |ParentID: 1852)
    C:DESKTOPMalwarebytes Anti-Malwarembamscheduler.exe (ID: 2456 |ParentID: 604)
    C:WindowsAsScrPro.exe (ID: 2520 |ParentID: 1276)
    C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 2700 |ParentID: 1276)
    C:DESKTOPMalwarebytes Anti-Malwarembamservice.exe (ID: 2832 |ParentID: 604)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2852 |ParentID: 1276)
    C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe (ID: 2936 |ParentID: 604)
    C:DESKTOPMalwarebytes Anti-Malwarembam.exe (ID: 3040 |ParentID: 2832)
    C:Program Files (x86)SkypeUpdaterUpdater.exe (ID: 3232 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 3256 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 3292 |ParentID: 604)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3340 |ParentID: 604)
    C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe (ID: 3384 |ParentID: 604)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3612 |ParentID: 3340)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3788 |ParentID: 788)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3932 |ParentID: 788)
    C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 3980 |ParentID: 1712)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 3468 |ParentID: 1712)
    C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 3592 |ParentID: 1712)
    C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe (ID: 3992 |ParentID: 604)

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{507146b0-8231-11e3-a5f3-10bf4858fc03}
    Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{7e87e7b9-23fa-11e2-8112-10bf4858fc03}
    Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{ea262bde-f728-11e1-b001-10bf4858fc03}

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKCU..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
    04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe
    04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLM..Run : [Philips Device Listener] “C:Program Files (x86)PhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe”
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLM..Run : [SDTray] “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
    04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
    04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Listing |

    [04/11/2012 – 11:01:09 | SHD] – C:$Recycle.Bin
    [05/05/2014 – 15:06:37 | D] – C:AdwCleaner
    [24/02/2012 – 04:50:52 | D] – C:AsusVibeData
    [29/07/2009 – 08:03:34 | SHD] – C:Boot
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
    [29/07/2009 – 08:03:37 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [05/05/2014 – 15:22:36 | D] – C:DESKTOP
    [21/01/2013 – 21:50:06 | D] – C:Diablo
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [11/05/2012 – 20:18:48 | D] – C:eSupport
    [18/05/2013 – 18:17:07 | D] – C:Games
    [05/05/2014 – 18:13:44 | ASH | 3130140 Ko] – C:hiberfil.sys
    [05/03/2012 – 04:42:23 | N | 2048 Ko] – C:K43BR.BIN
    [13/09/2012 – 13:27:54 | RHD] – C:MSOCache
    [05/05/2014 – 18:13:44 | ASH | 4173520 Ko] – C:pagefile.sys
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [21/01/2014 – 12:29:15 | D] – C:Philips
    [05/05/2014 – 15:42:16 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [21/01/2014 – 12:33:08 | D] – C:Program Files
    [05/05/2014 – 15:35:48 | D] – C:Program Files (x86)
    [05/05/2014 – 15:22:36 | HD] – C:ProgramData
    [14/07/2012 – 12:05:47 | SHD] – C:Recovery
    [02/05/2014 – 23:10:12 | SHD] – C:System Volume Information
    [05/05/2014 – 18:10:30 | D] – C:UsbFix
    [05/05/2014 – 18:18:24 | A | 10 Ko | A3CABAD3B018D7A0798BED387F4487EF] – C:UsbFix [Clean 2] ROBIN-PC.txt
    [14/07/2012 – 12:07:24 | D] – C:Users
    [29/04/2014 – 06:48:26 | D] – C:Windows
    [14/07/2012 – 12:13:23 | SHD] – D:$RECYCLE.BIN
    [03/12/2012 – 00:03:20 | D] – D:FFOutput
    [05/05/2014 – 15:40:18 | D] – D:Films
    [15/07/2012 – 04:09:05 | SHD] – D:System Volume Information
    [08/08/2012 – 07:35:08 | D] – D:Theme Hospital
    [15/01/2014 – 12:16:12 | SHD] – G:System Volume Information
    [22/01/2014 – 02:40:30 | AH | 4 Ko] – G:._.Trashes
    [28/03/2014 – 22:41:46 | D] – G:Films Baptême
    [14/01/2014 – 20:25:20 | N | 3145 Ko] – G:Radio robin.doc
    [22/01/2014 – 02:40:30 | HD] – G:.Trashes
    [22/01/2014 – 02:40:30 | HD] – G:.Spotlight-V100
    [06/03/2014 – 01:12:08 | N | 217 Ko] – G:RyanairBoardingPass.pdf
    [15/01/2014 – 12:14:36 | D] – G:A imprimer
    [21/03/2014 – 19:50:12 | D] – G:films
    [14/05/2013 – 21:54:26 | N | 49 Ko] – G:Cemespo.pdf
    [15/01/2014 – 13:04:44 | D] – G:MIPA
    [15/01/2014 – 13:05:06 | D] – G:porcine
    [14/02/2013 – 19:58:18 | N | 456 Ko] – G:carnet clinique anesthesie equine.pdf
    [04/06/2013 – 12:41:40 | N | 5750 Ko] – G:REPONSES TUYAUX -CHIEQ.doc
    [06/01/2014 – 15:56:32 | D] – G:Anesthésio
    [03/05/2013 – 17:09:10 | D] – G:non utilisés pour TFE 2DOC
    [04/05/2013 – 01:00:28 | D] – G:TFE
    [03/03/2013 – 23:29:08 | N | 13095 Ko] – G:Boiteries-MM_HG_VF_120828-lo.pdf
    [03/03/2013 – 23:32:10 | N | 10562 Ko] – G:CarnetClinique2011_GRAND.pdf
    [10/01/2013 – 14:40:40 | N | 36 Ko] – G:OGA 60VF.docx
    [14/02/2013 – 19:58:50 | N | 1252 Ko] – G:propedeutiqueboiteries_cv2012(1).pdf
    [27/01/2014 – 01:11:58 | D] – G:tuyaux 3DOC
    [08/12/2013 – 17:35:56 | D] – G:OPA
    [11/04/2010 – 17:51:04 | D] – I:Recycled
    [11/04/2010 – 17:51:04 | SHD] – I:System Volume Information
    [11/04/2010 – 21:43:28 | D] – I:WBFS (copie d'un iso sur DD externe)
    [02/11/2013 – 22:34:22 | AH | 4 Ko] – I:._.Trashes
    [02/11/2013 – 22:34:22 | HD] – I:.Trashes
    [11/04/2010 – 21:44:22 | D] – I:Dump
    [02/11/2013 – 22:34:22 | HD] – I:.fseventsd
    [02/11/2013 – 22:34:24 | HD] – I:.Spotlight-V100
    [11/04/2010 – 21:48:50 | N | 15 Ko] – I:Explications détaillées.docx
    [11/04/2010 – 21:49:16 | D] – I:Carte SD
    [23/04/2010 – 14:33:08 | SHD] – I:$RECYCLE.BIN
    [23/04/2010 – 14:33:06 | D] – I:Films
    [03/05/2014 – 11:37:54 | D] – I:cours gmv3
    [14/04/2014 – 21:40:18 | D] – I:GMV2 cours rédigé ana
    [03/05/2014 – 13:51:50 | D] – I:Cours 3eme Doc

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2928glgq]

    b) clean2 (il est possible que ce soit moi qui ai créé un deuxième rapport sans le vouloir)
    [spoiler:2928glgq]############################## | UsbFix V 7.169 | [Suppression]

    Utilisateur: Robin (Administrateur) # ROBIN-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 18:15:37 | 05/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (K73BR)
    CPU: AMD E-450 APU with Radeon(tm) HD Graphics
    RAM -> [Total : 4076 Mo| Free : 2753 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17041
    WB: Google Chrome : 15.0.874.120
    WB: Mozilla Firefox : 29.0

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender [(!) Disabled | Updated]
    AS: Spybot – Search and Destroy [(!) Disabled | Updated]
    AS: avast! Antivirus [(!) Disabled | Updated]
    FW: avast! Antivirus [(!) Disabled]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 300 Go (159 Go libre(s) – 53%) [OS] # NTFS
    D: -> Disque fixe # 373 Go (227 Go libre(s) – 61%) [DATA] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (1 Go libre(s) – 34%) [KINGSTON] # FAT32
    I: -> Disque fixe # 443 Go (281 Go libre(s) – 63%) [Disque ext] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 464 |ParentID: 452)
    C:Windowssystem32wininit.exe (ID: 548 |ParentID: 452)
    C:Windowssystem32csrss.exe (ID: 560 |ParentID: 540)
    C:Windowssystem32services.exe (ID: 604 |ParentID: 548)
    C:Windowssystem32lsass.exe (ID: 620 |ParentID: 548)
    C:Windowssystem32lsm.exe (ID: 628 |ParentID: 548)
    C:Windowssystem32winlogon.exe (ID: 664 |ParentID: 540)
    C:Windowssystem32svchost.exe (ID: 788 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 884 |ParentID: 604)
    C:Windowssystem32atiesrxx.exe (ID: 932 |ParentID: 604)
    C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 604)
    C:WindowsSystem32svchost.exe (ID: 404 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 392 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 564 |ParentID: 604)
    C:Windowssystem32atieclxx.exe (ID: 1120 |ParentID: 932)
    C:Windowssystem32svchost.exe (ID: 1172 |ParentID: 604)
    C:Windowssystem32FBAgent.exe (ID: 1276 |ParentID: 604)
    C:Windowssystem32WLANExt.exe (ID: 1284 |ParentID: 404)
    C:Windowssystem32conhost.exe (ID: 1296 |ParentID: 464)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1316 |ParentID: 604)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1456 |ParentID: 604)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1492 |ParentID: 604)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1712 |ParentID: 1316)
    C:Windowssystem32Dwm.exe (ID: 1812 |ParentID: 404)
    C:WindowsSystem32spoolsv.exe (ID: 1844 |ParentID: 604)
    C:Windowssystem32taskeng.exe (ID: 1852 |ParentID: 564)
    C:WindowsExplorer.EXE (ID: 1872 |ParentID: 1780)
    C:Windowssystem32taskhost.exe (ID: 1900 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 1928 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 2012 |ParentID: 604)
    C:WindowsSystem32lpksetup.exe (ID: 2020 |ParentID: 1852)
    C:Windowssystem32runonce.exe (ID: 1104 |ParentID: 1872)
    C:WindowsSysWOW64runonce.exe (ID: 1536 |ParentID: 1104)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1352 |ParentID: 604)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID: 1672 |ParentID: 1276)
    C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (ID: 1940 |ParentID: 604)
    C:Windowssystem32lpksetup.exe (ID: 2052 |ParentID: 788)
    C:Program Filesma-config.comMaConfigAgent.exe (ID: 2108 |ParentID: 604)
    C:WindowsSysWOW64ACEngSvr.exe (ID: 2188 |ParentID: 788)
    C:Windowssystem32taskeng.exe (ID: 2236 |ParentID: 564)
    C:Program FilesASUSP4GBatteryLife.exe (ID: 2276 |ParentID: 2236)
    C:Program Files (x86)ASUSFaceLogonsensorsrv.exe (ID: 2296 |ParentID: 2236)
    C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe (ID: 2304 |ParentID: 1276)
    C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2316 |ParentID: 2236)
    C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 2336 |ParentID: 1852)
    C:DESKTOPMalwarebytes Anti-Malwarembamscheduler.exe (ID: 2456 |ParentID: 604)
    C:WindowsAsScrPro.exe (ID: 2520 |ParentID: 1276)
    C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 2700 |ParentID: 1276)
    C:DESKTOPMalwarebytes Anti-Malwarembamservice.exe (ID: 2832 |ParentID: 604)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2852 |ParentID: 1276)
    C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe (ID: 2936 |ParentID: 604)
    C:DESKTOPMalwarebytes Anti-Malwarembam.exe (ID: 3040 |ParentID: 2832)
    C:Program Files (x86)SkypeUpdaterUpdater.exe (ID: 3232 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 3256 |ParentID: 604)
    C:Windowssystem32svchost.exe (ID: 3292 |ParentID: 604)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3340 |ParentID: 604)
    C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe (ID: 3384 |ParentID: 604)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3612 |ParentID: 3340)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3788 |ParentID: 788)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3932 |ParentID: 788)
    C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 3980 |ParentID: 1712)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 3468 |ParentID: 1712)
    C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 3592 |ParentID: 1712)
    C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe (ID: 3992 |ParentID: 604)

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{507146b0-8231-11e3-a5f3-10bf4858fc03}
    Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{7e87e7b9-23fa-11e2-8112-10bf4858fc03}
    Supprimé! HKUS-1-5-21-348317675-1859411710-1871747330-1001Software….Mountpoints2{ea262bde-f728-11e1-b001-10bf4858fc03}

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKCU..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
    04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe
    04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLM..Run : [Philips Device Listener] “C:Program Files (x86)PhilipsPhilips Songbird ResourcesAutolauncherPhilipsDeviceListener.exe”
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLM..Run : [SDTray] “C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe”
    04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
    04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [DAEMON Tools Lite] “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-21-348317675-1859411710-1871747330-1001..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Listing |

    [04/11/2012 – 11:01:09 | SHD] – C:$Recycle.Bin
    [05/05/2014 – 15:06:37 | D] – C:AdwCleaner
    [24/02/2012 – 04:50:52 | D] – C:AsusVibeData
    [29/07/2009 – 08:03:34 | SHD] – C:Boot
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
    [29/07/2009 – 08:03:37 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [05/05/2014 – 15:22:36 | D] – C:DESKTOP
    [21/01/2013 – 21:50:06 | D] – C:Diablo
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [11/05/2012 – 20:18:48 | D] – C:eSupport
    [18/05/2013 – 18:17:07 | D] – C:Games
    [05/05/2014 – 18:13:44 | ASH | 3130140 Ko] – C:hiberfil.sys
    [05/03/2012 – 04:42:23 | N | 2048 Ko] – C:K43BR.BIN
    [13/09/2012 – 13:27:54 | RHD] – C:MSOCache
    [05/05/2014 – 18:13:44 | ASH | 4173520 Ko] – C:pagefile.sys
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [21/01/2014 – 12:29:15 | D] – C:Philips
    [05/05/2014 – 15:42:16 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [21/01/2014 – 12:33:08 | D] – C:Program Files
    [05/05/2014 – 15:35:48 | D] – C:Program Files (x86)
    [05/05/2014 – 15:22:36 | HD] – C:ProgramData
    [14/07/2012 – 12:05:47 | SHD] – C:Recovery
    [02/05/2014 – 23:10:12 | SHD] – C:System Volume Information
    [05/05/2014 – 18:10:30 | D] – C:UsbFix
    [05/05/2014 – 18:18:24 | A | 10 Ko | A3CABAD3B018D7A0798BED387F4487EF] – C:UsbFix [Clean 2] ROBIN-PC.txt
    [14/07/2012 – 12:07:24 | D] – C:Users
    [29/04/2014 – 06:48:26 | D] – C:Windows
    [14/07/2012 – 12:13:23 | SHD] – D:$RECYCLE.BIN
    [03/12/2012 – 00:03:20 | D] – D:FFOutput
    [05/05/2014 – 15:40:18 | D] – D:Films
    [15/07/2012 – 04:09:05 | SHD] – D:System Volume Information
    [08/08/2012 – 07:35:08 | D] – D:Theme Hospital
    [15/01/2014 – 12:16:12 | SHD] – G:System Volume Information
    [22/01/2014 – 02:40:30 | AH | 4 Ko] – G:._.Trashes
    [28/03/2014 – 22:41:46 | D] – G:Films Baptême
    [14/01/2014 – 20:25:20 | N | 3145 Ko] – G:Radio robin.doc
    [22/01/2014 – 02:40:30 | HD] – G:.Trashes
    [22/01/2014 – 02:40:30 | HD] – G:.Spotlight-V100
    [06/03/2014 – 01:12:08 | N | 217 Ko] – G:RyanairBoardingPass.pdf
    [15/01/2014 – 12:14:36 | D] – G:A imprimer
    [21/03/2014 – 19:50:12 | D] – G:films
    [14/05/2013 – 21:54:26 | N | 49 Ko] – G:Cemespo.pdf
    [15/01/2014 – 13:04:44 | D] – G:MIPA
    [15/01/2014 – 13:05:06 | D] – G:porcine
    [14/02/2013 – 19:58:18 | N | 456 Ko] – G:carnet clinique anesthesie equine.pdf
    [04/06/2013 – 12:41:40 | N | 5750 Ko] – G:REPONSES TUYAUX -CHIEQ.doc
    [06/01/2014 – 15:56:32 | D] – G:Anesthésio
    [03/05/2013 – 17:09:10 | D] – G:non utilisés pour TFE 2DOC
    [04/05/2013 – 01:00:28 | D] – G:TFE
    [03/03/2013 – 23:29:08 | N | 13095 Ko] – G:Boiteries-MM_HG_VF_120828-lo.pdf
    [03/03/2013 – 23:32:10 | N | 10562 Ko] – G:CarnetClinique2011_GRAND.pdf
    [10/01/2013 – 14:40:40 | N | 36 Ko] – G:OGA 60VF.docx
    [14/02/2013 – 19:58:50 | N | 1252 Ko] – G:propedeutiqueboiteries_cv2012(1).pdf
    [27/01/2014 – 01:11:58 | D] – G:tuyaux 3DOC
    [08/12/2013 – 17:35:56 | D] – G:OPA
    [11/04/2010 – 17:51:04 | D] – I:Recycled
    [11/04/2010 – 17:51:04 | SHD] – I:System Volume Information
    [11/04/2010 – 21:43:28 | D] – I:WBFS (copie d'un iso sur DD externe)
    [02/11/2013 – 22:34:22 | AH | 4 Ko] – I:._.Trashes
    [02/11/2013 – 22:34:22 | HD] – I:.Trashes
    [11/04/2010 – 21:44:22 | D] – I:Dump
    [02/11/2013 – 22:34:22 | HD] – I:.fseventsd
    [02/11/2013 – 22:34:24 | HD] – I:.Spotlight-V100
    [11/04/2010 – 21:48:50 | N | 15 Ko] – I:Explications détaillées.docx
    [11/04/2010 – 21:49:16 | D] – I:Carte SD
    [23/04/2010 – 14:33:08 | SHD] – I:$RECYCLE.BIN
    [23/04/2010 – 14:33:06 | D] – I:Films
    [03/05/2014 – 11:37:54 | D] – I:cours gmv3
    [14/04/2014 – 21:40:18 | D] – I:GMV2 cours rédigé ana
    [03/05/2014 – 13:51:50 | D] – I:Cours 3eme Doc

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2928glgq]

    2) Shortcut Module –> https://antimalware.top/www/?a=d&i=APs2xCilED” onclick=”window.open(this.href);return false;

    J’espère ne pas avoir fais d’erreur 🙂 Merci pour ton temps !

    Véto666

  • Veto666
    Participant
    Nombre d'articles : 4

    Je ne sais pas si ça peut t’aider, mais après avoir fais les manipulations préliminaires à l’envoi de mon premier post je sentais un mieux, tandis qu’ici mon pc est plus lent que jamais.

    [EDIT] Je retire ce que je viens de dire, il n’est pas plus lent, juste un poil moins rapide qu’après les premières modifs 🙂

  • buckhulk
    Participant
    Nombre d'articles : 2391

    Tu avais beaucoup d’infections…..

    Donc tu vas passer Adwcleaner et JRT ensuite malwarebytes (en le retelechargeant et mettant à jour) et me refaire un ZHPDiag s’il te plait !
    _____________________________________________
    Adwcleaner :

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    ______________________________________

    JRT :

    • Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    _____________________________________________________
    Malwarebytes :

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware Premium”
    • Clic sur Mettre à jour (à droite, au centre)
    • Clic sur Examen (en haut)
    • Sélectionne Examen “Menaces”
    • Clic sur Examiner maintenant

    • A la fin du scan clic sur Tout mettre en quarantaine !
    • Clic sur Copier dans le Presse-papiers
    • Un rapport va s’ouvrir. Copie/Colle son contenue dans ta prochaine réponse.

    _________________________________________________
    [center:3fizsn0e]ZHPDiag[/center:3fizsn0e]

    suis bien les instructions

    1) * Télécharge ZHPDiag (de Nicolas coolman) sur ton bureau !!

    >> ZHPDiag (de Nicolas coolman) ICI

    miroir : ftp://zebulon.fr/ZHPDiag2.exe” onclick=”window.open(this.href);return false;

    Si ton système d’exploitation est Vista ou Win7/8, lance les logiciels par simple clic droit et choisis “exécuter en tant qu’administrateur”

    a) * Une fois le téléchargement achevé,
    b) * double clique (ou clic droit pour seven , vista et 8 exécuter en tant qu’administrateur) sur ZHPDiag2.exe et suis les instructions.
    c) * L’outil va créer 2 icônes de racourcis : ZHPDiag >> ZHPFix
    d) * Clique droit sur le parchemin
    e) *A l’ouverture le programme te proposes “Rechercher” , “Configurer” , Complet –

    Clique sur “Complet” le scan démarre…….le rapport s’affiche

    Si tu cliques sur Configurer :
    * Des icônes apparaissent en bas de la fenêtre.
    * Clique sur le tournevis en bas à droite et choisis “Tous” puis “OK”

    2)* Maintenant clique sur “Rechercher”.

    * Important >> Pendant l analyse de ton PC par ZHPDIag ne touche à plus rien !!!!!
    * Laisse l’outil travailler, il peut être assez long

    3) * Le rapport s’affiche sur ton Bureau une fois terminé !

    Tu peux fermer ZHPDiag

    IMPORTANT
    [les rapports étant trop long, les héberger :

    Rappel des dépôts

    1 : Sosupload>>Utilisation
    2 : cjoint>> Utilisation
    3 pjoint
    4 up2share
    5 FEC

    :merci2:

  • Veto666
    Participant
    Nombre d'articles : 4

    Bonjour !

    Voici les différents rapports:

    1) Adwcleaner
    [spoiler:2pohw7ce]# AdwCleaner v3.207 – Rapport créé le 06/05/2014 à 11:51:44
    # Mis à jour le 05/05/2014 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Robin – ROBIN-PC
    # Exécuté depuis : C:UsersRobinDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17041

    -\ Mozilla Firefox v29.0 (fr)

    [ Fichier : C:UsersRobinAppDataRoamingMozillaFirefoxProfilespmqgylol.defaultprefs.js ]

    -\ Google Chrome v15.0.874.120

    *************************

    AdwCleaner[R0].txt – [7921 octets] – [05/05/2014 15:02:16]
    AdwCleaner[R1].txt – [961 octets] – [06/05/2014 11:48:15]
    AdwCleaner[S0].txt – [7433 octets] – [05/05/2014 15:06:11]
    AdwCleaner[S1].txt – [883 octets] – [06/05/2014 11:51:44]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [942 octets] ##########[/spoiler:2pohw7ce]

    2) JRT

    https://antimalware.top/www/?a=d&i=BjdFn0Vmt4” onclick=”window.open(this.href);return false;

    3) MBAM

    a) report protection
    [spoiler:2pohw7ce]Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Update, 6/05/2014 00:45:12, SYSTEM, ROBIN-PC, Scheduler, Malware Database, 2014.5.5.11, 2014.5.5.13,
    Protection, 6/05/2014 00:45:15, SYSTEM, ROBIN-PC, Protection, Refresh, Starting,
    Protection, 6/05/2014 00:45:15, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 6/05/2014 00:45:15, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 6/05/2014 00:46:02, SYSTEM, ROBIN-PC, Protection, Refresh, Success,
    Protection, 6/05/2014 00:46:02, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Starting,
    Protection, 6/05/2014 00:46:07, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Started,
    Protection, 6/05/2014 11:54:09, SYSTEM, ROBIN-PC, Protection, Malware Protection, Starting,
    Protection, 6/05/2014 11:54:10, SYSTEM, ROBIN-PC, Protection, Malware Protection, Started,
    Protection, 6/05/2014 11:54:11, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Starting,
    Protection, 6/05/2014 11:55:59, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Started,
    Update, 6/05/2014 12:36:43, SYSTEM, ROBIN-PC, Scheduler, Malware Database, 2014.5.5.13, 2014.5.6.3,
    Protection, 6/05/2014 12:36:47, SYSTEM, ROBIN-PC, Protection, Refresh, Starting,
    Protection, 6/05/2014 12:36:47, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 6/05/2014 12:36:47, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 6/05/2014 12:36:59, SYSTEM, ROBIN-PC, Protection, Refresh, Success,
    Protection, 6/05/2014 12:36:59, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Starting,
    Protection, 6/05/2014 12:37:00, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Started,
    Protection, 6/05/2014 12:37:16, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 6/05/2014 12:37:16, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 6/05/2014 12:37:16, SYSTEM, ROBIN-PC, Protection, Malware Protection, Stopping,
    Protection, 6/05/2014 12:37:17, SYSTEM, ROBIN-PC, Protection, Malware Protection, Stopped,
    Protection, 6/05/2014 12:38:25, SYSTEM, ROBIN-PC, Protection, Malware Protection, Starting,
    Protection, 6/05/2014 12:38:25, SYSTEM, ROBIN-PC, Protection, Malware Protection, Started,
    Protection, 6/05/2014 12:38:25, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Starting,
    Protection, 6/05/2014 12:38:26, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Started,
    Update, 6/05/2014 12:38:36, SYSTEM, ROBIN-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
    Update, 6/05/2014 12:39:41, SYSTEM, ROBIN-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.6.3,
    Protection, 6/05/2014 12:39:44, SYSTEM, ROBIN-PC, Protection, Refresh, Starting,
    Protection, 6/05/2014 12:39:44, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 6/05/2014 12:39:44, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 6/05/2014 12:39:55, SYSTEM, ROBIN-PC, Protection, Refresh, Success,
    Protection, 6/05/2014 12:39:55, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Starting,
    Protection, 6/05/2014 12:39:56, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Started,
    Protection, 6/05/2014 13:02:36, SYSTEM, ROBIN-PC, Protection, Malware Protection, Starting,
    Protection, 6/05/2014 13:02:37, SYSTEM, ROBIN-PC, Protection, Malware Protection, Started,
    Protection, 6/05/2014 13:02:37, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Starting,
    Protection, 6/05/2014 13:04:09, SYSTEM, ROBIN-PC, Protection, Malicious Website Protection, Started,

    (end)[/spoiler:2pohw7ce]

    b)scan

    [spoiler:2pohw7ce]Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Scan Date: 6/05/2014
    Scan Time: 13:00:35
    Logfile: MBAMreportscan.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.06.03
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Robin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 256500
    Time Elapsed: 20 min, 5 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.MultiPlug.A, C:ProgramDataThEEBlockeirRkTFG8n.x64.dll, Quarantined, [0b20da740774a98d1a8e23243ac73dc3],
    PUP.Optional.OpenCandy, C:UsersRobinDownloadsDTLite4471-0333.exe, Quarantined, [d45759f5f883d06689dce5794abae020],

    Physical Sectors: 0
    (No malicious items detected)

    (end)[/spoiler:2pohw7ce]

    4) ZHP

    https://antimalware.top/www/?a=d&i=1q1COQLP8V” onclick=”window.open(this.href);return false;

    Merci bien !

    Véto666

  • buckhulk
    Participant
    Nombre d'articles : 2391

    Adobe à mettre à jour : Adobe mise à jour

    de plus il faut que tu supprime tes P2P .

    Je ne continuerais pas la désinfection car tu as plein de Crack

    C:UsersRobinAppDataRoamingBitTorrentGovernor of Poker FULL + CRACKED.rar.torrent =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 ENOffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinAppDataRoamingBitTorrentGovernor of Poker FULL + CRACKED.rar.torrent =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 ENOffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopbordelcléusbOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FR._Office [Keygen].exe =>.Crack,Keygen
    C:UsersRobinDesktopOffice 2007 FROffice [Keygen].exe =>.Crack,Keygen

    désolé !
    :bye:

  • Veto666
    Participant
    Nombre d'articles : 4

    Ok pour la mise à jour, quand tu parles de supprimer mes P2P de quoi parles-tu? Tu veux dire par là que je ferais mieux de supprimer bitorrent?

    Sinon pour les crack est ce qu’ils posent vraiment problème? je parles surtout pour office car je m’en sers tout le temps…

  • buckhulk
    Participant
    Nombre d'articles : 2391
    Sinon pour les crack est ce qu'ils posent vraiment problème? je parles surtout pour office car je m'en sers tout le temps...

    pour moi ils en posent , je comprend que tout soit trop cher mais il y a suffisement de logiciels gratuit qui font presque la même chose pour ne pas avoir de crack !
    évidement si tu es un professionnel , je comprend que tu es besoin de tout les services que propose les logiciels “vrais” mais si tu es professionnel , tu te l’achète !

    pour les P2P oui c’est les torrents….

Le sujet ‘Besoin d’aide pour une désinfection :)’ est fermé à de nouvelles réponses.