Carte mémoire infecté 2013-12-05T15:23:51+00:00
4 sujets de 1 à 4 (sur un total de 4)
  • Auteur
    Messages
  • kosovo
    Participant
    Nombre d'articles : 2

    Bonjour,

    j’ai besoin de votre aide s’il vous plait,
    j’ai récemment attrapé un virus sur ma clé usb qui a infecté mon pc et qui à son rôle a infecté mes cartes mémoires et je n’arrive donc plus à lire mes musiques sur ma voiture quand je branche la carte mémoire sur mon pc je vois qu’il y a les musiques mais avec des fichiers raccourci j’ai fais un nettoyage / formatage mais toujours rien.
    Voici les deux rapports Usbfix et Zhpdiag :

    Le Premier avec UsbFix :

    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: Kosovo1 (Administrateur) # KOSOVO
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 16:02:56 | 05/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Micro-Star International Co., Ltd. (MS-16GA)
    CPU: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
    RAM -> [Total : 3993 | Free : 952]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 Professionnel (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16384
    WB: Google Chrome : 31.0.1650.57

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: AVG AntiVirus Free Edition 2014 [Enabled | Updated]
    AS: Windows Defender : 4.0.9200.16384 (win8_rtm.120725-1247)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 146 Go (47 Go libre(s) – 32%) [] # NTFS
    D: -> Disque fixe # 319 Go (238 Go libre(s) – 75%) [] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> Disque amovible # 7 Go (7 Go libre(s) – 99%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 452 |ParentID: 444)
    C:Windowssystem32wininit.exe (ID: 532 |ParentID: 444)
    C:Windowssystem32services.exe (ID: 644 |ParentID: 532)
    C:Windowssystem32lsass.exe (ID: 652 |ParentID: 532)
    C:Windowssystem32svchost.exe (ID: 760 |ParentID: 644)
    C:Windowssystem32nvvsvc.exe (ID: 804 |ParentID: 644)
    C:Windowssystem32svchost.exe (ID: 848 |ParentID: 644)
    C:WindowsSystem32svchost.exe (ID: 920 |ParentID: 644)
    C:Windowssystem32svchost.exe (ID: 952 |ParentID: 644)
    C:Windowssystem32svchost.exe (ID: 296 |ParentID: 644)
    C:WindowsSystem32svchost.exe (ID: 656 |ParentID: 644)
    C:Windowssystem32svchost.exe (ID: 1144 |ParentID: 644)
    C:Windowssystem32WLANExt.exe (ID: 1248 |ParentID: 656)
    C:Windowssystem32conhost.exe (ID: 1304 |ParentID: 1248)
    C:WindowsSystem32spoolsv.exe (ID: 1464 |ParentID: 644)
    C:Windowssystem32svchost.exe (ID: 1512 |ParentID: 644)
    C:Program FilesBigfoot NetworksKiller Network ManagerBFNService.exe (ID: 2024 |ParentID: 644)
    C:Windowssystem32dashost.exe (ID: 2060 |ParentID: 656)
    C:Program FilesIntelWiFibinEvtEng.exe (ID: 2076 |ParentID: 644)
    C:Program Filesma-config.comMaConfigAgent.exe (ID: 2140 |ParentID: 644)
    C:Windowssystem32rundll32.exe (ID: 3008 |ParentID: 2956)
    C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (ID: 1700 |ParentID: 644)
    C:Windowssystem32svchost.exe (ID: 1192 |ParentID: 644)
    C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 2332 |ParentID: 644)
    C:PROGRA~2SearchProtectMainbinCltMngSvc.exe (ID: 3084 |ParentID: 644)
    C:Windowssystem32svchost.exe (ID: 3420 |ParentID: 644)
    C:Windowssystem32SearchIndexer.exe (ID: 3496 |ParentID: 644)
    C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe (ID: 4172 |ParentID: 644)
    C:Windowssystem32wbemunsecapp.exe (ID: 5928 |ParentID: 760)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5944 |ParentID: 760)
    C:Windowssystem32wbemwmiprvse.exe (ID: 6024 |ParentID: 760)
    C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 6608 |ParentID: 644)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 5772 |ParentID: 644)
    C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe (ID: 6856 |ParentID: 644)
    C:Windowssystem32csrss.exe (ID: 7448 |ParentID: 4936)
    C:WindowsSystem32WinLogon.exe (ID: 6556 |ParentID: 4936)
    C:WindowsSystem32dwm.exe (ID: 2412 |ParentID: 6556)
    C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 7824 |ParentID: 804)
    C:Windowssystem32nvvsvc.exe (ID: 7904 |ParentID: 804)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 724 |ParentID: 5772)
    C:Windowssystem32conhost.exe (ID: 5996 |ParentID: 724)
    C:PROGRA~2SearchProtectSearchProtectbincltmng.exe (ID: 716 |ParentID: 3084)
    C:PROGRA~2SearchProtectUIbincltmngui.exe (ID: 5268 |ParentID: 3084)
    C:WindowsExplorer.EXE (ID: 7776 |ParentID: 212)
    C:Windowssystem32taskhostex.exe (ID: 4848 |ParentID: 644)
    C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 7580 |ParentID: 7824)
    C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe (ID: 7988 |ParentID: 1584)
    C:Program FilesElantechETDCtrl.exe (ID: 6540 |ParentID: 7776)
    C:Program FilesElantechETDCtrlHelper.exe (ID: 1808 |ParentID: 6540)
    C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe (ID: 1624 |ParentID: 7776)
    C:WindowsSystem32igfxtray.exe (ID: 5816 |ParentID: 7776)
    C:Windowssystem32igfxsrvc.exe (ID: 4924 |ParentID: 760)
    C:WindowsSystem32hkcmd.exe (ID: 1836 |ParentID: 7776)
    C:WindowsSystem32igfxpers.exe (ID: 7616 |ParentID: 7776)
    C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe (ID: 976 |ParentID: 7776)
    C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe (ID: 7752 |ParentID: 7776)
    C:WindowsSystem32wscript.exe (ID: 6136 |ParentID: 7776)
    C:Program Files (x86)OriginOrigin.exe (ID: 6180 |ParentID: 7776)
    C:Program FilesBigfoot NetworksKiller Network ManagerKillerNetManager.exe (ID: 4948 |ParentID: 7776)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 6348 |ParentID: 6988)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3512 |ParentID: 4792)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1172 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2524 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5424 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7560 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4660 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 7652 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 620 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2088 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1176 |ParentID: 3512)
    C:Program Files (x86)AVGAVG2014avgidsagent.exe (ID: 2716 |ParentID: 644)
    C:Program Files (x86)AVGAVG2014avgwdsvc.exe (ID: 440 |ParentID: 644)
    C:Program Files (x86)AVGAVG2014avgnsa.exe (ID: 6748 |ParentID: 440)
    C:Program Files (x86)AVGAVG2014avgemca.exe (ID: 708 |ParentID: 440)
    C:Program Files (x86)AVGAVG2014avgrsa.exe (ID: 6924 |ParentID: 440)
    C:Program Files (x86)AVGAVG2014avgcsrva.exe (ID: 6364 |ParentID: 6924)
    C:Program Files (x86)AVGAVG2014avgui.exe (ID: 4608 |ParentID: 7624)
    C:Program Files (x86)AVGAVG2014avgcsrva.exe (ID: 3196 |ParentID: 440)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4548 |ParentID: 3512)
    C:Program FilesMicrosoft OfficeOffice15WINWORD.EXE (ID: 3724 |ParentID: 7776)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2232 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6916 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9636 |ParentID: 3512)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1540 |ParentID: 3512)
    C:Windowssystem32taskeng.exe (ID: 9936 |ParentID: 952)
    C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 9584 |ParentID: 9936)
    C:Windowssystem32msiexec.exe (ID: 6480 |ParentID: 644)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 9196 |ParentID: 3512)
    C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 9312 |ParentID: 644)
    C:Program Files (x86)GoogleUpdateInstall{B6B84F1E-429D-4411-8D6D-AAAC9B681B68}31.0.1650.63_31.0.1650.57_chrome_updater.exe (ID: 2396 |ParentID: 9312)
    C:WindowsTEMPCR_3E296.tmpsetup.exe (ID: 8744 |ParentID: 2396)
    C:Windowssystem32SearchProtocolHost.exe (ID: 8132 |ParentID: 3496)
    C:Windowssystem32SearchFilterHost.exe (ID: 8496 |ParentID: 3496)
    C:UsbFixGo.exe (ID: 7108 |ParentID: 2824)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [uTorrent] – “C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [AppsHat] – C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [Apps Hat] – C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [install_flashplayer] – wscript.exe //B “C:UsersKosovo1AppDataLocalTempinstall_flashplayer.vbs”

    ################## | Recherche générique |

    Présent! C:UsersKosovo1AppDataLocalTemputtFF1F.tmp.exe
    Présent! F:autorun.inf

    ################## | Registre |

    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    Le Second avec ZHPDiag :

    ~ Rapport de ZHPDiag v2013.12.5.11 – Nicolas Coolman (05/12/2013)
    ~ Lancé par Kosovo1 (05/12/2013 16:20:21)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16384
    GCIE: Google Chrome v31.0.1650.57 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8 Business Edition, 64-bit (Build 9200)
    Windows Server License Manager Script : OK
    ~ ion : Windows(R) Operating System, VOLUME_KMSCLIENT channel
    Windows ID Activation : OK
    ~ Windows Partial Key : J8CK4
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1000
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    AVG 2014 v14.0.3658
    McAfee Security Scan Plus v3.8.130.8
    Windows Defender W8

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3992 MB (57% free)
    System Restore: Activé (Enable)
    System drive C: has 47 GB (32%) free of 146 GB

    —\ Mode de connexion au système
    ~ Computer Name: KOSOVO
    ~ User Name: Kosovo1
    ~ All Users Names: Kosovo1, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersKosovo1AppDataRoamingZHP
    ~ %AppData% : C:UsersKosovo1AppDataRoaming
    ~ %Desktop% : C:UsersKosovo1Desktop
    ~ %Favorites% : C:UsersKosovo1Favorites
    ~ %LocalAppData% : C:UsersKosovo1AppDataLocal
    ~ %StartMenu% : C:UsersKosovo1AppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 146 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 238 Go of 319 Go)
    E: CD-ROM drive (Not Inserted)
    F: CD-ROM drive (Free 0 Go of 6 Go)
    G: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 40 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.928791755FDDEA721B053535EF84FA17] – (.Microsoft Corporation – Explorateur Windows.) (.26/07/2012 – 05:49:13.) — C:WindowsExplorer.exe [2380440]
    [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
    [MD5.3DA7E6053DB9BE3EADC70CE20B1FB92B] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.26/07/2012 – 04:07:56.) — C:WindowsSystem32wininet.dll [2246656]
    [MD5.93AB226C07A9789B2EC7B41F73602F76] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Winlogon.exe [516608]
    [MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
    [MD5.9E975BDC89C83900B2C534C4E1B018F8] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32DriversAFD.sys [561152]
    [MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
    [MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
    [MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
    [MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
    [MD5.8D6810577E9C4F56DCB8E9BACAC7287B] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.26/07/2012 – 03:27:36.) — C:Windowssystem32DriversHDAudBus.sys [71168]
    [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
    [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
    [MD5.1EEAA5A62E8C49DDF58798F06F78BFFA] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.26/07/2012 – 03:23:25.) — C:Windowssystem32DriversMRxSmb.sys [368128]
    [MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
    [MD5.4A7EEA9C4AD5CBFDA3C0E5B821C99CAD] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.26/07/2012 – 06:26:46.) — C:Windowssystem32Driversntfs.sys [1934064]
    [MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
    [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
    [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
    [MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
    [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.26/07/2012 – 05:57:09.) — C:Windowssystem32Driversvolsnap.sys [332016]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/13
    ~ Mes Favoris (My Favorites) : 1/3
    ~ Mes Documents (My Documents) : 1/20
    ~ Mon Bureau (My Desktop) : 1/1655
    ~ Menu demarrer (Programs) : 1/27
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.643F7A81B4FC27845886AB9650AD2C61] – (.AVG Technologies CZ, s.r.o. – AVG User Interface.) — C:Program Files (x86)AVGAVG2014avgui.exe [4956176] [PID.4608]
    [MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.8252]
    [MD5.7B121F44335FE23A1B54B4399A5EC116] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8281088] [PID.7112]
    [MD5.F89B2DACE0FBE54CF65D12B7081C19C3] – (.AVG Technologies CZ, s.r.o. – AVG Identity Protection Service.) — C:Program Files (x86)AVGAVG2014avgidsagent.exe [3478544] [PID.2716]
    [MD5.B747B6BB015E552F49C634BB19540F3D] – (.AVG Technologies CZ, s.r.o. – AVG Watchdog Service.) — C:Program Files (x86)AVGAVG2014avgwdsvc.exe [348008] [PID.440]
    [MD5.F67C21CC4195F6AFC447418FE163E156] – (.TeamViewer GmbH – TeamViewer 8.) — C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe [5087584] [PID.1812]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersKosovo1AppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [booedmolknjekdopkepjjeckmjkdpfgl] Managerr v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [edniapajcmmgfcgpbjeelocndjnmhikl] Alienware Theme v.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [maphilmnngnhkfigpjjoddpjpfbmpmcc] Metal Slug Brutal 3 v.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [mpcknfcdcgpffjddjeceioobdelceffo] AppsHat v.2.0.1 (Désactivé) =>Adware.MegaSearch
    G2 – GCE: Preference [User DataDefault] [nhbfhddhlcdaijmhfngbpihbhnbhjhgj] IOS 7 New Tab Page v.0.9.1 (Activé) =>PUP.QuickShare
    ~ Google Browser: 24 Legitimates Filtered in 00mn 05s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.conduit.com” onclick=”window.open(this.href);return false;
    ~ IE Browser: 11 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Bigfoot Networks Killer Network Manager.lnk . (…) — C:Program Files (x86)Bigfoot NetworksKiller Network ManagerKillerNetManager.exe (.not file.)
    O4 – GSDesktop [Public]: FIFA 14.lnk . (.Electronic Arts – FIFA 14.) — C:Program Files (x86)Origin GamesFIFA 14Gamefifa14.exe
    O4 – GSDesktop [Public]: GeForce Experience.lnk . (.NVIDIA – NVIDIA GeForce Experience.) — C:Program Files (x86)NVIDIA CorporationNVIDIA GeForce ExperienceGFExperience.exe
    O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee.) — C:Program FilesMcAfee Security Scan3.8.130McUICnt.exe
    O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
    O4 – GSQuickLaunch [Kosovo1]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Kosovo1]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [Kosovo1]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSTaskBar [Kosovo1]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Kosovo1]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Kosovo1]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSProgram [Kosovo1]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [Kosovo1]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [Kosovo1]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [Kosovo1]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Global Startup: 46 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: Bigfoot Networks Killer Network Manager.lnk . (…) — C:Program Files (x86)Bigfoot NetworksKiller Network ManagerKillerNetManager.exe (.not file.)
    O4 – GSStartup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe
    O4 – HKLM..Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKLM..Run: [Nvtmru] . (.NVIDIA Corporation – NVIDIA NvTmru Application.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Corenvtmru.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
    O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    O4 – HKCU..Run: [uTorrent] . (.BitTorrent Inc. – µTorrent.) — C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKCU..Run: [AppsHat] . (.Pas de propriétaire – WebPlayer.) — C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe =>Adware.MegaSearch
    O4 – HKCU..Run: [Apps Hat] . (.Pas de propriétaire – WebPlayer.) — C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe =>Adware.MegaSearch
    O4 – HKCU..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
    O4 – HKCU..Run: [install_flashplayer] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [AVG_UI] . (.AVG Technologies CZ, s.r.o. – AVG User Interface.) — C:Program Files (x86)AVGAVG2014avgui.exe
    O4 – HKUSS-1-5-21-73403890-3184686911-3893120102-1001..Run: [uTorrent] . (.BitTorrent Inc. – µTorrent.) — C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – HKUSS-1-5-21-73403890-3184686911-3893120102-1001..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKUSS-1-5-21-73403890-3184686911-3893120102-1001..Run: [AppsHat] . (.Pas de propriétaire – WebPlayer.) — C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe =>Adware.MegaSearch
    O4 – HKUSS-1-5-21-73403890-3184686911-3893120102-1001..Run: [Apps Hat] . (.Pas de propriétaire – WebPlayer.) — C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe =>Adware.MegaSearch
    O4 – HKUSS-1-5-21-73403890-3184686911-3893120102-1001..Run: [EADM] . (.Electronic Arts – Origin.) — C:Program Files (x86)OriginOrigin.exe
    O4 – HKUSS-1-5-21-73403890-3184686911-3893120102-1001..Run: [install_flashplayer] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office15ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Cliquer pour appeler Lync [64Bits] – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation – Microsoft Lync.) — C:Program FilesMicrosoft OfficeOffice15lync.exe
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office15ONBTTN~1.dll =>.Microsoft Corporation
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Site dans la Zone de confiance d’Internet Explorer (O15)
    O15 – Trusted Zone: [HKCU…Domains] http.ma-config.com
    O15 – Trusted Zone: [HKCU…Domains] http.touslesdrivers.com
    ~ IE Zone Confiance: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3C31C1E6-2AE8-415A-B7E2-79F1E7D51414}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 – HKLMSystemCS1ServicesTcpip..{3C31C1E6-2AE8-415A-B7E2-79F1E7D51414}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 0.0.0.0
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml [64Bits] – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.Conduit – Search Protect by Conduit.) – C:Program Files (x86)SearchProtectSearchProtectbinSPVC64Loader.dll =>Toolbar.Conduit
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Bigfoot Networks Killer Service (Bigfoot Networks Killer Service) . (…) – C:Program FilesBigfoot NetworksKiller Network ManagerBFNService.exe
    O23 – Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit – Search Protect by Conduit.) – C:Program Files (x86)SearchProtectMainbinCltMngSvc.exe =>Toolbar.Conduit
    O23 – Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) . (.Intel® Corporation – Intel® PROSet/Wireless Zero Configure Servi.) – C:Program FilesIntelWiFibinZeroConfigService.exe
    ~ Services: 15 Legitimates Filtered in 00mn 03s

    —\ Tâches planifiées en automatique (O39)
    [MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (…) — C:WindowsAutoKMSAutoKMS.exe [3372032] =>Trojan.Keygen
    ~ Scheduled Task: 7 Legitimates Filtered in 00mn 05s

    —\ Logiciels installés (O42)
    O42 – Logiciel: AppsHat Mobile Apps – (.Somoto Ltd..) [HKCU][64Bits] — AppsHat Mobile Apps =>Adware.MegaSearch
    O42 – Logiciel: F1 2013 – (…) [HKLM][64Bits] — RjEyMDEz_is1
    O42 – Logiciel: Search Protect – (.Conduit.) [HKLM][64Bits] — SearchProtect =>Toolbar.Conduit
    ~ Logic: 27 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareWow6432NodeMinibar] =>PUP.Minibar
    ~ Key Software: 178 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 26/09/2013 – 21:11:21 – [0,384] —-D C:Program Files (x86)Minibar =>PUP.Minibar
    O43 – CFD: 26/09/2013 – 21:11:28 – [0,078] —-D C:UsersKosovo1AppDataLocalAppsHat Mobile Apps =>Adware.MegaSearch
    O43 – CFD: 26/09/2013 – 21:11:22 – [0,941] —-D C:UsersKosovo1AppDataLocalMinibar =>PUP.Minibar
    O43 – CFD: 26/09/2013 – 21:11:27 – [0,004] —-D C:UsersKosovo1AppDataRoamingMicrosoftWindowsStart MenuProgramsAppsHat =>Adware.MegaSearch
    ~ Program Folder: 120 Legitimates Filtered in 00mn 02s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.24F7BB49F56B97B0F520C5B3A6E3C192] – 05/12/2013 – 16:04:50 —A- . (…) — C:UsbFix [Scan 1] KOSOVO.txt [10257]
    ~ Files: 129 Legitimates Filtered in 00mn 09s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.3E02ED821ED725881A06657B322971CA] – 02/12/2013 – 22:54:28 —A- – C:WindowsPrefetchdynreservedpri.db
    O45 – LFCP:[MD5.EA61F9C35B407D5E9ECB7DD62052EDEB] – 04/12/2013 – 20:30:09 —A- – C:WindowsPrefetchGFEXPERIENCE.EXE-03B6FA83.pf
    O45 – LFCP:[MD5.4CA76164CC915E8AEA2EEFB06439645E] – 04/12/2013 – 23:32:29 —A- – C:WindowsPrefetchNVBACKEND.EXE-00368064.pf
    O45 – LFCP:[MD5.4F0C3D56AFB354D0795A6D8B3487691C] – 05/12/2013 – 14:59:12 —A- – C:WindowsPrefetchCLTMNG.EXE-096AE9A2.pf
    O45 – LFCP:[MD5.697C6D0CEFD50176D7293E518AD37562] – 05/12/2013 – 14:59:12 —A- – C:WindowsPrefetchCLTMNGUI.EXE-43D53BFB.pf
    O45 – LFCP:[MD5.484A5F036478815A3C056DF95CF4A587] – 05/12/2013 – 14:59:30 —A- – C:WindowsPrefetchNVTMRU.EXE-231A7003.pf
    O45 – LFCP:[MD5.F159363DA8EF7A9BCBA8568A5A032026] – 05/12/2013 – 15:57:58 —A- – C:WindowsPrefetch31.0.1650.63_31.0.1650.57_CHR-7F191332.pf
    O45 – LFCP:[MD5.C6E24A2CAD1C135CFE01121BD7EE3B73] – 05/12/2013 – 15:58:48 —A- – C:WindowsPrefetchSYSTEMSETTINGS.EXE-6069CEA4.pf
    O45 – LFCP:[MD5.83349613B36F15B860D134EFAEAF6EF7] – 05/12/2013 – 16:06:37 —A- – C:WindowsPrefetchGO.EXE-0A7DE786.pf
    O45 – LFCP:[MD5.95D0491C66C86F3634122CB0A492347E] – 16/11/2013 – 15:41:08 —A- – C:WindowsPrefetchF1_2013.EXE-70143725.pf
    O45 – LFCP:[MD5.0493AB8D20E650D00E4D095DBD489D1E] – 24/11/2013 – 15:54:59 —A- – C:WindowsPrefetchUPDATETOOL.EXE-98C598EE.pf
    O45 – LFCP:[MD5.D57D33A77CE783879C25E7A756A5A4DC] – 24/11/2013 – 18:38:04 —A- – C:WindowsPrefetchGLCND.EXE-1CA1746E.pf
    ~ Prefetcher: 149 Legitimates Filtered in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{7621f3dc-2569-11e3-be6b-8c89a50b1649}AutoRuncommand. (.Pas de propriétaire – F1 2013 (c) Codemasters Setup.) — F:setup.exe
    O51 – MPSK:{93670eb1-33df-11e3-be70-8c89a50b1649}AutoRuncommand. (…) — G:Startme.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.0621A1612DB6952C9554DA2AF864C9E9] – 29/02/2012 – 11:31:16 —A- . (.ELAN Microelectronics Corp. – ETD Kernel Center.) — C:WindowsSystem32DriversETD.sys [143144]
    O58 – SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] – 26/07/2012 – 06:00:55 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [30960]
    ~ Drivers: 17 Legitimates Filtered in 00mn 03s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 04/12/2013 – 16:21:10 —A- . (…) — C:UsersKosovo1AppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376_platform_specificwin_x86widevinecdm.dll [6940304]
    O61 – LFC: 04/12/2013 – 16:21:10 —A- . (…) — C:UsersKosovo1AppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376manifest.fingerprint [66]
    O61 – LFC: 04/12/2013 – 16:21:10 —A- . (…) — C:UsersKosovo1AppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376manifest.json [848]
    O61 – LFC: 04/12/2013 – 16:21:25 —A- . (…) — C:UsersKosovo1AppDataLocalSearchProtectSearchProtectrepCvc.dat [3422] =>Toolbar.Conduit
    O61 – LFC: 04/12/2013 – 16:21:25 —A- . (…) — C:UsersKosovo1AppDataLocalSearchProtectSearchProtectrepUserSettings.dat [3542] =>Toolbar.Conduit
    O61 – LFC: 04/12/2013 – 16:21:25 —A- . (…) — C:UsersKosovo1AppDataLocalSearchProtectUIrepUIRepository.dat [4446] =>Toolbar.Conduit
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgcfg.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgcore.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgdecider.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgmsgdisp.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgpostinst.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgual.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgui.log.1 [131168]
    O61 – LFC: 05/12/2013 – 16:21:03 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgui.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logavgupd.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logcommonpriv.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logfixcfg.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014logkrnlapi.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014loglng.log.lock [0]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014updatedownloadavg14infoavi.ctf [3356]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalAvg2014updatedownloadavg14infowin.ctf [25279]
    O61 – LFC: 05/12/2013 – 16:21:04 —A- . (…) — C:UsersKosovo1AppDataLocalGoogleChromeUser DataCertificate Revocation Lists [264845]
    O61 – LFC: 05/12/2013 – 16:21:10 —A- . (…) — C:UsersKosovo1AppDataLocalGoogleChromeUser DataLocal State [48566]
    O61 – LFC: 05/12/2013 – 16:21:25 —A- . (…) — C:UsersKosovo1AppDataLocalSearchProtectSearchProtectrepUserRepository.dat [93342] =>Toolbar.Conduit
    O61 – LFC: 05/12/2013 – 16:21:37 –HA- . (…) — C:UsersKosovo1AppDataRoamingMicrosoftTemplates~$Normal.dotm [162]
    O61 – LFC: 05/12/2013 – 16:21:39 —A- . (…) — C:UsersKosovo1AppDataRoamingZHPLog.txt [17599] =>.Nicolas Coolman
    O61 – LFC: 05/12/2013 – 16:21:39 —A- . (…) — C:UsersKosovo1AppDataRoamingZHPTestsZHPDiag.txt [2894] =>.Nicolas Coolman
    O61 – LFC: 05/12/2013 – 16:21:40 —A- . (…) — C:UsersKosovo1DownloadsSaf7a Wetwayta – Wael Kfoury — [10975607]
    ~ 27 Fichiers temporaires (Temporary files)
    ~ Files: 880 Legitimates Filtered in 00mn 36s

    —\ Fichiers Alternate Data Stream (ADS) (O62)
    O62 – ADS:Alternate Data Stream File – C:WindowsSystem32D3DX9_43.dll:Zone.Identifier
    ~ ADS: Scanned in 00mn 03s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] 31687387D5BA4C8A9EFB5EA4DC720402 [DefaultScope] – (Conduit Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.2F5252E50745E47DB355B005725DAE05] [SPRF][26/09/2013] (.Somoto Ltd. – AppsHat Mobile Apps.) — C:UsersKosovo1AppDataLocalTempappshat-distribution.exe [327880] =>Adware.MegaSearch
    [MD5.13A09BECABCE7CE7DE02D42D9C00A250] [SPRF][26/09/2013] (…) — C:UsersKosovo1AppDataLocalTempbitool.dll [38456]
    [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][01/09/2013] (.Conduit – SP Usage Sender.) — C:UsersKosovo1AppDataLocalTempnsf5484.exe [110936] =>Toolbar.Conduit
    [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][01/09/2013] (.Conduit – SP Usage Sender.) — C:UsersKosovo1AppDataLocalTempnsg55BE.exe [110936] =>Toolbar.Conduit
    [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][01/09/2013] (.Conduit – SP Usage Sender.) — C:UsersKosovo1AppDataLocalTempnsj9D28.exe [110936] =>Toolbar.Conduit
    [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][01/09/2013] (.Conduit – SP Usage Sender.) — C:UsersKosovo1AppDataLocalTempnsu9E52.exe [110936] =>Toolbar.Conduit
    [MD5.C019B50C4A7235AE1CC5A49B4B13C98A] [SPRF][25/11/2013] (.Conduit – Search Protect by Conduit.) — C:UsersKosovo1AppDataLocalTempSPSetup.exe [5601720] =>Toolbar.Conduit
    [MD5.9FB9D49C2DB7EDD1084AB765D619F5C6] [SPRF][23/09/2013] (.Conduit – Search Protect by conduit.) — C:UsersKosovo1AppDataLocalTemputtFF1F.tmp.exe [66368] =>Toolbar.Conduit
    [MD5.385013D41D4D5F13DEF516C1C62518BC] [SPRF][04/12/2013] (…) — C:UsersKosovo1AppDataLocalTempvlc-2.1.1-win64.exe [23679700]
    ~ Files: 10 Legitimates Filtered in 00mn 02s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 23/10/2012 492032 | (Bigfoot Networks Killer Service) . (…) – C:Program FilesBigfoot NetworksKiller Network ManagerBFNService.exe
    SS – | Auto 25/11/2013 1735968 | (CltMngSvc) . (.Conduit.) – C:Program Files (x86)SearchProtectMainbinCltMngSvc.exe =>Toolbar.Conduit
    SS – | Demand 06/09/2013 279024 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Auto 02/08/2013 626416 | (EvtEng) . (.Intel(R) Corporation.) – C:Program FilesIntelWiFibinEvtEng.exe
    SS – | Auto 21/09/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 21/09/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
    SS – | Auto 07/12/2011 2429544 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SS – | Demand 06/09/2013 288776 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.130McCHSvc.exe
    SS – | Demand 02/08/2013 273136 | (MyWiFiDHCPDNS) . (…) – C:Program FilesIntelWiFibinPanDhcpDns.exe
    SS – | Auto 29/11/2013 1370912 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    SS – | Auto 29/11/2013 15128352 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    SS – | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SS – | Auto 02/08/2013 149744 | (RegSrvc) . (.Intel(R) Corporation.) – C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
    SS – | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SS – | Demand 26/07/2012 30208 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SS – | Auto 02/08/2013 3378416 | (ZeroConfigService) . (.Intel® Corporation.) – C:Program FilesIntelWiFibinZeroConfigService.exe

    SR – | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) – C:Program Files (x86)AVGAVG2014avgidsagent.exe
    SR – | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) – C:Program Files (x86)AVGAVG2014avgwdsvc.exe
    SR – | Auto 08/09/2013 2654544 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 01/10/2013 5087584 | (TeamViewer8) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe
    SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe

    ~ Services: Scanned in 00mn 07s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by Kosovo1 at 05/12/2013 16:22:43
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Kosovo1 at 05/12/2013 16:22:45

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13011 – (05/12/2013)
    Clés trouvées (Keys found) : 14
    Valeurs trouvées (Values found) : 4
    Dossiers trouvés (Folders found) : 8
    Fichiers trouvés (Files found) : 17

    [HKLMSoftwareGoogleChromeExtensionsmpcknfcdcgpffjddjeceioobdelceffo] =>Adware.MegaSearch^
    [HKLMSoftwareGoogleChromeExtensionsnhbfhddhlcdaijmhfngbpihbhnbhjhgj] =>PUP.QuickShare^
    [HKLMSYSTEMCurrentControlSetServicesCltMngSvc] =>Toolbar.Conduit^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallAppsHat Mobile Apps] =>Adware.MegaSearch^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallSearchProtect] =>Toolbar.Conduit^
    [HKLMSoftwareClassesInterface{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>PUP.Minibar
    [HKLMSoftwareWow6432NodeClassesInterface{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>PUP.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>PUP.Minibar
    [HKLMSoftwareWow6432NodeMicrosoftInternet Explorerextensions{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>PUP.Minibar
    [HKLMSoftwareClassesTypeLib{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}] =>PUP.Minibar
    [HKLMSoftwareWow6432NodeMinibar] =>PUP.Minibar
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstallSearchProtect] =>Toolbar.Conduit
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:uTorrent =>P2P.BitTorrent^
    C:UsersKosovo1AppDataLocalGoogleChromeUser DataDefaultExtensionsmpcknfcdcgpffjddjeceioobdelceffo =>Adware.MegaSearch^
    C:UsersKosovo1AppDataLocalGoogleChromeUser DataDefaultExtensionsnhbfhddhlcdaijmhfngbpihbhnbhjhgj =>PUP.QuickShare^
    C:Program Files (x86)Minibar =>PUP.Minibar^
    C:UsersKosovo1AppDataLocalAppsHat Mobile Apps =>Adware.MegaSearch^
    C:UsersKosovo1AppDataLocalMinibar =>PUP.Minibar^
    C:UsersKosovo1AppDataRoamingMicrosoftWindowsStart MenuProgramsAppsHat =>Adware.MegaSearch^
    C:Program Files (x86)SearchProtect =>Toolbar.Conduit
    C:UsersKosovo1AppDataLocalSearchProtect =>Toolbar.Conduit
    C:WindowsAutoKMSAutoKMS.exe =>Trojan.Keygen^
    C:UsersKosovo1AppDataLocalTempappshat-distribution.exe =>Adware.MegaSearch^
    C:UsersKosovo1AppDataLocalTempnsf5484.exe =>Toolbar.Conduit^
    C:UsersKosovo1AppDataLocalTempnsg55BE.exe =>Toolbar.Conduit^
    C:UsersKosovo1AppDataLocalTempnsj9D28.exe =>Toolbar.Conduit^
    C:UsersKosovo1AppDataLocalTempnsu9E52.exe =>Toolbar.Conduit^
    C:UsersKosovo1AppDataLocalTempSPSetup.exe =>Toolbar.Conduit^
    C:UsersKosovo1AppDataLocalTemputtFF1F.tmp.exe =>Toolbar.Conduit^
    C:UsersKosovo1AppDataLocalTempnszC91D.tmp =>Adware.MegaSearch
    ~ Additionnel Scan: 199726 Items scanned in 00mn 15s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch” onclick=”window.open(this.href);return false; =>Adware.MegaSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare” onclick=”window.open(this.href);return false; =>PUP.QuickShare
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/34407192-pup-minibar” onclick=”window.open(this.href);return false; =>PUP.Minibar
    ~ MSI: 4 link(s) detected in 00mn 15s

    ~ 1970 Legitimates filtered by white list
    End of the scan (534 lines in 02mn 40s)(0)

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    salut :hello: :hello: :content: :content:

    fais la suppression avec usbfix puis poste le rapport en découlant

    kosovo
    Participant
    Nombre d'articles : 2

    bonjour,
    Merci pour ta réponse et voici le rapport :

    ############################## | UsbFix V 7.152 | [Suppression]

    Utilisateur: Kosovo1 (Administrateur) # KOSOVO
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 16:29:08 | 05/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Micro-Star International Co., Ltd. (MS-16GA)
    CPU: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
    RAM -> [Total : 3993 | Free : 2505]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 Professionnel (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16384
    WB: Google Chrome : 31.0.1650.57

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: AVG AntiVirus Free Edition 2014 [Enabled | Updated]
    AS: Windows Defender : 4.0.9200.16384 (win8_rtm.120725-1247)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 146 Go (47 Go libre(s) – 32%) [] # NTFS
    D: -> Disque fixe # 319 Go (238 Go libre(s) – 75%) [] # NTFS
    E: -> CD-ROM
    F: -> CD-ROM
    G: -> Disque amovible # 7 Go (7 Go libre(s) – 99%) [] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program Files (x86)AVGAVG2014avgidsagent.exe (ID: 2716 |ParentID: 644)
    Stoppé! C:Program Files (x86)AVGAVG2014avgwdsvc.exe (ID: 440 |ParentID: 644)
    Stoppé! C:Program Files (x86)AVGAVG2014avgnsa.exe (ID: 6748 |ParentID: 440)
    Stoppé! C:Program Files (x86)AVGAVG2014avgemca.exe (ID: 708 |ParentID: 440)
    Stoppé! C:Program Files (x86)AVGAVG2014avgrsa.exe (ID: 6924 |ParentID: 440)
    Stoppé! C:Program Files (x86)AVGAVG2014avgcsrva.exe (ID: 6364 |ParentID: 6924)
    Stoppé! C:Program Files (x86)AVGAVG2014avgui.exe (ID: 4608 |ParentID: 7624)
    Stoppé! C:Windowsexplorer.exe (ID: 9156 |ParentID: 6556)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 9452 |ParentID: 644)
    Stoppé! C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (ID: 1812 |ParentID: 644)
    Stoppé! C:Windowssystem32DllHost.exe (ID: 3816 |ParentID: 760)
    Stoppé! C:Program Filesma-config.comMaConfigAgent.exe (ID: 8064 |ParentID: 644)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5668 |ParentID: 644)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6180 |ParentID: 7620)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4928 |ParentID: 6180)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6532 |ParentID: 6180)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2508 |ParentID: 6180)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 1792 |ParentID: 6180)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5428 |ParentID: 6180)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3060 |ParentID: 6180)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2492 |ParentID: 6180)
    Stoppé! C:Windowssystem32msiexec.exe (ID: 1068 |ParentID: 644)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [AVG_UI] – “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [uTorrent] – “C:UsersKosovo1AppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [AppsHat] – C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [Apps Hat] – C:UsersKosovo1AppDataLocalWebPlayerAppsHatWebPlayer.exe
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [EADM] – “C:Program Files (x86)OriginOrigin.exe” -AutoStart
    04 – HKUS-1-5-21-73403890-3184686911-3893120102-1001SOFTWARE | Run : [install_flashplayer] – wscript.exe //B “C:UsersKosovo1AppDataLocalTempinstall_flashplayer.vbs”

    ################## | Recherche générique |

    Supprimé! C:UsersKosovo1AppDataLocalTemputtFF1F.tmp.exe
    Non supprimé ! F:autorun.inf

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
    Supprimé! HKUS-1-5-21-73403890-3184686911-3893120102-1001Software….Mountpoints2{7621f3dc-2569-11e3-be6b-8c89a50b1649}

    ################## | Listing |

    [05/12/2013 – 15:05:35 | D ] C:$AVG
    [23/09/2013 – 19:20:06 | SHD ] C:$Recycle.Bin
    [24/10/2013 – 12:24:46 | D ] C:$WINDOWS.~BT
    [10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
    [26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
    [02/06/2012 – 15:30:55 | N | 1] C:BOOTNXT
    [10/06/2009 – 22:42:20 | N | 10] C:config.sys
    [26/07/2012 – 08:22:08 | SHD ] C:Documents and Settings
    [04/12/2013 – 19:32:59 | ASH | 3349520384] C:hiberfil.sys
    [20/09/2013 – 03:47:03 | D ] C:Intel
    [26/09/2013 – 21:23:07 | RHD ] C:MSOCache
    [21/09/2013 – 16:38:28 | D ] C:NVIDIA
    [04/12/2013 – 19:33:07 | ASH | 1207959552] C:pagefile.sys
    [26/07/2012 – 08:33:46 | D ] C:PerfLogs
    [05/12/2013 – 16:22:43 | N | 512] C:PhysicalDisk0_MBR.bin
    [24/10/2013 – 12:34:15 | D ] C:Program Files
    [05/12/2013 – 16:19:30 | D ] C:Program Files (x86)
    [05/12/2013 – 15:05:35 | HD ] C:ProgramData
    [21/09/2013 – 21:29:58 | SHD ] C:Recovery
    [21/09/2013 – 22:04:22 | N | 1118] C:Settings.ini
    [04/12/2013 – 19:33:08 | ASH | 268435456] C:swapfile.sys
    [05/12/2013 – 15:05:24 | SHD ] C:System Volume Information
    [05/12/2013 – 16:29:27 | D ] C:UsbFix
    [05/12/2013 – 16:29:42 | A | 6331] C:UsbFix [Clean 2] KOSOVO.txt
    [05/12/2013 – 16:04:50 | N | 10257] C:UsbFix [Scan 1] KOSOVO.txt
    [04/12/2013 – 20:28:59 | RD ] C:Users
    [04/12/2013 – 20:29:08 | D ] C:Windows
    [21/09/2013 – 22:16:28 | D ] C:Windows.old
    [20/09/2013 – 03:41:25 | SHD ] D:$RECYCLE.BIN
    [22/11/2013 – 21:00:27 | N | 1796934343] D:2.Guns.2013.mkv
    [06/11/2013 – 11:54:51 | D ] D:Breakin .Bad.S04E01.FRENCH.HDTV.XviD-ArRoWs
    [30/09/2013 – 23:40:08 | D ] D:Breaking Bad S02 MULTi 720p BluRay AC3 x264 BoO
    [30/10/2013 – 17:51:41 | D ] D:Breaking Bad.S03.FRENCH.LD.DVDRIP.XviD-JMT
    [10/11/2013 – 21:52:42 | D ] D:Breaking.Bad.S04E02 à 10.FRENCH.HDTV.XviD-JMT
    [12/11/2013 – 23:31:40 | D ] D:F1 2013 1
    [20/10/2013 – 18:39:12 | D ] D:Fifa 14 Crack Only V4 [PC][MafiaSSS]
    [24/10/2013 – 20:39:01 | D ] D:Khaled – C’est La Vie (2012)
    [22/11/2013 – 19:21:54 | D ] D:Paris.A.Tout.Prix.2013.FRENCH.DVDRip.XviD-UTT
    [12/11/2013 – 22:09:11 | N | 5920073728] D:rld-f12013.iso
    [20/09/2013 – 01:36:49 | SHD ] D:System Volume Information
    [02/11/2013 – 12:16:19 | D ] D:W9 Hits 2014 2CD MP3 320 Maxx
    [24/10/2013 – 08:40:43 | D ] D:Windows 8 Professionnel 64 bits [Originale]
    [27/10/2013 – 14:32:10 | D ] D:[www.Cpasbien.me] Ne.Quelque.Part.2013.FRENCH.BDRip.XviD-UTT
    [14/10/2013 – 22:40:52 | D ] D:[www.Cpasbien.me] The.Walkind.Dead.S04E01.FASTSUB.VOSTFR.HDTV.XviD-MiND
    [03/10/2013 – 23:43:17 | D ] F:Crack
    [03/10/2013 – 23:06:27 | R | 43] F:autorun.inf
    [03/10/2013 – 23:12:45 | R | 2098730752] F:setup-1.bin
    [03/10/2013 – 23:15:58 | R | 2100000000] F:setup-2.bin
    [03/10/2013 – 23:18:03 | R | 1701648223] F:setup-3.bin
    [03/10/2013 – 23:18:03 | R | 1269159] F:setup.exe
    [05/12/2013 – 15:37:50 | N | 9114853] G:Adele – Someone Like You.mp3
    [05/12/2013 – 15:36:54 | N | 8253021] G:Maroon 5- She Will Be Loved With Lyrics On Screen.mp3
    [05/12/2013 – 15:36:14 | N | 9049651] G:Rihanna – Diamonds.mp3
    [05/12/2013 – 15:35:28 | N | 6772609] G:Rihanna – Talk That Talk (Audio) ft. JAY Z.mp3
    [05/12/2013 – 15:33:08 | N | 8074134] G:Eminem – The Monster (Audio) ft. Rihanna.mp3
    [05/12/2013 – 15:38:18 | N | 7651995] G:Adele – Set Fire to the Rain Lyrics.mp3
    [05/12/2013 – 15:41:36 | N | 10975607] G:Saf7a Wetwayta – Wael Kfoury —

    ################## | Vaccin |

    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    avant de faire la suite , change tes mots de passe par securité (tous)

4 sujets de 1 à 4 (sur un total de 4)
  • Vous devez être connecté pour répondre à ce sujet.