Infecté par Gen:Variant.Zbot.165 2015-06-15T11:55:30+00:00
  • Auteur
    Messages
  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    tu aurais quand meme pu faire ce que je te demandais ca aurait permis d’ameliorer usbfix.
    et ne te fie pas à un antivirus , il ne detecte que 40% des infections actuelles.

  • hoddar
    Participant
    Post count: 18

    Salut!!
    J’ai finalement dû recourir à une autre solution. (J’avais trop besoin des fichiers).
    J’ai récupéré tous les fichiers de la clés avec R-Studio, passer le tout à la loupe avec l’antivirus et reformater la clé.

    Merci pour le temps que tu as consacré à mon problème!!! :bye:

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    alors fais-le comme ca :

    Dir /A /B /S J:* >> %Homedrive%list.txt

  • hoddar
    Participant
    Post count: 18

    J’ai pas trouvé de “list” dans C: .
    L’opération demandée n’a pas fonctionné parce que la syntaxe était incorrecte.

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    ok et mon contenu ?

  • hoddar
    Participant
    Post count: 18

    Désolé mais la syntaxe semble incorrecte. :’) Du moins c’est ce que l’invite de commande indique.
    NB: Impossible de coller le texte que tu as mis. J’ai dû saisir.

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    demarrer/programmes/Accessoires puis clic droit “executer en tant qu’administrateur” sur “invité de commandes” , puis colle ceci dans la fenetre noire :

    Dir /A /B /S J: >> %Homedrive%list.txt

    ensuite valide , puis va chercher le fichier “list” dans C: puis colle ici son contenu

  • hoddar
    Participant
    Post count: 18

    [glow=red:1tgiwkkf]Non! Rien de cela!!![/glow:1tgiwkkf]

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    elle serait pas vbloquée en écriture ta clé J: ?

    y’a pas un petit interrupteur sur le coté de la clé , réglé sur “Lock” ?

  • hoddar
    Participant
    Post count: 18

    [glow=red:312rt1ob]J'ai recommencé avec la version à jour de USBfix.
    Ptite question. C'est normal que le rapport soit généré en ligne?[/glow:312rt1ob]

    [shadow=blue:312rt1ob]Voici le nouveau rapport[/shadow:312rt1ob]

    ############################## | UsbFix V 7.959 | [Listing]

    Utilisateur: HP (Administrateur) # HP-HP
    Mis à jour le 19/06/2015 par El Desaparecido – SosVirus
    Lancé à 14:26:39 | 19/06/2015

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Détection en Live : http://comment-supprimer.fr/
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: Hewlett-Packard (1526)
    CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    GC: Mobile Intel(R) 4 Series Express Chipset Family
    RAM -> [Total : 3000 Mo | Free : 690 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 8.00.7600.16385
    WB: Google Chrome : 43.0.2357.124

    ################## | Security Information |

    AV: Bitdefender Antivirus [(!) Désactivé |A jour]
    AS: Bitdefender Antispyware [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    FW: Bitdefender Pare-feu [Actif]
    AS: Malwarebytes Anti-Malware : 2.1.6.1022
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 281 Go (17 Go libre(s) – 6%) [] # NTFS
    F: -> Disque fixe # 2 Go (2 Go libre(s) – 100%) [HP_TOOLS] # FAT32
    J: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [KINGSTON] # FAT32

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [20/03/2014 – 00:14:35 | A | 1 Ko] – C:DelFix.txt
    [15/06/2015 – 10:59:44 | A | 211 Ko] – C:bdlog.txt
    [27/01/2012 – 23:14:54 | N | 0 Ko] – C:MSDOS.SYS
    [27/01/2012 – 23:14:54 | N | 0 Ko] – C:IO.SYS
    [17/06/2015 – 00:19:39 | ASH | 3072272 Ko] – C:hiberfil.sys
    [19/06/2015 – 02:50:04 | ASH | 4183668 Ko] – C:pagefile.sys
    [06/09/2011 – 15:18:09 | D] – C:SYSTEM.SAV
    [09/06/2015 – 22:35:28 | D] – C:Config.Msi
    [12/11/2014 – 20:34:53 | N | 9 Ko] – C:bdr-ld01.mbr
    [14/11/2013 – 18:13:12 | N | 2 Ko] – C:ifx_download.log
    [18/06/2015 – 23:19:18 | RASHD] – C:Autorun.inf
    [04/07/2014 – 17:47:53 | N | 38439 Ko] – C:bdr-im01.gz
    [19/10/2009 – 22:43:50 | RASH | 46 Ko] – C:Thumbs.db
    [29/04/2015 – 22:16:58 | N | 7 Ko] – C:bootsqm.dat
    [02/10/2012 – 19:40:53 | SHD] – C:$Recycle.Bin
    [15/06/2015 – 11:41:23 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [12/06/2015 – 16:40:02 | D] – C:found.001
    [20/06/2014 – 12:28:45 | SHD] – C:found.000
    [14/07/2009 – 01:38:58 | RASH | 375 Ko] – C:bootmgr
    [14/07/2009 – 04:53:55 | SHD] – C:Documents and Settings
    [25/04/2010 – 07:48:57 | SHD] – C:Recovery
    [25/04/2010 – 08:41:22 | SHD] – C:boot
    [08/12/2010 – 11:15:13 | D] – C:EFI
    [08/12/2010 – 11:56:40 | D] – C:amd64
    [08/12/2010 – 11:56:40 | D] – C:x86
    [08/12/2010 – 12:22:18 | D] – C:hp
    [06/09/2011 – 15:22:35 | D] – C:Intel
    [28/01/2012 – 19:53:44 | RHD] – C:MSOCache
    [01/02/2012 – 09:57:14 | D] – C:BDLOGS
    [06/02/2012 – 12:44:31 | D] – C:Encarta
    [23/07/2012 – 13:47:51 | D] – C:Anuman Interactive
    [15/08/2012 – 15:28:10 | N | 2241 Ko] – C:bdr-bz01
    [28/11/2012 – 19:54:10 | D] – C:Dalloz
    [29/03/2013 – 11:41:57 | D] – C:Users
    [25/05/2013 – 16:00:30 | D] – C:swsetup
    [28/05/2013 – 01:55:49 | D] – C:Downloads
    [09/04/2014 – 18:16:26 | D] – C:PerfLogs
    [11/11/2014 – 13:11:26 | D] – C:sunuradio
    [12/11/2014 – 20:34:53 | N | 247 Ko] – C:bdr-ld01
    [12/11/2014 – 20:34:53 | N | 0 Ko] – C:bdr-cf01
    [08/05/2015 – 09:15:36 | D] – C:Windows
    [15/06/2015 – 09:50:02 | D] – C:AdwCleaner
    [15/06/2015 – 10:56:41 | HD] – C:ProgramData
    [16/06/2015 – 10:35:42 | D] – C:Program Files
    [19/06/2015 – 10:07:18 | SHD] – C:System Volume Information
    [19/06/2015 – 14:25:42 | D] – C:UsbFix

    ################## | F: – Disque Fixe (FAT32) |

    [15/09/2012 – 02:12:26 | N | 0 Ko] – F:HPSF_Rep.txt
    [18/06/2015 – 23:19:20 | RASHD] – F:Autorun.inf
    [06/09/2011 – 17:21:56 | N | 0 Ko] – F:HP_WSD.dat
    [08/12/2010 – 03:51:18 | SHD] – F:$RECYCLE.BIN
    [08/12/2010 – 04:06:58 | N | 0 Ko] – F:HP_Tools
    [08/12/2010 – 04:22:04 | D] – F:Hewlett-Packard

    ################## | J: – Disque USB (FAT32) |

    [19/06/2015 – 02:21:44 | SH | 0 Ko] – J:autorun.inf
    [27/04/2015 – 18:06:12 | SHD] – J:System Volume Information
    [20/05/2015 – 12:18:40 | D] – J: 

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    pourquoi tu n’as pas telechargé usbfix à partir de mon lien ? elle est obsolète la version que tu as

  • hoddar
    Participant
    Post count: 18

    [glow=red:2ie1782k]Il y avait deux clés infectés. J'ai dû formater l'une d'elle[/glow:2ie1782k]

    Voici le rapport du listing:

    ############################## | UsbFix V 7.178 | [Listing]

    Utilisateur: HP (Administrateur) # HP-HP
    Mis à jour le 08/08/2014 par El Desaparecido – SosVirus
    Lancé à 12:25:56 | 19/06/2015

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: Hewlett-Packard (1526)
    CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    GC: Mobile Intel(R) 4 Series Express Chipset Family
    RAM -> [Total : 3000 Mo | Free : 930 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 8.00.7600.16385
    WB: Google Chrome : 43.0.2357.124

    ################## | Security Information |

    AV: Bitdefender Antivirus [(!) Désactivé |A jour]
    AS: Bitdefender Antispyware [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    FW: Bitdefender Pare-feu [Actif]
    AS: Malwarebytes Anti-Malware : 2.1.6.1022
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 281 Go (17 Go libre(s) – 6%) [] # NTFS
    F: -> Disque fixe # 2 Go (2 Go libre(s) – 100%) [HP_TOOLS] # FAT32
    J: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [KINGSTON] # FAT32

    ################## | Autorun |

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [02/10/2012 – 19:40:53 | SHD] – C:$Recycle.Bin
    [15/06/2015 – 09:50:02 | D] – C:AdwCleaner
    [08/12/2010 – 11:56:40 | D] – C:amd64
    [23/07/2012 – 13:47:51 | D] – C:Anuman Interactive
    [18/06/2015 – 23:19:18 | RASHD] – C:Autorun.inf
    [15/06/2015 – 10:59:44 | A | 211 Ko] – C:bdlog.txt
    [01/02/2012 – 09:57:14 | D] – C:BDLOGS
    [15/08/2012 – 15:28:10 | N | 2241 Ko] – C:bdr-bz01
    [12/11/2014 – 20:34:53 | N | 0 Ko] – C:bdr-cf01
    [04/07/2014 – 17:47:53 | N | 38439 Ko] – C:bdr-im01.gz
    [12/11/2014 – 20:34:53 | N | 247 Ko] – C:bdr-ld01
    [12/11/2014 – 20:34:53 | N | 9 Ko] – C:bdr-ld01.mbr
    [25/04/2010 – 08:41:22 | SHD] – C:boot
    [14/07/2009 – 01:38:58 | RASH | 375 Ko] – C:bootmgr
    [29/04/2015 – 22:16:58 | N | 7 Ko] – C:bootsqm.dat
    [09/06/2015 – 22:35:28 | D] – C:Config.Msi
    [28/11/2012 – 19:54:10 | D] – C:Dalloz
    [20/03/2014 – 00:14:35 | A | 1 Ko] – C:DelFix.txt
    [14/07/2009 – 04:53:55 | SHD] – C:Documents and Settings
    [28/05/2013 – 01:55:49 | D] – C:Downloads
    [08/12/2010 – 11:15:13 | D] – C:EFI
    [06/02/2012 – 12:44:31 | D] – C:Encarta
    [20/06/2014 – 12:28:45 | SHD] – C:found.000
    [12/06/2015 – 16:40:02 | D] – C:found.001
    [17/06/2015 – 00:19:39 | ASH | 3072272 Ko] – C:hiberfil.sys
    [08/12/2010 – 12:22:18 | D] – C:hp
    [14/11/2013 – 18:13:12 | N | 2 Ko] – C:ifx_download.log
    [06/09/2011 – 15:22:35 | D] – C:Intel
    [27/01/2012 – 23:14:54 | N | 0 Ko] – C:IO.SYS
    [27/01/2012 – 23:14:54 | N | 0 Ko] – C:MSDOS.SYS
    [28/01/2012 – 19:53:44 | RHD] – C:MSOCache
    [19/06/2015 – 02:50:04 | ASH | 4183668 Ko] – C:pagefile.sys
    [09/04/2014 – 18:16:26 | D] – C:PerfLogs
    [15/06/2015 – 11:41:23 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [16/06/2015 – 10:35:42 | D] – C:Program Files
    [15/06/2015 – 10:56:41 | HD] – C:ProgramData
    [25/04/2010 – 07:48:57 | SHD] – C:Recovery
    [11/11/2014 – 13:11:26 | D] – C:sunuradio
    [25/05/2013 – 16:00:30 | D] – C:swsetup
    [19/06/2015 – 10:07:18 | SHD] – C:System Volume Information
    [06/09/2011 – 15:18:09 | D] – C:SYSTEM.SAV
    [19/10/2009 – 22:43:50 | RASH | 46 Ko] – C:Thumbs.db
    [19/06/2015 – 12:15:16 | D] – C:UsbFix
    [29/03/2013 – 11:41:57 | D] – C:Users
    [08/05/2015 – 09:15:36 | D] – C:Windows
    [08/12/2010 – 11:56:40 | D] – C:x86

    ################## | F: – Disque Fixe (FAT32) |

    [08/12/2010 – 04:06:58 | N | 0 Ko] – F:HP_Tools
    [08/12/2010 – 03:51:18 | SHD] – F:$RECYCLE.BIN
    [06/09/2011 – 17:21:56 | N | 0 Ko] – F:HP_WSD.dat
    [15/09/2012 – 02:12:26 | N | 0 Ko] – F:HPSF_Rep.txt
    [18/06/2015 – 23:19:20 | RASHD] – F:Autorun.inf
    [08/12/2010 – 04:22:04 | D] – F:Hewlett-Packard

    ################## | J: – Disque USB (FAT32) |

    [19/06/2015 – 02:21:44 | SH | 0 Ko] – J:autorun.inf
    [20/05/2015 – 12:18:40 | D] – J: 
    [27/04/2015 – 18:06:12 | SHD] – J:System Volume Information

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    fais l’option listing d’USBFix stp et poste le rapport obtenu

  • hoddar
    Participant
    Post count: 18

    [glow=red:wbq58gub]Absolument, la clé J: .[/glow:wbq58gub]

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    re

    c’est de ta clé J: dont il s’agit ?

  • hoddar
    Participant
    Post count: 18

    Slt

    Ok voici le rapport demandé

    ############################## | UsbFix V 7.178 | [Nettoyage]

    Utilisateur: HP (Administrateur) # HP-HP
    Mis à jour le 08/08/2014 par El Desaparecido – SosVirus
    Lancé à 23:16:39 | 18/06/2015

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: Hewlett-Packard (1526)
    CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    GC: Mobile Intel(R) 4 Series Express Chipset Family
    RAM -> [Total : 3000 Mo | Free : 840 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1
    WB: Internet Explorer : 8.00.7600.16385
    WB: Google Chrome : 43.0.2357.124

    ################## | Security Information |

    AV: Bitdefender Antivirus [(!) Désactivé |A jour]
    AS: Bitdefender Antispyware [(!) Désactivé |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    FW: Bitdefender Pare-feu [Actif]
    AS: Malwarebytes Anti-Malware : 2.1.6.1022
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 281 Go (10 Go libre(s) – 4%) [] # NTFS
    F: -> Disque fixe # 2 Go (2 Go libre(s) – 100%) [HP_TOOLS] # FAT32
    J: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [KINGSTON] # FAT32

    ################## | Autorun |

    ################## | Recherche générique |

    Supprimé! J:KINGSTON (4GB).lnk

    (!) Fichiers temporaires supprimés. (588.274838447571 MB)

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] Explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:windowssystem32Userinit.exe,
    04 – HKCU..Run : [Le Petit Robert Hyperappel] C:Program FilesLe RobertLe Petit Robert

    prhyper.exe
    04 – HKCU..Run : [L08FXLRD_7550089] “C:Program FilesMicrosoft EtudesMicrosoft Encarta 2008 –

    Études DVDEDICT.EXE” -m
    04 – HKCU..Run : [PC Suite Tray] “C:Program FilesNokiaNokia PC Suite 7PCSuite.exe” –

    onlytray
    04 – HKCU..Run : [Google Update] “C:UsersHPAppDataLocalGoogleUpdateGoogleUpdate.exe” /c

    04 – HKCU..Run : [Gadwin PrintScreen] C:Program FilesGadwin SystemsPrintScreen

    PrintScreen.exe /nosplash
    04 – HKCU..Run : [Adobe Acrobat Synchronizer] “C:Program FilesAdobeAcrobat 11.0Acrobat

    AdobeCollabSync.exe”
    04 – HKCU..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    04 – HKCU..Run : [sunuradiotv] C:Program Filessunugrafsunuradiotviconebarre.exe
    04 – HKCU..Run : [Bitdefender Wallet Agent] “C:Program FilesBitdefenderBitdefender

    2015bdwtxag.exe”
    04 – HKCU..Run : [Spark] C:Program FilesbaiduSparkspark.exe –AutoStartNoUI=yes
    04 – HKLM..Run : [QLBController] C:Program FilesHewlett-PackardHP HotKey Support

    QLBController.exe /start
    04 – HKLM..Run : [IAStorIcon] C:Program FilesIntelIntel(R) Rapid Storage Technology

    IAStorIcon.exe
    04 – HKLM..Run : [PDF Complete] C:Program FilesPDF Completepdfsty.exe
    04 – HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – HKLM..Run : [WirelessAssistant] C:Program FilesHewlett-PackardHP Wireless Assistant

    HPWAMain.exe
    04 – HKLM..Run : [IgfxTray] C:windowssystem32igfxtray.exe
    04 – HKLM..Run : [HotKeysCmds] C:windowssystem32hkcmd.exe
    04 – HKLM..Run : [Persistence] C:windowssystem32igfxpers.exe
    04 – HKLM..Run : [BCSSync] “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe”

    /DelayServices
    04 – HKLM..Run : [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
    04 – HKLM..Run : [NBKeyScan] “C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe”
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [APSDaemon] “C:Program FilesCommon FilesAppleApple Application Support

    APSDaemon.exe”
    04 – HKLM..Run : [SysTrayApp] C:Program FilesIDTWDMsttray.exe
    04 – HKLM..Run : [TkBellExe] “c:program filesrealrealplayerUpdaterealsched.exe” -osboot
    04 – HKLM..Run : [AdobeAAMUpdater-1.0] “C:Program FilesCommon FilesAdobeOOBEPDAppUWA

    UpdaterStartupUtility.exe”
    04 – HKLM..Run : [Acrobat Assistant 8.0] “C:Program FilesAdobeAcrobat 11.0Acrobat

    Acrotray.exe”
    04 – HKLM..Run : [Bdagent] “C:Program FilesBitdefenderBitdefender 2015bdagent.exe”
    04 – HKLM..Run : [QuickTime Task] “C:Program FilesQuickTimeQTTask.exe” -atboottime
    04 – HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
    04 – HKLM..RunOnce : [NCPluginUpdater] “C:Program FilesHewlett-PackardHP Health Check

    ActiveCheckproduct_lineNCPluginUpdater.exe” Update
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [Le Petit Robert Hyperappel] C:

    Program FilesLe RobertLe Petit Robertprhyper.exe
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [L08FXLRD_7550089] “C:Program

    FilesMicrosoft EtudesMicrosoft Encarta 2008 – Études DVDEDICT.EXE” -m
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [PC Suite Tray] “C:Program Files

    NokiaNokia PC Suite 7PCSuite.exe” -onlytray
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [Google Update] “C:UsersHP

    AppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [Gadwin PrintScreen] C:Program

    FilesGadwin SystemsPrintScreenPrintScreen.exe /nosplash
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [Adobe Acrobat Synchronizer] “C:

    Program FilesAdobeAcrobat 11.0AcrobatAdobeCollabSync.exe”
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [Skype] “C:Program FilesSkype

    PhoneSkype.exe” /minimized /regrun
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [sunuradiotv] C:Program Files

    sunugrafsunuradiotviconebarre.exe
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [Bitdefender Wallet Agent] “C:

    Program FilesBitdefenderBitdefender 2015bdwtxag.exe”
    04 – HKUS-1-5-21-903305712-3637847979-543563111-1000..Run : [Spark] C:Program Filesbaidu

    Sparkspark.exe –AutoStartNoUI=yes
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | UsbFix – Information |

    Info : Comment supprimer l’infection des

    raccourcis sur USB ? (Video)[/url:2n95koow]
    Info :
    L’infection des

    raccourcis USB, c’est quoi ?[/url:2n95koow]

    ################## | Hijack |

    Restauré! [D] J: 

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [20/03/2014 – 00:14:35 | A | 1 Ko] – C:DelFix.txt
    [15/06/2015 – 10:59:44 | A | 211 Ko] – C:bdlog.txt
    [27/01/2012 – 23:14:54 | N | 0 Ko] – C:MSDOS.SYS
    [27/01/2012 – 23:14:54 | N | 0 Ko] – C:IO.SYS
    [17/06/2015 – 00:19:39 | ASH | 3072272 Ko] – C:hiberfil.sys
    [18/06/2015 – 14:02:23 | ASH | 4189812 Ko] – C:pagefile.sys
    [06/09/2011 – 15:18:09 | D] – C:SYSTEM.SAV
    [09/06/2015 – 22:35:28 | D] – C:Config.Msi
    [12/11/2014 – 20:34:53 | N | 9 Ko] – C:bdr-ld01.mbr
    [14/11/2013 – 18:13:12 | N | 2 Ko] – C:ifx_download.log
    [04/07/2014 – 17:47:53 | N | 38439 Ko] – C:bdr-im01.gz
    [19/10/2009 – 22:43:50 | RASH | 46 Ko] – C:Thumbs.db
    [29/04/2015 – 22:16:58 | N | 7 Ko] – C:bootsqm.dat
    [02/10/2012 – 19:40:53 | SHD] – C:$Recycle.Bin
    [15/06/2015 – 11:41:23 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [12/06/2015 – 16:40:02 | D] – C:found.001
    [20/06/2014 – 12:28:45 | SHD] – C:found.000
    [14/07/2009 – 01:38:58 | RASH | 375 Ko] – C:bootmgr
    [14/07/2009 – 04:53:55 | SHD] – C:Documents and Settings
    [25/04/2010 – 07:48:57 | SHD] – C:Recovery
    [25/04/2010 – 08:41:22 | SHD] – C:boot
    [08/12/2010 – 11:15:13 | D] – C:EFI
    [08/12/2010 – 11:56:40 | D] – C:amd64
    [08/12/2010 – 11:56:40 | D] – C:x86
    [08/12/2010 – 12:22:18 | D] – C:hp
    [06/09/2011 – 15:22:35 | D] – C:Intel
    [28/01/2012 – 19:53:44 | RHD] – C:MSOCache
    [01/02/2012 – 09:57:14 | D] – C:BDLOGS
    [06/02/2012 – 12:44:31 | D] – C:Encarta
    [23/07/2012 – 13:47:51 | D] – C:Anuman Interactive
    [15/08/2012 – 15:28:10 | N | 2241 Ko] – C:bdr-bz01
    [28/11/2012 – 19:54:10 | D] – C:Dalloz
    [29/03/2013 – 11:41:57 | D] – C:Users
    [25/05/2013 – 16:00:30 | D] – C:swsetup
    [28/05/2013 – 01:55:49 | D] – C:Downloads
    [09/04/2014 – 18:16:26 | D] – C:PerfLogs
    [13/08/2014 – 20:17:49 | D] – C:UsbFix
    [11/11/2014 – 13:11:26 | D] – C:sunuradio
    [12/11/2014 – 20:34:53 | N | 247 Ko] – C:bdr-ld01
    [12/11/2014 – 20:34:53 | N | 0 Ko] – C:bdr-cf01
    [08/05/2015 – 09:15:36 | D] – C:Windows
    [15/06/2015 – 09:50:02 | D] – C:AdwCleaner
    [15/06/2015 – 10:56:41 | HD] – C:ProgramData
    [16/06/2015 – 10:35:42 | D] – C:Program Files
    [18/06/2015 – 14:39:24 | SHD] – C:System Volume Information

    ################## | F: – Disque Fixe (FAT32) |

    [15/09/2012 – 02:12:26 | N | 0 Ko] – F:HPSF_Rep.txt
    [06/09/2011 – 17:21:56 | N | 0 Ko] – F:HP_WSD.dat
    [08/12/2010 – 03:51:18 | SHD] – F:$RECYCLE.BIN
    [08/12/2010 – 04:06:58 | N | 0 Ko] – F:HP_Tools
    [08/12/2010 – 04:22:04 | D] – F:Hewlett-Packard

    ################## | J: – Disque USB (FAT32) |

    [27/04/2015 – 18:06:12 | SHD] – J:System Volume Information
    [20/05/2015 – 12:18:40 | D] – J: 

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ |

    http://www.usbfix.net/ |

  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8287

    Salut

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • hoddar
    Participant
    Post count: 18

    N’ y a t-il pas de téméraire ? :|

  • hoddar
    Participant
    Post count: 18

    Bonjour!!!

    Mon antivirus Bitdefender a détecté une menace sur la clé USB que j’avais introduite dans un autre ordi où été installé “Microsoft essentials”. Après l’avoir supprimé, j’étais surpris de relever qu’une icône de disque dur, surmonté d’un raccourci. Je ne voyais plus les fichiers qui étaient dans la clé. Mon antivirus indiquait que la clé était infecté par Gen:Variant.Zbot.165 .
    Je voudrais traiter deux clés infectés afin de récupérer les données.
    Merci de m’assister.

    NB: Ci-joints, les rapports de AdwCleaner, MBAM et ZHPdiag
    Au cours de l’analyse effectuée par ZHPdiag, ce dernier m’a averti qu’il n’y avait pas de disque dans le lecteur. Et que je devais insérer un disk dans le lecteur DeviceHarddisk1DR1. Alors que le message est réapparu après que j’ai cliquer sur “Recommencer”, puis “Continuer”, j’ai fini par cliquer sur “Annuler”.

    Log AdwCleaner
    [spoiler:328kgel6]# AdwCleaner v4.206 – Rapport créé le 15/06/2015 à 09:49:33
    # Mis à jour le 01/06/2015 par Xplode
    # Base de données : 2015-06-14.1 [Serveur]
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (x86)
    # Nom d'utilisateur : HP – HP-HP
    # Exécuté depuis : C:UsersHPDownloadsAdwCleaner (2).exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDatasmdmf
    Dossier Supprimé : C:Program FilesSettings Manager
    Dossier Supprimé : C:Program FilesPositive Finds
    Dossier Supprimé : C:UsersHPAppDataLocalTempPositive Finds
    Dossier Supprimé : C:windowssystem32configsystemprofileAppDataLocalFileTypeAssistant
    Dossier Supprimé : C:UsersHPAppDataRoamingRHEng
    Fichier Supprimé : C:windowssystem32driversBdSandBox.sys
    Fichier Supprimé : C:UsersHPAppDataLocalTempuninstaller.exe

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Valeur Supprimée : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x86]
    Valeur Supprimée : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x86]
    Clé Supprimée : HKLMSOFTWAREClassesSettingsManagerIEHelper.DNSGuard.1
    Clé Supprimée : HKLMSOFTWAREClassesSettingsManagerIEHelper.DNSGuard
    Clé Supprimée : HKLMSOFTWAREa3dc47f1-bc03-4779-9085-8bec52e538e5
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{54739D49-AC03-4C57-9264-C5195596B3A1}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{E1842850-FB16-4471-B327-7343FBAED55C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{54739D49-AC03-4C57-9264-C5195596B3A1}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
    Clé Supprimée : HKCUSoftwareSmdmF
    Clé Supprimée : HKCUSoftwareLinkey
    Clé Supprimée : HKLMSOFTWARESmdmF
    Clé Supprimée : HKU.DEFAULTSoftwareSystemK
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSettings Manager
    Donnée Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings [ProxyOverride] – < -loopback>;*.local

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v8.0.7601.17514

    -\ Google Chrome v43.0.2357.124

    [C:UsersHPAppDataLocalGoogleChromeUser DataDefaultSecure Preferences] – Supprimée [Homepage] : hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=7A7368A3C4210362&affID=128493&tsp=5337

    *************************

    AdwCleaner[R0].txt – [10781 octets] – [09/11/2014 18:40:57]
    AdwCleaner[R1].txt – [3457 octets] – [02/01/2015 09:20:41]
    AdwCleaner[R2].txt – [3379 octets] – [15/06/2015 09:40:43]
    AdwCleaner[S0].txt – [10696 octets] – [09/11/2014 18:44:43]
    AdwCleaner[S1].txt – [3268 octets] – [15/06/2015 09:49:33]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [3328 octets] ##########[/spoiler:328kgel6]

    Log MBAM
    [spoiler:328kgel6]Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l'examen: 15/06/2015
    Heure de l'examen: 10:19:57
    Fichier journal: mbam-log-2015-06-15.txt
    Administrateur: Oui

    Version: 2.01.6.1022
    Base de données Malveillants: v2015.03.09.05
    Base de données Rootkits: v2015.06.02.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Auto-protection: Désactivé(e)

    Système d'exploitation: Windows 7 Service Pack 1
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: HP

    Type d'examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 330382
    Temps écoulé: 34 min, 52 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux détecté)

    Modules: 0
    (Aucun élément malicieux détecté)

    Clés du Registre: 3
    Backdoor.Agent.G, HKUS-1-5-21-903305712-3637847979-543563111-1000SOFTWAREMICROSOFTACTIVE SETUPINSTALLED COMPONENTS{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}, Mis en quarantaine, [49302c17672391a5a72542d8ea190000],
    PUP.Optional.RadioCanyon.A, HKLMSOFTWARERadio Canyon-nv, Mis en quarantaine, [ec8db2911a7082b46694fd3306ff7789],
    PUP.Optional.RadioCanyon.A, HKUS-1-5-18SOFTWAREAPPDATALOWSOFTWARERadio Canyon, Mis en quarantaine, [6415a89b0387f6409864250bbf46bf41],

    Valeurs du Registre: 0
    (Aucun élément malicieux détecté)

    Données du Registre: 0
    (Aucun élément malicieux détecté)

    Dossiers: 2
    PUP.Optional.PositiveFinds.A, C:ProgramDatad2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602, Mis en quarantaine, [245552f19af07cbaf40f7031ae55a858],
    PUP.Optional.PositiveFinds.A, C:Program FilesCommon Filesd2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602, Mis en quarantaine, [a3d6cc777c0e50e630b79e03e221768a],

    Fichiers: 6
    PUP.Optional.OpenCandy, C:UsersHPAppDataLocalTempis-6UHHV.tmpOCSetupHlp.dll, Mis en quarantaine, [6d0cf251c7c3979f89a0b94f54b2a25e],
    PUP.Adware.Agent, C:UsersHPAppDataLocalTempPositiveFindsSetup.exe, Mis en quarantaine, [84f51132acde6ec889469c6aad53d927],
    PUP.Optional.Linkey.A, C:WindowsTemp93631426SettingsManagerSetup.exe, Mis en quarantaine, [adcc64df85051a1cb2592d85ef121ce4],
    PUP.Optional.Linkey.A, C:WindowsTempc91c4ce1SettingsManagerSetup.exe, Mis en quarantaine, [53262b1894f60135cb409e1417ea7b85],
    PUP.Optional.Linkey, C:WindowsSystem32configsystemprofileAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarBrowse and Search the Internet.lnk, Mis en quarantaine, [1b5e3a09a8e2290d67823c8c788bbf41],
    PUP.Optional.PositiveFinds.A, C:Program FilesCommon Filesd2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602temp.zip, Mis en quarantaine, [a3d6cc777c0e50e630b79e03e221768a],

    Secteurs physiques: 0
    (Aucun élément malicieux détecté)

    (end)[/spoiler:328kgel6]

    Log ZHP Diag
    [spoiler:328kgel6]~ Rapport de ZHPDiag v2015.6.4.54 – Nicolas Coolman (31/05/2015)
    ~ Lancé par HP (15/06/2015 11:14:54)
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ Adresse du Forum http://forum.nicolascoolman.fr
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.7601.17514
    GCIE: Google Chrome v43.0.2357.124 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_COA_SLP channel
    Windows ID Activation : OK
    ~ Windows Partial Key : 4346F
    Windows License : OK
    ~ Windows Remaining Initializations Number : 2
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK
    Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)

    —\ Logiciels de protection du système
    Bitdefender Total Security 2015 v18.17.0.1227
    Malwarebytes Anti-Malware version 2.1.6.1022
    Windows Defender W7 (Deactivate)

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer
    eMule

    —\ Surveillance de Logiciels
    Adobe Flash Player 17 NPAPI
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3000 MB (5% free)
    System Restore: Activé (Enable)
    System drive C: has 3 GB (0%) free of 281 GB

    —\ Mode de connexion au système
    ~ Computer Name: HP-HP
    ~ User Name: HP
    ~ All Users Names: HP, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersHPAppDataRoamingZHP
    ~ %AppData% : C:UsersHPAppDataRoaming
    ~ %Desktop% : C:UsersHPDesktop
    ~ %Favorites% : C:UsersHPFavorites
    ~ %LocalAppData% : C:UsersHPAppDataLocal
    ~ %StartMenu% : C:UsersHPAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 281 Go)
    D: CD-ROM drive (Not Inserted)
    E: CD-ROM drive (Not Inserted)
    F: Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)
    H: Floppy drive, Flash card reader, USB Key (Free 0 Go of 15 Go)
    I: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 47 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 05:30:54.) — C:WindowsExplorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 01:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.44214C94911C7CFB1D52CB64D5E8368D] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.20/11/2010 – 12:21:36.) — C:WindowsSystem32wininet.dll [980992]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 12:17:54.) — C:WindowsSystem32Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 12:21:24.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.9EBBBA55060F786F0FCAA3893BFA2806] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.25/04/2011 – 02:18:03.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 01:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/07/2009 – 23:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 08:38:10.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 08:42:32.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 09:59:29.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.13/07/2009 – 23:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.13/07/2009 – 23:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 02:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 08:39:44.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.81189C3D7763838E55C397759D49007A] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.11/03/2011 – 05:39:00.) — C:Windowssystem32Driversntfs.sys [1211264]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/07/2009 – 23:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/07/2009 – 23:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.13/07/2009 – 23:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 08:39:17.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 12:30:16.) — C:Windowssystem32Driversvolsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 12s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/2822
    ~ Mes musiques (My Musics) : 1/2610
    ~ Mes Videos (My Videos) : 4/440
    ~ Mes Favoris (My Favorites) : 1/18
    ~ Mes Documents (My Documents) : 2/65123
    ~ Mon Bureau (My Desktop) : 93/44166
    ~ Menu demarrer (Programs) : 1/44
    ~ Hidden Files: Scanned in 09mn 31s

    —\ Processus lancés
    [MD5.138A025177F9958599D498F5B0267382] – (.Huawei Technologies Co., Ltd. – DataCardMonitor MFC Application.) — C:ProgramDataDatacardServiceDCSHelper.exe [238160] [PID.2512]
    [MD5.7E212E742BF06BF678AE35E9C1B74B8F] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembam.exe [6212920] [PID.2700]
    [MD5.25107F58D1B8F60D67D1EE95798C0DE8] – (.Intel Corporation – IAStorIcon.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284696] [PID.2212]
    [MD5.20CB286C4591EEA68778CA6626D70D47] – (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [1791272] [PID.3088]
    [MD5.D018F156D00D4C2DDCD0D11118E4AE81] – (.Hewlett-Packard – HP Wireless Assistant Main Program.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe [499768] [PID.3368]
    [MD5.25209D8A20B1E32E5B58B066EC82B88C] – (.Intel Corporation – igfxTray Module.) — C:WindowsSystem32igfxtray.exe [141848] [PID.2836]
    [MD5.D6085ED22D42E9505448FEAD9FDFAF21] – (.Intel Corporation – hkcmd Module.) — C:WindowsSystem32hkcmd.exe [175640] [PID.3796]
    [MD5.7C918A71111884C3D355A0CEF1C5F644] – (.Intel Corporation – persistence Module.) — C:WindowsSystem32igfxpers.exe [166936] [PID.2632]
    [MD5.B2206246F4F08B733AF69392638B637C] – (.Intel Corporation – igfxsrvc Module.) — C:windowssystem32igfxsrvc.exe [268312] [PID.4020]
    [MD5.47EA5F76FAB723C61AB4A0D79BAD512C] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [959176] [PID.3440]
    [MD5.423D3D1F049CA9AC89AA6E30804A98CD] – (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe [495708] [PID.3548]
    [MD5.7F2691FD961C9A704DA221745CCE6295] – (.RealNetworks, Inc. – RealNetworks Scheduler.) — C:Program FilesRealRealPlayerUpdaterealsched.exe [295512] [PID.3136]
    [MD5.0ED04FAA4DC1974FE669AB3A945CBA04] – (.Adobe Systems Inc. – AcroTray.) — C:Program FilesAdobeAcrobat 11.0Acrobatacrotray.exe [3478600] [PID.4584]
    [MD5.3A8251889D03FCDC2B60D8A1C076D623] – (.Bitdefender – Bitdefender Agent.) — C:Program FilesBitdefenderBitdefender 2015bdagent.exe [1862056] [PID.4704]
    [MD5.99342358331F57209DFF987CEEB8E37B] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [157480] [PID.5056]
    [MD5.BAF49F90F6F5C212F16A3953335ED8A6] – (…) — C:Program FilesLe RobertLe Petit RobertPRHYPER.exe [22560] [PID.5144]
    [MD5.783F7F39A134AA5A9FE78A137980190B] – (.Microsoft Corporation – Microsoft Encarta Dictionaries.) — C:Program FilesMicrosoft EtudesMicrosoft Encarta 2008 – Études DVDEDICT.exe [351000] [PID.5212]
    [MD5.89462C4996EDA8436AE3DF1D82D040AD] – (.Nokia – Nokia Launch Application.) — C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [1508408] [PID.5264]
    [MD5.0DE3C7622EC33126579B1742260F08C2] – (.Pas de propriétaire – HpqToaster Module.) — C:Program FilesHewlett-PackardSharedhpqToaster.exe [632888] [PID.5288]
    [MD5.8B741FBF573B7A2B9A7F0F9898C7FF5D] – (.Bureau Van Dijk – Dictionnaires Le Robert – Hyperappel du Grand Robert de la langue fra.) — C:Program FilesLe RobertLe Grand RobertgrwinHyper.exe [1118208] [PID.5496]
    [MD5.432F4E8794A2EA8A64E4C75EA80B790E] – (.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe [1694560] [PID.5668] =>P2P.BitTorrent
    [MD5.C1626A1DEB684E044BBC2A03623A0F18] – (.Gadwin Systems, Inc – Gadwin PrintScreen.) — C:Program FilesGadwin SystemsPrintScreenPrintScreen.exe [493776] [PID.5772]
    [MD5.79922392204BF75AD0C26372D16CD4A3] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [28785280] [PID.4316]
    [MD5.2A4D5CB821E752093DEA66EDFC4F7834] – (.sunugraf – iconebarre.) — C:Program Filessunugrafsunuradiotviconebarre.exe [32768] [PID.4544]
    [MD5.A60E6CB4DC0B537EC3E60FAF92823A97] – (.Bitdefender – Bitdefender Wallet Agent.) — C:Program FilesBitdefenderBitdefender 2015bdwtxag.exe [671400] [PID.5100]
    [MD5.97EB4B9D4CCF89EC239768A6F4123494] – (.Pas de propriétaire – spark.) — C:Program FilesbaiduSparkspark.exe [982720] [PID.5224]
    [MD5.3F03AC51CE406AE04902BF239EE4F8F8] – (.Dropbox, Inc. – Dropbox.) — C:UsersHPAppDataRoamingDropboxbinDropbox.exe [43374104] [PID.5300]
    [MD5.F0EA603E7B91046CA48EA4B3593A007D] – (.Micro Application – Pas de description.) — C:Program FilesMicro ApplicationLauncherMA.exe [485376] [PID.5856]
    [MD5.C64E9B1C9EA057DCECDCB98F34377811] – (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program FilesMicrosoft OfficeOffice14ONENOTEM.exe [228552] [PID.6104]
    [MD5.10247055758850D4D0E9469322A93D42] – (.Synaptics Incorporated – Synaptics Pointing Device Helper.) — C:Program FilesSynapticsSynTPSynTPHelper.exe [103720] [PID.4680]
    [MD5.F85E0279A2D18B785844851D2E7414B9] – (.Bitdefender – Bitdefender Wallet Chrome Extension Native.) — C:Program FilesBitdefenderBitdefender 2015bdwtxcr.exe [327368] [PID.1000]
    [MD5.E68AE42C67786EDA13A953229A4C3BA0] – (.Nokia – Microsoft Bluetooth Media Server.) — C:Program FilesPC Connectivity SolutionTransportsNclMSBTSrvEx.exe [148008] [PID.5404]
    [MD5.072678E0D68E9C3A7960328671134C7B] – (.Microsoft Corporation – Windows Update.) — C:windowssystem32wuauclt.exe [54240] [PID.7184]
    [MD5.4547360EB0D90804B3AD080CE1D1D814] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [813896] [PID.2564]
    [MD5.12E2FC1F74265881402DE856D01EFFFE] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8214016] [PID.6424]
    [MD5.110FEE5A14185EAB1E1D1A676194AC7C] – (.Microsoft Corporation – Microsoft Word.) — C:Program FilesMicrosoft OfficeOffice14WINWORD.exe [1423008] [PID.5544]
    [MD5.5D1BFF0FCE80F9E2E539F436710D4A79] – (.Microsoft Corporation – Preview Handler Surrogate Host.) — C:windowssystem32prevhost.exe [31232] [PID.7132]
    [MD5.DC5ECEA062C0633346B6D199FA2B578D] – (.Adobe Systems Incorporated – Adobe Reader.) — c:program filesadobeacrobat 11.0acrobatacrord32.exe [1402440] [PID.7432]
    [MD5.3CA607B1453F45283F5CF81A49E7E847] – (.Adobe Systems Incorporated – Adobe Acrobat.) — C:Program FilesAdobeAcrobat 11.0AcrobatAcrobat.exe [63552] [PID.6720]
    ~ Processes Running: Scanned in 00mn 27s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersHPAppDataLocalGoogleChromeUser DataDefaultPreferences

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (21)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Adobe Acrobat Create PDF Toolbar – [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated – Adobe PDF Toolbar for Internet Explorer.) — C:Program FilesCommon FilesAdobeAcrobatWCIEActiveXAcroIEFavClient.dll
    O3 – Toolbar: Bitdefender Wallet – [HKLM]{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} . (.Bitdefender – Bitdefender Password Manager Internet Explo.) — C:Program FilesBitdefenderBitdefender 2015pmbxie.dll
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSQuickLaunch [HP]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Global Startup: 1 Legitimates Filtered in 00mn 45s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [QLBController] . (.Hewlett-Packard Company – QLBController.) — C:Program FilesHewlett-PackardHP HotKey SupportQLBController.exe
    O4 – HKLM..Run: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Run: [PDF Complete] . (.PDF Complete Inc – Sentry for PDF.) — C:Program FilesPDF Completepdfsty.exe =>.PDF Complete Inc
    O4 – HKLM..Run: [SynTPEnh] . (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 – HKLM..Run: [WirelessAssistant] . (.Hewlett-Packard – HP Wireless Assistant Main Program.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:windowssystem32igfxpers.exe
    O4 – HKLM..Run: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program FilesMicrosoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
    O4 – HKLM..Run: [NeroFilterCheck] . (.Nero AG – NeroCheck.) — C:Program FilesCommon FilesNeroLibNeroCheck.exe
    O4 – HKLM..Run: [NBKeyScan] . (.Nero AG – Nero BackItUp.) — C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe
    O4 – HKLM..Run: [TkBellExe] . (.RealNetworks, Inc. – RealNetworks Scheduler.) — c:program filesrealrealplayerUpdaterealsched.exe =>.RealNetworks, Inc
    O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. – AcroTray.) — C:Program FilesAdobeAcrobat 11.0AcrobatAcrotray.exe
    O4 – HKLM..Run: [Bdagent] . (.Bitdefender – Bitdefender Agent.) — C:Program FilesBitdefenderBitdefender 2015bdagent.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program FilesHewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
    O4 – HKCU..Run: [Le Petit Robert Hyperappel] . (…) — C:Program FilesLe RobertLe Petit Robertprhyper.exe
    O4 – HKCU..Run: [L08FXLRD_7550089] . (.Microsoft Corporation – Microsoft Encarta Dictionaries.) — C:Program FilesMicrosoft EtudesMicrosoft Encarta 2008 – Études DVDEDICT.exe
    O4 – HKCU..Run: [PC Suite Tray] . (.Nokia – Nokia Launch Application.) — C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersHPAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [grwinHyper] . (.Bureau Van Dijk – Dictionnaires Le Robert – Hyperappel du Grand Robert de la langue fra.) — C:Program FilesLe RobertLe Grand RobertgrwinHyper.exe
    O4 – HKCU..Run: [uTorrent] . (.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – HKCU..Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc – Gadwin PrintScreen.) — C:Program FilesGadwin SystemsPrintScreenPrintScreen.exe
    O4 – HKCU..Run: [Adobe Acrobat Synchronizer] . (.Adobe Systems Incorporated – Adobe Collaboration Synchronizer 11.0.) — C:Program FilesAdobeAcrobat 11.0AcrobatAdobeCollabSync.exe
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKCU..Run: [sunuradiotv] . (.sunugraf – iconebarre.) — C:Program Filessunugrafsunuradiotviconebarre.exe
    O4 – HKCU..Run: [Bitdefender Wallet Agent] . (.Bitdefender – Bitdefender Wallet Agent.) — C:Program FilesBitdefenderBitdefender 2015bdwtxag.exe
    O4 – HKCU..Run: [Spark] . (.Pas de propriétaire – spark.) — C:Program FilesbaiduSparkspark.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [Le Petit Robert Hyperappel] . (…) — C:Program FilesLe RobertLe Petit Robertprhyper.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [L08FXLRD_7550089] . (.Microsoft Corporation – Microsoft Encarta Dictionaries.) — C:Program FilesMicrosoft EtudesMicrosoft Encarta 2008 – Études DVDEDICT.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [PC Suite Tray] . (.Nokia – Nokia Launch Application.) — C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersHPAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [grwinHyper] . (.Bureau Van Dijk – Dictionnaires Le Robert – Hyperappel du Grand Robert de la langue fra.) — C:Program FilesLe RobertLe Grand RobertgrwinHyper.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [uTorrent] . (.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc – Gadwin PrintScreen.) — C:Program FilesGadwin SystemsPrintScreenPrintScreen.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [Adobe Acrobat Synchronizer] . (.Adobe Systems Incorporated – Adobe Collaboration Synchronizer 11.0.) — C:Program FilesAdobeAcrobat 11.0AcrobatAdobeCollabSync.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [sunuradiotv] . (.sunugraf – iconebarre.) — C:Program Filessunugrafsunuradiotviconebarre.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [Bitdefender Wallet Agent] . (.Bitdefender – Bitdefender Wallet Agent.) — C:Program FilesBitdefenderBitdefender 2015bdwtxag.exe
    O4 – HKUSS-1-5-21-903305712-3637847979-543563111-1000..Run: [Spark] . (.Pas de propriétaire – spark.) — C:Program FilesbaiduSparkspark.exe
    ~ Application: Scanned in 00mn 01s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: @C:Program FilesHewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program FilesHewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office14ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Notes &liées OneNote – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office14ONBTTN~1.dll =>.Microsoft Corporation
    O9 – Extra button: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (…) — C:Program FilesSkypeToolbarsInternet Explorericon.ico
    O9 – Extra button: Barre de recherche Encarta – {B205A35E-1FC4-4CE3-818B-899DBBB3388C} — Clé orpheline
    ~ IE Extra Buttons: Scanned in 00mn 01s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{1A571F40-2575-45AD-A68B-B0396B8E8CF4}: DhcpNameServer = 10.32.1.28 172.16.255.9
    O17 – HKLMSystemCCSServicesTcpip..{5B394487-DDF7-44B5-9946-14D9C307F962}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{82F525B4-DF35-427D-8642-9645D157DA08}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{9A95E20E-0948-4EB7-AAA5-730E42416C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{AE1241D9-89D0-4386-9637-79D5E5769070}: DhcpNameServer = 10.32.1.28 172.16.255.9
    O17 – HKLMSystemCS1ServicesTcpip..{1A571F40-2575-45AD-A68B-B0396B8E8CF4}: DhcpNameServer = 10.32.1.28 172.16.255.9
    O17 – HKLMSystemCS1ServicesTcpip..{5B394487-DDF7-44B5-9946-14D9C307F962}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{82F525B4-DF35-427D-8642-9645D157DA08}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{9A95E20E-0948-4EB7-AAA5-730E42416C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{AE1241D9-89D0-4386-9637-79D5E5769070}: DhcpNameServer = 10.32.1.28 172.16.255.9
    O17 – HKLMSystemCS2ServicesTcpip..{1A571F40-2575-45AD-A68B-B0396B8E8CF4}: DhcpNameServer = 10.32.1.28 172.16.255.9
    O17 – HKLMSystemCS2ServicesTcpip..{5B394487-DDF7-44B5-9946-14D9C307F962}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{82F525B4-DF35-427D-8642-9645D157DA08}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{9A95E20E-0948-4EB7-AAA5-730E42416C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{AE1241D9-89D0-4386-9637-79D5E5769070}: DhcpNameServer = 10.32.1.28 172.16.255.9
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.32.1.28 172.16.255.9
    ~ Domain: Scanned in 00mn 01s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: (no name) – {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} . (…) — C:windowsW7FBCdll.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. – spark.) – C:Program FilesbaiduSparksparkservice.exe
    ~ Services: 20 Legitimates Filtered in 00mn 24s

    —\ Tâches planifiées en automatique (O39)
    [MD5.22385F9E061EA4DF9BBC385C552D61A5] [APT] [SparkUpdater] (.Baidu.com, Inc..) — C:Program FilesbaiduSparkSparkUpdate.exe [1359040]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1054]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1058]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-903305712-3637847979-543563111-1000Core [1014]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-903305712-3637847979-543563111-1000UA [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksHPCeeScheduleForHP [308]
    ~ Scheduled Task: 14 Legitimates Filtered in 00mn 04s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (Eve) . (…) – C:WindowsSystem32DRIVERSeve.sys
    ~ Drivers: 81 Legitimates Filtered in 00mn 05s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Baidu Browser – (.Baidu Inc..) [HKLM] — Spark
    O42 – Logiciel: CD Dalloz Expert – Code civil – (…) [HKLM] — CD CODE EXPERT CIVIL
    O42 – Logiciel: CD Dalloz Expert – Dalloz Etudes Commerce – (…) [HKLM] — Cd Etudes Commerce
    O42 – Logiciel: CD Dalloz Expert – Dalloz Etudes Pénal – Procédure Pénale – (…) [HKLM] — Cd Etudes Penal
    O42 – Logiciel: Code du travail – (…) [HKLM] — Code du travail_is1
    O42 – Logiciel: SpeakBack SE – (…) [HKLM] — SpeakBack SE
    O42 – Logiciel: sunuradiotv – (.sunugraf.) [HKLM] — {2A7AA81F-3DEE-4AF0-BFF5-1316EBF2C5EF}
    ~ Logic: 26 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareBaidu]
    [HKCUSoftwareBitComet] =>P2P.BitComet
    [HKCUSoftwareHarby]
    [HKCUSoftwareITUR2008-2F]
    [HKCUSoftwareITURRapp2008-F]
    [HKCUSoftwareSMADΔV]
    [HKLMSoftwareBaidu]
    [HKLMSoftwareDalloz]
    [HKLMSoftwareELAN Speech]
    [HKLMSoftwareNVO]
    [HKLMSoftwareSOSVirus]
    ~ Key Software: 390 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 09/11/2014 – 19:23:48 – [0] —-D C:Program Filesa7c41bed-db4d-4f7b-9955-16462fd24f6f
    O43 – CFD: 12/03/2015 – 23:59:28 – [] —-D C:Program Filesairbox
    O43 – CFD: 28/01/2015 – 18:26:04 – [] —-D C:Program Filesbaidu
    O43 – CFD: 17/12/2012 – 00:22:27 – [] —-D C:Program FilesCode du Travail
    O43 – CFD: 28/11/2012 – 19:59:50 – [0] —-D C:Program FilesDOSSIERS
    O43 – CFD: 14/11/2013 – 17:50:59 – [] —-D C:Program FilesDWD
    O43 – CFD: 07/03/2013 – 13:35:09 – [] —-D C:Program FilesELAN Speech
    O43 – CFD: 28/11/2012 – 19:59:51 – [0] —-D C:Program FilesNOTES
    O43 – CFD: 10/02/2012 – 22:37:56 – [] —-D C:Program FilesSerge_LAGIER
    O43 – CFD: 28/01/2015 – 18:25:48 – [] —-D C:ProgramDataBaidu
    O43 – CFD: 22/03/2013 – 22:23:44 – [] —-D C:ProgramDataCrazy Johns Broadband
    O43 – CFD: 10/02/2013 – 10:55:23 – [] —-D C:ProgramDatae-express
    O43 – CFD: 28/01/2015 – 18:25:37 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsBaidu Browser
    O43 – CFD: 17/12/2012 – 00:22:27 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsCode du Travail
    O43 – CFD: 17/12/2012 – 00:28:53 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsCodes Dalloz Etudes
    O43 – CFD: 28/11/2012 – 19:46:41 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsCodes Dalloz Experts
    O43 – CFD: 01/03/2012 – 13:08:37 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsEncyclopédie Numérique Dalloz
    O43 – CFD: 22/04/2011 – 21:31:58 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsEnergy Star
    O43 – CFD: 10/02/2012 – 22:37:58 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsSerge.LAGIER
    O43 – CFD: 07/03/2013 – 13:35:12 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsSpeakBack Se
    O43 – CFD: 28/01/2015 – 18:27:19 – [] —-D C:UsersHPAppDataRoamingBaidu
    O43 – CFD: 27/06/2014 – 15:02:28 – [] —-D C:UsersHPAppDataRoamingBitComet =>P2P.BitComet
    O43 – CFD: 28/06/2013 – 18:24:20 – [] —-D C:UsersHPAppDataRoamingFVD3
    O43 – CFD: 23/02/2015 – 23:52:41 – [] —-D C:UsersHPAppDataLocalSelfExtractible
    O43 – CFD: 14/02/2013 – 14:31:49 – [] —-D C:UsersHPAppDataRoamingMicrosoftWindowsStart MenuProgramsCD Code Dalloz
    O43 – CFD: 07/02/2014 – 21:42:51 – [] —-D C:UsersHPAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle+ Auto Backup
    O43 – CFD: 10/02/2012 – 22:37:58 – [] —-D C:UsersHPAppDataRoamingMicrosoftWindowsStart MenuProgramsSerge.LAGIER
    ~ Program Folder: 355 Legitimates Filtered in 00mn 04s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.B53EC6CFBD0883C4CCF29C28092C80BF] – 09/06/2015 – 20:06:37 —A- . (…) — C:Windowswin.ini [493]
    O44 – LFC:[MD5.F998CF49DA41883DD5FAA35B104C5D7C] – 15/06/2015 – 09:19:20 —A- . (…) — C:WindowsIE11_main.log [727380]
    O44 – LFC:[MD5.158354D2BF67CC341F198E2ED2594317] – 15/06/2015 – 10:59:44 —A- . (…) — C:bdlog.txt [216141]
    O44 – LFC:[MD5.BBDD6F45C6B408BE3C595FC0EEEA1AA4] – 15/06/2015 – 11:20:25 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [30416]
    O44 – LFC:[MD5.BBDD6F45C6B408BE3C595FC0EEEA1AA4] – 15/06/2015 – 11:20:25 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [30416]
    ~ Files: 22 Legitimates Filtered in 01mn 53s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.5AD6E48C41735F6EAF7D86C0048C200D] – 15/06/2015 – 09:55:32 —A- – C:WindowsPrefetchUTORRENT.EXE-604F5E23.pf =>P2P.µTorrent
    ~ Prefetcher: 1 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~1MICROS~2Office14GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPSK) (O51)
    O51 – MPSK:{109cf9ce-00f3-11e5-9a71-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{12d7863a-bbec-11e3-90ae-78e3b54d1009}AutoRuncommand. (…) — G:.Setup.exe (.not file.)
    O51 – MPSK:{20f0e9bd-6591-11e4-a2cd-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{2ad3f0b5-6106-11e4-9787-78e3b54d1009}AutoRuncommand. (…) — G:AutoRun.exe (.not file.)
    O51 – MPSK:{2cda111e-20cb-11e4-b907-78e3b54d1009}AutoRuncommand. (…) — G:.Setup.exe (.not file.)
    O51 – MPSK:{438a5268-cbbf-11e4-b642-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{490a42c7-c908-11e4-bacf-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{490a42d5-c908-11e4-bacf-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{490a42ff-c908-11e4-bacf-78e3b54d1009}AutoRuncommand. (…) — I:AutoRun.exe (.not file.)
    O51 – MPSK:{5ac51e5d-b9e9-11e3-b61a-78e3b54d1009}AutoRuncommand. (…) — G:.Setup.exe (.not file.)
    O51 – MPSK:{5af0737f-61c0-11e4-8a88-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{5af07388-61c0-11e4-8a88-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{bf414246-bbb1-11e4-b8fa-78e3b54d1009}AutoRuncommand. (…) — H:.Setup.exe (.not file.)
    O51 – MPSK:{d5278b7d-c029-11e4-be6b-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{da594226-c32e-11e4-9790-78e3b54d1009}AutoRuncommand. (…) — H:AutoRun.exe (.not file.)
    O51 – MPSK:{fc71eaf0-c562-11e3-bc3a-78e3b54d1009}AutoRuncommand. (…) — G:.Setup.exe (.not file.)
    O51 – MPSK:{fc71eaf9-c562-11e3-bc3a-78e3b54d1009}AutoRuncommand. (…) — G:.Setup.exe (.not file.)
    ~ Keys: Scanned in 01mn 37s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    ~ MWPS: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:02/06/2013 – 04:56:40 —A- . (.Wondershare – Wondershare Virtual Audio Device.) — C:WindowsSystem32DriversApowersoft_AudioDevice.sys [26032]
    O58 – SDL:14/07/2009 – 01:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
    O58 – SDL:10/04/2014 – 12:05:24 —A- . (…) — C:WindowsSystem32Driverseve.sys [33624]
    O58 – SDL:08/10/2010 – 08:55:06 —A- . (.Huawei Tech. Co., Ltd. – HUAWEI USB Smart Card Driver.) — C:WindowsSystem32Driversewdcsc.sys [25856]
    O58 – SDL:13/07/2009 – 22:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
    O58 – SDL:01/01/1857 – 01:00:00 R–A- . (…) — C:WindowsSystem32DriversSECDRV.SYS [11616]
    O58 – SDL:14/10/2010 – 01:44:22 —A- . (.Pas de propriétaire – USBCAMD for Sonix UVC.) — C:WindowsSystem32Driverssncduvc.sys [33280]
    O58 – SDL:14/10/2010 – 01:44:28 —A- . (.Pas de propriétaire – UVC Camera Streaming Driver.) — C:WindowsSystem32Driverssnp2uvc.sys [1763968]
    O58 – SDL:27/08/2012 – 14:50:24 —A- . (.Avira GmbH – AVIRA SnapShot Driver.) — C:WindowsSystem32Driversssmdrv.sys [28520]
    O58 – SDL:14/07/2009 – 01:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
    O58 – SDL:08/02/2013 – 19:01:12 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt.sys [431616]
    O58 – SDL:22/08/2013 – 12:40:22 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [35288]
    O58 – SDL:15/08/2014 – 22:35:00 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [45056]
    O58 – SDL:13/07/2009 – 21:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:13/07/2009 – 21:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:13/07/2009 – 21:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:13/07/2009 – 21:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:13/07/2009 – 21:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:13/07/2009 – 21:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:13/07/2009 – 21:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:13/07/2009 – 21:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:13/07/2009 – 21:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:13/07/2009 – 21:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:13/07/2009 – 21:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:13/07/2009 – 21:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:13/07/2009 – 21:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:13/07/2009 – 21:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:13/07/2009 – 21:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 109 Legitimates Filtered in 00mn 04s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 13/06/2015 – 11:36:51 —A- . (…) — C:UsersHPDownloadsAdwCleaner (1).exe [847740]
    O61 – LFC: 15/06/2015 – 11:31:13 —A- . (…) — C:UsersHPAppDataLocalGoogleChromeUser Dataev_hashes_whitelist.bin [1113849]
    O61 – LFC: 15/06/2015 – 11:36:51 —A- . (…) — C:UsersHPDownloadsAdwCleaner (2).exe [2231296]
    ~ 2047 Fichiers temporaires (Temporary files)
    ~ 677 Fichiers cookies (Cookies files)
    ~ Files: 8 Legitimates Filtered in 06mn 11s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttps://www.sosvirus.net.&#41; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2015 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 10/04/2014 – C:WindowsSystem32DRIVERSeve.sys (Eve) .(…) – LEGACY_EVE
    ~ Legacy: 127 Legitimates Filtered in 00mn 01s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Pas de propriétaire – spark.) — C:Program FilesbaiduSparkSpark.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Goo) – http://www.google.com
    O69 – SBI: SearchScopes [HKCU] {B2CFDFF7-6F56-411B-945D-8DCB61D6126A} – (Bing) – http://www.bing.com
    O69 – SBI: SearchScopes [HKCU] {CBBA2BA9-E7BB-455D-9C99-583AF4FB6BC0} – (Google) – http://www.google.com
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.35CB71D14E32FE0C4C2C6092F27F5E2D] [SPRF][12/11/2014] (…) — C:ProgramData1415823961.bdinstall.bin [737002]
    [MD5.FD44A31F8B65948F19412FE3EF0E0341] [SPRF][19/03/2012] (…) — C:ProgramData9A1E49EE1D.sys [88]
    [MD5.4467D15B275C13CA41EADDF603FB06F2] [SPRF][28/01/2012] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.88681F060A5D7D1F4BF8049AEBB573A4] [SPRF][29/04/2012] (…) — C:ProgramDataKGyGaAvL.sys [2828]
    [MD5.0F162BCB09C2502BD763067B5938E637] [SPRF][18/12/2012] (…) — C:ProgramDatantuser.dat [262144]
    ~ Files: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{F141003A-E154-4298-96EC-311B1D312165}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{60CA3A78-6A1A-481D-8C87-7BAC169FE93D}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{07DFC3A0-8ACB-406A-9D3F-F9F321D35D47}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{CE6C82E8-829F-48B8-A0BF-D9B971EF9565}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 4 Legitimates Filtered in 00mn 06s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.9F01B2EB540FD24A41C4EC2D8E48F687] [WIS][23/07/2013] (.Microsoft Corporation – Bing Bar.) — C:WindowsInstaller4054f.msi [466944] =>Toolbar.Bing
    ~ WIS: 1 Legitimates Filtered in 00mn 08s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] (Bing Bar Helper) =>Toolbar.Bing
    [HKCRCLSID{b512f94e-18af-4a79-b775-8945fcf1fedb}] (NMBAppPluginMediaBrowserVideo Class) =>PUP.CrossRider
    ~ BCK: 7859 Legitimates Filtered in 00mn 26s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
    SS – | Demand 10/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 22/12/2014 69880 | (BdDesktopParental) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2015bdparentalservice.exe
    SS – | Demand 25/11/2014 107912 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 25/11/2014 107912 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 09/05/2011 136120 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 20/09/2007 382248 | (NMIndexingService) . (.Nero AG.) – C:Program FilesCommon FilesNeroLibNMIndexingService.exe
    SS – | Auto 22/07/1658 0 | (NMSAccess) . (…) – C:Program FilesBlaze Media ProNMSAccess32.exe
    SS – | Demand 25/06/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) – C:Program FilesWinPcaprpcapd.exe
    SS – | Disabled 08/07/2013 81704 | (SafeBox) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender SafeBoxsafeboxservice.exe
    SS – | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SS – | Demand 19/12/2014 1359040 | (SparkUpdater) . (.Baidu.com, Inc..) – C:Program FilesBaiduSparkUpdateSparkupdate.exe
    SS – | Demand 16/10/2009 74392 | (stllssvr) . (.MicroVision Development, Inc..) – c:Program FilesCommon FilesSureThing Sharedstllssvr.exe
    SS – | Demand 22/07/1658 0 | (Update Server) . (…) – C:Program FilesCommon FilesBitdefenderBitdefender Arrakis Serverbinarrakis3.exe
    SS – | Demand 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 08/02/2013 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMaestsrv.exe
    SR – | Auto 03/12/2009 26112 | (AgereModemAudio) . (.LSI Corporation.) – C:Program FilesLSI SoftModemagrsmsvc.exe
    SR – | Auto 19/01/2015 60744 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SR – | Auto 10/08/2012 197536 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardSharedHPDrvMntSvc.exe
    SR – | Auto 01/03/2010 264248 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP HotKey SupporthpHotkeyMonitor.exe
    SR – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardSharedhpqwmiex.exe
    SR – | Auto 28/10/2013 276048 | (HWDeviceService.exe) . (…) – C:ProgramDataDatacardServiceHWDeviceService.exe
    SR – | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Demand 13/02/2015 540968 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 22/01/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – C:Program FilesCommon FilesLightScribeLSSrvc.exe
    SR – | Auto 14/04/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 14/04/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 20/09/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) – C:Program FilesNeroNero8Nero BackItUpNBService.exe
    SR – | Auto 12/01/2010 635416 | (pdfcDispatcher) . (.PDF Complete Inc.) – C:Program FilesPDF Completepdfsvc.exe
    SR – | Auto 06/03/2013 39056 | (RealNetworks Downloader Resolver Service) . (…) – C:Program FilesRealNetworksRealDownloaderrndlresolversvc.exe
    SR – | Demand 30/11/2011 718888 | (ServiceLayer) . (.Nokia.) – C:Program FilesPC Connectivity SolutionServiceLayer.exe
    SR – | Auto 30/03/2015 84672 | (SparkSvc) . (.Baidu Inc..) – C:Program FilesbaiduSparksparkservice.exe
    SR – | Auto 08/02/2013 254034 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV.exe
    SR – | Auto 01/12/2014 54424 | (UPDATESRV) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2015updatesrv.exe
    SR – | Auto 01/04/2015 1308464 | (VSSERV) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2015vsserv.exe
    SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 34s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    ~ MBR: 1 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog
    Run by HP at 15/06/2015 11:41:23
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13008 – (31/05/2015)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 5

    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:uTorrent =>P2P.BitTorrent^
    C:UsersHPAppDataRoamingBitComet =>P2P.BitComet^
    C:UsersHPAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent^
    [HKCUSoftwareBitComet] =>P2P.BitComet^
    C:WindowsInstaller4054f.msi =>Toolbar.Bing^
    [HKCRCLSID{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] (Bing Bar Helper) =>Toolbar.Bing^
    [HKCRCLSID{b512f94e-18af-4a79-b775-8945fcf1fedb}] (NMBAppPluginMediaBrowserVideo Class) =>PUP.CrossRider^
    ~ Additionnel Scan: 494391 Items scanned in 01mn 21s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
    ~ AMI: 4 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 1123 Legitimates filtered by white list
    End of the scan (654 lines in 27mn 53s)(0.10)[/spoiler:328kgel6]

Le sujet ‘Infecté par Gen:Variant.Zbot.165’ est fermé à de nouvelles réponses.