Infection USB 2014-04-29T19:48:01+00:00
  • Auteur
    Messages
  • Laurianne
    Participant
    Nombre d'articles : 4

    Bonjour, tout d’abord merci pour votre aide et pour la création de ce site. Les PC de mon école on des virus qui s’installe sur les clé USB et transforme les fichier en raccourcis et le problème c’est que la clé USB infecter à après été sur mon ordi et à infecter d’autre clé et mon téléphone car je ne m’en suis pas rendu compte tout de suite. Par contre j’ai fait les scan et rapport avec toutes les clé infecter relié à l’ordinateur j’espère que c’est ce qu’il fallait faire.
    Encore merci et voici les rapports. J’ai aussi le rapport d’USB fix en plus.

    [spoiler:jll9j03e]# AdwCleaner v3.205 – Rapport créé le 29/04/2014 à 20:57:47
    # Mis à jour le 28/04/2014 par Xplode
    # Système d'exploitation : Windows 8.1 (64 bits)
    # Nom d'utilisateur : Laurianne.REMY – MINILAURIANNE
    # Exécuté depuis : C:UsersLaurianne.REMYDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : WajamUpdaterV3

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Program Files (x86)EZDownloader
    Dossier Supprimé : C:Program Files (x86)Mysearchdial
    Dossier Supprimé : C:Program Files (x86)Wajam
    Dossier Supprimé : C:UsersLaurianne.REMYAppDataRoamingMysearchdial
    Dossier Supprimé : C:UsersLaurianne.REMYAppDataRoamingMicrosoftWindowsStart MenuProgramsWajam
    Fichier Supprimé : C:END
    Fichier Supprimé : C:UsersLaurianne.REMYAppDataLocalGoogleChromeUser DataDefaultLocal Storagechrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREClassesAppIDescort.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppIDescortApp.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppIDescortEng.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppIDescorTlbr.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppIDesrv.EXE
    Clé Supprimée : HKLMSOFTWAREClassesAppIDpriam_bho.DLL
    Clé Supprimée : HKLMSOFTWAREClassesescort.escortIEPane
    Clé Supprimée : HKLMSOFTWAREClassesescort.escortIEPane.1
    Clé Supprimée : HKLMSOFTWAREClassesesrv.mysearchdialesrvc
    Clé Supprimée : HKLMSOFTWAREClassesesrv.mysearchdialesrvc.1
    Clé Supprimée : HKLMSOFTWAREClassesmysearchdial.mysearchdialappCore
    Clé Supprimée : HKLMSOFTWAREClassesmysearchdial.mysearchdialappCore.1
    Clé Supprimée : HKLMSOFTWAREClassesmysearchdial.mysearchdialdskBnd
    Clé Supprimée : HKLMSOFTWAREClassesmysearchdial.mysearchdialdskBnd.1
    Clé Supprimée : HKLMSOFTWAREClassesmysearchdial.mysearchdialHlpr
    Clé Supprimée : HKLMSOFTWAREClassesmysearchdial.mysearchdialHlpr.1
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho.1
    Clé Supprimée : HKLMSOFTWAREClasseswajam.WajamBHO
    Clé Supprimée : HKLMSOFTWAREClasseswajam.WajamBHO.1
    Clé Supprimée : HKLMSOFTWAREClasseswajam.WajamDownloader
    Clé Supprimée : HKLMSOFTWAREClasseswajam.WajamDownloader.1
    Clé Supprimée : HKLMSYSTEMCurrentControlSetServicesEventlogApplicationWajamUpdater
    Clé Supprimée : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{3004627E-F8E9-4E8B-909D-316753CBA923}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{0400EBCA-042C-4000-AA89-9713FBEDB671}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{0BD19251-4B4B-4B94-AB16-617106245BB7}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{44B29DDD-CF7A-454A-A275-A322A398D93F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{B2DB115C-8278-4947-9A07-57B53D1C4215}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{B97FC455-DB33-431D-84DB-6F1514110BD5}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{E72E9312-0367-4216-BFC7-21485FA8390B}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{FBC322D5-407E-4854-8C0B-555B951FD8E3}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3004627E-F8E9-4E8B-909D-316753CBA923}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3004627E-F8E9-4E8B-909D-316753CBA923}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{0400EBCA-042C-4000-AA89-9713FBEDB671}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{0BD19251-4B4B-4B94-AB16-617106245BB7}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{44B29DDD-CF7A-454A-A275-A322A398D93F}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{B2DB115C-8278-4947-9A07-57B53D1C4215}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{B97FC455-DB33-431D-84DB-6F1514110BD5}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{E72E9312-0367-4216-BFC7-21485FA8390B}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    Valeur Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Clé Supprimée : HKCUSoftwareInstallCore
    Clé Supprimée : HKCUSoftwaremysearchdial
    Clé Supprimée : HKCUSoftwareWajam
    Clé Supprimée : HKLMSoftwareInstallCore
    Clé Supprimée : HKLMSoftwareWajam
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallmysearchdial
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWajam

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17037

    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]

    -\ Google Chrome v34.0.1847.116

    [ Fichier : C:UsersLaurianne.REMYAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

    *************************

    AdwCleaner[R0].txt – [9883 octets] – [29/04/2014 20:52:24]
    AdwCleaner[R1].txt – [9943 octets] – [29/04/2014 20:56:24]
    AdwCleaner[S0].txt – [9466 octets] – [29/04/2014 20:57:48]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [9526 octets] ##########[/spoiler:jll9j03e]

  • Laurianne
    Participant
    Nombre d'articles : 4

    [spoiler:czxqmfq1]~ Rapport de ZHPDiag v2014.4.28.48 – Nicolas Coolman (28/04/2014)
    ~ Lancé par Laurianne.REMY (29/04/2014 21:35:21)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17031
    GCIE: Google Chrome v34.0.1847.116 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8.1, 64-bit (Build 9600)
    Windows Server License Manager Script : OK
    ~ Windows(R) Operating System, OEM_DM channel
    Windows ID Activation : OK
    ~ Windows Partial Key : FX6HD
    Windows License : OK
    ~ Windows Remaining Initializations Number : 999
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 2.0.1.1004
    Windows Defender W8

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3981 MB (52% free)
    System Restore: Activé (Enable)
    System drive C: has 141 GB (75%) free of 186 GB

    —\ Mode de connexion au système
    ~ Computer Name: MINILAURIANNE
    ~ User Name: Laurianne.REMY
    ~ All Users Names: Laurianne.REMY, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersLaurianne.REMYAppDataRoamingZHP
    ~ %AppData% : C:UsersLaurianne.REMYAppDataRoaming
    ~ %Desktop% : C:UsersLaurianne.REMYDesktop
    ~ %Favorites% : C:UsersLaurianne.REMYFavorites
    ~ %LocalAppData% : C:UsersLaurianne.REMYAppDataLocal
    ~ %StartMenu% : C:UsersLaurianne.REMYAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 141 Go of 186 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
    E: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
    F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)
    G: Floppy drive, Flash card reader, USB Key (Free 4 Go of 7 Go)
    H: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.81394C91B7B5A7C799E249AE82491F13] – (.Microsoft Corporation – Explorateur Windows.) (.04/03/2014 – 13:25:49.) — C:WindowsExplorer.exe [2373784]
    [MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
    [MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/02/2014 – 10:11:56.) — C:WindowsSystem32wininet.dll [2262016]
    [MD5.306EB21E5B480AE9065EA55AC8C35936] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.22/02/2014 – 10:45:48.) — C:WindowsSystem32Winlogon.exe [562176]
    [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/12/2013 – 09:54:07.) — C:WindowsSystem32sppcomapi.dll [447488]
    [MD5.239268BAB58EAE9A3FF4E08334C00451] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32DriversAFD.sys [567296]
    [MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
    [MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
    [MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
    [MD5.A03F362C5557E238CBFA914689C77248] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.06/03/2014 – 10:22:50.) — C:Windowssystem32DriversDfsC.sys [134144]
    [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.22/08/2013 – 12:38:38.) — C:Windowssystem32DriversHDAudBus.sys [78336]
    [MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
    [MD5.B7342B3C58E91107F6E946A93D9D4EFD] – (.Microsoft Corporation – IP Network Address Translator.) (.27/11/2013 – 13:02:29.) — C:Windowssystem32DriversIpNat.sys [142848]
    [MD5.C997E6A37BA8915224B3FB5024A34F69] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.06/03/2014 – 10:20:23.) — C:Windowssystem32DriversMRxSmb.sys [402944]
    [MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
    [MD5.1C80517BE6836A812F6A9B99B8321351] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.20/03/2014 – 04:41:24.) — C:Windowssystem32Driversntfs.sys [2013016]
    [MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
    [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
    [MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 – 08:16:40.) — C:Windowssystem32Driversrdpdr.sys [195584]
    [MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
    [MD5.3595FBDF25F8BA6256072D103937D7D6] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.22/02/2014 – 16:44:13.) — C:Windowssystem32Driversvolsnap.sys [311640]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/4
    Mes Videos (My Videos) : 2/2 (Modified)
    ~ Mes Favoris (My Favorites) : 1/7
    ~ Mes Documents (My Documents) : 2/4
    ~ Mon Bureau (My Desktop) : 2/6
    ~ Menu demarrer (Programs) : 1/27
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.2F03C763EE0DFB4DE56176737DEFB2E2] – (.Microsoft Corporation – Touch Keyboard and Handwriting Panel Helper.) — C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe [21184] [PID.3320]
    [MD5.F1CB88B90F5CE1A6D2BCDE90E2100ECC] – (.Apache Software Foundation – OpenOffice Writer.) — C:Program Files (x86)OpenOffice 4programswriter.exe [103936] [PID.4048]
    [MD5.55F18BE55D04A5CC961B0A013B2B8FD7] – (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program Files (x86)OpenOffice 4programsoffice.exe [9837056] [PID.4060]
    [MD5.70BC8374217BFC5C24D4504C2459FEB6] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [111120] [PID.4080]
    [MD5.0AC5756636A90E33559439295B25FA94] – (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program Files (x86)OpenOffice 4programsoffice.bin [9828864] [PID.4092]
    [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [958576] [PID.2688]
    [MD5.6F85F3875C387BEEA08A3A7D60B06036] – (.Microsoft Corp. – Bing Desktop Application.) — C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe [2353880] [PID.3188]
    [MD5.053648EC64B4C4AADE8886CA9ACC644D] – (.Microsoft Corp. – BDExtHost.exe.) — C:Program Files (x86)MicrosoftBingDesktopBDExtHost.exe [207576] [PID.4960]
    [MD5.377E3B00DA2FDC33ADB7DA976ECE3B95] – (.Microsoft Corp. – BDAppHost.exe.) — C:Program Files (x86)MicrosoftBingDesktopBDAppHost.exe [153304] [PID.5000]
    [MD5.CF3A4298B6D8B1C7441812058C748E7A] – (.Microsoft Corp. – BDRuntimeHost.exe.) — C:Program Files (x86)MicrosoftBingDesktopBDRuntimeHost.exe [369880] [PID.5032]
    [MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [205184] [PID.4396]
    [MD5.23075147F62C896784C66D706F38360E] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [328504] [PID.4448]
    [MD5.AA03C052F3000CED0A300C0AC949B50F] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20280] [PID.4784]
    [MD5.C570FD825751F7805CE226F68C4605DE] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [54488] [PID.3108]
    [MD5.B07086D59443DAC6A668D691B27B968C] – (.ASUSTeK Computer Inc. – ASUS Color Engine.) — C:Program Files (x86)ASUSSplendidColorUService.exe [176240] [PID.2932]
    [MD5.97432AB9F1B3B3E63E778C1E69E71E91] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1124032] [PID.2804]
    [MD5.D127D2EF6893B7A333FADFACF49AAD74] – (.Conexant Systems, Inc – SmartAudio.) — C:Program FilesConexantSAIISmartAudio.exe [1020632] [PID.692]
    [MD5.2EBBBFC120593C683796092F2DDA0EFC] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [841032] [PID.336]
    [MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6963512] [PID.1468]
    [MD5.1780A53FCE5975B94604775CD9460F22] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7865344] [PID.5232]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersLaurianne.REMYAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] http://www.bing.com” onclick=”window.open(this.href);return false;
    G0 – GCSP: Preference [User DataDefault][HomePage] http://www.msn.com” onclick=”window.open(this.href);return false;
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 12 Legitimates Filtered in 00mn 13s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKCU..Run: [Power2GoExpress] Clé orpheline
    O4 – HKLM..Wow6432NodeRun: [CLMLServer] . (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [BingDesktop] . (.Microsoft Corp. – Bing Desktop Application.) — C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe
    O4 – HKUSS-1-5-21-2438500433-15155753-1834781870-1001..Run: [Power2GoExpress] Clé orpheline
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: Se&nd to OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Lync Click to Call [64Bits] – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15lync.exe (.not file.)
    O9 – Extra button: OneNote Lin&ked Notes [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15ONBttnIELinkedNotes.dll =>.Microsoft Corporation
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3566455D-3A6E-49EC-9CB0-8D1036AF60CE}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCCSServicesTcpip..{3897232E-62EF-4685-AD45-1F04681F7B33}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{3566455D-3A6E-49EC-9CB0-8D1036AF60CE}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{3897232E-62EF-4685-AD45-1F04681F7B33}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1108]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1112]
    ~ Scheduled Task: 16 Legitimates Filtered in 00mn 03s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 07/11/2013 – 14:09:43 – [] —-D C:ProgramDataInstallMate =>PUP.Tarma
    ~ Program Folder: 117 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] – 20/04/2014 – 14:03:26 —A- . (…) — C:WindowsSystem32ApnDatabase.xml [387210]
    O44 – LFC:[MD5.385AF1C48CE3E86B37B9E66749FFEC1B] – 20/04/2014 – 14:22:11 —A- . (…) — C:WindowsSystem32srms.dat [50053]
    O44 – LFC:[MD5.E7B53AF004BEE5112F787A6E5B04D737] – 20/04/2014 – 14:22:15 —A- . (…) — C:WindowsSystem32connectedsearch-results.searchconnector-ms [11109]
    O44 – LFC:[MD5.F1DB86EA935C13CDFF27AB957297136A] – 20/04/2014 – 14:22:35 —A- . (…) — C:WindowsSystem32connectedsearch-suggestions.searchconnector-ms [7762]
    O44 – LFC:[MD5.1FDF29F970E2E843B4DC5D0626D0EDD5] – 20/04/2014 – 14:22:35 —A- . (…) — C:WindowsSystem32connectedsearch-zeroinput.searchconnector-ms [7130]
    O44 – LFC:[MD5.DE461B86C05946D10E519F512D09E389] – 20/04/2014 – 14:22:36 —A- . (…) — C:WindowsSystem32RacRules.xml [100197]
    O44 – LFC:[MD5.119E0F7A71775A5CFB208B036ECE35E1] – 20/04/2014 – 14:23:50 —A- . (…) — C:WindowsSystem32WimBootCompress.ini [2255]
    O44 – LFC:[MD5.DCF2510E0745720E543E84F5E921FCC0] – 20/04/2014 – 14:26:32 —A- . (…) — C:WindowsSystem32dfpinc.dat [262335]
    O44 – LFC:[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] – 20/04/2014 – 14:28:59 —A- . (…) — C:WindowsSystem32systemsf.ebd [139600]
    O44 – LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] – 20/04/2014 – 14:45:01 -SH– . (…) — C:WindowsSystem32desktop.ini [75]
    O44 – LFC:[MD5.443D7516B17BC4B41DC8B1363C4B6902] – 29/04/2014 – 10:53:13


    . (…) — C:UsbFix [Scan 1] MINILAURIANNE.txt [9413]
    O44 – LFC:[MD5.026BE04579F68BED3F020A853306971B] – 29/04/2014 – 10:54:51


    . (…) — C:.~lock.UsbFix [Scan 1] MINILAURIANNE.txt# [136]
    O44 – LFC:[MD5.8A78944199D210A4A3970BE6E0A553B7] – 29/04/2014 – 14:47:30 —A- . (…) — C:UsbFix [Clean 2] MINILAURIANNE.txt [6170]
    O44 – LFC:[MD5.002EFB31D057FB934CAEEDAB0066B314] – 29/04/2014 – 18:24:55 —A- . (…) — C:UsbFix [Scan 2] MINILAURIANNE.txt [8873]
    ~ Files: 564 Legitimates Filtered in 00mn 12s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregDisableS3S4 [Key] . (…) — c:windowstempDisableS3S464sethigh.cmd (.not file.)
    ~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 19 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
    O58 – SDL:02/08/2012 – 04:22:48 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
    O58 – SDL:22/01/2014 – 07:52:10 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudbus.sys [108800]
    O58 – SDL:22/01/2014 – 07:52:10 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudmdm.sys [206080]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
    ~ Drivers: 52 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 28/04/2014 – 21:37:13 —A- . (.Premium Installer.) — C:UsersLaurianne.REMYDownloadsSetup.exe [237856]
    O61 – LFC: 29/04/2014 – 21:36:25 —A- . (.SQLite Development Team.) — C:UsersLaurianne.REMYAppDataLocalMicrosoftWindowsINetCacheIEFIE63SCXSQLite3_300700200[1].dll [536576]
    O61 – LFC: 29/04/2014 – 21:36:42 —A- . (…) — C:UsersLaurianne.REMYAppDataRoamingsp_data.sys [74]
    O61 – LFC: 29/04/2014 – 21:37:06 —A- . (…) — C:UsersLaurianne.REMYDownloadsadwcleaner.exe [1310621]
    O61 – LFC: 29/04/2014 – 21:37:09 —A- . (…) — C:UsersLaurianne.REMYDownloadsantivirus2.exe [684744]
    ~ 263 Fichiers temporaires (Temporary files)
    ~ Files: 26 Legitimates Filtered in 00mn 55s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] A92BC789786F4515BF5580F77E655B54 – (Mysearchdial) – http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} – (Yahoo! (Avast)) – http://fr.yhs4.search.yahoo.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
    [MD5.CA4A865B04D84129AC08664560AA7CCD] [SPRF][11/04/2014] (…) — C:UsersLaurianne.REMYAppDataRoamingmy_intel.sys [21]
    [MD5.52C8A1FF6B580F6B056B3D017182FF8E] [SPRF][29/04/2014] (…) — C:UsersLaurianne.REMYAppDataRoamingsp_data.sys [74]
    ~ Files: 3 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.FC0C921189E6B2BF41C363678B37BD9F] [WIS][12/10/2013] (.Google Inc. – Google Toolbar for Internet Explorer.) — C:WindowsInstaller9418df.msi [28672] =>Toolbar.Google
    ~ WIS: 1 Legitimates Filtered in 00mn 02s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingGoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
    ~ BTK: 52 Legitimates Filtered in 00mn 00s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
    [HKCRCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
    ~ BCK: 5082 Legitimates Filtered in 00mn 10s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Auto 26/08/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 26/08/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 12/10/2013 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 14/06/2013 1281640 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
    SR – | Demand 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Demand 29/04/2013 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program FilesASUSP4GInsOnSrv.exe
    SR – | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (…) – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSWinService.exe
    SR – | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 12/03/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) – C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe
    SR – | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
    SR – | Demand 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Demand 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
    SR – | Demand 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Demand 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Demand 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
    SR – | Auto 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 11s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Laurianne.REMY at 29/04/2014 21:38:25
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Laurianne.REMY at 29/04/2014 21:38:28
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (28/04/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 3

    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:WindowsInstaller9418df.msi =>Toolbar.Google^
    [HKCRCLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
    [HKCRCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
    ~ Additionnel Scan: 192828 Items scanned in 00mn 24s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ MSI: 2 link(s) detected in 00mn 00s

    ~ 1096 Legitimates filtered by white list
    End of the scan (428 lines in 03mn 31s)(0)[/spoiler:czxqmfq1]

  • Laurianne
    Participant
    Nombre d'articles : 4

    [spoiler:215t95qb]Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l'examen: 29/04/2014
    Heure de l'examen: 21:26:24
    Fichier journal: scan anti Malware.txt
    Administrateur: Oui

    Version: 2.00.1.1004
    Base de données Malveillants: v2014.04.29.07
    Base de données Rootkits: v2014.03.27.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Chameleon: Désactivé(e)

    Système d'exploitation: Windows 8.1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: Laurianne.REMY

    Type d'examen: Examen “Hyper”
    Résultat: Terminé
    Objets analysés: 205146
    Temps écoulé: 3 min, 9 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Désactivé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Shuriken: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0
    (No malicious items detected)

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 0
    (No malicious items detected)

    Secteurs physiques: 0
    (No malicious items detected)

    (end)[/spoiler:215t95qb]

  • Laurianne
    Participant
    Nombre d'articles : 4

    [spoiler:31sarxs7]############################## | UsbFix V 7.169 | [Recherche]

    Utilisateur: Laurianne.REMY (Administrateur) # MINILAURIANNE
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 19:17:03 | 29/04/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (X200CA)
    CPU: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    RAM -> [Total : 3982 Mo| Free : 2777 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
    WB: Windows Internet Explorer : 11.0.9600.17031
    WB: Google Chrome : 34.0.1847.116

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: Windows Defender [Enabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    FW: Windows FireWall [Enabled]

    C: (%systemdrive%) -> Disque fixe # 186 Go (142 Go libre(s) – 76%) [OS] # NTFS
    D: -> Disque fixe # 258 Go (258 Go libre(s) – 100%) [Data] # NTFS
    E: -> Disque amovible # 2 Go (2 Go libre(s) – 96%) [SYLVAIN 2] # FAT32
    F: -> Disque amovible # 496 Mo (267 Mo libre(s) – 54%) [LAURIANNE] # FAT32
    G: -> Disque amovible # 7 Go (4 Go libre(s) – 57%) [] # FAT32
    H: -> Disque amovible # 1 Go (1004 Mo libre(s) – 93%) [WIKO] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32wininit.exe (ID: 512 |ParentID: 440)
    C:Windowssystem32winlogon.exe (ID: 564 |ParentID: 504)
    C:Windowssystem32lsass.exe (ID: 616 |ParentID: 512)
    C:Windowssystem32svchost.exe (ID: 676 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 720 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 808 |ParentID: 608)
    C:Windowssystem32dwm.exe (ID: 836 |ParentID: 564)
    C:Windowssystem32svchost.exe (ID: 864 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 960 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 1004 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 356 |ParentID: 608)
    C:Windowssystem32FBAgent.exe (ID: 1068 |ParentID: 608)
    C:WindowsSystem32spoolsv.exe (ID: 1188 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 1248 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 1268 |ParentID: 608)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1436 |ParentID: 608)
    C:Program FilesMicrosoft Office 15ClientX64OfficeClickToRun.exe (ID: 1468 |ParentID: 608)
    C:Windowssystem32dashost.exe (ID: 1544 |ParentID: 1004)
    C:Windowssystem32svchost.exe (ID: 1592 |ParentID: 608)
    C:Program Files (x86)WajamUpdaterWajamUpdaterV3.exe (ID: 1640 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 2544 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 2692 |ParentID: 608)
    C:Windowssystem32taskhostex.exe (ID: 2392 |ParentID: 864)
    C:WindowsExplorer.EXE (ID: 2532 |ParentID: 2464)
    C:Program Files (x86)GoogleUpdate1.3.23.9GoogleCrashHandler.exe (ID: 3284 |ParentID: 1200)
    C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweLiveComm.exe (ID: 3376 |ParentID: 676)
    C:Program Files (x86)GoogleUpdate1.3.23.9GoogleCrashHandler64.exe (ID: 3404 |ParentID: 1200)
    C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID: 3512 |ParentID: 1004)
    C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe (ID: 3552 |ParentID: 3512)
    C:Windowssystem32SearchIndexer.exe (ID: 3760 |ParentID: 608)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3964 |ParentID: 676)
    C:WindowsSystem32skydrive.exe (ID: 828 |ParentID: 676)
    C:WindowsSystem32RuntimeBroker.exe (ID: 652 |ParentID: 676)
    C:Windowssystem32DllHost.exe (ID: 2264 |ParentID: 676)
    C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe (ID: 4440 |ParentID: 608)
    C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 4516 |ParentID: 4432)
    C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID: 4636 |ParentID: 4432)
    C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe (ID: 4756 |ParentID: 4432)
    C:WindowsSystem32SettingSyncHost.exe (ID: 944 |ParentID: 676)
    C:Program Files (x86)MicrosoftBingDesktopBDExtHost.exe (ID: 2000 |ParentID: 676)
    C:Program Files (x86)MicrosoftBingDesktopBDAppHost.exe (ID: 4028 |ParentID: 676)
    C:Program Files (x86)MicrosoftBingDesktopBDRuntimeHost.exe (ID: 228 |ParentID: 676)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 4328 |ParentID: 608)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 360 |ParentID: 4328)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 4792 |ParentID: 360)
    C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 4240 |ParentID: 5084)
    C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 3056 |ParentID: 1864)
    C:Program FilesASUSP4GInsOnSrv.exe (ID: 3628 |ParentID: 608)
    C:Program FilesASUSP4GInsOnWMI.exe (ID: 3048 |ParentID: 3628)
    C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSWinService.exe (ID: 4624 |ParentID: 608)
    C:Program FilesConexantcAudioFilterAgentcAudioFilterAgent64.exe (ID: 2120 |ParentID: 1068)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 4656 |ParentID: 608)
    C:WINDOWSsystem32hkcmd.exe (ID: 3612 |ParentID: 1068)
    C:Program FilesInteliCLS ClientHeciServer.exe (ID: 5152 |ParentID: 608)
    C:WINDOWSsystem32igfxtray.exe (ID: 5188 |ParentID: 1068)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (ID: 5272 |ParentID: 608)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 5408 |ParentID: 608)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5440 |ParentID: 608)
    C:Program FilesASUSP4GBatteryLife.exe (ID: 5472 |ParentID: 864)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 5700 |ParentID: 608)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID: 6140 |ParentID: 864)
    C:Program Files (x86)ASUSSplendidColorUService.exe (ID: 704 |ParentID: 864)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID: 1576 |ParentID: 6120)
    C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID: 3704 |ParentID: 864)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID: 5184 |ParentID: 1576)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID: 5200 |ParentID: 1576)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (ID: 5180 |ParentID: 1576)
    C:Program FilesConexantSAIISmartAudio.exe (ID: 5396 |ParentID: 5320)
    C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe (ID: 5532 |ParentID: 608)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (ID: 1280 |ParentID: 5180)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2740 |ParentID: 608)
    C:WindowsSystem32WWAHost.exe (ID: 1444 |ParentID: 676)
    C:Windowssystem32taskhost.exe (ID: 3192 |ParentID: 864)
    C:Windowssystem32SearchProtocolHost.exe (ID: 2076 |ParentID: 3760)
    C:Windowssystem32SearchFilterHost.exe (ID: 5828 |ParentID: 3760)
    C:WindowsSystem32WUDFHost.exe (ID: 2856 |ParentID: 1004)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5496 |ParentID: 676)

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [Power2GoExpress]
    04 – HKLM..Run : [CLMLServer] “C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe”
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [BingDesktop] C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
    04 – [x64] HKLM..Run : [Persistence] “C:WINDOWSsystem32igfxpers.exe”
    04 – HKUS-1-5-21-2438500433-15155753-1834781870-1001..Run : [Power2GoExpress]

    ################## | Recherche générique |

    Présent! G:Pentatonix – Say Something (A Great Big World _ Christina Aguilera Cover) [pleer.lnk
    Présent! G:Pentatonix – Somebody That I Used To Know (Gotye cover) [pleer.lnk
    Présent! G:Pentatonix – Thrift Shop (Macklemore & Ryan Lewis cover) [pleer.lnk
    Présent! G:Pentatonix – Daft Punk songs Get – Get Lucky – One More Time – Technologic [pleer.lnk
    Présent! E:trz427F.tmp
    Présent! F:trz3DD5.tmp
    Présent! F:trz983A.tmp
    Présent! F:trz3F41.tmp
    Présent! G:trzB514.tmp

    ################## | Registre |

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:31sarxs7]

  • Anonyme
    Nombre d'articles : 0

    Re :hello: ,

    • Lance UsbFix.
    • Connecte les supports USB Susceptibles d’être infectés.
    • Choisis l’option Suppression

      Note : L’ordinateur va redémarrer automatiquement, au redémarrage, clique sur le message transmis par UsbFix et laisse le programme travailler.

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta prochaine réponse.
    • Tutoriel : http://www.usbfix.net/tutoriels/” onclick=”window.open(this.href);return false;
  • Laurianne
    Participant
    Nombre d'articles : 4

    Merci beaucoup 😀 Ca à fonctionner

  • Anonyme
    Nombre d'articles : 0

    :hello: ,

    Tu peux désinstaller UsbFix.

    Passe le mot à ton école .. 😉

    Bonne fin de semaine 🙂

    [pagefb:7f41d40f][/pagefb:7f41d40f]

Le sujet ‘Infection USB’ est fermé à de nouvelles réponses.