SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité Ma clé usb et autres périphériques sont infectés (raccourci..)

15 sujets de 1 à 15 (sur un total de 98)
  • Auteur
    Messages
  • cecile
    Participant
    Nombre d'articles : 51

    Bonsoir,
    en cherchant sur le net j’ai pu voir mon cas récurrent. Ma clé usb et autres amovibles sont infectés. Ils affichent des raccourci. Je ne peux les ouvrir. Suite à ça j’ai téléchargé USBFIX et établie une recherche. Je me suis arrêtée là par peur d’aggraver les choses. Si quelqu’un pourrait me venir en aide. Je vous remercie à l’avance.

    Cordialement.

    lilidurhone
    Nombre d'articles : 0

    Hello

    Je vais te prendre en charge ;)

    Peux tu poster le rapport de recherche d’Usbfix ?

    cecile
    Participant
    Nombre d'articles : 51

    ############################## | UsbFix V 7.154 | [Recherche]

    Utilisateur: cecile (Administrateur) # CECILE-PC
    Mis à jour le 13/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 20:06:11 | 14/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (K50IN )
    CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
    RAM -> [Total : 4095 | Free : 2914]
    Bios: American Megatrends Inc.
    Boot: Fail-safe with network boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit)
    WB: Windows Internet Explorer : 8.0.7600.16385

    SC: Security Center Service [(!) Disabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    AS: Malwarebytes’ Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 149 Go (35 Go libre(s) – 23%) [OS] # NTFS
    D: -> Disque fixe # 134 Go (21 Go libre(s) – 15%) [DATA] # NTFS
    E: -> CD-ROM
    H: -> Disque amovible # 7 Go (3 Mo libre(s) – 0%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 300 |ParentID: 292)
    C:Windowssystem32wininit.exe (ID: 336 |ParentID: 292)
    C:Windowssystem32csrss.exe (ID: 352 |ParentID: 328)
    C:Windowssystem32services.exe (ID: 392 |ParentID: 336)
    C:Windowssystem32lsass.exe (ID: 416 |ParentID: 336)
    C:Windowssystem32winlogon.exe (ID: 428 |ParentID: 328)
    C:Windowssystem32lsm.exe (ID: 436 |ParentID: 336)
    C:Windowssystem32svchost.exe (ID: 548 |ParentID: 392)
    C:Windowssystem32svchost.exe (ID: 628 |ParentID: 392)
    c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 676 |ParentID: 392)
    C:WindowsSystem32svchost.exe (ID: 808 |ParentID: 392)
    C:Windowssystem32svchost.exe (ID: 848 |ParentID: 392)
    C:Windowssystem32svchost.exe (ID: 892 |ParentID: 392)
    C:Windowssystem32svchost.exe (ID: 920 |ParentID: 392)
    C:Windowssystem32svchost.exe (ID: 996 |ParentID: 392)
    C:Windowssystem32svchost.exe (ID: 248 |ParentID: 392)
    C:Windowssystem32svchost.exe (ID: 1192 |ParentID: 392)
    C:WindowsExplorer.EXE (ID: 1380 |ParentID: 1372)
    C:Windowssystem32ctfmon.exe (ID: 1464 |ParentID: 1380)
    C:UsbFixGo.exe (ID: 1132 |ParentID: 264)
    C:Windowssystem32wbemwmiprvse.exe (ID: 1328 |ParentID: 548)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [NPSStartup] –
    04 – HKLMSOFTWARE | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWARE | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [NPSStartup] –
    04 – HKLMSOFTWAREwow6432Node | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [Google Update] – “C:UserscecileAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [AdobeBridge] –
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [Intel(R)TCP] – C:UserscecileAppDataRoamingPublicIntel(R)TCP.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [BTGBJNru] – wscript.exe //B “C:UserscecileAppDataLocalTempBTGBJNru.vbs”
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [8jusched] – C:UserscecileAppDataRoamingPublicjusched.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UserscecileAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [sqlsern] – C:UsersPublicOpenCandy.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [ISG] – C:UserscecileAppDataRoamingPublicwuauclt.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [APS] – C:UsersPublicconhost.exe
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! D:ImageReady.exe
    Présent! H:SURVIVAL.vbe
    Présent! H:iTunesHelper.vbe
    Présent! C:UserscecileAppDataRoamingDC3E7919ak.tmp
    Présent! C:UserscecileAppDataRoamingDC3E791912-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791913-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791914-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791916-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791917-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791918-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791919-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791920-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791922-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791923-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791924-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791925-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791926-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791928-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791929-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791930-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E791931-10-2013
    Présent! C:UserscecileAppDataRoamingDC3E79191-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E79192-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E79193-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E79194-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E79198-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791910-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791911-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791912-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791919-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791920-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791921-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791922-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791923-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791924-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791925-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791926-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791927-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791928-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E791929-11-2013
    Présent! C:UserscecileAppDataRoamingDC3E79196-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E79197-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E79198-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E79199-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E791910-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E791911-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E791912-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E791913-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E791914-12-2013
    Présent! C:UserscecileAppDataRoamingDC3E7919
    Présent! C:UserscecileAppDataLocalTempcecile8
    Présent! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
    Présent! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOpenCandy.exe
    Présent! C:UsersPublicOpenCandy.exe
    Présent! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe
    Présent! C:UsersPublicconhost.exe
    Présent! C:UsersPublic4z1z.VBE
    Présent! C:UsersPublic4zz.VBE
    Présent! C:UsersPublic7z1z.VBE
    Présent! C:UsersPublic7zz.VBE
    Présent! C:UsersPubliciAStorIcon.exe
    Présent! C:UsersPublicIntel(TM)SD.exe
    Présent! C:UserscecileAppDataRoamingcecile-wchelper.dll
    Présent! C:UserscecileAppDataRoamingPublic
    Présent! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5z1z.lnk
    Présent! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5zz.lnk
    Présent! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe
    Présent! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwuauclt.exe
    Présent! C:UserscecileAppDataLocalTempB9Y.hta
    Présent! C:UserscecileAppDataLocalTemp%C2%9D.pif
    Présent! C:UserscecileAppDataLocalTemp702.pif
    Présent! C:UserscecileAppDataLocalTemp703.pif
    Présent! C:UserscecileAppDataLocalTempetilqs_7OoXdBUc14ideje.pif

    ################## | Référence de comparaison MD5 |

    Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic4z1z.VBE
    Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic4zz.VBE
    Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic7z1z.VBE
    Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic7zz.VBE
    Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UsersPublicIntel(TM)SD.exe
    Md5 : E89028D8068170E606AA0996D457AAA3 -> C:UserscecileAppDataRoamingPublicjusched.exe
    Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
    Md5 : 4DCDC65965510C215ED47D0BB75E26E6 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwuauclt.exe
    Md5 : 61D6DB6F0BDC73E1F009847F1F9F432A -> D:ImageReady.exe
    Md5 : 566A2952410520E6E384366F28F6871B -> H:SURVIVAL.vbe
    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> H:iTunesHelper.vbe
    Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UsersPublicOpenCandy.exe
    Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOpenCandy.exe
    Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UsersPublicconhost.exe
    Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe

    ################## | Comparaison MD5 |

    Présent! Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UserscecileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE57S8ANRPGCandyOpen[1].exe
    Présent! Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UserscecileAppDataLocalTempCandyOpen.exe
    Présent! Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UserscecileAppDataLocalTempDATA.exe
    Présent! Md5 : 4DCDC65965510C215ED47D0BB75E26E6 -> C:UserscecileAppDataLocalTempWmiPrvSE.exe
    Présent! Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe
    Présent! Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
    Présent! Md5 : E89028D8068170E606AA0996D457AAA3 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe
    Présent! Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOpenCandy.exe
    Présent! Md5 : 4DCDC65965510C215ED47D0BB75E26E6 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwuauclt.exe
    Présent! Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UserscecileAppDataRoamingPublicconhost.exe
    Présent! Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UserscecileAppDataRoamingPublicIntel(R)TCP.exe
    Présent! Md5 : E89028D8068170E606AA0996D457AAA3 -> C:UserscecileAppDataRoamingPublicjusched.exe
    Présent! Md5 : 4DCDC65965510C215ED47D0BB75E26E6 -> C:UserscecileAppDataRoamingPublicwuauclt.exe
    Présent! Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic4z1z.VBE
    Présent! Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic4zz.VBE
    Présent! Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic7z1z.VBE
    Présent! Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic7zz.VBE
    Présent! Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UsersPublicconhost.exe
    Présent! Md5 : E89028D8068170E606AA0996D457AAA3 -> C:UsersPubliciAStorIcon.exe
    Présent! Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UsersPublicIntel(TM)SD.exe
    Présent! Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UsersPublicOpenCandy.exe
    Présent! Md5 : 61D6DB6F0BDC73E1F009847F1F9F432A -> D:ImageReady.exe
    Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> H:iTunesHelper.vbe
    Présent! Md5 : 566A2952410520E6E384366F28F6871B -> H:SURVIVAL.vbe

    ################## | Registre |

    Présent! HKCUSoftwareÀ classé
    Présent! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareÀ classé
    Présent! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|8jusched
    Présent! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|APS
    Présent! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
    Présent! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|ISG
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|8jusched
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|APS
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|ISG
    Présent! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
    Présent! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

    ################## | UsbFix – Information |

    UsbFix a détecté sur votre ordinateur, une infection qui dispose d’une fonction de Keylogger.
    Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
    Si vous avez effectué des achats sur internet,
    veuillez contacter votre banque afin d’envisager une opposition sur votre carte bancaire.

    Infos: infection-dinihou-vous-explique-son-fonctionnement-t4852.html

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    lilidurhone
    Nombre d'articles : 0

    ################## | UsbFix – Information |

    UsbFix a détecté sur votre ordinateur, une infection qui dispose d’une fonction de Keylogger.
    Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
    Si vous avez effectué des achats sur internet,
    veuillez contacter votre banque afin d’envisager une opposition sur votre carte bancaire.

    Infos: infection-dinihou-vous-explique-son-fonctionnement-t4852.html

    Il faudra changer tout tes mots de passe internet :(

    • Relance UsbFix depuis ton Bureau !
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    cecile
    Participant
    Nombre d'articles : 51

    Ca y est, voici le rapport:

    ############################## | UsbFix V 7.154 | [Suppression]

    Utilisateur: cecile (Administrateur) # CECILE-PC
    Mis à jour le 13/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 21:48:11 | 14/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (K50IN )
    CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
    RAM -> [Total : 4095 | Free : 3141]
    Bios: American Megatrends Inc.
    Boot: Fail-safe with network boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit)
    WB: Windows Internet Explorer : 8.0.7600.16385

    SC: Security Center Service [(!) Disabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    AS: Malwarebytes’ Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 149 Go (35 Go libre(s) – 23%) [OS] # NTFS
    D: -> Disque fixe # 134 Go (21 Go libre(s) – 15%) [DATA] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 4 Go (0 Mo libre(s) – 0%) [] # FAT32
    H: -> Disque amovible # 7 Go (3 Mo libre(s) – 0%) [] # FAT32

    ################## | Processus Stoppés |

    Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 1848 |ParentID: 392)
    Stoppé! C:WindowsExplorer.exe (ID: 1184 |ParentID: 1132)
    Stoppé! C:Windowssystem32ctfmon.exe (ID: 204 |ParentID: 1184)
    Stoppé! C:UserscecileAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1652 |ParentID: 2024)
    Stoppé! C:UserscecileAppDataLocalGoogleChromeApplicationchrome.exe (ID: 380 |ParentID: 1652)
    Stoppé! C:UserscecileAppDataLocalGoogleChromeApplicationchrome.exe (ID: 1244 |ParentID: 1652)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [NPSStartup] –
    04 – HKLMSOFTWARE | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWARE | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [NPSStartup] –
    04 – HKLMSOFTWAREwow6432Node | Run : [ArcSoft Connection Service] – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [EEventManager] – “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [Google Update] – “C:UserscecileAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [AdobeBridge] –
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [Intel(R)TCP] – C:UserscecileAppDataRoamingPublicIntel(R)TCP.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [BTGBJNru] – wscript.exe //B “C:UserscecileAppDataLocalTempBTGBJNru.vbs”
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [8jusched] – C:UserscecileAppDataRoamingPublicjusched.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UserscecileAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [sqlsern] – C:UsersPublicOpenCandy.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [ISG] – C:UserscecileAppDataRoamingPublicwuauclt.exe
    04 – HKUS-1-5-21-693478475-1187222661-1201366418-1000SOFTWARE | Run : [APS] – C:UsersPublicconhost.exe
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Supprimé! D:ImageReady.exe
    Supprimé! H:SURVIVAL.vbe
    Supprimé! H:iTunesHelper.vbe
    Supprimé! C:UserscecileAppDataRoamingDC3E7919ak.tmp
    Supprimé! C:UserscecileAppDataRoamingDC3E791912-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791913-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791914-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791916-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791917-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791918-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791919-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791920-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791922-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791923-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791924-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791925-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791926-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791928-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791929-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791930-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791931-10-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79191-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79192-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79193-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79194-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79198-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791910-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791911-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791912-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791919-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791920-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791921-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791922-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791923-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791924-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791925-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791926-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791927-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791928-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791929-11-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79196-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79197-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79198-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E79199-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791910-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791911-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791912-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791913-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E791914-12-2013
    Supprimé! C:UserscecileAppDataRoamingDC3E7919
    Supprimé! C:UserscecileAppDataLocalTempcecile8
    Supprimé! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
    Supprimé! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOpenCandy.exe
    Supprimé! C:UsersPublicOpenCandy.exe
    Supprimé! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe
    Supprimé! C:UsersPublicconhost.exe
    Supprimé! F:perso cecile.lnk
    Supprimé! C:UsersPublic4z1z.VBE
    Supprimé! C:UsersPublic4zz.VBE
    Supprimé! C:UsersPublic7z1z.VBE
    Supprimé! C:UsersPublic7zz.VBE
    Supprimé! C:UsersPubliciAStorIcon.exe
    Supprimé! C:UsersPublicIntel(TM)SD.exe
    Supprimé! C:UserscecileAppDataRoamingcecile-wchelper.dll
    Supprimé! C:UserscecileAppDataRoamingPublic
    Supprimé! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5z1z.lnk
    Supprimé! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5zz.lnk
    Supprimé! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe
    Supprimé! C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwuauclt.exe
    Supprimé! C:UserscecileAppDataLocalTempB9Y.hta
    Supprimé! C:UserscecileAppDataLocalTemp%C2%9D.pif
    Supprimé! C:UserscecileAppDataLocalTemp702.pif
    Supprimé! C:UserscecileAppDataLocalTemp703.pif
    Supprimé! C:UserscecileAppDataLocalTempetilqs_7OoXdBUc14ideje.pif

    ################## | Référence de comparaison MD5 |

    Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic4z1z.VBE
    Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic4zz.VBE
    Md5 : F0070AAFC90FE78EFACE902CB233D329 -> C:UsersPublic7z1z.VBE
    Md5 : 4915B7758A2AF193B001A4B42CD42CB5 -> C:UsersPublic7zz.VBE
    Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UsersPublicIntel(TM)SD.exe
    Md5 : E89028D8068170E606AA0996D457AAA3 -> C:UserscecileAppDataRoamingPublicjusched.exe
    Md5 : 40F4AAE74C6D4FADCDBFCC08AC7498FD -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
    Md5 : 4DCDC65965510C215ED47D0BB75E26E6 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupwuauclt.exe
    Md5 : 61D6DB6F0BDC73E1F009847F1F9F432A -> D:ImageReady.exe
    Md5 : 566A2952410520E6E384366F28F6871B -> H:SURVIVAL.vbe
    Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> H:iTunesHelper.vbe
    Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UsersPublicOpenCandy.exe
    Md5 : A409E23D76D5BD9E6E3027493DA121B8 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOpenCandy.exe
    Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UsersPublicconhost.exe
    Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UserscecileAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe

    ################## | Comparaison MD5 |

    -> Pas de valeur Md5 identique trouvée.

    ################## | Registre |

    Supprimé! HKCUSoftwareÀ classé
    Supprimé! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|8jusched
    Supprimé! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|APS
    Supprimé! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
    Supprimé! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|ISG
    Supprimé! HKUS-1-5-21-693478475-1187222661-1201366418-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKUS-1-5-21-693478475-1187222661-1201366418-1000Software….Mountpoints2H
    Supprimé! HKCU….ExplorerMountPoints2{040198da-fb15-11de-97a2-90e6ba67c8b6}

    ################## | UsbFix – Information |

    UsbFix a détecté sur votre ordinateur, une infection qui dispose d’une fonction de Keylogger.
    Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
    Si vous avez effectué des achats sur internet,
    veuillez contacter votre banque afin d’envisager une opposition sur votre carte bancaire.

    Infos: infection-dinihou-vous-explique-son-fonctionnement-t4852.html

    ################## | Listing |

    [14/12/2013 – 13:11:36 | N | 7 Ko] – C:UsbFix [Scan 1] CECILE-PC.txt
    [14/12/2013 – 13:31:04 | N | 8 Ko] – C:UsbFix [Scan 2] CECILE-PC.txt
    [14/12/2013 – 14:35:38 | N | 8 Ko] – C:UsbFix [Scan 3] CECILE-PC.txt
    [14/12/2013 – 14:51:52 | N | 8 Ko] – C:UsbFix [Scan 4] CECILE-PC.txt
    [14/12/2013 – 15:55:13 | N | 8 Ko] – C:UsbFix [Scan 5] CECILE-PC.txt
    [14/12/2013 – 19:58:01 | N | 8 Ko] – C:UsbFix [Scan 6] CECILE-PC.txt
    [14/12/2013 – 20:15:35 | N | 16 Ko] – C:UsbFix [Scan 7] CECILE-PC.txt
    [14/12/2013 – 21:54:15 | A | 13 Ko] – C:UsbFix [Clean 2] CECILE-PC.txt
    [14/12/2013 – 20:04:38 | ASH | 3145164 Ko] – C:hiberfil.sys
    [14/12/2013 – 20:04:39 | ASH | 4193556 Ko] – C:pagefile.sys
    [08/11/2009 – 14:14:24 | D] – C:asus.dat
    [22/07/2009 – 10:02:29 | N | 1024 Ko] – C:K40IN.BIN
    [03/01/2010 – 17:13:12 | N | 1 Ko] – C:os264931.bin
    [12/06/2011 – 11:42:56 | SHD] – C:$Recycle.Bin
    [29/07/2009 – 07:03:37 | N | 8 Ko] – C:BOOTSECT.BAK
    [14/07/2009 – 02:38:58 | RASH | 375 Ko] – C:bootmgr
    [14/07/2009 – 04:20:08 | D] – C:PerfLogs
    [14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
    [29/07/2009 – 07:03:34 | SHD] – C:Boot
    [05/10/2009 – 08:49:59 | RHD] – C:MSOCache
    [08/11/2009 – 14:01:19 | SHD] – C:Recovery
    [08/05/2010 – 12:24:46 | D] – C:NVIDIA
    [09/05/2013 – 02:25:23 | D] – C:Users
    [26/08/2013 – 12:32:11 | D] – C:Downloads
    [08/09/2013 – 18:05:19 | SHD] – C:System Volume Information
    [07/10/2013 – 11:31:39 | D] – C:AdwCleaner
    [16/10/2013 – 20:09:08 | D] – C:Program Files
    [08/12/2013 – 15:52:32 | D] – C:Program Files (x86)
    [12/12/2013 – 14:04:36 | HD] – C:ProgramData
    [14/12/2013 – 15:39:36 | D] – C:FRST
    [14/12/2013 – 20:04:38 | D] – C:Windows
    [14/12/2013 – 21:54:02 | D] – C:UsbFix
    [27/10/2003 – 08:18:02 | C | 21 Ko] – D:Photoshop CS LisezMoi.wri
    [10/06/2011 – 22:32:20 | C | 0 Ko] – D:How to-A lire.txt.txt
    [04/11/2003 – 04:23:32 | C | 147 Ko] – D:TypeLibrary.tlb
    [27/10/2003 – 08:56:32 | C | 40 Ko] – D:Licence tierce.pdf
    [17/04/2011 – 21:52:45 | C | 0 Ko] – D:OS (C) – Raccourci.lnk
    [01/11/2013 – 11:55:40 | C | 0 Ko] – D:Disque amovible (G) – Raccourci.lnk
    [14/12/2013 – 20:15:33 | RASHDC] – D:Autorun.inf
    [04/11/2003 – 05:29:20 | C | 17536 Ko | CC1328B78787D46F1EF051BD391CB2B7] – D:Photoshop.exe
    [10/06/2011 – 22:48:38 | C | 1476679 Ko | 28C87BF43C0EF74E181F0829FFE56A75] – D:Adobe Illustrator CS5.exe
    [01/02/1999 – 23:00:00 | C | 260 Ko] – D:Msvcrt.dll
    [03/12/1999 – 05:01:32 | C | 22 Ko] – D:Shfolder.dll
    [28/08/2000 – 23:19:16 | C | 392 Ko] – D:MSVCP60.DLL
    [03/06/2002 – 10:03:54 | C | 60 Ko] – D:Uninst.dll
    [23/07/2003 – 11:17:06 | C | 240 Ko] – D:Asn.er.dll
    [27/08/2003 – 10:05:22 | C | 160 Ko] – D:UID.mr.dll
    [03/09/2003 – 23:49:18 | C | 516 Ko] – D:JP2KLib.dll
    [18/09/2003 – 16:01:58 | C | 556 Ko] – D:ACE.dll
    [18/09/2003 – 16:01:58 | C | 174 Ko] – D:ARE.dll
    [18/09/2003 – 16:01:58 | C | 148 Ko] – D:Bib.dll
    [18/09/2003 – 16:01:58 | C | 1501 Ko] – D:AGM.dll
    [18/09/2003 – 16:01:58 | C | 3404 Ko] – D:MPS.dll
    [18/09/2003 – 16:01:58 | C | 1592 Ko] – D:CoolType.dll
    [18/09/2003 – 16:01:58 | C | 212 Ko] – D:BIBUtils.dll
    [18/09/2003 – 16:03:56 | C | 4188 Ko] – D:PDFL60.dll
    [18/09/2003 – 16:06:40 | C | 304 Ko] – D:AXEParser.dll
    [25/09/2003 – 13:33:00 | C | 1317 Ko] – D:AWSSCL.dll
    [14/10/2003 – 07:24:10 | C | 267 Ko] – D:Adobelmsvc Installer.dll
    [22/10/2003 – 13:01:50 | C | 384 Ko] – D:ExtendScript.dll
    [22/10/2003 – 13:01:50 | C | 268 Ko] – D:ScCore.dll
    [22/10/2003 – 13:01:50 | C | 56 Ko] – D:ExtendScriptIDE.dll
    [22/10/2003 – 14:37:24 | C | 1036 Ko] – D:almuirsc.dll
    [30/10/2003 – 17:34:44 | C | 228 Ko] – D:AWSCommonSymbols.dll
    [30/10/2003 – 17:34:44 | C | 1416 Ko] – D:AWSCommonUI.dll
    [30/10/2003 – 17:34:48 | C | 2536 Ko] – D:ARM.dll
    [30/10/2003 – 17:34:50 | C | 804 Ko] – D:FileInfo.dll
    [30/10/2003 – 17:34:52 | C | 484 Ko] – D:WebAccessUtils.dll
    [04/11/2003 – 02:22:54 | C | 56 Ko] – D:Plugin.dll
    [04/11/2003 – 04:22:18 | C | 1784 Ko] – D:PSViews.dll
    [04/11/2003 – 04:22:36 | C | 2168 Ko] – D:PSArt.dll
    [08/11/2003 – 06:25:34 | C | 684 Ko] – D:ImageReadyRes.dll
    [08/11/2003 – 06:35:12 | C | 1164 Ko] – D:Photoshop.dll
    [01/01/2004 – 15:14:46 | C | 400 Ko] – D:AdobeLM.dll
    [01/01/2004 – 15:14:46 | C | 80 Ko] – D:Tw10122.dat
    [12/06/2011 – 11:42:56 | SHDC] – D:$RECYCLE.BIN
    [05/10/2009 – 08:38:27 | SHDC] – D:System Volume Information
    [29/01/2011 – 18:00:07 | DC] – D:Adobe Illustrator CS5
    [21/06/2011 – 14:54:31 | DC] – D:Adobe Photoshop
    [21/06/2011 – 15:19:39 | DC] – D:Modules externes
    [21/06/2011 – 15:19:48 | DC] – D:Paramètres prédéfinis
    [21/06/2011 – 15:20:05 | DC] – D:Required
    [21/06/2011 – 15:20:26 | DC] – D:Juridique
    [21/06/2011 – 15:20:26 | DC] – D:Activation
    [20/03/2012 – 18:33:56 | DC] – D:1aa4e02f49d0fb331dbccb
    [02/11/2012 – 22:57:55 | DC] – D:photos
    [09/05/2013 – 02:25:23 | DC] – D:Users
    [27/05/2013 – 21:46:19 | DC] – D:cours
    [07/08/2013 – 15:15:30 | DC] – D:fOTOS
    [26/08/2013 – 19:03:40 | DC] – D:Program Files (x86)
    [28/12/2010 – 16:52:50 | D] – F:perso cecile
    [29/09/2011 – 16:37:06 | SHD] – H:.Trashes
    [29/09/2011 – 16:37:06 | SH | 4 Ko] – H:._.Trashes
    [26/09/2013 – 17:59:54 | SH | 4 Ko] – H:._.TemporaryItems
    [26/09/2013 – 17:59:54 | SHD] – H:.TemporaryItems
    [29/09/2011 – 16:37:08 | SHD] – H:.Spotlight-V100
    [25/11/2013 – 07:47:18 | N | 1680384 Ko] – H:ReadyBoost.sfcache
    [15/08/2013 – 15:58:12 | N | 6252 Ko] – H:rapport renaulttrucks 2.pdf
    [27/08/2013 – 13:16:40 | N | 112836 Ko] – H:rapport renaulttrucks.pdf
    [26/09/2013 – 18:04:34 | N | 4 Ko] – H:._affiche.pdf
    [16/10/2013 – 16:02:56 | N | 1349 Ko] – H:carnet.pdf
    [16/10/2013 – 21:02:54 | N | 320 Ko] – H:vue face.pdf
    [16/10/2013 – 21:06:18 | N | 345 Ko] – H:profil.pdf
    [16/10/2013 – 21:14:44 | N | 338 Ko] – H:dessus.pdf
    [16/10/2013 – 21:15:54 | N | 73 Ko] – H:section.pdf
    [25/10/2013 – 14:36:20 | N | 1362 Ko] – H:carnet (1).pdf
    [26/11/2013 – 16:29:18 | N | 352 Ko] – H:cartels.pdf
    [28/11/2013 – 11:18:14 | N | 2737 Ko] – H:Sondage couteau cécile.pdf
    [15/12/2011 – 11:51:18 | N | 0 Ko] – H:.~lock.Cynisme.odt#
    [10/07/2013 – 12:22:08 | N | 195 Ko] – H:numérisation0001.jpg
    [26/09/2013 – 18:00:44 | N | 4 Ko] – H:._danone.jpg
    [14/12/2013 – 20:15:36 | RASHD] – H:Autorun.inf
    [12/12/2013 – 14:14:42 | N | 40 Ko] – H:tracé lame jet d’eau.dxf
    [29/11/2013 – 11:32:28 | N | 21 Ko] – H:.DS_Store
    [12/10/2013 – 15:18:58 | N | 13 Ko] – H:1 mois pour découvrir et intégrer une entreprise.docx
    [02/10/2013 – 18:33:48 | N | 1752 Ko] – H:amtlib.dll
    [21/03/2012 – 18:04:40 | SH | 433 Ko] – H:Thumbs.db
    [16/10/2013 – 20:18:18 | N | 1218 Ko] – H:woody final r4.3dm
    [24/10/2013 – 15:59:48 | N | 1632 Ko] – H:woody bébé final packr4.3dm
    [07/11/2013 – 11:54:26 | N | 1902 Ko] – H:lampe baladeuse.3dm
    [07/11/2013 – 12:00:26 | N | 1898 Ko] – H:lampe baladeuse (eclaté).3dm
    [10/11/2013 – 17:59:32 | N | 231 Ko] – H:rhino section 2.3dm
    [28/11/2013 – 11:38:50 | N | 3609 Ko] – H:couteau 2 r4.3dm
    [28/11/2013 – 11:39:42 | N | 4080 Ko] – H:couteau fini r4.3dm
    [28/11/2013 – 11:47:42 | N | 4033 Ko] – H:COUTEAU ETUI.3dm
    [28/11/2013 – 14:24:36 | N | 3636 Ko] – H:couteau final .3dm
    [28/11/2013 – 15:20:16 | N | 299 Ko] – H:boucher trou par surface section.3dm
    [26/09/2013 – 15:59:30 | D] – H:26.09.13
    [30/10/2013 – 11:03:28 | D] – H:FOUND.001
    [12/02/2013 – 21:15:34 | D] – H:FOUND.000
    [26/09/2013 – 17:33:54 | D] – H:2013-09 (sept.)
    [22/12/2004 – 05:47:22 | SHD] – H:RECYCLER
    [25/02/2013 – 15:33:36 | D] – H:autres
    [27/02/2013 – 15:48:40 | D] – H:Book
    [17/06/2013 – 11:22:30 | D] – H:stage
    [21/09/2013 – 18:26:54 | D] – H:Lampe
    [03/10/2013 – 07:40:22 | D] – H:Famille
    [03/10/2013 – 07:40:48 | D] – H:Ruscha ed
    [03/10/2013 – 07:41:54 | D] – H:affiche Marketing Florian
    [07/10/2013 – 21:36:54 | D] – H:Points de vue(s)
    [16/10/2013 – 11:28:14 | D] – H:lampe bébé
    [29/10/2013 – 15:01:30 | D] – H:imprimer
    [07/11/2013 – 12:04:24 | D] – H:BIZE KEVIN
    [28/11/2013 – 15:34:36 | D] – H:Infographie

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    lilidurhone
    Nombre d'articles : 0

    Bien ;)

    Il faudra changer tout tes mots de passe internet :(

    Plus de raccourcis?

    On continue avec un diagnostic ;)

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
    cecile
    Participant
    Nombre d'articles : 51

    Merci, en effet je n’ai plus de raccourcis.
    Cependant je n’ai pas la loupe avec le +

    J’ai à la place: retour au menu général/ personnalisation/ nettoyeur de tools/ windows clean menager/ restaurer la quarantaine/vider la quarantaine/rapport de base de registre/sélectionner une langue

    lilidurhone
    Nombre d'articles : 0

    Tu n’es pas sur zhpdiag ;) mais sur zhpfix

    Tu vois l’icône en forme de parchemin ? C’est cette icône qu’il faut exécuter en tant qu’administrateur ;)

    cecile
    Participant
    Nombre d'articles : 51

    Autant pour moi ^^

    voici le rapport:

    ~ Rapport de ZHPDiag v2013.12.14.22 – Nicolas Coolman (14/12/2013)
    ~ Lancé par cecile (14/12/2013 22:32:17)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.7600.16385

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit (Build 7600)
    Windows Server License Manager Script : OK
    Software Protection Service (Protection logicielle) : KO
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client v4.4.0304.0
    Windows Defender W7

    —\ Logiciels d’optimisation du système
    CCleaner v4.04 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 9 ActiveX
    Adobe Reader 9.5.5 – Français
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
    Total RAM: 4095 MB (74% free)
    System Restore: Désactivé (Disabled)
    System drive C: has 35 GB (23%) free of 149 GB

    —\ Mode de connexion au système
    ~ Computer Name: CECILE-PC
    ~ User Name: cecile
    ~ All Users Names: HomeGroupUser$, cecile, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UserscecileAppDataRoamingZHP
    ~ %AppData% : C:UserscecileAppDataRoaming
    ~ %Desktop% : C:UserscecileDesktop
    ~ %Favorites% : C:UserscecileFavorites
    ~ %LocalAppData% : C:UserscecileAppDataLocal
    ~ %StartMenu% : C:UserscecileAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 35 Go of 149 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 21 Go of 134 Go)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 4 Go)
    H: Floppy drive, Flash card reader, USB Key (Free 0 Go of 7 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.0862495E0C825893DB75EF44FAEA8E93] – (.Microsoft Corporation – Explorateur Windows.) (.26/02/2011 – 07:23:14.) — C:WindowsExplorer.exe [2870272]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.8523338F749AC8C5300C125BC4B08275] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.02/03/2013 – 06:49:19.) — C:WindowsSystem32wininet.dll [1198080]
    [MD5.DA3E2A6FA9660CC75B471530CE88453A] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.28/10/2009 – 07:24:40.) — C:WindowsSystem32Winlogon.exe [389632]
    [MD5.75341574F21E766748732BDF530C74BD] – (.Microsoft Corporation – Bibliothèque de licences.) (.14/07/2009 – 02:41:54.) — C:WindowsSystem32sppcomapi.dll [231936]
    [MD5.DB9D6C6B2CD95A9CA414D045B627422E] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:11.) — C:Windowssystem32DriversAFD.sys [499200]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.83D2D75E1EFB81B3450C18131443F7DB] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/07/2009 – 00:19:54.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9C253CE7311CA60FC11C774692A13208] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.27/04/2011 – 03:57:40.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.0A49913402747A0B67DE940FB42CBDBB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.14/07/2009 – 01:06:13.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.040D62A9D8AD28922632137ACDD984F2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.04/05/2011 – 03:51:08.) — C:Windowssystem32DriversMRxSmb.sys [157696]
    [MD5.9162B273A44AB9DCE5B44362731D062A] – (.Microsoft Corporation – MBT Transport driver.) (.14/07/2009 – 00:21:29.) — C:Windowssystem32DriversnetBT.sys [259072]
    [MD5.9A6089B056EA1B83B36424FC9D0A300E] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:36:37.) — C:Windowssystem32Driversntfs.sys [1653096]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.87A6E852A22991580D6D39ADC4790463] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 01:10:12.) — C:Windowssystem32DriversRasl2tp.sys [130048]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.079125C4B17B01FCAEEBCE0BCB290C0F] – (.Microsoft Corporation – TDI Translation Driver.) (.14/07/2009 – 00:21:15.) — C:Windowssystem32Driverstdx.sys [99840]
    [MD5.9E425AC5C9A5A973273D169F43B4F5E1] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.06/09/2012 – 18:38:18.) — C:Windowssystem32Driversvolsnap.sys [295792]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/14
    ~ Mes musiques (My Musics) : 7/55
    ~ Mes Favoris (My Favorites) : 1/2
    ~ Mes Documents (My Documents) : 1/101
    ~ Mon Bureau (My Desktop) : 1/3379
    ~ Menu demarrer (Programs) : 0/8
    ~ Hidden Files: Scanned in 00mn 05s

    —\ Processus lancés
    [MD5.376A9B411BF8B77D5BF84B24D0C7DACD] – (.Google Inc. – Google Chrome.) — C:UserscecileAppDataLocalGoogleChromeApplicationchrome.exe [863184] [PID.768]
    [MD5.2330B5A4A3824F042DC96D524893A6B5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8295936] [PID.1388]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [aipfmkinhleccnodemkoofnnofpbbpac] Search-Gol Toolbar v.1.0 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [cjpglkicenollcignonpgiafdgfeehoj] Nouvel onglet v.6.0 (Désactivé) =>Adware.SearchYa
    G2 – GCE: Preference [User DataDefault] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.3 (Désactivé) =>Toolbar.DeltaSearch
    G2 – GCE: Preference [User DataDefault] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.0.0.4.1, (Désactivé) =>PUP.Elex
    G2 – GCE: Preference [User DataDefault] [janmfndmohbaaoocpcgfbghioojoakjg] plugin v.0.2 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [jcdgjdiieiljkfkdcloehkohchhpekkn] SweetIM for Facebook v.1.2.0.0 (Désactivé) =>PUP.SweetIM
    ~ Google Browser: 21 Legitimates Filtered in 00mn 11s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UserscecileAppDataRoamingMozillaFirefoxProfilesi2uryzgt.defaultprefs.js (.not file.)
    ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.searchgol.com” onclick=”window.open(this.href);return false; =>Hijacker.SearchGol
    ~ IE Browser: 20 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; =>Hijacker.Proxy
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 95

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [Public]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation – InstallShield (R) Setup Launcher.) — C:Program Files (x86)SecuritooControle ParentalControle_parental.exe
    O4 – GSTaskBar [cecile]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:UserscecileAppDataLocalGoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [cecile]: Rhinoceros 4.0.lnk . (.Robert McNeel & Associates – Rhinoceros 4.0.) — C:Program Files (x86)Rhinoceros 4.0SystemRhino4.exe
    ~ Global Startup: 59 Legitimates Filtered in 00mn 03s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UserscecileAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [AdobeBridge] Clé orpheline
    O4 – HKCU..Run: [BTGBJNru] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKCU..Run: [sqlsern] C:UsersPublicOpenCandy.exe (.not file.) =>Adware.OpenCandy
    O4 – HKLM..Wow6432NodeRun: [NPSStartup] Clé orpheline
    O4 – HKLM..Wow6432NodeRun: [ArcSoft Connection Service] . (.ArcSoft Inc. – ArcSoft Connect Daemon.) — C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [EEventManager] . (.SEIKO EPSON CORPORATION – EEventManager Application.) — C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe
    O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated – Adobe CS6 Service Manager.) — C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UserscecileAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [AdobeBridge] Clé orpheline
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [BTGBJNru] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [sqlsern] C:UsersPublicOpenCandy.exe (.not file.) =>Adware.OpenCandy
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{43BC8DA3-E30E-4BC6-858B-FC7DFE742AC1}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCCSServicesTcpip..{9FBE8B1D-945F-4F9F-BE60-5B957068BF94}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{43BC8DA3-E30E-4BC6-858B-FC7DFE742AC1}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{9FBE8B1D-945F-4F9F-BE60-5B957068BF94}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{43BC8DA3-E30E-4BC6-858B-FC7DFE742AC1}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS2ServicesTcpip..{9FBE8B1D-945F-4F9F-BE60-5B957068BF94}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: ASLDR Service (ASLDRService) . (.Pas de propriétaire – ASLDR Service.) – C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe
    O23 – Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH – TeamViewer Remote Control Application.) – C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe
    ~ Services: 12 Legitimates Filtered in 00mn 03s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (jggtdcuq) . (. – .) – C:Windowssystem32driversjggtdcuq.sys (.not file.)
    ~ Drivers: 63 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareCspixhb]
    [HKCUSoftwareForumerIT] =>Toolbar.Forumer
    [HKCUSoftwareHolaa]
    [HKCUSoftwarePoussin]
    [HKLMSoftwareWow6432NodeCspixhb]
    ~ Key Software: 345 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 14/11/2010 – 20:58:52 – [0,003] —-D C:ProgramData3425A
    O43 – CFD: 06/10/2013 – 16:20:01 – [1,063] —-D C:UserscecileAppDataRoamingF1F1C2Y1H1P1C0I0T
    ~ 6 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 171 Legitimates Filtered in 00mn 34s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.0883E31FAF715421AB0D715C82B289A2] – 14/12/2013 – 13:11:36


    . (…) — C:UsbFix [Scan 1] CECILE-PC.txt [7472]
    O44 – LFC:[MD5.ECB7719AE72F4DCD46EDB2807A5ED13F] – 14/12/2013 – 13:31:04


    . (…) — C:UsbFix [Scan 2] CECILE-PC.txt [8314]
    O44 – LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] – 14/12/2013 – 14:28:11 —A- . (…) — C:WindowsSystem32acovcnt.exe [45056]
    O44 – LFC:[MD5.90982DED1B6F9D4945C659CBB8928FDD] – 14/12/2013 – 14:35:38


    . (…) — C:UsbFix [Scan 3] CECILE-PC.txt [7782]
    O44 – LFC:[MD5.9181EE5BDE6209BBBE4702671488EFF7] – 14/12/2013 – 14:51:52


    . (…) — C:UsbFix [Scan 4] CECILE-PC.txt [8659]
    O44 – LFC:[MD5.E59BC810E5703934BD206800904C221C] – 14/12/2013 – 15:55:13


    . (…) — C:UsbFix [Scan 5] CECILE-PC.txt [8472]
    O44 – LFC:[MD5.EBA203567ACF0E3665E8F4CEC1B844F7] – 14/12/2013 – 19:58:01


    . (…) — C:UsbFix [Scan 6] CECILE-PC.txt [7753]
    O44 – LFC:[MD5.2993B95E6DB9B268631AA6E0A5192871] – 14/12/2013 – 19:58:18 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [10240]
    O44 – LFC:[MD5.2993B95E6DB9B268631AA6E0A5192871] – 14/12/2013 – 19:58:18 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [10240]
    O44 – LFC:[MD5.8C922F839841A988314EEEF6785C1D22] – 14/12/2013 – 20:04:58 —A- . (…) — C:Windowsntbtlog.txt [65706]
    O44 – LFC:[MD5.E1488AE45B2911B43FF92AF92ECC9B57] – 14/12/2013 – 20:15:35


    . (…) — C:UsbFix [Scan 7] CECILE-PC.txt [16608]
    O44 – LFC:[MD5.FF11E5CC8DCC6F43E160B797E3F9FFC7] – 14/12/2013 – 21:50:23 —A- . (…) — C:WindowsSystem32prfc0816.dat [133776]
    O44 – LFC:[MD5.5B7E80481282FE1E45EA8A50B9EBABAD] – 14/12/2013 – 21:50:23 —A- . (…) — C:WindowsSystem32prfh0816.dat [679366]
    O44 – LFC:[MD5.D5CE41045DAEAEC6625A749906066AE1] – 14/12/2013 – 21:54:41 —A- . (…) — C:UsbFix [Clean 2] CECILE-PC.txt [21390]
    ~ Files: 24 Legitimates Filtered in 00mn 05s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAkamai NetSession Interface [Key] . (…) — C:UserscecileAppDataLocalAkamainetsession_win.exe (.not file.)
    O53 – SMSR:HKLM…startupregEADM [Key] . (…) — C:Program Files (x86)Electronic ArtsEADMEADMUIEADMUI.exe (.not file.)
    O53 – SMSR:HKLM…startupregSetwallpaper [Key] . (…) — c:programdataSetWallpaper.cmd (.not file.)
    ~ SMSR Keys: 22 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] – 03/07/2013 – 13:41:12 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
    O58 – SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] – 03/07/2013 – 13:41:12 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
    O58 – SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] – 03/07/2013 – 13:41:12 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.1299D1EA00B7A4BF69C5869DCA31E0F6] – 09/07/2009 – 04:11:41 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [140800]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] – 20/07/2009 – 10:29:39 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
    O58 – SDL:[MD5.19D8F6FF8344C47872BA351D04A190DD] – 05/06/2009 – 11:15:55 —A- . (.Pas de propriétaire – USBCAMD for Sonix UVC.) — C:WindowsSystem32Driverssncduvc.sys [42176]
    O58 – SDL:[MD5.1D8474722CDFFBB8FCA5FA12C50A05A2] – 05/06/2009 – 11:15:55 —A- . (.Pas de propriétaire – UVC Camera Streaming Driver.) — C:WindowsSystem32Driverssnp2uvc.sys [1806400]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:[MD5.3C23BE0DAD748BAE77E87F18F34EBA0E] – 30/04/2013 – 09:51:09 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [40616]
    O58 – SDL:[MD5.9E58997A211C8C9AC9E6CFFA53614A73] – 28/08/2009 – 19:42:52 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [49152]
    O58 – SDL:[MD5.306521935042FC0A6988D528643619B3] – 25/10/2007 – 16:26:10 —A- . (…) — C:WindowsSysWOW64driversStarOpen.sys [5632]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 31/03/2009 – 08:39:36 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    ~ Drivers: 18 Legitimates Filtered in 00mn 44s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 14/12/2013 – 22:34:19 —A- . (…) — C:UserscecileAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [268580]
    O61 – LFC: 14/12/2013 – 22:34:20 —A- . (…) — C:UserscecileAppDataLocalGoogleChromeUser DataLocal State [60543]
    O61 – LFC: 14/12/2013 – 22:34:22 —A- . (…) — C:UserscecileAppDataRoamingZHPLog.txt [16885] =>.Nicolas Coolman
    O61 – LFC: 14/12/2013 – 22:34:22 —A- . (…) — C:UserscecileAppDataRoamingZHPTestsZHPDiag.txt [2865] =>.Nicolas Coolman
    ~ 21 Fichiers temporaires (Temporary files)
    ~ Files: 96 Legitimates Filtered in 00mn 18s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program Files (x86)GoogleChromeApplicationchrome.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {28B7752C-E10A-4333-BE44-6D299A33EAE6} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:DownloadsRhinoceros 3D v4.0 FINAL MultilangueKeyGen-X-FORCERhinoceros.4.0.SR-2.KEYGEN-X-FORCE.exe
    C:DownloadsRhinoceros 3D v4.0 FINAL MultilangueKeyGen-X-FORCERhinoceros.4.0.SR-2.KEYGEN-X-FORCE.exe
    ~ Files: Scanned in 00mn 32s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{8E2748B0-D389-49EA-8DDF-A36F28FA78DF}” |In – Public – P6 – TRUE | .(…) — E:dataeSKernel.exe (.not file.)
    O87 – FAEL: “{F0C059BA-05EF-4BD7-8230-4BC86AC10BE8}” |In – Public – P17 – TRUE | .(…) — E:dataeSKernel.exe (.not file.)
    ~ Firewall: 216 Legitimates Filtered in 00mn 01s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.1D640BC873DCE626C5001B00D332A6D3] [WIS][18/01/2007] (.McNeel & Associates – Microsoft VC80 Support DLLs.) — C:WindowsInstaller28dbc3.msi [2248192]
    [MD5.5AC00D0FEFC441348C51C51E1E3ED454] [WIS][19/03/2011] (.Performance Products – Sapphire_N Updater.) — C:WindowsInstaller547dd.msi [2280960]
    ~ WIS: 248 Legitimates Filtered in 00mn 27s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) – C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe
    SS – | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
    SS – | Demand 21/06/2011 68096 | (Adobe LM Service) . (…) – C:Program Files (x86)Common FilesAdobe Systems SharedServiceAdobelmsvc.exe
    SS – | Demand 06/09/2009 169312 | (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated.) – C:Program Files (x86)AdobeElements Organizer 8.0PhotoshopElementsFileAgent.exe
    SS – | Auto 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe
    SS – | Auto 14/08/2008 100920 | (ASLDRService) . (…) – C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe
    SS – | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (…) – C:Program FilesATKGFNEXGFNEXSrv.exe
    SS – | Auto 24/07/2009 306232 | (FastBootAgent) . (.ASUSTeK Computer Inc..) – C:WindowsSysWOW64Fast BootFastBootAgent.exe
    SS – | Demand 26/12/2010 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Auto 03/03/2009 65536 | C:Program Files (x86)COMMON~1France TelecomShared ModulesFTRTSVC1FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) – C:Program Files (x86)Common FilesFrance TelecomShared ModulesFTRTSVC1FTRTSVC.exe
    SS – | Auto 08/02/2013 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 08/02/2013 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
    SS – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    SS – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    SS – | Auto 16/03/2010 159336 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SS – | Auto 31/08/2012 2754984 | (TeamViewer7) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SS – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SS – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    SR – | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) – c:Program FilesMicrosoft Security ClientMsMpEng.exe

    ~ Services: Scanned in 00mn 29s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by cecile at 14/12/2013 22:35:48
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by cecile at 14/12/2013 22:35:50

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13013 – (14/12/2013)
    Clés trouvées (Keys found) : 7
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 5
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareGoogleChromeExtensionscjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa^
    [HKLMSoftwareGoogleChromeExtensionseooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^
    [HKLMSoftwareGoogleChromeExtensionsifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
    [HKLMSoftwareGoogleChromeExtensionsjcdgjdiieiljkfkdcloehkohchhpekkn] =>PUP.SweetIM^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:sqlsern =>Adware.OpenCandy^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionscjpglkicenollcignonpgiafdgfeehoj =>Adware.SearchYa^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionseooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionsifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionsjcdgjdiieiljkfkdcloehkohchhpekkn =>PUP.SweetIM^
    C:ProgramDataSoftware =>Adware.Boxore
    [HKCUSoftwareForumerIT] =>Toolbar.Forumer^
    ~ Additionnel Scan: 389297 Items scanned in 00mn 26s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27529784-adware-searchya” onclick=”window.open(this.href);return false; =>Adware.SearchYa
    ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex” onclick=”window.open(this.href);return false; =>PUP.Elex
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol” onclick=”window.open(this.href);return false; =>Hijacker.SearchGol
    ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy” onclick=”window.open(this.href);return false; =>Hijacker.Proxy
    ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy” onclick=”window.open(this.href);return false; =>Adware.OpenCandy
    ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer” onclick=”window.open(this.href);return false; =>Toolbar.Forumer
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ MSI: 10 link(s) detected in 00mn 26s

    ~ 1387 Legitimates filtered by white list
    End of the scan (463 lines in 03mn 59s)(2)

    lilidurhone
    Nombre d'articles : 0

    Hello

    Pourquoi le zhpdiag a été fait en mode sans échec?

    cecile
    Participant
    Nombre d'articles : 51

    Bonjour,
    J’ai lancé USBFIX en mode sans échec avec réseau car ça bloqué a 15% et je ne pensais gênant pour le reste
    Je dois quitter le mode ?

    lilidurhone
    Nombre d'articles : 0

    Oui quitte le mode sans échec ;)

    Il faudrait que tu repasses usbfix en recherche car il y a une ligne qui est encore présente :(

    As tu changé tes mots de passe internet?

    cecile
    Participant
    Nombre d'articles : 51

    J’ai changé mes mots de passe oui :). Cependant en lançant USBFIX ça bloque à 16% et le programme ne répond plus.
    Par contre j’ai mis la clé usb sur un autre pc. Ce pc ci est donc infecté ?

    lilidurhone
    Nombre d'articles : 0

    Ok :)

    Laisse tomber pour Usbfix sur ce pc ci

    Oui pour ton autre pc il doit être infecter

    Fais le zhpdiag ;)

    cecile
    Participant
    Nombre d'articles : 51

    Voici le rapport :)

    ~ Rapport de ZHPDiag v2013.12.14.22 – Nicolas Coolman (14/12/2013)
    ~ Lancé par cecile (15/12/2013 10:31:00)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.7600.16385

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit (Build 7600)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 9YQTR
    Windows License : OK
    ~ Windows Remaining Initializations Number : 2
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client v4.4.0304.0
    Windows Defender W7

    —\ Logiciels d’optimisation du système
    CCleaner v4.04 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 9 ActiveX
    Adobe Reader 9.5.5 – Français
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4095 MB (46% free)
    System Restore: Désactivé (Disabled)
    System drive C: has 35 GB (23%) free of 149 GB

    —\ Mode de connexion au système
    ~ Computer Name: CECILE-PC
    ~ User Name: cecile
    ~ All Users Names: HomeGroupUser$, cecile, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UserscecileAppDataRoamingZHP
    ~ %AppData% : C:UserscecileAppDataRoaming
    ~ %Desktop% : C:UserscecileDesktop
    ~ %Favorites% : C:UserscecileFavorites
    ~ %LocalAppData% : C:UserscecileAppDataLocal
    ~ %StartMenu% : C:UserscecileAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 35 Go of 149 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 21 Go of 134 Go)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 4 Go)
    H: Floppy drive, Flash card reader, USB Key (Free 0 Go of 7 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.0862495E0C825893DB75EF44FAEA8E93] – (.Microsoft Corporation – Explorateur Windows.) (.26/02/2011 – 07:23:14.) — C:WindowsExplorer.exe [2870272]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.8523338F749AC8C5300C125BC4B08275] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.02/03/2013 – 06:49:19.) — C:WindowsSystem32wininet.dll [1198080]
    [MD5.DA3E2A6FA9660CC75B471530CE88453A] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.28/10/2009 – 07:24:40.) — C:WindowsSystem32Winlogon.exe [389632]
    [MD5.75341574F21E766748732BDF530C74BD] – (.Microsoft Corporation – Bibliothèque de licences.) (.14/07/2009 – 02:41:54.) — C:WindowsSystem32sppcomapi.dll [231936]
    [MD5.DB9D6C6B2CD95A9CA414D045B627422E] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:11.) — C:Windowssystem32DriversAFD.sys [499200]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.83D2D75E1EFB81B3450C18131443F7DB] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/07/2009 – 00:19:54.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9C253CE7311CA60FC11C774692A13208] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.27/04/2011 – 03:57:40.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.0A49913402747A0B67DE940FB42CBDBB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.14/07/2009 – 01:06:13.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.040D62A9D8AD28922632137ACDD984F2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.04/05/2011 – 03:51:08.) — C:Windowssystem32DriversMRxSmb.sys [157696]
    [MD5.9162B273A44AB9DCE5B44362731D062A] – (.Microsoft Corporation – MBT Transport driver.) (.14/07/2009 – 00:21:29.) — C:Windowssystem32DriversnetBT.sys [259072]
    [MD5.9A6089B056EA1B83B36424FC9D0A300E] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:36:37.) — C:Windowssystem32Driversntfs.sys [1653096]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.87A6E852A22991580D6D39ADC4790463] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 01:10:12.) — C:Windowssystem32DriversRasl2tp.sys [130048]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.079125C4B17B01FCAEEBCE0BCB290C0F] – (.Microsoft Corporation – TDI Translation Driver.) (.14/07/2009 – 00:21:15.) — C:Windowssystem32Driverstdx.sys [99840]
    [MD5.9E425AC5C9A5A973273D169F43B4F5E1] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.06/09/2012 – 18:38:18.) — C:Windowssystem32Driversvolsnap.sys [295792]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/14
    ~ Mes musiques (My Musics) : 7/55
    ~ Mes Favoris (My Favorites) : 1/2
    ~ Mes Documents (My Documents) : 1/101
    ~ Mon Bureau (My Desktop) : 1/3379
    ~ Menu demarrer (Programs) : 0/8
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.2975557593EA2767DEDDA0EACF14F7FF] – (.Pas de propriétaire – ControlDeckStartUp.) — C:Program Files (x86)ASUSControlDeckControlDeckStartUp.exe [17976] [PID.1252]
    [MD5.1971D838A88F58D59543E9B3CDA5FFC4] – (.ASUS – SmartLogon Application.) — C:Program Files (x86)ASUSSmartLogonsensorsrv.exe [305720] [PID.1428]
    [MD5.A65BE6B71BDD85BB0BBB0F25E03AE586] – (.Pas de propriétaire – Wireless Console 3.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [1593344] [PID.1492]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2604]
    [MD5.A7810B302294793DE88542AAE177D1B1] – (.ArcSoft Inc. – ArcSoft Connect Daemon.) — C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe [207424] [PID.3240]
    [MD5.F4D37D47D8FFB01FC072D81440051CAD] – (.SEIKO EPSON CORPORATION – EEventManager Application.) — C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe [976832] [PID.3248]
    [MD5.4D83DC461F8F4370274CF6E9AC9A34F4] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HPHP Software Updatehpwuschd2.exe [49208] [PID.3256]
    [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [958576] [PID.3272]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.3344]
    [MD5.F400694D7D2785F60133C20F7F2F4F7A] – (.ArcSoft Inc. – ArcSoft Connect Notifier.) — C:Program Files (x86)Common FilesArcSoftConnection ServiceBinArcCon.ac [309824] [PID.3564]
    [MD5.3ECCDD3FE310DD8F82D085447089ADB0] – (.ASUSTek Computer Inc. – ADSMTray.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMTray.exe [272952] [PID.3976]
    [MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3054136] [PID.4020]
    [MD5.74EF10CD035DE51171C98E60E53AE221] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [104936] [PID.2648]
    [MD5.376A9B411BF8B77D5BF84B24D0C7DACD] – (.Google Inc. – Google Chrome.) — C:UserscecileAppDataLocalGoogleChromeApplicationchrome.exe [863184] [PID.3280]
    [MD5.2330B5A4A3824F042DC96D524893A6B5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8295936] [PID.272]
    [MD5.B0B6FC3F7B7118857217193D17BB5DAD] – (.Adobe Systems Incorporated – AAM Updates Notifier Application.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe [815992] [PID.200]
    [MD5.C0BF554D2277F7A4C735D475ADE2E3B2] – (.ASUSTek Computer Inc. – ADSMSrv.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe [225280] [PID.1188]
    [MD5.EB1807795CD3EEAA3288B4A30DE254E8] – (.Pas de propriétaire – ASLDR Service.) — C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe [100920] [PID.1364]
    [MD5.7C157574A181B19B9DCF5F339E25337E] – (.Pas de propriétaire – GFNEXSrv.) — C:Program FilesATKGFNEXGFNEXSrv.exe [94208] [PID.1400]
    [MD5.B33CF4DE909A5B30F526D82053A63C8E] – (.ABBYY – ABBYY network license server.) — C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe [759048] [PID.1644]
    [MD5.7B79665E8D2888912FBF6CFBF2AD60BE] – (.ASUS – HControl.) — C:Program Files (x86)ASUSATK HotkeyHControl.exe [178744] [PID.1740]
    [MD5.D62088F1C4E7B3477AD2A5F8F5C6DEF3] – (.Pas de propriétaire – Atouch64.) — C:Program Files (x86)ASUSATK HotkeyAtouch64.exe [301624] [PID.1808]
    [MD5.FEC6E5284C2C4A48084BFBD4A1ED1FCD] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK HotkeyATKOSD.exe [2482176] [PID.1776]
    [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] – (.ASUS – KBFiltr.) — C:Program Files (x86)ASUSATK HotkeyKBFiltr.exe [113208] [PID.1764]
    [MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK HotkeyWDC.exe [174648] [PID.1804]
    [MD5.ADC420616C501B45D26C0FD3EF1E54E4] – (.ArcSoft Inc. – ArcSoft Connect Service.) — C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe [113152] [PID.2092]
    [MD5.8C89F06DBC239492E0AAAA0B0D8645EA] – (.ASUSTeK Computer Inc. – ASUS FastBoot.) — C:WindowsSysWOW64Fast BootFastBootAgent.exe [306232] [PID.2124]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2412]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2432]
    [MD5.5E53CF8AD0FD33B35000C113656AB37B] – (.TeamViewer GmbH – TeamViewer Remote Control Application.) — C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe [2754984] [PID.2504]
    ~ Processes Running: Scanned in 00mn 40s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [aipfmkinhleccnodemkoofnnofpbbpac] Search-Gol Toolbar v.1.0 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [cjpglkicenollcignonpgiafdgfeehoj] Nouvel onglet v.6.0 (Désactivé) =>Adware.SearchYa
    G2 – GCE: Preference [User DataDefault] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.3 (Désactivé) =>Toolbar.DeltaSearch
    G2 – GCE: Preference [User DataDefault] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.0.0.4.1, (Désactivé) =>PUP.Elex
    G2 – GCE: Preference [User DataDefault] [janmfndmohbaaoocpcgfbghioojoakjg] plugin v.0.2 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [jcdgjdiieiljkfkdcloehkohchhpekkn] SweetIM for Facebook v.1.2.0.0 (Désactivé) =>PUP.SweetIM
    ~ Google Browser: 21 Legitimates Filtered in 00mn 16s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UserscecileAppDataRoamingMozillaFirefoxProfilesi2uryzgt.defaultprefs.js (.not file.)
    ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.searchgol.com” onclick=”window.open(this.href);return false; =>Hijacker.SearchGol
    ~ IE Browser: 20 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; =>Hijacker.Proxy
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 95

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [Public]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation – InstallShield (R) Setup Launcher.) — C:Program Files (x86)SecuritooControle ParentalControle_parental.exe
    O4 – GSTaskBar [cecile]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:UserscecileAppDataLocalGoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [cecile]: Rhinoceros 4.0.lnk . (.Robert McNeel & Associates – Rhinoceros 4.0.) — C:Program Files (x86)Rhinoceros 4.0SystemRhino4.exe
    ~ Global Startup: 59 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UserscecileAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [AdobeBridge] Clé orpheline
    O4 – HKCU..Run: [BTGBJNru] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKCU..Run: [sqlsern] C:UsersPublicOpenCandy.exe (.not file.) =>Adware.OpenCandy
    O4 – HKLM..Wow6432NodeRun: [NPSStartup] Clé orpheline
    O4 – HKLM..Wow6432NodeRun: [ArcSoft Connection Service] . (.ArcSoft Inc. – ArcSoft Connect Daemon.) — C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [EEventManager] . (.SEIKO EPSON CORPORATION – EEventManager Application.) — C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe
    O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated – Adobe CS6 Service Manager.) — C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UserscecileAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [AdobeBridge] Clé orpheline
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [BTGBJNru] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKUSS-1-5-21-693478475-1187222661-1201366418-1000..Run: [sqlsern] C:UsersPublicOpenCandy.exe (.not file.) =>Adware.OpenCandy
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{43BC8DA3-E30E-4BC6-858B-FC7DFE742AC1}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCCSServicesTcpip..{9FBE8B1D-945F-4F9F-BE60-5B957068BF94}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{43BC8DA3-E30E-4BC6-858B-FC7DFE742AC1}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{9FBE8B1D-945F-4F9F-BE60-5B957068BF94}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{43BC8DA3-E30E-4BC6-858B-FC7DFE742AC1}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS2ServicesTcpip..{9FBE8B1D-945F-4F9F-BE60-5B957068BF94}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: ASLDR Service (ASLDRService) . (.Pas de propriétaire – ASLDR Service.) – C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe
    O23 – Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH – TeamViewer Remote Control Application.) – C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe
    ~ Services: 12 Legitimates Filtered in 00mn 48s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (…) — C:Program Files (x86)Desk 365desk365.exe (.not file.) [0] =>Hijacker.22Find
    [MD5.00000000000000000000000000000000] [APT] [Funmoods] (…) — C:UserscecileAppDataRoamingFunmoodsUPDATE~1UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
    [MD5.00000000000000000000000000000000] [APT] [Run RoboForm TaskBar Icon] (…) — C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{24BBBBB5-4D44-4C46-8088-ED6D5503CF0D}] (…) — C:UserscecileAppDataLocalTempRar$EX35.928Adobe CS4payloadsAdobeAIR1.0AdobeAIRInstaller.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{26A4EF49-6870-4F6B-9D3E-0723CF05A3E5}] (…) — G:Technovlc-2.0.2-win32.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{4861950D-2B2B-4637-B491-452ED6B6EBB3}] (…) — C:UserscecileDesktopAdobe CS3IllustratorAdobe CS3Setup.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{8910E67B-67E2-42A7-B3C5-F9E433A100F1}] (…) — c:userscecileappdatalocallollipoplollipop.bat (.not file.) [0] =>Adware.Lollipop
    [MD5.000F4685B05431911300F53B8CD2707E] [APT] [{CF843A17-E26F-49CD-A01A-1192E2D2181D}] (…) — C:Program Files (x86)ACTIVI~1EMPIRE~1UNINST~1UNWISE.exe [153088]
    [MD5.00000000000000000000000000000000] [APT] [{E253C444-72D3-4B90-B4FD-AD0D9FB5B7FE}] (…) — E:setup.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{E4764FCE-220B-46D3-82ED-5E3F5DA95CE1}] (…) — C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma.cpl” -c Adobe Gamma (.not file.) [0]
    ~ Scheduled Task: 31 Legitimates Filtered in 00mn 04s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (jggtdcuq) . (. – .) – C:Windowssystem32driversjggtdcuq.sys (.not file.)
    ~ Drivers: 63 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareCspixhb]
    [HKCUSoftwareForumerIT] =>Toolbar.Forumer
    [HKCUSoftwareHolaa]
    [HKCUSoftwarePoussin]
    [HKLMSoftwareWow6432NodeCspixhb]
    ~ Key Software: 345 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 14/11/2010 – 20:58:52 – [0,003] —-D C:ProgramData3425A
    O43 – CFD: 06/10/2013 – 16:20:01 – [1,063] —-D C:UserscecileAppDataRoamingF1F1C2Y1H1P1C0I0T
    ~ 6 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 171 Legitimates Filtered in 00mn 04s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.0883E31FAF715421AB0D715C82B289A2] – 14/12/2013 – 13:11:36


    . (…) — C:UsbFix [Scan 1] CECILE-PC.txt [7472]
    O44 – LFC:[MD5.ECB7719AE72F4DCD46EDB2807A5ED13F] – 14/12/2013 – 13:31:04


    . (…) — C:UsbFix [Scan 2] CECILE-PC.txt [8314]
    O44 – LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] – 14/12/2013 – 14:28:11 —A- . (…) — C:WindowsSystem32acovcnt.exe [45056]
    O44 – LFC:[MD5.90982DED1B6F9D4945C659CBB8928FDD] – 14/12/2013 – 14:35:38


    . (…) — C:UsbFix [Scan 3] CECILE-PC.txt [7782]
    O44 – LFC:[MD5.9181EE5BDE6209BBBE4702671488EFF7] – 14/12/2013 – 14:51:52


    . (…) — C:UsbFix [Scan 4] CECILE-PC.txt [8659]
    O44 – LFC:[MD5.E59BC810E5703934BD206800904C221C] – 14/12/2013 – 15:55:13


    . (…) — C:UsbFix [Scan 5] CECILE-PC.txt [8472]
    O44 – LFC:[MD5.EBA203567ACF0E3665E8F4CEC1B844F7] – 14/12/2013 – 19:58:01


    . (…) — C:UsbFix [Scan 6] CECILE-PC.txt [7753]
    O44 – LFC:[MD5.8C922F839841A988314EEEF6785C1D22] – 14/12/2013 – 20:04:58 —A- . (…) — C:Windowsntbtlog.txt [65706]
    O44 – LFC:[MD5.E1488AE45B2911B43FF92AF92ECC9B57] – 14/12/2013 – 20:15:35


    . (…) — C:UsbFix [Scan 7] CECILE-PC.txt [16608]
    O44 – LFC:[MD5.D5CE41045DAEAEC6625A749906066AE1] – 14/12/2013 – 21:54:41 —A- . (…) — C:UsbFix [Clean 2] CECILE-PC.txt [21390]
    O44 – LFC:[MD5.3F0FD8E660F5DEA61D6C2E06913FD61B] – 15/12/2013 – 10:00:19 —A- . (…) — C:UsbFix [Scan 8] CECILE-PC.txt [6626]
    O44 – LFC:[MD5.B03A301D2B88F7CD9F811F2988BBD383] – 15/12/2013 – 10:27:48 —A- . (…) — C:WindowsSystem32prfc0816.dat [133986]
    O44 – LFC:[MD5.025E5EF1145029AC8091F6F83E709A3E] – 15/12/2013 – 10:27:48 —A- . (…) — C:WindowsSystem32prfh0816.dat [679576]
    ~ Files: 25 Legitimates Filtered in 00mn 02s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.A9456DD56EC8540A73EB1BEB3B5CFE96] – 15/12/2013 – 10:00:06 —A- – C:WindowsPrefetchGO.EXE-0A7DE786.pf
    O45 – LFCP:[MD5.6978C36FE4ED736A7D57A4AC97CFF310] – 15/12/2013 – 10:22:12 —A- – C:WindowsPrefetchASSCRPROLOG.EXE-83162235.pf
    ~ Prefetcher: 70 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAkamai NetSession Interface [Key] . (…) — C:UserscecileAppDataLocalAkamainetsession_win.exe (.not file.)
    O53 – SMSR:HKLM…startupregEADM [Key] . (…) — C:Program Files (x86)Electronic ArtsEADMEADMUIEADMUI.exe (.not file.)
    O53 – SMSR:HKLM…startupregSetwallpaper [Key] . (…) — c:programdataSetWallpaper.cmd (.not file.)
    ~ SMSR Keys: 22 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] – 03/07/2013 – 13:41:12 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
    O58 – SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] – 03/07/2013 – 13:41:12 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
    O58 – SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] – 03/07/2013 – 13:41:12 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.1299D1EA00B7A4BF69C5869DCA31E0F6] – 09/07/2009 – 04:11:41 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [140800]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] – 20/07/2009 – 10:29:39 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
    O58 – SDL:[MD5.19D8F6FF8344C47872BA351D04A190DD] – 05/06/2009 – 11:15:55 —A- . (.Pas de propriétaire – USBCAMD for Sonix UVC.) — C:WindowsSystem32Driverssncduvc.sys [42176]
    O58 – SDL:[MD5.1D8474722CDFFBB8FCA5FA12C50A05A2] – 05/06/2009 – 11:15:55 —A- . (.Pas de propriétaire – UVC Camera Streaming Driver.) — C:WindowsSystem32Driverssnp2uvc.sys [1806400]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:[MD5.3C23BE0DAD748BAE77E87F18F34EBA0E] – 30/04/2013 – 09:51:09 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [40616]
    O58 – SDL:[MD5.9E58997A211C8C9AC9E6CFFA53614A73] – 28/08/2009 – 19:42:52 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [49152]
    O58 – SDL:[MD5.306521935042FC0A6988D528643619B3] – 25/10/2007 – 16:26:10 —A- . (…) — C:WindowsSysWOW64driversStarOpen.sys [5632]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 31/03/2009 – 08:39:36 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    ~ Drivers: 18 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 14/12/2013 – 10:33:32 —A- . (…) — C:UserscecileAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
    O61 – LFC: 14/12/2013 – 10:33:32 —A- . (…) — C:UserscecileAppDataRoamingZHPZHPDiag.txt [31768] =>.Nicolas Coolman
    O61 – LFC: 15/12/2013 – 10:33:28 —A- . (…) — C:UserscecileAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [268580]
    O61 – LFC: 15/12/2013 – 10:33:29 —A- . (…) — C:UserscecileAppDataLocalGoogleChromeUser DataLocal State [60545]
    O61 – LFC: 15/12/2013 – 10:33:32 —A- . (…) — C:UserscecileAppDataRoamingZHPLog.txt [71119] =>.Nicolas Coolman
    O61 – LFC: 15/12/2013 – 10:33:32 —A- . (…) — C:UserscecileAppDataRoamingZHPTestsZHPDiag.txt [2865] =>.Nicolas Coolman
    ~ 18 Fichiers temporaires (Temporary files)
    ~ Files: 90 Legitimates Filtered in 07mn 28s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program Files (x86)GoogleChromeApplicationchrome.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {28B7752C-E10A-4333-BE44-6D299A33EAE6} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:DownloadsRhinoceros 3D v4.0 FINAL MultilangueKeyGen-X-FORCERhinoceros.4.0.SR-2.KEYGEN-X-FORCE.exe
    C:DownloadsRhinoceros 3D v4.0 FINAL MultilangueKeyGen-X-FORCERhinoceros.4.0.SR-2.KEYGEN-X-FORCE.exe
    ~ Files: Scanned in 00mn 54s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{8E2748B0-D389-49EA-8DDF-A36F28FA78DF}” |In – Public – P6 – TRUE | .(…) — E:dataeSKernel.exe (.not file.)
    O87 – FAEL: “{F0C059BA-05EF-4BD7-8230-4BC86AC10BE8}” |In – Public – P17 – TRUE | .(…) — E:dataeSKernel.exe (.not file.)
    ~ Firewall: 216 Legitimates Filtered in 00mn 02s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.1D640BC873DCE626C5001B00D332A6D3] [WIS][18/01/2007] (.McNeel & Associates – Microsoft VC80 Support DLLs.) — C:WindowsInstaller28dbc3.msi [2248192]
    [MD5.5AC00D0FEFC441348C51C51E1E3ED454] [WIS][19/03/2011] (.Performance Products – Sapphire_N Updater.) — C:WindowsInstaller547dd.msi [2280960]
    ~ WIS: 248 Legitimates Filtered in 00mn 38s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 21/06/2011 68096 | (Adobe LM Service) . (…) – C:Program Files (x86)Common FilesAdobe Systems SharedServiceAdobelmsvc.exe
    SS – | Demand 06/09/2009 169312 | (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated.) – C:Program Files (x86)AdobeElements Organizer 8.0PhotoshopElementsFileAgent.exe
    SS – | Demand 26/12/2010 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Auto 03/03/2009 65536 | C:Program Files (x86)COMMON~1France TelecomShared ModulesFTRTSVC1FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) – C:Program Files (x86)Common FilesFrance TelecomShared ModulesFTRTSVC1FTRTSVC.exe
    SS – | Auto 08/02/2013 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 08/02/2013 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    SR – | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) – C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe
    SR – | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
    SR – | Auto 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe
    SR – | Auto 14/08/2008 100920 | (ASLDRService) . (…) – C:Program Files (x86)ASUSATK HotkeyASLDRSrv.exe
    SR – | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (…) – C:Program FilesATKGFNEXGFNEXSrv.exe
    SR – | Auto 24/07/2009 306232 | (FastBootAgent) . (.ASUSTeK Computer Inc..) – C:WindowsSysWOW64Fast BootFastBootAgent.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    SR – | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) – c:Program FilesMicrosoft Security ClientMsMpEng.exe
    SR – | Auto 16/03/2010 159336 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 31/08/2012 2754984 | (TeamViewer7) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 00mn 42s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by cecile at 15/12/2013 10:42:47
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by cecile at 15/12/2013 10:42:49

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13013 – (14/12/2013)
    Clés trouvées (Keys found) : 7
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 5
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareGoogleChromeExtensionscjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa^
    [HKLMSoftwareGoogleChromeExtensionseooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^
    [HKLMSoftwareGoogleChromeExtensionsifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
    [HKLMSoftwareGoogleChromeExtensionsjcdgjdiieiljkfkdcloehkohchhpekkn] =>PUP.SweetIM^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:sqlsern =>Adware.OpenCandy^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionscjpglkicenollcignonpgiafdgfeehoj =>Adware.SearchYa^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionseooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionsifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
    C:UserscecileAppDataLocalGoogleChromeUser DataDefaultExtensionsjcdgjdiieiljkfkdcloehkohchhpekkn =>PUP.SweetIM^
    C:ProgramDataSoftware =>Adware.Boxore
    [HKCUSoftwareForumerIT] =>Toolbar.Forumer^
    ~ Additionnel Scan: 389621 Items scanned in 00mn 37s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27529784-adware-searchya” onclick=”window.open(this.href);return false; =>Adware.SearchYa
    ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex” onclick=”window.open(this.href);return false; =>PUP.Elex
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol” onclick=”window.open(this.href);return false; =>Hijacker.SearchGol
    ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy” onclick=”window.open(this.href);return false; =>Hijacker.Proxy
    ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy” onclick=”window.open(this.href);return false; =>Adware.OpenCandy
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find” onclick=”window.open(this.href);return false; =>Hijacker.22Find
    ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
    ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer” onclick=”window.open(this.href);return false; =>Toolbar.Forumer
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ MSI: 13 link(s) detected in 00mn 37s

    ~ 1464 Legitimates filtered by white list
    End of the scan (523 lines in 12mn 27s)(2)

15 sujets de 1 à 15 (sur un total de 98)
  • Vous devez être connecté pour répondre à ce sujet.