9 sujets de 1 à 9 (sur un total de 9)
  • Auteur
    Messages
  • Groownsfeld
    Nombre d'articles : 0

    Bonjour voici mon rapport USBFix.
    [spoiler:mi475v74]############################## | UsbFix V 7.145 |

    Utilisateur: Lucas (Administrateur) # VAIO
    Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 16:58:49 | 27/10/2013

    Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
    Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

    PC: Sony Corporation (VAIO)
    CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
    RAM -> [Total : 4063 | Free : 1879]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16721

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AS: Windows Defender [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 455 Go (7 Go libre(s) – 2%) [] # NTFS
    F: -> CD-ROM
    G: -> CD-ROM
    H: -> CD-ROM
    I: -> Disque amovible # 4 Go (2 Go libre(s) – 63%) [] # FAT32

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
    HKLMSOFTWARE | Run : [QuickTime Task] – « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    HKLMSOFTWARE | Run : [jSugLyCC] – wscript.exe //B « C:UsersLucasAppDataLocalTempjSugLyCC.vbs »
    HKLMSOFTWARE | Run : [jusched7] – C:UsersPublicjusched.exe
    HKLMSOFTWARE | Run : [iTunesHelper] – wscript.exe //B « C:UsersLucasAppDataLocalTempiTunesHelper.vbe »
    HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
    HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    HKLMSOFTWAREwow6432Node | Run : [jSugLyCC] – wscript.exe //B « C:UsersLucasAppDataLocalTempjSugLyCC.vbs »
    HKLMSOFTWAREwow6432Node | Run : [jusched7] – C:UsersPublicjusched.exe
    HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – wscript.exe //B « C:UsersLucasAppDataLocalTempiTunesHelper.vbe »
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKLMSOFTWARE | PoliciesExplorerrun : [37364] – C:PROGRA~3LOCALS~1Tempmscuiu.exe
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [adapter] – C:Windowsadapter.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [cacaoweb] – « C:UsersLucasAppDataRoamingcacaowebcacaoweb.exe » -noplayer
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [iCloudServices] – C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [ApplePhotoStreams] – C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B « C:UsersLucasAppDataLocalTempiTunesHelper.vbe »
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [8jusched] – C:UsersPublicjusched.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [jSugLyCC] – wscript.exe //B « C:UsersLucasAppDataLocalTempjSugLyCC.vbs »
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersPublicjusched.exe

    ################## | Processus Stoppés |

    Stoppé! C:Windowssystem32nvvsvc.exe (ID 848 |ParentID 596)
    Stoppé! C:Windowssystem32nvvsvc.exe (ID 1176 |ParentID 848)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID 1400 |ParentID 596)
    Stoppé! C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe (ID 1516 |ParentID 596)
    Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1608 |ParentID 596)
    Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 1668 |ParentID 596)
    Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID 1700 |ParentID 596)
    Stoppé! C:Windowssystem32taskhost.exe (ID 1988 |ParentID 596)
    Stoppé! C:WindowsExplorer.EXE (ID 1300 |ParentID 1036)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 1824 |ParentID 1300)
    Stoppé! C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (ID 1820 |ParentID 1300)
    Stoppé! C:Windowssystem32taskeng.exe (ID 1952 |ParentID 488)
    Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 2064 |ParentID 1824)
    Stoppé! C:Windowsadapter.exe (ID 2132 |ParentID 1300)
    Stoppé! C:UsersLucasAppDataRoamingcacaowebcacaoweb.exe (ID 2184 |ParentID 1300)
    Stoppé! C:Program FilesSonyVAIO Update 4VAIOUpdt.exe (ID 2212 |ParentID 1952)
    Stoppé! C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (ID 2432 |ParentID 1300)
    Stoppé! C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (ID 2544 |ParentID 1300)
    Stoppé! C:WindowsSysWOW64explorer.exe (ID 2592 |ParentID 1224)
    Stoppé! C:WindowsSysWOW64wscript.exe (ID 2656 |ParentID 2568)
    Stoppé! C:WindowsSysWOW64wscript.exe (ID 2696 |ParentID 2568)
    Stoppé! C:UsersPublicjusched.exe (ID 3020 |ParentID 1224)
    Stoppé! C:UsersPublicjusched.exe (ID 2728 |ParentID 2976)
    Stoppé! C:WindowsSysWOW64PnkBstrA.exe (ID 2288 |ParentID 596)
    Stoppé! C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe (ID 2396 |ParentID 596)
    Stoppé! C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe (ID 3040 |ParentID 596)
    Stoppé! C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe (ID 3032 |ParentID 596)
    Stoppé! C:Program FilesSonyVAIO Power ManagementSPMService.exe (ID 3100 |ParentID 596)
    Stoppé! C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe (ID 3128 |ParentID 596)
    Stoppé! C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe (ID 3192 |ParentID 596)
    Stoppé! C:Program FilesSonyVAIO Smart NetworkVSNService.exe (ID 3236 |ParentID 596)
    Stoppé! C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe (ID 3268 |ParentID 596)
    Stoppé! C:WindowsSysWOW64DllHost.exe (ID 3312 |ParentID 788)
    Stoppé! C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe (ID 3320 |ParentID 596)
    Stoppé! C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDFMEWDFME.exe (ID 3352 |ParentID 596)
    Stoppé! C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDSC.exe (ID 3536 |ParentID 596)
    Stoppé! C:Program Files (x86)SonyVAIO Event ServiceVESMgrSub.exe (ID 3620 |ParentID 3032)
    Stoppé! C:Program FilesSonyVAIO Smart NetworkVSNClient.exe (ID 3688 |ParentID 3236)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3804 |ParentID 596)
    Stoppé! C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID 3852 |ParentID 596)
    Stoppé! C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe (ID 3980 |ParentID 596)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 4044 |ParentID 3804)
    Stoppé! C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe (ID 1244 |ParentID 596)
    Stoppé! C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe (ID 4244 |ParentID 596)
    Stoppé! C:Program FilesSonyVAIO Power ManagementSPMgr.exe (ID 4492 |ParentID 4348)
    Stoppé! C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe (ID 4636 |ParentID 596)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID 4160 |ParentID 596)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID 5132 |ParentID 284)
    Stoppé! C:Program Files (x86)Operaopera.exe (ID 5832 |ParentID 1300)
    Stoppé! C:Program Files (x86)Common FilesAppleInternet ServicesAPSDaemon.exe (ID 5544 |ParentID 788)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 5776 |ParentID 596)
    Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID 3524 |ParentID 1832)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3968 |ParentID 1804)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 776 |ParentID 3968)
    Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4736 |ParentID 3968)
    Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 5064 |ParentID 4160)
    Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 4420 |ParentID 4160)

    ################## | Éléments infectieux |

    Supprimé! I:iTunesHelper.vbe
    Supprimé! I:jSugLyCC.vbs
    Supprimé! C:UsersLucasAppDataLocalTempiTunesHelper.vbe
    Supprimé! C:UsersLucasAppDataLocalTempjSugLyCC.vbs
    Supprimé! C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Supprimé! C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjSugLyCC.vbs
    Supprimé! C:UsersLucasAppDataRoamingD48191F4ak.tmp
    Supprimé! C:UsersLucasAppDataRoamingD48191F4
    Supprimé! I:NAVI.lnk
    Supprimé! I:Radios.lnk
    Supprimé! I:Perso.lnk
    Supprimé! I:PDF D1.lnk
    Supprimé! I:iTunesHelper.lnk
    Supprimé! I:jSugLyCC.lnk
    Supprimé! I:Autorun.inf.lnk
    Supprimé! C:UsersPublic4z1z.VBE
    Supprimé! C:UsersPublicjusched.exe
    Supprimé! C:UsersLucasAppDataRoamingLucas-wchelper.dll
    Supprimé! C:UsersLucasAppDataLocalTempLucas7
    Supprimé! C:UsersLucasAppDataLocalTempSkype.pif
    Supprimé! C:UsersLucasAppDataLocalTemputt15AE.tmp.exe
    Supprimé! C:UsersLucasAppDataLocalTemputt3A8B.tmp.exe
    Supprimé! C:UsersLucasAppDataLocalTempf1ag.hta
    Supprimé! C:UsersLucasAppDataLocalTemp1d4b1ae4-2eef-4f3a-8a4e-65d42c3d85da.exe
    Supprimé! C:UsersLucasAppDataLocalTemp7769d0cc-98e9-4565-a635-0dc582f192e4.exe
    Supprimé! C:UsersLucasAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE58HPLCDM2Skype[1].pif

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-2381913200-3018708405-1333756505-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKUS-1-5-21-2381913200-3018708405-1333756505-1000SoftwareMicrosoftWindowsCurrentVersionRun|jSugLyCC
    Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|jSugLyCC
    Supprimé! HKCU….ExplorerMountPoints2{bfe729d4-47f7-11df-baae-0024beb2d14f}
    Supprimé! HKCU….ExplorerMountPoints2{db9a7e68-1662-11e0-9385-60380e07c432}

    ################## | Listing |

    [06/06/2010 – 21:33:58 | SHD ] C:$Recycle.Bin
    [27/10/2013 – 16:55:01 | RASHD ] C:Autorun.inf
    [25/10/2013 – 11:50:16 | HD ] C:Config.Msi
    [08/09/2009 – 08:43:46 | D ] C:Documentation
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [27/10/2013 – 16:33:44 | ASH | 3195318272] C:hiberfil.sys
    [17/08/2009 – 13:05:16 | D ] C:Intel
    [14/01/2010 – 18:44:28 | RHD ] C:MSOCache
    [27/10/2013 – 16:33:49 | ASH | 4260425728] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [25/10/2013 – 11:47:29 | D ] C:Program Files
    [27/10/2013 – 16:27:56 | D ] C:Program Files (x86)
    [27/10/2013 – 16:02:14 | HD ] C:ProgramData
    [25/10/2013 – 11:45:22 | SHD ] C:System Volume Information
    [17/02/2013 – 03:24:29 | D ] C:TuneUp Duplicates
    [19/04/2010 – 21:08:11 | D ] C:Update
    [27/10/2013 – 17:02:36 | D ] C:UsbFix
    [27/10/2013 – 17:04:33 | A | 11825] C:UsbFix [Clean 1] VAIO.txt
    [27/10/2013 – 16:52:26 | N | 13784] C:UsbFix [Scan 1] VAIO.txt
    [12/01/2010 – 18:05:13 | RD ] C:Users
    [12/01/2010 – 18:08:54 | D ] C:VAIO Entertainment
    [22/10/2013 – 21:18:57 | D ] C:Windows
    [08/09/2009 – 08:43:46 | D ] C:_FS_SWRINFO
    [05/07/2013 – 10:44:26 | D ] I:Perso
    [05/07/2013 – 10:44:36 | D ] I:NAVI
    [22/10/2013 – 12:19:16 | D ] I:PDF D1
    [22/10/2013 – 14:44:04 | D ] I:Radios
    [27/10/2013 – 16:55:10 | SHD ] I:Autorun.inf

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:mi475v74]
    Quelqu’un pourrait il m’aider à localiser le virus? :merci2:

    Anonyme
    Nombre d'articles : 0

    Hello :hello:

    Bienvenue sur SosVirus :welcome:

    Nous allons éffectuer un diagnostic de ton ordinateur .

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
    groownsfeld
    Nombre d'articles : 0

    Premièrement merci pour cette réponse rapide.
    Ensuite ma version de ZHPFix ne m’affiche pas de +
    Il est seulement ecrit retour au menu principal ou personnalisation

    groownsfeld
    Nombre d'articles : 0

    Premièrement merci pour cette réponse rapide.
    Ensuite ma version de ZHPFix ne m’affiche pas de +
    Il est seulement ecrit retour au menu principal ou personnalisation

    Anonyme
    Nombre d'articles : 0

    Re ,

    Laisse ZHPDiag pour l’instant

    Désinstalle ta version de UsbFix

    Télécharge cette version Béta de UsbFix : partage/UsbFix_Beta.exe

    exécute UsbFix_Beta, choisi l’option Recherche et post le rapport en réponse stp.

    groownsfeld
    Nombre d'articles : 0

    Erreur de ma part, le voici: [spoiler:2962bvg8]~ Rapport de ZHPDiag v2013.10.27.68 – Nicolas Coolman (27/10/2013)
    ~ Lancé par Lucas (27/10/2013 18:53:12)
    ~ Adresse du Site Web http://nicolascoolman.webs.com » onclick= »window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ » onclick= »window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16721
    MFIE: Mozilla Firefox 12.0
    GCIE: Google Chrome v30.0.1599.101 (Defaut)
    OPIE: Opera v12.16
    OBIE: Safari v5.34.57.2

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : CGKHQ
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2 – Français

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4063 MB (41% free)
    System Restore: Activé (Enable)
    System drive C: has 19 GB (4%) free of 455 GB

    —\ Mode de connexion au système
    ~ Computer Name: VAIO
    ~ User Name: Lucas
    ~ All Users Names: Lucas, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersLucasAppDataRoamingZHP
    ~ %AppData% : C:UsersLucasAppDataRoaming
    ~ %Desktop% : C:UsersLucasDesktop
    ~ %Favorites% : C:UsersLucasFavorites
    ~ %LocalAppData% : C:UsersLucasAppDataLocal
    ~ %StartMenu% : C:UsersLucasAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 19 Go of 455 Go)
    D: Floppy drive, Flash card reader, USB Key (Not Inserted)
    E: Floppy drive, Flash card reader, USB Key (Not Inserted)
    F: CD-ROM drive (Not Inserted)
    G: CD-ROM drive (Not Inserted)
    H: CD-ROM drive (Not Inserted)
    I: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/935
    ~ Mes musiques (My Musics) : 1/31956
    ~ Mes Videos (My Videos) : 1/19
    ~ Mes Favoris (My Favorites) : 1/50
    ~ Mes Documents (My Documents) : 2/10974
    ~ Mon Bureau (My Desktop) : 1/1307
    ~ Menu demarrer (Programs) : 1/53
    ~ Hidden Files: Scanned in 00mn 27s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.4480]
    [MD5.5AF1E9600E3FF841E522703A4993ED0C] – (.Intel Corporation – Event Monitor User Notification Tool.) — C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe [186904] [PID.4620]
    [MD5.D1AE166A53427B55EDDB332099CCCEC3] – (…) — C:Windowsadapter.exe [353847] [PID.4652]
    [MD5.23C2FCAA50C4F80F7D1B8A0771D45328] – (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe [59720] [PID.4748]
    [MD5.5883D86F8C22B1E5F78627E4AF19B234] – (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe [59720] [PID.4824]
    [MD5.E89028D8068170E606AA0996D457AAA3] – (.Intel Corporation – Intel Corporation.) — C:UsersPubliciAStorIcon.exe [85470352] [PID.4884]
    [MD5.E89028D8068170E606AA0996D457AAA3] – (.Intel Corporation – Intel Corporation.) — C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe [85470352] [PID.4272]
    [MD5.47833576F0BEE0AD7B45109982B769BD] – (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleInternet ServicesAPSDaemon.exe [59720] [PID.5540]
    [MD5.237A6C6BAAD638608F1B38EDA9E480B6] – (.OpenOffice.org – OpenOffice.org Writer.) — C:Program Files (x86)OpenOffice.org 3programswriter.exe [307200] [PID.1452]
    [MD5.11E8D8272FDBE213ADE3DAD91427CE35] – (.OpenOffice.org – OpenOffice.org 3.3.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [11322880] [PID.5180]
    [MD5.2337EC951C4AF6E1AF65D10BD9615BEB] – (.OpenOffice.org – OpenOffice.org 3.3.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [11314688] [PID.5228]
    [MD5.D6B7DDB68436F13C3CAE2B92524F1FEC] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770648] [PID.3036]
    [MD5.084D14D1283EC4D78A1D0B8C3D0187DD] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8137728] [PID.4528]
    [MD5.6D9FC1E7EA3C548F4D3455F0C3FEEF8C] – (.Adobe Systems Incorporated – Adobe Photoshop Elements 7.0 (component).) — C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [169312] [PID.1396]
    [MD5.30E3850F303EAE5C364782EA78579CC9] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55624] [PID.1608]
    [MD5.831883B107684301F48ACE752C963984] – (…) — C:WindowsSysWOW64PnkBstrA.exe [66872] [PID.2068]
    [MD5.442A13F395546F4564C377296D43B564] – (.Sony Corporation – VAIO Media plus Database Manager.) — C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe [70952] [PID.2188]
    [MD5.63F6D08C54D5B3C1B12A6172032055C7] – (.ArcSoft, Inc. – MgiSvr.) — C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe [104960] [PID.2300]
    [MD5.D4197CF0C8567046FD4AF28FF47AF528] – (.Sony Corporation – VAIO Event Service (Service Module).) — C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe [204648] [PID.2356]
    [MD5.06FE5BEDDADB158D84E6DE33CBE19F3E] – (.Sony Corporation – VAIO Content Folder Watcher.) — C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe [642920] [PID.2428]
    [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] – (.Microsoft Corporation – COM Surrogate.) — C:WindowsSysWOW64DllHost.exe [7168] [PID.2456]
    [MD5.34063C0B842E73662067F9B03947C55C] – (.Sony Corporation – VCM Intelligent Analyzing Manager.) — C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [468264] [PID.2472]
    [MD5.D8BEF4AC1EAC809DBDBD441D6CFF6C4C] – (.Sony Corporation – VAIO Entertainment Database Service.) — C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe [206336] [PID.2552]
    [MD5.A787A567B3470C91C487ECE90CF7509C] – (.Pas de propriétaire – WD File Management Engine.) — C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDFMEWDFME.exe [1034752] [PID.2684]
    [MD5.7CD368DFF5D7D4BA9F8F46F31EA8877D] – (.Sony Corporation – VAIO Event Service(Service Sub Module).) — C:Program Files (x86)SonyVAIO Event ServiceVESMgrSub.exe [112488] [PID.2760]
    [MD5.7548066DF68A8A1A56B043359F915F37] – (.Intel Corporation – RAID Monitor.) — C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe [354840] [PID.1228]
    [MD5.72B46103E4111439109ACF5882627C24] – (.Sony Corporation – VAIO Media plus Device Searcher.) — C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe [75048] [PID.3176]
    [MD5.725B6E9CD1959271AC993DC035E1606D] – (.Sony Corporation – VAIO Media plus Playlist Manager.) — C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe [91432] [PID.3240]
    [MD5.98886C88A1CB13D61672AE2C638B7E1C] – (.Sony Corporation – VAIO Media plus Content Importer.) — C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe [120104] [PID.3472]
    [MD5.313CE91F1B734E2E02F0F4465B52115A] – (.Sony Corporation – VAIO Entertainment UPnP Client Adapter.) — C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe [313264] [PID.3744]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.4184]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.4400]
    ~ Processes Running: Scanned in 00mn 06s

    —\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
    B1 – OSP: search.ini [Lucas] URL=http://www.astroburn-search.com/search?q=%s
    B1 – OSP: search.ini [Lucas] URL=http://start.mysearchdial.com/?f=4&q=%s =>Adware.MyWebSearch
    ~ Opera Browser: 13 Legitimates Filtered in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersLucasAppDataLocalGoogleChromeUser DataDefaultPreferences
    ~ Google Browser: 6 Legitimates Filtered in 00mn 08s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersLucasAppDataRoamingMozillaFirefoxProfilesys6h2fs0.defaultprefs.js
    M3 – MFPP: Plugins – [Lucas] — C:UsersLucasAppDataRoamingMozillaFirefoxProfilesys6h2fs0.defaultsearchpluginsabsearch-search.xml
    M2 – MFEP: prefs.js [Lucas – ys6h2fs0.defaultjid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (..)
    ~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 17

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{EFEED92A-A33D-4873-BA8F-32BAA631E54D} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{EF79F67A-6AD7-4715-A0F8-932FCA442023} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{EFEED92A-A33D-4873-BA8F-32BAA631E54D} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Astroburn Lite.lnk . (.DT Soft Ltd – Astroburn Lite.) — C:Program Files (x86)Astroburn LiteAstroburnLite.exe
    O4 – GSDesktop [Public]: Opera.lnk . (.Opera Software – Opera Internet Browser.) — C:Program Files (x86)Operaopera.exe
    O4 – GSDesktop [Public]: Safari.lnk . (…) — C:WindowsInstaller{C779648B-410E-4BBA-B75B-5815BCEFE71D}SafariIco.exe
    O4 – GSProgram [Public]: Click to Disc Editor.lnk . (.Sony Corporation – ctdEditor.) — C:Program Files (x86)SonyClick to Disc EditorctdEditor.exe
    O4 – GSProgram [Public]: Click to Disc.lnk . (.Sony Corporation – AutoModeEntrance.) — C:Program Files (x86)SonyVAIO VP UtilitiesVCAutoModeEntrance.exe
    O4 – GSProgram [Public]: Dolby Control Center.lnk . (…) — C:WindowsInstaller{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}_DF30B6672BAD027FB62666.exe
    O4 – GSProgram [Public]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation – InstallShield (R) Setup Launcher.) — C:Program Files (x86)SecuritooControle ParentalControle_parental.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Public]: Nerf.lnk . (.studioP – Nerf (version avec commentaires).) — C:Program Files (x86)NerfnerfC.exe
    O4 – GSProgram [Public]: Opera.lnk . (.Opera Software – Opera Internet Browser.) — C:Program Files (x86)Operaopera.exe
    O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{C779648B-410E-4BBA-B75B-5815BCEFE71D}SafariIco.exe
    O4 – GSQuickLaunch [Lucas]: Apple Safari.lnk . (…) — C:WindowsInstaller{C779648B-410E-4BBA-B75B-5815BCEFE71D}SafariIco.exe
    O4 – GSQuickLaunch [Lucas]: BitTorrent.lnk . (.BitTorrent Inc. – BitTorrent.) — C:UsersLucasAppDataRoamingBitTorrentBitTorrent.exe =>P2P.BitTorrent
    O4 – GSQuickLaunch [Lucas]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Lucas]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [Lucas]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Lucas]: PartyPoker.fr.lnk . (…) — C:ProgramsPartyFrancePartyFrance.exe (.not file.)
    O4 – GSTaskBar [Lucas]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Lucas]: Opera.lnk . (.Opera Software – Opera Internet Browser.) — C:Program Files (x86)Operaopera.exe
    O4 – GSProgram [Lucas]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Lucas]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [Lucas]: BitTorrent.lnk . (.BitTorrent Inc. – BitTorrent.) — C:UsersLucasAppDataRoamingBitTorrentBitTorrent.exe =>P2P.BitTorrent
    O4 – GSDesktop [Lucas]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersLucasAppDataRoamingDropboxbinDropbox.exe
    O4 – GSDesktop [Lucas]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Lucas]: MediaCoder iPod Edition.lnk . (.Broad Intelligence – MediaCoder.) — C:Program Files (x86)MediaCoder iPod Editionmediacoder.exe
    O4 – GSDesktop [Lucas]: RegCleaner.lnk . (…) — C:Program Files (x86)RegCleanerRegCleanr.exe
    O4 – GSDesktop [Lucas]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.sosvirus.net » onclick= »window.open(this.href);return false;
    O4 – GSDesktop [Lucas]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com » onclick= »window.open(this.href);return false;
    ~ Global Startup: 104 Legitimates Filtered in 00mn 03s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Lucas]: 5z1z.lnk . (.Intel Corporation – Intel Corporation.) — C:UsersPubliciAStorIcon.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – HD Audio Control Panel.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Skytel] . (.Realtek Semiconductor Corp. – Realtek Voice Manager.) — C:Program FilesRealtekAudioHDASkytel.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [NvCplDaemon] . (.NVIDIA Corporation – NVIDIA Display Properties Extension.) — C:Windowssystem32NvCpl.dll =>.NVIDIA Corporation
    O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
    O4 – HKLM..Run: [IAAnotif] . (.Intel Corporation – Event Monitor User Notification Tool.) — C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKCU..Run: [adapter] . (…) — C:Windowsadapter.exe
    O4 – HKCU..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    O4 – HKCU..Run: [ApplePhotoStreams] . (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    O4 – HKCU..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersLucasAppDataRoamingPublicjusched.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [jusched7] . (.Intel Corporation – Intel Corporation.) — C:UsersLucasAppDataRoamingPublicjusched.exe
    O4 – HKLM..policiesExplorerRun: [37364] C:PROGRA~3LOCALS~1Tempmscuiu.exe (.not file.)
    O4 – HKCU..policiesExplorerRun: [jusched9] . (.Intel Corporation – Intel Corporation.) — C:UsersLucasAppDataRoamingPublicjusched.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2381913200-3018708405-1333756505-1000..Run: [adapter] . (…) — C:Windowsadapter.exe
    O4 – HKUSS-1-5-21-2381913200-3018708405-1333756505-1000..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    O4 – HKUSS-1-5-21-2381913200-3018708405-1333756505-1000..Run: [ApplePhotoStreams] . (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    O4 – HKUSS-1-5-21-2381913200-3018708405-1333756505-1000..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersLucasAppDataRoamingPublicjusched.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 [64Bits] – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{145BE677-2E36-44BF-B092-52AACB9B8504}: DhcpNameServer = 62.201.142.102
    O17 – HKLMSystemCCSServicesTcpip..{3E20B541-6D19-439E-BCAA-21986777F650}: DhcpNameServer = 62.201.129.202 62.201.129.203
    O17 – HKLMSystemCCSServicesTcpip..{578A9BB9-3BCA-44D7-8FAA-BEA8EE7D5FFC}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCCSServicesTcpip..{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpDomain = lan
    O17 – HKLMSystemCS1ServicesTcpip..{145BE677-2E36-44BF-B092-52AACB9B8504}: DhcpNameServer = 62.201.142.102
    O17 – HKLMSystemCS1ServicesTcpip..{3E20B541-6D19-439E-BCAA-21986777F650}: DhcpNameServer = 62.201.129.202 62.201.129.203
    O17 – HKLMSystemCS1ServicesTcpip..{578A9BB9-3BCA-44D7-8FAA-BEA8EE7D5FFC}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpDomain = lan
    O17 – HKLMSystemCS2ServicesTcpip..{145BE677-2E36-44BF-B092-52AACB9B8504}: DhcpNameServer = 62.201.142.102
    O17 – HKLMSystemCS2ServicesTcpip..{3E20B541-6D19-439E-BCAA-21986777F650}: DhcpNameServer = 62.201.129.202 62.201.129.203
    O17 – HKLMSystemCS2ServicesTcpip..{578A9BB9-3BCA-44D7-8FAA-BEA8EE7D5FFC}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS2ServicesTcpip..{884C8AAB-6FBC-4045-8586-16AC978A3177}: DhcpDomain = lan
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksDMEPeriodicTask.job [312]
    [MD5.00000000000000000000000000000000] [APT] [{06924568-028C-4A89-B1E2-AFA7F26231BA}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{095BADCC-B05C-4916-818E-E301CD65906D}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{097F1524-453B-4A15-B8BE-6FCFDE384470}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{15060F2D-7848-4AE6-BE64-DC81A5793F28}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{15856E54-D16A-435A-BFA7-9CE8E8FFA90F}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{1B05568A-5B14-4F63-B4CD-C0E885D89C8E}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{2F26486B-AC12-480E-B456-6C6BC0E72991}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{3E95CAFE-BC19-4BE0-9FCF-7049787B2F8E}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{55A51F8A-7CDD-4300-B00C-189309D0327D}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{57A210FB-771E-4115-A28B-A5C98AAA7625}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{5C96A891-EF38-493A-8372-232ADB10C7BA}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{646B2996-F75C-47DA-99AC-4FB351345A88}] (…) — F:setup.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{6744F725-5A39-48A9-BC64-44CBCE3FBCF5}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{693B4173-D1A2-4351-88E0-EF61F889CC21}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{724D6EB8-4CD8-481B-AAF4-C305FE597B96}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{7B20C59B-8C27-43A8-AF50-9A5891E129BB}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{8141494F-DBA0-418A-8C94-AC3706C0EECC}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{8A2BD78E-99CC-4CDF-9F4E-47A2636E90C2}] (…) — C:UsersLucasDesktopRegCleaner.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{9A1664D6-5B9F-484E-B04B-0D8E0677F085}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{AC2E3301-6C11-47E7-9C54-0FD15FE3E050}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{BB697069-36FB-4FC7-855B-809A47597113}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{C2D8B57B-CB3D-4A5C-B60D-A3F41F0D20B2}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{C4782DDD-7AED-40CB-8300-259553868E30}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{C493C542-3B13-4AA7-9AA8-AD06233F4879}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{D10C5DB9-1941-495F-8AFC-8F1BD63C199E}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{E63BB57A-576C-4454-A8C8-225A996C33E6}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{EE8FAA9D-9ECB-45C9-A443-CFDA8BFD7056}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    [MD5.00000000000000000000000000000000] [APT] [{F7EA5910-2B1D-4A61-B578-869639B458D8}] (…) — G:ProgrammesBitTorrent-6.3c.exe (.not file.) [0] =>P2P.BitTorrent
    ~ Scheduled Task: 44 Legitimates Filtered in 00mn 04s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Eufloria – (…) [HKLM][64Bits] — Steam App 41210
    O42 – Logiciel: Mini Ninjas – Demo – (.IO Interactive.) [HKLM][64Bits] — Steam App 35050
    O42 – Logiciel: Nerf version 2.0.0.C – (…) [HKLM][64Bits] — Codage du message nerveux_is1
    O42 – Logiciel: Nuclear Coffee – VideoGet – (.Nuclear Coffee.) [HKLM][64Bits] — VideoGet_is1
    ~ Logic: 179 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareNuclear Coffee]
    [HKCUSoftwarePartyFrance]
    [HKCUSoftwareTotem]
    [HKCUSoftwareÀ classé]
    [HKLMSoftwareWow6432NodeDicomWorks]
    [HKLMSoftwareWow6432NodeNuclear Coffee]
    [HKLMSoftwareWow6432NodejSugLyCC]
    [HKLMSoftwarejSugLyCC]
    ~ Key Software: 292 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 27/10/2013 – 16:16:31 – [0,002] —-D C:Program Files (x86)DicomWorks
    O43 – CFD: 18/09/2010 – 12:53:08 – [2,491] —-D C:Program Files (x86)Nerf
    O43 – CFD: 14/03/2010 – 19:03:30 – [40,195] —-D C:Program Files (x86)Nuclear Coffee
    O43 – CFD: 11/02/2010 – 13:28:23 – [1098,722] —-D C:Program Files (x86)Soldier of Fortune II – Double Helix
    O43 – CFD: 27/10/2013 – 18:24:32 – [0,004] –H-D C:UsersLucasAppDataRoamingD48191F4
    O43 – CFD: 15/10/2010 – 18:34:56 – [0,396] —-D C:UsersLucasAppDataRoamingLumen
    O43 – CFD: 27/10/2013 – 18:12:59 – [81,511] —-D C:UsersLucasAppDataRoamingPublic
    O43 – CFD: 20/03/2013 – 18:28:51 – [0,032] —-D C:UsersLucasAppDataRoamingwam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
    O43 – CFD: 15/10/2010 – 18:37:31 – [0] —-D C:UsersLucasAppDataLocal._Revolution_
    O43 – CFD: 14/10/2013 – 08:36:53 – [0,877] —-D C:UsersLucasAppDataLocal1A62F342-73E8-4C21-A008-7954B7852C7E.aplzod
    O43 – CFD: 03/10/2010 – 16:33:18 – [0] —-D C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsPartyPoker.fr
    ~ 136 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 408 Legitimates Filtered in 00mn 50s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.4BF30D0522594A29026DA744D1996BD0] – 27/10/2013 – 16:52:26


    . (…) — C:UsbFix [Scan 1] VAIO.txt [13784]
    O44 – LFC:[MD5.4BFEEEF6B0DD8F523C4BE04A5A820680] – 27/10/2013 – 17:04:53 —A- . (…) — C:UsbFix [Clean 1] VAIO.txt [12586]
    ~ Files: 24 Legitimates Filtered in 00mn 02s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.090A2F8516E2C523DA220FEF13B5597F] – 12/10/2013 – 15:49:18 —A- – C:WindowsPrefetchUTT3A8B.TMP.EXE-CC0BFBE8.pf
    O45 – LFCP:[MD5.66187024CD7AAA977B25753917FE826B] – 12/10/2013 – 15:49:59 —A- – C:WindowsPrefetchUTT15AE.TMP.EXE-1C4AD986.pf
    O45 – LFCP:[MD5.0E3268D769E6EB8D5BFD8053B4701B13] – 12/10/2013 – 15:50:01 —A- – C:WindowsPrefetchNSB1DD8.EXE-284B1E4A.pf
    O45 – LFCP:[MD5.8D466283FBB09762015A3701FDBF3E95] – 12/10/2013 – 15:50:18 —A- – C:WindowsPrefetchNSC296D.EXE-A7209F3B.pf
    O45 – LFCP:[MD5.E9307D900BC7FF79F2078C0980B73614] – 12/10/2013 – 15:51:19 —A- – C:WindowsPrefetchNSH2B05.EXE-E2767F58.pf
    O45 – LFCP:[MD5.70F6828539AB6A825F0FED46AC2C351F] – 12/10/2013 – 15:51:19 —A- – C:WindowsPrefetchNSH364C.EXE-519A9383.pf
    O45 – LFCP:[MD5.76DA36F20E0EED2027A1CBEA138E9189] – 12/10/2013 – 15:51:19 —A- – C:WindowsPrefetchNSS279B.EXE-2561EDCE.pf
    O45 – LFCP:[MD5.CC1D063B0992BED4672564B4418D2D85] – 12/10/2013 – 15:51:27 —A- – C:WindowsPrefetchCLTMNG.EXE-67B8F8A7.pf
    O45 – LFCP:[MD5.3CFB672D6B6FE2F53A8724A62DED1C5A] – 12/10/2013 – 15:51:27 —A- – C:WindowsPrefetchCLTMNGUI.EXE-E74F72C8.pf
    O45 – LFCP:[MD5.8FA2EFA255568709BF74E9A89ECEDA63] – 12/10/2013 – 15:51:43 —A- – C:WindowsPrefetchNSSBF5A.EXE-7588F940.pf
    O45 – LFCP:[MD5.731AD4760FCC62298AAB2F4723BF7138] – 12/10/2013 – 15:51:44 —A- – C:WindowsPrefetchNSSC747.EXE-9668AD23.pf
    O45 – LFCP:[MD5.C54A40F5ACBE0E36050A21BCBED19710] – 12/10/2013 – 15:51:44 —A- – C:WindowsPrefetchNSXCE1B.EXE-7DC89E82.pf
    O45 – LFCP:[MD5.1E4667CC19F9B958208E242D92E62D86] – 12/10/2013 – 16:07:40 —A- – C:WindowsPrefetchTU_RMDIR.EXE-59985335.pf
    O45 – LFCP:[MD5.87CC610182E9193A0DD93E0B12FC1C96] – 12/10/2013 – 16:24:14 —A- – C:WindowsPrefetchSYSLOG.EXE-FBEE0F3C.pf
    O45 – LFCP:[MD5.8A50CF9705021D6E114C1078B1E4D546] – 12/10/2013 – 16:24:32 —A- – C:WindowsPrefetchKILLDIR.EXE-4EF1286E.pf
    O45 – LFCP:[MD5.711F1E57C75A96C09BD04A1A15FF23ED] – 12/10/2013 – 16:24:34 —A- – C:WindowsPrefetchTU_CLEARSTATE.EXE-AFF6C1AF.pf
    O45 – LFCP:[MD5.FDFDCA7C202C4CE46DBA34EE2C5531BF] – 12/10/2013 – 16:24:41 —A- – C:WindowsPrefetchLATESTDLMGR.EXE-2FEC99AA.pf =>Adware.OpenCandy
    O45 – LFCP:[MD5.7D943866EA0817819E20C4DF709208EB] – 12/10/2013 – 16:24:59 —A- – C:WindowsPrefetchTU_PREFS.EXE-3FFBD38F.pf
    O45 – LFCP:[MD5.DF36E68F76A3438CE517C6739FC1CE42] – 12/10/2013 – 16:25:00 —A- – C:WindowsPrefetchHIDE.EXE-384945B1.pf
    O45 – LFCP:[MD5.EA6352F5723E887ACD47C140EADF1923] – 12/10/2013 – 16:25:01 —A- – C:WindowsPrefetchALL_ACCESS.EXE-0019D471.pf
    O45 – LFCP:[MD5.E2D88F2F126F7BCDC8195B77887B560C] – 12/10/2013 – 16:25:17 —A- – C:WindowsPrefetchTU_RAD.EXE-DFC393BA.pf
    O45 – LFCP:[MD5.50A7AD2513865FA1BD7290DC1B1B6606] – 12/10/2013 – 17:34:04 —A- – C:WindowsPrefetchNSX7B3B.EXE-B5F4F641.pf
    O45 – LFCP:[MD5.A9B11554E7F27BC171A7786C29B87423] – 12/10/2013 – 17:34:14 —A- – C:WindowsPrefetchCLTMNGSVC.EXE-DB1AC051.pf
    O45 – LFCP:[MD5.59F2A2480FEE5360548996EE896E4539] – 13/10/2013 – 15:44:09 —A- – C:WindowsPrefetchICLOUD.EXE-907CF11D.pf
    O45 – LFCP:[MD5.4C5FBAAB5A83CF9F19305B80894DFE89] – 21/10/2013 – 19:38:33 —A- – C:WindowsPrefetchNODE.EXE-89050794.pf
    O45 – LFCP:[MD5.568EBE6ECFC0C35271AD69592FC667B9] – 22/10/2013 – 20:03:57 —A- – C:WindowsPrefetchLOGROTATE.EXE-420D9660.pf
    O45 – LFCP:[MD5.15C88B5E15892D8700B1F1BDCEB6464F] – 22/10/2013 – 20:04:10 —A- – C:WindowsPrefetchJSONRPCBROKER.EXE-6CED2B67.pf
    O45 – LFCP:[MD5.472A0515ACE5BF925995C301D12A6042] – 23/10/2013 – 06:34:44 —A- – C:WindowsPrefetchVCSW.EXE-5899050E.pf
    O45 – LFCP:[MD5.C743D064CA802286E7E701C0669D1E0C] – 25/10/2013 – 11:41:14 —A- – C:WindowsPrefetchSETUPADMIN.EXE-AE0501A8.pf
    O45 – LFCP:[MD5.4AEF978C7D18BE0771FB139DA0F835BA] – 25/10/2013 – 11:47:14 —A- – C:WindowsPrefetchBITTORRENT.EXE-7EBE59A4.pf =>P2P.BitTorrent
    O45 – LFCP:[MD5.0CE60A081219B76EB879D10BB818C8FC] – 25/10/2013 – 11:49:14 —A- – C:WindowsPrefetchDIFXINST64.EXE-1F7CE36D.pf
    O45 – LFCP:[MD5.32ED6B0724EC330F9C52DB432D6E8BCF] – 27/10/2013 – 16:23:17 —A- – C:WindowsPrefetchVDAU.EXE-0151EFFE.pf
    O45 – LFCP:[MD5.9D3D30096A013D93A678C07807D24631] – 27/10/2013 – 16:35:49 —A- – C:WindowsPrefetchROXIOUPNPSERVICE10.EXE-F36925CD.pf
    O45 – LFCP:[MD5.BB7041472816B00AE1CB63803AEE59FA] – 27/10/2013 – 18:22:31 —A- – C:WindowsPrefetchGETPOPUPINFO.EXE-B860C564.pf
    ~ Prefetcher: 142 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregInternet Download Accelerator [Key] . (…) — C:Program Files (x86)IDAida.exe (.not file.)
    ~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableLUA »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « PromptOnSecureDesktop »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktopChanges »=1
    ~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    ~ Drivers: 18 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 26/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingMozillaTuneUpMediacookies.sqlite-shm [32768]
    O61 – LFC: 26/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingMozillaTuneUpMediacookies.sqlite-wal [524704]
    O61 – LFC: 26/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingMozillaTuneUpMediaparent.lock [0]
    O61 – LFC: 26/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingMozillaTuneUpMediaplaces.sqlite [10485760]
    O61 – LFC: 26/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingMozillaTuneUpMediaplaces.sqlite-shm [32768]
    O61 – LFC: 26/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingMozillaTuneUpMediaplaces.sqlite-wal [787040]
    O61 – LFC: 26/10/2013 – 18:55:43 R–A- . (…) — C:UsersLucasDownloadsWarm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9.nfo [614]
    O61 – LFC: 26/10/2013 – 18:55:43 R–A- . (…) — C:UsersLucasDownloadsWarm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9.iso [8108191744]
    O61 – LFC: 26/10/2013 – 18:55:43 R–A- . (…) — C:UsersLucasDownloadsWarm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9Warm Bodies (2013) DD5.1 Fr NL Subs PAL DVDR9.mds [4314]
    O61 – LFC: 27/10/2013 – 18:55:25 —A- . (…) — C:UsersLucasAppDataLocalGDIPFONTCACHEV1.DAT [128440]
    O61 – LFC: 27/10/2013 – 18:55:29 —A- . (…) — C:UsersLucasAppDataLocalGoogleChromeUser DataLocal State [43452]
    O61 – LFC: 27/10/2013 – 18:55:36 —A- . (…) — C:UsersLucasAppDataRoamingMedia Player Classicdefault.mpcpl [106]
    O61 – LFC: 27/10/2013 – 18:55:36 –H– . (…) — C:UsersLucasAppDataRoamingD48191F427-10-2013 [3692]
    O61 – LFC: 27/10/2013 – 18:55:36 –H– . (…) — C:UsersLucasAppDataRoamingLucas-wchelper.dll [154283]
    O61 – LFC: 27/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingZHPLog.txt [18187] =>.Nicolas Coolman
    O61 – LFC: 27/10/2013 – 18:55:37 —A- . (…) — C:UsersLucasAppDataRoamingZHPTestsZHPDiag.txt [2858] =>.Nicolas Coolman
    O61 – LFC: 27/10/2013 – 18:55:44 —A- . (…) — C:UsersLucasLinksPhotos iCloud.lnk [160]
    ~ 33 Fichiers temporaires (Temporary files)
    ~ Files: 379 Legitimates Filtered in 00mn 30s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) » onclick= »window.open(this.href);return false; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Opera Software – Opera Internet Browser.) — C:Program Files (x86)OperaOpera.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program Files (x86)SafariSafari.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {1BA9D07A-1FDB-4C68-81F3-BA1735A92E23} [DefaultScope] – (Google) – http://www.google.fr » onclick= »window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:UsersLucasAppDataRoamingBitTorrentAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.1.torrent =>P2P.BitTorrent
    C:UsersLucasAppDataRoamingBitTorrentAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.torrent =>P2P.BitTorrent
    C:UsersLucasDocumentsJeuxBattlefield 2A Crack & KeygenBattlefield_2_keygen.exe
    C:UsersLucasDocumentsJeuxBattlefield 2A Crack & KeygenBF2.exe
    C:UsersLucasDocumentsJeuxBattlefield 2A Crack & KeygenFichiers OriginauxBF2 – Original.exe
    C:UsersLucasDocumentsJeuxCall of Duty4-Razor1911+Keygen and Crackiw3sp.exe
    C:UsersLucasDownloadsAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-DeantjahAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-DeantjahKeygenembrace.rar
    C:UsersLucasAppDataRoamingBitTorrentAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.1.torrent =>P2P.BitTorrent
    C:UsersLucasAppDataRoamingBitTorrentAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah.rar.torrent =>P2P.BitTorrent
    C:UsersLucasDocumentsJeuxBattlefield 2A Crack & KeygenBattlefield_2_keygen.exe
    C:UsersLucasDocumentsJeuxBattlefield 2A Crack & KeygenBF2.exe
    C:UsersLucasDocumentsJeuxBattlefield 2A Crack & KeygenFichiers OriginauxBF2 – Original.exe
    C:UsersLucasDocumentsJeuxCall of Duty4-Razor1911+Keygen and Crackiw3sp.exe
    C:UsersLucasDownloadsAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-DeantjahAdobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-DeantjahKeygenembrace.rar
    ~ Files: Scanned in 00mn 36s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit – SP Usage Sender.) — C:UsersLucasAppDataLocalTempnsh2B05.exe [167812] =>Toolbar.Conduit
    [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit – SP Usage Sender.) — C:UsersLucasAppDataLocalTempnsh364C.exe [167812] =>Toolbar.Conduit
    [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit – SP Usage Sender.) — C:UsersLucasAppDataLocalTempnss279B.exe [167812] =>Toolbar.Conduit
    [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit – SP Usage Sender.) — C:UsersLucasAppDataLocalTempnssBF5A.exe [167812] =>Toolbar.Conduit
    [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit – SP Usage Sender.) — C:UsersLucasAppDataLocalTempnssC747.exe [167812] =>Toolbar.Conduit
    [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit – SP Usage Sender.) — C:UsersLucasAppDataLocalTempnsx7B3B.exe [167812] =>Toolbar.Conduit
    [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][06/10/2013] (.Conduit – SP Usage Sender.) — C:UsersLucasAppDataLocalTempnsxCE1B.exe [167812] =>Toolbar.Conduit
    [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersLucasAppDataLocalTempQuarantine.exe [344355]
    [MD5.617E5F409B524E69A8892D7DA516DB64] [SPRF][24/05/2013] (…) — C:UsersLucasAppDataLocalTemputt4B72.tmp.bat [95]
    [MD5.4D6AD791776F16834671898E31796C0A] [SPRF][22/04/2013] (…) — C:UsersLucasAppDataLocalTemputt57E2.tmp.bat [95]
    [MD5.7ECE1BEF537B32F34B18012DB14501E0] [SPRF][12/10/2013] (…) — C:UsersLucasAppDataLocalTemputt7BFD.tmp.bat [95]
    [MD5.CF43D0F929AE3335692D014F4DF05E6D] [SPRF][27/10/2013] (…) — C:UsersLucasAppDataRoamingLucas-wchelper.dll [154283]
    [MD5.AC1318D2E9FE1BC78EEC4EC308B15E9E] [SPRF][18/04/2010] (…) — C:UsersLucasAppDataRoamingwklnhst.dat [190]
    [MD5.30FADBA93E9430A63F19DA9935DE4369] [SPRF][14/02/2010] (.Gabest – Media Player Classic.) — C:UsersLucasDesktopmplayerc.exe [4411392]
    ~ Files: 17 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: « {D3544EBE-D088-4DE0-882C-38C6C613622F} » |In – Public – P6 – TRUE | .(…) — C:Program Files (x86)adawaretbdtUser.exe (.not file.) =>Toolbar.Adaware
    O87 – FAEL: « {9EABBF6E-3556-4823-A34E-8E60DDB44B88} » |In – Public – P17 – TRUE | .(…) — C:Program Files (x86)adawaretbdtUser.exe (.not file.) =>Toolbar.Adaware
    ~ Firewall: 181 Legitimates Filtered in 00mn 00s

    —\ Enumère les données de la clé NameSpace (MNS) (O92)
    O92 – MNS: Photos iCloud – {F0D63F85-37EC-4097-B30D-61B4A8917118}
    ~ MNS: 1 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.A41930FA9C4EC2090BEC28131EEEA1C4] [WIS][17/10/2010] (.Mobipocket.com – eBook Reader.) — C:WindowsInstaller1ada703.msi [5606400]
    [MD5.EC37C69FC4DB82A4070EB540177852C6] [WIS][07/04/2010] (.Adobe – Blank Project Template.) — C:WindowsInstallerad18e.msi [9998336]
    [MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][13/05/2009] (.Builds the Destinations MSI – Builds the Destinations MSI.) — C:WindowsInstallerb9a68.msi [459264]
    ~ WIS: 166 Legitimates Filtered in 00mn 25s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
    SR – | Auto 08/12/2008 169312 | (AdobeActiveFileMonitor7.0) . (.Adobe Systems Incorporated.) – C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe
    SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 01/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
    SS – | Demand 08/09/2009 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Auto 11/12/2007 65536 | C:Program Files (x86)COMMON~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) – C:Program Files (x86)Common FilesFrance TelecomShared ModulesFTRTSVCFTRTSVC.exe
    SS – | Auto 09/09/2010 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 09/09/2010 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SR – | Demand 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
    SS – | Demand 23/10/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SS – | Demand 14/07/2012 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SR – | Auto 14/07/2009 27136 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SS – | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) – C:Windowssystem32GameMon.des
    SR – | Auto 29/07/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 14/07/2009 27136 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (PnkBstrA) . (…) – C:Windowssystem32PnkBstrA.exe
    SS – | Demand 26/06/2009 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUPnPRenderer10.exe
    SS – | Auto 26/06/2009 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUpnpService10.exe
    SS – | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SR – | Auto 27/07/2009 120104 | (SOHCImp) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
    SR – | Auto 27/07/2009 70952 | (SOHDBSvr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe
    SS – | Auto 27/07/2009 427304 | (SOHDms) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
    SR – | Auto 27/07/2009 75048 | (SOHDs) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
    SR – | Auto 27/07/2009 91432 | (SOHPlMgr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe
    SS – | Demand 04/05/2013 543656 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SS – | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    SR – | Auto 18/09/2008 104960 | (uCamMonitor) . (.ArcSoft, Inc..) – C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
    SS – | Demand 23/07/2009 69632 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzHardwareResourceManagerVzHardwareResourceManagerVzHardwareResourceManager.exe
    SR – | Auto 01/07/2009 204648 | (VAIO Event Service) . (.Sony Corporation.) – C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe
    SR – | Auto 16/07/2009 411496 | (VAIO Power Management) . (.Sony Corporation.) – C:Program FilesSonyVAIO Power ManagementSPMService.exe
    SR – | Auto 22/07/2009 642920 | (VCFw) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
    SR – | Auto 26/06/2009 468264 | (VcmIAlzMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
    SS – | Demand 26/06/2009 357672 | (VcmINSMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe
    SS – | Demand 17/06/2009 110888 | (VcmXmlIfHelper) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe
    SR – | Demand 23/07/2009 313264 | (Vcsw) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
    SR – | Auto 12/08/2009 522240 | (VSNService) . (.Sony Corporation.) – C:Program FilesSonyVAIO Smart NetworkVSNService.exe
    SR – | Auto 23/07/2009 206336 | (VzCdbSvc) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
    SR – | Auto 08/09/2010 288256 | (WDDMService) . (.WDC.) – C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe
    SR – | Auto 08/09/2010 1034752 | (WDFME) . (…) – C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDFMEWDFME.exe
    SR – | Auto 08/09/2010 485376 | (WDSC) . (…) – C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDSC.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32yk62x64.dll (yksvc) . (.Marvell.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 27s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Lucas at 27/10/2013 18:57:06
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
    Run by Lucas at 27/10/2013 18:57:08

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 12960 – (27/10/2013)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 14

    [HKCUSoftwarePartyFrance] =>Casino.OnlineGames
    [HKCUSoftwareTotem] =>Adware.VirtualGirl
    C:UsersLucasAppDataLocalLowBittorrentBar_FR =>Toolbar.Conduit
    C:UsersLucasAppDataLocalTempnsh2B05.exe =>Toolbar.Conduit^
    C:UsersLucasAppDataLocalTempnsh364C.exe =>Toolbar.Conduit^
    C:UsersLucasAppDataLocalTempnss279B.exe =>Toolbar.Conduit^
    C:UsersLucasAppDataLocalTempnssBF5A.exe =>Toolbar.Conduit^
    C:UsersLucasAppDataLocalTempnssC747.exe =>Toolbar.Conduit^
    C:UsersLucasAppDataLocalTempnsx7B3B.exe =>Toolbar.Conduit^
    C:UsersLucasAppDataLocalTempnsxCE1B.exe =>Toolbar.Conduit^
    ~ Additionnel Scan: 476513 Items scanned in 00mn 31s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch » onclick= »window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy » onclick= »window.open(this.href);return false; =>Adware.OpenCandy
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit » onclick= »window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/28346035-adware-virtualgirl » onclick= »window.open(this.href);return false; =>Adware.VirtualGirl
    ~ MSI: 4 link(s) detected in 00mn 31s

    ~ 2060 Legitimates filtered by white list
    End of the scan (676 lines in 04mn 28s)(14)[/spoiler:2962bvg8]

    Anonyme
    Nombre d'articles : 0

    Tu peux faire ceci maintenant stp : rapport-usbfix-t3626.html#p13112 (UsbFix_Beta)

    groownsfeld
    Nombre d'articles : 0

    Et voici le rapport de USBFix beta: [spoiler:29l17e6h]############################## | UsbFix V 7.146 | [Recherche]

    Utilisateur: Lucas (Administrateur) # VAIO
    Mis à jour le 27/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 19:09:12 | 27/10/2013

    Site Web: http://www.usbfix.net/ » onclick= »window.open(this.href);return false;
    Forum : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

    PC: Sony Corporation (VAIO)
    CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
    RAM -> [Total : 4063 | Free : 1600]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Google Chrome : 30.0.1599.101
    WB: Mozilla Firefox : 12.0
    WB: Safari : 534.57.2

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AS: Windows Defender [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 455 Go (19 Go libre(s) – 4%) [] # NTFS
    F: -> CD-ROM
    G: -> CD-ROM
    H: -> CD-ROM
    I: -> Disque amovible # 4 Go (2 Go libre(s) – 65%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 488 |ParentID: 408)
    C:Windowssystem32csrss.exe (ID: 552 |ParentID: 544)
    C:Windowssystem32wininit.exe (ID: 560 |ParentID: 408)
    C:Windowssystem32services.exe (ID: 608 |ParentID: 560)
    C:Windowssystem32lsass.exe (ID: 624 |ParentID: 560)
    C:Windowssystem32lsm.exe (ID: 636 |ParentID: 560)
    C:Windowssystem32winlogon.exe (ID: 664 |ParentID: 544)
    C:Windowssystem32svchost.exe (ID: 776 |ParentID: 608)
    C:Windowssystem32nvvsvc.exe (ID: 836 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 876 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 976 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 328 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 360 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 1088 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 1116 |ParentID: 608)
    C:WindowsSystem32spoolsv.exe (ID: 1296 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 1328 |ParentID: 608)
    C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe (ID: 1396 |ParentID: 608)
    C:Windowssystem32nvvsvc.exe (ID: 1476 |ParentID: 836)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1608 |ParentID: 608)
    C:Program FilesBonjourmDNSResponder.exe (ID: 1680 |ParentID: 608)
    C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 1712 |ParentID: 608)
    C:Windowssystem32taskhost.exe (ID: 2008 |ParentID: 608)
    C:Windowssystem32Dwm.exe (ID: 860 |ParentID: 1012)
    C:WindowsExplorer.EXE (ID: 1380 |ParentID: 1200)
    C:WindowsSysWOW64svchost.exe (ID: 1840 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 1928 |ParentID: 608)
    C:WindowsSystem32svchost.exe (ID: 792 |ParentID: 608)
    C:WindowsSysWOW64PnkBstrA.exe (ID: 2068 |ParentID: 608)
    C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe (ID: 2188 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 2248 |ParentID: 608)
    C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe (ID: 2300 |ParentID: 608)
    C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe (ID: 2356 |ParentID: 608)
    C:Program FilesSonyVAIO Power ManagementSPMService.exe (ID: 2384 |ParentID: 608)
    C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe (ID: 2428 |ParentID: 608)
    C:WindowsSysWOW64DllHost.exe (ID: 2456 |ParentID: 776)
    C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe (ID: 2472 |ParentID: 608)
    C:Program FilesSonyVAIO Smart NetworkVSNService.exe (ID: 2528 |ParentID: 608)
    C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe (ID: 2552 |ParentID: 608)
    C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe (ID: 2596 |ParentID: 608)
    C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDFMEWDFME.exe (ID: 2684 |ParentID: 608)
    C:Program Files (x86)SonyVAIO Event ServiceVESMgrSub.exe (ID: 2760 |ParentID: 2356)
    C:Program Files (x86)Western DigitalWD SmartwareFront ParlorWDSC.exe (ID: 2904 |ParentID: 608)
    C:Program FilesSonyVAIO Smart NetworkVSNClient.exe (ID: 2988 |ParentID: 2528)
    C:WindowsSystem32svchost.exe (ID: 3056 |ParentID: 608)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2128 |ParentID: 608)
    C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 1228 |ParentID: 608)
    C:Program FilesSonyVAIO Power ManagementSPMgr.exe (ID: 2352 |ParentID: 3004)
    C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe (ID: 3176 |ParentID: 608)
    C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe (ID: 3240 |ParentID: 608)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3272 |ParentID: 2128)
    C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe (ID: 3472 |ParentID: 608)
    C:Windowssystem32taskeng.exe (ID: 3568 |ParentID: 360)
    C:Program FilesSonyVAIO Update 4VAIOUpdt.exe (ID: 3600 |ParentID: 3568)
    C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe (ID: 3744 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 3836 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 2712 |ParentID: 608)
    C:WindowsSystem32WUDFHost.exe (ID: 1236 |ParentID: 1012)
    C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (ID: 4184 |ParentID: 608)
    C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (ID: 4400 |ParentID: 608)
    C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (ID: 4480 |ParentID: 4400)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 4608 |ParentID: 1380)
    C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (ID: 4620 |ParentID: 1380)
    C:Windowsadapter.exe (ID: 4652 |ParentID: 1380)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4684 |ParentID: 4608)
    C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (ID: 4748 |ParentID: 1380)
    C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (ID: 4824 |ParentID: 1380)
    C:Windowssystem32NOTEPAD.EXE (ID: 4260 |ParentID: 1380)
    C:Windowssystem32SearchIndexer.exe (ID: 4468 |ParentID: 608)
    C:WindowsSysWOW64explorer.exe (ID: 4328 |ParentID: 4700)
    C:UsersPubliciAStorIcon.exe (ID: 4884 |ParentID: 4700)
    C:WindowsSysWOW64explorer.exe (ID: 1964 |ParentID: 4920)
    C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupjusched.exe (ID: 4272 |ParentID: 4920)
    C:Program Files (x86)Common FilesAppleInternet ServicesAPSDaemon.exe (ID: 5540 |ParentID: 776)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1804 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 1640 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 2892 |ParentID: 608)
    C:Program Files (x86)OpenOffice.org 3programswriter.exe (ID: 1452 |ParentID: 1380)
    C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 5180 |ParentID: 1452)
    C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 5228 |ParentID: 5180)
    C:Windowssplwow64.exe (ID: 5188 |ParentID: 5228)
    C:Program FilesInternet ExplorerIEXPLORE.EXE (ID: 3036 |ParentID: 4336)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 4032 |ParentID: 3036)
    C:Windowssystem32taskhost.exe (ID: 5752 |ParentID: 608)
    C:WindowssysWOW64wbemwmiprvse.exe (ID: 2844 |ParentID: 776)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 3924 |ParentID: 776)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 3640 |ParentID: 3036)
    C:Program Files (x86)ZHPDiagZHPDiag.exe (ID: 4528 |ParentID: 5488)
    C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID: 1932 |ParentID: 3036)
    C:Windowssystem32taskhost.exe (ID: 6584 |ParentID: 608)
    C:Windowssystem32taskeng.exe (ID: 5892 |ParentID: 360)
    C:Windowssystem32SearchProtocolHost.exe (ID: 3364 |ParentID: 4468)
    C:Windowssystem32SearchFilterHost.exe (ID: 732 |ParentID: 4468)
    C:UsbFixGo.exe (ID: 3552 |ParentID: 2792)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5660 |ParentID: 776)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
    HKLMSOFTWARE | Run : [QuickTime Task] – « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    HKLMSOFTWARE | Run : [jusched7] – C:UsersLucasAppDataRoamingPublicjusched.exe
    HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
    HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    HKLMSOFTWAREwow6432Node | Run : [jusched7] – C:UsersLucasAppDataRoamingPublicjusched.exe
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKLMSOFTWARE | PoliciesExplorerrun : [37364] – C:PROGRA~3LOCALS~1Tempmscuiu.exe
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [adapter] – C:Windowsadapter.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [iCloudServices] – C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [ApplePhotoStreams] – C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | Run : [8jusched] – C:UsersLucasAppDataRoamingPublicjusched.exe
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-21-2381913200-3018708405-1333756505-1000SOFTWARE | PoliciesExplorerrun : [jusched9] – C:UsersLucasAppDataRoamingPublicjusched.exe

    ################## | Référence de comparaison MD5 |

    Md5 : e89028d8068170e606aa0996d457aaa3 -> C:UsersPublicjusched.exe

    ################## | Recherche générique |

    Présent! C:UsersLucasAppDataRoamingD48191F4ak.tmp
    Présent! C:UsersLucasAppDataRoamingD48191F4
    Présent! C:UsersPubliciAStorIcon.exe
    Présent! C:UsersPublicjusched.exe
    Présent! C:UsersLucasAppDataRoamingLucas-wchelper.dll
    Présent! C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5z1z.lnk
    Présent! C:UsersLucasAppDataLocalTempLucas7
    Présent! C:UsersLucasAppDataLocalTempLucas8

    ################## | Comparaison MD5 |

    ################## | Registre |

    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 0
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1
    Présent! HKUS-1-5-21-2381913200-3018708405-1333756505-1000SoftwareMicrosoftWindowsCurrentVersionRun|8jusched
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|8jusched

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |[/spoiler:29l17e6h]

    Anonyme
    Nombre d'articles : 0
    • Télécharge OTM de OldTimer sur ton bureau.
    • Double-clique sur OTM.exe pour le lancer.
    • Sous Vista/Seven , clic droit -> lancer en tant qu’administrateur
    • Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.


    :files
    C:UsersLucasAppDataRoamingPublic
    C:UsersLucasAppDataRoamingD48191F4
    C:UsersPubliciAStorIcon.exe
    C:UsersPublicjusched.exe
    C:UsersLucasAppDataRoamingLucas-wchelper.dll
    C:UsersLucasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup5z1z.lnk
    C:UsersLucasAppDataLocalTempLucas7
    C:UsersLucasAppDataLocalTempLucas8
    C:Windowsadapter.exe
    C:PROGRA~3LOCALS~1Tempmscuiu.exe

    :Reg
    [-HKEY_LOCAL_MACHINESoftwareWow6432NodejSugLyCC]
    [-HKEY_LOCAL_MACHINESoftwarejSugLyCC]
    [HKEY_USERSS-1-5-21-2381913200-3018708405-1333756505-1000SoftwareMicrosoftWindowsCurrentVersionRun]
    "8jusched"=-
    "adapter"=-
    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    "8jusched"=-
    "adapter"=-
    [HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun]
    "jusched7"=-
    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    "jusched7"=-
    [HKEY_USERSS-1-5-21-2381913200-3018708405-1333756505-1000SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun]
    "jusched9"=-
    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun]
    "37364"=-

    :commands
    [emptytemp]
    • Clique sur « MoveIt! » .
    • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l’ordinateur.
    • Si c’est le cas, acceptes en cliquant sur « YES ».
    • Post le rapport dans ta prochaine réponse.
    • Le rapport est situé dans C:_OTMMovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).

    [hr:due2ise7]

    Relance ensuite UsbFix_Beta option suppression et post également le rapport stp

9 sujets de 1 à 9 (sur un total de 9)

Vous devez être connecté pour répondre à ce sujet.