Recycler (Virus USBiquement Transmissible) 2013-12-11T13:58:24+00:00
  • Auteur
    Messages
  • Photo du profil de OropherOropher
    Participant
    Post count: 8

    Bonjours à vous tous,
    Comme précisé dans le titre, je suis passé par un “cybercafé” pour un impression, et au surprise extrême en rouvrant ma clef usb quelques jours plus tard… un dossier important à disparu… LE dossier important évidement! ^^’
    Mais un dossier qui m’a l’air d’un dossier caché nommé “Recycler” est apparu, après quelques recherches, il semblerait que ce soit un virus…

    Petit problème de téléchargement à signaler aussi: j’ai du couper mon antivirus pour télécharger plusieurs logiciels sinon mon navigateur (firefox) me disait que le fichier source ne pouvais pas être lu… avec internet explorer c’était une autre excuse dont je ne me souvient plus…

    Donc les logiciels que j’ai utilisé pour résoudre le problème sont:
    CCleaner (aucun changement évidement mais bon on ne sais jamais! ^^)
    Malwarebytes Anti-Malware (premier passage avec suppression des logiciel trouvé)

    [spoiler:2roepl71]Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.12.11.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Thibault :: PRÉCIEUX [administrateur]

    11/12/2013 13:44:42
    mbam-log-2013-12-11 (13-44-42).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 206086
    Temps écoulé: 1 minute(s), 15 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 12
    HKCRAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{82e1477c-b154-48d3-9891-33d83c26bcd3} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{82e1477c-b154-48d3-9891-33d83c26bcd3} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREBabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREDataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwareDataMngr (PUP.Optional.DataMngr.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwaredelta LTD (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwareBabSolutionUpdater (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwareNosibayBubble Dock Tag (PUP.Optional.BubbleDock.A) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREaartemisSoftwareaartemishp (PUP.Optional.Aartemis.A) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 1
    HKCUSOFTWAREMicrosoftInternet ExplorerMain|Start Page (PUP.Optional.StartPage) -> Mauvais: (http://www1.delta-search.com/?affID=119295&tt=220413_d9116&babsrc=HP_ss&mntrId=E426C860006839AA) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès

    Dossier(s) détecté(s): 2
    C:UsersThibaultAppDataRoamingBabylon (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersThibaultAppDataRoamingFile Scout (PUP.Optional.FileScout.A) -> Mis en quarantaine et supprimé avec succès.

    Fichier(s) détecté(s): 7
    C:UsersThibaultAppDataRoamingFile Scoutfilescout.exe (PUP.Optional.FileScout.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersThibaultAppDataLocalTempvit_aartemis_20131111182538.exe (PUP.Optional.Aartemis.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersThibaultAppDataLocalTempfullpackage_temp1386756456package1.zip (PUP.Optional.NationZoom.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersThibaultDownloadsinstaller_rav_antivirus_desktop_8_6_104_French.exe (PUP.Optional.VIT) -> Mis en quarantaine et supprimé avec succès.
    C:UsersThibaultDownloads_d=HK3WK75V_downloader_fr_99080.exe (PUP.Optional.GoForFiles.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersThibaultAppDataRoamingBabylonlog_file.txt (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersThibaultAppDataRoamingFile Scoutuninst.exe (PUP.Optional.FileScout.A) -> Mis en quarantaine et supprimé avec succès.

    (fin)[/spoiler:2roepl71]

    Malwarebytes Anti-Malware (deuxième passage sans aucun logiciel trouvé)

    [spoiler:2roepl71]Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.12.11.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Thibault :: PRÉCIEUX [administrateur]

    11/12/2013 13:52:58
    mbam-log-2013-12-11 (13-52-58).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 206660
    Temps écoulé: 1 minute(s), 16 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    (fin)[/spoiler:2roepl71]

    Adwcleaner (scanner puis nettoyer)
    [spoiler:2roepl71]# AdwCleaner v3.015 – Rapport créé le 11/12/2013 à 14:01:29
    # Mis à jour le 10/12/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Thibault – PRÉCIEUX
    # Exécuté depuis : C:UsersThibaultDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataBabylon
    Dossier Supprimé : C:ProgramDataTarma Installer
    Dossier Supprimé : C:Program Files (x86)Boxore
    Dossier Supprimé : C:Program Files (x86)Nosibay
    Dossier Supprimé : C:Program Files (x86)yourfiledownloader
    Dossier Supprimé : C:UsersThibaultAppDataRoamingcacaoweb
    Dossier Supprimé : C:UsersThibaultAppDataRoaminggoforfiles
    Dossier Supprimé : C:UsersThibaultAppDataRoamingNosibay
    Dossier Supprimé : C:UsersThibaultAppDataRoamingyourfiledownloader
    Dossier Supprimé : C:Program Files (x86)Software
    Dossier Supprimé : C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultExtensionscacaoweb@cacaoweb.org
    Fichier Supprimé : C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultinvalidprefs.js
    Fichier Supprimé : C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultsearchpluginsBabylon.xml
    Fichier Supprimé : C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultsearchpluginsCherche.xml
    Fichier Supprimé : C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultsearchpluginsdelta.xml
    Fichier Supprimé : C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultuser.js
    Fichier Supprimé : C:WindowsSystem32TasksGoforFilesUpdate
    Fichier Supprimé : C:WindowsSystem32TasksYour File Updater

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Valeur Supprimée : HKLMSOFTWAREMozillaFirefoxExtensions [{9CD2384C-143B-4790-A075-E7FEFE2A554B}]
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsfjglfdldpdljgfjkfgieaocdapejkdlh
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsjeaihkehdlhkocphopopahkfjcfcphef
    Valeur Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [cacaoweb]
    Clé Supprimée : HKLMSOFTWAREClasses*shellfilescout
    Clé Supprimée : HKLMSOFTWAREClassesMIMEDatabaseContent Typeapplication/x-vnd.software.oneclickctrl.8
    Clé Supprimée : HKLMSOFTWAREClassesProd.cap
    Clé Supprimée : HKLMSOFTWAREClassesSoftwareUpdate.CoreClass
    Clé Supprimée : HKLMSOFTWAREClassesSoftwareUpdate.CoreClass.1
    Clé Supprimée : HKLMSOFTWAREClassesSoftwareUpdate.OnDemandCOMClassMachine
    Clé Supprimée : HKLMSOFTWAREClassesSoftwareUpdate.OnDemandCOMClassMachine.1.0
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingboxore_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingboxore_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingYourFile_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingYourFile_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingYourFileUpdater_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingYourFileUpdater_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMozillaPlugins@www.dlmanager.net/omaha/tools//Software Update;version=8
    Clé Supprimée : HKCUSoftwaree2dcdfe63ee443
    Clé Supprimée : HKLMSOFTWAREe2dcdfe63ee443
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_cdburnerxp-pro_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_cdburnerxp-pro_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesAppID{32451DFC-C23B-4E12-866C-FC7982238504}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{257A6158-1416-4B31-9BF8-29FF49F3814F}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{32451DFC-C23B-4E12-866C-FC7982238504}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{7555B87D-D711-48B2-B97D-04DF700652BA}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{DBE82879-914A-422F-BAE9-2ECC80BE536F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{7555B87D-D711-48B2-B97D-04DF700652BA}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{7555B87D-D711-48B2-B97D-04DF700652BA}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{557C21FE-7274-410D-853E-9ED4471BF193}
    Clé Supprimée : HKCUSoftwareBabSolution
    Clé Supprimée : HKCUSoftwarecacaoweb
    Clé Supprimée : HKCUSoftwarefilescout
    Clé Supprimée : HKCUSoftwareGoforFiles
    Clé Supprimée : HKCUSoftwareMozillaPluginsboxore.com/BoxorePlugin
    Clé Supprimée : HKCUSoftwareNosibay
    Clé Supprimée : HKCUSoftwarepowerpack
    Clé Supprimée : HKCUSoftwareSoftonic
    Clé Supprimée : HKCUSoftwareYourFileDownloader
    Clé Supprimée : HKLMSoftwareaartemisSoftware
    Clé Supprimée : HKLMSoftwareBabylon
    Clé Supprimée : HKLMSoftwareDataMngr
    Clé Supprimée : HKLMSoftwareGoforFiles
    Clé Supprimée : HKLMSoftwareVittalia
    Clé Supprimée : HKLMSoftwareYourFileDownloader
    Clé Supprimée : [x64] HKLMSOFTWARETarma Installer
    Donnée Supprimée : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – c:progra~3bitguard271832~1.68{c16c1~1loader.dll
    Donnée Supprimée : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – c:progra~3bitguard271769~1.27{c16c1~1loader.dll
    Clé Supprimée : HKLMSoftwareClassesInstallerFeatures64A6E60055D801F4BB8AC269354B72B8
    Clé Supprimée : HKLMSoftwareClassesInstallerFeatures9BB106980C8CD3949921DAF7159A813A
    Clé Supprimée : HKLMSoftwareClassesInstallerProducts64A6E60055D801F4BB8AC269354B72B8
    Clé Supprimée : HKLMSoftwareClassesInstallerProducts9BB106980C8CD3949921DAF7159A813A

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.16428

    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Page_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultprefs.js ]

    Ligne Supprimée : user_pref(“extensions.delta.admin”, false);
    Ligne Supprimée : user_pref(“extensions.delta.aflt”, “babsst”);
    Ligne Supprimée : user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
    Ligne Supprimée : user_pref(“extensions.delta.autoRvrt”, “false”);
    Ligne Supprimée : user_pref(“extensions.delta.dfltLng”, “en”);
    Ligne Supprimée : user_pref(“extensions.delta.excTlbr”, false);
    Ligne Supprimée : user_pref(“extensions.delta.ffxUnstlRst”, true);
    Ligne Supprimée : user_pref(“extensions.delta.id”, “e426b282000000000000c860006839aa”);
    Ligne Supprimée : user_pref(“extensions.delta.instlDay”, “15818”);
    Ligne Supprimée : user_pref(“extensions.delta.instlRef”, “sst”);
    Ligne Supprimée : user_pref(“extensions.delta.newTab”, false);
    Ligne Supprimée : user_pref(“extensions.delta.prdct”, “delta”);
    Ligne Supprimée : user_pref(“extensions.delta.prtnrId”, “delta”);
    Ligne Supprimée : user_pref(“extensions.delta.rvrt”, “false”);
    Ligne Supprimée : user_pref(“extensions.delta.smplGrp”, “none”);
    Ligne Supprimée : user_pref(“extensions.delta.tlbrId”, “base”);
    Ligne Supprimée : user_pref(“extensions.delta.tlbrSrchUrl”, “”);
    Ligne Supprimée : user_pref(“extensions.delta.vrsn”, “1.8.16.16”);
    Ligne Supprimée : user_pref(“extensions.delta.vrsnTs”, “1.8.16.1620:16:36”);
    Ligne Supprimée : user_pref(“extensions.delta.vrsni”, “1.8.16.16”);

    *************************

    AdwCleaner[R0].txt – [9859 octets] – [11/12/2013 14:00:47]
    AdwCleaner[S0].txt – [9027 octets] – [11/12/2013 14:01:29]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [9087 octets] ##########[/spoiler:2roepl71]

  • Photo du profil de OropherOropher
    Participant
    Post count: 8

    Suite (trop de rapport!! mdr )

    ZHPDiag

    [spoiler:kek0oa2g]~ Rapport de ZHPDiag v2013.12.7.16 – Nicolas Coolman (07/12/2013)
    ~ Lancé par Thibault (11/12/2013 14:06:12)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16428
    MFIE: Mozilla Firefox 25.0.1 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_COA_NSLP channel
    Windows ID Activation : OK
    ~ Windows Partial Key : BP67J
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2007
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d'optimisation du système
    CCleaner v3.25 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer
    µTorrent v2.2.1 =>P2P.µTorrent

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4077 MB (64% free)
    System Restore: Activé (Enable)
    System drive C: has 5 GB (4%) free of 119 GB

    —\ Mode de connexion au système
    ~ Computer Name: PRÉCIEUX
    ~ User Name: Thibault
    ~ All Users Names: Thibault, HomeGroupUser$, ASPNET, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersThibaultAppDataRoamingZHP
    ~ %AppData% : C:UsersThibaultAppDataRoaming
    ~ %Desktop% : C:UsersThibaultDesktop
    ~ %Favorites% : C:UsersThibaultFavorites
    ~ %LocalAppData% : C:UsersThibaultAppDataLocal
    ~ %StartMenu% : C:UsersThibaultAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 119 Go)
    D: CD-ROM drive (Not Inserted)
    E: Hard drive, Flash drive, Thumb drive (Free 376 Go of 932 Go)
    F: Floppy drive, Flash card reader, USB Key (Free 4 Go of 7 Go)
    G: Hard drive, Flash drive, Thumb drive (Free 2053 Go of 2794 Go)
    H: CD-ROM drive (Free 0 Go of 7 Go)
    I: Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)
    J: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.E6CB36B85BE59095337427E853A5B65A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.04/12/2013 – 00:26:18.) — C:WindowsSystem32wininet.dll [2332160]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    Mes images (My Pictures) : 2/2 (Modified)
    ~ Mes musiques (My Musics) : 1/5
    ~ Mes Favoris (My Favorites) : 1/25
    ~ Mes Documents (My Documents) : 1/7550
    ~ Mon Bureau (My Desktop) : 1/543
    ~ Menu demarrer (Programs) : 1/66
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.B644A9A9A8ADDEC20E7956373130AC2D] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2273056] [PID.2756]
    [MD5.384366C69DF4C11133915C3315F541CC] – (.NVIDIA Corporation – NVIDIA NvTmru Application.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe [1028896] [PID.3252]
    [MD5.4D837DC7A4960B3A635AB9F7108D6B0B] – (.Valve Corporation – Steam Client Bootstrapper (buildbot_winslav.) — C:JeuSteamSteam.exe [1823656] [PID.3296]
    [MD5.CC02FBA3F124E56ECDB77BCFA4DAEB9E] – (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe [347648] [PID.3348]
    [MD5.22DA0DDAF1BF9E0FB5C705319024429B] – (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe [399224] [PID.3364] =>P2P.BitTorrent
    [MD5.E08959B4F41E833971BEA1878967D3BD] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.3444]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.3500]
    [MD5.11E8D8272FDBE213ADE3DAD91427CE35] – (.OpenOffice.org – OpenOffice.org 3.3.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [11322880] [PID.3540]
    [MD5.736E57247F12EACECDB224B8D1F7F187] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.3552]
    [MD5.2337EC951C4AF6E1AF65D10BD9615BEB] – (.OpenOffice.org – OpenOffice.org 3.3.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [11314688] [PID.3644]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.3404]
    [MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.4400]
    [MD5.5D60EE718D0C708D69DFF4B3336B68BF] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.4748]
    [MD5.C0F5728CCD08AB01D66646FA320A03F2] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8286208] [PID.6104]
    [MD5.49D9C17FDDFAC66F27FA735E94923216] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [414496] [PID.956]
    [MD5.7A189530FD0CFD415DBE41123F8A6A59] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1312]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1780]
    [MD5.1D3878E5722F0AB3C22D04E88AC4AC55] – (.NVIDIA Corporation – NVIDIA Network Service.) — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1370912] [PID.1876]
    [MD5.7DE35FB26617D9AEF44CEFE9FAC5C51A] – (.Valve Corporation – Steam Client Service (buildbot_winslave04_s.) — C:Program Files (x86)Common FilesSteamSteamService.exe [569768] [PID.1276]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersThibaultAppDataRoamingMozillaFirefoxProfilesw9ai663y.defaultprefs.js
    M2 – MFEP: prefs.js [Thibault – w9ai663y.defaulttoolbarbutton@browseradditions.com] [] BrowserAdditions v1.0 (..)
    ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.searchs.at” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.searchs.at” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.searchs.at/keyword/” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://www.searchs.at” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://www.searchs.at” onclick=”window.open(this.href);return false;
    ~ IE Browser: 22 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Call of Juarez Gunslinger.lnk . (.Techland – Call of Juarez® Gunslinger.) — E:Jeu installéCall of Juarez GunslingerCoJGunslinger.exe
    O4 – GSDesktop [Public]: Dungeon Keeper 2.lnk . (…) — E:Jeu installéDungeon Keeper 2DKII.exe
    O4 – GSDesktop [Public]: FightBoard Advanced.lnk . (…) — C:Program Files (x86)REVOLTECFightBoard Advanced 2.00FightBoard.exe
    O4 – GSDesktop [Public]: Heroes of Might and Magic V – Tribes of the East.lnk . (…) — E:Jeu installéHeroes of Might and Magic V – Tribes of the EastHeroes of Might and Magic V – Tribes of the EastbinH5_Game.exe
    O4 – GSDesktop [Public]: Heroes of Might and Magic V.lnk . (…) — E:Jeu installéHeroes of Might and Magic VbinH5_Game.exe
    O4 – GSDesktop [Public]: Legend of Grimrock.lnk . (…) — E:Jeu installéLegend of Grimrockgrimrock.exe
    O4 – GSDesktop [Public]: MechWarrior Online.lnk . (.Piranha Games Inc. – MechWarrior Online.) — E:Jeu installémechwarriorMechWarrior OnlineBin32MechWarriorOnline.exe
    O4 – GSDesktop [Public]: Nexus Mod Manager.lnk . (.Black Tree Gaming – Nexus Mod Manager.) — C:Program FilesNexus Mod ManagerNexusClient.exe
    O4 – GSDesktop [Public]: Overlord.lnk . (…) — E:Jeu installéOverlordOverlord.exe
    O4 – GSDesktop [Public]: RomStation.lnk . (…) — C:Program Files (x86)RomStationRomStation.exe
    O4 – GSDesktop [Public]: Sniper Elite V2.lnk . (…) — E:Jeu installéSniperEliteV2binSniperEliteV2.exe
    O4 – GSDesktop [Public]: Temple of Elemental Evil.lnk . (…) — C:JeuTemple of Elemental EvilToEE.exe
    O4 – GSDesktop [Public]: Warhammer® Mark of Chaos™.lnk . (.Black Hole Entertainment – Warhammer®: Battle March™.) — C:JeuWarhammer® Mark of ChaosWarhammer.exe
    O4 – GSDesktop [Public]: XCOM Enemy Unknown.lnk . (.Firaxis Games – XCOM: Enemy Unknown.) — C:JeuXCOM Enemy UnknownBinariesWin32XComGame.exe
    O4 – GSDesktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSProgram [Public]: Call of Juarez Gunslinger.lnk . (.Techland – Call of Juarez® Gunslinger.) — E:Jeu installéCall of Juarez GunslingerCoJGunslinger.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Thibault]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [Thibault]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSTaskBar [Thibault]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Thibault]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Thibault]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [Thibault]: AnumanLive.lnk . (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
    O4 – GSDesktop [Thibault]: CivilizationV – Raccourci.lnk . (.Firaxis Games – Sid Meier's Civilization V.) — E:Jeu installéSid Meier's Civilization V – Gods and KingsCivilizationV.exe
    O4 – GSDesktop [Thibault]: Down of War II.lnk . (.THQ Canada Inc. – DOW2.) — E:JeuDown of War IIDOW2.exe
    O4 – GSDesktop [Thibault]: Dragon Age – Origins.lnk . (.BioWare – Launcher Application.) — E:Jeu installéDragon AgeDAOriginsLauncher.exe
    O4 – GSDesktop [Thibault]: Dragon Age 2.lnk . (.BioWare – Dragon Age II.) — E:Jeu installéDragon Age 2bin_shipDragonAge2.exe
    O4 – GSDesktop [Thibault]: Mass Effect 2.lnk . (.BioWare – Mass Effect 2.) — E:Jeu installéMass Effect 2BinariesMassEffect2.exe
    O4 – GSDesktop [Thibault]: Mass Effect 3.lnk . (.BioWare – Mass Effect(TM) 3.) — E:Jeu installéMass Effect 3BinariesWin32MassEffect3.exe
    O4 – GSDesktop [Thibault]: Mass Effect.lnk . (.BioWare – Mass Effect.) — E:Jeu installéMass EffectBinariesMassEffect.exe
    O4 – GSDesktop [Thibault]: Mount&Blade With Fire and Sword.lnk . (. Taleworlds Entertainment – Mount&Blade: With Fire and Sword.) — C:Program Files (x86)Mount&Blade With Fire and Swordmb_wfas.exe
    O4 – GSDesktop [Thibault]: Nexus.lnk . (…) — E:Jeu installéNexus – The Jupiter Incidentnexus.exe
    O4 – GSDesktop [Thibault]: Ordinateur – Raccourci.lnk – Clé orpheline
    O4 – GSDesktop [Thibault]: Photoshop.lnk . (.Adobe Systems, Incorporated – Adobe Photoshop CS6.) — C:Program Files (x86)AdobeAdobe Photoshop CS6Photoshop.exe =>.Adobe Systems Incorporated
    O4 – GSDesktop [Thibault]: Rome Total War 2.lnk . (.The Creative Assembly Ltd – Total War: Rome II.) — E:Jeu installéTotal War Rome IIRome2.exe
    O4 – GSDesktop [Thibault]: Sid Meiers Civilization V.lnk . (.Firaxis Games – Civilization V Launcher.) — C:JeuSid Meier's Civilization VLauncher.exe
    O4 – GSDesktop [Thibault]: Total War™ SHOGUN 2.lnk . (.The Creative Assembly Ltd – Total War: SHOGUN 2.) — E:Jeu installéTotal War Shogun 2Shogun2.exe
    O4 – GSDesktop [Thibault]: Téléchargement.lnk . (…) — E:Téléchargement
    O4 – GSDesktop [Thibault]: wesnoth.lnk . (…) — E:JeuBattle for Wesnoth 1.8.5wesnoth.exe
    ~ Global Startup: 99 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Thibault]: OpenOffice.org 3.3.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
    O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Logitech Download Assistant] . (.Logitech, Inc. – Logitech Download Assistant.) — C:WindowsSystem32LogiLDA.dll
    O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [Nvtmru] . (.NVIDIA Corporation – NVIDIA NvTmru Application.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Corenvtmru.exe
    O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
    O4 – HKCU..Run: [Steam] . (.Valve Corporation – Steam Client Bootstrapper (buildbot_winslav.) — C:JeuSteamSteam.exe
    O4 – HKCU..Run: [AnumanLive] . (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
    O4 – HKCU..Run: [AdobeBridge] Clé orpheline
    O4 – HKCU..Run: [uTorrent] . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [NWEReboot] Clé orpheline
    O4 – HKLM..Wow6432NodeRun: [SwitchBoard] . (.Adobe Systems Incorporated – SwitchBoard Server (32 bit).) — C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    O4 – HKLM..Wow6432NodeRun: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated – Adobe CS6 Service Manager.) — C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKLM..Wow6432NodeRun: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAVAST SoftwareAvastsetupemupdate9e6f17cc-3f6c-4ec1-a858-5c4e1cff4cc2.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [Steam] . (.Valve Corporation – Steam Client Bootstrapper (buildbot_winslav.) — C:JeuSteamSteam.exe
    O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [AnumanLive] . (.Anuman Interactive – Anuman Live.) — C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
    O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [AdobeBridge] Clé orpheline
    O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [uTorrent] . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – HKUSS-1-5-21-1466337346-2495501497-3402362536-1000..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{8E3C289F-02CB-41E3-91A0-465F0065B175}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCCSServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpNameServer = 91.121.161.184 188.165.197.144
    O17 – HKLMSystemCCSServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpDomain = lan
    O17 – HKLMSystemCS1ServicesTcpip..{8E3C289F-02CB-41E3-91A0-465F0065B175}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS1ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpNameServer = 91.121.161.184 188.165.197.144
    O17 – HKLMSystemCS1ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpDomain = lan
    O17 – HKLMSystemCS2ServicesTcpip..{8E3C289F-02CB-41E3-91A0-465F0065B175}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS2ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpNameServer = 91.121.161.184 188.165.197.144
    O17 – HKLMSystemCS2ServicesTcpip..{905C9DA1-E473-4186-87A8-7408E1C66D3D}: DhcpDomain = lan
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 91.121.161.184 188.165.197.144
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Arcanum – (.Troika Games LLC.) [HKLM][64Bits] — {08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}
    O42 – Logiciel: Dungeon Keeper 2 – (…) [HKLM][64Bits] — Dungeon Keeper II
    O42 – Logiciel: MechWarrior Online – (.Piranha Games Inc..) [HKLM][64Bits] — {1B2EC53E-FB7C-40E7-A4E8-504171771FC0}
    O42 – Logiciel: MechWarrior Online – (.Piranha Games Inc..) [HKLM][64Bits] — {73bcb521-8936-42d7-ad00-ec2bb399e26c}
    O42 – Logiciel: Temple of Elemental Evil – (…) [HKLM][64Bits] — {AD80F06B-0F21-4EEE-934D-BEF0D21E6383}
    O42 – Logiciel: lesFourmis – (…) [HKLM][64Bits] — lesFourmis
    ~ Logic: 26 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwarePiranha Games]
    ~ Key Software: 292 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 11/12/2013 – 11:09:54 – [0] —-D C:Program Files (x86)GeCAD
    ~ Program Folder: 139 Legitimates Filtered in 00mn 02s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 04/12/2013 – 00:26:18 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
    O44 – LFC:[MD5.141A4682049682B8337F946E10CDCE65] – 11/12/2013 – 13:00:01 —A- . (…) — C:UsbFix [Scan 1] PRÉCIEUX.txt [9411]
    ~ Files: 90 Legitimates Filtered in 00mn 01s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{118b0bf1-4de5-11e1-acdb-c860006839aa}AutoRuncommand. (.BioWare – Launcher Application.) — H:autorun.exe
    O51 – MPSK:{2cc013cb-4c47-11e1-81ea-806e6f6e6963}AutoRuncommand. (…) — D:autorun.exe (.not file.)
    O51 – MPSK:{47dd5448-4c44-11e1-baad-806e6f6e6963}AutoRuncommand. (…) — D:Binassetup.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 06/11/2013 – 21:16:51 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
    O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 06/11/2013 – 21:16:51 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
    O58 – SDL:[MD5.B4BDE3F758A34658A37DFED3D9783CD8] – 09/03/2012 – 13:45:03 —A- . (…) — C:WindowsSystem32Driversatksgt.sys [88480]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.955982BF4421B77722196552B62E8DC2] – 09/03/2012 – 13:45:03 —A- . (…) — C:WindowsSystem32Driverslirsgt.sys [46400]
    O58 – SDL:[MD5.656736958178461D25B51BB0D9EC7D09] – 01/12/2013 – 18:28:38 —A- . (.Duplex Secure Ltd. – SCSI Pass Through Direct Host.) — C:WindowsSystem32Driverssptd.sys [381440]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:[MD5.E30B899AB45384AE27656619A702EA7A] – 28/11/2007 – 13:48:54 —A- . (.Copyright (C) Listan GmbH & Co.KG – REVOLTEC FightBoard Advanced Game Controller Driver.) — C:WindowsSystem32Driverssystormflb.sys [23712]
    O58 – SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] – 02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
    ~ Drivers: 16 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1Duran1.xml [5765]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4Duran1_Story.xml [25370]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4savegame.das [2225636]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4savegame.das.met [1138]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesAutoSave_4screen.dds [65664]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1Duran1_Story.xml [25370]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1savegame.das [2225860]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1savegame.das.met [1138]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesQuickSave_1screen.dds [65664]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1Duran1_Story.xml [25440]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1Oropher.das [2244444]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1Oropher.das.met [1150]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeCharactersDuran1SavesSlot_1screen.dds [65664]
    O61 – LFC: 08/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon AgeSettingsProfile.dap [25630]
    O61 – LFC: 11/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultAppDataRoamingZHPLog.txt [16861] =>.Nicolas Coolman
    O61 – LFC: 11/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultAppDataRoamingZHPTestsZHPDiag.txt [2938] =>.Nicolas Coolman
    O61 – LFC: 11/12/2013 – 14:06:36 —A- . (…) — C:UsersThibaultDocumentsBioWareDragon Age 2systeminformation.xml [7845]
    O61 – LFC: 11/12/2013 – 14:06:39 —A- . (…) — C:UsersThibaultDownloadsadwcleaner.exe [1226802]
    O61 – LFC: 11/12/2013 – 14:06:41 —A- . (…) — C:UsersThibaultDownloadsUsbFix(1).exe [0]
    O61 – LFC: 11/12/2013 – 14:06:41 —A- . (…) — C:UsersThibaultDownloadsUsbFix(2).exe [0]
    O61 – LFC: 11/12/2013 – 14:06:41 —A- . (…) — C:UsersThibaultDownloadsUsbFix.exe [0]
    ~ 100 Fichiers temporaires (Temporary files)
    ~ Files: 780 Legitimates Filtered in 00mn 07s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    E:JeucrackCRACK-Bataille pour la terre du milieuLe Seigneur Des Anneaux – La Bataille Pour La Terre Du Milieu (The Battle For Middle Earth) – Keygen.zip
    E:JeucrackCRACK-Bataille pour la terre du milieuThe Lord Of The Rings – The Battle For Middle Earth Keygen.rar
    E:JeuMass Effect 2Mass Effect 2 Keygen, crack, et infoskeygen.exe
    E:JeuMass Effect 2Mass Effect 2 Keygen, crack, et infosMassEffect2.exe
    E:JeuMass Effect 2ME2_1_FA98keygen.exe
    ~ Files: Scanned in 00mn 38s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.13C16BD2140940551895CF0BAD91DB87] [SPRF][11/12/2013] (…) — C:UsersThibaultAppDataLocalTemp42050-359-rav-antivirus-desktop.exe [12802048]
    [MD5.F4118787E9A624968F8D82990623EAA2] [SPRF][11/12/2013] (…) — C:UsersThibaultAppDataLocalTempinstloffer.exe [557356]
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/12/2013] (…) — C:UsersThibaultAppDataLocalTempOKitSpaceSetup.exe [0] =>PUP.Onekit
    [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (…) — C:UsersThibaultAppDataLocalTempQuarantine.exe [360051]
    [MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. – Uninstaller Application.) — C:UsersThibaultAppDataLocalTempuninst1.exe [389632] =>PUP.Babylon
    ~ Files: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{5B9DE060-65D4-4EF7-BCB1-D933A258B5D2}C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe” |In – Private – P6 – TRUE | .(…) — C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe (.not file.)
    O87 – FAEL: “UDP Query User{17DED76C-822D-44E9-80C0-0E1B53A86564}C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe” |In – Private – P17 – TRUE | .(…) — C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe (.not file.)
    O87 – FAEL: “TCP Query User{7FD21FDB-0A4D-461A-A992-2491E114B13D}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O87 – FAEL: “UDP Query User{D33BABA7-7002-462B-97D8-41E404F2DE7E}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O87 – FAEL: “{CF191F31-9808-452B-9566-8DE8D31E2F06}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
    O87 – FAEL: “{BE9BAF20-CE73-4CF2-9888-403D50DD7E1A}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
    O87 – FAEL: “{E1CA07F9-E0E4-4CFB-BA2E-33AA617BB5D9}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
    O87 – FAEL: “{C6171E89-7B51-4354-9261-9FE76661286F}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
    O87 – FAEL: “TCP Query User{47C3C347-D272-4288-9594-9B89C55D5970}E:jeubattle for wesnoth 1.8.5wesnothd.exe” | In – Private – P6 – TRUE | .(…) — E:jeubattle for wesnoth 1.8.5wesnothd.exe
    O87 – FAEL: “UDP Query User{5413FE72-3CDE-4C8E-9851-B9B2ECB6222A}E:jeubattle for wesnoth 1.8.5wesnothd.exe” | In – Private – P17 – TRUE | .(…) — E:jeubattle for wesnoth 1.8.5wesnothd.exe
    O87 – FAEL: “TCP Query User{2E82F62A-4041-4812-ADE0-29672C729C90}C:jeurome – total warrometw.exe” |In – Private – P6 – FALSE | .(…) — C:jeurome – total warrometw.exe (.not file.)
    O87 – FAEL: “UDP Query User{EA97DF13-B145-40C0-8E8E-10AA8B85E9DD}C:jeurome – total warrometw.exe” |In – Private – P17 – FALSE | .(…) — C:jeurome – total warrometw.exe (.not file.)
    O87 – FAEL: “TCP Query User{55E233A4-C890-4066-8321-6CE0544F1C22}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Public – P6 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O87 – FAEL: “UDP Query User{2029B272-793D-4372-8846-051ABE4980BD}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Public – P17 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O87 – FAEL: “TCP Query User{042F912B-760B-4F11-B8B1-A1997042C30A}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Private – P6 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
    O87 – FAEL: “UDP Query User{AEE91F9C-FC4A-432A-9747-495FBFA07DA4}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Private – P17 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
    O87 – FAEL: “TCP Query User{4CDD4C69-45A0-4C10-BB07-E31FC9A62C9A}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Public – P6 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
    O87 – FAEL: “UDP Query User{176156CB-29E8-4C0A-8B4C-477F8524F583}E:jeu installéheroes of might and magic vbinh5_game.exe” | In – Public – P17 – TRUE | .(.Pas de propriétaire – Heroes of Might and Magic V.) — E:jeu installéheroes of might and magic vbinh5_game.exe
    O87 – FAEL: “TCP Query User{A6410583-5364-4EDE-A68E-39EA6E9309AB}C:jeuwarhammer® mark of chaoswarhammer.exe” | In – Private – P6 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:jeuwarhammer® mark of chaoswarhammer.exe
    O87 – FAEL: “UDP Query User{F74D7510-3253-4F2E-A78E-02AE0ABAB741}C:jeuwarhammer® mark of chaoswarhammer.exe” | In – Private – P17 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:jeuwarhammer® mark of chaoswarhammer.exe
    O87 – FAEL: “{E105079D-AC2E-42A4-AF8E-59CC87BA9926}” | In – Public – P6 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:JeuWarhammer® Mark of ChaosWarhammer.exe
    O87 – FAEL: “{0526EE69-1865-45ED-8EE4-3A5BA6B526AA}” | In – Public – P17 – TRUE | .(.Black Hole Entertainment – Warhammer®: Battle March™.) — C:JeuWarhammer® Mark of ChaosWarhammer.exe
    O87 – FAEL: “{45042BBB-FA6A-4FED-9CF9-1D366F7A74F1}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{8380FA16-9DEA-449D-B256-A87993890350}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{1E46F584-9033-4B56-A9EE-6DBE6E2CE39E}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{33AADC9E-D30F-438D-B415-89545F680C73}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “TCP Query User{7412A1B9-2DB5-49C7-AA6F-C44D80308A6A}E:jeu installéoriginal warowarfull.exe” | In – Private – P6 – TRUE | .(…) — E:jeu installéoriginal warowarfull.exe
    O87 – FAEL: “UDP Query User{AC1F002D-D4E7-471D-A26F-3610C244DC23}E:jeu installéoriginal warowarfull.exe” | In – Private – P17 – TRUE | .(…) — E:jeu installéoriginal warowarfull.exe
    ~ Firewall: 285 Legitimates Filtered in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “93C19CBAD662240428E834680E2F2581” . (.Warhammer Battle March.) — C:WindowsInstaller{ABC91C39-266D-4042-828E-4386E0F25218}ARPPRODUCTICON.exe
    ~ Update Products: 48 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.964914A3090CE0E7CB5D5144B3E0D37B] [WIS][17/09/2013] (.Piranha Games Inc. – MechWarrior Online.) — C:WindowsInstaller16d954.msi [6668288]
    [MD5.79E6443F01B4B1C3B957AA38DDD564FF] [WIS][16/07/2012] (.Boxore OU. – Software Update Helper.) — C:WindowsInstaller204b49.msi [45056] =>Adware.Boxore
    [MD5.0D3D8A540679ABE6CE4F8EB43475102B] [WIS][31/01/2012] (.REVOLTEC – FightBoard Advanced.) — C:WindowsInstaller25a13.msi [10309632]
    [MD5.93F772291029409295D4CF49368EAA1F] [WIS][17/09/2004] (.Nom de votre société – Nexus – The Jupiter Incident.) — C:WindowsInstaller2c44a1.msi [3610600]
    [MD5.918ACE4687D2FBE32BB792A4922C8F3B] [WIS][18/04/2008] (.Namco Bandai Games – Warhammer Mark of Chaos.) — C:WindowsInstaller2c77eea.msi [4510720]
    ~ WIS: 64 Legitimates Filtered in 00mn 02s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 15/12/2009 25832 | (DAUpdaterSvc) . (.BioWare.) – E:Jeu installéDragon Agebin_shipDAUpdaterSvc.Service.exe
    SS – | Demand 16/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe

    SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 06/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 19/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 25/10/2013 2768208 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 29/11/2013 1370912 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    SR – | Auto 29/11/2013 15128352 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    SR – | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Demand 04/12/2013 569768 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SR – | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Thibault at 11/12/2013 14:07:26
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Thibault at 11/12/2013 14:07:28

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:[MD5.656736958178461D25B51BB0D9EC7D09] – 01/12/2013 – 18:28:38 —A- . (.Duplex Secure Ltd. – SCSI Pass Through Direct Host.) — C:WindowsSystem32Driverssptd.sys [381440]
    ~ Emulateurs: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13011 – (07/12/2013)
    Clés trouvées (Keys found) : 7
    Valeurs trouvées (Values found) : 3
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 18

    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesBA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products9BB106980C8CD3949921DAF7159A813A] =>Adware.Boxore
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:uTorrent =>P2P.BitTorrent^
    C:UsersThibaultAppDataLocalSoftware =>Adware.Boxore
    C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent^
    C:UsersThibaultAppDataLocalTempOKitSpaceSetup.exe =>PUP.Onekit^
    C:UsersThibaultAppDataLocalTempuninst1.exe =>PUP.Babylon^
    C:WindowsInstaller204b49.msi =>Adware.Boxore^
    C:UsersThibaultDownloadscacaoweb.exe =>PUP.CacaoWeb
    C:UsersThibaultAppDataLocalTempinstloffer.exe =>PUP.OfferBox
    C:UsersThibaultAppDataLocalTempime_babylon_logo.bmp =>PUP.SweetIM
    C:UsersThibaultAppDataLocalTempsquare_wajam.bmp =>Toolbar.Wajam
    C:UsersThibaultAppDataLocalTempwajam_image1.bmp =>Toolbar.Wajam
    C:UsersThibaultAppDataLocalTempwajam_logo.bmp =>Toolbar.Wajam
    C:UsersThibaultAppDataLocalTempwajam_terms.rtf =>Toolbar.Wajam
    C:UsersThibaultAppDataLocalTempmoreinfo_boxore.bmp =>Adware.Boxore
    C:UsersThibaultAppDataLocalTempsquare_boxore.bmp =>Adware.Boxore
    C:UsersThibaultAppDataLocalTemplollipop_moreinfo.bmp =>Adware.Lollipop
    C:UsersThibaultAppDataLocalTempsquare_lollipop.bmp =>Adware.Lollipop
    C:UsersThibaultAppDataLocalTemppricepeep_logo.bmp =>Adware.PricePeep
    C:UsersThibaultAppDataLocalTempsquare_pricepeep.bmp =>Adware.PricePeep
    ~ Additionnel Scan: 201544 Items scanned in 00mn 12s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/33456961-pup-onekit” onclick=”window.open(this.href);return false; =>PUP.OneKit
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
    ~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader” onclick=”window.open(this.href);return false; =>PUP.YourFileDownloader
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
    ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
    ~ MSI: 9 link(s) detected in 00mn 12s

    ~ 1898 Legitimates filtered by white list
    End of the scan (579 lines in 01mn 28s)(5)[/spoiler:kek0oa2g]

  • Photo du profil de Destrio5Destrio5
    Participant
    Post count: 211

    Bonjour,

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes tes sources de données externes sur ton PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Double-clique sur UsbFix pour le lancer.
      (Sous Vista/Win7/Win8, il faut cliquer droit sur UsbFix et choisir Exécuter en tant qu’administrateur)
    • Choisis l’option Recherche.

    • Copie-colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse.
  • Photo du profil de OropherOropher
    Participant
    Post count: 8

    resuite! :dodo10:

    et enfin Usbfix (recherche puis supression)

    [spoiler:1sdtxfhg]############################## | UsbFix V 7.153 | [Recherche]

    Utilisateur: Thibault (Administrateur) # PRÉCIEUX
    Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 14:29:31 | 11/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer INC. (P8Z68-V LX)
    CPU: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
    RAM -> [Total : 4077 | Free : 2632]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.16428
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 119 Go (5 Go libre(s) – 4%) [] # NTFS
    D: -> CD-ROM
    E: -> Disque fixe # 932 Go (376 Go libre(s) – 40%) [] # NTFS
    F: -> Disque amovible # 7 Go (4 Go libre(s) – 55%) [] # FAT32
    G: -> Disque fixe # 2794 Go (2053 Go libre(s) – 73%) [Disque vinyle] # NTFS
    H: -> CD-ROM
    I: -> Disque amovible # 120 Mo (120 Mo libre(s) – 100%) [USB DISK] # FAT
    J: -> Disque amovible # 981 Mo (981 Mo libre(s) – 100%) [LOULOU CCI] # FAT

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 560 |ParentID: 540)
    C:Windowssystem32wininit.exe (ID: 632 |ParentID: 540)
    C:Windowssystem32csrss.exe (ID: 640 |ParentID: 624)
    C:Windowssystem32services.exe (ID: 688 |ParentID: 632)
    C:Windowssystem32winlogon.exe (ID: 720 |ParentID: 624)
    C:Windowssystem32lsass.exe (ID: 748 |ParentID: 632)
    C:Windowssystem32lsm.exe (ID: 756 |ParentID: 632)
    C:Windowssystem32svchost.exe (ID: 848 |ParentID: 688)
    C:Windowssystem32nvvsvc.exe (ID: 932 |ParentID: 688)
    C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID: 956 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 1000 |ParentID: 688)
    C:WindowsSystem32svchost.exe (ID: 488 |ParentID: 688)
    C:WindowsSystem32svchost.exe (ID: 544 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 680 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 340 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 1224 |ParentID: 688)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1312 |ParentID: 688)
    C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1348 |ParentID: 932)
    C:Windowssystem32nvvsvc.exe (ID: 1356 |ParentID: 932)
    C:WindowsSystem32spoolsv.exe (ID: 1664 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 1692 |ParentID: 688)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1780 |ParentID: 688)
    C:Program Filesma-config.comMaConfigAgent.exe (ID: 1824 |ParentID: 688)
    C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe (ID: 1876 |ParentID: 688)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 1924 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 1412 |ParentID: 688)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2064 |ParentID: 688)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2540 |ParentID: 2064)
    C:Windowssystem32rundll32.exe (ID: 2616 |ParentID: 2604)
    C:Windowssystem32taskhost.exe (ID: 2920 |ParentID: 688)
    C:Windowssystem32Dwm.exe (ID: 3008 |ParentID: 544)
    C:WindowsExplorer.EXE (ID: 3040 |ParentID: 2996)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 1448 |ParentID: 1924)
    C:Windowssystem32conhost.exe (ID: 1408 |ParentID: 640)
    C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe (ID: 2756 |ParentID: 2744)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 3136 |ParentID: 3040)
    C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe (ID: 3252 |ParentID: 3040)
    C:JeuSteamSteam.exe (ID: 3296 |ParentID: 3040)
    C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe (ID: 3348 |ParentID: 3040)
    C:Program Files (x86)uTorrentuTorrent.exe (ID: 3364 |ParentID: 3040)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 3444 |ParentID: 3400)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3500 |ParentID: 3400)
    C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 3540 |ParentID: 3428)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3552 |ParentID: 3400)
    C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 3644 |ParentID: 3540)
    C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 3660 |ParentID: 1348)
    C:Windowssystem32SearchIndexer.exe (ID: 2404 |ParentID: 688)
    C:Program Files (x86)Common FilesSteamSteamService.exe (ID: 1276 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 1908 |ParentID: 688)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4260 |ParentID: 688)
    C:WindowsSystem32svchost.exe (ID: 4608 |ParentID: 688)
    C:Windowssystem32svchost.exe (ID: 4984 |ParentID: 688)
    C:WindowsSystem32WUDFHost.exe (ID: 5056 |ParentID: 544)
    C:Windowssystem32DllHost.exe (ID: 5380 |ParentID: 848)
    C:Windowssystem32taskhost.exe (ID: 5884 |ParentID: 688)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 2532 |ParentID: 688)
    C:WindowsSystem32svchost.exe (ID: 3264 |ParentID: 688)
    C:Windowssystem32wbemwmiprvse.exe (ID: 1112 |ParentID: 848)
    C:Windowssystem32SearchProtocolHost.exe (ID: 872 |ParentID: 2404)
    C:Windowssystem32SearchFilterHost.exe (ID: 3392 |ParentID: 2404)
    C:UsbFixGo.exe (ID: 5500 |ParentID: 2584)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [NWEReboot] –
    04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9e6f17cc-3f6c-4ec1-a858-5c4e1cff4cc2.exe /check
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [NWEReboot] –
    04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9e6f17cc-3f6c-4ec1-a858-5c4e1cff4cc2.exe /check
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [Steam] – “C:JeuSteamSteam.exe” -silent
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [AnumanLive] – C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [AdobeBridge] –
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [uTorrent] – “C:Program Files (x86)uTorrentuTorrent.exe”
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    ################## | Registre |

    ################## | Vaccin |

    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1sdtxfhg]

    [spoiler:1sdtxfhg]############################## | UsbFix V 7.153 | [Suppression]

    Utilisateur: Thibault (Administrateur) # PRÉCIEUX
    Mis à jour le 09/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 14:31:12 | 11/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer INC. (P8Z68-V LX)
    CPU: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
    RAM -> [Total : 4077 | Free : 2801]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.16428
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 119 Go (5 Go libre(s) – 4%) [] # NTFS
    D: -> CD-ROM
    E: -> Disque fixe # 932 Go (376 Go libre(s) – 40%) [] # NTFS
    F: -> Disque amovible # 7 Go (4 Go libre(s) – 55%) [] # FAT32
    G: -> Disque fixe # 2794 Go (2053 Go libre(s) – 73%) [Disque vinyle] # NTFS
    H: -> CD-ROM
    I: -> Disque amovible # 120 Mo (120 Mo libre(s) – 100%) [USB DISK] # FAT
    J: -> Disque amovible # 981 Mo (981 Mo libre(s) – 100%) [LOULOU CCI] # FAT

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1312 |ParentID: 688)
    Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3552 |ParentID: 3400)
    Stoppé! C:WindowsSystem32rundll32.exe (ID: 2684 |ParentID: 848)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 800 |ParentID: 544)
    Stoppé! C:Program Filesma-config.comMaConfigAgent.exe (ID: 4976 |ParentID: 688)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 5580 |ParentID: 688)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3188 |ParentID: 688)
    Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 3628 |ParentID: 3188)
    Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 4748 |ParentID: 3188)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3560 |ParentID: 5580)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3896 |ParentID: 688)
    Stoppé! C:Windowssystem32DllHost.exe (ID: 5060 |ParentID: 848)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 5468 |ParentID: 688)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [NWEReboot] –
    04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9e6f17cc-3f6c-4ec1-a858-5c4e1cff4cc2.exe /check
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [NWEReboot] –
    04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate9e6f17cc-3f6c-4ec1-a858-5c4e1cff4cc2.exe /check
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [Steam] – “C:JeuSteamSteam.exe” -silent
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [AnumanLive] – C:UsersThibaultAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [AdobeBridge] –
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [uTorrent] – “C:Program Files (x86)uTorrentuTorrent.exe”
    04 – HKUS-1-5-21-1466337346-2495501497-3402362536-1000SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-1466337346-2495501497-3402362536-1000Software….Mountpoints2F
    Supprimé! HKUS-1-5-21-1466337346-2495501497-3402362536-1000Software….Mountpoints2{118b0bf1-4de5-11e1-acdb-c860006839aa}
    Supprimé! HKUS-1-5-21-1466337346-2495501497-3402362536-1000Software….Mountpoints2{2cc013cb-4c47-11e1-81ea-806e6f6e6963}
    Supprimé! HKUS-1-5-21-1466337346-2495501497-3402362536-1000Software….Mountpoints2{47dd5448-4c44-11e1-baad-806e6f6e6963}

    ################## | Listing |

    [07/06/2012 – 14:53:22 | N | 0 Ko] – C:cmdlog.txt
    [11/12/2013 – 13:00:01 | N | 9 Ko] – C:UsbFix [Scan 1] PRÉCIEUX.txt
    [11/12/2013 – 14:29:51 | N | 9 Ko] – C:UsbFix [Scan 2] PRÉCIEUX.txt
    [11/12/2013 – 14:31:31 | A | 6 Ko] – C:UsbFix [Clean 2] PRÉCIEUX.txt
    [11/12/2013 – 14:02:56 | ASH | 3131296 Ko] – C:hiberfil.sys
    [11/12/2013 – 14:02:57 | ASH | 4175064 Ko] – C:pagefile.sys
    [06/09/2013 – 11:15:42 | SHD] – C:$Recycle.Bin
    [11/12/2013 – 14:07:27 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [14/07/2009 – 04:20:08 | D] – C:PerfLogs
    [14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
    [31/01/2012 – 20:55:54 | SHD] – C:Recovery
    [31/01/2012 – 21:00:01 | D] – C:Intel
    [31/01/2012 – 21:27:02 | D] – C:NVIDIA
    [20/03/2013 – 15:43:09 | D] – C:Jeu
    [25/05/2013 – 20:59:09 | D] – C:Program Files
    [02/12/2013 – 19:23:17 | D] – C:Users
    [11/12/2013 – 12:06:15 | SHD] – C:System Volume Information
    [11/12/2013 – 13:50:58 | D] – C:Windows
    [11/12/2013 – 14:01:29 | HD] – C:ProgramData
    [11/12/2013 – 14:01:30 | D] – C:AdwCleaner
    [11/12/2013 – 14:05:34 | D] – C:Program Files (x86)
    [11/12/2013 – 14:31:12 | D] – C:UsbFix
    [19/02/2012 – 23:59:59 | D] – E:msdownld.tmp
    [02/07/2012 – 17:48:04 | N | 10167 Ko] – E:Deluxe – Polishing Peanuts (feat.mp3
    [18/07/2012 – 16:14:00 | N | 8565 Ko] – E:Dub FX 'Flow' feat. Woodnote.mp3
    [08/02/2013 – 13:05:58 | N | 9958 Ko] – E:odezenne – saxophone.mp3
    [08/02/2013 – 16:15:12 | N | 5505 Ko] – E:odezenne – IMPALPABLE – Sans chantilly.mp3
    [13/04/2013 – 11:41:14 | N | 9946 Ko] – E:MC Xander – Gnosis.mp3
    [21/05/2013 – 18:27:54 | N | 4595 Ko] – E:KarlK – Colors of Africa (Original Mix).mp3
    [21/05/2013 – 21:33:46 | N | 7341 Ko] – E:Paul kalkbrenner – Dockyard.mp3
    [21/05/2013 – 21:38:16 | N | 9252 Ko] – E:Paul Kalkbrenner – Jestrüpp.mp3
    [31/05/2013 – 19:40:26 | N | 5014 Ko] – E:Odezenne – Paranoid.mp3
    [03/06/2013 – 16:08:16 | N | 5325 Ko] – E:BEATAMINES & DAVID JACH – HOW NEVER.mp3
    [03/06/2013 – 16:10:26 | N | 5474 Ko] – E:Blue Hawaii – Try to Be.mp3
    [03/06/2013 – 20:06:06 | N | 3728 Ko] – E:Nuits Blanches – L'Hexaler feat Paco x Swift Guad (Prod. Mani Deïz – Kids of Crackling).mp3
    [17/08/2013 – 22:05:14 | N | 4554 Ko] – E:Kacem & Sear, l'hareng son.mp3
    [17/08/2013 – 23:14:34 | N | 4423 Ko] – E:Klingande – Jubel (Original Mix).mp3
    [28/08/2013 – 08:09:26 | N | 3731 Ko] – E:Ridan – Ulysse.mp3
    [20/09/2012 – 18:45:00 | N | 3365 Ko] – E:Deluxe – Pony.m4a
    [20/09/2012 – 18:47:26 | N | 3718 Ko] – E:Deluxe – Superman feat Taiwan MC.avi.m4a
    [20/09/2012 – 18:49:20 | N | 3581 Ko] – E:Deluxe – Folks & Fellaz (Polishing Peanuts).m4a
    [06/10/2013 – 16:51:20 | N | 5 Ko] – E:AlbumArtSmall.jpg
    [06/10/2013 – 16:51:20 | N | 17 Ko] – E:Folder.jpg
    [11/12/2013 – 14:29:48 | RASHD] – E:Autorun.inf
    [31/01/2012 – 21:23:16 | SHD] – E:$RECYCLE.BIN
    [31/01/2012 – 21:23:03 | SHD] – E:System Volume Information
    [05/04/2013 – 23:07:13 | D] – E:Warhammer Battle
    [11/10/2013 – 13:08:51 | D] – E:Musik
    [23/11/2013 – 20:41:29 | D] – E:LOU
    [25/11/2013 – 10:19:19 | D] – E:photo
    [26/11/2013 – 11:14:27 | D] – E:Jeu
    [07/12/2013 – 16:49:48 | D] – E:Jeu installé
    [11/12/2013 – 12:15:15 | D] – E:Téléchargement
    [28/03/2004 – 16:19:14 | N | 179020 Ko] – F:Koivula_1997_Photoatlas of inclusions in gemstones vol1.pdf
    [07/03/2010 – 11:20:06 | N | 183582 Ko] – F:Manutchehr-Danai_2009_Dictionary of Gems and Gemology 3d ed.pdf
    [28/11/2013 – 16:43:00 | N | 1520 Ko] – F:CV.pdf
    [02/07/2012 – 18:48:04 | N | 10167 Ko] – F:Deluxe – Polishing Peanuts (feat.mp3
    [18/07/2012 – 17:14:00 | N | 8565 Ko] – F:Dub FX 'Flow' feat. Woodnote.mp3
    [08/02/2013 – 14:05:58 | N | 9958 Ko] – F:odezenne – saxophone.mp3
    [08/02/2013 – 17:15:12 | N | 5505 Ko] – F:odezenne – IMPALPABLE – Sans chantilly.mp3
    [13/04/2013 – 12:41:14 | N | 9946 Ko] – F:MC Xander – Gnosis.mp3
    [21/05/2013 – 19:27:54 | N | 4595 Ko] – F:KarlK – Colors of Africa (Original Mix).mp3
    [21/05/2013 – 22:33:46 | N | 7341 Ko] – F:Paul kalkbrenner – Dockyard.mp3
    [21/05/2013 – 22:38:16 | N | 9252 Ko] – F:Paul Kalkbrenner – Jestrüpp.mp3
    [31/05/2013 – 20:40:26 | N | 5014 Ko] – F:Odezenne – Paranoid.mp3
    [03/06/2013 – 17:08:16 | N | 5325 Ko] – F:BEATAMINES & DAVID JACH – HOW NEVER.mp3
    [03/06/2013 – 21:06:06 | N | 3728 Ko] – F:Nuits Blanches – L'Hexaler feat Paco x Swift Guad (Prod. Mani Deïz – Kids of Crackling).mp3
    [17/08/2013 – 23:05:14 | N | 4554 Ko] – F:Kacem & Sear, l'hareng son.mp3
    [18/08/2013 – 00:14:34 | N | 4423 Ko] – F:Klingande – Jubel (Original Mix).mp3
    [28/08/2013 – 09:09:26 | N | 3731 Ko] – F:Ridan – Ulysse.mp3
    [20/09/2012 – 19:45:00 | N | 3365 Ko] – F:Deluxe – Pony.m4a
    [20/09/2012 – 19:47:26 | N | 3718 Ko] – F:Deluxe – Superman feat Taiwan MC.avi.m4a
    [20/09/2012 – 19:49:20 | N | 3581 Ko] – F:Deluxe – Folks & Fellaz (Polishing Peanuts).m4a
    [11/12/2013 – 14:29:52 | RASHD] – F:Autorun.inf
    [14/11/2012 – 17:14:50 | N | 715624 Ko] – F:We Want Sex Equality.avi
    [04/04/2012 – 13:22:52 | D] – F:Various artists [Punk]
    [04/04/2012 – 13:34:34 | D] – F:Paolo Conte
    [04/04/2012 – 13:35:16 | D] – F:Propellerheads
    [04/04/2012 – 13:36:14 | D] – F:Reprises Punk _ Ska
    [04/04/2012 – 13:36:30 | D] – F:Sayag jazz machine
    [04/04/2012 – 13:37:16 | D] – F:Stupeflip 2
    [17/09/2012 – 14:21:08 | D] – F:Stupeflip
    [07/12/2012 – 15:29:50 | D] – F:TREPALIUM – ALCHEMIK CLOCKWORK OF DISORDER 2006 by superjosito foro sedg
    [03/09/2013 – 11:22:34 | D] – F:Rodrigo y Gabriela
    [03/09/2013 – 11:56:02 | D] – F:Les Touffes Krétiennes
    [03/09/2013 – 14:12:26 | D] – F:Shaka Ponk
    [10/09/2013 – 13:32:14 | D] – F:Black Slavery Days
    [10/09/2013 – 16:38:40 | D] – F:Black Eyed Peas (The)
    [02/10/2013 – 13:41:44 | D] – F:Atomic Fireballs
    [20/10/2013 – 13:32:34 | D] – F:beattles
    [25/11/2013 – 07:38:50 | D] – F:livres et doc a imprimer
    [25/11/2013 – 08:00:38 | D] – F:cours de benamou et d artois
    [25/11/2013 – 08:01:00 | D] – F:droit aux enchére avec de danne
    [25/11/2013 – 08:01:38 | D] – F:fiche pratique
    [25/11/2013 – 08:07:08 | D] – F:FICHES 1
    [25/11/2013 – 08:07:26 | D] – F:cours 1 a 8 en pdf
    [14/12/2013 – 16:38:58 | HD] – F:RECYCLER
    [11/12/2013 – 14:29:51 | RASHD] – G:Autorun.inf
    [22/03/2013 – 10:40:37 | SHD] – G:$RECYCLE.BIN
    [18/10/2007 – 20:08:20 | N | 802436 Ko] – G:SIN CITY.AVI
    [22/03/2013 – 10:01:10 | SHD] – G:System Volume Information
    [17/10/2013 – 17:54:50 | D] – G:Film
    [03/11/2013 – 13:57:20 | D] – G:Misfits

    ################## | Vaccin |

    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1sdtxfhg]

    Après avoir fait tout ces test, rapport, suppression, ect…
    tout les dossiers sont revenus sur ma clef (ouf!) mais le fichier recycler est toujours là… est-ce grave? Est-ce le “vaccin” de usbfix?
    enfin bref pensez-vous que j’ai réussit à m’en débarasser?

    merci

  • Photo du profil de Destrio5Destrio5
    Participant
    Post count: 211
    • Copie tout le texte présent en vert ci-dessous (Sélectionne-le, clique droit dessus et choisis “Copier”).

      Script ZHPFix
      SysRestore
      R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.searchs.at” onclick=”window.open(this.href);return false;
      R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.searchs.at” onclick=”window.open(this.href);return false;
      R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.searchs.at/keyword/” onclick=”window.open(this.href);return false;
      R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://www.searchs.at” onclick=”window.open(this.href);return false;
      R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://www.searchs.at” onclick=”window.open(this.href);return false;
      O87 – FAEL: “TCP Query User{5B9DE060-65D4-4EF7-BCB1-D933A258B5D2}C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe” |In – Private – P6 – TRUE | .(…) — C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe (.not file.)
      O87 – FAEL: “UDP Query User{17DED76C-822D-44E9-80C0-0E1B53A86564}C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe” |In – Private – P17 – TRUE | .(…) — C:usersthibaultappdatalocaltempc7c6fbcc787343bc9af9bf91ec8f24eerelicdownloader.exe (.not file.)
      O87 – FAEL: “TCP Query User{7FD21FDB-0A4D-461A-A992-2491E114B13D}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.)
      O87 – FAEL: “UDP Query User{D33BABA7-7002-462B-97D8-41E404F2DE7E}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.)
      O87 – FAEL: “{CF191F31-9808-452B-9566-8DE8D31E2F06}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.)
      O87 – FAEL: “{BE9BAF20-CE73-4CF2-9888-403D50DD7E1A}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.)
      O87 – FAEL: “{E1CA07F9-E0E4-4CFB-BA2E-33AA617BB5D9}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.)
      O87 – FAEL: “{C6171E89-7B51-4354-9261-9FE76661286F}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.)
      O87 – FAEL: “TCP Query User{55E233A4-C890-4066-8321-6CE0544F1C22}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Public – P6 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.)
      O87 – FAEL: “UDP Query User{2029B272-793D-4372-8846-051ABE4980BD}C:usersthibaultappdataroamingcacaowebcacaoweb.exe” |In – Public – P17 – TRUE | .(…) — C:usersthibaultappdataroamingcacaowebcacaoweb.exe (.not file.)
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160]
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesBA086F2D38A8E1A47912955A68B3AD24]
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products64A6E60055D801F4BB8AC269354B72B8]
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products9BB106980C8CD3949921DAF7159A813A]
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C]
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA]
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC]
      C:UsersThibaultAppDataLocalSoftware
      C:WindowsInstaller204b49.msi
      C:UsersThibaultDownloadscacaoweb.exe
      F:RECYCLER
      EmptyFlash
      EmptyTemp

    • Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.
    • Clique sur le bouton “IMPORTER”. Dans l’encadré principal, tu verras les lignes que tu as copié précédemment apparaître.
    • Clique sur “GO” pour lancer le nettoyage. Laisse l’outil travailler et ne touche à rien.
    • Une fois terminé, héberge le rapport ZHPFix.txt sur SosUpload et copie-colle le lien fourni dans ta prochaine réponse.
  • Photo du profil de OropherOropher
    Participant
    Post count: 8
  • Photo du profil de Destrio5Destrio5
    Participant
    Post count: 211

    Plus de RECYCLER ?

    Je voudrais un nouveau rapport ZHPDiag et également un rapport UsbFix option listing.

    M2 - MFEP: prefs.js [Thibault - w9ai663y.defaulttoolbarbutton@browseradditions.com] [] BrowserAdditions v1.0 (..)

    –> Cette extension est voulue ?

  • Photo du profil de OropherOropher
    Participant
    Post count: 8

    ZHP
    Usbfix listing

    si c’est l’extension toolbar, non ce n’est pas voulu… ^^’

    par contre est-ce normal que je dois arrêter l’antivirus pour lancer UsbFix? Surtout que je dois le retélécharger parce qu’il “disparait” quand il ne veut pas se lancer en me disant de vérifier si j’ai entrer le nom correct?

  • Photo du profil de Destrio5Destrio5
    Participant
    Post count: 211

    si c’est l’extension toolbar, non ce n’est pas voulu… ^^’

    –> Désinstalle-la si elle ne te sert pas.

    par contre est-ce normal que je dois arrêter l’antivirus pour lancer UsbFix? Surtout que je dois le retélécharger parce qu’il “disparait” quand il ne veut pas se lancer en me disant de vérifier si j’ai entrer le nom correct?

    –> Ton antivirus doit le détecter à tort. Du coup, il le supprime.

    Le problème est résolu ?

  • Photo du profil de OropherOropher
    Participant
    Post count: 8

    je pense que le problème est résolu, donc Merci beaucoup!! :content32:
    J’ai pris un anti virus payant (bitdefender) afin d’éviter ce genre de problème à l’avenir!

    Par contre j’ai 2 autres clefs que je n’avais pas pu brancher je les ai vaccinées avec bitdefender et usbfix, scannées avec les 2 même logiciels + malwarebit=> rien trouvé je ne pense pas qu’elles soient infectées mais bon on ne sait jamais, je préfèrerais te montrer les rapports (recherche et suppression) fait avec usbfix, il n’y a aucun dossier manquant normalement ni le fameux dossier “Recycler”.

    Recherche

    Suppression

    :merci2:

  • Photo du profil de Destrio5Destrio5
    Participant
    Post count: 211

    Le dossier “Recycler” est légitime mais il peut être utilisé par des infections.

    Les deux rapports ne montrent pas d’infection.

    Pour finir :

    1/

    • Télécharge et installe CCleaner.
    • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers temporaires de Windows datant de plus de 24 heures.
    • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

    2/

    • Télécharge DelFix sur ton Bureau puis lance-le.
    • Coche Purger la restauration système et laisse Supprimer les outils de désinfection coché.
    • Clique sur Exécuter.

    • Poste le rapport.

    ==Prévention==

    Mets à jour Adobe Reader (décoche McAfee Security Scan Plus).

    Un dossier sur la prévention et sécurité sur Internet est disponible ici.

  • Photo du profil de OropherOropher
    Participant
    Post count: 8

    Je te remercie (encore^^) pour ta grande aide, je parlerai de l’efficacité de votre forum au personne que je connais!! :content32:

    :merci2:

  • Photo du profil de Destrio5Destrio5
    Participant
    Post count: 211

    Bonne fin de journée :super:

    [fin2desinf:20gp7i6f][/fin2desinf:20gp7i6f]

Le sujet ‘Recycler (Virus USBiquement Transmissible)’ est fermé à de nouvelles réponses.