Redirection des brozsers sur des sites pub 2014-05-06T07:49:45+00:00
  • Auteur
    Messages
  • Anonyme
    Post count: 0

    :)

    • Pour supprimer les outils de désinfections utilisés :
    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche les cases suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

    [fin2desinf:2zjp5np1][/fin2desinf:2zjp5np1]

  • belarbi
    Participant
    Post count: 5

    GRAND MERCI A TOUS ET BONNE CONTINUATION.

    [center:29ce3d0p]PROBLEME RESOLU[/center:29ce3d0p]

    :super:

  • belarbi
    Participant
    Post count: 5

    Désolé!!!! Voici le rapport Nettoyage.

    ############################## | UsbFix V 7.170 | [Nettoyage]

    Utilisateur: IBM (Administrateur) # IBM-PC
    Mis à jour le 04/05/2014 par El Desaparecido – SosVirus
    Lancé à 17:09:47 | 06/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Assistance : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: LENOVO (LENOVO)
    CPU: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
    RAM -> [Total : 2038 Mo| Free : 1128 Mo]
    Bios: LENOVO
    Boot: Normal boot

    OS: Microsoft Windows 7 Professionnel (6.1.7600 32-Bit)
    WB: Windows Internet Explorer : 8.0.7600.16385
    WB: Google Chrome : 34.0.1847.131
    WB: Mozilla Firefox : 29.0

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender [Enabled | (!) Outdated]
    AS: avast! Antivirus [(!) Disabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 44 Go (21 Go libre(s) – 47%) [] # NTFS
    D: -> Disque fixe # 30 Go (20 Go libre(s) – 68%) [] # NTFS
    E: -> Disque amovible # 14 Go (5 Go libre(s) – 35%) [KINGSTON] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

    ################## | Processus Stoppés |

    C:WindowsSystem32spoolsv.exe (ID: 1456|ParentID: 496|Système)
    C:WindowsSystem32taskhost.exe (ID: 1756|ParentID: 496|IBM)
    C:Windowsexplorer.exe (ID: 1780|ParentID: 1688|IBM)
    C:Program FilesGoogleUpdate1.3.23.9GoogleCrashHandler.exe (ID: 448|ParentID: 324|Système)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1220|ParentID: 496|Système)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 2216|ParentID: 1780|IBM)
    C:WindowsSystem32wscript.exe (ID: 2324|ParentID: 2240|IBM)
    C:WindowsSystem32wscript.exe (ID: 2424|ParentID: 2240|IBM)
    C:Program FilesNeroToolsInCDNBHRegInCDSrv.exe (ID: 2604|ParentID: 496|Système)
    C:Program FilesTeamViewerVersion9TeamViewer_Service.exe (ID: 2756|ParentID: 496|Système)
    C:WindowsSystem32SearchIndexer.exe (ID: 3248|ParentID: 496|Système)
    C:WindowsSystem32WUDFHost.exe (ID: 3480|ParentID: 892|SERVICE LOCAL)
    C:Program FilesTeamViewerVersion9TeamViewer.exe (ID: 4064|ParentID: 2756|IBM)
    C:Program FilesTeamViewerVersion9tv_w32.exe (ID: 3288|ParentID: 2756|Système)
    C:Program FilesAdobeElements 12 OrganizerPhotoshopElementsFileAgent.exe (ID: 2952|ParentID: 496|Système)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1140|ParentID: 1780|IBM)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3212|ParentID: 1140|IBM)
    C:WindowsSystem32taskhost.exe (ID: 1576|ParentID: 496|SERVICE LOCAL)

    ################## | Autorun |

    ################## | Recherche générique |

    Supprimé! D:IBM.lnk
    Supprimé! D:Music.lnk
    Supprimé! D:Nouveau Dossier.lnk
    Supprimé! E:Nouveau Dossier.lnk
    Supprimé! E:IBM.lnk
    Supprimé! G:Nouveau Dossier.lnk
    Supprimé! G:IBM.lnk
    Supprimé! D:bin.doc
    Supprimé! D:bizo.doc
    Supprimé! D:img.jpg
    Supprimé! E:bin.doc
    Supprimé! E:bizo.doc
    Supprimé! E:img.jpg
    Supprimé! G:bin.doc
    Supprimé! G:bizo.doc
    Supprimé! G:img.jpg

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Listing |

    [05/02/2014 – 16:34:26 | SHD] – C:$Recycle.Bin
    [06/05/2014 – 00:34:41 | D] – C:AdwCleaner
    [09/02/2014 – 14:16:53 | N | 1 Ko] – C:AMTAG.BIN
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [06/05/2014 – 14:12:03 | D] – C:Config.Msi
    [10/06/2009 – 22:42:20 | N | 0 Ko] – C:config.sys
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [06/05/2014 – 16:27:04 | ASH | 1565412 Ko] – C:hiberfil.sys
    [03/05/2014 – 22:42:26 | RHD] – C:MSOCache
    [06/05/2014 – 16:27:03 | ASH | 2087216 Ko] – C:pagefile.sys
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [23/04/2014 – 18:39:16 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [06/05/2014 – 13:05:41 | D] – C:Program Files
    [06/05/2014 – 13:05:42 | HD] – C:ProgramData
    [05/02/2014 – 16:33:26 | SHD] – C:Recovery
    [16/02/2014 – 14:27:10 | SHD] – C:System Volume Information
    [06/05/2014 – 17:09:14 | D] – C:UsbFix
    [21/04/2014 – 14:45:22 | D] – C:Users
    [06/05/2014 – 14:14:10 | D] – C:Windows
    [09/02/2014 – 15:22:23 | SHD] – D:$RECYCLE.BIN
    [23/03/2014 – 18:00:37 | D] – D:Archives zineb
    [22/09/2013 – 23:39:48 | N | 14 Ko] – D:AUTOEXE
    [18/01/2014 – 14:51:42 | N | 41 Ko] – D:bookmarks_1_18_14.html
    [22/09/2013 – 23:39:22 | N | 1 Ko] – D:boot
    [04/05/2014 – 22:45:18 | D] – D:BUREAU
    [16/03/2014 – 18:59:48 | N | 471 Ko] – D:decl_honneur.jpg
    [23/02/2014 – 13:58:30 | D] – D:driver hp
    [17/04/2014 – 17:30:17 | N | 12 Ko] – D:décl perte.docx
    [28/02/2014 – 21:06:21 | N | 44 Ko] – D:favoris_28_02_14.html
    [04/05/2014 – 22:44:38 | D] – D:Host
    [06/05/2014 – 09:25:50 | D] – D:LOGICIELS
    [04/05/2014 – 17:50:02 | D] – D:Nouveau dossier
    [22/09/2013 – 23:39:34 | N | 3 Ko] – D:NTDETE
    [22/09/2013 – 23:39:34 | N | 3 Ko] – D:Photo0.jpg
    [22/09/2013 – 23:39:22 | N | 1 Ko] – D:pict.jpg
    [08/09/2013 – 16:47:30 | N | 0 Ko] – D:system
    [09/02/2014 – 14:37:54 | SHD] – D:System Volume Information
    [16/08/2013 – 18:19:32 | N | 1 Ko] – D:Zain
    [03/10/2013 – 08:08:02 | D] – E:ARCHIVES
    [04/12/2013 – 12:56:24 | D] – E:Logiciels
    [22/09/2013 – 23:39:34 | N | 3 Ko] – E:Photo0.jpg
    [22/09/2013 – 23:39:22 | N | 1 Ko] – E:pict.jpg
    [16/08/2013 – 18:19:32 | N | 1 Ko] – E:Zain
    [22/09/2013 – 23:39:34 | N | 3 Ko] – G:Photo0.jpg
    [22/09/2013 – 23:39:22 | N | 1 Ko] – G:pict.jpg
    [16/08/2013 – 18:19:32 | N | 1 Ko] – G:Zain
    [06/05/2014 – 15:36:22 | N | 1771 Ko] – G:Mur10000.jpg

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/” onclick=”window.open(this.href);return false; | http://www.usbfix.net/” onclick=”window.open(this.href);return false; |

  • Anonyme
    Post count: 0

    Re,

    Avec cette même version, il faut lancer le nettoyage stp et non le listing :)

  • belarbi
    Participant
    Post count: 5

    usbfix

    ############################## | UsbFix V 7.170 | [Listing]

    Utilisateur: IBM (Administrateur) # IBM-PC
    Mis à jour le 04/05/2014 par El Desaparecido – SosVirus
    Lancé à 15:25:08 | 06/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Assistance : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: LENOVO (LENOVO)
    CPU: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
    RAM -> [Total : 2038 Mo| Free : 987 Mo]
    Bios: LENOVO
    Boot: Normal boot

    OS: Microsoft Windows 7 Professionnel (6.1.7600 32-Bit)
    WB: Windows Internet Explorer : 8.0.7600.16385
    WB: Google Chrome : 34.0.1847.131
    WB: Mozilla Firefox : 29.0

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | (!) Outdated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 44 Go (21 Go libre(s) – 47%) [] # NTFS
    D: -> Disque fixe # 30 Go (20 Go libre(s) – 68%) [] # NTFS
    E: -> Disque amovible # 14 Go (5 Go libre(s) – 35%) [KINGSTON] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

    ################## | Autorun |

    ################## | Listing -> C: %SystemDrive% – Disque Fixe (NTFS) |

    [06/05/2014 – 15:25:17 | A | 1 Ko] – C:UsbFix [Listing 1] IBM-PC.txt
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:config.sys
    [06/05/2014 – 15:14:30 | ASH | 2087216 Ko] – C:pagefile.sys
    [06/05/2014 – 15:14:31 | ASH | 1565412 Ko] – C:hiberfil.sys
    [06/05/2014 – 14:12:03 | SHD] – C:Config.Msi
    [05/02/2014 – 16:34:26 | SHD] – C:$Recycle.Bin
    [09/02/2014 – 14:16:53 | H | 1 Ko] – C:AMTAG.BIN
    [23/04/2014 – 18:39:16 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [05/02/2014 – 16:33:26 | SHD] – C:Recovery
    [16/02/2014 – 14:27:10 | SHD] – C:System Volume Information
    [21/04/2014 – 14:45:22 | RD] – C:Users
    [03/05/2014 – 22:42:26 | RHD] – C:MSOCache
    [06/05/2014 – 00:34:41 | D] – C:AdwCleaner
    [06/05/2014 – 13:05:41 | RD] – C:Program Files
    [06/05/2014 – 13:05:42 | HD] – C:ProgramData
    [06/05/2014 – 14:14:10 | D] – C:Windows
    [06/05/2014 – 15:24:50 | D] – C:UsbFix

    ################## | Listing -> D: – Disque Fixe (NTFS) |

    [16/08/2013 – 18:19:32 | RH | 1 Ko] – D:Nouveau Dossier.lnk
    [16/08/2013 – 18:19:32 | RH | 1 Ko] – D:IBM.lnk
    [06/05/2014 – 15:15:02 | A | 1 Ko] – D:Music.lnk
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – D:pict.jpg
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – D:Photo0.jpg
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – D:img.jpg
    [16/03/2014 – 18:59:48 | A | 471 Ko] – D:decl_honneur.jpg
    [18/01/2014 – 14:51:42 | A | 41 Ko] – D:bookmarks_1_18_14.html
    [28/02/2014 – 21:06:21 | A | 44 Ko] – D:favoris_28_02_14.html
    [17/04/2014 – 17:30:17 | A | 12 Ko] – D:décl perte.docx
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – D:bizo.doc
    [22/09/2013 – 23:39:16 | ASH | 1 Ko] – D:bin.doc
    [09/02/2014 – 15:22:23 | SHD] – D:$RECYCLE.BIN
    [16/08/2013 – 18:19:32 | ASH | 1 Ko] – D:Zain
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – D:system
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – D:boot
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – D:NTDETE
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – D:AUTOEXE
    [09/02/2014 – 14:37:54 | SHD] – D:System Volume Information
    [23/02/2014 – 13:58:30 | D] – D:driver hp
    [23/03/2014 – 18:00:37 | D] – D:Archives zineb
    [04/05/2014 – 17:50:02 | D] – D:Nouveau dossier
    [04/05/2014 – 22:44:38 | D] – D:Host
    [04/05/2014 – 22:45:18 | D] – D:BUREAU
    [06/05/2014 – 09:25:50 | D] – D:LOGICIELS

    ################## | Listing -> E: – Disque USB (FAT32) |

    [16/08/2013 – 18:19:32 | R | 1 Ko] – E:Nouveau Dossier.lnk
    [16/08/2013 – 18:19:32 | R | 1 Ko] – E:IBM.lnk
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – E:pict.jpg
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – E:Photo0.jpg
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – E:img.jpg
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – E:bizo.doc
    [22/09/2013 – 23:39:16 | ASH | 1 Ko] – E:bin.doc
    [16/08/2013 – 18:19:32 | ASH | 1 Ko] – E:Zain
    [03/10/2013 – 08:08:02 | D] – E:ARCHIVES
    [04/12/2013 – 12:56:24 | D] – E:Logiciels

    ################## | Listing -> G: – Disque USB (FAT32) |

    [16/08/2013 – 18:19:32 | R | 1 Ko] – G:IBM.lnk
    [16/08/2013 – 18:19:32 | R | 1 Ko] – G:Nouveau Dossier.lnk
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – G:pict.jpg
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – G:Photo0.jpg
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – G:img.jpg
    [04/05/2014 – 23:52:52 | A | 2930 Ko] – G:Mur100000.jpg
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – G:bizo.doc
    [22/09/2013 – 23:39:16 | ASH | 1 Ko] – G:bin.doc
    [16/08/2013 – 18:19:32 | ASH | 1 Ko] – G:Zain

    ################## | E.O.F | https://www.sosvirus.net/” onclick=”window.open(this.href);return false; | http://www.usbfix.net/” onclick=”window.open(this.href);return false; |

    :hello:

  • Anonyme
    Post count: 0

    :hello: ,

    Désinstalle ta version de UsbFix et télécharge cette version : partage/UsbFix-beta.exe

    • Lance UsbFix.
    • Connecte les supports USB Susceptibles d’être infectés.
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta prochaine réponse.
    • Tutoriel : http://www.usbfix.net/tutoriels/” onclick=”window.open(this.href);return false;
  • belarbi
    Participant
    Post count: 5

    Voici le rapport usbfix

    ############################## | UsbFix V 7.169 | [Listing]

    Utilisateur: IBM (Administrateur) # IBM-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 14:33:24 | 06/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: LENOVO (LENOVO)
    CPU: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
    RAM -> [Total : 2038 Mo| Free : 948 Mo]
    Bios: LENOVO
    Boot: Normal boot

    OS: Microsoft Windows 7 Professionnel (6.1.7600 32-Bit)
    WB: Windows Internet Explorer : 8.0.7600.16385
    WB: Google Chrome : 34.0.1847.131
    WB: Mozilla Firefox : 29.0

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | (!) Outdated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 44 Go (21 Go libre(s) – 47%) [] # NTFS
    D: -> Disque fixe # 30 Go (20 Go libre(s) – 68%) [] # NTFS
    E: -> Disque amovible # 14 Go (5 Go libre(s) – 35%) [KINGSTON] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [] # FAT32

    ################## | Listing Beta |

    [05/02/2014 – 16:34:26 | SHD] – C:$Recycle.Bin
    [06/05/2014 – 00:34:41 | D] – C:AdwCleaner
    [09/02/2014 – 14:16:53 | H | 1 Ko] – C:AMTAG.BIN
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:autoexec.bat
    [06/05/2014 – 14:12:03 | SHD] – C:Config.Msi
    [10/06/2009 – 22:42:20 | A | 0 Ko] – C:config.sys
    [14/07/2009 – 05:53:55 | SHD] – C:Documents and Settings
    [06/05/2014 – 14:15:57 | ASH | 1565412 Ko] – C:hiberfil.sys
    [03/05/2014 – 22:42:26 | RHD] – C:MSOCache
    [06/05/2014 – 14:15:56 | ASH | 2087216 Ko] – C:pagefile.sys
    [14/07/2009 – 03:37:05 | D] – C:PerfLogs
    [23/04/2014 – 18:39:16 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [06/05/2014 – 13:05:41 | RD] – C:Program Files
    [06/05/2014 – 13:05:42 | HD] – C:ProgramData
    [05/02/2014 – 16:33:26 | SHD] – C:Recovery
    [27/03/2014 – 22:58:05 | A | 0 Ko] – C:Setup.log
    [16/02/2014 – 14:27:10 | SHD] – C:System Volume Information
    [06/05/2014 – 14:32:43 | D] – C:UsbFix
    [06/05/2014 – 14:33:33 | A | 2 Ko | 16656B16C76CE99BA0566BC7C84DEDDB] – C:UsbFix [Listing 1] IBM-PC.txt
    [21/04/2014 – 14:45:22 | RD] – C:Users
    [06/05/2014 – 14:14:10 | D] – C:Windows
    [09/02/2014 – 15:22:23 | SHD] – D:$RECYCLE.BIN
    [23/03/2014 – 18:00:37 | D] – D:Archives zineb
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – D:AUTOEXE
    [22/09/2013 – 23:39:16 | ASH | 1 Ko] – D:bin.doc
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – D:bizo.doc
    [18/01/2014 – 14:51:42 | A | 41 Ko] – D:bookmarks_1_18_14.html
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – D:boot
    [04/05/2014 – 22:45:18 | D] – D:BUREAU
    [16/03/2014 – 18:59:48 | A | 471 Ko] – D:decl_honneur.jpg
    [23/02/2014 – 13:58:30 | D] – D:driver hp
    [17/04/2014 – 17:30:17 | A | 12 Ko] – D:décl perte.docx
    [28/02/2014 – 21:06:21 | A | 44 Ko] – D:favoris_28_02_14.html
    [04/05/2014 – 22:44:38 | D] – D:Host
    [16/08/2013 – 18:19:32 | RH | 1 Ko] – D:IBM.lnk
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – D:img.jpg
    [06/05/2014 – 09:25:50 | D] – D:LOGICIELS
    [06/05/2014 – 14:16:04 | A | 1 Ko] – D:Music.lnk
    [04/05/2014 – 17:50:02 | D] – D:Nouveau dossier
    [16/08/2013 – 18:19:32 | RH | 1 Ko] – D:Nouveau Dossier.lnk
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – D:NTDETE
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – D:Photo0.jpg
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – D:pict.jpg
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – D:system
    [09/02/2014 – 14:37:54 | SHD] – D:System Volume Information
    [16/08/2013 – 18:19:32 | ASH | 1 Ko] – D:Zain
    [03/10/2013 – 08:08:02 | D] – E:ARCHIVES
    [04/12/2013 – 12:56:24 | D] – E:Logiciels
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – E:img.jpg
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – E:Photo0.jpg
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – E:pict.jpg
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – E:bizo.doc
    [22/09/2013 – 23:39:16 | ASH | 1 Ko] – E:bin.doc
    [16/08/2013 – 18:19:32 | ASH | 1 Ko] – E:Zain
    [16/08/2013 – 18:19:32 | R | 1 Ko] – E:Nouveau Dossier.lnk
    [16/08/2013 – 18:19:32 | R | 1 Ko] – E:IBM.lnk
    [22/09/2013 – 23:39:48 | ASH | 14 Ko] – G:img.jpg
    [22/09/2013 – 23:39:34 | ASH | 3 Ko] – G:Photo0.jpg
    [22/09/2013 – 23:39:22 | ASH | 1 Ko] – G:pict.jpg
    [08/09/2013 – 16:47:30 | ASH | 0 Ko] – G:bizo.doc
    [22/09/2013 – 23:39:16 | ASH | 1 Ko] – G:bin.doc
    [16/08/2013 – 18:19:32 | ASH | 1 Ko] – G:Zain
    [16/08/2013 – 18:19:32 | R | 1 Ko] – G:Nouveau Dossier.lnk
    [16/08/2013 – 18:19:32 | R | 1 Ko] – G:IBM.lnk
    [04/05/2014 – 23:52:52 | A | 2930 Ko] – G:Mur100000.jpg

    ################## | E.O.F | https://www.sosvirus.net/” onclick=”window.open(this.href);return false; | http://www.usbfix.net/” onclick=”window.open(this.href);return false; |
    :hello:

  • Anonyme
    Post count: 0

    :hello: ,

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes tes sources de données externes au PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Listing
    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    • Tutoriel : http://www.usbfix.net/tutoriels/” onclick=”window.open(this.href);return false;
  • belarbi
    Participant
    Post count: 5

    Voici les liens SosUpload:

    Lien de téléchargement: https://antimalware.top/www/?a=d&i=nokNm7joFw
    Lien de suppression: https://antimalware.top/www/?a=r&i=nokNm7joFw&r=bhhF44bvIG

    Et mille fois merci.

  • buckhulk
    Participant
    Post count: 2391

    bonjour belarbi

    quelques trucs , mettre à jour java : >> JAVA

    Puis tu vas passer ce script :

    • Séléctionne et copie le script suivant :

      Script ZHPFix
      ShortcutFix
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified => EXPLORER : N'affiche pas MyDocs dans le menu de démarrage
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyMusic: Modified => EXPLORER : N'affiche pas MyMusic dans le menu de démarrage
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyPics: Modified => EXPLORER : N'affiche pas MyPics dans le menu de démarrage
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
      O4 - GSQuickLaunch [IBM]: chrome.LNK . (.Google Inc. - Google Chrome.) -- C:Program FilesGoogleChromeApplicationchrome.exe http://www.bahaty.com =>Hijacker.Browsers
      O4 - GSQuickLaunch [IBM]: Mozilla Firefox.LNK . (.Mozilla Corporation - Firefox.) -- C:Program FilesMozilla Firefoxfirefox.exe http://www.bahaty.com =>Hijacker.Browsers
      O4 - GSQuickLaunch [IBM]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:UsersIBMAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
      O4 - GSDesktop [IBM]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:Program FilesGoogleChromeApplicationchrome.exe http://www.bahaty.com =>Hijacker.Browsers
      O4 - GSDesktop [IBM]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:Program FilesMozilla Firefoxfirefox.exe http://www.bahaty.com =>Hijacker.Browsers
      [MD5.00000000000000000000000000000000] [APT] [{ED7B5AF5-95D8-4EDD-8443-63B3CBDEF351}] (...) -- H:LOGICIELS1.PhotosPhotoshopPhotoshop - Nik Software-COMPRESSESAdobe Photoshop Plugins - Nik Software (Complete Plugin Suite for Adobe Photoshop)Your Plugin HereVivezaViveza-rev1.002EN.exe (.not file.) [0] => Fichier absent
      O42 - Logiciel: KMSpico 5.1 - (...) [HKLM] -- KMSpico v5.1_is1 =>PUP.KMSpico
      O43 - CFD: 04/05/2014 - 21:56:14 - [] ----D C:Program FilesKMSpico =>PUP.KMSpico
      O43 - CFD: 24/04/2014 - 21:10:24 - [] ----D C:ProgramData930a74a9980c2a
      O43 - CFD: 21/04/2014 - 14:47:05 - [] ----D C:ProgramDataInstallMate =>PUP.Tarma
      O43 - CFD: 24/04/2014 - 21:11:31 - [0] ----D C:ProgramDatasAevE. net =>PUP.SaveNet
      O44 - LFC:[MD5.01A2F95D31921172E640D30064357E57] - 21/04/2014 - 19:08:53 ---A- . (...) -- C:spyhunter.fix [182341] =>Crapware.SpyHunter
      O44 - LFC:[MD5.067C9E1E811C186F3724ACDA83D4E7B6] - 29/04/2014 - 21:31:59 ---A- . (...) -- C:WindowsSystem32TeamViewer9_Hooks.log [3927] => Fichiers de rapport (Log)
      O87 - FAEL: "{C23E19B9-58A9-403B-A130-21952FD2D726}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:UsersIBMAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
      O87 - FAEL: "{47E65707-4C10-4493-BD60-D3DE688BBC12}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:UsersIBMAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
      HKLMSOFTWAREMicrosoftTracinggoogletoolbarinstaller_en_signed_RASAPI32 =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracinggoogletoolbarinstaller_en_signed_RASMANCS =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarManager_8CA8B41417E66DEB_RASAPI32 =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarManager_8CA8B41417E66DEB_RASMANCS =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarNotifier_RASMANCS =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarUser_32_RASAPI32 =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingGoogleToolbarUser_32_RASMANCS =>Toolbar.Google
      HKLMSOFTWAREMicrosoftTracingiSafeScan_RASAPI32 =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeScan_RASMANCS =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeSvc2_RASAPI32 =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeSvc2_RASMANCS =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeSvc_RASAPI32 =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeSvc_RASMANCS =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeTray_RASAPI32 =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeTray_RASMANCS =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeUpdate_RASAPI32 =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafeUpdate_RASMANCS =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafe_RASAPI32 =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingiSafe_RASMANCS =>Trojan.Staser
      HKLMSOFTWAREMicrosoftTracingKMSPico 9_RASAPI32 =>PUP.KMSpico
      HKLMSOFTWAREMicrosoftTracingKMSPico 9_RASMANCS =>PUP.KMSpico
      HKLMSOFTWAREMicrosoftTracingSerialTrunc_RASAPI32 =>PUP.SerialTrunc
      HKLMSOFTWAREMicrosoftTracingSerialTrunc_RASMANCS =>PUP.SerialTrunc
      HKLMSOFTWAREMicrosoftTracingSerialTrunc_Setup_RASAPI32 =>PUP.SerialTrunc
      HKLMSOFTWAREMicrosoftTracingSerialTrunc_Setup_RASMANCS =>PUP.SerialTrunc
      HKLMSOFTWAREMicrosoftTracingSpyHunter4_RASAPI32 =>Crapware.SpyHunter
      HKLMSOFTWAREMicrosoftTracingSpyHunter4_RASMANCS =>Crapware.SpyHunter
      HKLMSOFTWAREMicrosoftTracingutorrent_RASAPI32 =>P2P.µTorrent
      HKLMSOFTWAREMicrosoftTracingutorrent_RASMANCS =>P2P.µTorrent
      [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallKMSpico v5.1_is1] =>PUP.KMSpico^
      C:Program FilesKMSpico =>PUP.KMSpico^
      C:ProgramDataInstallMate =>PUP.Tarma^
      C:ProgramDatasAevE. net =>PUP.SaveNet^
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow^
      ProxyFix
      EmptyPrefetch
      EmptyFlash
      SysRestore
      FirewallRAZ
      EmptyTemp
    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO


      exemple :

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • belarbi
    Participant
    Post count: 5

    1. a chaque demarrage je suis redirig2 sur des sites tel que.
    http://www.bahaty.com” onclick=”window.open(this.href);return false;
    http://www.adf.ly/efCRL” onclick=”window.open(this.href);return false;
    http://www.chnotma.com” onclick=”window.open(this.href);return false;

    2. Le Systeme cree automatiquement des raccourcis des browzers, d un nouveau dossiers sur mon bureau. Et un nouveau dossier sur les supports amovibles.

    merci d avance pour votre aide.

    CODE: TOUT SÉLECTIONNER

    [spoiler:1p97jf6y]# AdwCleaner v3.207 – Rapport créé le 06/05/2014 à 00:34:31
    # Mis à jour le 05/05/2014 par Xplode
    # Système d'exploitation : Windows 7 Professional (32 bits)
    # Nom d'utilisateur : IBM – IBM-PC
    # Exécuté depuis : C:UsersIBMDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:UsersAdministrateurAppDataLocaltorch
    Dossier Supprimé : C:UsersHomeGroupUser$AppDataLocaltorch
    Dossier Supprimé : C:UsersIBMAppDataRoamingeCyber
    Dossier Supprimé : C:UsersIBMAppDataRoamingiSafe
    Dossier Supprimé : C:UsersInvitéAppDataLocaltorch
    Dossier Supprimé : C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsicoofdglfehpbfofkoophjkfcignammo
    Dossier Supprimé : C:UsersHomeGroupUser$AppDataLocalGoogleChromeUser DataDefaultExtensionsicoofdglfehpbfofkoophjkfcignammo
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionsicoofdglfehpbfofkoophjkfcignammo
    Dossier Supprimé : C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsomehjekflmcblmjnhjjmojdgnhhdkmdc
    Dossier Supprimé : C:UsersHomeGroupUser$AppDataLocalGoogleChromeUser DataDefaultExtensionsomehjekflmcblmjnhjjmojdgnhhdkmdc
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionsomehjekflmcblmjnhjjmojdgnhhdkmdc
    Fichier Supprimé : C:UsersIBMdaemonprocess.txt
    Fichier Supprimé : C:WindowsSystem32TasksYourFile DownloaderUpdate

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheLogon{04F54330-2906-467E-A3D8-20933D1529D8}
    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{04F54330-2906-467E-A3D8-20933D1529D8}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}
    Clé Supprimée : HKCUSoftwareRegisteredApplicationsEx
    Clé Supprimée : HKCUSoftwareAppDataLow{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Clé Supprimée : HKLMSoftware{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Clé Supprimée : HKLMSoftwareiSafe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{7DD5E91C-3864-77EC-7635-D14910C2A03E}
    Donnée Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – c:progra~1sw-boo~1assist~1.dll
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbpsvc.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsersafeguard.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdprotectsvc.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotectedsearch.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotection.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotector.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssnapdo.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst32.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst64.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsutiljumpflip.exe

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v0.0.0.0

    -\ Mozilla Firefox v29.0 (fr)

    [ Fichier : C:UsersIBMAppDataRoamingMozillaFirefoxProfilesns2tq05g.defaultprefs.js ]

    -\ Google Chrome v34.0.1847.131

    [ Fichier : C:UsersIBMAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Search Provider] : hxxp://www.softonic.fr/s/” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Extension] : icoofdglfehpbfofkoophjkfcignammo
    Supprimée [Extension] : omehjekflmcblmjnhjjmojdgnhhdkmdc

    *************************

    AdwCleaner[R0].txt – [968 octets] – [09/02/2014 14:43:27]
    AdwCleaner[R1].txt – [4854 octets] – [04/04/2014 21:52:21]
    AdwCleaner[R2].txt – [1460 octets] – [09/04/2014 14:13:22]
    AdwCleaner[R3].txt – [1195 octets] – [11/04/2014 14:31:37]
    AdwCleaner[R4].txt – [1315 octets] – [16/04/2014 17:54:48]
    AdwCleaner[R5].txt – [1375 octets] – [16/04/2014 17:55:42]
    AdwCleaner[R6].txt – [4841 octets] – [06/05/2014 00:31:34]
    AdwCleaner[S0].txt – [992 octets] – [09/02/2014 14:45:59]
    AdwCleaner[S1].txt – [4844 octets] – [04/04/2014 21:55:33]
    AdwCleaner[S2].txt – [1507 octets] – [09/04/2014 14:14:45]
    AdwCleaner[S3].txt – [1219 octets] – [11/04/2014 14:33:01]
    AdwCleaner[S4].txt – [1399 octets] – [16/04/2014 17:56:57]
    AdwCleaner[S5].txt – [4876 octets] – [06/05/2014 00:34:31]

    ########## EOF – C:AdwCleanerAdwCleaner[S5].txt – [4936 octets] ##########[/spoiler:1p97jf6y]

    CODE: TOUT SÉLECTIONNER
    [spoiler:1p97jf6y]Malwarebytes Anti-Malware
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Date de l'examen: 06/05/2014
    Heure de l'examen: 00:50:05
    Fichier journal:
    Administrateur: Oui

    Version: 2.00.1.1004
    Base de données Malveillants: v2014.05.05.13
    Base de données Rootkits: v2014.03.27.01
    Licence: Premium
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Chameleon: Désactivé(e)

    Système d'exploitation: Windows 7
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: IBM

    Type d'examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 247651
    Temps écoulé: 8 min, 34 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Shuriken: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0
    (No malicious items detected)

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 0
    (No malicious items detected)

    Secteurs physiques: 0
    (No malicious items detected)

    (end)[/spoiler:1p97jf6y]

    CODE: TOUT SÉLECTIONNER
    [spoiler:1p97jf6y]~ Rapport de ZHPDiag v2014.5.5.55 – Nicolas Coolman (05/05/2014)
    ~ Lancé par IBM (06/05/2014 08:04:50)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.7600.16385
    MFIE: Mozilla Firefox 29.0 (Defaut)
    GCIE: Google Chrome v34.0.1847.131
    OPIE: Opera vStable 20.0.1387.91

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 32-bit (Build 7600)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 7TP9F
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2016
    Malwarebytes Anti-Malware version 2.0.1.1004
    Windows Defender W7

    —\ Logiciels d'optimisation du système
    CCleaner v4.13

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 13 Plugin
    Adobe Reader XI
    Java 7 Update 51

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 2, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2038 MB (56% free)
    System Restore: Activé (Enable)
    System drive C: has 21 GB (46%) free of 44 GB

    —\ Mode de connexion au système
    ~ Computer Name: IBM-PC
    ~ User Name: IBM
    ~ All Users Names: IBM, HomeGroupUser$, Administrateur,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersIBMAppDataRoamingZHP
    ~ %AppData% : C:UsersIBMAppDataRoaming
    ~ %Desktop% : C:UsersIBMDesktop
    ~ %Favorites% : C:UsersIBMFavorites
    ~ %LocalAppData% : C:UsersIBMAppDataLocal
    ~ %StartMenu% : C:UsersIBMAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 21 Go of 44 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 20 Go of 30 Go)
    F: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyMusic: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyPics: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
    ~ Security Center: 45 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.15BC38A7492BEFE831966ADB477CF76F] – (.Microsoft Corporation – Explorateur Windows.) (.14/07/2009 – 02:14:20.) — C:WindowsExplorer.exe [2613248]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.0D874F3BC751CC2198AF2E6783FB8B35] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.14/07/2009 – 02:16:19.) — C:WindowsSystem32wininet.dll [977920]
    [MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Winlogon.exe [285696]
    [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] – (.Microsoft Corporation – Bibliothèque de licences.) (.14/07/2009 – 02:16:15.) — C:WindowsSystem32sppcomapi.dll [193024]
    [MD5.DDC040FDB01EF1712A6B13E52AFB104C] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/07/2009 – 00:12:38.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BA6E70AA0E6091BC39DE29477D866A77] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/07/2009 – 00:11:26.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/07/2009 – 00:14:17.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.14/07/2009 – 00:50:56.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.F4A054BE78AF7F410129C4B64B07DC9B] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.14/07/2009 – 00:14:26.) — C:Windowssystem32DriversMRxSmb.sys [123392]
    [MD5.DD52A733BF4CA5AF84562A5E2F963B91] – (.Microsoft Corporation – MBT Transport driver.) (.14/07/2009 – 00:12:21.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.3795DCD21F740EE799FB7223234215AF] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.14/07/2009 – 02:20:44.) — C:Windowssystem32Driversntfs.sys [1210432]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.C5FF95883FFEF704D50C40D21CFB3AB5] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.14/07/2009 – 01:02:58.) — C:Windowssystem32Driversrdpdr.sys [133120]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.CB39E896A2A83702D1737BFD402B3542] – (.Microsoft Corporation – TDI Translation Driver.) (.14/07/2009 – 00:12:11.) — C:Windowssystem32Driverstdx.sys [74240]
    [MD5.58DF9D2481A56EDDE167E51B334D44FD] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/07/2009 – 02:19:10.) — C:Windowssystem32Driversvolsnap.sys [245328]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/59
    ~ Mes Favoris (My Favorites) : 1/18
    ~ Mes Documents (My Documents) : 2/7
    ~ Mon Bureau (My Desktop) : 4/18
    ~ Menu demarrer (Programs) : 1/124
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3854640] [PID.1952]
    [MD5.D1AB72DB2BEDD2F255D35DA3DA0D4B16] – (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WINDOWSsystem32wscript.exe [141824] [PID.324]
    [MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembam.exe [6963512] [PID.2412]
    [MD5.9F98821AE94E8CC78F7A5D423791B839] – (.TeamViewer GmbH – TeamViewer 9.) — C:Program FilesTeamViewerVersion9TeamViewer.exe [12971328] [PID.2268]
    [MD5.9FC1005BED495B410F510F109DC6F38D] – (.Adobe Systems Incorporated – AAM Updates Notifier Application.) — C:Program FilesCommon FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe [815992] [PID.3528]
    [MD5.542459D16B416D054161007FC9B1246E] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [841032] [PID.3148]
    [MD5.C77194C94AA796FD237FDDC3A0E420E5] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7871488] [PID.568]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersIBMAppDataLocalGoogleChromeUser DataDefaultPreferences
    G0 – GCSP: Preference [User DataDefault][HomePage] about:blank
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [boeajhmfdjldchidhphikilcgdacljfm] Facebook v.1.0.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 18 Legitimates Filtered in 00mn 05s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersIBMAppDataRoamingMozillaFirefoxProfilesns2tq05g.defaultprefs.js
    M0 – MFSP: prefs.js [IBM – ns2tq05g.default] about:blank
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.0.8] – (…) — C:Program FilesVideoLANVLCnpvlc.dll (.not file.)
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.1.3] – (…) — C:Program FilesVideoLANVLCnpvlc.dll (.not file.)
    ~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 5

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSQuickLaunch [IBM]: chrome.LNK . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://www.bahaty.com” onclick=”window.open(this.href);return false; =>Hijacker.Browsers
    O4 – GSQuickLaunch [IBM]: Mozilla Firefox.LNK . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe http://www.bahaty.com” onclick=”window.open(this.href);return false; =>Hijacker.Browsers
    O4 – GSQuickLaunch [IBM]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersIBMAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 – GSDesktop [IBM]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://www.bahaty.com” onclick=”window.open(this.href);return false; =>Hijacker.Browsers
    O4 – GSDesktop [IBM]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe http://www.bahaty.com” onclick=”window.open(this.href);return false; =>Hijacker.Browsers
    ~ Global Startup: 5 Legitimates Filtered in 00mn 01s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{15A8CDA5-8128-4736-98F7-8FF713805FD5}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{394806F1-6A12-4D24-860B-CBF8CB78181E}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{B4CD0796-6B9C-4409-BFFA-85A7094D9A56}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{15A8CDA5-8128-4736-98F7-8FF713805FD5}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{394806F1-6A12-4D24-860B-CBF8CB78181E}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{B4CD0796-6B9C-4409-BFFA-85A7094D9A56}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{15A8CDA5-8128-4736-98F7-8FF713805FD5}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{394806F1-6A12-4D24-860B-CBF8CB78181E}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{B4CD0796-6B9C-4409-BFFA-85A7094D9A56}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (sh4native Sh4Removal) – File not found
    ~ BEX: 2 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{ED7B5AF5-95D8-4EDD-8443-63B3CBDEF351}] (…) — H:LOGICIELS1.PhotosPhotoshopPhotoshop – Nik Software-COMPRESSESAdobe Photoshop Plugins – Nik Software (Complete Plugin Suite for Adobe Photoshop)Your Plugin HereVivezaViveza-rev1.002EN.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1046]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1050]
    ~ Scheduled Task: 14 Legitimates Filtered in 00mn 02s

    —\ Logiciels installés (O42)
    O42 – Logiciel: KMSpico 5.1 – (…) [HKLM] — KMSpico v5.1_is1 =>PUP.KMSpico
    O42 – Logiciel: Pop Art Studio 5.3 – (.Fotoview.) [HKLM] — {D65B333F-DE89-4DED-A710-6A6B9C198DD7}
    O42 – Logiciel: Pop Art Studio 6.3 – (.Fotoview.) [HKLM] — {BA5BA402-1A41-4D6D-9957-0B82D19D2ADF}
    ~ Logic: 12 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareEase-Soft]
    [HKCUSoftwareMiniGet]
    [HKCUSoftwareShapeCollage]
    ~ Key Software: 213 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 17/03/2014 – 14:15:49 – [] —-D C:Program FilesiFoxSoft
    O43 – CFD: 04/05/2014 – 21:56:14 – [] —-D C:Program FilesKMSpico =>PUP.KMSpico
    O43 – CFD: 27/03/2014 – 00:05:11 – [] —-D C:Program FilesMiniGet
    O43 – CFD: 06/02/2014 – 20:00:31 – [] —-D C:Program FilesPop Art Studio 5.3
    O43 – CFD: 01/05/2014 – 23:01:23 – [] —-D C:Program FilesPop Art Studio 6.3
    O43 – CFD: 24/04/2014 – 21:10:24 – [] —-D C:ProgramData930a74a9980c2a
    O43 – CFD: 21/04/2014 – 14:47:05 – [] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 24/04/2014 – 21:11:31 – [0] —-D C:ProgramDatasAevE. net =>PUP.SaveNet
    O43 – CFD: 27/03/2014 – 00:00:41 – [] —-D C:UsersIBMAppDataRoamingMiniGet
    O43 – CFD: 01/05/2014 – 23:02:47 – [] —-D C:UsersIBMAppDataLocalPop Art Studio 6.3
    O43 – CFD: 18/04/2014 – 14:50:38 – [] —-D C:UsersIBMAppDataRoamingMicrosoftWindowsStart MenuProgramsMUSIQUE
    O43 – CFD: 22/04/2014 – 21:52:56 – [] R—D C:UsersIBMAppDataRoamingMicrosoftWindowsStart MenuProgramsNAVIGATEURS
    O43 – CFD: 04/05/2014 – 19:08:03 – [] —-D C:UsersIBMAppDataRoamingMicrosoftWindowsStart MenuProgramsPHOTO
    O43 – CFD: 05/02/2014 – 19:22:03 – [0] —-D C:UsersIBMAppDataRoamingMicrosoftWindowsStart MenuProgramsVIDE1
    O43 – CFD: 07/02/2014 – 19:36:54 – [0] —-D C:UsersIBMAppDataRoamingMicrosoftWindowsStart MenuProgramsvide3
    ~ Program Folder: 154 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.B31FFE3250040EE72E63CDA5A8A18EE6] – 03/05/2014 – 22:33:16 —A- . (…) — C:Windowswin.ini [387]
    O44 – LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] – 06/05/2014 – 00:32:24 —A- . (.SQLite Development Team – SQLite Dynamic Link Library (No TCL).) — C:WindowsSystem32sqlite3.dll [536576]
    O44 – LFC:[MD5.01A2F95D31921172E640D30064357E57] – 21/04/2014 – 19:08:53 —A- . (…) — C:spyhunter.fix [182341] =>Crapware.SpyHunter
    O44 – LFC:[MD5.D8DE0EC42FE2D395E57D5827E747CA85] – 24/04/2014 – 21:51:21 —A- . (…) — C:Windowshpbafd.ini [191]
    O44 – LFC:[MD5.067C9E1E811C186F3724ACDA83D4E7B6] – 29/04/2014 – 21:31:59 —A- . (…) — C:WindowsSystem32TeamViewer9_Hooks.log [3927]
    ~ Files: 27 Legitimates Filtered in 00mn 04s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKCU…policiesExplorer] – “NoLowDiskSpaceChecks”=1
    ~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:07/04/2014 – 10:20:49 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
    O58 – SDL:07/04/2014 – 10:20:50 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180760] =>.ALWIL Software
    O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
    O58 – SDL:13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
    O58 – SDL:29/11/2013 – 11:31:26 —A- . (…) — C:WindowsSystem32ampa.sys [14448]
    O58 – SDL:13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:13/07/2009 – 22:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:13/07/2009 – 22:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:13/07/2009 – 22:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:13/07/2009 – 22:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:13/07/2009 – 22:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:13/07/2009 – 22:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:13/07/2009 – 22:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:13/07/2009 – 22:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:13/07/2009 – 22:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:13/07/2009 – 22:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:13/07/2009 – 22:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:13/07/2009 – 22:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 79 Legitimates Filtered in 00mn 03s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 07/04/2014 – C:WindowsSystem32DriversaswVmm.sys (aswVmm) .(…) – LEGACY_ASWVMM
    O64 – Services: CurCS – 16/10/2009 – C:WindowsSystem32DRIVERSInCDRec.sys (InCDRec) .(.Nero AG – Nero InCD File System Recognizer.) – LEGACY_INCDREC
    O64 – Services: CurCS – 13/07/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
    ~ Legacy: 126 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKLM..openCommand] (.Opera Software – Opera Internet Browser.) — C:Program FilesOperaLauncher.exe
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — c:program filesmozilla firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — c:program filesgooglechromeapplicationchrome.exe
    O68 – StartMenuInternet: <>[HKLM..ShellopenCommand] (.Not Key.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Opera Software – Opera Internet Browser.) — c:program filesoperalauncher.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [IBM – ns2tq05g.default] user_pref(“weboftrust.search.ask.display”, “Ask.com Web Search”);
    O69 – SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKUS.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKUSS-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKUSS-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKUSS-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][06/05/2014] (…) — C:UsersIBMDesktopadwcleaner.exe [1316991]
    ~ Files: 5 Legitimates Filtered in 00mn 06s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{C23E19B9-58A9-403B-A130-21952FD2D726}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersIBMAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{47E65707-4C10-4493-BD60-D3DE688BBC12}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersIBMAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 2 Legitimates Filtered in 00mn 01s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREMicrosoftTracinggoogletoolbarinstaller_en_signed_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracinggoogletoolbarinstaller_en_signed_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarManager_8CA8B41417E66DEB_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarManager_8CA8B41417E66DEB_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarNotifier_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarUser_32_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingGoogleToolbarUser_32_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREMicrosoftTracingiSafeScan_RASAPI32 =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeScan_RASMANCS =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeSvc2_RASAPI32 =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeSvc2_RASMANCS =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeSvc_RASAPI32 =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeSvc_RASMANCS =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeTray_RASAPI32 =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeTray_RASMANCS =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeUpdate_RASAPI32 =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafeUpdate_RASMANCS =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafe_RASAPI32 =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingiSafe_RASMANCS =>Trojan.Staser
    HKLMSOFTWAREMicrosoftTracingKMSPico 9_RASAPI32 =>PUP.KMSpico
    HKLMSOFTWAREMicrosoftTracingKMSPico 9_RASMANCS =>PUP.KMSpico
    HKLMSOFTWAREMicrosoftTracingSerialTrunc_RASAPI32 =>PUP.SerialTrunc
    HKLMSOFTWAREMicrosoftTracingSerialTrunc_RASMANCS =>PUP.SerialTrunc
    HKLMSOFTWAREMicrosoftTracingSerialTrunc_Setup_RASAPI32 =>PUP.SerialTrunc
    HKLMSOFTWAREMicrosoftTracingSerialTrunc_Setup_RASMANCS =>PUP.SerialTrunc
    HKLMSOFTWAREMicrosoftTracingSpyHunter4_RASAPI32 =>Crapware.SpyHunter
    HKLMSOFTWAREMicrosoftTracingSpyHunter4_RASMANCS =>Crapware.SpyHunter
    HKLMSOFTWAREMicrosoftTracingutorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREMicrosoftTracingutorrent_RASMANCS =>P2P.µTorrent
    ~ BTK: 257 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 05/02/2014 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 05/02/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/10/2009 1420592 | (InCDSrv) . (.Nero AG.) – C:Program FilesNeroToolsInCDInCDSrv.exe
    SS – | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Demand 13/10/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) – C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
    SR – | Auto 03/09/2013 181152 | (AdobeActiveFileMonitor12.0) . (.Adobe Systems Incorporated.) – C:Program FilesAdobeElements 12 OrganizerPhotoshopElementsFileAgent.exe
    SR – | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
    SR – | Auto 07/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 16/10/2009 53560 | (NeroRegInCDSrv) . (.Nero AG.) – C:Program FilesNeroToolsInCDNBHRegInCDSrv.exe
    SR – | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) – C:Program FilesTeamViewerVersion9TeamViewer_Service.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 11s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (05/05/2014)
    Clés trouvées (Keys found) : 1
    Valeurs trouvées (Values found) : 5
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallKMSpico v5.1_is1] =>PUP.KMSpico^
    C:Program FilesKMSpico =>PUP.KMSpico^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:ProgramDatasAevE. net =>PUP.SaveNet^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow^
    ~ Additionnel Scan: 237318 Items scanned in 00mn 47s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow” onclick=”window.open(this.href);return false; =>PUA.StartShow
    http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser” onclick=”window.open(this.href);return false; =>Hijacker.Browsers
    http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico” onclick=”window.open(this.href);return false; =>PUP.KMSpico
    http://nicolascoolman.byethost7.com/wordpress/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter” onclick=”window.open(this.href);return false; =>Crapware.SpyHunter
    http://nicolascoolman.byethost7.com/wordpress/trojan-staser/” onclick=”window.open(this.href);return false; =>Trojan.Staser
    http://nicolascoolman.webs.com/apps/blog/show/41250896-pup-serialtrunc” onclick=”window.open(this.href);return false; =>PUP.SerialTrunc
    ~ MSI: 7 link(s) detected in 00mn 00s

    ~ 717 Legitimates filtered by white list
    End of the scan (484 lines in 02mn 07s)(0)[/spoiler:1p97jf6y]

    :merci2:

Le sujet ‘Redirection des brozsers sur des sites pub’ est fermé à de nouvelles réponses.