4 sujets de 1 à 4 (sur un total de 4)
  • Auteur
    Messages
  • florent1012
    Participant
    Nombre d'articles : 2

    Bonjour,
    j’ai rencontré ce problème aujourd hui après avoir connecté ma clé à un ordinateur public de l’hopital:
    -les fichiers présents dans les dossiers sont illisibles et ils affichent des noms bizarres avec des chiffres des lettres et des symboles
    -windows a essayé de réparer le lecteur et le dossier manipulé lors de la contamination est transformé en document non conne de 8 ko alors qu il était volumineux
    j ai perdu bcp de données ….

    J’ai effectué les analyses avec adw , mbam et zhpdiag
    voici les rapports :

    adw

    # AdwCleaner v3.311 – Rapport créé le 02/10/2014 à 19:12:16
    # Mis à jour le 30/09/2014 par Xplode
    # Système d’exploitation : Windows 8.1 (64 bits)
    # Nom d’utilisateur : Florent – FLORENT
    # Exécuté depuis : C:UsersFlorentDownloadsadwcleaner_3.311.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : DptfParticipantProcessorService
    Service Supprimé : DptfPolicyConfigTDPService

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Program Files (x86)BrowseMark
    Dossier Supprimé : C:Program Files (x86)Mysearchdial
    Dossier Supprimé : C:UsersFlorentAppDataRoamingMysearchdial
    Fichier Supprimé : C:WINDOWSSystem32DptfParticipantProcessorService.exe
    Fichier Supprimé : C:WINDOWSSystem32DptfPolicyConfigTDPService.exe

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREClassesAppID{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Clé Supprimée : HKCUSoftwareBrowseMark
    Clé Supprimée : HKCUSoftwareConduit
    Clé Supprimée : HKCUSoftwareInstallCore
    Clé Supprimée : HKCUSoftwaremysearchdial
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareSmartBar
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallBrowseMark

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17278

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]

    -\ Mozilla Firefox v32.0.3 (x86 fr)

    [ Fichier : C:UsersFlorentAppDataRoamingMozillaFirefoxProfilesf9o46h13.defaultprefs.js ]

    -\ Google Chrome v37.0.2062.124

    [ Fichier : C:UsersFlorentAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [3621 octets] – [02/10/2014 19:06:19]
    AdwCleaner[R1].txt – [3681 octets] – [02/10/2014 19:11:21]
    AdwCleaner[S0].txt – [2542 octets] – [02/10/2014 19:12:16]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [2602 octets] ##########

    MBAM

    Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l’examen: 02/10/2014
    Heure de l’examen: 19:19:46
    Fichier journal: mbam.txt
    Administrateur: Oui

    Version: 2.00.2.1012
    Base de données Malveillants: v2014.10.02.07
    Base de données Rootkits: v2014.09.19.01
    Licence: Gratuite
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Self-protection: Désactivé(e)

    Système d’exploitation: Windows 8.1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: Florent

    Type d’examen: Examen « Menaces »
    Résultat: Terminé
    Objets analysés: 321466
    Temps écoulé: 15 min, 47 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Heuristics: Activé(e)
    PUP: Avertir
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0
    (No malicious items detected)

    Valeurs du Registre: 1
    PUP.Optional.MySearchDial.A, HKUS-1-5-21-3931002472-240238540-358939303-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Mis en quarantaine, [47a8749b5e1ed3635a0753ca39ca07f9]

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 1
    PUP.Optional.Conduit.A, C:UsersFlorentAppDataRoamingBitTorrentism.exe, Mis en quarantaine, [8f60ff103c4076c0b36ad0ca05fc9f61],

    Secteurs physiques: 0
    (No malicious items detected)

    (end)

    zhpdiag

    ~ Rapport de ZHPDiag v2014.9.30.139 – Nicolas Coolman (28/09/2014)
    ~ Lancé par Florent (02/10/2014 19:48:53)
    ~ Adresse du Site Web http://nicolascoolman.fr » onclick= »window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr » onclick= »window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17278
    MFIE: Mozilla Firefox 32.0.3 (Defaut)
    GCIE: Google Chrome v37.0.2062.124

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8.1, 64-bit (Build 9600)
    Windows Server License Manager Script : OK
    ~ Windows(R) Operating System, OEM_DM channel
    Windows ID Activation : OK
    ~ Windows Partial Key : JHRD6
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1000
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Bitdefender Antivirus Plus 2013 v16.23.0.1637
    Malwarebytes Anti-Malware version 2.0.2.1012
    Windows Defender W8 (Deactivate)

    —\ Logiciels d’optimisation du système
    CCleaner v4.15

    —\ Logiciels de partage PeerToPeer
    eMule

    —\ Surveillance de Logiciels
    Adobe Flash Player 15 Plugin
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3981 MB (41% free)
    System Restore: Activé (Enable)
    System drive C: has 66 GB (35%) free of 186 GB

    —\ Mode de connexion au système
    ~ Computer Name: FLORENT
    ~ User Name: Florent
    ~ All Users Names: HomeGroupUser$, Florent, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersFlorentAppDataRoamingZHP
    ~ %AppData% : C:UsersFlorentAppDataRoaming
    ~ %Desktop% : C:UsersFlorentDesktop
    ~ %Favorites% : C:UsersFlorentFavorites
    ~ %LocalAppData% : C:UsersFlorentAppDataLocal
    ~ %StartMenu% : C:UsersFlorentAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 66 Go of 186 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
    G: Floppy drive, Flash card reader, USB Key (Free 3 Go of 14 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.ACDBE1ED38167C8B01B8F63161BB2CEA] – (.Microsoft Corporation – Explorateur Windows.) (.23/08/2014 – 08:48:28.) — C:WindowsExplorer.exe [2374784]
    [MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
    [MD5.30C355249224173151874A7B86A8BB66] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.16/08/2014 – 01:56:32.) — C:WindowsSystem32wininet.dll [2310656]
    [MD5.306EB21E5B480AE9065EA55AC8C35936] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.18/03/2014 – 11:09:53.) — C:WindowsSystem32Winlogon.exe [562176]
    [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] – (.Microsoft Corporation – Bibliothèque de licences.) (.18/03/2014 – 11:09:55.) — C:WindowsSystem32sppcomapi.dll [447488]
    [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.30/05/2014 – 04:03:03.) — C:Windowssystem32DriversAFD.sys [563200]
    [MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
    [MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
    [MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
    [MD5.A03F362C5557E238CBFA914689C77248] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/06/2014 – 11:55:35.) — C:Windowssystem32DriversDfsC.sys [134144]
    [MD5.D4B7ED39C7900384D9E5C1283F1E7926] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.24/07/2014 – 12:45:39.) — C:Windowssystem32DriversHDAudBus.sys [76800]
    [MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
    [MD5.B7342B3C58E91107F6E946A93D9D4EFD] – (.Microsoft Corporation – IP Network Address Translator.) (.18/03/2014 – 11:09:57.) — C:Windowssystem32DriversIpNat.sys [142848]
    [MD5.7A1A3F213CDB3363D179D5014272025D] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.30/04/2014 – 07:41:46.) — C:Windowssystem32DriversMRxSmb.sys [402432]
    [MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
    [MD5.038C77D577900EE39410662478BB0D50] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/07/2014 – 16:07:52.) — C:Windowssystem32Driversntfs.sys [2009920]
    [MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
    [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
    [MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 – 10:41:24.) — C:Windowssystem32Driversrdpdr.sys [195584]
    [MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
    [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.19/06/2014 – 03:13:36.) — C:Windowssystem32Driversvolsnap.sys [310080]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/13341
    ~ Mes musiques (My Musics) : 6/4120
    Mes Videos (My Videos) : 2/2 (Modified)
    ~ Mes Favoris (My Favorites) : 1/7
    ~ Mes Documents (My Documents) : 1/6087
    ~ Mon Bureau (My Desktop) : 3/632
    ~ Menu demarrer (Programs) : 1/30
    ~ Hidden Files: Scanned in 00mn 05s

    —\ Processus lancés
    [MD5.7C58A2513C3DA421A461D75C66C56D21] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1123536] [PID.4188]
    [MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [178848] [PID.4652]
    [MD5.2C35624F79B9ADBFE47090879F0D8673] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322208] [PID.4660]
    [MD5.29769215DEB6E8418EF3656B0423776E] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20352] [PID.4608]
    [MD5.B7BCA8A30CE13A283CDBDECEF5616C39] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [107192] [PID.5244]
    [MD5.CA595FA53E6C797EC1AB43AFB4B4F183] – (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe [43816] [PID.5292]
    [MD5.97202E9C0D86387888435470CCAF45BE] – (.ASUSTeK – ACEngSvr Module.) — C:WindowsSysWOW64ACEngSvr.exe [192000] [PID.5380]
    [MD5.096407F0CB75519F4DBFBA5BB413187B] – (.Apple Inc. – iCloud Photos.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe [43816] [PID.5388]
    [MD5.EB8E27A3C1EA82711BC4037D53EE5122] – (.Dropbox, Inc. – Dropbox.) — C:UsersFlorentAppDataRoamingDropboxbinDropbox.exe [36414624] [PID.5636]
    [MD5.34D296AFC913E302953C70463EF09A48] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HPHP Software Updatehpwuschd2.exe [96056] [PID.5708]
    [MD5.545676F48851A5C65A38CAE5B5518C95] – (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe [43816] [PID.5756]
    [MD5.25A51D18D48F1E144ABEC667E98C6261] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1558176] [PID.6484]
    [MD5.09252818AC12B2D32D6B4403C13BCF75] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8109568] [PID.4732]
    [MD5.FB104D17018B4CA9F0C1A9BED02D15FC] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.3920]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersFlorentAppDataLocalGoogleChromeUser DataDefaultPreferences

    —\ Liste des dossiers d’extension Google Chrome
    ~ Google Lines Browser: 1 Legitimates Filtered in 00mn 04s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M2 – MFEP: prefs.js [Florent – f9o46h13.defaultzoteroWinWordIntegration@zotero.org] [] Zotero Word for Windows Integration v3.1.16 (..)
    ~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (21)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Bing Bar – [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. – Bing Client Extensions.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0amd64BingExt.dll =>Toolbar.Bing
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: eMule.lnk . (.http://www.emule-project.net » onclick= »window.open(this.href);return false; – eMule.) — C:Program Files (x86)eMuleemule.exe =>P2P.eMule
    O4 – GSQuickLaunch [Florent]: BitTorrent.lnk . (.BitTorrent Inc. – BitTorrent.) — C:UsersFlorentAppDataRoamingBitTorrentBitTorrent.exe =>P2P.BitTorrent
    O4 – GSDesktop [Florent]: BitTorrent.lnk . (.BitTorrent Inc. – BitTorrent.) — C:UsersFlorentAppDataRoamingBitTorrentBitTorrent.exe =>P2P.BitTorrent
    ~ Global Startup: 3 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [DptfPolicyLpmServiceHelper] C:WINDOWSsystem32DptfPolicyLpmServiceHelper.exe (.not file.)
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. – Bluetooth Shell Extension.) — C:Program Files (x86)IntelBluetoothbtmshell.dll
    O4 – HKLM..Run: [ACMON] . (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe
    O4 – HKLM..Run: [Bdagent] . (.Bitdefender – Bitdefender Agent.) — C:Program FilesBitdefenderBitdefender 2013bdagent.exe
    O4 – HKCU..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    O4 – HKCU..Run: [ApplePhotoStreams] . (.Apple Inc. – iCloud Photos.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    O4 – HKCU..Run: [HP Photosmart 5510 series (NET)] . (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Photosmart 5510 seriesBinScanToPCActivationApp.exe =>.Hewlett-Packard Co
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKUSS-1-5-21-3931002472-240238540-358939303-1001..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    O4 – HKUSS-1-5-21-3931002472-240238540-358939303-1001..Run: [ApplePhotoStreams] . (.Apple Inc. – iCloud Photos.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    O4 – HKUSS-1-5-21-3931002472-240238540-358939303-1001..Run: [HP Photosmart 5510 series (NET)] . (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Photosmart 5510 seriesBinScanToPCActivationApp.exe =>.Hewlett-Packard Co
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office14ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office14ONBTTN~1.dll =>.Microsoft Corporation
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{650D48EA-7331-4C44-B5B7-EEE48797DB81}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{650D48EA-7331-4C44-B5B7-EEE48797DB81}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: UpdaterSvcBrowseMark (UpdaterSvcBrowseMark) . (…) – C:Program Files (x86)BrowseMarkupdater.exe (.not file.) =>PUP.BrowseMark
    ~ Services: 23 Legitimates Filtered in 00mn 03s

    —\ Tâches planifiées en automatique (O39)
    [MD5.5C9B001D8970C2DA36254A916F3DA8F7] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (…) — C:Program Files (x86)IntelIntel(R) Update Managerbiniumsvc.exe [174368]
    [MD5.5C9B001D8970C2DA36254A916F3DA8F7] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (…) — C:Program Files (x86)IntelIntel(R) Update Managerbiniumsvc.exe [174368]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1082]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1086]
    ~ Scheduled Task: 18 Legitimates Filtered in 00mn 04s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareWow6432NodeSOSVirus]
    ~ Key Software: 241 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 06/08/2013 – 10:57:23 – [] —-D C:Program Files (x86)EuroThink
    ~ Program Folder: 143 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.DF7965F7343425FCB5A31B3073607482] – 02/10/2014 – 18:06:11 —A- . (…) — C:WindowsSystem32checkdnsid.xml [344]
    O44 – LFC:[MD5.9F4F4E66AB47D7D2D30DD068EC55DD26] – 02/10/2014 – 18:42:50 —A- . (…) — C:bdlog.txt [60933]
    O44 – LFC:[MD5.BE20366BA688643B19507592ED9B634B] – 29/09/2014 – 11:00:08 —A- . (…) — C:IFRToolLog.txt [3009]
    ~ Files: 18 Legitimates Filtered in 00mn 06s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktopChanges »=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:21/05/2013 – 08:14:00 —A- . (.Windows (R) Win 7 DDK provider – Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) — C:WindowsSystem32DriversAmpPal.sys [165344]
    O58 – SDL:13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
    O58 – SDL:25/09/2012 – 08:52:04 —A- . (.Windows (R) Win 7 DDK provider – IEEE-1284.4-1999 Driver.) — C:WindowsSystem32DriversDot4.sys [151968]
    O58 – SDL:25/09/2012 – 08:52:04 —A- . (.Windows (R) Win 7 DDK provider – IEEE-1284.4 Print Class Driver.) — C:WindowsSystem32DriversDot4Prt.sys [27040]
    O58 – SDL:02/08/2012 – 04:22:48 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
    O58 – SDL:13/12/2012 – 13:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    O58 – SDL:09/08/2012 – 19:29:52 —A- . (.Windows (R) Win 7 DDK provider – xHCIport.sys.) — C:WindowsSystem32DriversxHCIPort.sys [188384]
    ~ Drivers: 73 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 02/10/2014 – 19:49:30 —A- . (.SQLite Development Team.) — C:UsersFlorentAppDataLocalMicrosoftWindowsINetCacheIE64YCRX7WSQLite3_300700200[1].dll [536576]
    O61 – LFC: 02/10/2014 – 19:49:36 —A- . (…) — C:UsersFlorentAppDataRoamingsp_data.sys [408]
    O61 – LFC: 02/10/2014 – 19:49:41 —A- . (…) — C:UsersFlorentDownloadsadwcleaner_3.311.exe [1375089]
    ~ 68 Fichiers temporaires (Temporary files)
    ~ 2 Fichiers cookies (Cookies files)
    ~ Files: 13 Legitimates Filtered in 00mn 12s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [Florent – f9o46h13.default] user_pref(« weboftrust.search.ask.display », « Ask.com Web Search »);
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.190D4AB445BCA77DF6DE189D93A4499C] [SPRF][03/12/2012] (…) — C:ProgramData1354569686.bdinstall.bin [502]
    [MD5.375F3FCCA505388899FBBA79DF374A66] [SPRF][03/12/2012] (…) — C:ProgramData1354569729.bdinstall.bin [502]
    [MD5.854E32A280DD867E991BD08B961DEFD4] [SPRF][03/12/2012] (…) — C:ProgramData1354569944.bdinstall.bin [2805842]
    [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
    [MD5.3CF2C2F7FC07728536B532322AF61FF3] [SPRF][02/10/2014] (…) — C:UsersFlorentAppDataRoamingsp_data.sys [408]
    ~ Files: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: « {A932D4A3-BF71-46DD-AABF-00C1C1D84F53} » | In – None – P17 – TRUE | .(.BitTorrent Inc. – BitTorrent.) — C:UsersFlorentAppDataRoamingBitTorrentBitTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: « {51EAE013-F9F0-4EBA-896B-F4527E5F3111} » | In – None – P6 – TRUE | .(.BitTorrent Inc. – BitTorrent.) — C:UsersFlorentAppDataRoamingBitTorrentBitTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 2 Legitimates Filtered in 00mn 01s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: « 537E56336A8449149988EC95CAA55E30 » . (.Bing Bar.) — C:WindowsInstaller{3365E735-48A6-4194-9988-CE59AC5AE503}icon_installer_ico =>Toolbar.Bing
    ~ Update Products: 1 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.5D3A30ADD585A102F1B60C0BA313ECEE] [WIS][11/03/2014] (.Microsoft Corporation – Bing Bar.) — C:WindowsInstallerc0f10.msi [741376] =>Toolbar.Bing
    ~ WIS: 1 Legitimates Filtered in 00mn 01s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
    [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
    ~ BCK: 5313 Legitimates Filtered in 00mn 06s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 09/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 11/03/2014 247968 | (BBUpdate) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0SeaPort.exe =>Toolbar.Bing
    SS – | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Auto 04/08/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 04/08/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 01/09/2014 640840 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SS – | Demand 28/02/2014 174368 | (iumsvc) . (…) – C:Program Files (x86)IntelIntel(R) Update Managerbiniumsvc.exe
    SS – | Demand 01/10/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Demand 28/08/2013 273136 | (MyWiFiDHCPDNS) . (…) – C:Program FilesIntelWiFibinPanDhcpDns.exe
    SS – | Auto 10/07/1658 0 | (UpdaterSvcBrowseMark) . (…) – C:Program Files (x86)BrowseMarkupdater.exe =>PUP.BrowseMark
    SS – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 21/05/2013 772064 | (AMPPALR3) . (.Intel Corporation.) – C:Program FilesIntelBluetoothHSBTHSAmpPalService.exe
    SR – | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 23/07/2012 105120 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 11/03/2014 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing
    SR – | Auto 08/08/2012 1091520 | (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) – C:Program Files (x86)IntelBluetoothdevmonsrv.exe
    SR – | Auto 08/08/2012 1112000 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) – C:Program Files (x86)IntelBluetoothobexsrv.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 12/09/2012 135984 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) – C:Program FilesIntelBluetoothHSBTHSSecurityMgr.exe
    SR – | Auto 28/08/2013 626416 | (EvtEng) . (.Intel(R) Corporation.) – C:Program FilesIntelWiFibinEvtEng.exe
    SR – | Auto 30/03/2012 79664 | (ExpressCache) . (.Diskeeper Corporation.) – C:Program FilesDiskeeper CorporationExpressCacheExpressCache.exe
    SR – | Demand 22/08/2013 37768 | C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 22/08/2013 37768 | C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
    SR – | Auto 30/07/2012 193576 | (irstrtsv) . (.Intel Corporation.) – C:WindowsSysWOW64irstrtsv.exe
    SR – | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 22/08/2013 37768 | C:WindowsSystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 22/08/2013 37768 | C:WindowsSystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 28/08/2013 149744 | (RegSrvc) . (.Intel(R) Corporation.) – C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
    SR – | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 22/12/2013 67320 | (UPDATESRV) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2013updatesrv.exe
    SR – | Auto 22/12/2013 1645256 | (VSSERV) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2013vsserv.exe
    SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
    SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 28/08/2013 3378416 | (ZeroConfigService) . (.Intel® Corporation.) – C:Program FilesIntelWiFibinZeroConfigService.exe
    ~ Services: Scanned in 00mn 07s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by Florent at 02/10/2014 19:50:18
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
    Run by Florent at 02/10/2014 19:50:20
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (28/09/2014)
    Clés trouvées (Keys found) : 1
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 3

    [HKLMSYSTEMCurrentControlSetServicesUpdaterSvcBrowseMark] =>PUP.BrowseMark^
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
    C:WindowsInstallerc0f10.msi =>Toolbar.Bing^
    [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
    [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
    ~ Additionnel Scan: 304809 Items scanned in 00mn 16s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ » onclick= »window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ » onclick= »window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ » onclick= »window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ AMI: 3 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-browsemark » onclick= »window.open(this.href);return false; =>PUP.BrowseMark
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 623 Legitimates filtered by white list
    End of the scan (469 lines in 01mn 44s)(0)

    MERCI POUR L AIDE …

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8200

    Bonsoir :)

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    florent1012
    Participant
    Nombre d'articles : 2

    ############################## | UsbFix V 7.183 | [Nettoyage]

    Utilisateur: Florent (Administrateur) # FLORENT
    Mis à jour le 30/09/2014 par El Desaparecido – SosVirus
    Lancé à 22:25:16 | 02/10/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : http://www.sosvirus.net/forum-virus-securite.html
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Détection en Live : http://comment-supprimer.fr/
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: ASUSTeK COMPUTER INC. (UX32A)
    CPU: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
    RAM -> [Total : 3982 Mo | Free : 717 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 8.1 (6.3.9600 64-Bit)
    WB: Internet Explorer : 11.00.9600.16384
    WB: Google Chrome : 37.0.2062.124
    WB: Mozilla Firefox : 32.0.3

    ################## | Security Information |

    AV: Windows Defender [(!) Désactivé |A jour]
    AV: Bitdefender Antivirus [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |A jour]
    AS: Bitdefender Antispyware [Actif |A jour]
    FW: Bitdefender Pare-feu [(!) Désactivé]
    AS: Malwarebytes Anti-Malware : 2.0.2.1012
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 186 Go (70 Go libre(s) – 38%) [OS] # NTFS
    D: -> Disque fixe # 258 Go (258 Go libre(s) – 100%) [DATA] # NTFS
    G: -> Disque amovible # 14 Go (3 Go libre(s) – 18%) [] # FAT32

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés. (168.041327476501 MB)

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    04 – HKCU..Run : [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    04 – HKCU..Run : [HP Photosmart 5510 series (NET)] « C:Program FilesHPHP Photosmart 5510 seriesBinScanToPCActivationApp.exe » -deviceID « CN19L039TN05NR:NW » -scfn « HP Photosmart 5510 series (NET) » -AutoStart 1
    04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    04 – HKLM..Run : [APSDaemon] « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
    04 – HKLM..Run : [QuickTime Task] « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : [iTunesHelper] « C:Program Files (x86)iTunesiTunesHelper.exe »
    04 – [x64] HKLM..Run : [DptfPolicyLpmServiceHelper] C:WINDOWSsystem32DptfPolicyLpmServiceHelper.exe
    04 – [x64] HKLM..Run : [IgfxTray] « C:WINDOWSsystem32igfxtray.exe »
    04 – [x64] HKLM..Run : [HotKeysCmds] « C:WINDOWSsystem32hkcmd.exe »
    04 – [x64] HKLM..Run : [Persistence] « C:WINDOWSsystem32igfxpers.exe »
    04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [BTMTrayAgent] rundll32.exe « C:Program Files (x86)IntelBluetoothbtmshell.dll »,TrayApp
    04 – [x64] HKLM..Run : [ACMON] C:Program Files (x86)ASUSSplendidACMON.exe
    04 – [x64] HKLM..Run : [Bdagent] C:Program FilesBitdefenderBitdefender 2013bdagent.exe
    04 – HKUS-1-5-21-3931002472-240238540-358939303-1001..Run : [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    04 – HKUS-1-5-21-3931002472-240238540-358939303-1001..Run : [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    04 – HKUS-1-5-21-3931002472-240238540-358939303-1001..Run : [HP Photosmart 5510 series (NET)] « C:Program FilesHPHP Photosmart 5510 seriesBinScanToPCActivationApp.exe » -deviceID « CN19L039TN05NR:NW » -scfn « HP Photosmart 5510 series (NET) » -AutoStart 1

    ################## | UsbFix – Information |

    Info : Comment supprimer l’infection des raccourcis sur USB ? (Video)
    Info : L’infection des raccourcis USB, c’est quoi ?

    ################## | Hijack |

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [29/09/2014 – 12:00:08 | A | 3 Ko] – C:IFRToolLog.txt
    [02/10/2014 – 19:42:50 | A | 60 Ko] – C:bdlog.txt
    [02/10/2014 – 19:43:24 | ASH | 3261772 Ko] – C:hiberfil.sys
    [02/10/2014 – 19:43:28 | ASH | 720896 Ko] – C:pagefile.sys
    [02/10/2014 – 19:43:30 | ASH | 262144 Ko] – C:swapfile.sys
    [01/10/2014 – 22:21:08 | D] – C:Config.Msi
    [04/12/2012 – 00:29:01 | N | 9 Ko] – C:bdr-ld01.mbr
    [19/10/2012 – 12:17:29 | N | 36263 Ko] – C:bdr-im01.gz
    [14/08/2012 – 10:28:04 | N | 6146 Ko] – C:UX32VDA.BIN
    [21/08/2012 – 08:09:12 | N | 6146 Ko] – C:UX32VD.BIN
    [21/08/2012 – 08:35:56 | N | 6146 Ko] – C:UX32A.BIN
    [14/06/2014 – 13:05:59 | SHD] – C:$Recycle.Bin
    [02/10/2014 – 19:50:18 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [26/07/2012 – 05:44:30 | RASH | 389 Ko] – C:bootmgr
    [15/08/2012 – 15:28:18 | N | 2452 Ko] – C:bdr-bz01
    [17/08/2012 – 11:42:50 | SHD] – C:Boot
    [29/09/2012 – 21:08:01 | D] – C:eSupport
    [29/09/2012 – 21:08:11 | D] – C:AsusVibeData
    [28/11/2012 – 05:19:17 | RHD] – C:MSOCache
    [04/12/2012 – 00:29:01 | N | 247 Ko] – C:bdr-ld01
    [04/12/2012 – 00:29:01 | N | 1 Ko] – C:bdr-cf01
    [20/12/2012 – 01:07:07 | D] – C:sources
    [18/06/2013 – 14:18:29 | N | 0 Ko] – C:BOOTNXT
    [22/08/2013 – 16:45:52 | SHD] – C:Documents and Settings
    [22/08/2013 – 17:22:35 | D] – C:PerfLogs
    [25/11/2013 – 22:42:50 | D] – C:Intel
    [20/04/2014 – 13:29:38 | D] – C:temp
    [14/06/2014 – 12:15:04 | RD] – C:Users
    [14/06/2014 – 12:58:54 | SHD] – C:Recovery
    [01/10/2014 – 20:59:24 | RD] – C:Program Files
    [01/10/2014 – 22:21:08 | D] – C:Windows
    [02/10/2014 – 18:53:21 | D] – C:UsbFix
    [02/10/2014 – 19:12:24 | D] – C:AdwCleaner
    [02/10/2014 – 19:15:20 | HD] – C:ProgramData
    [02/10/2014 – 19:43:23 | RD] – C:Program Files (x86)
    [02/10/2014 – 20:07:14 | SHD] – C:System Volume Information

    ################## | D: – Disque Fixe (NTFS) |

    [28/11/2012 – 05:17:03 | SHD] – D:$RECYCLE.BIN
    [14/06/2014 – 12:34:45 | SHD] – D:System Volume Information

    ################## | G: – Disque USB (FAT32) |

    [02/10/2014 – 18:24:56 | SHD] – G:FOUND.000
    [02/07/2012 – 14:23:42 | D] – G:EMC 2006
    [02/07/2012 – 16:07:00 | D] – G:EMC 2011
    [02/12/2012 – 23:21:08 | D] – G:SOFCOT
    [19/12/2012 – 00:09:04 | D] – G:Cours Traumato Lerat
    [15/01/2013 – 10:15:18 | D] – G:Livres
    [19/03/2013 – 18:48:44 | D] – G:Luxation complète trapèze
    [20/05/2013 – 22:19:24 | D] – G:Cours Manip radio
    [20/05/2013 – 22:55:00 | D] – G:Cours ortho-desc
    [30/08/2014 – 18:49:56 | D] – G:Biblio divers
    [30/08/2014 – 18:52:50 | D] – G:Diu pied
    [30/08/2014 – 18:53:28 | D] – G:dossier CCA
    [30/08/2014 – 18:53:28 | D] – G:Divers
    [30/08/2014 – 18:53:36 | D] – G:étude BrachyMT
    [30/08/2014 – 18:53:40 | D] – G:étude DMMO
    [30/08/2014 – 18:53:40 | D] – G:Planning gardes
    [30/08/2014 – 18:53:40 | D] – G:Stafit Zimmer
    [30/08/2014 – 18:54:40 | N | 8 Ko] – G:Thèse
    [30/08/2014 – 18:58:02 | SHD] – G:System Volume Information
    [12/09/2014 – 12:53:38 | D] – G:Enseignements

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8200

    re

    ta clé va mieux ?

    désactive ton antivirus le temps du scan

    Télécharge quickDiag ici : https://www.sosvirus.net/telecharger/quickdiag/ » onclick= »window.open(this.href);return false;

    lance-le , clique sur « Quick » puis une fois terminé , heberge le rapport sur http://upload.sosvirus.net » onclick= »window.open(this.href);return false; et donne le lien obtenu pour aller le consulter

    le rapport sera sur le bureau au nom de QuickDiag_date_heure.txt

4 sujets de 1 à 4 (sur un total de 4)

Vous devez être connecté pour répondre à ce sujet.