Virus sur clef usb 2013-11-30T10:03:53+00:00
  • Auteur
    Messages
  • lilidurhone
    Post count: 0

    :)

    Je passe en résolu ;)

  • Delphine94
    Post count: 0

    Voila c’est fait !
    https://antimalware.top/log/SosUpload.55b8ddd823b157b96f9e441be5e1108f.txt” onclick=”window.open(this.href);return false;

    Merci beaucoup

  • lilidurhone
    Post count: 0

    :)

    Si tu n’as plus de questions passe à la suite ;)

    1)Nettoyer avec SFTCG

    • Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
    • Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    2)Passe Delfix

    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche la case suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

    [fin2desinf:1kbp9z44][/fin2desinf:1kbp9z44]

  • Delphine94
    Post count: 0

    Super !
    C’est fait …

  • lilidurhone
    Post count: 0

    :)

    Bonne nouvelle ;)

    Tu n’es plus infectée

    Avant de passer au final

    Mets avast à jour via l’interface> maintenance mettre à jour le programme

    Firefox n’est plus à jour
    Ouvres le et cliques sur le point d’interrogation>à propos de
    Laisse faire la maj

  • Delphine94
    Post count: 0

    Bonjour ! voici le rapport :

    ~ Rapport de ZHPDiag v2014.1.2.5 – Nicolas Coolman (02/01/2014)
    ~ Lancé par delphine (08/01/2014 15:44:14)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16476
    MFIE: Mozilla Firefox 15.0.1
    GCIE: Google Chrome v31.0.1650.63 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 7QJB7
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2008
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3958 MB (58% free)
    System Restore: Activé (Enable)
    System drive C: has 109 GB (38%) free of 285 GB

    —\ Mode de connexion au système
    ~ Computer Name: DELPHINE-PC
    ~ User Name: delphine
    ~ All Users Names: HomeGroupUser$, delphine, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersdelphineAppDataRoamingZHP
    ~ %AppData% : C:UsersdelphineAppDataRoaming
    ~ %Desktop% : C:UsersdelphineDesktop
    ~ %Favorites% : C:UsersdelphineFavorites
    ~ %LocalAppData% : C:UsersdelphineAppDataLocal
    ~ %StartMenu% : C:UsersdelphineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 109 Go of 285 Go)
    D: CD-ROM drive (Not Inserted)
    E: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 44 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.26/11/2013 – 08:07:57.) — C:WindowsSystem32wininet.dll [2334208]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/33
    ~ Mes musiques (My Musics) : 1/54
    ~ Mes Videos (My Videos) : 1/3
    ~ Mes Favoris (My Favorites) : 1/35
    ~ Mes Documents (My Documents) : 1/77
    ~ Mon Bureau (My Desktop) : 2/1175
    ~ Menu demarrer (Programs) : 1/38
    ~ Hidden Files: Scanned in 00mn 05s

    —\ Processus lancés
    [MD5.129EEB70D8460172F04530F43593717C] – (.Egis Technology Inc. – MyWinLocker.) — C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe [349552] [PID.2224]
    [MD5.17C5E2A94AA1B42D499A5396D67E0B61] – (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe [206208] [PID.2492]
    [MD5.0524D4A3CF377BCDD6A379680AD3DC7D] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe [3521424] [PID.3272]
    [MD5.0ADF079D36B2C25E6E9BECE1BD937ACE] – (.Egis Technology Inc. – PMM Update Application.) — C:Program Files (x86)EgisTec IPSPmmUpdate.exe [407920] [PID.3440]
    [MD5.2782D83D9B1071E28E2A4D9C6F5307C6] – (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe [260608] [PID.4088]
    [MD5.B283F9A1DEABD43ACC7481F893CF21E9] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [908368] [PID.2104]
    [MD5.9ECF375A6E4E74D056F4B54E76D58721] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284696] [PID.1260]
    [MD5.F255E48EA981E943A14CF16269F3F3AF] – (.Egis Technology Inc. – EgisUpdate Release Application.) — C:Program Files (x86)EgisTec IPSEgisUpdate.exe [201584] [PID.4136]
    [MD5.5F7EE76129F9A591F22F99F95D97AC95] – (.CANON INC. – Canon IJ Network Scanner Selector EX.) — C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe [452016] [PID.4156]
    [MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.4392]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4444]
    [MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3568312] [PID.4452]
    [MD5.5AAA9F136A6DEC2992529F5258AE4F54] – (.Dritek System Inc. – Launch Manager Worker.) — C:Program Files (x86)Launch ManagerLMworker.exe [298064] [PID.4632]
    [MD5.C8A8321292A459B0A17FB39A782A5C74] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [806096] [PID.4304]
    [MD5.486BDC196F8914845302745A15310D62] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8321024] [PID.5060]
    [MD5.4D41D30E2FAB3307967C7A0B045DC874] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1264]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1956]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2004]
    [MD5.E2B2853A0210D6EDAB2261870BD80C1A] – (.Dritek System Inc. – Dritek WMI Service.) — C:Program Files (x86)Launch Managerdsiwmis.exe [312400] [PID.2404]
    [MD5.0191DEE9B9EB7902AF2CF4F67301095D] – (.Acer Incorporated – Global Registration Service.) — C:Program Files (x86)AcerRegistrationGREGsvc.exe [23584] [PID.2648]
    [MD5.DBC1136A62BD4DECC3632DF650284C2E] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.2688]
    [MD5.5B3CE960C62DBE864BE9A0BD043A3E30] – (.NewTech Infosystems, Inc. – Backup Manager Module.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe [250368] [PID.2772]
    [MD5.B5071E15D4C3F5EF5018AFF7E85A85E5] – (.NewTech Infosystems, Inc. – NTI Backup Now 5 SchedulerSvc NT Service.) — C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [144640] [PID.2176]
    [MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] – (.Acer Group – Updater Service.) — C:Program FilesAcerAcer UpdaterUpdaterService.exe [243232] [PID.2944]
    [MD5.6B24D1C3096DE796D15571079EA5E98C] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.3516]
    [MD5.7466809E6DA561D60C2F1CE8EDE3C73F] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2320920] [PID.3508]
    ~ Processes Running: Scanned in 00mn 03s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersdelphineAppDataLocalGoogleChromeUser DataDefaultPreferences
    ~ Google Browser: 14 Legitimates Filtered in 00mn 05s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultprefs.js
    M2 – MFEP: prefs.js [delphine – t4i02jx2.defaultfoxyproxy@eric.h.jung] [] Foxyproxy v0.9.7 (..) =>Hijacker.Proxy
    ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: avast! Online Security – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAlwil SoftwareAvast5aswWebRepIE64.dll
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. – Easy Guide Viewer.) — C:Program Files (x86)CanonIJ ManualEasy Guide Viewercmview.exe
    O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Public]: Monopoly Deluxe.lnk . (.TikGames, LLC. – TikGames’ Executable.) — C:Program Files (x86)Monopoly Deluxemonopoly.exe
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSDesktop [Public]: Worms Revolution.lnk . (…) — C:Program Files (x86)Worms RevolutionWormsRevolution.exe
    O4 – GSProgram [Public]: Copernic Agent Personal.lnk . (.Copernic Inc. – Copernic Agent.) — C:Program Files (x86)Copernic AgentCopernicAgent.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [delphine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [delphine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [delphine]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSTaskBar [delphine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [delphine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [delphine]: Cake Mania 3.lnk . (…) — C:Program Files (x86)Cake Mania 3CakeMania3.exe
    O4 – GSDesktop [delphine]: GigaTribe.lnk . (…) — C:Program Files (x86)GigaTribegigatribe.exe
    O4 – GSDesktop [delphine]: HotPotatoes 6.lnk . (.HalfBaked – HotPot chooser executable.) — C:Program Files (x86)HotPotatoes6HotPot.exe
    O4 – GSDesktop [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [delphine]: Might & Magic Heroes VI.exe – Raccourci.lnk . (.Black Hole Entertainment – Might & Magic Heroes VI.) — C:Program Files (x86)UbisoftMight & Magic Heroes VIMight & Magic Heroes VI.exe
    O4 – GSDesktop [delphine]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [delphine]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    ~ Global Startup: 83 Legitimates Filtered in 00mn 02s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [delphine]: GigaTribe.lnk . (…) — C:Program Files (x86)GigaTribegigatribe.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [mwlDaemon] . (.Egis Technology Inc. – MyWinLocker.) — C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe
    O4 – HKLM..Run: [ETDWare] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKLM..Run: [PLFSetI] . (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe
    O4 – HKLM..Run: [Acer ePower Management] . (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer ePower ManagementePowerTray.exe
    O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
    O4 – HKCU..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKiesHelper.exe
    O4 – HKCU..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKCU..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKLM..Wow6432NodeRun: [SuiteTray] . (.Egis Technology Inc. – SuiteTray.) — C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe
    O4 – HKLM..Wow6432NodeRun: [EgisUpdate] . (.Egis Technology Inc. – EgisUpdate Release Application.) — C:Program Files (x86)EgisTec IPSEgisUpdate.exe
    O4 – HKLM..Wow6432NodeRun: [EgisTecPMMUpdate] . (.Egis Technology Inc. – PMM Update Application.) — C:Program Files (x86)EgisTec IPSPmmUpdate.exe
    O4 – HKLM..Wow6432NodeRun: [BackupManagerTray] . (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [avast5] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [CanonSolutionMenuEx] . (.CANON INC. – Canon Solution Menu EX.) — C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.exe
    O4 – HKLM..Wow6432NodeRun: [IJNetworkScannerSelectorEX] . (.CANON INC. – Canon IJ Network Scanner Selector EX.) — C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKiesHelper.exe
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCCSServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCCSServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCS1ServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCS1ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCS2ServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS2ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCS2ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 05/02/2011 – 13:38:23 – [0,036] —-D C:UsersdelphineAppDataRoamingcom.johnwu.partybooth.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
    ~ Program Folder: 212 Legitimates Filtered in 00mn 58s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.A694C3B0286DD0B0F0A0C04B37904633] – 02/01/2014 – 17:57:24 —A- – C:WindowsPrefetchSCHEDULERSVC.EXE-90A39EFD.pf
    O45 – LFCP:[MD5.7AA170FC706D419933F63107C2C2A411] – 02/01/2014 – 17:57:24 —A- – C:WindowsPrefetchUPDATERSERVICE.EXE-7B0C15AC.pf
    O45 – LFCP:[MD5.9BB90D5B5C61B464DAFBD394B2E726F1] – 03/01/2014 – 11:28:08 —A- – C:WindowsPrefetchGREGSVC.EXE-70913FA5.pf
    O45 – LFCP:[MD5.9CE8B52DF8A09B84D9A4A89AC9F60187] – 03/01/2014 – 11:28:08 —A- – C:WindowsPrefetchPLFSETI.EXE-D9D6FD5A.pf
    O45 – LFCP:[MD5.91668675D0F185774531E7C9987113C7] – 05/01/2014 – 11:50:29 —A- – C:WindowsPrefetchINSTUP.EXE-A21AC9E7.pf
    O45 – LFCP:[MD5.EB22B153A54CDAC390DEC653C4635FCF] – 05/01/2014 – 11:50:54 —A- – C:WindowsPrefetchSUITETRAY.EXE-42757614.pf
    O45 – LFCP:[MD5.263437E386B50209EDA04449AAC54F3E] – 05/01/2014 – 11:51:18 —A- – C:WindowsPrefetchCNMNSST.EXE-3071765C.pf
    O45 – LFCP:[MD5.241CAC375C5EE92F46B1822574665D64] – 05/01/2014 – 12:44:25 —A- – C:WindowsPrefetchCNMSEAT.EXE-9439FE89.pf
    O45 – LFCP:[MD5.30650AAFDE0CBAD3763DF8323678A7CD] – 05/01/2014 – 19:19:03 —A- – C:WindowsPrefetchGIGATRIBE.EXE-395D7E6A.pf
    ~ Prefetcher: 139 Legitimates Filtered in 00mn 01s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 01/12/2013 – 12:23:37 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
    O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 01/12/2013 – 12:23:37 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
    O58 – SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] – 15/09/2010 – 09:42:12 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x64).) — C:WindowsSystem32Driversdgderdrv.sys [20552]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.FA5027DD18C80B2D9280CDEC1F44E7F3] – 03/02/2010 – 07:00:18 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [135560]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 30/03/1747 – 19:43:41 —A- . (…) — C:WindowsSystem32Driverssptd.sys [834544]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 15/09/2010 – 09:33:32 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSystem32DriversTFsExDisk.sys [16392]
    O58 – SDL:[MD5.AA33FC47ED58C34E6E9261E4F850B7EB] – 10/05/2011 – 07:06:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [51712]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 15/09/2010 – 09:33:32 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    ~ Drivers: 18 Legitimates Filtered in 00mn 08s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 05/01/2014 – 15:46:41 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [264956]
    O61 – LFC: 05/01/2014 – 15:46:41 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
    O61 – LFC: 05/01/2014 – 15:46:49 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataLocal State [61698]
    O61 – LFC: 05/01/2014 – 15:47:36 —A- . (.THIRION.) — C:UsersdelphineDownloadsProgressions Graphisme PS.doc [45056]
    O61 – LFC: 08/01/2014 – 15:47:25 —A- . (…) — C:UsersdelphineAppDataRoamingZHPLog.txt [61160] =>.Nicolas Coolman
    O61 – LFC: 08/01/2014 – 15:47:25 —A- . (…) — C:UsersdelphineAppDataRoamingZHPTestsZHPDiag.txt [2928] =>.Nicolas Coolman
    ~ 10 Fichiers temporaires (Temporary files)
    ~ Files: 83 Legitimates Filtered in 01mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.F95A1F3EB3F366CC3AE60308EFF48B86] [SPRF][24/04/2011] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.6ACBD475647D7A160657CB3E460F0F35] [SPRF][27/01/2010] (…) — C:ProgramDataFullRemove.exe [131472]
    [MD5.28FC891FBC5BBBB31667417AB87D8D17] [SPRF][01/12/2013] (…) — C:UsersdelphineAppDataLocalTempQuarantine.exe [355227]
    [MD5.5CE10688C6671AE9AFC20B09376E8AB2] [SPRF][02/12/2013] (…) — C:UsersdelphineDesktopadwcleaner.exe [1110034]
    ~ Files: 8 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{A5FE1D71-4295-4A48-83B2-6EA0286A67C3}C:program files (x86)gigatribegigatribe.exe” | In – Private – P6 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “UDP Query User{E121DD3C-C67A-4DE6-B372-393551ACACCE}C:program files (x86)gigatribegigatribe.exe” | In – Private – P17 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “TCP Query User{A0937A1C-BFFE-4A82-ACFA-D6BA9C169B4B}C:program files (x86)worms revolutionwormsrevolution.exe” | In – Private – P6 – TRUE | .(…) — C:program files (x86)worms revolutionwormsrevolution.exe
    O87 – FAEL: “UDP Query User{A50DB778-F9D1-489C-9410-81ED4A3A7178}C:program files (x86)worms revolutionwormsrevolution.exe” | In – Private – P17 – TRUE | .(…) — C:program files (x86)worms revolutionwormsrevolution.exe
    O87 – FAEL: “TCP Query User{D1711842-BA0F-4DDB-8CC5-2B3D9E21F1A0}C:program files (x86)gigatribegigatribe.exe” | In – Public – P6 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “UDP Query User{6BF1863F-A1DB-4CB9-9AF6-DDF6A1ED5B1D}C:program files (x86)gigatribegigatribe.exe” | In – Public – P17 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    ~ Firewall: 237 Legitimates Filtered in 00mn 01s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.39E7E1DA8C789D5991969CAAAA9B41A8] [WIS][24/04/2011] (.Skype Technologies S.A. – Skype Toolbars.) — C:WindowsInstaller437a39.msi [2840576]
    ~ WIS: 113 Legitimates Filtered in 00mn 22s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 09/10/2010 135664 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 09/10/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Auto 10/07/1658 0 | (McAfee SiteAdvisor Service) . (…) – C:Program Files (x86)mcafeeSITEAD~1mcsacore.exe
    SS – | Demand 06/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Demand 17/04/2010 305520 | (MWLService) . (.Egis Technology Inc..) – C:Program Files (x86)EgisTec MyWinLockerx86MWLService.exe
    SS – | Demand 06/11/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) – C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5BackupSvc.exe
    SS – | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe

    SR – | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 22/01/2010 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 01/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 08/04/2010 312400 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
    SR – | Auto 23/04/2010 867360 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
    SR – | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)AcerRegistrationGREGsvc.exe
    SR – | Auto 13/04/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe
    SR – | Auto 06/11/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
    SR – | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) – C:Program FilesAcerAcer UpdaterUpdaterService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 00mn 24s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by delphine at 08/01/2014 15:48:54
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by delphine at 08/01/2014 15:48:56

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 30/03/1747 – 19:43:41 —A- . (…) — C:WindowsSystem32Driverssptd.sys [834544]
    ~ Emulateurs: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13018 – (02/01/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultextensionsfoxyproxy@eric.h.jung =>Hijacker.Proxy^
    ~ Additionnel Scan: 324216 Items scanned in 00mn 29s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy” onclick=”window.open(this.href);return false; =>Hijacker.Proxy
    ~ MSI: 1 link(s) detected in 00mn 29s

    ~ 1397 Legitimates filtered by white list
    End of the scan (472 lines in 05mn 12s)(0)

  • lilidurhone
    Post count: 0

    Hello

    Peux tu refaire un zhpdiag ;)

  • Delphine94
    Post count: 0

    Bonjour,

    Est-ce terminé ou dois-je continuer les étapes ?

    Merci
    Delphine

  • Delphine94
    Post count: 0

    Bonjour,

    voici le lien :
    https://antimalware.top/log/SosUpload.c07dedcb9f6b3e550347a92d375ac683.txt” onclick=”window.open(this.href);return false;

  • lilidurhone
    Post count: 0

    Oui :)

    Tu ouvres un autre sujet ;)

    • Télécharge Junkware Removal Tool Download (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool Download, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  • Delphine94
    Post count: 0

    Bonsoir et merci à tous les deux,
    Pour mon autre ordi vous me conseillez donc de suivre exactement la même procédure ?
    Sinon, pour la suite de celui ci, j’ai refait un zhpdiag et voici le rapport :
    ~ Lancé par delphine (03/12/2013 18:40:21)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 15.0.1
    GCIE: Google Chrome v31.0.1650.57 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 7QJB7
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2008
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3958 MB (51% free)
    System Restore: Activé (Enable)
    System drive C: has 109 GB (38%) free of 285 GB

    —\ Mode de connexion au système
    ~ Computer Name: DELPHINE-PC
    ~ User Name: delphine
    ~ All Users Names: HomeGroupUser$, delphine, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersdelphineAppDataRoamingZHP
    ~ %AppData% : C:UsersdelphineAppDataRoaming
    ~ %Desktop% : C:UsersdelphineDesktop
    ~ %Favorites% : C:UsersdelphineFavorites
    ~ %LocalAppData% : C:UsersdelphineAppDataLocal
    ~ %StartMenu% : C:UsersdelphineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 109 Go of 285 Go)
    D: CD-ROM drive (Not Inserted)
    E: CD-ROM drive (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 07s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/33
    ~ Mes musiques (My Musics) : 1/54
    ~ Mes Videos (My Videos) : 1/3
    ~ Mes Favoris (My Favorites) : 1/35
    ~ Mes Documents (My Documents) : 1/77
    ~ Mon Bureau (My Desktop) : 2/1173
    ~ Menu demarrer (Programs) : 1/38
    ~ Hidden Files: Scanned in 00mn 17s

    —\ Processus lancés
    [MD5.129EEB70D8460172F04530F43593717C] – (.Egis Technology Inc. – MyWinLocker.) — C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe [349552] [PID.2700]
    [MD5.17C5E2A94AA1B42D499A5396D67E0B61] – (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe [206208] [PID.2828]
    [MD5.0524D4A3CF377BCDD6A379680AD3DC7D] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe [3521424] [PID.3048]
    [MD5.EE8D36F6723DBDAF4176003103257E43] – (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe [21392] [PID.1512]
    [MD5.0ADF079D36B2C25E6E9BECE1BD937ACE] – (.Egis Technology Inc. – PMM Update Application.) — C:Program Files (x86)EgisTec IPSPmmUpdate.exe [407920] [PID.3284]
    [MD5.2782D83D9B1071E28E2A4D9C6F5307C6] – (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe [260608] [PID.3300]
    [MD5.B283F9A1DEABD43ACC7481F893CF21E9] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [908368] [PID.3340]
    [MD5.9ECF375A6E4E74D056F4B54E76D58721] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284696] [PID.3348]
    [MD5.5AAA9F136A6DEC2992529F5258AE4F54] – (.Dritek System Inc. – Launch Manager Worker.) — C:Program Files (x86)Launch ManagerLMworker.exe [298064] [PID.3476]
    [MD5.5F7EE76129F9A591F22F99F95D97AC95] – (.CANON INC. – Canon IJ Network Scanner Selector EX.) — C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe [452016] [PID.3484]
    [MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.3536]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.3604]
    [MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3568312] [PID.3612]
    [MD5.F255E48EA981E943A14CF16269F3F3AF] – (.Egis Technology Inc. – EgisUpdate Release Application.) — C:Program Files (x86)EgisTec IPSEgisUpdate.exe [201584] [PID.3716]
    [MD5.D7D5768B8A697FCBAEE2CFE137070F02] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770736] [PID.4684]
    [MD5.85AF4805A6E0512F523170AD228758D3] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8260608] [PID.5280]
    [MD5.4D41D30E2FAB3307967C7A0B045DC874] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1336]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1944]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.1964]
    [MD5.E2B2853A0210D6EDAB2261870BD80C1A] – (.Dritek System Inc. – Dritek WMI Service.) — C:Program Files (x86)Launch Managerdsiwmis.exe [312400] [PID.2724]
    [MD5.0191DEE9B9EB7902AF2CF4F67301095D] – (.Acer Incorporated – Global Registration Service.) — C:Program Files (x86)AcerRegistrationGREGsvc.exe [23584] [PID.2872]
    [MD5.DBC1136A62BD4DECC3632DF650284C2E] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.2936]
    [MD5.5B3CE960C62DBE864BE9A0BD043A3E30] – (.NewTech Infosystems, Inc. – Backup Manager Module.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe [250368] [PID.3060]
    [MD5.B5071E15D4C3F5EF5018AFF7E85A85E5] – (.NewTech Infosystems, Inc. – NTI Backup Now 5 SchedulerSvc NT Service.) — C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [144640] [PID.1160]
    [MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] – (.Acer Group – Updater Service.) — C:Program FilesAcerAcer UpdaterUpdaterService.exe [243232] [PID.3100]
    [MD5.6B24D1C3096DE796D15571079EA5E98C] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.2096]
    [MD5.7466809E6DA561D60C2F1CE8EDE3C73F] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2320920] [PID.2336]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersdelphineAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Extension v.5.5.0.7280 (Désactivé)
    ~ Google Browser: 14 Legitimates Filtered in 00mn 04s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultprefs.js
    M2 – MFEP: prefs.js [delphine – t4i02jx2.defaultfoxyproxy@eric.h.jung] [] Foxyproxy v0.9.7 (..) =>Hijacker.Proxy
    ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. – Easy Guide Viewer.) — C:Program Files (x86)CanonIJ ManualEasy Guide Viewercmview.exe
    O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Public]: Monopoly Deluxe.lnk . (.TikGames, LLC. – TikGames’ Executable.) — C:Program Files (x86)Monopoly Deluxemonopoly.exe
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSDesktop [Public]: Worms Revolution.lnk . (…) — C:Program Files (x86)Worms RevolutionWormsRevolution.exe
    O4 – GSProgram [Public]: Copernic Agent Personal.lnk . (.Copernic Inc. – Copernic Agent.) — C:Program Files (x86)Copernic AgentCopernicAgent.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [delphine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [delphine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [delphine]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSTaskBar [delphine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [delphine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [delphine]: Cake Mania 3.lnk . (…) — C:Program Files (x86)Cake Mania 3CakeMania3.exe
    O4 – GSDesktop [delphine]: GigaTribe.lnk . (…) — C:Program Files (x86)GigaTribegigatribe.exe
    O4 – GSDesktop [delphine]: HotPotatoes 6.lnk . (.HalfBaked – HotPot chooser executable.) — C:Program Files (x86)HotPotatoes6HotPot.exe
    O4 – GSDesktop [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [delphine]: Might & Magic Heroes VI.exe – Raccourci.lnk . (.Black Hole Entertainment – Might & Magic Heroes VI.) — C:Program Files (x86)UbisoftMight & Magic Heroes VIMight & Magic Heroes VI.exe
    O4 – GSDesktop [delphine]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [delphine]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    ~ Global Startup: 83 Legitimates Filtered in 00mn 07s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [delphine]: GigaTribe.lnk . (…) — C:Program Files (x86)GigaTribegigatribe.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [mwlDaemon] . (.Egis Technology Inc. – MyWinLocker.) — C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe
    O4 – HKLM..Run: [ETDWare] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKLM..Run: [PLFSetI] . (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe
    O4 – HKLM..Run: [Acer ePower Management] . (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer ePower ManagementePowerTray.exe
    O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
    O4 – HKCU..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKiesHelper.exe
    O4 – HKCU..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKCU..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKLM..Wow6432NodeRun: [SuiteTray] . (.Egis Technology Inc. – SuiteTray.) — C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe
    O4 – HKLM..Wow6432NodeRun: [EgisUpdate] . (.Egis Technology Inc. – EgisUpdate Release Application.) — C:Program Files (x86)EgisTec IPSEgisUpdate.exe
    O4 – HKLM..Wow6432NodeRun: [EgisTecPMMUpdate] . (.Egis Technology Inc. – PMM Update Application.) — C:Program Files (x86)EgisTec IPSPmmUpdate.exe
    O4 – HKLM..Wow6432NodeRun: [BackupManagerTray] . (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [avast5] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [CanonSolutionMenuEx] . (.CANON INC. – Canon Solution Menu EX.) — C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.exe
    O4 – HKLM..Wow6432NodeRun: [IJNetworkScannerSelectorEX] . (.CANON INC. – Canon IJ Network Scanner Selector EX.) — C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKiesHelper.exe
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCCSServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCCSServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCS1ServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCS1ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCS2ServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS2ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCS2ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 05/02/2011 – 13:38:23 – [0,036] —-D C:UsersdelphineAppDataRoamingcom.johnwu.partybooth.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
    ~ 889 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 1138 Legitimates Filtered in 02mn 42s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.1C3FC30F236655DAA76AD8531604B64C] – 30/11/2013 – 10:48:08


    . (…) — C:UsbFix [Scan 1] DELPHINE-PC.txt [15345]
    O44 – LFC:[MD5.B293E0F7FF8F75E7DE613F42F3B91C01] – 30/11/2013 – 11:30:26 —A- . (…) — C:UsbFix [Clean 2] DELPHINE-PC.txt [14719]
    ~ Files: 29 Legitimates Filtered in 00mn 36s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.CA9B4B6B762580ABC7EC8EE1D09A3724] – 02/12/2013 – 21:09:28 —A- – C:WindowsPrefetchCNMSEAT.EXE-9439FE89.pf
    O45 – LFCP:[MD5.F72A6A68CDA9022CF5C70AEB6D772525] – 02/12/2013 – 21:58:48 —A- – C:WindowsPrefetchINSTUP.EXE-A21AC9E7.pf
    O45 – LFCP:[MD5.968E68484C09FA26FB2179EB8523FE16] – 03/12/2013 – 18:35:51 —A- – C:WindowsPrefetchUPDATERSERVICE.EXE-7B0C15AC.pf
    ~ Prefetcher: 93 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 01/12/2013 – 12:23:37 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
    O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 01/12/2013 – 12:23:37 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
    O58 – SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] – 15/09/2010 – 09:42:12 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x64).) — C:WindowsSystem32Driversdgderdrv.sys [20552]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.FA5027DD18C80B2D9280CDEC1F44E7F3] – 03/02/2010 – 07:00:18 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [135560]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 12/09/1746 – 08:44:55 —A- . (…) — C:WindowsSystem32Driverssptd.sys [834544]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 15/09/2010 – 09:33:32 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSystem32DriversTFsExDisk.sys [16392]
    O58 – SDL:[MD5.AA33FC47ED58C34E6E9261E4F850B7EB] – 10/05/2011 – 07:06:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [51712]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 15/09/2010 – 09:33:32 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    ~ Drivers: 16 Legitimates Filtered in 00mn 08s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 01/12/2013 – 18:46:01 —A- . (.Eric.) — C:UsersdelphineDownloadschrono1518_1.doc [25600]
    O61 – LFC: 01/12/2013 – 18:46:02 —A- . (.Didier HORUS.) — C:UsersdelphineDownloadsdeclaration_prealable_simple.doc [50176]
    O61 – LFC: 01/12/2013 – 18:46:02 —A- . (.Guigui.) — C:UsersdelphineDownloadsdeclaration de greve 5 122013.doc [24064]
    O61 – LFC: 01/12/2013 – 18:46:09 —A- . (…) — C:UsersdelphineDownloadsreleve-Alinea-201311.pdf [117542]
    O61 – LFC: 02/12/2013 – 18:45:15 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [263785]
    O61 – LFC: 02/12/2013 – 18:46:07 —A- . (…) — C:UsersdelphineDownloadslivre à compter PS MS (1).pdf [184894]
    O61 – LFC: 02/12/2013 – 18:46:07 —A- . (…) — C:UsersdelphineDownloadslivre à compter PS MS.pdf [184894]
    O61 – LFC: 02/12/2013 – 18:46:07 —A- . (…) — C:UsersdelphineDownloadsmaldrie_floriane_projet album a compter ps.pdf [5600722]
    O61 – LFC: 03/12/2013 – 18:45:15 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [5]
    O61 – LFC: 03/12/2013 – 18:45:25 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataLocal State [58054]
    O61 – LFC: 03/12/2013 – 18:45:58 —A- . (…) — C:UsersdelphineAppDataRoamingZHPLog.txt [39727] =>.Nicolas Coolman
    O61 – LFC: 03/12/2013 – 18:45:58 —A- . (…) — C:UsersdelphineAppDataRoamingZHPTestsZHPDiag.txt [2939] =>.Nicolas Coolman
    O61 – LFC: 30/11/2013 – 18:45:58 —A- . (…) — C:UsersdelphineAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
    O61 – LFC: 30/11/2013 – 18:45:58 —A- . (…) — C:UsersdelphineAppDataRoamingZHPZHPDiag.txt [40217] =>.Nicolas Coolman
    ~ 17 Fichiers temporaires (Temporary files)
    ~ Files: 141 Legitimates Filtered in 00mn 57s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {3C39FB50-1101-4339-B2B7-593CC5514169} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.F95A1F3EB3F366CC3AE60308EFF48B86] [SPRF][24/04/2011] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.6ACBD475647D7A160657CB3E460F0F35] [SPRF][27/01/2010] (…) — C:ProgramDataFullRemove.exe [131472]
    [MD5.28FC891FBC5BBBB31667417AB87D8D17] [SPRF][01/12/2013] (…) — C:UsersdelphineAppDataLocalTempQuarantine.exe [355227]
    [MD5.5CE10688C6671AE9AFC20B09376E8AB2] [SPRF][02/12/2013] (…) — C:UsersdelphineDesktopadwcleaner.exe [1110034]
    ~ Files: 7 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{A5FE1D71-4295-4A48-83B2-6EA0286A67C3}C:program files (x86)gigatribegigatribe.exe” | In – Private – P6 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “UDP Query User{E121DD3C-C67A-4DE6-B372-393551ACACCE}C:program files (x86)gigatribegigatribe.exe” | In – Private – P17 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “TCP Query User{A0937A1C-BFFE-4A82-ACFA-D6BA9C169B4B}C:program files (x86)worms revolutionwormsrevolution.exe” | In – Private – P6 – TRUE | .(…) — C:program files (x86)worms revolutionwormsrevolution.exe
    O87 – FAEL: “UDP Query User{A50DB778-F9D1-489C-9410-81ED4A3A7178}C:program files (x86)worms revolutionwormsrevolution.exe” | In – Private – P17 – TRUE | .(…) — C:program files (x86)worms revolutionwormsrevolution.exe
    O87 – FAEL: “TCP Query User{D1711842-BA0F-4DDB-8CC5-2B3D9E21F1A0}C:program files (x86)gigatribegigatribe.exe” | In – Public – P6 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “UDP Query User{6BF1863F-A1DB-4CB9-9AF6-DDF6A1ED5B1D}C:program files (x86)gigatribegigatribe.exe” | In – Public – P17 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    ~ Firewall: 237 Legitimates Filtered in 00mn 01s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.39E7E1DA8C789D5991969CAAAA9B41A8] [WIS][24/04/2011] (.Skype Technologies S.A. – Skype Toolbars.) — C:WindowsInstaller437a39.msi [2840576]
    ~ WIS: 113 Legitimates Filtered in 00mn 24s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 09/10/2010 135664 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 09/10/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Auto 10/07/1658 0 | (McAfee SiteAdvisor Service) . (…) – C:Program Files (x86)mcafeeSITEAD~1mcsacore.exe
    SS – | Demand 06/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Demand 17/04/2010 305520 | (MWLService) . (.Egis Technology Inc..) – C:Program Files (x86)EgisTec MyWinLockerx86MWLService.exe
    SS – | Demand 06/11/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) – C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5BackupSvc.exe
    SS – | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe

    SR – | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 22/01/2010 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 01/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 08/04/2010 312400 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
    SR – | Auto 23/04/2010 867360 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
    SR – | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)AcerRegistrationGREGsvc.exe
    SR – | Auto 13/04/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe
    SR – | Auto 06/11/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
    SR – | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) – C:Program FilesAcerAcer UpdaterUpdaterService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 00mn 27s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by delphine at 03/12/2013 18:47:28
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by delphine at 03/12/2013 18:47:30

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 12/09/1746 – 08:44:55 —A- . (…) — C:WindowsSystem32Driverssptd.sys [834544]
    ~ Emulateurs: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13004 – (30/11/2013)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultextensionsfoxyproxy@eric.h.jung =>Hijacker.Proxy^
    ~ Additionnel Scan: 334052 Items scanned in 00mn 25s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy” onclick=”window.open(this.href);return false; =>Hijacker.Proxy
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ MSI: 2 link(s) detected in 00mn 25s

    ~ 2351 Legitimates filtered by white list
    End of the scan (487 lines in 07mn 35s)(0)

  • lilidurhone
    Post count: 0

    Merci Cédric :)

    Delphine

    Oui par précaution ;)

    Refais un zhpdiag ;)

  • Delphine94
    Post count: 0

    Petite question : si j’ai mis ma clef sur un autre ordinateur, est ce que je vais devoir refaire la procédure avec cet autre ordinateur ??
    Merci !!

  • Delphine94
    Post count: 0

    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.12.02.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    delphine :: DELPHINE-PC [administrateur]

    02/12/2013 18:58:48
    mbam-log-2013-12-02 (18-58-48).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 209748
    Temps écoulé: 8 minute(s), 15 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:UsersdelphineDownloadsiLividSetupV1.exe (PUP.Optional.Bandoo) -> Mis en quarantaine et supprimé avec succès.

    (fin)

  • Delphine94
    Post count: 0

    Bonsoir!
    Voici le premier rapport :

    # AdwCleaner v3.014 – Rapport créé le 02/12/2013 à 18:47:16
    # Mis à jour le 01/12/2013 par Xplode
    # Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d’utilisateur : delphine – DELPHINE-PC
    # Exécuté depuis : C:UsersdelphineDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataAsk
    Dossier Supprimé : C:ProgramDataboost_interprocess
    Dossier Supprimé : C:ProgramDataPartner
    Dossier Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsmyfree codec
    Dossier Supprimé : C:Program Files (x86)myfree codec
    Dossier Supprimé : C:UsersdelphineAppDataLocalTempboost_interprocess
    Fichier Supprimé : C:UsersdelphineAppDataLocalTempUninstall.exe
    Fichier Supprimé : C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultsearchpluginsAskcom.xml

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREClassesAppIDsecman.DLL
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskInstallChecker_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskInstallChecker_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_party-booth_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_party-booth_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_photofiltre_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_photofiltre_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Supprimée : HKCUSoftwareMyfree Codec
    Clé Supprimée : HKCUSoftwareSoftonic
    Clé Supprimée : HKCUSoftwareYahooPartnerToolbar
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallMyFreeCodec

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16736

    -\ Mozilla Firefox v15.0.1 (fr)

    [ Fichier : C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultprefs.js ]

    Ligne Supprimée : user_pref(“browser.search.order.1”, “Ask.com”);
    Ligne Supprimée : user_pref(“browser.search.selectedEngine”, “Ask.com”);
    Ligne Supprimée : user_pref(“browser.search.defaultengine”, “Ask.com”);
    Ligne Supprimée : user_pref(“browser.search.defaultenginename”, “Ask.com”);

    -\ Google Chrome v31.0.1650.57

    [ Fichier : C:UsersdelphineAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [4317 octets] – [02/12/2013 18:46:27]
    AdwCleaner[S0].txt – [4137 octets] – [02/12/2013 18:47:16]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [4197 octets] ##########

  • Anonyme
    Post count: 0

    hello :hello: ,

    Désinstalle Adobe Reader et installe la dernière version : http://get.adobe.com/fr/reader/” onclick=”window.open(this.href);return false;

    • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisi l’option Scanner
      2. Choisi l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Acceptes les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    [hr:3rz70op2]

    • Télécharge Malwarebytes’ Anti-Malware et installe le.
    • Lance Malwarebytes’ Anti-Malware.
    • Clique sur l’onglet “Mises à jours” puis sur “Rechercher des mises à jours”.
    • Clique sur l’onglet “Recherche”, coche “éxécuter un examen rapide” puis clic sur Rechercher.

    A la fin de l’analyse, si MBAM n’a rien trouvé :

    • Clique sur OK, le rapport s’ouvre spontanément.

    Si des menaces ont été détectées :

    • Clique sur OK puis “Afficher les résultats”.
    • Coches toutes les cases.
    • Choisis l’option “Supprimer la sélection”.

    • Si MBAM demande le redémarrage de Windows : Clique sur “Oui”.
    • Une fois le PC redémarré, le rapport se trouve dans l’onglet “Rapports/Logs”.
    • Sinon le rapport s’ouvre automatiquement après la suppression.
    • Post le rapport dans ta prochaine réponse.
  • Delphine94
    Post count: 0

    Le lien : https://antimalware.top/log/SosUpload.8a9870dbcf6635c293d939a9fceee960.txt” onclick=”window.open(this.href);return false;

  • Delphine94
    Post count: 0

    Le lien : https://antimalware.top/log/SosUpload.8a9870dbcf6635c293d939a9fceee960.txt” onclick=”window.open(this.href);return false;

  • Delphine94
    Post count: 0

    C’est bon pour les raccourcis !
    Voici le rapport :
    ~ Rapport de ZHPDiag v2013.11.30.64 – Nicolas Coolman (30/11/2013)
    ~ Lancé par delphine (30/11/2013 20:58:33)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 15.0.1
    GCIE: Google Chrome v31.0.1650.57 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 7QJB7
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v8.0.1489.0
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.5 MUI
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3958 MB (57% free)
    System Restore: Activé (Enable)
    System drive C: has 109 GB (38%) free of 285 GB

    —\ Mode de connexion au système
    ~ Computer Name: DELPHINE-PC
    ~ User Name: delphine
    ~ All Users Names: HomeGroupUser$, delphine, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersdelphineAppDataRoamingZHP
    ~ %AppData% : C:UsersdelphineAppDataRoaming
    ~ %Desktop% : C:UsersdelphineDesktop
    ~ %Favorites% : C:UsersdelphineFavorites
    ~ %LocalAppData% : C:UsersdelphineAppDataLocal
    ~ %StartMenu% : C:UsersdelphineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 109 Go of 285 Go)
    D: CD-ROM drive (Not Inserted)
    E: CD-ROM drive (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/33
    ~ Mes musiques (My Musics) : 1/54
    ~ Mes Videos (My Videos) : 1/3
    ~ Mes Favoris (My Favorites) : 1/35
    ~ Mes Documents (My Documents) : 1/77
    ~ Mon Bureau (My Desktop) : 2/1174
    ~ Menu demarrer (Programs) : 1/38
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.129EEB70D8460172F04530F43593717C] – (.Egis Technology Inc. – MyWinLocker.) — C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe [349552] [PID.3660]
    [MD5.17C5E2A94AA1B42D499A5396D67E0B61] – (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe [206208] [PID.3704]
    [MD5.0524D4A3CF377BCDD6A379680AD3DC7D] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe [3521424] [PID.3576]
    [MD5.EE8D36F6723DBDAF4176003103257E43] – (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe [21392] [PID.3908]
    [MD5.0ADF079D36B2C25E6E9BECE1BD937ACE] – (.Egis Technology Inc. – PMM Update Application.) — C:Program Files (x86)EgisTec IPSPmmUpdate.exe [407920] [PID.3608]
    [MD5.2782D83D9B1071E28E2A4D9C6F5307C6] – (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe [260608] [PID.4144]
    [MD5.B283F9A1DEABD43ACC7481F893CF21E9] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [908368] [PID.4188]
    [MD5.9ECF375A6E4E74D056F4B54E76D58721] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284696] [PID.4200]
    [MD5.3F11B20D12D89365D7721BDC860CE5F0] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [4858968] [PID.4208]
    [MD5.F255E48EA981E943A14CF16269F3F3AF] – (.Egis Technology Inc. – EgisUpdate Release Application.) — C:Program Files (x86)EgisTec IPSEgisUpdate.exe [201584] [PID.4344]
    [MD5.5F7EE76129F9A591F22F99F95D97AC95] – (.CANON INC. – Canon IJ Network Scanner Selector EX.) — C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe [452016] [PID.4408]
    [MD5.5AAA9F136A6DEC2992529F5258AE4F54] – (.Dritek System Inc. – Launch Manager Worker.) — C:Program Files (x86)Launch ManagerLMworker.exe [298064] [PID.4544]
    [MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.4584]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4656]
    [MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.4772]
    [MD5.D7D5768B8A697FCBAEE2CFE137070F02] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770736] [PID.812]
    [MD5.85AF4805A6E0512F523170AD228758D3] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8260608] [PID.5024]
    [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [46808] [PID.1304]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.1992]
    [MD5.E2B2853A0210D6EDAB2261870BD80C1A] – (.Dritek System Inc. – Dritek WMI Service.) — C:Program Files (x86)Launch Managerdsiwmis.exe [312400] [PID.2260]
    [MD5.0191DEE9B9EB7902AF2CF4F67301095D] – (.Acer Incorporated – Global Registration Service.) — C:Program Files (x86)AcerRegistrationGREGsvc.exe [23584] [PID.2360]
    [MD5.DBC1136A62BD4DECC3632DF650284C2E] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.2396]
    [MD5.5B3CE960C62DBE864BE9A0BD043A3E30] – (.NewTech Infosystems, Inc. – Backup Manager Module.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe [250368] [PID.2472]
    [MD5.B5071E15D4C3F5EF5018AFF7E85A85E5] – (.NewTech Infosystems, Inc. – NTI Backup Now 5 SchedulerSvc NT Service.) — C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [144640] [PID.2496]
    [MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] – (.Acer Group – Updater Service.) — C:Program FilesAcerAcer UpdaterUpdaterService.exe [243232] [PID.2636]
    [MD5.6B24D1C3096DE796D15571079EA5E98C] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.4196]
    [MD5.7466809E6DA561D60C2F1CE8EDE3C73F] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2320920] [PID.5508]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersdelphineAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Extension v.5.5.0.7280 (Désactivé)
    ~ Google Browser: 14 Legitimates Filtered in 00mn 03s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultprefs.js
    M3 – MFPP: Plugins – [delphine] — C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultsearchpluginsaskcom.xml
    M2 – MFEP: prefs.js [delphine – t4i02jx2.defaultfoxyproxy@eric.h.jung] [] Foxyproxy v0.9.7 (..) =>Hijacker.Proxy
    ~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. – Easy Guide Viewer.) — C:Program Files (x86)CanonIJ ManualEasy Guide Viewercmview.exe
    O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Public]: Monopoly Deluxe.lnk . (.TikGames, LLC. – TikGames’ Executable.) — C:Program Files (x86)Monopoly Deluxemonopoly.exe
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSDesktop [Public]: Worms Revolution.lnk . (…) — C:Program Files (x86)Worms RevolutionWormsRevolution.exe
    O4 – GSProgram [Public]: Copernic Agent Personal.lnk . (.Copernic Inc. – Copernic Agent.) — C:Program Files (x86)Copernic AgentCopernicAgent.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [delphine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [delphine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [delphine]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSTaskBar [delphine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [delphine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [delphine]: Cake Mania 3.lnk . (…) — C:Program Files (x86)Cake Mania 3CakeMania3.exe
    O4 – GSDesktop [delphine]: GigaTribe.lnk . (…) — C:Program Files (x86)GigaTribegigatribe.exe
    O4 – GSDesktop [delphine]: HotPotatoes 6.lnk . (.HalfBaked – HotPot chooser executable.) — C:Program Files (x86)HotPotatoes6HotPot.exe
    O4 – GSDesktop [delphine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [delphine]: Might & Magic Heroes VI.exe – Raccourci.lnk . (.Black Hole Entertainment – Might & Magic Heroes VI.) — C:Program Files (x86)UbisoftMight & Magic Heroes VIMight & Magic Heroes VI.exe
    O4 – GSDesktop [delphine]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [delphine]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    ~ Global Startup: 82 Legitimates Filtered in 00mn 02s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [delphine]: GigaTribe.lnk . (…) — C:Program Files (x86)GigaTribegigatribe.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [mwlDaemon] . (.Egis Technology Inc. – MyWinLocker.) — C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe
    O4 – HKLM..Run: [ETDWare] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKLM..Run: [PLFSetI] . (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe
    O4 – HKLM..Run: [Acer ePower Management] . (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer ePower ManagementePowerTray.exe
    O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
    O4 – HKCU..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKiesHelper.exe
    O4 – HKCU..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKCU..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKCU..RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil64_11_7_700_169_ActiveX.exe
    O4 – HKLM..Wow6432NodeRun: [SuiteTray] . (.Egis Technology Inc. – SuiteTray.) — C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe
    O4 – HKLM..Wow6432NodeRun: [EgisUpdate] . (.Egis Technology Inc. – EgisUpdate Release Application.) — C:Program Files (x86)EgisTec IPSEgisUpdate.exe
    O4 – HKLM..Wow6432NodeRun: [EgisTecPMMUpdate] . (.Egis Technology Inc. – PMM Update Application.) — C:Program Files (x86)EgisTec IPSPmmUpdate.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [BackupManagerTray] . (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [avast5] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [CanonSolutionMenuEx] . (.CANON INC. – Canon Solution Menu EX.) — C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.exe
    O4 – HKLM..Wow6432NodeRun: [IJNetworkScannerSelectorEX] . (.CANON INC. – Canon IJ Network Scanner Selector EX.) — C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKiesHelper.exe
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-619028284-149165148-3271107766-1001..RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil64_11_7_700_169_ActiveX.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCCSServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCCSServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCS1ServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCS1ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCS2ServicesTcpip..{5A47DED8-7E12-45F5-A0F5-3363C7C46AB9}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS2ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 172.30.3.254
    O17 – HKLMSystemCS2ServicesTcpip..{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpDomain = saussaye.edu
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwareYahooPartnerToolbar]
    ~ Key Software: 306 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 25/10/2012 – 17:18:37 – [0] —-D C:ProgramDataAsk
    O43 – CFD: 03/01/2013 – 15:17:01 – [0] —-D C:ProgramDataboost_interprocess
    O43 – CFD: 02/11/2010 – 20:47:06 – [0,002] —-D C:ProgramDataPartner
    O43 – CFD: 05/02/2011 – 13:38:23 – [0,036] —-D C:UsersdelphineAppDataRoamingcom.johnwu.partybooth.7C6CA62034ECEF7F45C524416D6FEE987A4E8AAB.1
    ~ 889 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 1136 Legitimates Filtered in 00mn 22s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.1C3FC30F236655DAA76AD8531604B64C] – 30/11/2013 – 10:48:08


    . (…) — C:UsbFix [Scan 1] DELPHINE-PC.txt [15345]
    O44 – LFC:[MD5.B293E0F7FF8F75E7DE613F42F3B91C01] – 30/11/2013 – 11:30:26 —A- . (…) — C:UsbFix [Clean 2] DELPHINE-PC.txt [14719]
    ~ Files: 16 Legitimates Filtered in 00mn 37s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.56A888486E943AD525B2F0C3D0103BA5] – 30/11/2013 – 20:23:36 —A- – C:WindowsPrefetchGIGATRIBE.EXE-395D7E6A.pf
    O45 – LFCP:[MD5.94F4767EF90347FE23036E0748565CEF] – 30/11/2013 – 20:23:36 —A- – C:WindowsPrefetchSUITETRAY.EXE-42757614.pf
    ~ Prefetcher: 90 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.5573AA70993A2BB81525B1C704B88763] – 09/05/2013 – 09:59:07 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
    O58 – SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] – 28/06/2013 – 16:25:46 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
    O58 – SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] – 28/06/2013 – 16:25:46 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
    O58 – SDL:[MD5.22F521108881DC59837F6FC614E0568F] – 28/06/2013 – 16:25:46 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [189936]
    O58 – SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] – 28/06/2013 – 16:25:46 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175]
    O58 – SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] – 15/09/2010 – 09:42:12 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x64).) — C:WindowsSystem32Driversdgderdrv.sys [20552]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.FA5027DD18C80B2D9280CDEC1F44E7F3] – 03/02/2010 – 07:00:18 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [135560]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 12/09/1746 – 08:44:55 —A- . (…) — C:WindowsSystem32Driverssptd.sys [834544]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 15/09/2010 – 09:33:32 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSystem32DriversTFsExDisk.sys [16392]
    O58 – SDL:[MD5.AA33FC47ED58C34E6E9261E4F850B7EB] – 10/05/2011 – 07:06:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [51712]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 15/09/2010 – 09:33:32 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    ~ Drivers: 16 Legitimates Filtered in 00mn 09s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 27/11/2013 – 21:00:35 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376manifest.fingerprint [66]
    O61 – LFC: 27/11/2013 – 21:00:35 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376manifest.json [848]
    O61 – LFC: 27/11/2013 – 21:00:36 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376_platform_specificwin_x86widevinecdm.dll [6940304]
    O61 – LFC: 30/11/2013 – 21:00:22 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [269398]
    O61 – LFC: 30/11/2013 – 21:00:34 —A- . (…) — C:UsersdelphineAppDataLocalGoogleChromeUser DataLocal State [58168]
    O61 – LFC: 30/11/2013 – 21:01:12 —A- . (…) — C:UsersdelphineAppDataRoamingZHPLog.txt [18305] =>.Nicolas Coolman
    O61 – LFC: 30/11/2013 – 21:01:12 —A- . (…) — C:UsersdelphineAppDataRoamingZHPTestsZHPDiag.txt [2939] =>.Nicolas Coolman
    ~ 6 Fichiers temporaires (Temporary files)
    ~ Files: 89 Legitimates Filtered in 01mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultsearchpluginsaskcom.xml
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {3C39FB50-1101-4339-B2B7-593CC5514169} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.F95A1F3EB3F366CC3AE60308EFF48B86] [SPRF][24/04/2011] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.6ACBD475647D7A160657CB3E460F0F35] [SPRF][27/01/2010] (…) — C:ProgramDataFullRemove.exe [131472]
    ~ Files: 5 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{A5FE1D71-4295-4A48-83B2-6EA0286A67C3}C:program files (x86)gigatribegigatribe.exe” | In – Private – P6 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “UDP Query User{E121DD3C-C67A-4DE6-B372-393551ACACCE}C:program files (x86)gigatribegigatribe.exe” | In – Private – P17 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “TCP Query User{A0937A1C-BFFE-4A82-ACFA-D6BA9C169B4B}C:program files (x86)worms revolutionwormsrevolution.exe” | In – Private – P6 – TRUE | .(…) — C:program files (x86)worms revolutionwormsrevolution.exe
    O87 – FAEL: “UDP Query User{A50DB778-F9D1-489C-9410-81ED4A3A7178}C:program files (x86)worms revolutionwormsrevolution.exe” | In – Private – P17 – TRUE | .(…) — C:program files (x86)worms revolutionwormsrevolution.exe
    O87 – FAEL: “TCP Query User{D1711842-BA0F-4DDB-8CC5-2B3D9E21F1A0}C:program files (x86)gigatribegigatribe.exe” | In – Public – P6 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    O87 – FAEL: “UDP Query User{6BF1863F-A1DB-4CB9-9AF6-DDF6A1ED5B1D}C:program files (x86)gigatribegigatribe.exe” | In – Public – P17 – TRUE | .(…) — C:program files (x86)gigatribegigatribe.exe
    ~ Firewall: 237 Legitimates Filtered in 00mn 01s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.39E7E1DA8C789D5991969CAAAA9B41A8] [WIS][24/04/2011] (.Skype Technologies S.A. – Skype Toolbars.) — C:WindowsInstaller437a39.msi [2840576]
    ~ WIS: 113 Legitimates Filtered in 02mn 26s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 09/10/2010 135664 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 09/10/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Auto 10/07/1658 0 | (McAfee SiteAdvisor Service) . (…) – C:Program Files (x86)mcafeeSITEAD~1mcsacore.exe
    SS – | Demand 06/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Demand 17/04/2010 305520 | (MWLService) . (.Egis Technology Inc..) – C:Program Files (x86)EgisTec MyWinLockerx86MWLService.exe
    SS – | Demand 06/11/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) – C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5BackupSvc.exe
    SS – | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe

    SR – | Auto 22/01/2010 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 08/04/2010 312400 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
    SR – | Auto 23/04/2010 867360 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
    SR – | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)AcerRegistrationGREGsvc.exe
    SR – | Auto 13/04/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe
    SR – | Auto 06/11/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
    SR – | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) – C:Program FilesAcerAcer UpdaterUpdaterService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 02mn 28s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by delphine at 30/11/2013 21:04:28
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by delphine at 30/11/2013 21:04:31

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 12/09/1746 – 08:44:55 —A- . (…) — C:WindowsSystem32Driverssptd.sys [834544]
    ~ Emulateurs: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13004 – (30/11/2013)
    Clés trouvées (Keys found) : 9
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 2
    Fichiers trouvés (Files found) : 0

    [HKLMSoftwareClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
    [HKLMSoftwareClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKLMSoftwareWow6432NodeClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKLMSoftwareClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
    [HKLMSoftwareClassesAppIDsecman.DLL] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeMicrosoftTracingAskInstallChecker_RASAPI32] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeMicrosoftTracingAskInstallChecker_RASMANCS] =>Toolbar.Ask
    C:UsersdelphineAppDataRoamingMozillaFirefoxProfilest4i02jx2.defaultextensionsfoxyproxy@eric.h.jung =>Hijacker.Proxy^
    C:ProgramDataPartner =>Spyware.Partner
    ~ Additionnel Scan: 342115 Items scanned in 00mn 29s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy” onclick=”window.open(this.href);return false; =>Hijacker.Proxy
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke” onclick=”window.open(this.href);return false; =>PUP.WhiteSmoke
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner” onclick=”window.open(this.href);return false; =>Spyware.Partner
    ~ MSI: 6 link(s) detected in 00mn 29s

    ~ 2274 Legitimates filtered by white list
    End of the scan (506 lines in 06mn 27s)(0)

  • lilidurhone
    Post count: 0

    Plus de souci avec les raccourcis?

    On analyse avec zhpdiag

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  • Delphine94
    Post count: 0

    Merci !!
    J’ai utilisé ma clef sur un autre ordinateur , dois-je faire la même procédure pour les deux ordis ??

    Voici le rapport :
    ############################## | UsbFix V 7.152 | [Suppression]

    Utilisateur: delphine (Administrateur) # DELPHINE-PC
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 11:22:17 | 30/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Acer (Aspire 5741G )
    CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
    RAM -> [Total : 3959 | Free : 1974]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 31.0.1650.57
    WB: Mozilla Firefox : 19.0.2

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 285 Go (108 Go libre(s) – 38%) [Acer] # NTFS
    D: -> CD-ROM
    E: -> CD-ROM
    G: -> Disque amovible # 4 Go (2 Go libre(s) – 54%) [KINGSTON] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1292 |ParentID: 700)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3184 |ParentID: 2968)
    Stoppé! C:Windowsexplorer.exe (ID: 3836 |ParentID: 832)
    Stoppé! C:WindowsSystem32rundll32.exe (ID: 2888 |ParentID: 844)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 864 |ParentID: 552)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 5408 |ParentID: 700)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1268 |ParentID: 700)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 728 |ParentID: 5408)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 1392 |ParentID: 700)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3276 |ParentID: 700)
    Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 812 |ParentID: 700)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3312 |ParentID: 700)
    Stoppé! C:WindowsSystem32wscript.exe (ID: 4260 |ParentID: 5868)
    Stoppé! C:Windowssystem32DllHost.exe (ID: 4284 |ParentID: 844)
    Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 3780 |ParentID: 5660)
    Stoppé! c:program fileswindows defenderMpCmdRun.exe (ID: 5752 |ParentID: 3844)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    04 – HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    04 – HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWARE | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    04 – HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWAREwow6432Node | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesHelper] – C:Program Files (x86)SamsungKiesKiesHelper.exe /s
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesPDLR] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [SergeLeLama] – wscript.exe //B “C:UsersdelphineAppDataLocalTempSergeLeLama.vbs”
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Supprimé! C:UsersdelphineAppDataLocalTempSergeLeLama.vbs
    Supprimé! C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Supprimé! G:SergeLeLama.vbs
    Supprimé! G:epicerie.lnk
    Supprimé! G:MVI_4093.lnk
    Supprimé! G:Thumbs.lnk
    Supprimé! G:IMG_4593.lnk
    Supprimé! G:IMG_1248.lnk
    Supprimé! G:IMG_1249.lnk
    Supprimé! G:IMG_1250.lnk
    Supprimé! G:Cahier de vie P1 jeudi.lnk
    Supprimé! G:5 sens la vue.lnk
    Supprimé! G:Je fais mes courses JEU RETZ.lnk
    Supprimé! G:IMG_1246.lnk
    Supprimé! G:IMG_1247.lnk
    Supprimé! G:Trombinoscopecl5.lnk
    Supprimé! G:IMG_4596.lnk
    Supprimé! G:histogramme (1).lnk
    Supprimé! G:facture6433047.lnk
    Supprimé! G:Sans nom 1.lnk
    Supprimé! G:histogramme TPS.lnk
    Supprimé! G:Fichier+Sudoku+niv1+et+2.lnk
    Supprimé! G:coordonées.lnk
    Supprimé! G:_Affichages.lnk
    Supprimé! G:SERATOR.lnk
    Supprimé! G:Photos eleves.lnk
    Supprimé! G:T1 Villejuif (TPS-PS).lnk
    Supprimé! G:Grimm.lnk
    Supprimé! C:UsersdelphineAppDataLocalTempubi228E.tmp.exe
    Supprimé! C:UsersdelphineAppDataLocalTempubi39D6.tmp.exe
    Supprimé! C:UsersdelphineAppDataLocalTempubi7BF.tmp.exe
    Supprimé! C:UsersdelphineAppDataLocalTempubi8442.tmp.exe
    Supprimé! C:UsersdelphineAppDataLocalTempubiDFA5.tmp.exe

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataLocalTempSergeLeLama.vbs
    Md5 : 1235D5E19493B587A4B204CC61E7CE21 -> G:SergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs

    ################## | Comparaison MD5 |

    ################## | Registre |

    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
    Supprimé! HKUS-1-5-21-619028284-149165148-3271107766-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Supprimé! HKUS-1-5-21-619028284-149165148-3271107766-1001Software….Mountpoints2{0622739b-dea4-11df-b145-88ae1d00e3fb}

    ################## | Listing |

    [26/05/2013 – 18:57:44 | SHD ] C:$Recycle.Bin
    [08/10/2010 – 14:03:19 | D ] C:59c7f0d97b96f15629f6
    [30/06/2013 – 15:50:02 | D ] C:Apres.Mai.FRENCH.DVDRip.x264.AC3-KINeMA
    [08/10/2010 – 14:24:37 | N | 2006] C:aqua_bitmap.cpp
    [06/06/2010 – 13:13:17 | D ] C:book
    [06/05/2010 – 13:03:18 | RASH | 8192] C:BOOTSECT.BAK
    [24/09/2011 – 13:57:18 | D ] C:c600a21fd9bb53dd2d2370223fc7d0
    [13/11/2013 – 14:27:30 | SHD ] C:Config.Msi
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [07/11/2007 – 07:00:40 | N | 17734] C:eula.1028.txt
    [07/11/2007 – 07:00:40 | N | 17734] C:eula.1031.txt
    [07/11/2007 – 07:00:40 | N | 10134] C:eula.1033.txt
    [07/11/2007 – 07:00:40 | N | 17734] C:eula.1036.txt
    [07/11/2007 – 07:00:40 | N | 17734] C:eula.1040.txt
    [07/11/2007 – 07:00:40 | N | 118] C:eula.1041.txt
    [07/11/2007 – 07:00:40 | N | 17734] C:eula.1042.txt
    [07/11/2007 – 07:00:40 | N | 17734] C:eula.2052.txt
    [07/11/2007 – 07:00:40 | N | 17734] C:eula.3082.txt
    [07/11/2007 – 07:00:40 | N | 1110] C:globdata.ini
    [30/11/2013 – 09:47:32 | ASH | 3113254912] C:hiberfil.sys
    [07/11/2007 – 07:44:20 | N | 855040] C:install.exe
    [07/11/2007 – 07:00:40 | N | 843] C:install.ini
    [07/11/2007 – 07:44:20 | N | 75280] C:install.res.1028.dll
    [07/11/2007 – 07:44:20 | N | 95248] C:install.res.1031.dll
    [07/11/2007 – 07:44:20 | N | 90128] C:install.res.1033.dll
    [07/11/2007 – 07:44:20 | N | 96272] C:install.res.1036.dll
    [07/11/2007 – 07:44:20 | N | 94224] C:install.res.1040.dll
    [07/11/2007 – 07:44:20 | N | 80400] C:install.res.1041.dll
    [07/11/2007 – 07:44:20 | N | 78864] C:install.res.1042.dll
    [07/11/2007 – 07:44:20 | N | 74768] C:install.res.2052.dll
    [07/11/2007 – 07:44:20 | N | 95248] C:install.res.3082.dll
    [06/05/2010 – 12:20:18 | D ] C:Intel
    [13/10/2010 – 18:14:53 | RHD ] C:MSOCache
    [06/12/2012 – 18:24:08 | D ] C:Nico
    [08/10/2010 – 13:46:08 | D ] C:OEM
    [30/11/2013 – 09:47:35 | ASH | 4151009280] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [06/03/2011 – 22:40:18 | D ] C:PhotoshopCS5Portable
    [11/09/2013 – 16:01:40 | D ] C:Program Files
    [23/10/2013 – 11:01:34 | D ] C:Program Files (x86)
    [04/11/2013 – 19:32:01 | HD ] C:ProgramData
    [08/10/2010 – 13:44:04 | SHD ] C:Recovery
    [06/05/2010 – 12:23:58 | N | 3274] C:RHDSetup.log
    [30/11/2013 – 09:56:58 | SHD ] C:System Volume Information
    [13/05/2013 – 19:07:47 | D ] C:Temp
    [30/11/2013 – 11:30:06 | D ] C:UsbFix
    [30/11/2013 – 11:30:26 | A | 12528] C:UsbFix [Clean 2] DELPHINE-PC.txt
    [30/11/2013 – 10:48:08 | N | 15345] C:UsbFix [Scan 1] DELPHINE-PC.txt
    [08/10/2010 – 13:44:17 | RD ] C:Users
    [07/11/2007 – 07:00:40 | N | 5686] C:vcredist.bmp
    [07/11/2007 – 07:50:40 | N | 1927956] C:VC_RED.cab
    [07/11/2007 – 07:53:12 | N | 242176] C:VC_RED.MSI
    [13/05/2013 – 19:05:40 | D ] C:Windows
    [13/10/2012 – 19:06:42 | D ] C:Worms
    [13/08/2013 – 13:50:03 | D ] C:_DATAS
    [31/01/2013 – 18:03:40 | N | 104826] G:epicerie.docx
    [05/02/2013 – 13:59:44 | N | 111616] G:epicerie.doc
    [14/06/2013 – 17:54:44 | N | 175365875] G:MVI_4093.MOV
    [12/09/2013 – 22:04:20 | D ] G:_Affichages
    [19/04/2000 – 07:18:18 | N | 11417088] G:Cahier de vie P1 jeudi.doc
    [20/04/2000 – 06:55:30 | N | 22016] G:5 sens la vue.doc
    [19/11/2013 – 12:15:02 | RASH | 46080] G:Thumbs.db
    [31/01/2013 – 18:03:48 | N | 1042414] G:Je fais mes courses JEU RETZ.docx
    [15/03/2000 – 03:35:08 | D ] G:SERATOR
    [04/11/2013 – 12:11:54 | N | 2977492] G:IMG_4593.JPG
    [07/10/2012 – 15:24:38 | N | 1119518] G:IMG_1248.JPG
    [07/10/2012 – 15:24:42 | N | 1254831] G:IMG_1249.JPG
    [07/10/2012 – 15:24:44 | N | 1027874] G:IMG_1250.JPG
    [07/10/2012 – 15:24:46 | N | 1037768] G:IMG_1246.JPG
    [07/10/2012 – 15:24:36 | N | 1060829] G:IMG_1247.JPG
    [15/10/2013 – 14:15:34 | N | 87620417] G:Trombinoscopecl5.odt
    [04/11/2013 – 17:04:52 | N | 2474592] G:IMG_4596.JPG
    [17/11/2013 – 16:54:38 | N | 151552] G:histogramme (1).xls
    [16/01/2013 – 16:12:06 | N | 57105] G:facture6433047.pdf
    [05/11/2013 – 13:12:52 | N | 21912382] G:Sans nom 1.odt
    [18/11/2013 – 13:51:22 | N | 158208] G:histogramme TPS.xls
    [06/09/2013 – 07:04:44 | D ] G:Photos eleves
    [08/04/2013 – 21:56:32 | N | 10047481] G:Fichier+Sudoku+niv1+et+2.pdf
    [15/03/2000 – 02:28:42 | N | 29696] G:coordonées.doc
    [05/09/2013 – 14:17:12 | D ] G:T1 Villejuif (TPS-PS)
    [02/11/2013 – 14:37:54 | N | 366062928] G:Grimm.S02E08.PROPER.VOSTFR.HDTV.XviD-ATeam.avi

    ################## | Vaccin |

    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • lilidurhone
    Post count: 0

    Hello

    Je vais te prendre en charge ;)

    Phase suppression ;)

    • Relance UsbFix depuis ton Bureau !
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisi l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • Delphine94
    Post count: 0

    Bonjour,
    Je pense que ma clef usb est infectée car tous mes fichiers se sont transformés en raccourcis.
    Que faire ???

    J’ai fait une recherche avec usbfix et voici le rapport :

    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: delphine (Administrateur) # DELPHINE-PC
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 10:08:55 | 30/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Acer (Aspire 5741G )
    CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
    RAM -> [Total : 3959 | Free : 1651]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 31.0.1650.57
    WB: Mozilla Firefox : 19.0.2

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 285 Go (108 Go libre(s) – 38%) [Acer] # NTFS
    D: -> CD-ROM
    E: -> CD-ROM
    G: -> Disque amovible # 4 Go (2 Go libre(s) – 54%) [KINGSTON] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 564 |ParentID: 552)
    C:Windowssystem32wininit.exe (ID: 628 |ParentID: 552)
    C:Windowssystem32csrss.exe (ID: 648 |ParentID: 636)
    C:Windowssystem32services.exe (ID: 700 |ParentID: 628)
    C:Windowssystem32lsass.exe (ID: 724 |ParentID: 628)
    C:Windowssystem32lsm.exe (ID: 732 |ParentID: 628)
    C:Windowssystem32winlogon.exe (ID: 832 |ParentID: 636)
    C:Windowssystem32svchost.exe (ID: 844 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 956 |ParentID: 700)
    C:Windowssystem32atiesrxx.exe (ID: 124 |ParentID: 700)
    C:WindowsSystem32svchost.exe (ID: 420 |ParentID: 700)
    C:WindowsSystem32svchost.exe (ID: 552 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 652 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 972 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 1196 |ParentID: 700)
    C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1292 |ParentID: 700)
    C:Windowssystem32atieclxx.exe (ID: 1360 |ParentID: 124)
    C:Windowssystem32Dwm.exe (ID: 1640 |ParentID: 552)
    C:WindowsExplorer.EXE (ID: 1648 |ParentID: 1624)
    C:WindowsSystem32spoolsv.exe (ID: 1780 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 1828 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 1856 |ParentID: 700)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1936 |ParentID: 700)
    C:Windowssystem32taskhost.exe (ID: 1960 |ParentID: 700)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 1548 |ParentID: 1648)
    C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe (ID: 1596 |ParentID: 1648)
    C:Program FilesElantechETDCtrl.exe (ID: 2024 |ParentID: 1648)
    C:WindowsPLFSetI.exe (ID: 1496 |ParentID: 1648)
    C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID: 1804 |ParentID: 1648)
    C:Program FilesCanonMyPrinterBJMYPRT.EXE (ID: 1928 |ParentID: 1648)
    C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID: 2076 |ParentID: 1648)
    C:Program FilesBonjourmDNSResponder.exe (ID: 2236 |ParentID: 700)
    C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 2928 |ParentID: 700)
    C:WindowsSystem32StikyNot.exe (ID: 2960 |ParentID: 1648)
    C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID: 3016 |ParentID: 700)
    C:Program Files (x86)AcerRegistrationGREGsvc.exe (ID: 1128 |ParentID: 700)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 2448 |ParentID: 700)
    C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe (ID: 2664 |ParentID: 700)
    C:Program Files (x86)EgisTec IPSPmmUpdate.exe (ID: 2712 |ParentID: 2968)
    C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe (ID: 2588 |ParentID: 2968)
    C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe (ID: 3004 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 2864 |ParentID: 700)
    C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 3076 |ParentID: 700)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3144 |ParentID: 700)
    C:Program Files (x86)Launch ManagerLManager.exe (ID: 3168 |ParentID: 2968)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 3176 |ParentID: 2968)
    C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 3184 |ParentID: 2968)
    C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe (ID: 3364 |ParentID: 2968)
    C:Program Files (x86)EgisTec IPSEgisUpdate.exe (ID: 3372 |ParentID: 1288)
    C:Program Files (x86)iTunesiTunesHelper.exe (ID: 3520 |ParentID: 2968)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3556 |ParentID: 2968)
    C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID: 3756 |ParentID: 3168)
    C:Program Files (x86)Launch ManagerLMworker.exe (ID: 3976 |ParentID: 2928)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4016 |ParentID: 3144)
    C:Windowssystem32wbemunsecapp.exe (ID: 3212 |ParentID: 844)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3400 |ParentID: 844)
    C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID: 4104 |ParentID: 3016)
    C:Program FilesiPodbiniPodService.exe (ID: 4132 |ParentID: 700)
    C:Windowssystem32SearchIndexer.exe (ID: 4284 |ParentID: 700)
    C:Windowssystem32svchost.exe (ID: 4516 |ParentID: 700)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 4776 |ParentID: 2996)
    C:Program FilesElantechETDCtrlHelper.exe (ID: 5008 |ParentID: 2024)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 776 |ParentID: 4776)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 4960 |ParentID: 700)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4984 |ParentID: 844)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2408 |ParentID: 1648)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4456 |ParentID: 2408)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3312 |ParentID: 2408)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 2336 |ParentID: 700)
    C:WindowsSystem32WUDFHost.exe (ID: 4940 |ParentID: 552)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4796 |ParentID: 2408)
    C:WindowsSystem32svchost.exe (ID: 5132 |ParentID: 700)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5176 |ParentID: 700)
    C:WindowsSystem32wscript.exe (ID: 5796 |ParentID: 6056)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3516 |ParentID: 2408)
    C:WindowsservicingTrustedInstaller.exe (ID: 6000 |ParentID: 700)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4080 |ParentID: 2408)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5344 |ParentID: 2408)
    C:Windowssystem32taskhost.exe (ID: 5324 |ParentID: 700)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5872 |ParentID: 2408)
    C:Windowssystem32taskeng.exe (ID: 4084 |ParentID: 972)
    C:UsbFixGo.exe (ID: 5660 |ParentID: 4592)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    04 – HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    04 – HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWARE | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
    04 – HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
    04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWAREwow6432Node | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesHelper] – C:Program Files (x86)SamsungKiesKiesHelper.exe /s
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [KiesPDLR] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-619028284-149165148-3271107766-1001SOFTWARE | Run : [SergeLeLama] – wscript.exe //B “C:UsersdelphineAppDataLocalTempSergeLeLama.vbs”
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! C:UsersdelphineAppDataLocalTempSergeLeLama.vbs
    Présent! C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Présent! G:SergeLeLama.vbs
    Présent! G:epicerie.lnk
    Présent! G:MVI_4093.lnk
    Présent! G:Thumbs.lnk
    Présent! G:IMG_4593.lnk
    Présent! G:IMG_1248.lnk
    Présent! G:IMG_1249.lnk
    Présent! G:IMG_1250.lnk
    Présent! G:Cahier de vie P1 jeudi.lnk
    Présent! G:5 sens la vue.lnk
    Présent! G:Je fais mes courses JEU RETZ.lnk
    Présent! G:IMG_1246.lnk
    Présent! G:IMG_1247.lnk
    Présent! G:Trombinoscopecl5.lnk
    Présent! G:IMG_4596.lnk
    Présent! G:histogramme (1).lnk
    Présent! G:facture6433047.lnk
    Présent! G:Sans nom 1.lnk
    Présent! G:histogramme TPS.lnk
    Présent! G:Fichier+Sudoku+niv1+et+2.lnk
    Présent! G:coordonées.lnk
    Présent! G:_Affichages.lnk
    Présent! G:SERATOR.lnk
    Présent! G:Photos eleves.lnk
    Présent! G:T1 Villejuif (TPS-PS).lnk
    Présent! G:Grimm.lnk
    Présent! C:UsersdelphineAppDataLocalTempubi228E.tmp.exe
    Présent! C:UsersdelphineAppDataLocalTempubi39D6.tmp.exe
    Présent! C:UsersdelphineAppDataLocalTempubi7BF.tmp.exe
    Présent! C:UsersdelphineAppDataLocalTempubi8442.tmp.exe
    Présent! C:UsersdelphineAppDataLocalTempubiDFA5.tmp.exe

    ################## | Référence de comparaison MD5 |

    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataLocalTempSergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> G:SergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs

    ################## | Comparaison MD5 |

    Présent! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataLocalTempSergeLeLama.vbs
    Présent! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsersdelphineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Présent! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> G:SergeLeLama.vbs

    ################## | Registre |

    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1
    Présent! HKUS-1-5-21-619028284-149165148-3271107766-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Présent! HKUS-1-5-21-619028284-149165148-3271107766-1001SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Le sujet ‘Virus sur clef usb’ est fermé à de nouvelles réponses.