wchelper.dll et clé usb infectée 2013-12-15T20:31:36+00:00
  • Auteur
    Messages
  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Bonjour,

    Depuis 3 jour,au démarrage du pc, Avast m’annonce qu’il met en quarantaine Simon-wchelper.dll
    En parallèle, juste avant ça, ma clé usb utilisée pour échanger des données avec un collègue a vu toutes ses icônes devenir des raccourcis.

    Une rapide recherche sur le net semble indiquer un lien entre ces deux phénomènes.
    Avant de faire pis que mieux en agissant n’importe comment, j’ai suivi vos conseils et vous trouverez ci-après les rapports de mbam, adwcleaner et ZHPDiag.

    Veuillez noter au passage que lorsque j’ai tenté de télécharger usbfix, Avast a bloqué cette opération, considérant le programme comme une menace.

    Merci d’avance pour votre aide.

    [spoiler:1f6h2r8a]Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.12.15.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Simon :: SIMON-PC [administrateur]

    Protection: Activé

    15/12/2013 18:50:20
    mbam-log-2013-12-15 (18-50-20).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 237310
    Temps écoulé: 3 minute(s), 57 seconde(s)

    Processus mémoire détecté(s): 2
    C:UsersPublicconhost.exe (Trojan.Agent) -> 5548 -> Suppression au redémarrage.
    C:UsersPublicconhost.exe (Trojan.Agent) -> 5708 -> Suppression au redémarrage.

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 1
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun|APS (Trojan.Agent) -> Données: C:UsersPublicconhost.exe -> Mis en quarantaine et supprimé avec succès.

    Elément(s) de données du Registre détecté(s): 4
    HKCUSOFTWAREMicrosoftInternet ExplorerMain|Search Page (PUP.Optional.Snapdo) -> Mauvais: (http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=b329ba8b-8a65-4e2b-8332-d14d31e3e44a&searchtype=ds&q={searchTerms}) Bon: (http://www.google.com) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftInternet ExplorerMain|Search Bar (PUP.Optional.Snapdo) -> Mauvais: (http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=b329ba8b-8a65-4e2b-8332-d14d31e3e44a&searchtype=ds&q={searchTerms}) Bon: (http://www.google.com) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftInternet ExplorerSearch|Default_Search_URL (PUP.Optional.Snapdo) -> Mauvais: (http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=b329ba8b-8a65-4e2b-8332-d14d31e3e44a&searchtype=ds&q={searchTerms}) Bon: (http://www.google.com) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftInternet ExplorerSearch|SearchAssistant (PUP.Optional.Snapdo) -> Mauvais: (http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=b329ba8b-8a65-4e2b-8332-d14d31e3e44a&searchtype=ds&q={searchTerms}) Bon: (http://www.google.com) -> Aucune action effectuée.

    Dossier(s) détecté(s): 3
    C:UsersSimonAppDataRoamingOpenCandy (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersSimonAppDataRoamingOpenCandyB9BBB2849C044F93B000A2E35A163ECB (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersSimonAppDataRoamingOpenCandyOpenCandy_B9BBB2849C044F93B000A2E35A163ECB (PUP.Optional.OpenCandy) -> Aucune action effectuée.

    Fichier(s) détecté(s): 7
    C:UsersSimonDownloadsdaemon-tools-lite_daemon_tools_lite_4.45.4_francais_10729.exe (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersSimonAppDataRoamingOpenCandyB9BBB2849C044F93B000A2E35A163ECB3703.ico (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersSimonAppDataRoamingOpenCandyB9BBB2849C044F93B000A2E35A163ECBEBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersSimonAppDataRoamingOpenCandyB9BBB2849C044F93B000A2E35A163ECBOCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersSimonAppDataRoamingOpenCandyB9BBB2849C044F93B000A2E35A163ECBSnapDo.exe (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersSimonAppDataRoamingOpenCandyB9BBB2849C044F93B000A2E35A163ECBSnapDo_ALL_p1v4.exe (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:UsersPublicconhost.exe (Trojan.Agent) -> Suppression au redémarrage.

    (fin)

    # AdwCleaner v3.015 – Rapport créé le 15/12/2013 à 19:07:59
    # Mis à jour le 10/12/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Simon – SIMON-PC
    # Exécuté depuis : C:UsersSimonDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:UsersSimonAppDataRoamingOpenCandy
    Fichier Supprimé : C:UsersSimonAppDataLocalTempUninstall.exe
    Fichier Supprimé : C:Program Files (x86)Mozilla Firefoxsearchpluginsavg-secure-search.xml

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREClassesAppIDScriptHelper.EXE
    Clé Supprimée : HKLMSOFTWAREClassesApplicationsilividsetupv1.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSnapDo_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSnapDo_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{94496571-6AC5-4836-82D5-D46260C44B17}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{13ABD093-D46F-40DF-A608-47E162EC799D}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F25AF245-4A81-40DC-92F9-E9021F207706}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Clé Supprimée : HKCUSoftwareSoftonic

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.16428

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Search Bar]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearch [Default_Search_URL]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearch [SearchAssistant]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearchUrl [Default]

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersSimonAppDataRoamingMozillaFirefoxProfilesjmim5433.default-1351205969399prefs.js ]

    -\ Google Chrome v31.0.1650.63

    [ Fichier : C:UsersSimonAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [4596 octets] – [15/12/2013 19:05:18]
    AdwCleaner[S0].txt – [3633 octets] – [15/12/2013 19:07:59]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [3693 octets] ##########

    ~ Rapport de ZHPDiag v2013.12.14.22 – Nicolas Coolman (14/12/2013)
    ~ Lancé par Simon (15/12/2013 19:15:35)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16476
    MFIE: Mozilla Firefox 25.0.1
    GCIE: Google Chrome v31.0.1650.63 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 9YQTR
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2008
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d'optimisation du système
    CCleaner v3.22 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X
    Java 7 Update 7

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3982 MB (32% free)
    System Restore: Activé (Enable)
    System drive C: has 123 GB (40%) free of 300 GB

    —\ Mode de connexion au système
    ~ Computer Name: SIMON-PC
    ~ User Name: Simon
    ~ All Users Names: UpdatusUser, Simon, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersSimonAppDataRoamingZHP
    ~ %AppData% : C:UsersSimonAppDataRoaming
    ~ %Desktop% : C:UsersSimonDesktop
    ~ %Favorites% : C:UsersSimonFavorites
    ~ %LocalAppData% : C:UsersSimonAppDataLocal
    ~ %StartMenu% : C:UsersSimonAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 123 Go of 300 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 327 Go of 373 Go)
    F: CD-ROM drive (Not Inserted)
    G: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.24/02/2012 – 01:55:29.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.26/11/2013 – 08:07:57.) — C:WindowsSystem32wininet.dll [2334208]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:32.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:28.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:22.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:34.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:44.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.24/02/2012 – 02:02:21.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:22.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:36.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:58.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.24/02/2012 – 01:35:34.) — C:Windowssystem32Driversvolsnap.sys [296320]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/6
    ~ Mes Videos (My Videos) : 1/128
    ~ Mes Favoris (My Favorites) : 1/7
    ~ Mes Documents (My Documents) : 1/5207
    ~ Mon Bureau (My Desktop) : 1/21
    ~ Menu demarrer (Programs) : 1/68
    ~ Hidden Files: Scanned in 00mn 04s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.3020]
    [MD5.F48ECBB9771865CDC5435BD9AF4564F0] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Virtual TouchQuickGesturex86QuickGesture.exe [17872] [PID.3296]
    [MD5.D9AB754613208112B840C75B6762B909] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322176] [PID.3356]
    [MD5.6B3BA5BB455D7A4FD16B697B8F73858F] – (.ASUSTek Computer Inc. – ASUS FaceLogon Application.) — C:Program Files (x86)ASUSFaceLogonsensorsrv.exe [473728] [PID.3600]
    [MD5.ED759B7FD51466447CC31CBE79B99050] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1121448] [PID.3656]
    [MD5.2DC64A3446C8C6E020E781456B46573D] – (.Microsoft Corporation – Tablet PC Input Panel Helper.) — C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe [10240] [PID.3664]
    [MD5.64A7C84C0A8C79B22033F92D43919062] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [102568] [PID.3796]
    [MD5.98CADC34741738CFC24F5CDFDAA408FA] – (.ASUSTeK – ACEngSvr Module.) — C:WindowsSysWOW64ACEngSvr.exe [162456] [PID.3824]
    [MD5.37DEB76A2CF005841C4E45DE2B94D84F] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3058304] [PID.3284]
    [MD5.35048D8E8A0BF7A797CD5757ACD7EED0] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [107816] [PID.5000]
    [MD5.4D1DA8CE5E364D22B4FF00F163194514] – (.Intel Corporation – Intel(R) USB 3.0 Monitor.) — C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe [291608] [PID.5568]
    [MD5.BC31B27061F27E8968CD0435C038F712] – (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [174720] [PID.5844]
    [MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] – (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe [105016] [PID.5248]
    [MD5.B9BF29CC884BDD499803C3ED1F97FA41] – (.ASUSTeK Computer Inc. – A program that manage wireless devices in s.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [2321072] [PID.4124]
    [MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.5600]
    [MD5.376A9B411BF8B77D5BF84B24D0C7DACD] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.6560]
    [MD5.2330B5A4A3824F042DC96D524893A6B5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8295936] [PID.6072]
    [MD5.A3626C6D3F2DC95497F3F61842D7FD89] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [80512] [PID.1452]
    [MD5.DBC598E47E7A382E60E2A4745D41FEF9] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1532]
    [MD5.4D41D30E2FAB3307967C7A0B045DC874] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1604]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1064]
    [MD5.52436245AAEF3B65DF7859949AB6A14E] – (.ASUS – ASUS InstantOn Program.) — C:Program Files (x86)ASUSInstantOn for NBInsOnSrv.exe [277120] [PID.1484]
    [MD5.369C1928C9BBED65C9E347448BD376B0] – (.Microsoft Corporation. – BingBar Service.) — C:Program Files (x86)MicrosoftBingBar7.2.241.0BBSvc.exe [193696] [PID.2064]
    [MD5.896AA2F1D79662B17D5DBBE588E24E30] – (…) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [128280] [PID.2192]
    [MD5.3C6630473DD42FFC57D9F5564F533127] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [161560] [PID.2224]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2260]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2328]
    [MD5.20DDC9CED8BC8390138F3187E0FF7411] – (.ASUSTek Computer Inc. – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [174720] [PID.2440]
    [MD5.EA75E0837B21B46E88102E23438FE2CB] – (.ASUS – ASUS InstantOn Program.) — C:Program Files (x86)ASUSInstantOn for NBInsOnWMI.exe [289408] [PID.2452]
    [MD5.D83C2FF7EA53E66B8EA7901D710494EA] – (.Atheros – Atheros Coex Service Application.) — C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe [158880] [PID.2852]
    [MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.3932]
    [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] – (.ASUS – KBFiltr.) — C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe [113208] [PID.3980]
    [MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.4000]
    [MD5.2B23FAA39D8F949ED5EEE03ECA50BCD5] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [277784] [PID.6912]
    [MD5.08FF446D7E15B251431838E29E74DBB8] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [2348864] [PID.5916]
    [MD5.3C5405EF78576E8E4D791EB18F6856A8] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [363800] [PID.3652]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersSimonAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.15.5.0.2 (Désactivé) =>Toolbar.AVGSearch
    ~ Google Browser: 11 Legitimates Filtered in 03mn 51s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersSimonAppDataRoamingMozillaFirefoxProfilesjmim5433.default-1351205969399prefs.js
    ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: ArmA II Launcher.lnk . (.Spirited Machine – ArmA II Launcher.) — C:Program Files (x86)Spirited MachineArmA II LauncherARMA2 Launcher.exe
    O4 – GSDesktop [Public]: DayZ Commander.lnk . (.Dotjosh Studios, LLC – Pas de description.) — C:Program Files (x86)Dotjosh StudiosDayZ CommanderCurrentDayZCommander.exe
    O4 – GSDesktop [Public]: Diablo III.lnk . (.Blizzard Entertainment – Diablo III Setup.) — C:Program Files (x86)Diablo IIIDiablo III Launcher.exe
    O4 – GSDesktop [Public]: LyX 2.0.lnk . (…) — C:Program Files (x86)LyX 2.0binLyX.exe
    O4 – GSDesktop [Public]: Nexus Mod Manager.lnk . (.Black Tree Gaming – Nexus Mod Manager.) — C:Program FilesNexus Mod ManagerNexusClient.exe
    O4 – GSDesktop [Public]: RomStation.lnk . (…) — C:Program Files (x86)RomStationRomStation.exe
    O4 – GSDesktop [Public]: TexMakerX.lnk . (…) — C:Program Files (x86)TexMakerXtexmakerx.exe
    O4 – GSDesktop [Public]: The Battle for Middle-earth ™ II.lnk . (…) — C:Program Files (x86)Electronic ArtsThe Battle for Middle-earth ™ IIlotrbfme2.exe
    O4 – GSDesktop [Public]: The Lord of the Rings, The Rise of the Witch-king.lnk . (…) — C:Program Files (x86)Electronic ArtsThe Lord of the Rings, The Rise of the Witch-kinglotrbfme2ep1.exe
    O4 – GSProgram [Public]: MATLAB R2013a Student Version (32-bit).lnk . (.The MathWorks Inc. – MATLAB Starter Application.) — C:Program Files (x86)MATLABR2013a Studentbinmatlab.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [UpdatusUser]: Audiograbber.lnk . (…) — C:Program Files (x86)audiograbberaudiograbber.exe
    O4 – GSQuickLaunch [Simon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Simon]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [Simon]: UltraDefrag.lnk . (.UltraDefrag Development Team – UltraDefrag GUI interface.) — C:WindowsUltraDefragultradefrag.exe
    O4 – GSTaskBar [Simon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Simon]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Simon]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Simon]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Simon]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [Simon]: BlueJ.lnk . (…) — C:Program Files (x86)BlueJBlueJ.exe
    O4 – GSDesktop [Simon]: Fender FUSE.lnk . (…) — C:Program Files (x86)FenderFender FUSEFender FUSE.exe
    O4 – GSDesktop [Simon]: MATLAB R2013a Student Version (32-bit).lnk . (.The MathWorks Inc. – MATLAB Starter Application.) — C:Program Files (x86)MATLABR2013a Studentbinmatlab.exe
    O4 – GSDesktop [Simon]: Neverwinter.lnk . (…) — C:UsersPublicGamesCryptic StudiosNeverwinter.exe
    O4 – GSDesktop [Simon]: oz.lnk . (…) — C:Mozartbinoz.exe
    ~ Global Startup: 92 Legitimates Filtered in 00mn 02s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [AtherosBtStack] . (.Atheros Communications – Serveur Stack Bluetooth.) — C:Program Files (x86)Bluetooth SuiteBtvStack.exe
    O4 – HKLM..Run: [AthBtTray] . (.Atheros Commnucations – Bluetooth Tray.) — C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
    O4 – HKLM..Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [SURVIVAL] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKCU..Run: [APS] . (.Hôte de la fenêtre de la console – Hôte de la fenêtre de la console.) — C:UsersPublicconhost.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPAPRP.exe
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ecareme – AsusWebStorage.) — C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [USB3MON] . (.Intel Corporation – Intel(R) USB 3.0 Monitor.) — C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe
    O4 – HKLM..Wow6432NodeRun: [ATKOSD2] . (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    O4 – HKLM..Wow6432NodeRun: [ATKMEDIA] . (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    O4 – HKLM..Wow6432NodeRun: [HControlUser] . (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    O4 – HKLM..Wow6432NodeRun: [Wireless Console 3] . (.ASUSTeK Computer Inc. – A program that manage wireless devices in s.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    O4 – HKLM..Wow6432NodeRun: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAVAST SoftwareAvastsetupemupdatea4d58bfc-a494-4a8b-9c80-5433770be3a9.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:Program Files (x86)AVG Secure SearchAVG-Secure-Search-Update_JUNE2013_TB.exe (.not file.) =>Toolbar.AVGSearch
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..Run: [AVG-Secure-Search-Update_JUNE2013_HP] C:Program Files (x86)AVG Secure SearchAVG-Secure-Search-Update_JUNE2013_HP.exe (.not file.) =>Toolbar.AVGSearch
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{2D7176F1-3F2D-44C1-A029-459896DC4274}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCCSServicesTcpip..{A08BF2DE-9F3E-47AC-81F8-C8D22523539D}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{2D7176F1-3F2D-44C1-A029-459896DC4274}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS1ServicesTcpip..{A08BF2DE-9F3E-47AC-81F8-C8D22523539D}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{2D7176F1-3F2D-44C1-A029-459896DC4274}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS2ServicesTcpip..{A08BF2DE-9F3E-47AC-81F8-C8D22523539D}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA shim initialization dll, Version 290.) – C:Windowssystem32nvinitx.dll
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_HP_rmv.job [352]
    O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_TB_rmv.job [352]
    O39 – APT:Automatic Planified Task – C:WindowsTasksMATLAB R2013a Startup Accelerator.job [602]
    [MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_HP_rmv] (…) — C:WindowsTEMP{D5F53F20-20A5-4D54-B407-C34254D33CDE}.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (…) — C:WindowsTEMP{5CC2DEDE-1CDA-4525-AA3B-72025517DA3F}.exe (.not file.) [0]
    [MD5.FD145BB8D84122A16824344E722245F7] [APT] [MATLAB R2013a Startup Accelerator] (…) — C:Program Files (x86)MATLABR2013a Studentbinwin32MATLABStartupAccelerator.exe [32768]
    [MD5.00000000000000000000000000000000] [APT] [{764E0E5A-747A-43CB-BA2A-4DFD1BD5E8C9}] (…) — F:SETUP.exe (.not file.) [0]
    ~ Scheduled Task: 35 Legitimates Filtered in 00mn 03s

    —\ Logiciels installés (O42)
    O42 – Logiciel: LyX 2.0.5.1 – (.LyX Team.) [HKLM][64Bits] — LyX2051
    O42 – Logiciel: The Battle for Middle-earth ™ II – (…) [HKLM][64Bits] — {2A9F95AB-65A3-432c-8631-B8BC5BF7477A}
    ~ Logic: 24 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareHolaa]
    [HKCUSoftwareLyX]
    [HKCUSoftwareTortoiseGit]
    ~ Key Software: 318 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 17/02/2013 – 13:06:44 – [287,039] —-D C:Program Files (x86)LyX 2.0
    O43 – CFD: 27/09/2013 – 13:25:34 – [0] —-D C:Program Files (x86)ScienceActive
    O43 – CFD: 8/04/2005 – 03:16:43 – [0,291] –H-D C:UsersSimonAppDataRoamingF8F1AECA
    O43 – CFD: 1/05/2013 – 16:31:44 – [56,400] —-D C:UsersSimonAppDataRoamingLyX2.0
    O43 – CFD: 29/09/2013 – 15:43:27 – [0,002] —-D C:UsersSimonAppDataLocalTGitCache
    ~ 3 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 191 Legitimates Filtered in 03mn 33s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 11/12/2013 – 00:12:36 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
    O44 – LFC:[MD5.524B5B002CE78EB7B42B1CA66DAF71E0] – 14/12/2013 – 10:58:31 —A- . (…) — C:WindowsSystem32AutoRunFilter.ini [2020]
    O44 – LFC:[MD5.E7FA2DAB91F018B9023B7418DE679DDE] – 15/12/2013 – 18:59:55 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [2048]
    O44 – LFC:[MD5.E549949DB2A6C646C7F26F615DCC906F] – 15/12/2013 – 19:20:51 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
    O44 – LFC:[MD5.E549949DB2A6C646C7F26F615DCC906F] – 15/12/2013 – 19:20:51 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
    ~ Files: 97 Legitimates Filtered in 00mn 09s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.6BC15392316F1E4C5A686F8519C4D307] – 14/12/2013 – 13:20:30 —A- – C:WindowsPrefetchOZ.EXE-68B052E7.pf
    O45 – LFCP:[MD5.801A0BE957C59F1D84FE67F8A19C9321] – 14/12/2013 – 13:20:40 —A- – C:WindowsPrefetchEMACS.EXE-8BD690E7.pf
    O45 – LFCP:[MD5.94CFC71A343F1E7D54443AC51FBFDB43] – 14/12/2013 – 13:20:41 —A- – C:WindowsPrefetchOZENGINE.EXE-C3E7B375.pf
    O45 – LFCP:[MD5.D6D66458FD57436DB0A6AADC4CFC7F3D] – 14/12/2013 – 20:52:27 —A- – C:WindowsPrefetchETILQS~1.PIF-31CDD8E2.pf
    O45 – LFCP:[MD5.C78E0C3FEC0053F1B390D5AD13A1F840] – 14/12/2013 – 20:52:38 —A- – C:WindowsPrefetchDATA.EXE-81E8062E.pf
    O45 – LFCP:[MD5.DB052C79C6CE1D09E7176FBB2A4970B5] – 15/12/2013 – 13:01:10 —A- – C:WindowsPrefetchMATLABSTARTUPACCELERATOR.EXE-426A19D8.pf
    O45 – LFCP:[MD5.4A79E7046F3F6BAC132D0B751E1E5574] – 15/12/2013 – 15:32:05 —A- – C:WindowsPrefetchINSTUP.EXE-DCA24DB4.pf
    O45 – LFCP:[MD5.93E5018E84D047164675D3588593C9DB] – 15/12/2013 – 16:51:00 —A- – C:WindowsPrefetchURDRIVE.EXE-00EEC021.pf
    O45 – LFCP:[MD5.1C6C01C10173541EB69EC39319852348] – 15/12/2013 – 17:38:33 —A- – C:WindowsPrefetchIW5MP.EXE-764AB3A4.pf
    ~ Prefetcher: 141 Legitimates Filtered in 00mn 02s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.CBF4C9263F35A9E80E4AD5CBBAE6049C] – 21/12/2011 – 22:15:56 —A- . (.Windows (R) Win 7 DDK provider – ASUS Virtual Bus.) — C:WindowsSystem32DriversAsusVBus.sys [35968]
    O58 – SDL:[MD5.C951F6F1D909E1AAD7160D9EE860A3F1] – 8/11/2011 – 03:48:28 —A- . (.Windows (R) Win 7 DDK provider – ASUS HID mini driver for Virtual Touch Device.) — C:WindowsSystem32DriversAsusVTouch.sys [16512]
    O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 13/12/2013 – 08:26:59 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
    O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 13/12/2013 – 08:26:59 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
    O58 – SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] – 25/10/2012 – 21:09:36 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [283200]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.42B4D3D746B3625EF42233C3897E1F68] – 19/02/2012 – 19:16:24 —A- . (.ELAN Microelectronics Corp. – ETD Kernel Center.) — C:WindowsSystem32DriversETD.sys [200488]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] – 20/07/2009 – 10:29:40 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    ~ Drivers: 16 Legitimates Filtered in 00mn 11s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 12/12/2013 – 19:24:15 —A- . (…) — C:UsersSimonAppDataLocalMiKTeX2.9TeXworks.4TwFileVersions.db [1294]
    O61 – LFC: 12/12/2013 – 19:24:45 —A- . (…) — C:UsersSimonAppDataRoamingbenibelabla.tex [447]
    O61 – LFC: 12/12/2013 – 19:24:45 —A- . (…) — C:UsersSimonAppDataRoamingbenibelatab_techCell.tex [447]
    O61 – LFC: 12/12/2013 – 19:25:10 –HA- . (…) — C:UsersSimonAppDataRoamingMicrosoftTemplates~$Normal.dotm [162]
    O61 – LFC: 13/12/2013 – 19:24:45 —A- . (…) — C:UsersSimonAppDataRoamingASUS WebStorageLogsAWS-wscript.txt [0]
    O61 – LFC: 13/12/2013 – 19:24:51 –H– . (…) — C:UsersSimonAppDataRoamingF8F1AECA13-12-2013 [442]
    O61 – LFC: 14/12/2013 – 19:24:06 —A- . (…) — C:UsersSimon.emacs.dauto-save-list.saves-4916-SIMON-PC~ [132]
    O61 – LFC: 14/12/2013 – 19:24:08 —A- . (…) — C:UsersSimonAppDataLocalBlack_Tree_GamingNexusClient.exe_Url_fn0w2gsklzpf4ejqea5orcgrkq1frzpu.44.13.0user.config [16551]
    O61 – LFC: 14/12/2013 – 19:24:15 —A- . (…) — C:UsersSimonAppDataLocalSkyrimDLCList.txt [523]
    O61 – LFC: 14/12/2013 – 19:24:15 —A- . (…) — C:UsersSimonAppDataLocalSkyrimSteamModList.txt [0]
    O61 – LFC: 14/12/2013 – 19:24:51 –H– . (…) — C:UsersSimonAppDataRoamingF8F1AECA14-12-2013 [229609]
    O61 – LFC: 15/12/2013 – 19:24:08 —A- . (…) — C:UsersSimonAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [268580]
    O61 – LFC: 15/12/2013 – 19:24:14 —A- . (…) — C:UsersSimonAppDataLocalGoogleChromeUser DataLocal State [50667]
    O61 – LFC: 15/12/2013 – 19:24:16 —A- . (…) — C:UsersSimonAppDataLocalThunderbirdMozilla Thunderbirdactive-update.xml [1185] =>.Mozilla Corporation
    O61 – LFC: 15/12/2013 – 19:24:51 –H– . (…) — C:UsersSimonAppDataRoamingF8F1AECA15-12-2013 [74775]
    O61 – LFC: 15/12/2013 – 19:25:13 —A- . (…) — C:UsersSimonAppDataRoamingsp_data.sys [380]
    O61 – LFC: 15/12/2013 – 19:25:14 —A- . (…) — C:UsersSimonAppDataRoamingZHPLog.txt [17561] =>.Nicolas Coolman
    O61 – LFC: 15/12/2013 – 19:25:14 —A- . (…) — C:UsersSimonAppDataRoamingZHPTestsZHPDiag.txt [2853] =>.Nicolas Coolman
    ~ 13 Fichiers temporaires (Temporary files)
    ~ Files: 322 Legitimates Filtered in 01mn 13s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:Program Files (x86)ArmA 2#JIMBOkeygen.exe
    C:Program Files (x86)ArmA 2#JIMBOkeygen.exe
    ~ Files: Scanned in 00mn 37s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][6/10/2010] (…) — C:ProgramDataFullRemove.exe [131984]
    [MD5.32B3B11F141BCBEF61DBD887CC76549C] [SPRF][15/12/2013] (…) — C:UsersSimonAppDataLocalTempchart_data.dat [10916]
    [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (…) — C:UsersSimonAppDataLocalTempQuarantine.exe [360051]
    [MD5.E404C4EC1DA1399E40E80A8E735E03D6] [SPRF][15/12/2013] (…) — C:UsersSimonAppDataLocalTempstreaming_updates.dat [459]
    [MD5.F069386B3B7CE699F1E33B620EA1A0E9] [SPRF][15/12/2013] (…) — C:UsersSimonAppDataRoamingsp_data.sys [380]
    [MD5.FFA683DC592D4E91F76714D9BA2272D1] [SPRF][15/12/2013] (…) — C:UsersSimonDesktopadwcleaner.exe [1226750]
    [MD5.3C166BAE84553D4CB27AF8ABDC61712D] [SPRF][2/09/2013] (…) — C:UsersSimonDesktopMinecraft.exe [675988]
    ~ Files: 8 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{FEF005E8-9812-4BE5-9547-0CBC7E1CA4D4}C:mozartbinozengine.exe” | In – Private – P6 – TRUE | .(…) — C:mozartbinozengine.exe
    O87 – FAEL: “UDP Query User{1124D823-0FAC-49E5-A822-D22EDF8EDFBF}C:mozartbinozengine.exe” | In – Private – P17 – TRUE | .(…) — C:mozartbinozengine.exe
    O87 – FAEL: “TCP Query User{C04D03AA-7968-4715-AB62-6766F4004BFC}C:mozartbinozengine.exe” | In – Public – P6 – TRUE | .(…) — C:mozartbinozengine.exe
    O87 – FAEL: “UDP Query User{6794A50A-C914-4C22-AA04-975C00AC020D}C:mozartbinozengine.exe” | In – Public – P17 – TRUE | .(…) — C:mozartbinozengine.exe
    ~ Firewall: 267 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “3E9A223DB85706D47A4C568CF83D870D” . (.Bing Bar.) — C:WindowsInstaller{D322A9E3-758B-4D60-A7C4-65C88FD378D0}icon_installer_ico =>Toolbar.Bing
    ~ Update Products: 263 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.08BF746FB1EC301ECFEEC5D89F343CB1] [WIS][27/09/2010] (.Spirited Machine – ArmA II Launcher.) — C:WindowsInstaller95b475.msi [1220608]
    [MD5.7AAFBCED7FA860C52151DBCD3CA771B6] [WIS][22/09/2012] (.BlueJ – BlueJ Installer.) — C:WindowsInstallerea0eb.msi [7161724]
    ~ WIS: 266 Legitimates Filtered in 00mn 26s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 2/06/2013 49152 | (BEService) . (…) – C:Program Files (x86)Common FilesBattlEyeBEService.exe
    SS – | Demand 6/03/2012 276248 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Auto 24/02/2012 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 24/02/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 11/12/2013 569768 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe

    SR – | Auto 9/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 4/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
    SR – | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 17/02/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSInstantOn for NBInsOnSrv.exe
    SR – | Auto 29/12/2011 106144 | (AtherosSvc) . (.Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 13/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.2.241.0BBSvc.exe
    SR – | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.2.241.0SeaPort.exe
    SR – | Auto 3/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 21/02/2012 128280 | (Intel(R) ME Service) . (…) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
    SR – | Auto 21/02/2012 161560 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 28/02/2012 277784 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SR – | Auto 5/03/2012 889664 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 4/03/2012 2348864 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SR – | Auto 28/02/2012 363800 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 29/12/2011 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe

    ~ Services: Scanned in 00mn 28s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Simon at 15/12/2013 19:26:37
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Simon at 15/12/2013 19:26:39

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13013 – (14/12/2013)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    [HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    C:UsersSimonAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
    ~ Additionnel Scan: 528484 Items scanned in 00mn 28s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ MSI: 0 link(s) detected in 00mn 28s

    ~ 1911 Legitimates filtered by white list
    End of the scan (554 lines in 11mn 33s)(2)[/spoiler:1f6h2r8a]

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    bonsoir desactive avast le temps d utilisation d’usbfix et lance-le en mode suppression avec tous tes peripheriques possibles branchés , puis poste le rapport en découlant

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Bonjour,
    Désolé pour cette réponse tardive, mais j’ai un petit souci.
    Le PC et la clé infectés sont ceux de mon fils Simon qui est reparti à l’université dimanche soir, en prenant son PC mais en laissant sa clé USB à la maison.

    Manifestement, USBFix ne se contente pas de scanner la clé, mais il regarde également les disques du PC.
    Nous ne pourrons donc faire un test sur Clé et PC réunis qu’en fin de semaine.

    je vous poste les rapports dès que c’est fait

    Cordialement,

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    Bonjour pas de soucis :)

    surtout n’utilise pas la clé :)

    à te lire prochainement :hello:

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Bon… PC et clé USB sont de nouveau au même endroit. On a donc pu lancer USBFix. Voici le rapport:

    [spoiler:1lkhcsbq]############################## | UsbFix V 7.155 | [Suppression]

    Utilisateur: Simon (Administrateur) # SIMON-PC
    Mis à jour le 16/12/2013 par El Desaparecido – Team SosVirus
    Lancé à 18:53:52 | 19/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (K75VM)
    CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
    RAM -> [Total : 3982 | Free : 2705]
    Bios: American Megatrends Inc.
    Boot: Fail-safe boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.16476
    WB: Google Chrome : 31.0.1650.63
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [(!) Disabled]

    C: (%systemdrive%) -> Disque fixe # 300 Go (118 Go libre(s) – 39%) [OS] # NTFS
    D: -> Disque fixe # 373 Go (327 Go libre(s) – 88%) [DATA] # NTFS
    E: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [KINGSTON] # FAT32
    F: -> CD-ROM
    G: -> CD-ROM

    ################## | Processus Stoppés |

    Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID: 456 |ParentID: 972)
    Stoppé! C:WindowsSYSTEM32WISPTIS.EXE (ID: 1092 |ParentID: 972)
    Stoppé! C:Program FilesCommon Filesmicrosoft sharedinkTabTip.exe (ID: 1100 |ParentID: 972)
    Stoppé! C:Windowssystem32ctfmon.exe (ID: 1252 |ParentID: 1180)
    Stoppé! C:Windowssystem32DllHost.exe (ID: 1464 |ParentID: 716)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
    04 – HKLMSOFTWARE | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
    04 – HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    04 – HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    04 – HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    04 – HKLMSOFTWARE | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatea4d58bfc-a494-4a8b-9c80-5433770be3a9.exe /check
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [ASUSPRP] – “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
    04 – HKLMSOFTWAREwow6432Node | Run : [USB3MON] – “C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdatea4d58bfc-a494-4a8b-9c80-5433770be3a9.exe /check
    04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-2618693130-1802013049-3945703744-1001SOFTWARE | Run : [DAEMON Tools Lite] – “C:Program Files (x86)DAEMON Tools LiteDTLite.exe” -autorun
    04 – HKUS-1-5-21-2618693130-1802013049-3945703744-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-2618693130-1802013049-3945703744-1001SOFTWARE | Run : [SURVIVAL] – wscript.exe //B “C:UsersSimonAppDataLocalTempSURVIVAL.vbe”
    04 – HKUS-1-5-21-2618693130-1802013049-3945703744-1001SOFTWARE | Run : [APS] – C:UsersSimonAppDataRoamingPublicconhost.exe
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Supprimé! C:UsersSimonAppDataRoamingPublicconhost.exe
    Supprimé! C:UsersSimonAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSURVIVAL.vbe
    Supprimé! C:UsersSimonAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe
    Supprimé! C:UsersSimonAppDataLocalTempSURVIVAL.vbe
    Supprimé! C:UsersSimonAppDataLocalTempDATA.exe
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECAak.tmp
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA13-12-2013
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA14-12-2013
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA15-12-2013
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA16-12-2013
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA17-12-2013
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA18-12-2013
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA19-12-2013
    Supprimé! C:UsersSimonAppDataRoamingF8F1AECA
    Supprimé! C:UsersSimonAppDataLocalTempSimon7
    Supprimé! C:UsersSimonAppDataLocalTempSimon8
    Supprimé! D:install.exe
    Supprimé! C:UsersSimonAppDataRoamingPublic
    Supprimé! C:UsersSimonAppDataLocalTempetilqs_7OoXdBUc14ideje.pif

    ################## | Référence de comparaison MD5 |

    Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UsersSimonAppDataRoamingPublicconhost.exe
    Md5 : 566A2952410520E6E384366F28F6871B -> C:UsersSimonAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSURVIVAL.vbe
    Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UsersSimonAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupconhost.exe
    Md5 : 566A2952410520E6E384366F28F6871B -> C:UsersSimonAppDataLocalTempSURVIVAL.vbe
    Md5 : F936FA87EC52A3373E254E1D559E8609 -> C:UsersSimonAppDataLocalTempDATA.exe

    ################## | Comparaison MD5 |

    -> Pas de valeur Md5 identique trouvée.

    ################## | Registre |

    Supprimé! HKCUSoftwareHolaa
    Supprimé! HKUS-1-5-21-2618693130-1802013049-3945703744-1001SoftwareMicrosoftWindowsCurrentVersionRun|APS
    Supprimé! HKUS-1-5-21-2618693130-1802013049-3945703744-1001SoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL

    ################## | UsbFix – Information |

    UsbFix a détecté sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
    Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
    Si vous avez effectué des achats sur internet,
    veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.

    Infos: infection-dinihou-vous-explique-son-fonctionnement-t4852.html

    ################## | Listing |

    [07/09/2012 – 19:09:45 | N | 0 Ko] – C:BurnHelp.txt
    [19/12/2013 – 18:18:18 | N | 8 Ko] – C:UsbFix [Clean 1] SIMON-PC.txt
    [19/12/2013 – 19:02:11 | A | 8 Ko] – C:UsbFix [Clean 2] SIMON-PC.txt
    [19/12/2013 – 18:51:47 | ASH | 4077896 Ko] – C:pagefile.sys
    [19/12/2013 – 18:52:40 | ASH | 3058420 Ko] – C:hiberfil.sys
    [18/12/2013 – 09:31:21 | D] – C:Config.Msi
    [03/10/2013 – 02:11:00 | N | 2 Ko] – C:fraglist.luar
    [14/03/2012 – 09:07:42 | N | 4226 Ko] – C:K45VM.BIN
    [14/10/2012 – 16:49:45 | SHD] – C:$Recycle.Bin
    [15/12/2013 – 19:26:39 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [29/07/2009 – 07:03:37 | N | 8 Ko] – C:BOOTSECT.BAK
    [14/07/2009 – 02:38:58 | RASH | 375 Ko] – C:bootmgr
    [14/07/2009 – 04:20:08 | D] – C:PerfLogs
    [14/07/2009 – 06:08:56 | SHD] – C:Documents and Settings
    [29/07/2009 – 06:22:15 | SHD] – C:Recovery
    [29/07/2009 – 07:03:34 | SHD] – C:Boot
    [24/02/2012 – 03:50:52 | D] – C:AsusVibeData
    [21/05/2012 – 11:35:32 | D] – C:Intel
    [21/05/2012 – 11:50:07 | D] – C:eSupport
    [07/09/2012 – 17:20:29 | D] – C:Users
    [11/09/2012 – 09:17:34 | D] – C:Barres
    [04/12/2012 – 18:40:38 | RHD] – C:MSOCache
    [03/03/2013 – 17:43:28 | D] – C:Games
    [29/09/2013 – 15:44:09 | D] – C:Program Files
    [29/09/2013 – 18:04:21 | D] – C:Mozart
    [29/09/2013 – 18:17:44 | D] – C:emacs
    [29/09/2013 – 18:26:16 | D] – C:Tcl
    [14/12/2013 – 23:45:14 | SHD] – C:System Volume Information
    [15/12/2013 – 18:48:42 | HD] – C:ProgramData
    [15/12/2013 – 19:08:24 | D] – C:AdwCleaner
    [15/12/2013 – 19:14:41 | D] – C:Program Files (x86)
    [19/12/2013 – 18:52:40 | D] – C:Windows
    [19/12/2013 – 19:02:07 | D] – C:UsbFix
    [07/11/2007 – 08:00:40 | N | 0 Ko] – D:eula.1041.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1028.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1031.txt
    [07/11/2007 – 08:00:40 | N | 10 Ko] – D:eula.1033.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1036.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1040.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.2052.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1042.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.3082.txt
    [07/11/2007 – 08:12:28 | N | 228 Ko] – D:VC_RED.MSI
    [02/10/2013 – 19:45:11 | N | 0 Ko] – D:fraglist.luar
    [07/11/2007 – 08:00:40 | N | 1 Ko] – D:install.ini
    [07/11/2007 – 08:00:40 | N | 1 Ko] – D:globdata.ini
    [07/11/2007 – 08:03:18 | N | 75 Ko] – D:install.res.1028.dll
    [07/11/2007 – 08:03:18 | N | 94 Ko] – D:install.res.1031.dll
    [07/11/2007 – 08:03:18 | N | 89 Ko] – D:install.res.1033.dll
    [07/11/2007 – 08:03:18 | N | 95 Ko] – D:install.res.1036.dll
    [07/11/2007 – 08:03:18 | N | 93 Ko] – D:install.res.1040.dll
    [07/11/2007 – 08:03:18 | N | 80 Ko] – D:install.res.1041.dll
    [07/11/2007 – 08:03:18 | N | 78 Ko] – D:install.res.1042.dll
    [07/11/2007 – 08:03:18 | N | 74 Ko] – D:install.res.2052.dll
    [07/11/2007 – 08:03:18 | N | 94 Ko] – D:install.res.3082.dll
    [07/11/2007 – 08:09:22 | N | 1409 Ko] – D:VC_RED.cab
    [07/11/2007 – 08:00:40 | N | 6 Ko] – D:vcredist.bmp
    [14/10/2012 – 16:49:46 | SHD] – D:$RECYCLE.BIN
    [07/09/2012 – 09:15:40 | SHD] – D:System Volume Information
    [09/09/2012 – 15:03:25 | D] – D:Users
    [17/12/2013 – 19:10:28 | RASHD] – E:Autorun.inf

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1lkhcsbq]

    Comme le PC avait tourné entre-temps, on a repassé les trois autres programmes.

    Re-voici les rapports:

    [spoiler:1lkhcsbq]Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.12.18.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Simon :: SIMON-PC [administrateur]

    Protection: Activé

    19/12/2013 19:22:47
    MBAM-log-2013-12-19 (19-57-36).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 237206
    Temps écoulé: 3 minute(s), 32 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:UsersSimonDownloadsdaemon-tools-lite_daemon_tools_lite_4.45.4_francais_10729.exe (PUP.Optional.OpenCandy) -> Aucune action effectuée.

    (fin)

    # AdwCleaner v3.015 – Rapport créé le 19/12/2013 à 20:02:08
    # Mis à jour le 10/12/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Simon – SIMON-PC
    # Exécuté depuis : C:UsersSimonDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.16428

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersSimonAppDataRoamingMozillaFirefoxProfilesjmim5433.default-1351205969399prefs.js ]

    -\ Google Chrome v31.0.1650.63

    [ Fichier : C:UsersSimonAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [4596 octets] – [15/12/2013 19:05:18]
    AdwCleaner[R1].txt – [1069 octets] – [19/12/2013 19:58:20]
    AdwCleaner[R2].txt – [1130 octets] – [19/12/2013 20:01:05]
    AdwCleaner[S0].txt – [3781 octets] – [15/12/2013 19:07:59]
    AdwCleaner[S1].txt – [1052 octets] – [19/12/2013 20:02:08]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [1112 octets] ##########

    ~ Rapport de ZHPDiag v2013.12.14.22 – Nicolas Coolman (14/12/2013)
    ~ Lancé par Simon (19/12/2013 20:08:52)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16476
    MFIE: Mozilla Firefox 25.0.1
    GCIE: Google Chrome v31.0.1650.63 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 9YQTR
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2008
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d'optimisation du système
    CCleaner v3.22 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X
    Java 7 Update 7

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3982 MB (56% free)
    System Restore: Activé (Enable)
    System drive C: has 118 GB (39%) free of 300 GB

    —\ Mode de connexion au système
    ~ Computer Name: SIMON-PC
    ~ User Name: Simon
    ~ All Users Names: UpdatusUser, Simon, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersSimonAppDataRoamingZHP
    ~ %AppData% : C:UsersSimonAppDataRoaming
    ~ %Desktop% : C:UsersSimonDesktop
    ~ %Favorites% : C:UsersSimonFavorites
    ~ %LocalAppData% : C:UsersSimonAppDataLocal
    ~ %StartMenu% : C:UsersSimonAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 118 Go of 300 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 327 Go of 373 Go)
    F: CD-ROM drive (Not Inserted)
    G: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.24/02/2012 – 01:55:29.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.26/11/2013 – 08:07:57.) — C:WindowsSystem32wininet.dll [2334208]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:32.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:28.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:22.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:34.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:44.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.24/02/2012 – 02:02:21.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:22.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:36.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:58.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.24/02/2012 – 01:35:34.) — C:Windowssystem32Driversvolsnap.sys [296320]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/6
    ~ Mes Videos (My Videos) : 1/128
    ~ Mes Favoris (My Favorites) : 1/7
    ~ Mes Documents (My Documents) : 1/5225
    ~ Mon Bureau (My Desktop) : 1/27
    ~ Menu demarrer (Programs) : 1/66
    ~ Hidden Files: Scanned in 00mn 05s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.916]
    [MD5.64A7C84C0A8C79B22033F92D43919062] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [102568] [PID.2780]
    [MD5.98CADC34741738CFC24F5CDFDAA408FA] – (.ASUSTeK – ACEngSvr Module.) — C:WindowsSysWOW64ACEngSvr.exe [162456] [PID.3852]
    [MD5.4D1DA8CE5E364D22B4FF00F163194514] – (.Intel Corporation – Intel(R) USB 3.0 Monitor.) — C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe [291608] [PID.1872]
    [MD5.D9AB754613208112B840C75B6762B909] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322176] [PID.3244]
    [MD5.BC31B27061F27E8968CD0435C038F712] – (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [174720] [PID.3736]
    [MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] – (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe [105016] [PID.464]
    [MD5.B9BF29CC884BDD499803C3ED1F97FA41] – (.ASUSTeK Computer Inc. – A program that manage wireless devices in s.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [2321072] [PID.2716]
    [MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.3032]
    [MD5.37DEB76A2CF005841C4E45DE2B94D84F] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3058304] [PID.2412]
    [MD5.35048D8E8A0BF7A797CD5757ACD7EED0] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [107816] [PID.4800]
    [MD5.ED759B7FD51466447CC31CBE79B99050] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1121448] [PID.4404]
    [MD5.F48ECBB9771865CDC5435BD9AF4564F0] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Virtual TouchQuickGesturex86QuickGesture.exe [17872] [PID.4420]
    [MD5.6B3BA5BB455D7A4FD16B697B8F73858F] – (.ASUSTek Computer Inc. – ASUS FaceLogon Application.) — C:Program Files (x86)ASUSFaceLogonsensorsrv.exe [473728] [PID.4524]
    [MD5.2DC64A3446C8C6E020E781456B46573D] – (.Microsoft Corporation – Tablet PC Input Panel Helper.) — C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe [10240] [PID.4168]
    [MD5.2330B5A4A3824F042DC96D524893A6B5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8295936] [PID.4576]
    [MD5.A3626C6D3F2DC95497F3F61842D7FD89] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [80512] [PID.1592]
    [MD5.DBC598E47E7A382E60E2A4745D41FEF9] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1684]
    [MD5.4D41D30E2FAB3307967C7A0B045DC874] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1712]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1488]
    [MD5.52436245AAEF3B65DF7859949AB6A14E] – (.ASUS – ASUS InstantOn Program.) — C:Program Files (x86)ASUSInstantOn for NBInsOnSrv.exe [277120] [PID.1796]
    [MD5.369C1928C9BBED65C9E347448BD376B0] – (.Microsoft Corporation. – BingBar Service.) — C:Program Files (x86)MicrosoftBingBar7.2.241.0BBSvc.exe [193696] [PID.1852]
    [MD5.896AA2F1D79662B17D5DBBE588E24E30] – (…) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [128280] [PID.2180]
    [MD5.3C6630473DD42FFC57D9F5564F533127] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [161560] [PID.2204]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2244]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2316]
    [MD5.D83C2FF7EA53E66B8EA7901D710494EA] – (.Atheros – Atheros Coex Service Application.) — C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe [158880] [PID.2464]
    [MD5.2B23FAA39D8F949ED5EEE03ECA50BCD5] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [277784] [PID.4044]
    [MD5.08FF446D7E15B251431838E29E74DBB8] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [2348864] [PID.3624]
    [MD5.3C5405EF78576E8E4D791EB18F6856A8] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [363800] [PID.2548]
    [MD5.20DDC9CED8BC8390138F3187E0FF7411] – (.ASUSTek Computer Inc. – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [174720] [PID.4012]
    [MD5.EA75E0837B21B46E88102E23438FE2CB] – (.ASUS – ASUS InstantOn Program.) — C:Program Files (x86)ASUSInstantOn for NBInsOnWMI.exe [289408] [PID.2988]
    [MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.3940]
    [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] – (.ASUS – KBFiltr.) — C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe [113208] [PID.2372]
    [MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.3296]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersSimonAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.15.5.0.2 (Désactivé) =>Toolbar.AVGSearch
    ~ Google Browser: 11 Legitimates Filtered in 04mn 16s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersSimonAppDataRoamingMozillaFirefoxProfilesjmim5433.default-1351205969399prefs.js
    ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: ArmA II Launcher.lnk . (.Spirited Machine – ArmA II Launcher.) — C:Program Files (x86)Spirited MachineArmA II LauncherARMA2 Launcher.exe
    O4 – GSDesktop [Public]: DayZ Commander.lnk . (.Dotjosh Studios, LLC – Pas de description.) — C:Program Files (x86)Dotjosh StudiosDayZ CommanderCurrentDayZCommander.exe
    O4 – GSDesktop [Public]: Diablo III.lnk . (.Blizzard Entertainment – Diablo III Setup.) — C:Program Files (x86)Diablo IIIDiablo III Launcher.exe
    O4 – GSDesktop [Public]: LyX 2.0.lnk . (…) — C:Program Files (x86)LyX 2.0binLyX.exe
    O4 – GSDesktop [Public]: Nexus Mod Manager.lnk . (.Black Tree Gaming – Nexus Mod Manager.) — C:Program FilesNexus Mod ManagerNexusClient.exe
    O4 – GSDesktop [Public]: RomStation.lnk . (…) — C:Program Files (x86)RomStationRomStation.exe
    O4 – GSDesktop [Public]: TexMakerX.lnk . (…) — C:Program Files (x86)TexMakerXtexmakerx.exe
    O4 – GSDesktop [Public]: The Battle for Middle-earth ™ II.lnk . (…) — C:Program Files (x86)Electronic ArtsThe Battle for Middle-earth ™ IIlotrbfme2.exe
    O4 – GSDesktop [Public]: The Lord of the Rings, The Rise of the Witch-king.lnk . (…) — C:Program Files (x86)Electronic ArtsThe Lord of the Rings, The Rise of the Witch-kinglotrbfme2ep1.exe
    O4 – GSProgram [Public]: MATLAB R2013a Student Version (32-bit).lnk . (.The MathWorks Inc. – MATLAB Starter Application.) — C:Program Files (x86)MATLABR2013a Studentbinmatlab.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [UpdatusUser]: Audiograbber.lnk . (…) — C:Program Files (x86)audiograbberaudiograbber.exe
    O4 – GSQuickLaunch [Simon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Simon]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [Simon]: UltraDefrag.lnk . (.UltraDefrag Development Team – UltraDefrag GUI interface.) — C:WindowsUltraDefragultradefrag.exe
    O4 – GSTaskBar [Simon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Simon]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Simon]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Simon]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Simon]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [Simon]: BlueJ.lnk . (…) — C:Program Files (x86)BlueJBlueJ.exe
    O4 – GSDesktop [Simon]: Fender FUSE.lnk . (…) — C:Program Files (x86)FenderFender FUSEFender FUSE.exe
    O4 – GSDesktop [Simon]: MATLAB R2013a Student Version (32-bit).lnk . (.The MathWorks Inc. – MATLAB Starter Application.) — C:Program Files (x86)MATLABR2013a Studentbinmatlab.exe
    O4 – GSDesktop [Simon]: Neverwinter.lnk . (…) — C:UsersPublicGamesCryptic StudiosNeverwinter.exe
    O4 – GSDesktop [Simon]: oz.lnk . (…) — C:Mozartbinoz.exe
    ~ Global Startup: 92 Legitimates Filtered in 00mn 02s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [AtherosBtStack] . (.Atheros Communications – Serveur Stack Bluetooth.) — C:Program Files (x86)Bluetooth SuiteBtvStack.exe
    O4 – HKLM..Run: [AthBtTray] . (.Atheros Commnucations – Bluetooth Tray.) — C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
    O4 – HKLM..Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPAPRP.exe
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ecareme – AsusWebStorage.) — C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [USB3MON] . (.Intel Corporation – Intel(R) USB 3.0 Monitor.) — C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe
    O4 – HKLM..Wow6432NodeRun: [ATKOSD2] . (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    O4 – HKLM..Wow6432NodeRun: [ATKMEDIA] . (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    O4 – HKLM..Wow6432NodeRun: [HControlUser] . (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    O4 – HKLM..Wow6432NodeRun: [Wireless Console 3] . (.ASUSTeK Computer Inc. – A program that manage wireless devices in s.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    O4 – HKLM..Wow6432NodeRun: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAVAST SoftwareAvastsetupemupdatea4d58bfc-a494-4a8b-9c80-5433770be3a9.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:Program Files (x86)AVG Secure SearchAVG-Secure-Search-Update_JUNE2013_TB.exe (.not file.) =>Toolbar.AVGSearch
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..Run: [AVG-Secure-Search-Update_JUNE2013_HP] C:Program Files (x86)AVG Secure SearchAVG-Secure-Search-Update_JUNE2013_HP.exe (.not file.) =>Toolbar.AVGSearch
    O4 – HKUSS-1-5-21-2618693130-1802013049-3945703744-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{2D7176F1-3F2D-44C1-A029-459896DC4274}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCCSServicesTcpip..{A08BF2DE-9F3E-47AC-81F8-C8D22523539D}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{2D7176F1-3F2D-44C1-A029-459896DC4274}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS1ServicesTcpip..{A08BF2DE-9F3E-47AC-81F8-C8D22523539D}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{2D7176F1-3F2D-44C1-A029-459896DC4274}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS2ServicesTcpip..{A08BF2DE-9F3E-47AC-81F8-C8D22523539D}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA shim initialization dll, Version 290.) – C:Windowssystem32nvinitx.dll
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_HP_rmv.job [352]
    O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_TB_rmv.job [352]
    O39 – APT:Automatic Planified Task – C:WindowsTasksMATLAB R2013a Startup Accelerator.job [602]
    [MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_HP_rmv] (…) — C:WindowsTEMP{D5F53F20-20A5-4D54-B407-C34254D33CDE}.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (…) — C:WindowsTEMP{5CC2DEDE-1CDA-4525-AA3B-72025517DA3F}.exe (.not file.) [0]
    [MD5.FD145BB8D84122A16824344E722245F7] [APT] [MATLAB R2013a Startup Accelerator] (…) — C:Program Files (x86)MATLABR2013a Studentbinwin32MATLABStartupAccelerator.exe [32768]
    [MD5.00000000000000000000000000000000] [APT] [{764E0E5A-747A-43CB-BA2A-4DFD1BD5E8C9}] (…) — F:SETUP.exe (.not file.) [0]
    ~ Scheduled Task: 35 Legitimates Filtered in 00mn 03s

    —\ Logiciels installés (O42)
    O42 – Logiciel: LyX 2.0.5.1 – (.LyX Team.) [HKLM][64Bits] — LyX2051
    O42 – Logiciel: The Battle for Middle-earth ™ II – (…) [HKLM][64Bits] — {2A9F95AB-65A3-432c-8631-B8BC5BF7477A}
    ~ Logic: 24 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareLyX]
    [HKCUSoftwareTortoiseGit]
    ~ Key Software: 319 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 17/02/2013 – 13:06:44 – [287,039] —-D C:Program Files (x86)LyX 2.0
    O43 – CFD: 27/09/2013 – 13:25:34 – [0] —-D C:Program Files (x86)ScienceActive
    O43 – CFD: 1/05/2013 – 16:31:44 – [56,400] —-D C:UsersSimonAppDataRoamingLyX2.0
    O43 – CFD: 29/09/2013 – 15:43:27 – [0,002] —-D C:UsersSimonAppDataLocalTGitCache
    ~ 3 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 190 Legitimates Filtered in 03mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 11/12/2013 – 00:12:36 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
    O44 – LFC:[MD5.524B5B002CE78EB7B42B1CA66DAF71E0] – 14/12/2013 – 10:58:31 —A- . (…) — C:WindowsSystem32AutoRunFilter.ini [2020]
    O44 – LFC:[MD5.E7FA2DAB91F018B9023B7418DE679DDE] – 15/12/2013 – 18:59:55 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [2048]
    O44 – LFC:[MD5.ECDA6F954E3F9AFC2275466A4BE847FD] – 19/12/2013 – 18:18:18


    . (…) — C:UsbFix [Clean 1] SIMON-PC.txt [7878]
    O44 – LFC:[MD5.15F8156FC927F86AC5B11E2F19CD813D] – 19/12/2013 – 19:02:11 —A- . (…) — C:UsbFix [Clean 2] SIMON-PC.txt [11308]
    O44 – LFC:[MD5.6B075EC77898993D106F3706BF9D9B50] – 19/12/2013 – 19:16:41 —A- . (…) — C:Windowsntbtlog.txt [221216]
    O44 – LFC:[MD5.43276ADB7B54021EDC303720FC1B9EED] – 19/12/2013 – 20:13:55 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
    O44 – LFC:[MD5.43276ADB7B54021EDC303720FC1B9EED] – 19/12/2013 – 20:13:55 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
    ~ Files: 101 Legitimates Filtered in 00mn 06s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.CBF4C9263F35A9E80E4AD5CBBAE6049C] – 21/12/2011 – 22:15:56 —A- . (.Windows (R) Win 7 DDK provider – ASUS Virtual Bus.) — C:WindowsSystem32DriversAsusVBus.sys [35968]
    O58 – SDL:[MD5.C951F6F1D909E1AAD7160D9EE860A3F1] – 8/11/2011 – 03:48:28 —A- . (.Windows (R) Win 7 DDK provider – ASUS HID mini driver for Virtual Touch Device.) — C:WindowsSystem32DriversAsusVTouch.sys [16512]
    O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 13/12/2013 – 08:26:59 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
    O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 13/12/2013 – 08:26:59 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
    O58 – SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] – 25/10/2012 – 21:09:36 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [283200]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.42B4D3D746B3625EF42233C3897E1F68] – 19/02/2012 – 19:16:24 —A- . (.ELAN Microelectronics Corp. – ETD Kernel Center.) — C:WindowsSystem32DriversETD.sys [200488]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] – 20/07/2009 – 10:29:40 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    ~ Drivers: 16 Legitimates Filtered in 00mn 32s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013aMATLAB_Editor_State.xml [5871]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013aStudentMATLABDesktop.xml [11474]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013aStudentMATLABDesktop.xml.prev [11474]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013acwdhistory.m [83]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013ahistory.m [6263]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013amatlab.prf [1240]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013amatlab.settings [5915]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013apublish_configurations.m [1291]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013arun_commands.m [220]
    O61 – LFC: 18/12/2013 – 20:18:12 —A- . (…) — C:UsersSimonAppDataRoamingMathWorksMATLABR2013atoolbox_cache-8.1.0-1340520721-win32.xml [907105]
    O61 – LFC: 19/12/2013 – 20:17:18 —A- . (…) — C:UsersSimonAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [264269]
    O61 – LFC: 19/12/2013 – 20:17:18 —A- . (…) — C:UsersSimonAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
    O61 – LFC: 19/12/2013 – 20:17:23 —A- . (…) — C:UsersSimonAppDataLocalGoogleChromeUser DataLocal State [50621]
    O61 – LFC: 19/12/2013 – 20:17:25 —A- . (…) — C:UsersSimonAppDataLocalThunderbirdMozilla Thunderbirdactive-update.xml [1185] =>.Mozilla Corporation
    O61 – LFC: 19/12/2013 – 20:18:14 —A- . (…) — C:UsersSimonAppDataRoamingsp_data.sys [380]
    O61 – LFC: 19/12/2013 – 20:18:15 —A- . (…) — C:UsersSimonAppDataRoamingZHPLog.txt [38707] =>.Nicolas Coolman
    O61 – LFC: 19/12/2013 – 20:18:15 —A- . (…) — C:UsersSimonAppDataRoamingZHPTestsZHPDiag.txt [2853] =>.Nicolas Coolman
    ~ 27 Fichiers temporaires (Temporary files)
    ~ Files: 338 Legitimates Filtered in 01mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.&#041; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:Program Files (x86)ArmA 2#JIMBOkeygen.exe
    C:Program Files (x86)ArmA 2#JIMBOkeygen.exe
    ~ Files: Scanned in 00mn 27s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][6/10/2010] (…) — C:ProgramDataFullRemove.exe [131984]
    [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (…) — C:UsersSimonAppDataLocalTempQuarantine.exe [360051]
    [MD5.F069386B3B7CE699F1E33B620EA1A0E9] [SPRF][19/12/2013] (…) — C:UsersSimonAppDataRoamingsp_data.sys [380]
    [MD5.FFA683DC592D4E91F76714D9BA2272D1] [SPRF][15/12/2013] (…) — C:UsersSimonDesktopadwcleaner.exe [1226750]
    [MD5.3C166BAE84553D4CB27AF8ABDC61712D] [SPRF][2/09/2013] (…) — C:UsersSimonDesktopMinecraft.exe [675988]
    ~ Files: 7 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{FEF005E8-9812-4BE5-9547-0CBC7E1CA4D4}C:mozartbinozengine.exe” | In – Private – P6 – TRUE | .(…) — C:mozartbinozengine.exe
    O87 – FAEL: “UDP Query User{1124D823-0FAC-49E5-A822-D22EDF8EDFBF}C:mozartbinozengine.exe” | In – Private – P17 – TRUE | .(…) — C:mozartbinozengine.exe
    O87 – FAEL: “TCP Query User{C04D03AA-7968-4715-AB62-6766F4004BFC}C:mozartbinozengine.exe” | In – Public – P6 – TRUE | .(…) — C:mozartbinozengine.exe
    O87 – FAEL: “UDP Query User{6794A50A-C914-4C22-AA04-975C00AC020D}C:mozartbinozengine.exe” | In – Public – P17 – TRUE | .(…) — C:mozartbinozengine.exe
    ~ Firewall: 267 Legitimates Filtered in 00mn 01s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “3E9A223DB85706D47A4C568CF83D870D” . (.Bing Bar.) — C:WindowsInstaller{D322A9E3-758B-4D60-A7C4-65C88FD378D0}icon_installer_ico =>Toolbar.Bing
    ~ Update Products: 263 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.08BF746FB1EC301ECFEEC5D89F343CB1] [WIS][27/09/2010] (.Spirited Machine – ArmA II Launcher.) — C:WindowsInstaller95b475.msi [1220608]
    [MD5.7AAFBCED7FA860C52151DBCD3CA771B6] [WIS][22/09/2012] (.BlueJ – BlueJ Installer.) — C:WindowsInstallerea0eb.msi [7161724]
    ~ WIS: 266 Legitimates Filtered in 00mn 22s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 2/06/2013 49152 | (BEService) . (…) – C:Program Files (x86)Common FilesBattlEyeBEService.exe
    SS – | Demand 6/03/2012 276248 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Auto 24/02/2012 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 24/02/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 11/12/2013 569768 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe

    SR – | Auto 9/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 4/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
    SR – | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 17/02/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSInstantOn for NBInsOnSrv.exe
    SR – | Auto 29/12/2011 106144 | (AtherosSvc) . (.Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 13/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.2.241.0BBSvc.exe
    SR – | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.2.241.0SeaPort.exe
    SR – | Auto 3/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 21/02/2012 128280 | (Intel(R) ME Service) . (…) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
    SR – | Auto 21/02/2012 161560 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 28/02/2012 277784 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SR – | Auto 5/03/2012 889664 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 4/03/2012 2348864 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SR – | Auto 28/02/2012 363800 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 29/12/2011 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe

    ~ Services: Scanned in 00mn 23s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Simon at 19/12/2013 20:19:15
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Simon at 19/12/2013 20:19:17

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13013 – (14/12/2013)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    [HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    C:UsersSimonAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
    ~ Additionnel Scan: 528999 Items scanned in 00mn 17s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ MSI: 0 link(s) detected in 00mn 17s

    ~ 1886 Legitimates filtered by white list
    End of the scan (536 lines in 10mn 43s)(2)[/spoiler:1lkhcsbq]

    Bonne lecture! ;) et merci d’avance pour les conseils.

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    Zhpdiag ne me sert à rien je ne m’en sers pas :) ^^

    change tous tes mots de passe

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Sinon, c’est clean?

    Et quand tu dis de changer les mots de passe… “Tous”, c’est aussi celui du routeur wifi par exemple, ou c’est “seulement” les mots de passe sur les sites internet?

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    bonjour non seulement ceux d’internet , celui de ton wifi ne servirait à rien aux pirates

    j’attends que tu aies fait ca pour te donner la suite :)

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    C’est fait.

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    J’ai donc relancé le scan et nettoyage de Adwcleaner (rapport ci-dessous), le scan n’a rien trouvé comparé à la première fois ^^

    [spoiler:17nq99mp]# AdwCleaner v3.015 – Rapport créé le 20/12/2013 à 15:01:20
    # Mis à jour le 10/12/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Simon – SIMON-PC
    # Exécuté depuis : C:UsersSimonDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.16428

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersSimonAppDataRoamingMozillaFirefoxProfilesjmim5433.default-1351205969399prefs.js ]

    -\ Google Chrome v31.0.1650.63

    [ Fichier : C:UsersSimonAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [4596 octets] – [15/12/2013 19:05:18]
    AdwCleaner[R1].txt – [1069 octets] – [19/12/2013 19:58:20]
    AdwCleaner[R2].txt – [1130 octets] – [19/12/2013 20:01:05]
    AdwCleaner[R3].txt – [1250 octets] – [20/12/2013 15:00:15]
    AdwCleaner[S0].txt – [3781 octets] – [15/12/2013 19:07:59]
    AdwCleaner[S1].txt – [1192 octets] – [19/12/2013 20:02:08]
    AdwCleaner[S2].txt – [1172 octets] – [20/12/2013 15:01:20]

    ########## EOF – C:AdwCleanerAdwCleaner[S2].txt – [1232 octets] ##########[/spoiler:17nq99mp]

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    et ben j’aurais cru….

    • Copie le script ci dessous :
      HKCUSoftware
      HKLMSoftware
      HKCUSoftwareMicrosoftCommand Processor /s
      HKLMSoftwareMicrosoftCommand Processor /s
      %Homedrive%*
      %Homedrive%*.
      %Userprofile%*
      %Userprofile%*.
      %Allusersprofile%*
      %Allusersprofile%*.
      %LocalAppData%*
      %LocalAppData%*.
      %Userprofile%Local SettingsApplication Data*
      %Userprofile%Local SettingsApplication Data*.
      %programFiles%*
      %programfiles%GoogleDesktopInstall /s
      %programFiles%*.
      %Systemroot%Installer*.
      %Systemroot%Temp*.exe /s
      %systemroot%system32*.dll /lockedfiles
      %systemroot%system32*.exe /lockedfiles
      %systemroot%system32*.in*
      %systemroot%Tasks*
      %systemroot%Tasks*.
      %systemroot%system32Tasks*
      %systemroot%system32Tasks*.
      %systemroot%system32drivers*.sy* /lockedfiles
      %systemroot%system32config*.exe /s
      %Systemroot%ServiceProfiles*.exe /s
      %systemroot%system32*.sys
      dir %Homedrive%* /S /A:L /C
      msconfig
      activex
      /md5start
      explorer.exe
      winlogon.exe
      wininit.exe
      volsnap.sys
      atapi.sys
      ndis.sys
      cdrom.sys
      i8042prt.sys
      iastor.sys
      tdx.sys
      netbt.sys
      afd.sys
      /md5stop
      netsvcs
      safebootminimal
      safebootnetwork
      CREATERESTOREPOINT
    • Télécharge OTL (by OldTimer) sur ton bureau.
    • Lance OTL, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche/Sélectionne les cases comme l’image ci dessous
    • Colle le Script copié plus haut dans la partie inférieure d’OTL “Personnalisation”
    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

    Note: si le site te dit ne pas prendre les extensions .txt réduire la majuscule en minuscule

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Les voici:

    Extras: https://antimalware.top/log/SosUpload.027fc2981623716b9285f9166ad55196.txt” onclick=”window.open(this.href);return false;

    Otl: https://antimalware.top/log/SosUpload.28eb6277a4f1408931100af550abf01a.txt” onclick=”window.open(this.href);return false;

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    tu n’as pas la possibilité de mettre windows à jour ainsi qu’internet explorer ?

    regarde sur windows update via menu démarrer/programmes voir si rien ne t’est proposé

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Il y avait en effet 1 mise à jour importante et 6 optionnelles pour windows. J’ai donc mis à jour windows mais concernant internet explorer je ne l’ouvre JAMAIS, dois-je tout de même lancer ses mises à jour?

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    oui car windows updates se sert de son protocole

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Pour internet explorer j’ai la mise à jour du 10 décembre 2013, je crois que c’est la dernière en date. De plus l’option mise à jour automatique de explorer est coché, normalement de ce côté c’est à jour.

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    sauf que :

    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) – Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)

    pour windows 7 on en est à la version 11 et pas 9 de internet explorer….

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Ah, pourtant en regardant dans les options de internet explorer, le “A propos de IE”, il m’affiche
    IE11
    version : 11.0.9600.16476
    version des mises à jour : 11.0.2 (KB2898785)
    De plus l’historique des mises à jour m’indique que je suis passé à IE11 le 11/12/2013

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    Ah !! alors…

    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    http://www.virustotal.com/index.html” onclick=”window.open(this.href);return false;

    clique sur “Parcourir” et trouve puis selectionne ce(s) fichier(s) :

    C:Program Files (x86)Internet Exploreriexplore.exe

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que “Situation actuelle : en cours d’analyse” est affiché.
    * Il est possible que le fichier soit mis en file d’attente en raison d’un grand nombre de demandes d’analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l’analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    On dirait que c’est clean, non?

    https://www.virustotal.com/fr/file/a214e3b654bcb6e6142e101b0e89081d44a3a634afa94dc0a620467335b7beb2/analysis/1387577555/” onclick=”window.open(this.href);return false;

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    ok c’est ok , c’est bon c’est OTL qui se tape un délire….tout est bon ? je peux te faire faire le ménage final ?

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Euhhh.. Quel ménage final?

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    • Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
    • Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    ===============================

    • Télécharge Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche les cases suivantes :
      • Réactiver l’UAC
      • Supprimer les outils de désinfection
      • Effectuer une sauvegarde du registre
      • Purger la restauration système
      • Réinitialisation des paramètres système

    ==========================

    Sécurisation du PC des logiciels potentiellement indésirables , toolbars , etc…

    Lorsqu’on est sous Windows et qu’on adore installer tout un tas de softs étranges, il faut savoir rester vigilant. En effet, certains programmes d’install proposent durant l’installation des toolbars et autres adware qui seront difficiles par la suite à retirer de votre système.

    En général, on fait attention, et on décoche les cases qui vont bien, mais il suffit d’une fois, d’un petit coup de barre et on laisse passer la toolbar fatale.

    Mais pourquoi se prendre la tête alors qu’un petit soft peut faire le travail pour vous ?

    Télécharge : https://www.sosvirus.net/telecharger/unchecky/” onclick=”window.open(this.href);return false;, un service qui tourne en tâche de fond sous Windows, qui détectera automatiquement les logiciels additionnels dans les programmes d’installation et qui décochera les cases qu’il faut pour éviter de se faire polluer.


    ==============================================

    si ce n’est fait met à jour Flash player (pour chrome il est deja intégré ) :

    No Internet Explorer :
    http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe” onclick=”window.open(this.href);return false;

    Internet Explorer :
    http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe” onclick=”window.open(this.href);return false;

    =============================================

    Adobe reader étant devenu trop peu fiable , je te conseille de le desinstaller , et pour lire les pdf , je te suggère d’utiliser plutôt SumatraPDF :

    https://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-2.3.2-install.exe” onclick=”window.open(this.href);return false;

    pense à l’installation , dans les options , à cocher la case qui correspond à « utiliser SumatraPDF comme lecteur par defaut » et installer les plugins pour les navigateurs.

    [fin2desinf:36jjs9nn][/fin2desinf:36jjs9nn]

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    OK.
    Voici le lien pour le rapport: https://antimalware.top/log/SosUpload.178d8163b05935d8da3c84f4a6e87081.txt” onclick=”window.open(this.href);return false;

    Pour les PDF, que penses-tu de foxit?

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    sumatra proposé ne te convient pas ?

  • Photo du profil de PhRaucqPhRaucq
    Participant
    Nombre d'articles : 13

    Mon père utilise foxit et en est satisfait, je pensais l’installer à la place mais peut-être que ce n’est pas un bon choix.

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    si tu peux très bien , mais attention juste où tu le télécharges ^^

    softonic , tout ca , c’est pas la peine il sera accompagné par divers adwares qui selon lesuels , s’installeront à ton insu :)

Le sujet ‘wchelper.dll et clé usb infectée’ est fermé à de nouvelles réponses.