Sujet Précédent Sujet Suivant

Aide pour supprimer VBScript.

Fermé
JC - 21 nov. 2011 à 21:36
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 20 févr. 2014 à 17:12
Bonjour,
chaque fois que j'ouvre ma clé USB VBScript apparait et je n'arrive pas à le supprimer. Comment farais je le supprimer?


A voir également:

5 réponses

Réponse 1 / 5
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
21 nov. 2011 à 21:37
Bonjour

Ton infection est donc une infection qui se propage par disques amovibles (clefs USB, disque dur externe, carte flash etc..).
Les disques amovibles que tu as insérés dans l'ordinateur quand celui-ci était infecté ont été infectés à leur tour.

Le simple faite d'ouvrir le poste de travail et de double-cliquer sur ta clef USB/disque dur externe va réinfecter ton système.
Tu trouveras un lien explicatif sur la propagation de ces infections, comment s'en protéger etc.... à partir de ces liens :

https://forum.malekal.com/viewtopic.php?t=5544&start=

▶ Télécharge ici : USBFIX sur ton bureau

OU lien alternatif : http://general-changelog-team.fr/telechargements/logiciels/viewdownload/80-outils-de-el-desaparecido/32-usbfix

branche tous tes périphériques externes sans les ouvrir (MP3, MP4, clé USB, disque dur externe, GSM, ...)

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

▶ choisi l option Suppression

▶ UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=9
1
Réponse 2 / 5
twoamir
19 févr. 2014 à 00:14
~ Rapport de ZHPDiag v2014.2.17.15 - Nicolas Coolman (2/17/2014)
~ Lancé par Administrateur (2/18/2014 23:00:22)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1 (Defaut)
GCIE: Google Chrome v32.0.1700.107

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.130.10

---\\ Logiciels d'optimisation du système
CCleaner =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Java 7 Update 51

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 503 MB (13% free)
System Restore: Activé (Enable)
System drive C: has 25 GB (65%) free of 39 GB

---\\ Mode de connexion au système
~ Computer Name: EDITION_ULTRA
~ User Name: Administrateur
~ All Users Names: IWAM_EDITION_ULTRA, IUSR_EDITION_ULTRA, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 11 Go of 35 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.4/13/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.2988BFF8257A55EA8AFD038F49F81A34] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2/5/2014 - 23:20:01.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.4/13/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.8/17/2011 - 13:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.4/13/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.4/13/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.4/13/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.4/13/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.4/13/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.4/13/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.4/13/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.4/13/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.4/13/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.7/15/2011 - 13:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.4/13/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.4/13/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.4/13/2008 - 19:47:24.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.4/13/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.4/13/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.4/13/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.4/13/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/2
~ Mes musiques (My Musics) : 0/33
~ Mes Videos (My Videos) : 0/2
~ Mes Favoris (My Favorites) : 0/12
~ Mes Documents (My Documents) : 0/110
~ Mon Bureau (My Desktop) : 0/2508
~ Menu demarrer (Programs) : 0/64
~ Hidden Files: Scanned in 00mn 09s



---\\ Processus lancés
[MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.344]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.472]
[MD5.3FE5A84FAC62753A20F539BE3E7BFC56] - (.Microsoft Corporation - Services Internet (IIS).) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.660]
[MD5.F9D905B18752AEB78FDA90E42C5F5095] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [2077008] [PID.416]
[MD5.6E15CAC2275E0B0A22E7EE9BAC30D7BA] - (...) -- C:\WINDOWS\VistaDrive\VistaDrive.exe [280779] [PID.1188]
[MD5.B114DB354D13A21C1AC2B1807EE2F500] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe [273544] [PID.1216]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.1284]
[MD5.E79977B1ECC05C53F0194750457BBB37] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [131072] [PID.1288]
[MD5.DDE4A991F26179573D2CFA7A093F56FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [163840] [PID.1300]
[MD5.EAF47A526B911B0961D3FECEB442E0C4] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135168] [PID.1312]
[MD5.54EA73DEEDE1EFCBBD0D60BC0DA4A15B] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [82256] [PID.1304]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1348]
[MD5.085BE68B52CE5A5FA4621507AD518CF3] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.1364]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1596]
[MD5.B3169BC42F3939F90FE11B24BCC24E9B] - (...) -- C:\Program Files\USBScan\USBScan.exe [1971712] [PID.1660]
[MD5.6A2FC790CD507336E05B7FAE29D79432] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [1057280] [PID.1716]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1808]
[MD5.5425B0E1A2FBEE08E5FE3F8A54FE487F] - (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632] [PID.2124]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.2164]
[MD5.CEA8F7E45B7B098F5FB085BB6A6A4432] - (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe [155648] [PID.2200]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\rundll32.exe [0] [PID.2244]
[MD5.36A9ACC51A3C72A3AFC7A05959CF499E] - (.Pas de propriétaire - ADIMON MFC Application.) -- C:\Program Files\Menara\dslmon.exe [839680] [PID.2328]
[MD5.D3D4BD94434A9CB4B35E82283EAE8EFB] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [273296] [PID.2352]
[MD5.EA5C563DB06D96B90141698AFD27F2FC] - (...) -- C:\Program Files\PCData\minerd.exe [187904] [PID.2436]
[MD5.9AE882A67F019CF30E8C9D7D60B05DDA] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3308]
[MD5.C3BB6CF8F9EE199005A2AAE2815AD756] - (.Nokia - ServiceLayer Module.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [724376] [PID.2976]
[MD5.92210B62D245B8ACC8600E3141E48DEB] - (.Nokia - USB Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe [174488] [PID.4024]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.304]
[MD5.CE565CA700A87863DC792163E2942628] - (.Nokia - Serial Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe [126872] [PID.3444]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.584]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.0]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.1776]
~ Processes Running: Scanned in 00mn 26s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.bing.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.myhoome.com
G2 - GCE: Preference [User Data\Default] [jopdpbolklklaiookikgmdinfbooiipj] WebSite Recommendation v.4.2 (Activé) =>PUP.WebSiteRecommendation
G2 - GCE: Preference [User Data\Default] [koaigfekcaicjopbdljgmcmcmbmeadop] 1ClickMovieDownloader V6 v.1.26.70, (Activé) =>PUP.SoftwareEngine
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 24 Legitimates Filtered in 00mn 10s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Administrateur - wghhdb5b.default-1388371415421\***@***] [] United States English Spellchecker v7.0.1 (..)
M2 - MFEP: prefs.js [Administrateur - wghhdb5b.default-1388371415421\***@***] [] 1ClickMovieDownloader V6 v7.0.1 (..) =>PUP.SoftwareEngine
~ Firefox Browser: 24 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Surftastic - {c6673938-a52b-4dc6-af05-783e7e2c8b65} . (.Surftastic - Surftastic.) -- C:\Program Files\Surftastic\Surftasticbho.dll =>Adware.Surftastic
~ BHO: 28 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 12 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: DSLMON.lnk . (...) -- C:\Program Files\Menara\dslmon.exe
O4 - GS\Program [AllUsers]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [VistaDrive] . (...) -- C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [windows] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKLM\..\Run: [USBScan.exe] . (...) -- C:\Program Files\USBScan\USBScan.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - HKCU\..\Run: [RIMDeviceManager] . (.Research In Motion Limited - RIM Handheld Communications Manager.) -- C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [windows] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Documents and Settings\Administrateur\Application Data\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] Clé orpheline
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] Clé orpheline
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] Clé orpheline
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] Clé orpheline
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] Clé orpheline
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] Clé orpheline
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] Clé orpheline
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] Clé orpheline
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] Clé orpheline
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] Clé orpheline
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] Clé orpheline
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] Clé orpheline
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [RIMDeviceManager] . (.Research In Motion Limited - RIM Handheld Communications Manager.) -- C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [windows] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKUS\S-1-5-21-1844237615-492894223-1644491937-500\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Documents and Settings\Administrateur\Application Data\newnext.me\nengine.dll =>PUP.NextLive
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A14A273-4DF8-49D7-9FF7-8A6FACBC77C9}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A14A273-4DF8-49D7-9FF7-8A6FACBC77C9}: NameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A14A273-4DF8-49D7-9FF7-8A6FACBC77C9}: NameServer = 62.251.229.237 62.251.229.223
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Protect Monitor (ProtectMonitor) . (...) - C:\Program Files\PCData\StartHelp.exe
O23 - Service: Update BuzzSearch (Update BuzzSearch) . (...) - C:\Program Files\BuzzSearch\updateBuzzSearch.exe (.not file.) =>PUP.BuzzSearch
O23 - Service: Update Surftastic (Update Surftastic) . (...) - C:\Program Files\Surftastic\updateSurftastic.exe =>Adware.Surftastic
~ Services: 9 Legitimates Filtered in 00mn 13s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\1ClickMovieDownloader V6-codedownloader.job [1538]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\1ClickMovieDownloader V6-enabler.job [1426] =>PUP.SoftwareEngine
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\1ClickMovieDownloader V6-updater.job [1598] =>PUP.SoftwareEngine
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AmiUpdXp.job [432] =>PUP.Software.Updater
~ Scheduled Task: 26 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: 1ClickMovieDownloader V6 - (.installdaddy.) [HKLM] -- 1ClickMovieDownloader V6 =>PUP.SoftwareEngine
O42 - Logiciel: PC Data App - (...) [HKLM] -- PCData App
O42 - Logiciel: Surftastic - (.Surftastic.) [HKLM] -- Surftastic =>Adware.Surftastic
O42 - Logiciel: USB Virus Scan 2.4 - (.USB Virus Scan.) [HKLM] -- USB Virus Scan_is1
~ Logic: 33 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickMovieDownloader V6] =>PUP.SoftwareEngine
[HKCU\Software\PCDataApp]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Surftastic] =>Adware.Surftastic
[HKCU\Software\iCarePro]
[HKLM\Software\DefaultTab] =>Adware.Bandoo
[HKLM\Software\Doug]
[HKLM\Software\PCDataApp]
~ Key Software: 274 Legitimates Filtered in 00mn 03s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2/13/2014 - 23:39:04 - [6,972] ----D C:\Program Files\1ClickMovieDownloader V6 =>PUP.SoftwareEngine
O43 - CFD: 2/5/2014 - 21:59:37 - [0] ----D C:\Program Files\GrabRez
O43 - CFD: 11/4/2013 - 13:47:08 - [0,127] ----D C:\Program Files\JL_Cmder
O43 - CFD: 11/23/2013 - 23:16:03 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 2/18/2014 - 17:02:25 - [1,153] ----D C:\Program Files\PCData
O43 - CFD: 11/21/2013 - 12:21:44 - [0] ----D C:\Program Files\SimilarSites
O43 - CFD: 2/18/2014 - 17:43:05 - [1,064] ----D C:\Program Files\Surftastic =>Adware.Surftastic
O43 - CFD: 2/18/2014 - 17:49:02 - [10,617] ----D C:\Program Files\USBScan
O43 - CFD: 10/27/2013 - 14:27:35 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 12/5/2013 - 22:54:44 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\defaulttab =>Adware.Bandoo
O43 - CFD: 2/18/2014 - 22:13:23 - [1,228] ----D C:\Documents and Settings\Administrateur\Application Data\newnext.me =>PUP.NextLive
O43 - CFD: 11/21/2013 - 12:21:27 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\SimilarSites
O43 - CFD: 2/18/2014 - 17:01:12 - [0,278] ----D C:\Documents and Settings\Administrateur\Application Data\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 2/18/2014 - 17:05:50 - [1,224] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\genienext
~ Program Folder: 187 Legitimates Filtered in 00mn 24s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.23EB1B38F2F1D639A794CAA7584D2D4D] - 2/18/2014 - 22:11:38 ----- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.B1BA9ACECEB6CE30F1A557E349F2BE44] - 2/18/2014 - 22:11:43 ----- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.4F5EF705EA660CF38F6F489EE772C78C] - 2/18/2014 - 22:53:40 ---A- . (...) -- C:\UsbFix [Scan 1] EDITION_ULTRA.txt [10710]
O44 - LFC:[MD5.FE3EA9248762305A67DF4B4B5D2BE8F2] - 2/9/2014 - 15:51:55 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log [5269]
~ Files: 45 Legitimates Filtered in 00mn 06s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.5E70F79BF7C6069D3DEC56F6E8DB959C] - 2/12/2014 - 13:59:23 ---A- - C:\WINDOWS\Prefetch\DSLMON.EXE-1AE46AAB.pf
O45 - LFCP:[MD5.4319A90498F6917BEE47F6C0559E93A9] - 2/13/2014 - 00:35:44 ---A- - C:\WINDOWS\Prefetch\NDP20SP2-KB2898856-X86.EXE-07990C71.pf
O45 - LFCP:[MD5.7737F4649F44120BE4F14D4FD768B019] - 2/13/2014 - 00:52:20 ---A- - C:\WINDOWS\Prefetch\NDP20SP2-KB2901111-X86.EXE-1F457A71.pf
O45 - LFCP:[MD5.CEDAECD11FE136CE4CCE5762B9AE2532] - 2/13/2014 - 00:56:36 ---A- - C:\WINDOWS\Prefetch\INETINFO.EXE-04CDB6D9.pf
O45 - LFCP:[MD5.36DB31457F5504BAAC5631380B5EE9D8] - 2/13/2014 - 01:02:52 ---A- - C:\WINDOWS\Prefetch\NDP20SP2-KB2836941-V2-X86.EXE-02354408.pf
O45 - LFCP:[MD5.23D4DA4C2851E3DD770F371FCF1025C5] - 2/13/2014 - 11:07:55 ---A- - C:\WINDOWS\Prefetch\MICROSOFT USER-MODE DRIVER FR-3AA59244.pf
O45 - LFCP:[MD5.46B728C7EC29028E35D4EDCEFBF6BC4C] - 2/13/2014 - 15:59:04 ---A- - C:\WINDOWS\Prefetch\1CLICKMOVIEDOWNLOADER V6-CHRO-0B946839.pf =>PUP.SoftwareEngine
O45 - LFCP:[MD5.64BC178A1FB8EBFF961C292587AD3D2E] - 2/13/2014 - 15:59:12 ---A- - C:\WINDOWS\Prefetch\1CLICKMOVIEDOWNLOADER V6-FIRE-0F982EFC.pf =>PUP.SoftwareEngine
O45 - LFCP:[MD5.60BBCA8AA406B4CAA2776459FE2F5266] - 2/14/2014 - 23:44:36 ---A- - C:\WINDOWS\Prefetch\IISRESET.EXE-21AD4665.pf
O45 - LFCP:[MD5.4ED528C0860FDFA16972D54C72391E35] - 2/15/2014 - 10:05:14 ---A- - C:\WINDOWS\Prefetch\NS7.TMP-13106F14.pf
O45 - LFCP:[MD5.6FE09D735DDB56E3EE3AF86AC3C70404] - 2/17/2014 - 14:30:20 ---A- - C:\WINDOWS\Prefetch\PCSUITE.EXE-3798D23C.pf
O45 - LFCP:[MD5.6680DF88F28CC2C2574591BB094AEE78] - 2/18/2014 - 15:59:01 ---A- - C:\WINDOWS\Prefetch\1CLICKMOVIEDOWNLOADER V6-CODE-39132C55.pf =>PUP.SoftwareEngine
O45 - LFCP:[MD5.7616796686990EBD5A1ADC7B8D1A8817] - 2/18/2014 - 15:59:02 ---A- - C:\WINDOWS\Prefetch\1CLICKMOVIEDOWNLOADER V6-ENAB-26F7910D.pf =>PUP.SoftwareEngine
O45 - LFCP:[MD5.277425692ED544FC9FA5663535BF5B38] - 2/18/2014 - 15:59:11 ---A- - C:\WINDOWS\Prefetch\1CLICKMOVIEDOWNLOADER V6-UPDA-1CE7C450.pf =>PUP.SoftwareEngine
O45 - LFCP:[MD5.38B92403AA17BC728246B878A8A85E7E] - 2/18/2014 - 16:37:55 ---A- - C:\WINDOWS\Prefetch\FORMAT.COM-0F9FF99E.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\mDNSResponder.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\mDNSResponder.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\tunmgr.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\tunmgr.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Research In Motion\nginx\nginx.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\nginx\nginx.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\PeerManager.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\PeerManager.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\PCData\minerd.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\PCData\minerd.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\tunmgr.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\tunmgr.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\mDNSResponder.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\mDNSResponder.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\Research In Motion\nginx\nginx.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\nginx\nginx.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\PeerManager.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\Research In Motion\Tunnel Manager\PeerManager.exe (.not file.)
~ Keys Export: 22 Legitimates Filtered in 00mn 03s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 8/28/2001 - 14:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.1A03A7B28D12239A573DC20422C3068D] - 3/2/2006 - 17:55:04 R--A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\Drivers\e4ldr.sys [63555]
O58 - SDL:[MD5.3E1971E0F64FCF2FBE05CE4AB0132963] - 5/4/2006 - 17:20:20 R--A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\Drivers\e4usbaw.sys [114616]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 4/13/2008 - 09:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 8/28/2001 - 14:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.F1771926A47A18BD3A3EDAC334FC78E0] - 3/27/2009 - 13:19:34 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\WINDOWS\system32\Drivers\smsens.sys [3744]
O58 - SDL:[MD5.86D17B6760DD2B09E932FF101714E0DC] - 3/27/2009 - 13:19:34 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\Drivers\smwdm.sys [612416]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 8/28/2001 - 14:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.8474AE96E3C5AF18F1B520D160099444] - 9/19/2005 - 11:58:08 ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\adiusbaw.sys [126489]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.3E1971E0F64FCF2FBE05CE4AB0132963] - 5/4/2006 - 17:20:20 ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\e4usbaw.sys [114616]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 4/13/2008 - 09:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 8/28/2001 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 4/13/2008 - 09:49:52 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 4/13/2008 - 09:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 4/13/2008 - 09:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 4/13/2008 - 09:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 4/13/2008 - 09:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 12s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2/15/2014 - 23:02:56 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20140212131424 [10]
O61 - LFC: 2/15/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\bookmarkbackups\bookmarks-2014-02-15_69.json [32779]
O61 - LFC: 2/15/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\pluginreg.dat [8658]
O61 - LFC: 2/15/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\search.json [18557]
O61 - LFC: 2/15/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\sessionstore.bak-20140212131424 [171]
O61 - LFC: 2/15/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\ZHPDiag.txt [230401] =>.Nicolas Coolman
O61 - LFC: 2/15/2014 - 23:03:26 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\active-update.xml [57]
O61 - LFC: 2/15/2014 - 23:03:26 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates.xml [1518]
O61 - LFC: 2/15/2014 - 23:03:33 ---A- . (...) -- C:\Documents and Settings\Administrateur\Mes documents\ZHPDiag.Txt [230401] =>.Nicolas Coolman
O61 - LFC: 2/16/2014 - 23:02:56 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Publisher\pubcmd12.dat [495]
O61 - LFC: 2/16/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\bookmarkbackups\bookmarks-2014-02-16_69.json [32779]
O61 - LFC: 2/16/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\ZHPFix[R1].txt [681] =>.Nicolas Coolman
O61 - LFC: 2/16/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\ZHPFix[R2].txt [762] =>.Nicolas Coolman
O61 - LFC: 2/16/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\ZHPFix[R3].txt [868] =>.Nicolas Coolman
O61 - LFC: 2/16/2014 - 23:03:02 ----- . (...) -- C:\Documents and Settings\Administrateur\Bureau\RATTRAPAGE\Thumbs.db [8192]
O61 - LFC: 2/16/2014 - 23:03:03 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\TELECHARGEMENT\blackberry\videos\VID 00001-20140216-1557.3GP [1457615]
O61 - LFC: 2/16/2014 - 23:03:04 ----- . (...) -- C:\Documents and Settings\Administrateur\Bureau\TELECHARGEMENT\PHOTOS ICONE\Thumbs.db [708096]
O61 - LFC: 2/16/2014 - 23:03:05 ----- . (...) -- C:\Documents and Settings\Administrateur\Bureau\TELECHARGEMENT\Thumbs.db [914224]
O61 - LFC: 2/16/2014 - 23:03:06 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\ZHPFixReport.txt [681] =>.Nicolas Coolman
O61 - LFC: 2/17/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\bookmarkbackups\bookmarks-2014-02-17_69.json [32779]
O61 - LFC: 2/17/2014 - 23:03:02 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\blackberry\PHOTOS\DEVELOPPEMENTS LIMITES USUELLES.docx [17517]
O61 - LFC: 2/17/2014 - 23:03:02 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\blackberry\PHOTOS\Formulaire de Mathématiques.docx [0]
O61 - LFC: 2/17/2014 - 23:03:02 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\blackberry\documents\LES EXERCICES.docx [0]
O61 - LFC: 2/17/2014 - 23:03:02 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\blackberry\documents\SEMESTRE I 2013.docx [14531]
O61 - LFC: 2/17/2014 - 23:03:02 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\blackberry\videos\VID-20140217-WA000.mp4 [856217]
O61 - LFC: 2/17/2014 - 23:03:02 ---A- . (.med.) -- C:\Documents and Settings\Administrateur\Bureau\blackberry\documents\La correction d_examen de microéconomie 2013-2014+.doc [32768]
O61 - LFC: 2/17/2014 - 23:03:03 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\TELECHARGEMENT\blackberry\videos\BBThumbs.dat [5353]
O61 - LFC: 2/17/2014 - 23:03:33 ---A- . (...) -- C:\Documents and Settings\Administrateur\majdolin.txt [44]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\addons.json [8973]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\blocklist.xml [112813]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\bookmarkbackups\bookmarks-2014-02-18_69.json [32779]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\cert8.db [65536]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\cookies.sqlite [524288]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\extensions.json [9227]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\formhistory.sqlite [196608]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\healthreport.sqlite [1146880]
O61 - LFC: 2/18/2014 - 23:02:57 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\healthreport\state.json [123]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\key3.db [16384]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\localstore.rdf [5675]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\parent.lock [0]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\permissions.sqlite [65536]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\places.sqlite [10485760]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\prefs.js [24917]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\sessionstore.bak [171]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\sessionstore.js [171]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\storage\persistent\chrome\idb\2807824870fb7d2l5a0ncrbe4t-n4ie.sqlite [524288]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\urlclassifierkey3.txt [154]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\user.js [57]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\webapps\webapps.json [2]
O61 - LFC: 2/18/2014 - 23:02:58 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\webappsstore.sqlite [294912]
O61 - LFC: 2/18/2014 - 23:02:59 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\newnext.me\nengine.cookie [3072] =>PUP.NextLive
O61 - LFC: 2/18/2014 - 23:03:00 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\SwvUpdater\status.cfg [55] =>PUP.Software.Updater
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\SwvUpdater\Updater.exe [288808] =>PUP.Software.Updater
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\SwvUpdater\Updater.xml [2670] =>PUP.Software.Updater
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\Log.txt [82906] =>.Nicolas Coolman
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\TestsZHPDiag.txt [3494] =>.Nicolas Coolman
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\ZHPFix[R4].txt [1395] =>.Nicolas Coolman
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\ZHPFix[R5].txt [1014] =>.Nicolas Coolman
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Application Data\ZHP\ZHPFix[R6].txt [1390] =>.Nicolas Coolman
O61 - LFC: 2/18/2014 - 23:03:01 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner.exe [1241834]
O61 - LFC: 2/18/2014 - 23:03:02 ----- . (...) -- C:\Documents and Settings\Administrateur\Bureau\blackberry\PHOTOS\Thumbs.db [109568]
O61 - LFC: 2/18/2014 - 23:03:02 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\key [71]
O61 - LFC: 2/18/2014 - 23:03:05 ----- . (...) -- C:\Documents and Settings\Administrateur\Bureau\Thumbs.db [29696]
O61 - LFC: 2/18/2014 - 23:03:05 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\USB Virus Scan 2.44 full Version Crack serial key free download__5585_il152145.exe [331264]
O61 - LFC: 2/18/2014 - 23:03:05 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\UsbFix [Scan 1] EDITION_ULTRA.txt [10710]
O61 - LFC: 2/18/2014 - 23:03:05 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\UsbFix.lnk [1364]
O61 - LFC: 2/18/2014 - 23:03:06 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\USBScan.zip [3903181]
O61 - LFC: 2/18/2014 - 23:03:06 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 2/18/2014 - 23:03:06 ---A- . (...) -- C:\Documents and Settings\Administrateur\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 2/18/2014 - 23:03:07 -SHA- . (...) -- C:\Documents and Settings\Administrateur\IECompatCache\index.dat [16384]
O61 - LFC: 2/18/2014 - 23:03:07 -SHA- . (...) -- C:\Documents and Settings\Administrateur\IETldCache\index.dat [262144]
O61 - LFC: 2/18/2014 - 23:03:24 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History [131072]
O61 - LFC: 2/18/2014 - 23:03:26 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\goog-malware-shavar.cache [140]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\_CACHE_CLEAN_ [1]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\goog-malware-shavar.pset [493776]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\goog-malware-shavar.sbstore [377720]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\goog-phish-shavar.cache [140]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\goog-phish-shavar.pset [972934]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\goog-phish-shavar.sbstore [750530]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\test-malware-simple.cache [44]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\test-malware-simple.pset [16]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\test-malware-simple.sbstore [232]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\test-phish-simple.cache [44]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\test-phish-simple.pset [16]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\safebrowsing\test-phish-simple.sbstore [232]
O61 - LFC: 2/18/2014 - 23:03:27 ---A- . (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\wghhdb5b.default-1388371415421\startupCache\startupCache.4.little [198842]
O61 - LFC: 2/18/2014 - 23:03:33 ---A- . (...) -- C:\Documents and Settings\Administrateur\Recent\Autorun.inf.lnk [267]
O61 - LFC: 2/18/2014 - 23:03:33 ---A- . (...) -- C:\Documents and Settings\Administrateur\Recent\ReadMe.txt.lnk [378]
O61 - LFC: 2/18/2014 - 23:03:33 ---A- . (...) -- C:\Documents and Settings\Administrateur\Recent\UsbFix [Scan 1] EDITION_ULTRA.txt.lnk [534]
O61 - LFC: 2/18/2014 - 23:03:33 ---A- . (...) -- C:\Documents and Settings\Administrateur\Recent\micro.lnk [486]
~ 43 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 515 Legitimates Filtered in 00mn 39s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 1/1/1601 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp (mchInjDrv) .(...) - LEGACY_MCHINJDRV
~ Legacy: 148 Legitimates Filtered in 00mn 03s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Administrateur - wghhdb5b.default-1388371415421] user_pref("extensions.crossrider.bic", "1440410402642d714bae28917c715d71"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {12320B5A-8A60-4D8F-920F-A956C61BFB0B} - (Search Here) - http://www.mysearchresults.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {4FC1B895-E129-4345-B101-CF4EF5EF80C8} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
D:\jamal\PES.6\keygen.exe
~ Files: Scanned in 00mn 35s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0840EB50F38B3A9BBA2D24780AEB07A6] [SPRF][2/18/2014] (...) -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner.exe [1241834]
[MD5.444D1016CF8768D83B05DCFB9974D001] [SPRF][2/14/2014] (...) -- C:\Documents and Settings\Administrateur\Bureau\RogueKiller.exe [3813376]
[MD5.11D6C55CB9BF28EB573BE86010A3967D] [SPRF][2/18/2014] (.Pas de propriétaire - Installer.) -- C:\Documents and Settings\Administrateur\Bureau\USB Virus Scan 2.44 full Version Crack serial key free download__5585_il152145.exe [331264]
~ Files: 4 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2/4/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 9/9/2013 585728 | (BlackBerry Device Manager) . (.Research In Motion Limited.) - C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe
SS - | Demand 4/13/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 1/7/2004 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 1/7/2004 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 9/6/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 2/15/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 2/13/2014 70828 | (ProtectMonitor) . (...) - C:\Program Files\PCData\StartHelp.exe
SS - | Auto 10/23/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 7/10/1658 0 | (Update BuzzSearch) . (...) - C:\Program Files\BuzzSearch\updateBuzzSearch.exe =>PUP.BuzzSearch
SS - | Auto 2/14/2014 80672 | (Update Surftastic) . (...) - C:\Program Files\Surftastic\updateSurftastic.exe =>Adware.Surftastic

SR - | Auto 1/7/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/30/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 1/20/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 10/25/2013 2077008 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Disabled 7/10/1658 0 | (mchInjDrv) . (...) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp
SR - | Demand 6/11/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

~ Services: Scanned in 00mn 13s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrateur at 2/18/2014 23:04:38

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
1 nt!IofCallDriver[0x804E1311] >> \Device\Harddisk0\DR0[0x82360030]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 2/18/2014 23:04:40

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (2/17/2014)
Clés trouvées (Keys found) : 28
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 6

[HKLM\Software\Google\Chrome\Extensions\jopdpbolklklaiookikgmdinfbooiipj] =>PUP.WebSiteRecommendation^
[HKLM\Software\Google\Chrome\Extensions\koaigfekcaicjopbdljgmcmcmbmeadop] =>PUP.SoftwareEngine^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6673938-A52B-4DC6-AF05-783E7E2C8B65}] =>Adware.Surftastic^
[HKLM\SYSTEM\CurrentControlSet\Services\Update BuzzSearch] =>PUP.BuzzSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Surftastic] =>Adware.Surftastic^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickMovieDownloader V6] =>PUP.SoftwareEngine^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Surftastic] =>Adware.Surftastic^
[HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}] =>Adware.AdRotator
[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{9EDC0C90-2
1
Réponse 3 / 5
¡El Desaparecido! Messages postés 1521 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
19 févr. 2014 à 09:24
Hello,

Pour supprimer cette infection, utilisez UsbFix ;)

-> https://www.usbfix.net/
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
19 févr. 2014 à 21:27
Salut :)
Tu prends la peine de répondre à ça toi ?
Pas un mot, juste un rapport, et même pas en rapport avec ce qui était demandé, à l'époque, au helpé.
Moi ce genre de réponse je zappe :)
0
Réponse 4 / 5
¡El Desaparecido! Messages postés 1521 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
20 févr. 2014 à 08:59
Salut juju ,

Ca va le taff ?

Tu prends la peine de répondre à ça toi ?

Bah oui car je donne la solution à la première question qui est :


chaque fois que j'ouvre ma clé USB VBScript apparait et je n'arrive pas à le supprimer. Comment farais je le supprimer?

Et comme le lien donné dans ton canned en réponse n'est plus bon, ça me permet de mieux gérer les redirection vers usbfix ...
Je suis tombé sur ce sujet via mes stat's qui me signalaient des 404 depuis ce sujet par rapport au lien :

http://eldesaparecido.com/tools/UsbFix.exe

Lien que je redirige maintenant :)

Bonne journée mon fiston de moi : ) <3
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 févr. 2014 à 17:12
Salut papounet :))

Et comme le lien donné dans ton canned en réponse n'est plus bon

Erfff oui, dans ces conditions, je n'y pensais plus ...

Bah, le taf ça va, mais en alternance on est en formation, avec des examens qui sont éliminatoires, donc bon, faut savoir bien gérer son temps :)

Bonne soirée ! <3
0

Discussions similaires

Comment supprimer une conversation Messenger pour les 2 personnes ?
mercidemaider -
sd -

7 réponses