Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par stef78
#154110
Bonjour
Depuis quelques temps mon Pc affiche toujours une ressource processeur d'environ 13%
Dans mon gestionnaire de le tache c'est le taskhost qui tourne en tache de fond.

Voici les rapports avec la procédure demandé:

# AdwCleaner v3.212 - Rapport créé le 13/06/2014 à 08:02:31
# Mis à jour le 05/06/2014 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Stephan - STEPHAN-PC
# Exécuté depuis : C:\Users\Stephan\Desktop\adwcleaner_3.212.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\WPM
Dossier Supprimé : C:\Program Files (x86)\SupTab
Dossier Supprimé : C:\Users\Stephan\AppData\Roaming\qone8
Dossier Supprimé : C:\Users\Stephan\AppData\Roaming\SupTab

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Valeur Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Clé Supprimée : HKLM\Software\SupTab
Clé Supprimée : HKLM\Software\supWPM
Clé Supprimée : HKLM\Software\Wpm
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17126

Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v35.0.1916.114

[ Fichier : C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [2269 octets] - [13/06/2014 07:53:49]
AdwCleaner[S0].txt - [1959 octets] - [13/06/2014 08:02:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2019 octets] ##########






Malwarebytes Anti-Malware


Date de l'examen: 13/06/2014
Heure de l'examen: 08:08:08
Fichier journal: Malware.txt
Administrateur: Oui

Version: 2.00.2.1012
Base de données Malveillants: v2014.06.13.02
Base de données Rootkits: v2014.06.02.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Self-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Stephan

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 285816
Temps écoulé: 3 min, 32 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Clés du Registre: 0


Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.6.12.90 - Nicolas Coolman (12/06/2014)
~ Lancé par Stephan (13/06/2014 08:21:49)
~ Adresse du Site Web https://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17126
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.13

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 14 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 16367 MB (82% free)
System Restore: Désactivé (Disabled)
System drive C: has 35 GB (30%) free of 112 GB

---\\ Mode de connexion au système
~ Computer Name: STEPHAN-PC
~ User Name: Stephan
~ All Users Names: Stephan, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Stephan\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Stephan\AppData\Roaming\
~ %Desktop% : C:\Users\Stephan\Desktop\
~ %Favorites% : C:\Users\Stephan\Favorites\
~ %LocalAppData% : C:\Users\Stephan\AppData\Local\
~ %StartMenu% : C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 35 Go of 112 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2791 Go of 3726 Go)
E: Hard drive, Flash drive, Thumb drive (Free 673 Go of 932 Go)
F: Hard drive, Flash drive, Thumb drive (Free 417 Go of 932 Go)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
M: Floppy drive, Flash card reader, USB Key (Not Inserted)
N: CD-ROM drive (Free 0 Go of 2 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 377 Go of 932 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/05/2014 - 08:56:56.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/94
~ Mes Documents (My Documents) : 2/5740
~ Mon Bureau (My Desktop) : 1/593
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2632]
[MD5.EE73B56ED71EB6383F25FA5468923BB2] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144] [PID.3084]
[MD5.AEDC5488205B84A3E2A44D3B5B76E534] - (.Pas de propriétaire - GUI MFC Application.) -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe [219656] [PID.4356]
[MD5.E289F991D355BEE11B6AA2C07A3D758A] - (.Gainward Co. - EXPERTool : Display Control Panel.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe [2259568] [PID.1604]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.1196]
[MD5.C69BA1CF0DADD458E4ABA3F737285991] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784] [PID.5016]
[MD5.F96C73D7D525174B80CFD865A5D7E083] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4956]
[MD5.D2AEADFD998706B4216315B2BD3FA79E] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.5204]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.5508]
[MD5.34BD660FDA6A4EF23DC393B4C352C047] - (.Contour Design, Inc. - Shuttle Device Helper Application.) -- C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [118784] [PID.5520]
[MD5.60F88F6CA6303E8273AF7AAA9AAFECAC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [812248] [PID.6932]
[MD5.E8B7FD67DA14A7BE57A5CB80E3139E60] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [309704] [PID.3820]
[MD5.52A15203DD8B6EB9F6C7D675D6D773A5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8067072] [PID.3596]
[MD5.718D79F2E7EC3AFFD3661DA81F93BBEA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413128] [PID.396]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1452]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1732]
[MD5.FDC0C5ADDE1CDE6EDB0BEF78F0699AF3] - (...) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136] [PID.1100]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2160]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2268]
[MD5.D2FE0376285A783693469422678E878B] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632] [PID.2308]
[MD5.A61E919F62EE4FF74195422D208ABC15] - (.Contour Design, Inc. - Shuttle Device Service.) -- C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe [86016] [PID.2456]
[MD5.101556F6216E97F1258D87C38203695F] - (.Gigabyte Technology CO., LTD. - Smart TimeLock Service.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688] [PID.2600]
[MD5.43E54574C955BBF44AF883EB0F8C9D06] - (.Gigabyte Technology CO., LTD. - Time Management Application.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe [1011712] [PID.5532]
[MD5.E79A8E33BD136D14BAE1FA20EB2EF124] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.5372]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 17s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 29



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Smart Recovery 2 - [HKLM]{1d09c093-f71e-43c3-b948-19316cbd695e} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar: &RoboForm Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Stephan]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Stephan\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelliType Pro] . (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\RunOnce: [RPMKickstart] . (.Gigabyte Technology CO., LTD. - Smart Recovery Kickstart Application.) -- C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKCU\..\Run: [GAINWARD] . (.Gainward Co. - EXPERTool : Display Control Panel.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Wow6432Node\Run: [Quick-Drop] . (.Corel Corporation - Corel DVD MovieFactory.) -- C:\Program Files (x86)\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\Quick-Drop.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [FLxHCIm64] . (.Windows (R) Win 7 DDK provider - Fresco Logic.) -- C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Contour Shuttle Device Helper] . (.Contour Design, Inc. - Shuttle Device Helper Application.) -- C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [EasyTuneVI] . (.Pas de propriétaire - ETcall MFC Application.) -- C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [GAINWARD] . (.Gainward Co. - EXPERTool : Display Control Panel.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.exe =>.Epson Seiko Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Remplir les formulaires [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Enregistrer les formulaires [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Barre RoboForm [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{44DDE45B-5432-43EE-9448-D7C61924E545}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{44DDE45B-5432-43EE-9448-D7C61924E545}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{44DDE45B-5432-43EE-9448-D7C61924E545}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 337.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) . (.Contour Design, Inc. - Shuttle Device Service.) - C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
~ Services: 16 Legitimates Filtered in 00mn 05s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [Red Giant Link] (...) -- C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{45C0B780-4B0E-430B-A76B-AF082090FEF9}] (...) -- C:\Users\Stephan\Desktop\Contour Shuttle 2.10b\cdi_shuttle_win_2.10.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{547FECE8-5565-409A-9078-7BC6ABF9FC98}] (...) -- D:\TMP\wz4b63\Contour Shuttle Installer v2.81\cdi_shuttle_win_2.81.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (VirtDiskBus) . (.Giga-Byte Technology CO., LTD. - 3TB+ Unlock Bus Enumerator.) - C:\Windows\System32\DRIVERS\VirtDiskBus64.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Contour Shuttle - (.Contour Design, Inc..) [HKLM][64Bits] -- {51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}
O42 - Logiciel: Officekeygen - (.Officekeygen.) [HKCU][64Bits] -- 1f2b5061f789d083
O42 - Logiciel: Transition Pack 1 - (.FilmImpact.net.) [HKLM][64Bits] -- Transition Pack 1
~ Logic: 27 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\Contour Design]
[HKLM\Software\Wow6432Node\Flexbyte]
~ Key Software: 302 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/06/2014 - 07:51:53 - [] ----D C:\Program Files (x86)\Contour Shuttle
O43 - CFD: 09/05/2014 - 22:32:25 - [] ----D C:\Program Files (x86)\WebSite X5 v10 - Evolution
O43 - CFD: 22/02/2013 - 21:24:32 - [] ----D C:\Program Files (x86)\WebSite X5 v8 - Evolution
O43 - CFD: 09/05/2014 - 22:27:00 - [] ----D C:\Program Files (x86)\WebSite X5 v9 - Evolution
O43 - CFD: 12/06/2014 - 07:51:39 - [] ----D C:\Program Files (x86)\Common Files\Contour Design
O43 - CFD: 10/05/2014 - 10:12:25 - [] ----D C:\ProgramData\Contour Design
O43 - CFD: 10/05/2014 - 13:34:27 - [] ----D C:\ProgramData\goodasnew
O43 - CFD: 28/05/2014 - 17:57:48 - [] ----D C:\ProgramData\rgt
O43 - CFD: 10/06/2014 - 19:01:47 - [] ----D C:\Users\Stephan\AppData\Roaming\Internet Traffic Agent
O43 - CFD: 23/02/2013 - 12:26:48 - [0] --HAD C:\Users\Stephan\AppData\Local\Ozq2bkVjUnrUQYP
O43 - CFD: 23/02/2013 - 10:28:49 - [] ----D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Officekeygen
~ Program Folder: 205 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.85C44E34A9554BFC938E64E27CB0AF05] - 13/06/2014 - 06:06:18 ---A- . (...) -- C:\Windows\ESCAN.LOG [2474]
O44 - LFC:[MD5.8F373ECA20673C3F93CE6E77439C97EA] - 13/06/2014 - 06:06:18 ---A- . (...) -- C:\Windows\win.ini [810]
O44 - LFC:[MD5.08FE89ADBF2E0E350E08A63805EED9EC] - 13/06/2014 - 06:06:43 ---A- . (...) -- C:\Windows\general.log [684]
O44 - LFC:[MD5.43D4EAB1E2500C5DC2D2843BC435F060] - 13/06/2014 - 06:06:45 ---A- . (...) -- C:\Windows\Lic.xxx [56]
O44 - LFC:[MD5.8F50831285F21FE72168B3DBC9D0BD8C] - 13/06/2014 - 06:06:53 ---A- . (...) -- C:\Windows\UPDLL.LOG [1082]
O44 - LFC:[MD5.8126331FBD4ED29EB3B356F9C905064D] - 13/06/2014 - 07:05:12 ---A- . (...) -- C:\Windows\GVTDrv64.sys [30528]
~ Files: 63 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{1658e747-d821-11e3-86dc-1c6f65f982ca}\AutoRun\command. (.Microsoft Corporation - Microsoft Setup Bootstrapper.) -- N:\SETUP.exe
O51 - MPSK:{a993a529-7d2a-11e2-a1a1-1c6f65f982ca}\AutoRun\command. (...) -- O:\SETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:10/01/2011 - 18:16:08 ---A- . (...) -- C:\Windows\System32\Drivers\AppleCharger.sys [21104]
O58 - SDL:09/05/2014 - 22:19:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:09/05/2014 - 22:19:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:09/05/2014 - 22:19:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:31/08/2007 - 14:15:34 ---A- . (.eMPIA Technology, Inc. - USB EMP Audio Device.) -- C:\Windows\System32\Drivers\emAudio64.sys [79872]
O58 - SDL:21/06/2007 - 17:51:46 ---A- . (.eMPIA Technology, Inc. - USB 28xx WDM Driver.) -- C:\Windows\System32\Drivers\emDevice64.sys [215808]
O58 - SDL:21/06/2007 - 17:51:32 ---A- . (.eMPIA Technology, Inc. - USB 28xx WDM Lower filter.) -- C:\Windows\System32\Drivers\emFilter64.sys [6400]
O58 - SDL:21/06/2007 - 17:51:30 ---A- . (.eMPIA Technology, Inc. - USB 28xx WDM Upper Filter.) -- C:\Windows\System32\Drivers\emScan64.sys [6144]
O58 - SDL:07/03/2011 - 10:22:00 ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\System32\Drivers\EtronHub3.sys [40832]
O58 - SDL:07/03/2011 - 10:22:00 ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\System32\Drivers\EtronXHCI.sys [65280]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:08/02/2011 - 16:02:44 ---A- . (.Giga-Byte Technology CO., LTD. - 3TB+ Unlock Bus Enumerator.) -- C:\Windows\System32\Drivers\VirtDiskBus64.sys [66160]
O58 - SDL:16/03/2007 - 10:11:20 ---A- . (.Windows (R) Server 2003 DDK provider - Display Control Program.) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys [15648]
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 06/06/2014 - 08:22:25 ---A- . (...) -- C:\Users\Stephan\Downloads\CDCheckSetup.exe [1554889]
O61 - LFC: 10/06/2014 - 08:22:23 ---A- . (...) -- C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [128]
O61 - LFC: 12/06/2014 - 08:22:23 ---A- . (...) -- C:\Users\Stephan\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [333410]
O61 - LFC: 12/06/2014 - 08:22:25 ---A- . (...) -- C:\Users\Stephan\Desktop\mwav.exe [216155864]
O61 - LFC: 13/06/2014 - 08:22:25 ---A- . (...) -- C:\Users\Stephan\Desktop\adwcleaner_3.212.exe [1333465]
~ 613 Fichiers temporaires (Temporary files)
~ 635 Fichiers cookies (Cookies files)
~ Files: 28 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 91 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {60C984D2-B795-4F9B-AC0C-AC4DAE7011E3} [DefaultScope] - (Google) - https://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\Stephan\AppData\Local\Apps\2.0\0AWCHJYM.4JB\Z1VVM592.1KA\offi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664\Officekeygen.exe.cdf-ms =>.Crack,Keygen
C:\Users\Stephan\AppData\Local\Apps\2.0\0AWCHJYM.4JB\Z1VVM592.1KA\offi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664\Officekeygen.exe.manifest =>.Crack,Keygen
C:\Users\Stephan\AppData\Local\Apps\2.0\0AWCHJYM.4JB\Z1VVM592.1KA\offi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664\Officekeygen.exe.mwt =>.Crack,Keygen
C:\Users\Stephan\AppData\Local\Apps\2.0\0AWCHJYM.4JB\Z1VVM592.1KA\offi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664\Officekeygen.exe.cdf-ms =>.Crack,Keygen
C:\Users\Stephan\AppData\Local\Apps\2.0\0AWCHJYM.4JB\Z1VVM592.1KA\offi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664\Officekeygen.exe.manifest =>.Crack,Keygen
C:\Users\Stephan\AppData\Local\Apps\2.0\0AWCHJYM.4JB\Z1VVM592.1KA\offi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664\Officekeygen.exe.mwt =>.Crack,Keygen
~ Files: Scanned in 02mn 06s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.42F24559E8C472F6FF745BB7C5465FB2] [SPRF][13/06/2014] (...) -- C:\Users\Stephan\Desktop\adwcleaner_3.212.exe [1333465]
[MD5.AFFADE9AA0C802BEB835306CA412FF77] [SPRF][11/05/2014] (.AG - CUDA Information Utility.) -- C:\Users\Stephan\Desktop\CUDA-Z-0.8.207.exe [2216448]
[MD5.73A2A79581E430B890486C16065E837F] [SPRF][24/07/2012] (.SteelBytes - Pas de description.) -- C:\Users\Stephan\Desktop\HD_Speed.exe [91290]
[MD5.BEADA164989A4165B2438086E9ADE6EE] [SPRF][12/06/2014] (...) -- C:\Users\Stephan\Desktop\mwav.exe [216155864]
~ Files: 10 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{5335C14F-44F1-4632-8787-6ED492FABA1A}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Stephan\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{AE1E1819-1B4C-4901-8D5C-AA730DDF5D69}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Stephan\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "A747D90C74DB9A2419E5EC6B1BBBC711" . (.Software Updater.) -- C:\Windows\Installer\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}\icon.ico =>PUP.Eorezo
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 113 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 06/04/2010 31272 | (AppleChargerSrv) . (...) - C:\Windows\System32\AppleChargerSrv.exe
SS - | Auto 23/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/02/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 17/06/2009 68136 | (DES2 Service) . (...) - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
SR - | Auto 11/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SR - | Auto 21/02/2012 151648 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe
SR - | Auto 30/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 05/02/2014 1593632 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 05/02/2014 16941856 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 20/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/02/2011 86016 | (ShuttleEngine) . (.Contour Design, Inc..) - C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
SR - | Auto 13/10/2009 114688 | (Smart TimeLock) . (.Gigabyte Technology CO., LTD..) - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
SR - | Auto 20/05/2014 413128 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Stephan at 13/06/2014 08:24:41
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by Stephan at 13/06/2014 08:24:43
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (12/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3

C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
~ Additionnel Scan: 314702 Items scanned in 00mn 14s



---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ AMI: 1 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
~ MSI: 1 link(s) detected in 00mn 00s



~ 911 Legitimates filtered by white list
End of the scan (583 lines in 03mn 09s)(6)



Merci pour votre aide
De plus sur le pC je perd mainavec le curseur de la souris qui passe d'une fenetre à une autre.
(No malicious items detected)

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 0
(No malicious items detected)

Dossiers: 0
(No malicious items detected)

Fichiers: 0
(No malicious items detected)

Secteurs physiques: 0
(No malicious items detected)


(end)
#154111
Bonjour , stef78

en effet plus grand chose , peux-tu passer USBFix s'il te plait
:merci2:

USBFix

Télécharge :UsbFix par El Desaparecido sur ton Bureau.

A / Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement. Tous les Antivirus

B / Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
C / Double clique sur UsbFix.exe.
D / Valide en cliquant sur Appliquer.
E / UsbFix se relancera pour prendre en compte tes réglages.
F / Clique sur Nettoyage.

Image

H / Laisse travailler l'outil, ton bureau ne sera pas accessible durant la phase de nettoyage.
I / à€ la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum.

1 / Le rapport est aussi sauvegardé à la racine du disque système.
( C:\UsbFix\Log\UsbFix [Clean 1] Nom de l'ordinateur.txt ).

( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )

2 / ->> en images sur le site de l'auteur.

:D
#154113
Merci pour ton aide

Voici le rapport
############################## | UsbFix V 7.171 | [Recherche]

Utilisateur: Stephan (Administrateur) # STEPHAN-PC
Mis à jour le 09/06/2014 par El Desaparecido - SosVirus
Lancé à 09:04:34 | 13/06/2014

Site Web :
Changelog :
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact :

PC: Gigabyte Technology Co., Ltd. (Z68XP-UD3P)
CPU: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
RAM -> [Total : 16367 Mo| Free : 13362 Mo]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Intégrale (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17126
WB: Google Chrome : 35.0.1916.114

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%SystemDrive%) -> Disque fixe # 112 Go (35 Go libre(s) - 31%) [] # NTFS
D:\ -> Disque fixe # 3726 Go (2791 Go libre(s) - 75%) [Stockage] # NTFS
E:\ -> Disque fixe # 932 Go (673 Go libre(s) - 72%) [Dossier temporaires adobe] # NTFS
F:\ -> Disque fixe # 932 Go (417 Go libre(s) - 45%) [export transfert vidéo 83] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
N:\ -> CD-ROM
P:\ -> Disque amovible # 7 Go (4 Go libre(s) - 52%) [] # NTFS
Q:\ -> Disque fixe # 932 Go (377 Go libre(s) - 40%) [Perso] # NTFS

################## | Processus Actif |

C:\Windows\System32\smss.exe (ID: 476|ParentID: 4|Système)
C:\Windows\System32\wininit.exe (ID: 776|ParentID: 688)
C:\Windows\System32\winlogon.exe (ID: 840|ParentID: 768)
C:\Windows\System32\services.exe (ID: 868|ParentID: 776)
C:\Windows\System32\lsass.exe (ID: 892|ParentID: 776)
C:\Windows\System32\lsm.exe (ID: 900|ParentID: 776)
C:\Windows\System32\svchost.exe (ID: 1000|ParentID: 868)
C:\Windows\System32\nvvsvc.exe (ID: 372|ParentID: 868)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 404|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 544|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 988|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 1048|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 1084|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 1116|ParentID: 868)
C:\Windows\System32\audiodg.exe (ID: 1200|ParentID: 988)
C:\Windows\System32\svchost.exe (ID: 1240|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 1392|ParentID: 868)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1460|ParentID: 868)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1504|ParentID: 372)
C:\Windows\System32\nvvsvc.exe (ID: 1512|ParentID: 372)
C:\Windows\System32\dwm.exe (ID: 1776|ParentID: 1048|Stephan)
C:\Windows\explorer.exe (ID: 1812|ParentID: 1756|Stephan)
C:\Windows\System32\taskeng.exe (ID: 1876|ParentID: 1116)
C:\Windows\System32\spoolsv.exe (ID: 1912|ParentID: 868)
C:\Windows\System32\taskhost.exe (ID: 1928|ParentID: 868|Stephan)
C:\Windows\System32\svchost.exe (ID: 1984|ParentID: 868)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1572|ParentID: 868)
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (ID: 1992|ParentID: 868)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (ID: 2060|ParentID: 868)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 2144|ParentID: 868)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (ID: 2340|ParentID: 868)
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (ID: 2416|ParentID: 868)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 2496|ParentID: 868)
C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe (ID: 2572|ParentID: 868)
C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (ID: 2604|ParentID: 868)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ID: 2632|ParentID: 2340|Stephan)
C:\Windows\System32\svchost.exe (ID: 2640|ParentID: 868)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2672|ParentID: 868)
C:\Windows\System32\escsvc64.exe (ID: 2796|ParentID: 868)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 2896|ParentID: 2672)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 3052|ParentID: 2496)
C:\Windows\System32\conhost.exe (ID: 3060|ParentID: 784)
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ID: 3096|ParentID: 2660|Stephan)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 3356|ParentID: 868)
C:\Windows\System32\rundll32.exe (ID: 3968|ParentID: 1000|Stephan)
C:\Windows\System32\svchost.exe (ID: 1292|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 3972|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 3940|ParentID: 868)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 4648|ParentID: 1504|Stephan)
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe (ID: 4312|ParentID: 4812|Stephan)
C:\Windows\System32\svchost.exe (ID: 5016|ParentID: 868)
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe (ID: 1160|ParentID: 5112|Stephan)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1072|ParentID: 1812|Stephan)
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (ID: 4536|ParentID: 1812|Stephan)
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (ID: 4892|ParentID: 1812|Stephan)
C:\Program Files (x86)\EXPERTool\TBPANEL.exe (ID: 4100|ParentID: 1812|Stephan)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4584|ParentID: 1812|Stephan)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ID: 4184|ParentID: 1812|Stephan)
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (ID: 3780|ParentID: 1812|Stephan)
C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE (ID: 4156|ParentID: 1812|Stephan)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 1192|ParentID: 4692|Stephan)
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (ID: 5188|ParentID: 4692|Stephan)
C:\Program Files\AVAST Software\Avast\avastui.exe (ID: 5572|ParentID: 4692|Stephan)
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (ID: 5916|ParentID: 4692|Stephan)
C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe (ID: 5616|ParentID: 4692|Stephan)
C:\Windows\System32\SearchIndexer.exe (ID: 5464|ParentID: 868)
C:\Windows\System32\wbem\unsecapp.exe (ID: 5564|ParentID: 1000|Stephan)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5560|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 1328|ParentID: 868)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5864|ParentID: 1812|Stephan)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 1608|ParentID: 5864|Stephan)
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (ID: 5844|ParentID: 5864|Stephan)
C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe (ID: 6920|ParentID: 1000|Stephan)
C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (ID: 6304|ParentID: 2604)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 7140|ParentID: 5864|Stephan)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 5328|ParentID: 5864|Stephan)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 7908|ParentID: 868)
C:\Windows\System32\svchost.exe (ID: 1720|ParentID: 868)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 2112|ParentID: 5864|Stephan)
C:\Windows\System32\taskmgr.exe (ID: 3504|ParentID: 840|Stephan)
C:\Windows\System32\SearchProtocolHost.exe (ID: 3472|ParentID: 5464|Stephan)
C:\Windows\System32\SearchFilterHost.exe (ID: 7992|ParentID: 5464|Système)
C:\UsbFix\UsbFix.exe (ID: 4924|ParentID: 1812|Stephan)
C:\Windows\System32\wermgr.exe (ID: 7824|ParentID: 3972|Stephan)

################## | Autorun |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
04 - HKCU\..\Run : [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKCU\..\Run : [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series"
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\..\Run : [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\Run : [Quick-Drop] "C:\Program Files (x86)\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\Quick-Drop.exe" WINDOWCALL
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
04 - HKLM\..\RunOnce : [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run : [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
04 - [x64] HKLM\..\Run : [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
04 - [x64] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - [x64] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - [x64] HKLM\..\Run : [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
04 - [x64] HKLM\..\RunOnce : [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Recherche générique |

Présent! C:\Windows\rundl132.exe

################## | Registre |


################## | E.O.F | https://www.sosvirus.net/ | |
#154118
Non effectivement je n'avais pas fais cette étape.
Ci joint le nouveau rapport :


############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: Stephan (Administrateur) # STEPHAN-PC
Mis à jour le 09/06/2014 par El Desaparecido - SosVirus
Lancé à 10:59:44 | 13/06/2014

Site Web :
Changelog :
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact :

PC: Gigabyte Technology Co., Ltd. (Z68XP-UD3P)
CPU: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
RAM -> [Total : 16367 Mo| Free : 11562 Mo]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Intégrale (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17126
WB: Google Chrome : 35.0.1916.114

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%SystemDrive%) -> Disque fixe # 112 Go (36 Go libre(s) - 32%) [] # NTFS
D:\ -> Disque fixe # 3726 Go (2791 Go libre(s) - 75%) [Stockage] # NTFS
E:\ -> Disque fixe # 932 Go (673 Go libre(s) - 72%) [Dossier temporaires adobe] # NTFS
F:\ -> Disque fixe # 932 Go (417 Go libre(s) - 45%) [export transfert vidéo 83] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
N:\ -> CD-ROM
Q:\ -> Disque fixe # 932 Go (377 Go libre(s) - 40%) [Perso] # NTFS

################## | Processus Stoppés |

C:\Windows\System32\nvvsvc.exe (ID: 372|ParentID: 868)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 404|ParentID: 868)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1504|ParentID: 372|Système)
C:\Windows\System32\nvvsvc.exe (ID: 1512|ParentID: 372|Système)
C:\Windows\explorer.exe (ID: 1812|ParentID: 1756|Stephan)
C:\Windows\System32\spoolsv.exe (ID: 1912|ParentID: 868|Système)
C:\Windows\System32\taskhost.exe (ID: 1928|ParentID: 868|Stephan)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1572|ParentID: 868|Système)
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (ID: 1992|ParentID: 868|Système)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (ID: 2060|ParentID: 868|Système)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 2144|ParentID: 868|Système)
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (ID: 2416|ParentID: 868|Système)
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ID: 2496|ParentID: 868|Système)
C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe (ID: 2572|ParentID: 868|Système)
C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (ID: 2604|ParentID: 868|Système)
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ID: 2632|ParentID: 2340|Stephan)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2672|ParentID: 868|Système)
C:\Windows\System32\escsvc64.exe (ID: 2796|ParentID: 868|Système)
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (ID: 3096|ParentID: 2660|Stephan)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 3356|ParentID: 868|SERVICE Rà‰SEAU)
C:\Windows\System32\rundll32.exe (ID: 3968|ParentID: 1000|Stephan)
C:\Windows\System32\WUDFHost.exe (ID: 4216|ParentID: 1048|SERVICE LOCAL)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 4648|ParentID: 1504|Stephan)
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe (ID: 4312|ParentID: 4812|Stephan)
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe (ID: 1160|ParentID: 5112|Stephan)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1072|ParentID: 1812|Stephan)
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (ID: 4536|ParentID: 1812|Stephan)
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (ID: 4892|ParentID: 1812|Stephan)
C:\Program Files (x86)\EXPERTool\TBPANEL.exe (ID: 4100|ParentID: 1812|Stephan)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4584|ParentID: 1812|Stephan)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ID: 4184|ParentID: 1812|Stephan)
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (ID: 3780|ParentID: 1812|Stephan)
C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE (ID: 4156|ParentID: 1812|Stephan)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 1192|ParentID: 4692|Stephan)
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (ID: 5188|ParentID: 4692|Stephan)
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (ID: 5916|ParentID: 4692|Stephan)
C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe (ID: 5616|ParentID: 4692|Stephan)
C:\Windows\System32\SearchIndexer.exe (ID: 5464|ParentID: 868|Système)
C:\Windows\System32\wbem\unsecapp.exe (ID: 5564|ParentID: 1000|Stephan)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5560|ParentID: 868|SERVICE Rà‰SEAU)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5864|ParentID: 1812|Stephan)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 1608|ParentID: 5864|Stephan)
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (ID: 5844|ParentID: 5864|Stephan)
C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe (ID: 6920|ParentID: 1000|Stephan)
C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (ID: 6304|ParentID: 2604|Système)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 7140|ParentID: 5864|Stephan)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 5328|ParentID: 5864|Stephan)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 7908|ParentID: 868|Système)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 2112|ParentID: 5864|Stephan)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 3884|ParentID: 1000|Stephan)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 7320|ParentID: 5864|Stephan)
C:\Windows\System32\taskmgr.exe (ID: 7656|ParentID: 3504|Stephan)
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (ID: 8332|ParentID: 1812|Stephan)
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (ID: 4032|ParentID: 1000|Stephan)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 7836|ParentID: 5864|Stephan)
C:\Windows\System32\taskhost.exe (ID: 11080|ParentID: 868|SERVICE LOCAL)
C:\Windows\SysWOW64\notepad.exe (ID: 12776|ParentID: 7344|Stephan)

################## | Autorun |


################## | Recherche générique |

Supprimé! C:\Windows\rundl132.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\Software\.\.\.\.\Mountpoints2\{1658e747-d821-11e3-86dc-1c6f65f982ca}
Supprimé! HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\Software\.\.\.\.\Mountpoints2\{a993a529-7d2a-11e2-a1a1-1c6f65f982ca}

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
04 - HKCU\..\Run : [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKCU\..\Run : [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series"
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\..\Run : [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\Run : [Quick-Drop] "C:\Program Files (x86)\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\Quick-Drop.exe" WINDOWCALL
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
04 - HKLM\..\RunOnce : [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run : [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
04 - [x64] HKLM\..\Run : [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
04 - [x64] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - [x64] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - [x64] HKLM\..\Run : [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
04 - [x64] HKLM\..\RunOnce : [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1038908844-1798142516-3508811120-1000\..\Run : [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |

[22/02/2013 - 21:16:37 | D] - C:\IExp0.tmp
[22/02/2013 - 21:16:37 | D] - C:\IExp1.tmp
[13/06/2014 - 08:57:51 | ASH | 16759880 Ko] - C:\pagefile.sys
[13/06/2014 - 06:58:47 | D] - C:\Config.Msi
[22/02/2013 - 20:46:27 | | 2 Ko] - C:\RHDSetup.log
[22/02/2013 - 20:46:56 | | 0 Ko] - C:\Install.log
[22/02/2013 - 21:18:36 | | 477 Ko] - C:\vcredist_x86.log
[22/02/2013 - 20:33:12 | SHD] - C:\$Recycle.Bin
[13/06/2014 - 08:24:41 | | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[22/02/2013 - 20:14:08 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[22/02/2013 - 23:39:40 | D] - C:\Windows_Loader_v2.1.7_
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[20/11/2010 - 14:40:07 | RASH | 375 Ko] - C:\bootmgr
[22/02/2013 - 23:42:28 | | 309 Ko] - C:\SUAQY
[23/02/2013 - 09:08:37 | SHD] - C:\Boot
[09/05/2014 - 21:46:23 | SHD] - C:\Recovery
[09/05/2014 - 22:30:47 | SHD] - C:\System Volume Information
[10/05/2014 - 00:29:25 | D] - C:\Données Ciel
[10/05/2014 - 20:39:27 | D] - C:\Twixtor5AE
[10/05/2014 - 20:39:28 | D] - C:\Twixtor5AEManual
[11/05/2014 - 15:47:40 | D] - C:\Users
[29/05/2014 - 15:44:25 | D] - C:\Intel
[11/06/2014 - 14:16:53 | RHD] - C:\MSOCache
[12/06/2014 - 22:05:45 | D] - C:\TempBK
[13/06/2014 - 08:02:31 | HD] - C:\ProgramData
[13/06/2014 - 08:02:36 | D] - C:\AdwCleaner
[13/06/2014 - 08:15:50 | D] - C:\Program Files (x86)
[13/06/2014 - 08:59:43 | D] - C:\UsbFix
[13/06/2014 - 09:10:17 | D] - C:\temp
[13/06/2014 - 09:17:54 | D] - C:\Program Files
[13/06/2014 - 11:00:07 | D] - C:\Windows
[13/06/2014 - 11:00:14 | D] - C:\TMP

################## | D:\ - Disque Fixe (NTFS) |

[07/11/2007 - 08:00:40 | N | 10 Ko] - D:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - D:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - D:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - D:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 0 Ko] - D:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - D:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - D:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - D:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - D:\eula.1036.txt
[04/07/2012 - 11:42:08 | D] - D:\msdownld.tmp
[07/02/2014 - 23:27:25 | D] - D:\IExp1.tmp
[04/04/2013 - 16:51:14 | N | 512 Ko] - D:\ntuser.dat{30e17751-9c5f-11e2-93e3-1c6f65f982ca}.TMContainer00000000000000000002.regtrans-ms
[04/04/2013 - 16:51:14 | N | 512 Ko] - D:\ntuser.dat{30e17751-9c5f-11e2-93e3-1c6f65f982ca}.TMContainer00000000000000000001.regtrans-ms
[09/05/2014 - 22:08:15 | N | 512 Ko] - D:\ntuser.dat{d68d94cd-d7b2-11e3-9ac6-1c6f65f982ca}.TMContainer00000000000000000002.regtrans-ms
[09/05/2014 - 22:08:15 | N | 512 Ko] - D:\ntuser.dat{d68d94cd-d7b2-11e3-9ac6-1c6f65f982ca}.TMContainer00000000000000000001.regtrans-ms
[07/11/2007 - 08:12:28 | N | 228 Ko] - D:\VC_RED.MSI
[07/06/2014 - 17:06:25 | N | 326452 Ko] - D:\Theatre Clara.mp4
[09/05/2014 - 22:08:15 | N | 0 Ko] - D:\ntuser.dat.LOG2
[09/05/2014 - 22:08:15 | N | 5 Ko] - D:\ntuser.dat.LOG1
[07/11/2007 - 08:00:40 | N | 1 Ko] - D:\install.ini
[07/11/2007 - 08:00:40 | N | 1 Ko] - D:\globdata.ini
[11/06/2014 - 08:21:07 | N | 0 Ko] - D:\AVScanner.ini
[07/11/2007 - 08:03:18 | N | 550 Ko | - (0/54)] - D:\install.exe
[10/05/2011 - 16:32:24 | N | 1497 Ko | - (0/46)] - D:\cdi_shuttle_win_2.81.exe
[07/11/2007 - 08:03:18 | N | 93 Ko | - (0/53)] - D:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 80 Ko | - (0/53)] - D:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 78 Ko | - (0/53)] - D:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 95 Ko | - (0/53)] - D:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | - (0/53)] - D:\install.res.3082.dll
[07/11/2007 - 08:03:18 | N | 75 Ko | - (0/53)] - D:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 89 Ko | - (0/53)] - D:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 74 Ko | - (0/53)] - D:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | - (0/53)] - D:\install.res.1031.dll
[09/04/2014 - 15:13:00 | N | 478 Ko | - (0/51)] - D:\SecurityScanner.dll
[09/05/2014 - 22:08:15 | N | 256 Ko] - D:\ntuser.dat
[07/11/2007 - 08:09:22 | N | 1409 Ko] - D:\VC_RED.cab
[07/11/2007 - 08:00:40 | N | 6 Ko] - D:\vcredist.bmp
[04/04/2013 - 16:51:14 | N | 64 Ko] - D:\ntuser.dat{30e17751-9c5f-11e2-93e3-1c6f65f982ca}.TM.blf
[09/05/2014 - 22:08:15 | N | 64 Ko] - D:\ntuser.dat{d68d94cd-d7b2-11e3-9ac6-1c6f65f982ca}.TM.blf
[09/05/2014 - 18:31:04 | SHD] - D:\$RECYCLE.BIN
[08/01/2012 - 19:25:36 | D] - D:\Favorites
[29/02/2012 - 09:46:40 | D] - D:\My RoboForm Data
[09/04/2012 - 17:46:35 | SHD] - D:\System Volume Information
[15/09/2012 - 18:03:01 | D] - D:\ProgramData
[29/01/2013 - 10:48:24 | D] - D:\TEMPDIR
[03/12/2013 - 19:35:13 | D] - D:\site ecomvideo 2
[30/01/2014 - 14:35:14 | D] - D:\signature mail
[13/02/2014 - 10:05:04 | D] - D:\a virer
[04/03/2014 - 10:09:18 | D] - D:\Site aquanett
[08/04/2014 - 14:02:38 | D] - D:\site ecome vidéo
[12/04/2014 - 08:12:57 | D] - D:\commande vautrain
[09/05/2014 - 23:01:19 | D] - D:\site transfert video
[05/06/2014 - 15:08:20 | D] - D:\site mariage
[06/06/2014 - 07:45:37 | D] - D:\Mes documents
[08/06/2014 - 08:01:52 | D] - D:\Transfert video 83
[10/06/2014 - 14:15:18 | D] - D:\documents transfert vidéo
[11/06/2014 - 10:47:05 | D] - D:\torrent
[11/06/2014 - 15:57:21 | D] - D:\TEMP
[11/06/2014 - 16:39:58 | D] - D:\site exemple vente immo+
[12/06/2014 - 11:17:44 | D] - D:\TMP

################## | E:\ - Disque Fixe (NTFS) |

[09/05/2014 - 18:31:04 | SHD] - E:\$RECYCLE.BIN
[26/10/2012 - 16:23:55 | SHD] - E:\System Volume Information
[04/05/2014 - 22:25:40 | D] - E:\corel dvd temp
[12/06/2014 - 13:16:44 | D] - E:\adobe temp
[12/06/2014 - 22:55:11 | D] - E:\previsualisation vidéo
[12/06/2014 - 22:55:11 | D] - E:\Previsualisation audio

################## | F:\ - Disque Fixe (NTFS) |

[09/05/2014 - 18:31:05 | SHD] - F:\$RECYCLE.BIN
[26/10/2012 - 16:23:55 | SHD] - F:\System Volume Information
[02/05/2014 - 12:15:37 | D] - F:\Montaz
[04/05/2014 - 14:01:04 | D] - F:\Joray
[06/05/2014 - 23:06:29 | D] - F:\commande Delattre
[14/05/2014 - 20:38:15 | D] - F:\Caudron
[22/05/2014 - 13:37:01 | D] - F:\Garcia
[22/05/2014 - 15:20:21 | D] - F:\ridel
[22/05/2014 - 16:17:25 | D] - F:\Himam
[25/05/2014 - 21:09:34 | D] - F:\Lepage
[27/05/2014 - 08:31:44 | D] - F:\antoine
[01/06/2014 - 13:35:48 | D] - F:\rivier
[04/06/2014 - 17:23:28 | D] - F:\Lancelloti
[05/06/2014 - 10:29:42 | D] - F:\roucher
[05/06/2014 - 11:29:01 | D] - F:\Proutière
[06/06/2014 - 12:28:54 | D] - F:\ruotolo
[10/06/2014 - 14:56:42 | D] - F:\Millan
[12/06/2014 - 15:52:37 | D] - F:\Gautier

################## | Q:\ - Disque Fixe (NTFS) |

[16/03/2013 - 17:34:26 | N | 12 Ko] - Q:\essai cache ecran multiple.png
[12/01/2014 - 17:53:28 | N | 1095 Ko] - Q:\photo mathilde noir et blanc.jpg
[23/10/2013 - 17:03:54 | N | 19 Ko] - Q:\CV steph .docx
[19/03/2014 - 10:03:09 | N | 17 Ko] - Q:\post homologation drone.docx
[09/05/2014 - 17:36:08 | N | 1 Ko] - Q:\MediaID.bin
[09/05/2014 - 18:31:05 | SHD] - Q:\$RECYCLE.BIN
[28/09/2012 - 09:16:44 | D] - Q:\sauvegarde photos
[28/09/2012 - 09:48:55 | D] - Q:\Automobile
[12/11/2012 - 18:51:29 | D] - Q:\Vidéos familliales
[23/02/2013 - 14:37:01 | SHD] - Q:\System Volume Information
[29/05/2013 - 20:26:47 | D] - Q:\tuto mattrunk
[04/10/2013 - 09:52:32 | D] - Q:\Preset AE
[08/10/2013 - 20:27:23 | D] - Q:\Clip vidéo
[08/10/2013 - 20:28:38 | D] - Q:\Bandeau titres
[21/12/2013 - 18:35:53 | D] - Q:\sauvegarde pc
[04/01/2014 - 22:04:41 | D] - Q:\Formation vidéo
[12/01/2014 - 00:14:47 | D] - Q:\Site aquanett
[12/01/2014 - 00:14:48 | D] - Q:\site ecomvideo 2
[12/01/2014 - 00:17:41 | D] - Q:\site transfert video
[12/01/2014 - 00:26:22 | D] - Q:\site ecome vidéo
[22/01/2014 - 15:09:02 | D] - Q:\resources Ae
[06/02/2014 - 22:53:46 | D] - Q:\site mariage
[27/02/2014 - 18:24:06 | D] - Q:\Artbeats - Film Clutter
[27/02/2014 - 18:25:06 | D] - Q:\Artbeats - Film Clutter 2
[28/04/2014 - 15:10:42 | D] - Q:\Photos
[09/05/2014 - 17:19:40 | D] - Q:\Sauvegarde
[09/05/2014 - 17:38:29 | D] - Q:\WindowsImageBackup
[10/05/2014 - 11:26:39 | D] - Q:\Installation adobe + plugin
[10/05/2014 - 12:08:25 | D] - Q:\Bibliotheque
[10/05/2014 - 13:11:04 | D] - Q:\Logiciel divers
[29/05/2014 - 20:55:21 | D] - Q:\Prise de vue Xf100
[04/06/2014 - 21:53:23 | D] - Q:\animation Ae Pour TV
[12/06/2014 - 09:46:06 | D] - Q:\Banque d'images
[12/06/2014 - 10:41:29 | D] - Q:\Composition Ae perso

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
Q:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | |
#154121
ok tu me refais un ZHPDiag s'il te plait ...
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clic sur Complet

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier à été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
:merci2:
#154135
désinstalle tes µtorrent car bien qu'il ne soient pas infectieux , c'est eux qui t'amènent des virus ...



passe ensuite shorcut_Module et refait moi un ZHPDiag après je te ferais un script pour virer les restes :
  • Désactive ton antivirus sinon l'outil ne pourra pas travailler convenablement.
  • Télécharge Shortcut_Module sur ton bureau.

    Note : Enregistrer votre travail avant de continuer !
  • Lance Shortcut_Module,
  • Clic sur Nettoyer

    Image

    Note : Patiente le temps du scan
  • Laisse travailler l'outil même s'il te parait bloqué
  • Si l'outil détecte un proxy que tu ne connais pas clic sur : "Supprimer le proxy"
  • Héberge le rapport C:\Shortcut_Module_date_heure.txt sur https://upload.sosvirus.net/ puis donne le lien obtenu
:merci2:;)

Bonsoir g3n-h@ckm@n, J'ai effectivement ré[…]

suspicion de contamination

ok très bien, merci

ZHPDiag détecte des problèmes

Bonjour Jacques, Peux tu transmettre ton rapport[…]

Bonjour pas de réponse je ferme