virus clé USB

[jerome]

Bonjour,
J'ai constaté que tous les fichiers sur ma clé USB avaient été remplacés par des liens. J'ai téléchargé USBFix. Voici le rapport. Quelqu'un peut-il m'aider ?

Code: Tout sélectionner

############################## | UsbFix V 7.129 | [Recherche]

Utilisateur: rodrigue (Administrateur) # RODRIGUE-PC
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 09:50:53 | 22/07/2013

Site Web: https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: Dell Inc. (Inspiron 1370) (x64-based PC)
CPU: Genuine Intel(R) CPU U7300 @ 1.30GHz (1300)
RAM -> [Total : 4091 | Free : 2221]
BIOS: Ver 1.00 A01
BOOT: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16635

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 59 Go (16 Go libre(s) - 27%) [OS] # NTFS
D:\ -> Disque fixe # 230 Go (225 Go libre(s) - 98%) [] # NTFS
E:\ -> CD-ROM
I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 89%) [RGARCIA] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (508)
C:\Windows\system32\wininit.exe (584)
C:\Windows\system32\csrss.exe (600)
C:\Windows\system32\services.exe (632)
C:\Windows\system32\lsass.exe (648)
C:\Windows\system32\lsm.exe (656)
C:\Windows\system32\svchost.exe (768)
C:\Windows\system32\nvvsvc.exe (844)
C:\Windows\system32\svchost.exe (888)
C:\Windows\System32\svchost.exe (952)
C:\Windows\System32\svchost.exe (984)
C:\Windows\system32\svchost.exe (1020)
C:\Windows\system32\svchost.exe (376)
C:\Program Files\Dell\DellDock\DockLogin.exe (292)
C:\Windows\system32\winlogon.exe (1052)
C:\Windows\system32\svchost.exe (1108)
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (1184)
C:\Windows\system32\WLANExt.exe (1192)
C:\Windows\system32\conhost.exe (1200)
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe (1244)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1264)
C:\Windows\system32\nvvsvc.exe (1404)
C:\Windows\System32\spoolsv.exe (1652)
C:\Windows\system32\svchost.exe (1708)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1808)
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (1840)
C:\Windows\system32\svchost.exe (1864)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1888)
C:\Program Files\Bonjour\mDNSResponder.exe (1992)
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1448)
C:\Windows\system32\dlcgcoms.exe (108)
C:\Windows\system32\svchost.exe (1544)
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (2088)
C:\Windows\system32\svchost.exe (2196)
C:\Windows\system32\svchost.exe (2260)
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (2460)
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (2516)
C:\Windows\System32\svchost.exe (2712)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2780)
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (3036)
C:\Windows\system32\taskhost.exe (4068)
C:\Windows\system32\Dwm.exe (2748)
C:\Windows\Explorer.EXE (2096)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3708)
C:\Windows\system32\SearchIndexer.exe (3728)
C:\Program Files\Windows Media Player\wmpnetwk.exe (608)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2804)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1492)
C:\Program Files\Dell\QuickSet\quickset.exe (2152)
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (2856)
C:\Windows\System32\rundll32.exe (3380)
C:\Users\rodrigue\AppData\Roaming\Dropbox\bin\Dropbox.exe (3792)
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (1540)
C:\Windows\system32\wbem\wmiprvse.exe (3968)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (2216)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2996)
C:\Windows\System32\svchost.exe (4360)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4840)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5024)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3740)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3168)
C:\Windows\explorer.exe (3656)
C:\Windows\system32\vssvc.exe (5916)
C:\Windows\System32\svchost.exe (5956)
C:\Windows\system32\wuauclt.exe (2432)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3704)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5232)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3616)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5540)
C:\Windows\system32\SearchProtocolHost.exe (5748)
C:\UsbFix\Go.exe (3212)
C:\Windows\system32\wbem\wmiprvse.exe (3340)
C:\Windows\system32\SearchFilterHost.exe (4356)
C:\Windows\System32\WUDFHost.exe (5100)
C:\Windows\SysWOW64\ctfmon.exe (3268)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [PDVDDXSrv] - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [PDVDDXSrv] - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | à‰léments infectieux |

Présent! I:\THESE.lnk
Présent! I:\DIU coro.lnk
Présent! I:\BRS.lnk
Présent! I:\epicor.lnk
Présent! I:\Steinert.lnk
Présent! I:\StatView.lnk
Présent! I:\laminopathies.lnk
Présent! I:\Articles internes.lnk
Présent! I:\Livre Braunwald.lnk
Présent! I:\hollandts lucienne.lnk
Présent! I:\electrophysiologie GP.lnk
Présent! I:\Direction de la recherche.lnk
Présent! I:\autorun.inf

################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\F
Shell\AutoRun\Command = F:\unlock.exe autoplay=true

HKCU\.\.\.\.\Explorer\MountPoints2\{66e36872-9ac5-11e1-a1d5-0026b9d6c102}
Shell\AutoRun\Command = F:\unlock.exe autoplay=true

HKCU\.\.\.\.\Explorer\MountPoints2\{e43fa7ff-79cd-11e1-9c93-0026b9d6c102}
Shell\AutoRun\Command = F:\unlock.exe autoplay=true



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://sosvirus.net |

[g3n-h@ckm@n]

salut fais suppression et poste le rapport

[jerome]

Merci! J'ai fait suppresion. Voici le rapport :

Code: Tout sélectionner

############################## | UsbFix V 7.129 | [Suppression]

Utilisateur: rodrigue (Administrateur) # RODRIGUE-PC
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 11:36:56 | 22/07/2013

Site Web: https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: Dell Inc. (Inspiron 1370) (x64-based PC)
CPU: Genuine Intel(R) CPU U7300 @ 1.30GHz (1300)
RAM -> [Total : 4091 | Free : 1811]
BIOS: Ver 1.00 A01
BOOT: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16635

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 59 Go (16 Go libre(s) - 26%) [OS] # NTFS
D:\ -> Disque fixe # 230 Go (225 Go libre(s) - 98%) [] # NTFS
E:\ -> CD-ROM
I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 89%) [RGARCIA] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [PDVDDXSrv] - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [PDVDDXSrv] - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\nvvsvc.exe (844)
Stoppé! C:\Program Files\Dell\DellDock\DockLogin.exe (292)
Stoppé! C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (1184)
Stoppé! C:\Windows\system32\WLANExt.exe (1192)
Stoppé! C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe (1244)
Stoppé! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1264)
Stoppé! C:\Windows\system32\nvvsvc.exe (1404)
Stoppé! C:\Windows\System32\spoolsv.exe (1652)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1808)
Stoppé! C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (1840)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1888)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1992)
Stoppé! c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1448)
Stoppé! C:\Windows\system32\dlcgcoms.exe (108)
Stoppé! C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (2088)
Stoppé! C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (2460)
Stoppé! C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (2516)
Stoppé! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2780)
Stoppé! C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (3036)
Stoppé! C:\Windows\system32\taskhost.exe (4068)
Stoppé! C:\Windows\system32\SearchIndexer.exe (3728)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (608)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2804)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1492)
Stoppé! C:\Program Files\Dell\QuickSet\quickset.exe (2152)
Stoppé! C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (2856)
Stoppé! C:\Windows\System32\rundll32.exe (3380)
Stoppé! C:\Users\rodrigue\AppData\Roaming\Dropbox\bin\Dropbox.exe (3792)
Stoppé! C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (1540)
Stoppé! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (2216)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2996)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4840)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5024)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3740)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3168)
Stoppé! C:\Windows\system32\vssvc.exe (5916)
Stoppé! C:\Windows\system32\wuauclt.exe (2432)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3704)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5232)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3616)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5540)
Stoppé! C:\Windows\System32\WUDFHost.exe (5100)
Stoppé! C:\Windows\SysWOW64\ctfmon.exe (3268)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5748)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (5896)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5256)
Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3876)
Stoppé! C:\Windows\system32\NOTEPAD.EXE (4480)
Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (7152)
Stoppé! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (6220)

################## | à‰léments infectieux |

Supprimé! I:\THESE.lnk
Supprimé! I:\DIU coro.lnk
Supprimé! I:\BRS.lnk
Supprimé! I:\epicor.lnk
Supprimé! I:\Steinert.lnk
Supprimé! I:\StatView.lnk
Supprimé! I:\laminopathies.lnk
Supprimé! I:\Articles internes.lnk
Supprimé! I:\Livre Braunwald.lnk
Supprimé! I:\hollandts lucienne.lnk
Supprimé! I:\electrophysiologie GP.lnk
Supprimé! I:\Direction de la recherche.lnk
Supprimé! I:\autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\F
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{66e36872-9ac5-11e1-a1d5-0026b9d6c102}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{e43fa7ff-79cd-11e1-9c93-0026b9d6c102}

################## | Listing |

[01/06/2010 - 20:17:42 | SHD ] C:\$Recycle.Bin
[15/05/2013 - 07:38:47 | SHD ] C:\Boot
[20/11/2010 - 14:40:07 | RASH | 383786] C:\bootmgr
[24/12/2009 - 04:11:09 | N | 8192] C:\BOOTSECT.BAK
[17/07/2013 - 09:29:19 | D ] C:\Config.Msi
[01/06/2010 - 20:07:54 | D ] C:\Dell
[21/05/2010 - 21:02:07 | N | 2556] C:\dell.sdr
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[15/10/2011 - 20:40:46 | D ] C:\found.000
[22/07/2013 - 09:28:10 | ASH | 3217268736] C:\hiberfil.sys
[21/05/2010 - 23:48:10 | D ] C:\inetpub
[21/05/2010 - 21:04:03 | RHD ] C:\MSOCache
[22/07/2013 - 09:28:16 | ASH | 4289695744] C:\pagefile.sys
[14/07/2013 - 23:38:33 | D ] C:\Program Files
[14/07/2013 - 23:56:17 | D ] C:\Program Files (x86)
[25/03/2013 - 23:23:01 | HD ] C:\ProgramData
[01/06/2010 - 20:07:23 | SHD ] C:\Recovery
[22/07/2013 - 11:38:39 | SHD ] C:\System Volume Information
[22/07/2013 - 11:38:35 | D ] C:\UsbFix
[22/07/2013 - 11:39:00 | A | 7991] C:\UsbFix [Clean 1] RODRIGUE-PC.txt
[22/07/2013 - 09:54:03 | N | 7702] C:\UsbFix [Scan 2] RODRIGUE-PC.txt
[06/06/2013 - 21:22:30 | D ] C:\Users
[17/05/2013 - 19:34:57 | D ] C:\Windows
[01/06/2010 - 20:17:42 | SHD ] D:\$RECYCLE.BIN
[22/06/2012 - 17:43:06 | D ] D:\2319cbbcaa9a376b3b2ce574
[05/02/2013 - 23:30:33 | D ] D:\article
[12/07/2012 - 22:46:46 | D ] D:\BACKUP
[23/11/2011 - 14:15:32 | N | 3674367] D:\Cardiologie_masson.pdf
[20/03/2013 - 22:56:07 | D ] D:\cours DIU rythmo
[01/01/2005 - 11:13:16 | N | 9985098] D:\DIUcomplicationsDAI.pptx
[18/09/2011 - 23:26:51 | D ] D:\f70516abd2cf2a47bae8a3e03ba344fd
[20/10/2012 - 20:22:57 | D ] D:\images
[17/07/2012 - 22:08:59 | D ] D:\Prism 5
[22/03/2013 - 00:13:20 | D ] D:\rythmo
[27/10/2012 - 14:35:32 | D ] D:\Steinert
[12/04/2013 - 19:36:32 | SHD ] D:\System Volume Information
[10/11/2012 - 00:23:21 | D ] D:\thèse
[08/03/2012 - 14:35:08 | N | 32464896] D:\TV.ppt.ppt
[16/07/2010 - 23:25:12 | HD ] I:\.Trashes
[29/11/2007 - 11:34:40 | HD ] I:\System
[23/10/2007 - 09:45:40 | N | 1336632] I:\LaunchU3.exe
[16/07/2010 - 23:25:12 | N | 4096] I:\._.Trashes
[25/03/2013 - 22:08:54 | N | 2391336] I:\DEHARO[1].pdf
[09/10/2011 - 16:58:28 | D ] I:\THESE
[18/05/2013 - 17:03:04 | N | 22016] I:\PM.doc
[01/11/2007 - 16:34:26 | N | 1699840] I:\RestoreU3.exe
[16/07/2010 - 23:25:12 | D ] I:\.Spotlight-V100
[20/06/2012 - 17:30:54 | N | 302534] I:\diabète SUPER TOPO.pptx
[20/07/2013 - 20:55:42 | N | 33280] I:\PLANNING REA.xls
[03/06/2013 - 21:30:26 | N | 5699584] I:\Monsieur C.ppt
[17/07/2012 - 19:23:36 | N | 25134] I:\Recommandation arbre_genealogique.pdf
[03/06/2013 - 18:02:28 | N | 29481024] I:\Anesthesie.book.pdf
[12/07/2013 - 08:12:46 | D ] I:\DIU coro
[21/07/2013 - 17:25:18 | D ] I:\chrome
[17/02/2011 - 09:24:54 | N | 2107392] I:\dip plateau.ppt
[12/05/2013 - 19:05:38 | N | 75746] I:\ecmo.pdf
[31/07/2004 - 23:12:56 | N | 900030] I:\kt98.pdf
[05/07/2012 - 12:20:02 | D ] I:\Steinert
[15/11/2012 - 20:42:22 | D ] I:\BRS
[21/12/2012 - 08:04:10 | D ] I:\epicor
[07/06/2004 - 17:21:16 | N | 900030] I:\kt droit.pdf
[02/07/2011 - 13:17:42 | N | 1005633] I:\HAISSAGUERRE PARAHISSIAN.pdf
[21/06/2012 - 13:30:16 | N | 890368] I:\PEC BPCO.ppt
[25/05/2011 - 16:53:30 | D ] I:\StatView
[08/07/2013 - 19:23:14 | D ] I:\laminopathies
[15/07/2011 - 12:41:28 | N | 3924410] I:\Mariano.pdf
[13/02/2012 - 17:44:16 | N | 26083] I:\Fiche_Contactez-nous.pdf
[10/12/2011 - 11:41:46 | D ] I:\Articles internes
[13/12/2011 - 09:55:18 | N | 165] I:\~$coronary revascularisation in diabetics patients.pptx
[28/07/2010 - 15:28:18 | N | 1012288] I:\topo avk.pdf
[26/06/2013 - 10:26:18 | D ] I:\.fseventsd
[15/05/2013 - 21:35:42 | D ] I:\Livre Braunwald
[13/02/2012 - 11:36:40 | N | 2832619] I:\referentiel.pdf
[14/07/2013 - 23:34:08 | N | 294219] I:\schwartz 2013.pdf
[25/05/2013 - 10:47:16 | D ] I:\hollandts lucienne
[26/04/2013 - 16:48:50 | N | 1692406] I:\chanelopathies napolitano.pdf
[26/04/2013 - 16:57:08 | N | 550938] I:\guidelines polymorphic VT.pdf
[20/09/2010 - 14:00:32 | N | 207065] I:\PLAN DE PRESENTATION D‚UN TRAVAIL DE RECHERCHE.pdf
[17/04/2013 - 10:23:30 | N | 3021741] I:\laurent JACC 2012.pdf
[03/06/2013 - 21:16:56 | N | 1261568] I:\rea mai sept 2013.xls
[14/09/2012 - 18:25:46 | N | 80331] I:\rediger_article_scientifique.pdf
[14/09/2012 - 18:26:30 | N | 60969] I:\CommentRediger.pdf
[12/06/2013 - 22:21:36 | N | 334350] I:\icmje vancouver.pdf
[05/12/2012 - 19:40:52 | N | 826368] I:\etude avc fa rodriguo.121205xls.xls
[09/10/2012 - 00:20:12 | D ] I:\electrophysiologie GP
[29/05/2013 - 22:16:20 | D ] I:\Direction de la recherche
[12/06/2013 - 22:23:18 | N | 229344] I:\ConventionDeVancouver_2012.pdf
[29/05/2013 - 21:04:36 | N | 33904] I:\CURRICULUM VITAE GARCIA rodrigue.pdf
[19/06/2013 - 22:50:48 | N | 4129140] I:\rfe_sedation_analgesie_2010.pdf
[19/06/2013 - 22:54:10 | N | 262029] I:\2007_conference_de_consensus_sedation_et_analgesie_en_reanimation_nouveau_ne_exclu.pdf
[21/07/2013 - 18:20:32 | N | 1574781] I:\strain GE.pdf
[21/07/2013 - 18:23:08 | N | 1547349] I:\GEHC-Brochure_Vivid-E9-4D-Cardiovascular-Ultrasound.pdf
[21/07/2013 - 18:23:46 | N | 2716717] I:\GEHealthcare-Poster_Echocardiography-for-Heart-Failure.pdf
[21/07/2013 - 19:13:52 | N | 388868] I:\assessment of left ventricular function.pdf
[21/07/2013 - 19:28:42 | N | 421843] I:\schmidt Am J Cardiol 1999 Real-Time Three-Dimensional Echocardiography for measurement of left ventricular volumes.pdf
[20/11/2010 - 13:10:26 | N | 315971] I:\Cardiopulmonary.pdf
[16/02/2011 - 21:29:50 | N | 797404] I:\cathé cardiaque.pdf

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://sosvirus.net |

[H.A.W.X]

Bonjour,

Je me nomme H.A.W.X et je suis Helper sur le forum. Je te propose mon aide pour essayer de résoudre ton soucis
Sache que si tu as des questions tu peux les poser je t'y répondrai avec plaisir ( si je sais y répondre )

Pour la désinfection je voudrai que tu prennes connaissance de ce qui suis s'il te plaît :
~ Ne télécharge rien d'autres outils/logiciels/utilitaires sans mon accords/autorisations de ma part
~ Tous les outils/logiciels télécharger doivent être lancés/exécutés depuis le Bureau

Avant toute choses veux toutes choses es ce que tu veux que l'on pousse l'examen de ton pc ? Il se peux qu''il y ai d'autres infections.

[jerome]

Hello!
Allons y!

[H.A.W.X]

Ok, on commence

• Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
• Installe le logiciel.
• Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  
  
• Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)
  
  Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.
  
  
• Une fois le scan terminé rends toi sur le bureau, le fichier à été créé.
• Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

[jerome]

OK j'ai commencé le diagnostic mais ça bloque à 57%... Je recommence ou je laisse travailler ???
Merci

[H.A.W.X]

Laisse le travailler

[jerome]

Code: Tout sélectionner

Rapport de ZHPDiag v2013.7.20.351 par Nicolas Coolman, Update du 21/07/2013
Run by rodrigue at 22/07/2013 12:22:52
WebSite: https://nicolascoolman.webs.com
State : Problème connexion internet
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16635
MFIE: Mozilla Firefox 22.0 (Defaut)
GCIE: Google Chrome v28.0.1500.72

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Windows Defender W7

---\\ System Optimizer
CCleaner v4.00

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 9

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4091 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 16 GB (26%) free of 59 GB

---\\ Logged in mode
~ Computer Name: RODRIGUE-PC
~ User Name: rodrigue
~ All Users Names: rodrigue, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\rodrigue\AppData\Roaming\
~ %Desktop% : C:\Users\rodrigue\Desktop\
~ %Favorites% : C:\Users\rodrigue\Favorites\
~ %LocalAppData% : C:\Users\rodrigue\AppData\Local\
~ %StartMenu% : C:\Users\rodrigue\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 16 Go of 59 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 225 Go of 230 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Free 0 Go of 0 Go)
I:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 34 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/12
Mes musiques (My Musics) : 3/3 (Modified)
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 1/695
~ Mon Bureau (My Desktop) : 2/213
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.2216]
[MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288] [PID.3156]
[MD5.B68BA29CC976337B3E0E980FD0EB14A7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7744512] [PID.404]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1264]
[MD5.80F8944EA183004D6EDCBBDCEC166404] - (.Western Digital - WD Drive Service.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248] [PID.6724]
[MD5.FD2D1C60CDBDFAB63EF182539D8FFC2D] - (.Western Digital - WD Rules Engine.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536] [PID.6568]
[MD5.96C4C98FE4866C16FC64E4578A0AA975] - (.Western Digital - WD Backup Engine.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056] [PID.6972]
[MD5.F401929EE0CC92BFE7F15161CA535383] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1996]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\rodrigue\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ekhagklcjbdpajgpjgmbionohlpdbjgc] Zotero Connector v.4.0.8.2, (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 27s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
~ BHO: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [NVHotkey] . (.NVIDIA Corporation - NVIDIA Hotkey Service, Version 186.88.) -- C:\Windows\system32\nvHotkey.dll
O4 - HKLM\..\Wow6432Node\Run: [PDVDDXSrv] . (.CyberLink Corp. - CyberLink PowerDVD Resident Program.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
O4 - HKLM\..\Wow6432Node\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - à‰diteur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Dropbox.lnk . (...) -- C:\Users\rodrigue\Dropbox
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Disk Cleanup.lnk . (.Microsoft Corporation - Gestionnaire de nettoyage de disque pour Wi.) -- C:\Windows\system32\cleanmgr.exe
O4 - GS\Desktop: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\rodrigue\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - GS\Desktop: Musique - Raccourci.lnk . (...) -- C:\Users\rodrigue\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30DA0839-366F-4BF3-8F14-10532C41DE3E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30DA0839-366F-4BF3-8F14-10532C41DE3E}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{30DA0839-366F-4BF3-8F14-10532C41DE3E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30DA0839-366F-4BF3-8F14-10532C41DE3E}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{30DA0839-366F-4BF3-8F14-10532C41DE3E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30DA0839-366F-4BF3-8F14-10532C41DE3E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GoToAssist . (...) -- C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll (.not file.)
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{612A6D48-2F35-4FA0-8EFE-CD9244CFAF47}] (...) -- H:\thèse\Logiciels\USVIEW.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{83F79A43-7F49-4218-9C36-F581ABA83CCE}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E5300046-D886-4B8F-92A6-EE59150FA4C1}] (...) -- H:\thèse\Logiciels\USVIEW.exe (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 06s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Softonic]
[HKCU\Software\YahooPartnerToolbar]
~ Key Software: 203 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2011 - 00:37:54 - [0,000] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 06/05/2011 - 18:27:13 - [0] ----D C:\ProgramData\MediMatic
O43 - CFD: 06/05/2011 - 18:27:13 - [0] ----D C:\Users\rodrigue\AppData\Local\MediMatic
~ Program Folder: 172 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F4F71FD9976CEE37681B0F5433DD2145] - 22/07/2013 - 10:39:01 ---A- . (...) -- C:\Upload_UsbFix.zip [14336]
O44 - LFC:[MD5.9D28480DF7C97A74CAA642620CEA5FD6] - 22/07/2013 - 10:39:01 ---A- . (...) -- C:\UsbFix [Clean 1] RODRIGUE-PC.txt [12996]
O44 - LFC:[MD5.3550C1C06C1A5EB473B8C0E4306168C7] - 22/07/2013 - 08:54:03 ----- . (...) -- C:\UsbFix [Scan 2] RODRIGUE-PC.txt [7702]
~ Files: 58 Legitimates Filtered in 00mn 09s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.CFA00B05D81E0250675D53E0843C307F] - 19/07/2013 - 14:46:43 ---A- - C:\Windows\Prefetch\UNLOCK.EXE-95FB8DBD.pf
O45 - LFCP:[MD5.90766D2D926C6BC2AC7EF6A7C980DA64] - 22/07/2013 - 10:36:51 ---A- - C:\Windows\Prefetch\GO.EXE-9F5F9B7B.pf
O45 - LFCP:[MD5.4F4DB5D6F80527D5899E0D3D17DAAF99] - 22/07/2013 - 10:37:16 ---A- - C:\Windows\Prefetch\WDDRIVESERVICE.EXE-AB726BCE.pf
O45 - LFCP:[MD5.F0EE4C51AE68E9A11A644B4DFF2B3F99] - 22/07/2013 - 10:37:19 ---A- - C:\Windows\Prefetch\WDBACKUPENGINE.EXE-F7EA5128.pf
O45 - LFCP:[MD5.B3EC007AAD9CA4731DFA017F1ACE239A] - 22/07/2013 - 10:38:15 ---A- - C:\Windows\Prefetch\DLCGCOMS.EXE-2D4EFBB1.pf
O45 - LFCP:[MD5.059CD4253A829C28BF77F2C34861B9AF] - 22/07/2013 - 11:23:14 ---A- - C:\Windows\Prefetch\WDLOCKEDFILES.EXE-EE26236A.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 01s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{66e36872-9ac5-11e1-a1d5-0026b9d6c102}\AutoRun\command. (.Western Digital - Unlock Utility for WD SmartWare.) -- F:\unlock.exe
~ Keys: Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\WD Quick View [Key] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

OK je laisse faire la bête!! :dodo10: Ca bloque depuis 1h30 à 57%...
C'est pas dangereux de poster les diagnostics de mon PC sur un forum ???
Désolé je n'y connait rien....

Je suis toujours à 57% de progression après 1h30....
Please HELP!!!

---

---

[H.A.W.X]

Bonjour,

Ok, essayes de le passer en mode sans échec