SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité infection ordinateur par clé usb et micro SD

15 sujets de 1 à 15 (sur un total de 19)
  • Auteur
    Messages
  • Chikoungounia
    Participant
    Nombre d'articles : 11

    Bonsoir,
    J’ai le même problème, une clé usb a été infectée par un ordinateur, j’ai ensuite infecté mon propre ordinateur, puis une carte SD d’appareil photo. Savez-vous si l’appareil photo cours un risque ? Merci !

    J’ai téléchargé usbfix comme j’ai pu le lire sur ce forum et j’ai cliqué sur l’onglet “Recherche”, voici le rapport qui en est sorti :

    ############################## | UsbFix V 7.147 | [Recherche]

    Utilisateur: Bastien (Administrateur) # BASTIEN-PC
    Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 18:41:09 | 01/11/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Acer (VA50_HC_HR)
    CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
    RAM -> [Total : 3932 | Free : 1759]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 24.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Bitdefender Antivirus [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 681 Go (248 Go libre(s) – 36%) [Acer] # NTFS
    D: -> CD-ROM
    E: -> Disque amovible # 4 Go (778 Mo libre(s) – 21%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 652 |ParentID: 644)
    C:Windowssystem32wininit.exe (ID: 888 |ParentID: 644)
    C:Windowssystem32csrss.exe (ID: 912 |ParentID: 900)
    C:Windowssystem32services.exe (ID: 956 |ParentID: 888)
    C:Windowssystem32lsass.exe (ID: 972 |ParentID: 888)
    C:Windowssystem32lsm.exe (ID: 980 |ParentID: 888)
    C:Windowssystem32svchost.exe (ID: 660 |ParentID: 956)
    C:Program FilesBitdefenderBitdefender 2013vsserv.exe (ID: 720 |ParentID: 956)
    C:Windowssystem32winlogon.exe (ID: 784 |ParentID: 900)
    C:Windowssystem32nvvsvc.exe (ID: 1176 |ParentID: 956)
    C:Windowssystem32svchost.exe (ID: 1228 |ParentID: 956)
    C:WindowsSystem32svchost.exe (ID: 1308 |ParentID: 956)
    C:WindowsSystem32svchost.exe (ID: 1364 |ParentID: 956)
    C:Windowssystem32svchost.exe (ID: 1464 |ParentID: 956)
    C:Windowssystem32svchost.exe (ID: 1508 |ParentID: 956)
    C:Windowssystem32svchost.exe (ID: 1652 |ParentID: 956)
    C:Windowssystem32WLANExt.exe (ID: 1732 |ParentID: 1364)
    C:Windowssystem32conhost.exe (ID: 1740 |ParentID: 652)
    C:Program FilesBroadcomBroadcom 802.11 Network AdapterWLTRYSVC.EXE (ID: 1832 |ParentID: 956)
    C:Program FilesBroadcomBroadcom 802.11 Network Adapterbcmwltry.exe (ID: 1884 |ParentID: 1832)
    C:WindowsSystem32spoolsv.exe (ID: 1936 |ParentID: 956)
    C:Windowssystem32svchost.exe (ID: 1972 |ParentID: 956)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1588 |ParentID: 956)
    C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1684 |ParentID: 1176)
    C:Windowssystem32nvvsvc.exe (ID: 1744 |ParentID: 1176)
    C:Windowssystem32taskhost.exe (ID: 2076 |ParentID: 956)
    C:Windowssystem32Dwm.exe (ID: 2148 |ParentID: 1364)
    C:WindowsExplorer.EXE (ID: 2260 |ParentID: 2136)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2352 |ParentID: 956)
    C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 2516 |ParentID: 956)
    C:WindowsSystem32hkcmd.exe (ID: 2604 |ParentID: 2260)
    C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 2664 |ParentID: 956)
    C:WindowsSystem32igfxpers.exe (ID: 2712 |ParentID: 2260)
    C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID: 2768 |ParentID: 956)
    C:Windowssystem32svchost.exe (ID: 2796 |ParentID: 956)
    C:Program Files (x86)Launch ManagerLMworker.exe (ID: 2804 |ParentID: 2664)
    C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 2840 |ParentID: 2664)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2900 |ParentID: 2260)
    C:Program FilesInteliCLS ClientHeciServer.exe (ID: 2912 |ParentID: 956)
    C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 2988 |ParentID: 2260)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 3068 |ParentID: 956)
    C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 2688 |ParentID: 956)
    C:Program FilesElantechETDCtrl.exe (ID: 1380 |ParentID: 2260)
    C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 1328 |ParentID: 1684)
    C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe (ID: 3100 |ParentID: 956)
    C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID: 3172 |ParentID: 2260)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 3452 |ParentID: 956)
    C:Program FilesBitdefenderBitdefender 2013bdagent.exe (ID: 3536 |ParentID: 2260)
    C:Program Files (x86)RocketDockRocketDock.exe (ID: 3580 |ParentID: 2260)
    C:Windowssystem32svchost.exe (ID: 3668 |ParentID: 956)
    C:Program FilesBitdefenderBitdefender 2013updatesrv.exe (ID: 3748 |ParentID: 956)
    C:Program Files (x86)POST-NETPost-Net.exe (ID: 3828 |ParentID: 2260)
    C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe (ID: 3876 |ParentID: 3644)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 3888 |ParentID: 956)
    C:Dolby PCEE4pcee4.exe (ID: 3944 |ParentID: 3644)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4060 |ParentID: 660)
    C:Program Files (x86)Launch ManagerLManager.exe (ID: 4068 |ParentID: 3644)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3164 |ParentID: 3644)
    C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID: 2380 |ParentID: 4068)
    C:Windowssystem32igfxext.exe (ID: 4108 |ParentID: 660)
    C:Windowssystem32igfxsrvc.exe (ID: 4140 |ParentID: 660)
    C:Windowssystem32wbemunsecapp.exe (ID: 4316 |ParentID: 660)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4368 |ParentID: 660)
    C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 4424 |ParentID: 956)
    C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID: 4444 |ParentID: 2768)
    C:Windowssystem32SearchIndexer.exe (ID: 4692 |ParentID: 956)
    C:Windowssystem32svchost.exe (ID: 4772 |ParentID: 956)
    C:Program FilesElantechETDCtrlHelper.exe (ID: 5004 |ParentID: 1380)
    C:Windowssystem32taskeng.exe (ID: 4940 |ParentID: 1508)
    C:Program Files (x86)CyberLinkMediaEspressoDeviceDetectorDeviceDetector.exe (ID: 3304 |ParentID: 4940)
    C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 2720 |ParentID: 3580)
    C:Program FilesAcerAcer Instant ServiceInstantUpdateiuBrowserIEAgent.exe (ID: 4672 |ParentID: 3500)
    C:Program FilesAcerAcer Instant ServiceInstantUpdateiuEmailOutlookAgent.exe (ID: 4668 |ParentID: 3500)
    C:Windowssystem32conhost.exe (ID: 3836 |ParentID: 912)
    C:Windowssystem32conhost.exe (ID: 1804 |ParentID: 912)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 2724 |ParentID: 956)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5236 |ParentID: 956)
    C:WindowsSystem32WUDFHost.exe (ID: 5248 |ParentID: 1364)
    C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 5416 |ParentID: 956)
    C:WindowsSystem32svchost.exe (ID: 5536 |ParentID: 956)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 5692 |ParentID: 956)
    C:WindowsservicingTrustedInstaller.exe (ID: 6064 |ParentID: 956)
    C:UsbFixGo.exe (ID: 3548 |ParentID: 4664)
    C:Program FilesEgisTec IPSPMMUpdate.exe (ID: 6084 |ParentID: 4940)
    C:Program FilesEgisTec IPSEgisUpdate.exe (ID: 3504 |ParentID: 5644)
    C:Windowssystem32SearchProtocolHost.exe (ID: 4736 |ParentID: 4692)
    C:Windowssystem32SearchFilterHost.exe (ID: 5392 |ParentID: 4692)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWARE | Run : [Dolby Home Theater v4] – “C:Dolby PCEE4pcee4.exe” -autostart
    HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWARE | Run : [amd_dc_opt] – C:Program Files (x86)AMDDual-Core Optimizeramd_dc_opt.exe
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWAREwow6432Node | Run : [Dolby Home Theater v4] – “C:Dolby PCEE4pcee4.exe” -autostart
    HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWAREwow6432Node | Run : [amd_dc_opt] – C:Program Files (x86)AMDDual-Core Optimizeramd_dc_opt.exe
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2788141995-2334679376-359312472-1000SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2788141995-2334679376-359312472-1002SOFTWARE | Run : [RocketDock] – “C:Program Files (x86)RocketDockRocketDock.exe”
    HKUS-1-5-21-2788141995-2334679376-359312472-1002SOFTWARE | Run : [wqknxfwfzv] – wscript.exe //B “C:UsersBastienAppDataLocalTempwqknxfwfzv..vbs”
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-19SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
    HKUS-1-5-21-2788141995-2334679376-359312472-1000SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-21-2788141995-2334679376-359312472-1000SOFTWARE | RunOnce : [ScrSav] – C:Program Files (x86)AcerScreensaverrun_Acer.exe /default
    HKUS-1-5-18SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}

    ################## | Recherche générique |

    Présent! E:.lnk
    Présent! E:DCIM.lnk
    Présent! E:MISC.lnk
    Présent! E:PRIVATE.lnk
    Présent! E:.Trashes.lnk
    Présent! E:.TemporaryItems.lnk

    ################## | Registre |

    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    :merci2: aux bonnes âmes

    kink06
    Nombre d'articles : 0

    Bonjour , et :welcome: sur sosvirus ;)

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    Chikoungounia
    Participant
    Nombre d'articles : 11

    Super, merci de la réactivité. L’ordinateur aura été nettoyé aussi ?

    Voici le rapport après suppression :

    ############################## | UsbFix V 7.147 | [Suppression]

    Utilisateur: Bastien (Administrateur) # BASTIEN-PC
    Mis à jour le 30/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 19:38:33 | 01/11/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Acer (VA50_HC_HR)
    CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
    RAM -> [Total : 3932 | Free : 1303]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16721
    WB: Mozilla Firefox : 24.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Bitdefender Antivirus [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 681 Go (248 Go libre(s) – 36%) [Acer] # NTFS
    D: -> CD-ROM
    E: -> Disque amovible # 4 Go (778 Mo libre(s) – 21%) [] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesBitdefenderBitdefender 2013vsserv.exe (ID: 720 |ParentID: 956)
    Stoppé! C:Windowssystem32nvvsvc.exe (ID: 1176 |ParentID: 956)
    Stoppé! C:Windowssystem32WLANExt.exe (ID: 1732 |ParentID: 1364)
    Stoppé! C:Windowssystem32conhost.exe (ID: 1740 |ParentID: 652)
    Stoppé! C:Program FilesBroadcomBroadcom 802.11 Network AdapterWLTRYSVC.EXE (ID: 1832 |ParentID: 956)
    Stoppé! C:Program FilesBroadcomBroadcom 802.11 Network Adapterbcmwltry.exe (ID: 1884 |ParentID: 1832)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1936 |ParentID: 956)
    Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1588 |ParentID: 956)
    Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1684 |ParentID: 1176)
    Stoppé! C:Windowssystem32nvvsvc.exe (ID: 1744 |ParentID: 1176)
    Stoppé! C:Windowssystem32taskhost.exe (ID: 2076 |ParentID: 956)
    Stoppé! C:WindowsExplorer.EXE (ID: 2260 |ParentID: 2136)
    Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 2352 |ParentID: 956)
    Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 2516 |ParentID: 956)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2604 |ParentID: 2260)
    Stoppé! C:Program Files (x86)Launch Managerdsiwmis.exe (ID: 2664 |ParentID: 956)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 2712 |ParentID: 2260)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID: 2768 |ParentID: 956)
    Stoppé! C:Program Files (x86)Launch ManagerLMworker.exe (ID: 2804 |ParentID: 2664)
    Stoppé! C:Program Files (x86)Launch ManagerLMutilps32.exe (ID: 2840 |ParentID: 2664)
    Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 2900 |ParentID: 2260)
    Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 2912 |ParentID: 956)
    Stoppé! C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 2988 |ParentID: 2260)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 3068 |ParentID: 956)
    Stoppé! C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 2688 |ParentID: 956)
    Stoppé! C:Program FilesElantechETDCtrl.exe (ID: 1380 |ParentID: 2260)
    Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 1328 |ParentID: 1684)
    Stoppé! C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe (ID: 3100 |ParentID: 956)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID: 3172 |ParentID: 2260)
    Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 3452 |ParentID: 956)
    Stoppé! C:Program FilesBitdefenderBitdefender 2013bdagent.exe (ID: 3536 |ParentID: 2260)
    Stoppé! C:Program Files (x86)RocketDockRocketDock.exe (ID: 3580 |ParentID: 2260)
    Stoppé! C:Program FilesBitdefenderBitdefender 2013updatesrv.exe (ID: 3748 |ParentID: 956)
    Stoppé! C:Program Files (x86)POST-NETPost-Net.exe (ID: 3828 |ParentID: 2260)
    Stoppé! C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe (ID: 3876 |ParentID: 3644)
    Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 3888 |ParentID: 956)
    Stoppé! C:Dolby PCEE4pcee4.exe (ID: 3944 |ParentID: 3644)
    Stoppé! C:Program Files (x86)Launch ManagerLManager.exe (ID: 4068 |ParentID: 3644)
    Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3164 |ParentID: 3644)
    Stoppé! C:Program Files (x86)Launch ManagerMMDx64Fx.exe (ID: 2380 |ParentID: 4068)
    Stoppé! C:Windowssystem32igfxext.exe (ID: 4108 |ParentID: 660)
    Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 4140 |ParentID: 660)
    Stoppé! C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 4424 |ParentID: 956)
    Stoppé! C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID: 4444 |ParentID: 2768)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4692 |ParentID: 956)
    Stoppé! C:Program FilesElantechETDCtrlHelper.exe (ID: 5004 |ParentID: 1380)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 4940 |ParentID: 1508)
    Stoppé! C:Program Files (x86)CyberLinkMediaEspressoDeviceDetectorDeviceDetector.exe (ID: 3304 |ParentID: 4940)
    Stoppé! C:Program FilesAcerAcer Instant ServiceInstantUpdateiuBrowserIEAgent.exe (ID: 4672 |ParentID: 3500)
    Stoppé! C:Program FilesAcerAcer Instant ServiceInstantUpdateiuEmailOutlookAgent.exe (ID: 4668 |ParentID: 3500)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 2724 |ParentID: 956)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5236 |ParentID: 956)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 5248 |ParentID: 1364)
    Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 5416 |ParentID: 956)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 5692 |ParentID: 956)
    Stoppé! C:Program FilesEgisTec IPSPMMUpdate.exe (ID: 6084 |ParentID: 4940)
    Stoppé! C:Program FilesEgisTec IPSEgisUpdate.exe (ID: 3504 |ParentID: 5644)
    Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 3188 |ParentID: 3580)
    Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 6012 |ParentID: 3548)
    Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 732 |ParentID: 3188)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5164 |ParentID: 732)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5972 |ParentID: 5164)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWARE | Run : [Dolby Home Theater v4] – “C:Dolby PCEE4pcee4.exe” -autostart
    HKLMSOFTWARE | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWARE | Run : [amd_dc_opt] – C:Program Files (x86)AMDDual-Core Optimizeramd_dc_opt.exe
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
    HKLMSOFTWAREwow6432Node | Run : [BackupManagerTray] – “C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe” -h -k
    HKLMSOFTWAREwow6432Node | Run : [Dolby Home Theater v4] – “C:Dolby PCEE4pcee4.exe” -autostart
    HKLMSOFTWAREwow6432Node | Run : [LManager] – C:Program Files (x86)Launch ManagerLManager.exe
    HKLMSOFTWAREwow6432Node | Run : [amd_dc_opt] – C:Program Files (x86)AMDDual-Core Optimizeramd_dc_opt.exe
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2788141995-2334679376-359312472-1002SOFTWARE | Run : [RocketDock] – “C:Program Files (x86)RocketDockRocketDock.exe”
    HKUS-1-5-21-2788141995-2334679376-359312472-1002SOFTWARE | Run : [wqknxfwfzv] – wscript.exe //B “C:UsersBastienAppDataLocalTempwqknxfwfzv..vbs”
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-19SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}
    HKUS-1-5-18SOFTWARE | RunOnce : [IsMyWinLockerReboot] – msiexec.exe /qn /x{voidguid}

    ################## | Recherche générique |

    Supprimé! E:.lnk
    Supprimé! E:DCIM.lnk
    Supprimé! E:MISC.lnk
    Supprimé! E:PRIVATE.lnk
    Supprimé! E:.Trashes.lnk
    Supprimé! E:.TemporaryItems.lnk

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
    Supprimé! HKUS-1-5-21-2788141995-2334679376-359312472-1002Software….Mountpoints2{718ff0e7-eea8-11e1-86fd-08edb9f06f67}
    Supprimé! HKUS-1-5-21-2788141995-2334679376-359312472-1002Software….Mountpoints2{7ccbaeaa-52ce-11e2-9f0b-b888e304b38a}

    ################## | Listing |

    [22/08/2012 – 16:43:50 | SHD ] C:$Recycle.Bin
    [15/09/2012 – 10:13:14 | N | 14323] C:AdwCleaner[R1].txt
    [15/09/2012 – 10:13:39 | N | 14985] C:AdwCleaner[S1].txt
    [01/11/2013 – 18:27:33 | N | 437599] C:bdlog.txt
    [11/07/2012 – 18:58:44 | N | 2510608] C:bdr-bz01
    [22/08/2012 – 17:59:35 | N | 874] C:bdr-cf01
    [11/07/2012 – 18:59:03 | N | 37161560] C:bdr-im01.gz
    [22/08/2012 – 17:59:35 | N | 253404] C:bdr-ld01
    [22/08/2012 – 17:59:35 | N | 9216] C:bdr-ld01.mbr
    [29/05/2012 – 17:45:26 | D ] C:book
    [26/03/2012 – 08:17:38 | RASH | 8192] C:BOOTSECT.BAK
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [05/04/2013 – 16:48:16 | D ] C:Dolby PCEE4
    [01/11/2013 – 18:28:20 | ASH | 3092533248] C:hiberfil.sys
    [29/05/2012 – 17:41:20 | D ] C:Intel
    [20/09/2012 – 11:14:04 | RHD ] C:MSOCache
    [22/08/2012 – 16:43:42 | D ] C:OEM
    [01/11/2013 – 18:28:22 | ASH | 4123377664] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [22/09/2013 – 17:51:49 | D ] C:Program Files
    [24/09/2013 – 10:59:41 | D ] C:Program Files (x86)
    [24/09/2013 – 10:44:46 | HD ] C:ProgramData
    [22/08/2012 – 16:38:48 | SHD ] C:Recovery
    [01/11/2013 – 15:36:22 | SHD ] C:System Volume Information
    [15/09/2012 – 10:07:40 | D ] C:ToolBar SD
    [01/11/2013 – 19:40:50 | D ] C:UsbFix
    [01/11/2013 – 19:43:42 | A | 11324] C:UsbFix [Clean 1] BASTIEN-PC.txt
    [01/11/2013 – 18:48:12 | N | 11109] C:UsbFix [Scan 1] BASTIEN-PC.txt
    [05/04/2013 – 17:24:34 | RD ] C:Users
    [01/11/2013 – 15:28:26 | D ] C:Windows
    [07/06/2013 – 15:56:17 | RAD ] D:AUDIO_TS
    [07/06/2013 – 16:08:09 | RAD ] D:VIDEO_TS
    [15/09/2013 – 22:15:16 | D ] E:DCIM
    [15/09/2013 – 22:15:16 | D ] E:MISC
    [15/09/2013 – 22:15:16 | D ] E:PRIVATE
    [24/11/2012 – 18:32:22 | SH | 4096] E:._.Trashes
    [24/11/2012 – 18:32:22 | SHD ] E:.Trashes
    [24/11/2012 – 18:32:40 | SHD ] E:.TemporaryItems
    [24/11/2012 – 18:32:40 | SH | 4096] E:._.TemporaryItems
    [24/11/2012 – 18:32:40 | N | 293] E:.apdisk
    [24/11/2012 – 18:32:40 | SH | 4096] E:._.apdisk

    ################## | Vaccin |

    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    Chikoungounia
    Participant
    Nombre d'articles : 11

    Après redémarrage du Pc, tout est rentré dans l’ordre, merci beaucoup pour ce que vous faite.
    Pour nettoyer l’ordi à fond, devrais-je faire de même avec
    Malwarebyt’es Anti-Malware, CCleaner et d’autres ?

    kink06
    Nombre d'articles : 0

    ok pour usbfix ;)

    L’ordinateur aura été nettoyé aussi ?

    non on va le faire là ;)
    _____________________________________________________________________________________________________________________________________
    1)

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware PRO”
    • Sélectionne Examen complet
    • Clic sur Rechercher
    • Supprime tout les éléments trouvés !
    • Poste le rapport sur le forum


    ________________________________________________________________________________________________________________________________

    2)

    • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisi l’option Scanner
      2. Choisi l’option Nettoyer

    • Accepte l’avertissement en cliquant sur OK

    • Acceptes les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    ______________________________________________________________________________________________________________________________

    3)

    • Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    ________________________________________________________________________________________________________________________________

    4)

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    aller ou travail :)
    @+

    Chikoungounia
    Participant
    Nombre d'articles : 11

    Bonjour,
    J’ai effectué tous les scan voici les rapports :
    Je ne parviens pas à héberger les rapports de ZHPdiag (fichier introuvable sur le bureau lorsque je souhaite l’héberger) et de Junkware (il n’apparait pas sur le bureau après le scan.


    Adwcleaner :

    # AdwCleaner v3.010 – Rapport créé le 02/11/2013 à 11:25:12
    # Mis à jour le 20/10/2013 par Xplode
    # Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d’utilisateur : Bastien – BASTIEN-PC
    # Exécuté depuis : C:UsersBastienDownloadsadwcleaner(1).exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKCUSoftwareConduit

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16720

    -\ Mozilla Firefox v24.0 (fr)

    [ Fichier : C:UsersBastienAppDataRoamingMozillaFirefoxProfilesi6v1bxpq.defaultprefs.js ]

    *************************

    AdwCleaner[R0].txt – [3232 octets] – [01/11/2013 20:38:10]
    AdwCleaner[R1].txt – [1021 octets] – [02/11/2013 11:23:25]
    AdwCleaner[S0].txt – [3204 octets] – [01/11/2013 20:39:38]
    AdwCleaner[S1].txt – [901 octets] – [02/11/2013 11:25:12]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [960 octets] ##########

    Mbam :

    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.11.01.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Bastien :: BASTIEN-PC [administrateur]

    01/11/2013 20:43:50
    mbam-log-2013-11-01 (20-43-50).txt

    Type d’examen: Examen complet (C:|D:|E:|Q:|)
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 402403
    Temps écoulé: 1 heure(s), 24 minute(s), 56 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 2
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{E6A9D134-A1A1-9466-375F-497C0BF3B837} (PUP.Optional.Tarma.A) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{B51B5319-F9D7-42BF-A054-B1F56EF871EF} (PUP.Optional.Tarma.A) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 11
    C:ProgramDataInstallMate{718A2927-8373-4472-A699-CB51AA690BD1}Setup.exe (PUP.Optional.Tarma.A) -> Mis en quarantaine et supprimé avec succès.
    C:ProgramDataInstallMate{718A2927-8373-4472-A699-CB51AA690BD1}TsuDll.dll (PUP.Optional.Tarma.A) -> Mis en quarantaine et supprimé avec succès.
    C:ProgramDataInstallMate{B51B5319-F9D7-42BF-A054-B1F56EF871EF}Setup.exe (PUP.Optional.Tarma.A) -> Mis en quarantaine et supprimé avec succès.
    C:ProgramDataInstallMate{B51B5319-F9D7-42BF-A054-B1F56EF871EF}TsuDll.dll (PUP.Optional.Tarma.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersBastienDownloads7ZIP.exe (PUP.Optional.InstallCore) -> Mis en quarantaine et supprimé avec succès.
    C:UsersBastienDownloadsfreecordervideo2mp3-setup.exe (PUP.Optional.DownloadAdmin) -> Mis en quarantaine et supprimé avec succès.
    C:UsersBastienDownloadsle-grand-bleu-eng-3361076.exe (PUP.Optional.Installrex) -> Mis en quarantaine et supprimé avec succès.
    C:UsersBastienDownloadslennemi-public-ndeg1-eng-4642935.exe (PUP.Optional.Installrex) -> Mis en quarantaine et supprimé avec succès.
    C:UsersBastienDownloadsSoftonicDownloader_pour_utorrent(1).exe (PUP.Optional.Softonic) -> Mis en quarantaine et supprimé avec succès.
    C:UsersBastienDownloadsSoftonicDownloader_pour_utorrent.exe (PUP.Optional.Softonic) -> Mis en quarantaine et supprimé avec succès.
    C:UsersBastienDownloadsstable (PUP.Optional.InstallCore) -> Mis en quarantaine et supprimé avec succès.

    (fin)

    kink06
    Nombre d'articles : 0

    Re,

    Je ne parviens pas à héberger les rapports de ZHPdiag (fichier introuvable sur le bureau lorsque je souhaite l’héberger) et de Junkware (il n’apparait pas sur le bureau après le sca

    pour Junkware regarde aussi dan C: si tu le vois sinon ce pas grave ;)

    normalement il est sauvegardé dan => C:ZHPZHPDiag.txt.

    Chikoungounia
    Participant
    Nombre d'articles : 11

    voici le rapport ZHPDiag, mais toujours pas trace de celui de Junkeware, même dans C:

    ~ Rapport de ZHPDiag v2013.11.1.2 – Nicolas Coolman (02/11/2013)
    ~ Lancé par Bastien (02/11/2013 11:35:04)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16721
    MFIE: Mozilla Firefox 24.0 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 7QJB7
    Windows License : OK
    ~ Windows Remaining Initializations Number : 2
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Bitdefender Internet Security 2013 v16.18.0.1406
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer
    µTorrent v1.6 =>P2P.µTorrent

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3932 MB (33% free)
    System Restore: Activé (Enable)
    System drive C: has 247 GB (36%) free of 681 GB

    —\ Mode de connexion au système
    ~ Computer Name: BASTIEN-PC
    ~ User Name: Bastien
    ~ All Users Names: UpdatusUser, HomeGroupUser$, Bastien, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersBastienAppDataRoamingZHP
    ~ %AppData% : C:UsersBastienAppDataRoaming
    ~ %Desktop% : C:UsersBastienDesktop
    ~ %Favorites% : C:UsersBastienFavorites
    ~ %LocalAppData% : C:UsersBastienAppDataLocal
    ~ %StartMenu% : C:UsersBastienAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 247 Go of 681 Go)
    D: CD-ROM drive (Not Inserted)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowPrinters: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.14/07/2011 – 06:30:29.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.14/07/2011 – 06:33:59.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 05s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/22032
    ~ Mes musiques (My Musics) : 1/16272
    Mes Videos (My Videos) : 3/3 (Modified)
    ~ Mes Favoris (My Favorites) : 1/4
    ~ Mes Documents (My Documents) : 1/669
    ~ Mon Bureau (My Desktop) : 6/9054
    ~ Menu demarrer (Programs) : 1/29
    ~ Hidden Files: Scanned in 01mn 19s

    —\ Processus lancés
    [MD5.1A7F10605F9672E101BFA27CAED210D5] – (.Dritek System Inc. – Launch Manager Worker.) — C:Program Files (x86)Launch ManagerLMworker.exe [343632] [PID.2768]
    [MD5.7DFCCC67990B6DE7F30F553A4E4612A4] – (…) — C:Program Files (x86)RocketDockRocketDock.exe [495616] [PID.3560]
    [MD5.807C549EB194F2E4051D79EAB09131DB] – (.Contact: Jeux.cartes@free.frhttp://jeux.cartes.free.fr” onclick=”window.open(this.href);return false;.) — C:Program Files (x86)POST-NETPost-Net.exe [144384] [PID.3980]
    [MD5.4DDE3E01B5020B3D5DEEC7E3DC0F3185] – (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe [296984] [PID.3844]
    [MD5.FE668B0E3E87077A46FE77AFB0E27F9C] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [1105488] [PID.4112]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4244]
    [MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [274840] [PID.4216]
    [MD5.D2BF8B1568789A25CE8889A645499FD8] – (.CyberLink – MediaEspresso DeviceDetector.) — C:Program Files (x86)CyberLinkMediaEspressoDeviceDetectorDeviceDetector.exe [986208] [PID.976]
    [MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [17816] [PID.5168]
    [MD5.EB68851F020D35293EADAADEB18B8220] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.5204]
    [MD5.9CC2AFA054D7B903FBBCD79D0C434796] – (.Pas de propriétaire – iuBrowserIEAgent.) — C:Program FilesAcerAcer Instant ServiceInstantUpdateiuBrowserIEAgent.exe [40552] [PID.4024]
    [MD5.166341724BDAC91B620B4ECD7B2D72AC] – (.Pas de propriétaire – iuEmailOutlookAgent.) — C:Program FilesAcerAcer Instant ServiceInstantUpdateiuEmailOutlookAgent.exe [22120] [PID.2216]
    [MD5.C5D445474CDE2EA0C01548EEC465EACD] – (.Nicolas Coolman – ZHPDiag.) — C:UsersBastienDesktopZHPDiagZHPDiag.exe [8164864] [PID.2728]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2160]
    [MD5.20F6F19FE9E753F2780DC2FA083AD597] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [37664] [PID.2448]
    [MD5.C02FF01B821FBB72104132E56EC5B881] – (.Dritek System Inc. – Dritek WMI Service.) — C:Program Files (x86)Launch Managerdsiwmis.exe [355920] [PID.2700]
    [MD5.D98B7ABBBB55FD3A4D9F7B8A7869FCBF] – (.Dritek System Inc. – Launch Manager utility process.) — C:Program Files (x86)Launch ManagerLMutilps32.exe [419408] [PID.2780]
    [MD5.DBD76BC1D498FE368F2C8CB76C3E00A4] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [161560] [PID.2868]
    [MD5.6BB516A31DE232DAB436FF3A117E1E80] – (.Acer Incorporated – Updater Service.) — C:Program FilesAcerAcer UpdaterUpdaterService.exe [255376] [PID.2560]
    [MD5.D27A4546417ED7C4AEA7B3420D4F1F50] – (.NTI Corporation – Backup Manager Module.) — C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe [256536] [PID.2688]
    [MD5.39B1D0A636A400304565D4521FAD6D77] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [207528] [PID.3296]
    [MD5.77C5A741A7452812F278EF2C18478862] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [523944] [PID.3800]
    [MD5.FD557A50A65E44041CD2FCEF4BEB04DB] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [822504] [PID.4400]
    [MD5.545462D0DBE24AF379BA869B7C185CCD] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.5420]
    [MD5.86E4CC39C953D11EF57CF54C4DC78238] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [277784] [PID.4072]
    [MD5.8165CB470A8AB5446E3ADFBC51712580] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [2458944] [PID.3488]
    [MD5.D80B1075B69B57A3AB78F750CE463ECE] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [363800] [PID.4748]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersBastienAppDataRoamingMozillaFirefoxProfilesi6v1bxpq.defaultprefs.js
    ~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Bastien]: BS.Player FREE.lnk . (.AB Team – BS.Player.) — C:Program Files (x86)WebtehBSPlayerbsplayer.exe
    O4 – GSQuickLaunch [Bastien]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [Bastien]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Bastien]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Global Startup: 53 Legitimates Filtered in 00mn 09s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Bastien]: Post-Net.lnk . (.Contact: Jeux.cartes@free.frhttp://jeux.cartes.free.fr” onclick=”window.open(this.href);return false;.) — C:Program Files (x86)POST-NETPost-Net.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
    O4 – HKLM..Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
    O4 – HKLM..Run: [Power Management] . (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer ePower ManagementePowerTray.exe
    O4 – HKLM..Run: [InstantUpdate] . (…) — C:Program FilesAcerAcer Instant ServiceInstantUpdateiuDaemon.exe
    O4 – HKLM..Run: [Bdagent] . (.Bitdefender – Bitdefender Agent.) — C:Program FilesBitdefenderBitdefender 2013bdagent.exe
    O4 – HKCU..Run: [RocketDock] . (…) — C:Program Files (x86)RocketDockRocketDock.exe
    O4 – HKCU..Run: [wqknxfwfzv] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKLM..Wow6432NodeRun: [SuiteTray] . (.Egis Technology Inc. – SuiteTray.) — C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe
    O4 – HKLM..Wow6432NodeRun: [BackupManagerTray] . (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe
    O4 – HKLM..Wow6432NodeRun: [Dolby Home Theater v4] . (.Dolby Laboratories Inc. – Dolby Profile Selector.) — C:Dolby PCEE4pcee4.exe
    O4 – HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe
    O4 – HKLM..Wow6432NodeRun: [amd_dc_opt] . (.AMD – AMD Dual-Core Optimizer.) — C:Program Files (x86)AMDDual-Core Optimizeramd_dc_opt.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-18..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
    O4 – HKUSS-1-5-21-2788141995-2334679376-359312472-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2788141995-2334679376-359312472-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2788141995-2334679376-359312472-1000..RunOnce: [ScrSav] . (.Pas de propriétaire – run_NB Application.) — C:Program Files (x86)AcerScreensaverrun_Acer.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{605411D6-2B14-4399-965F-849F95E9BCCD}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{605411D6-2B14-4399-965F-849F95E9BCCD}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{605411D6-2B14-4399-965F-849F95E9BCCD}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA shim initialization dll, Version 296.) – C:Windowssystem32nvinitx.dll
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{832F306C-42D3-442E-A888-E6A170A9D362}] (…) — C:UsersBastienDownloadsToolBarSD.exe (.not file.) [0]
    ~ Scheduled Task: 7 Legitimates Filtered in 00mn 06s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 16/09/2013 – 19:22:36 – [0] —-D C:Program Files (x86)ss helper =>Adware.SaveShare
    O43 – CFD: 11/09/2013 – 21:07:37 – [2,108] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 01/11/2012 – 12:37:55 – [1,337] —-D C:UsersBastienAppDataRoamingFreecorder 7 Converter =>Riskware.Movly
    O43 – CFD: 31/10/2012 – 21:30:12 – [1,069] —-D C:UsersBastienAppDataRoamingFreecorder 7 Video =>Riskware.Movly
    O43 – CFD: 01/11/2012 – 12:38:35 – [0] –H-D C:UsersBastienAppDataLocalFreecorder 7 Converter =>Riskware.Movly
    O43 – CFD: 31/10/2012 – 21:44:40 – [0] –H-D C:UsersBastienAppDataLocalFreecorder 7 Video =>Riskware.Movly
    ~ Program Folder: 190 Legitimates Filtered in 00mn 02s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.1B8BC430B41A3F3CD2EA72BDBF13B73F] – 01/11/2013 – 19:46:28 —A- . (…) — C:WindowsSysNativeGDIPFONTCACHEV1.DAT [67176]
    O44 – LFC:[MD5.1B8BC430B41A3F3CD2EA72BDBF13B73F] – 01/11/2013 – 19:46:28 —A- . (…) — C:WindowsSystem32GDIPFONTCACHEV1.DAT [67176]
    O44 – LFC:[MD5.2B94CEB5C3EBD3210C53A193CDF26886] – 02/11/2013 – 11:26:16 —A- . (…) — C:bdlog.txt [442088]
    ~ Files: 20 Legitimates Filtered in 00mn 12s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.082B9C285D2E91C68C052A1C50BA42B5] – 01/11/2013 – 19:39:22 —A- – C:WindowsPrefetchLMUTILPS32.EXE-34FC39D7.pf
    O45 – LFCP:[MD5.18D6DA1E88C3A22207CDFA401CCA4EA8] – 01/11/2013 – 22:14:27 —A- – C:WindowsPrefetchINSTALLER.EXE-FB682CC5.pf
    O45 – LFCP:[MD5.D72972DB8211F06B664E5D1BA4E99F91] – 02/11/2013 – 11:28:07 —A- – C:WindowsPrefetchSUITETRAY.EXE-42757614.pf
    O45 – LFCP:[MD5.C80692389ECAC4C26C307C7176D04422] – 18/10/2013 – 18:31:39 —A- – C:WindowsPrefetchACERCLOUDCHECKTOOL.EXE-1824F0A4.pf
    O45 – LFCP:[MD5.00910C759410DFE23CFA3AB1F37B3C98] – 18/10/2013 – 18:31:39 —A- – C:WindowsPrefetchALUSNCHECK.EXE-4AFE1C1B.pf
    O45 – LFCP:[MD5.24DEC602D6612C11FB1D48C464D4E166] – 18/10/2013 – 18:31:40 —A- – C:WindowsPrefetchFIND.EXE-AE190082.pf
    O45 – LFCP:[MD5.3004BE0259FEA793D569CE6081A80C9F] – 18/10/2013 – 18:31:43 —A- – C:WindowsPrefetchFIXPACKDATACOLLECTOR.EXE-8892A559.pf
    O45 – LFCP:[MD5.34A831D64664402A9DBCF6AE0B75637F] – 18/10/2013 – 18:31:44 —A- – C:WindowsPrefetchFIXPACKDATACOLLECTOR.EXE-0995CC22.pf
    O45 – LFCP:[MD5.3E4BBEC298F498F89371E78EE835DCD8] – 23/10/2013 – 09:06:48 —A- – C:WindowsPrefetchUPDATESRV.EXE-4466C123.pf
    O45 – LFCP:[MD5.F79C2612B2AF67A57D2D477DDC192941] – 26/10/2013 – 11:37:30 —A- – C:WindowsPrefetchPCEE4.EXE-98ED232C.pf
    ~ Prefetcher: 142 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.B280C4608AC389DA9515A35AC4CAB0FD] – 24/06/2010 – 23:53:04 —A- . (.http://libusb-win32.sourceforge.net” onclick=”window.open(this.href);return false; – LibUSB-Win32 – Kernel Driver.) — C:WindowsSysWOW64driverslibusb0.sys [21504]
    ~ Drivers: 18 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 01/11/2013 – 11:38:06 —A- . (…) — C:UsersBastienDownloadsadwcleaner(1).exe [1060070]
    O61 – LFC: 01/11/2013 – 11:38:09 —A- . (…) — C:UsersBastienDownloadsN_Douay_PhD_planif_Marseille-Montreal.pdf [17960927]
    O61 – LFC: 02/11/2013 – 11:38:04 —A- . (…) — C:UsersBastienAppDataRoamingZHPLog.txt [16390] =>.Nicolas Coolman
    O61 – LFC: 02/11/2013 – 11:38:04 —A- . (…) — C:UsersBastienAppDataRoamingZHPTestsZHPDiag.txt [2924] =>.Nicolas Coolman
    ~ 9 Fichiers temporaires (Temporary files)
    ~ Files: 60 Legitimates Filtered in 01mn 14s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.41FC251FDDC1C4297C479C01261C406B] [SPRF][22/08/2012] (…) — C:ProgramData1345652146.bdinstall.bin [452943]
    [MD5.5D9B144842C8B2D2EEC691DE47FEB58C] [SPRF][22/08/2012] (…) — C:ProgramData1345653921.bdinstall.bin [50731]
    [MD5.A6A82B4E64CB04E44AEF1BE50ACAB75D] [SPRF][22/08/2012] (…) — C:ProgramData1345654294.bdinstall.bin [625009]
    [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersBastienAppDataLocalTempQuarantine.exe [344355]
    ~ Files: 4 Legitimates Filtered in 00mn 00s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SS – | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SS – | Disabled 17/09/2013 69392 | (BdDesktopParental) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2013bdparentalservice.exe
    SR – | Auto 21/03/2012 957216 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
    SS – | Demand 20/02/2012 276248 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SR – | Auto 23/03/2012 355920 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
    SS – | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) – C:Program Files (x86)Common FilesEgisTecServicesEgisTicketService.exe
    SR – | Auto 07/02/2012 871296 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
    SS – | Demand 29/05/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Demand 09/05/2011 136120 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Auto 02/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 02/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 08/02/2012 161560 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 07/02/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) – C:Program FilesAcerAcer UpdaterUpdaterService.exe
    SR – | Auto 08/02/2012 277784 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SS – | Auto 10/07/1658 0 | (McAfee SiteAdvisor Service) . (…) – C:Program Files (x86)mcafeeSITEAD~1mcsacore.exe
    SS – | Demand 19/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SR – | Auto 05/01/2012 256536 | (NTI IScheduleSvc) . (.NTI Corporation.) – C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe
    SR – | Auto 21/03/2012 889664 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 21/03/2012 2458944 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SS – | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SR – | Auto 08/02/2012 363800 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 17/09/2013 67320 | (UPDATESRV) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2013updatesrv.exe
    SR – | Auto 22/10/2013 1645256 | (vsserv) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefender 2013vsserv.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 29/05/2012 48128 | (wltrysvc) . (.Broadcom Corporation.) – C:Program FilesBroadcomBroadcom 802.11 Network AdapterWLTRYSVC.exe
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 31s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by Bastien at 02/11/2013 11:40:09
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Bastien at 02/11/2013 11:40:11

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 12965 – (02/11/2013)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 6
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}] =>Adware.SaveShare
    C:Program Files (x86)ss helper =>Adware.SaveShare^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:UsersBastienAppDataRoamingFreecorder 7 Converter =>Riskware.Movly^
    C:UsersBastienAppDataRoamingFreecorder 7 Video =>Riskware.Movly^
    C:UsersBastienAppDataLocalFreecorder 7 Converter =>Riskware.Movly^
    C:UsersBastienAppDataLocalFreecorder 7 Video =>Riskware.Movly^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow ^
    ~ Additionnel Scan: 216879 Items scanned in 00mn 39s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow” onclick=”window.open(this.href);return false; =>PUA.StartShow
    ~ http://nicolascoolman.webs.com/apps/blog/show/31929570-adware-saveshare” onclick=”window.open(this.href);return false; =>Adware.SaveShare
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/28801930-riskware-movly” onclick=”window.open(this.href);return false; =>Riskware.Movly
    ~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing” onclick=”window.open(this.href);return false; =>Toolbar.Bing
    ~ MSI: 5 link(s) detected in 00mn 39s

    ~ 1360 Legitimates filtered by white list
    End of the scan (425 lines in 05mn 47s)(0)

    Chikoungounia
    Participant
    Nombre d'articles : 11

    Vous pensez que tout est désinfecté ? Je vais peut être utiliser Ccleaner pour achever le tout. Merci beaucoup pour toutes ces infos

    kink06
    Nombre d'articles : 0

    Vous pensez que tout est désinfecté ?

    ce pas fini ! fais ceci => je t’ai dire de que ce fini ;)

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

      Script ZHPFix =>
      ShortcutFix
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
      O43 - CFD: 16/09/2013 - 19:22:36 - [0] ----D C:Program Files (x86)ss helper =>Adware.SaveShare
      O43 - CFD: 11/09/2013 - 21:07:37 - [2,108] ----D C:ProgramDataInstallMate =>PUP.Tarma
      O43 - CFD: 01/11/2012 - 12:37:55 - [1,337] ----D C:UsersBastienAppDataRoamingFreecorder 7 Converter =>Riskware.Movly
      O43 - CFD: 31/10/2012 - 21:30:12 - [1,069] ----D C:UsersBastienAppDataRoamingFreecorder 7 Video =>Riskware.Movly
      O43 - CFD: 01/11/2012 - 12:38:35 - [0] --H-D C:UsersBastienAppDataLocalFreecorder 7 Converter =>Riskware.Movly
      O43 - CFD: 31/10/2012 - 21:44:40 - [0] --H-D C:UsersBastienAppDataLocalFreecorder 7 Video =>Riskware.Movly
      [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}] =>Adware.SaveShare
      C:Program Files (x86)ss helper =>Adware.SaveShare^
      C:ProgramDataInstallMate =>PUP.Tarma^
      C:UsersBastienAppDataRoamingFreecorder 7 Converter =>Riskware.Movly^
      C:UsersBastienAppDataRoamingFreecorder 7 Video =>Riskware.Movly^
      C:UsersBastienAppDataLocalFreecorder 7 Converter =>Riskware.Movly^
      C:UsersBastienAppDataLocalFreecorder 7 Video =>Riskware.Movly^
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow ^
      OPT:O4 - HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:Program Files (x86)Launch ManagerLManager.exe
      O45 - LFCP:[MD5.18D6DA1E88C3A22207CDFA401CCA4EA8] - 01/11/2013 - 22:14:27 ---A- - C:WindowsPrefetchINSTALLER.EXE-FB682CC5.pf
      µTorrent v1.6 =>P2P.µTorrent
      [MD5.41FC251FDDC1C4297C479C01261C406B] [SPRF][22/08/2012] (...) -- C:ProgramData1345652146.bdinstall.bin [452943] => BitDedender Random File Installation
      [MD5.5D9B144842C8B2D2EEC691DE47FEB58C] [SPRF][22/08/2012] (...) -- C:ProgramData1345653921.bdinstall.bin [50731] => BitDedender Random File Installation
      [MD5.A6A82B4E64CB04E44AEF1BE50ACAB75D] [SPRF][22/08/2012] (...) -- C:ProgramData1345654294.bdinstall.bin [625009] => BitDedender Random File Installation
      [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (...) -- C:UsersBastienAppDataLocalTempQuarantine.exe [344355] => Temporary file not necessary
      [MD5.00000000000000000000000000000000] [APT] [{832F306C-42D3-442E-A888-E6A170A9D362}] (...) -- C:UsersBastienDownloadsToolBarSD.exe (.not file.) [0] => Fichier absent
      [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowPrinters: Modified => EXPLORER : N'affiche pas Printers dans le menu de démarrage
      R5 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
      O55 - MWPS:[HKLM...PoliciesSystem] - "EnableUIADesktopToggle"=0 => Disable Vista UIAccess applications (UAC)
      SS - | Auto 10/07/1658 0 | (McAfee SiteAdvisor Service) . (...) - C:Program Files (x86)mcafeeSITEAD~1mcsacore.exe => McAfee%SiteAdvisor
      O4 - HKLM..Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
      [MD5.00000000000000000000000000000000] [APT] [{832F306C-42D3-442E-A888-E6A170A9D362}] (...) -- C:UsersBastienDownloadsToolBarSD.exe (.not file.) [0]
      O55 - MWPS:[HKLM...PoliciesSystem] - "FilterAdministratorToken"=0 => Le compte "Administrateur" n'est pas soumis aux approbations
      SysRestore
      EmptyFlash
      EmptyCLSID
      Firewallraz
      EmptyTemp

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
    Chikoungounia
    Participant
    Nombre d'articles : 11

    voici le dernier rapport ZHPFixReport : https://antimalware.top/log/SosUpload.1a0bbd714d50b47dfabe6b5520e11857.txt” onclick=”window.open(this.href);return false;

    kink06
    Nombre d'articles : 0

    ok ;)

    pour contrôle refais encor un nouveau log ZHPDiag: stp ;)
    regarde l’image ici =>
    http://cjoint.com/13oc/CJukFzALKYy.htm” onclick=”window.open(this.href);return false;
    Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur Sosupload

    Chikoungounia
    Participant
    Nombre d'articles : 11

    voilà le dernier rapport ZHPDiag : http://cjoint.com/?3KcozbJnbxq” onclick=”window.open(this.href);return false;

    kink06
    Nombre d'articles : 0

    >==> As tu encore des soucis? – sinon on passe phase finale “Désinstallation des outils de désinfection” ! ;)

    Chikoungounia
    Participant
    Nombre d'articles : 11

    Tout semble revenu à la normale, merci beaucoup. Il n’y a que adwcleaner et Junkware que je ne parviens pas à désinstaller

15 sujets de 1 à 15 (sur un total de 19)
  • Vous devez être connecté pour répondre à ce sujet.