15 sujets de 1 à 15 (sur un total de 30)
  • Auteur
    Messages
  • bibiludo
    Participant
    Nombre d'articles : 18

    Bonsoir à tous,
    je post mon problème de pubs intempestives, de demande de MAJ, des liens qui ne devraient pas existé etc…
    Je précise que j’ai déjà posté mon problème sur un autre forum dont le lien est ici http://www.pc-infopratique.com/forum-informatique/virus-piege-java-besoin-aide-vt-74786.html
    J’ai été pris en charge fort aimablement par un helper mais mon problème n’est toujours pas réglé comme vous pouvez le voir en fin de post …

    En effet, malgré des scans de Adwcleaner qui me détecte des virus, après un nettoyage et un redémarage, ces virus persistent ?

    Je vous remet à tout hasard mon dernier rapport

    Spoiler for 1btbw36j

    # AdwCleaner v3.311 – Rapport créé le 03/11/2014 à 20:19:13
    # Mis à jour le 30/09/2014 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : USER – USER-PC
    # Exécuté depuis : C:UsersUSERDesktopadwcleaner_3.311.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerLowRegistryDOMStoragesuperfish.com
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerLowRegistryDOMStoragewww.superfish.com

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17344

    -\ Mozilla Firefox v33.0 (x86 fr)

    [ Fichier : C:USERsUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js ]

    *************************

    AdwCleaner[R0].txt – [9327 octets] – [02/11/2014 09:09:35]
    AdwCleaner[R1].txt – [1166 octets] – [03/11/2014 19:51:38]
    AdwCleaner[R2].txt – [1227 octets] – [03/11/2014 19:54:21]
    AdwCleaner[R3].txt – [1287 octets] – [03/11/2014 19:54:56]
    AdwCleaner[R4].txt – [1347 octets] – [03/11/2014 20:00:16]
    AdwCleaner[R5].txt – [1273 octets] – [03/11/2014 20:04:01]
    AdwCleaner[R6].txt – [1333 octets] – [03/11/2014 20:11:44]
    AdwCleaner[R7].txt – [1647 octets] – [03/11/2014 20:18:32]
    AdwCleaner[S0].txt – [8421 octets] – [02/11/2014 09:11:06]
    AdwCleaner[S1].txt – [1410 octets] – [03/11/2014 20:00:53]
    AdwCleaner[S2].txt – [1394 octets] – [03/11/2014 20:12:20]
    AdwCleaner[S3].txt – [1570 octets] – [03/11/2014 20:19:13]

    ########## EOF – C:AdwCleanerAdwCleaner[S3].txt – [1630 octets] ##########[/spoiler:1btbw36j]

    On m’a dit que le problème venait certainement de modules complémentaires mais après avoir carrément désinstaller Mozilla et en désactivant TOUS les modules d’IE, les virus reviennent !

    Je commence à désespérer, je voudrais avoir d’autres avis et si possible une solution !
    Je vous remercie de l’aide que vous voudrez bien m’apporter !

    jacques.gache
    Participant
    Nombre d'articles : 678

    bonjour, On va faire un diagnostic de ton PC pour plus de renseignements ==

    • Télécharge ZHPDiag sur ton bureau : https://www.sosvirus.net/telecharger/zhpdiag/” onclick=”window.open(this.href);return false;
    • Laisse-toi guider lors de l’installation.
    • Ouvre ZHPDiag (icône parchemin) puis clique sur Configurer.
    • Dans les icônes qui apparaissent en bas, clique sur la loupe la plus à droite (Diagnostic avec légitimes). Dans la fenêtre qui apparaît demandant un rapport avec full options, clique sur Oui, puis patiente le temps du scan.
    • Héberge le rapport ZHPDiag.txt présent sur ton bureau sur le site ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse :
      sosupload
    • Tutoriel ZHPdiag, si tu n’as pas tout compris : zhpdiag-nicolas-coolman-t82500.html
    • Tutoriel sosupload, si besoin : comment-heberger-fichier-sur-sosupload-t82463.html
    bibiludo
    Participant
    Nombre d'articles : 18

    Bonjour,
    je n’arrive pas à avoir accès au téléchargement de ZHP diag avec le lien que tu m’as envoyé ( impossible d’agrandir la fenêtre )
    J’ai essayé avec un autre lien donné sur un forum d’aide, je suis tombé sur la bonne page.
    Je télécharge ZHPDIAG mais au moment de l’enregistrement, j’ai un message d’alerte qui me dit que ZHPDIAG2 est peu téléchargé, je le fais quand même ?

    jacques.gache
    Participant
    Nombre d'articles : 678

    bonjour, c’est bizarre je viens de tester le lien et le téléchargement sans problème !! https://www.sosvirus.net/telecharger/zhpdiag/” onclick=”window.open(this.href);return false;

    si tu l’as trouvé sur un autre lien de téléchargement ,lance le.
    Le message que tu as c’est qui qui te le fait ??

    bibiludo
    Participant
    Nombre d'articles : 18

    Je n’y comprend rien JACQUES…
    J’ai bien lancé le ZHP DIAG, j’ai le rapport mais je suis toujours embêté avec le lien ci join.com que tu m’as mis !
    Je n’ai pas la possibilité d’agrandir la case ( elle est non sélectionnable ) du coup, je n’ai pas accès au bouton d’envoi !
    Est ce que je peux te mettre mon rapport en spoiler ?

    jacques.gache
    Participant
    Nombre d'articles : 678

    bonjour, essais comme tu dis !
    je vois pas ou est le problème,regarde le tuto https://antimalware.top/index.php?action=u” onclick=”window.open(this.href);return false;

    bibiludo
    Participant
    Nombre d'articles : 18

    Le problème n’est pas que je ne sais pas m’en servir de ci joint, c’est que la fenetre affichée, je ne peux pas l’agrandir car la case d’agrandissement est grise …

    Je te met en spoiler mon rapport, il est en 2 fois limite oblige…
    Je suis désolé mais ma navigation est très limitée avec toutes ses redirections !

    Spoiler for q55pf6zt

    ~ Rapport de ZHPDiag v2014.11.3.157 – Nicolas Coolman (03/11/2014)
    ~ Lancé par USER (04/11/2014 15:27:15)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Désactivée par l'utilisateur
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17358 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : DVQJG
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 2.0.3.1025
    Microsoft Security Client v4.6.0305.0
    Windows Defender W7 (Deactivate)

    —\ Logiciels d'optimisation du système
    CCleaner v4.15

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 15 Plugin
    Adobe Reader 9.3 – Français

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 8161 MB (73% free)
    System Restore: Activé (Enable)
    System drive C: has 337 GB (72%) free of 466 GB

    —\ Mode de connexion au système
    ~ Computer Name: USER-PC
    ~ User Name: USER
    ~ All Users Names: USER, UpdatusUser, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersUSERAppDataRoamingZHP
    ~ %AppData% : C:UsersUSERAppDataRoaming
    ~ %Desktop% : C:UsersUSERDesktop
    ~ %Favorites% : C:UsersUSERFavorites
    ~ %LocalAppData% : C:UsersUSERAppDataLocal
    ~ %StartMenu% : C:UsersUSERAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 337 Go of 466 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 464 Go of 466 Go)
    E: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] FirewallOverride: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: OK
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
    [HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
    ~ Security Center: 41 Scanned in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9D98D4F390F0B14A782F3B931E613A1A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.19/09/2014 – 01:33:18.) — C:WindowsSystem32wininet.dll [2309632]
    [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.17/07/2014 – 03:07:24.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/8854
    ~ Mes Videos (My Videos) : 1/147
    ~ Mes Favoris (My Favorites) : 1/7
    ~ Mes Documents (My Documents) : 1/3
    ~ Mon Bureau (My Desktop) : 1/9
    ~ Menu demarrer (Programs) : 1/27
    ~ Hidden Files: Scanned in 00mn 06s

    —\ Processus lancés
    [MD5.9D51EA92A612B37E76E5E4621650C50A] – (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe [113288] [PID.2584]
    [MD5.F9F310F9FB7F294F00ABDD03453D8CEE] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [812736] [PID.3160]
    [MD5.9ED34A82F8FBF6001F127420834DD793] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8118784] [PID.3192]
    [MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] – (…) — C:Program Files (x86)CDBurnerXPNMSAccessU.exe [71096] [PID.1728]
    [MD5.E87213F37A13E2B54391E40934F071D0] – (.Microsoft Corporation – .NET Runtime Optimization Service.) — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [105144] [PID.2044]
    [MD5.A3A25E0509F67473B960DAF214828BE3] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [1259296] [PID.3116]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M2 – MFEP: Extension {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} =>.Adblock Plus Extension Mozilla Firefox
    P2 – FPN: [HKLM] [@adobe.com/FlashPlayer] – (…) — C:Windowssystem32MacromedFlashNPSWF64_15_0_0_189.dll
    P2 – FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] – (. Microsoft Corporation – 5.1.30514.0.) — C:Program FilesMicrosoft Silverlight5.1.30514.0npctrl.dll
    ~ Firefox Browser: 3 Scanned in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com
    R0 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Start Page = http://www.google.com
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = preserve
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.google.com
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Search Page = http://www.google.com
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R3 – URLSearchHook: Microsoft Url Search Hook [64Bits] – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation – Navigateur Internet.) (11.00.9600.17239 (winblue_gdr.140724-2228)) — C:WindowsSysWOW64ieframe.dll
    R4 – HKLMSOFTWAREMicrosoftInternet ExplorerPhishingFilter,EnabledV8 = 1
    R4 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerPhishingFilter,EnabledV8 = 1
    ~ IE Browser: 18 Scanned in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (21)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: AcroIEHelperStub [64Bits] – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated – Adobe PDF Helper for Internet Explorer.) — C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 – BHO: Programme d’aide de l’Assistant de connexion au compte Microsoft [64Bits] – {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. – Microsoft® Windows Live ID Login Helper.) — C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
    ~ BHO: 3 Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — C:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [EPSON Stylus DX4800 Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_FATIADE.exe =>.Epson Seiko Corporation
    O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtkNGUI64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Wow6432NodeRun: [NUSB3MON] . (.Renesas Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
    O5 – control.ini: [HKLM..Control Panel] inetcpl.cpl=no
    ~ IE Control Panel: 1 Scanned in 00mn 00s

    —\ Winsock hijacker (Layered Service Provider) (O10)
    O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Network Location Awareness 2.) — C:Windowssystem32NLAapi.dll
    O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – Fournisseur Shim d’affectation de noms de messagerie.) — C:Windowssystem32napinsp.dll
    O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000004Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000005Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:Windowssystem32mswsock.dll =>.Microsoft Corporation
    O10 – WLSP:00000000006Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:Windowssystem32winrnr.dll
    O10 – WLSP:00000000007Winsock LSP File . (.Microsoft Corp. – Microsoft® Windows Live ID Namespace Provider.) — C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWLIDNSP.dll =>.Microsoft Corporation
    O10 – WLSP:00000000008Winsock LSP File . (.Microsoft Corp. – Microsoft® Windows Live ID Namespace Provider.) — C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWLIDNSP.dll =>.Microsoft Corporation
    ~ Winsock: 8 Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{9A7232B6-4E6C-4386-98AA-5EE86A8312EA}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{9A7232B6-4E6C-4386-98AA-5EE86A8312EA}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{9A7232B6-4E6C-4386-98AA-5EE86A8312EA}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – CLSID or File not found.
    ~ SSODL: 1 Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: NMSAccess (NMSAccess) . (…) – C:Program Files (x86)CDBurnerXPNMSAccessU.exe
    O23 – Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 307.8.) – C:Windowssystem32nvvsvc.exe
    O23 – Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation – NVIDIA Settings Update Manager.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    ~ Services: 3 Scanned in 00mn 02s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Default MHTML Editor: Last – .(…) – (.not file.)
    ~ Desktop Component: 4 Scanned in 00mn 00s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (autocheck autochk *) – File not found
    ~ BEX: 1 Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.2637233632CCD1837A1A57A43CAF00A4] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) — C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [267440]
    [MD5.11543DEB4316B9DBB42999C83495838F] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) — C:Program FilesCCleanerCCleaner.exe [4624152]
    O39 – APT: Adobe Flash Player Updater – (.Adobe Systems Incorporated.) — C:WindowsTasksAdobe Flash Player Updater.job [1002]
    O39 – APT: Adobe Flash Player Updater – (.Adobe Systems Incorporated.) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    ~ Scheduled Task: 3 Scanned in 00mn 03s

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: Microsoft Windows Media Player [64Bits] – >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Microsoft Windows Media Player 12.0 [64Bits] – {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Windows Media Player Extension.) — C:WindowsSysWOW64wmpdxm.dll =>.Microsoft Corporation
    O40 – ASIC: Themes Setup [64Bits] – {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation – API Windows Theme.) — C:WindowsSystem32themeui.dll
    O40 – ASIC: Internet Explorer [64Bits] – {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation – Interpréteur de commandes Windows.) — C:Windowssystem32cmd.exe =>.Microsoft Corporation
    O40 – ASIC: Microsoft Windows [64Bits] – {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation – Windows Mail.) — C:Program Files (x86)Windows MailWinMail.exe =>.Microsoft Corporation
    O40 – ASIC: Browsing Enhancements [64Bits] – {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation – Extension Shell dossier FTP Microsoft Internet Explorer..) — C:WindowsSystem32msieftp.dll
    O40 – ASIC: Microsoft Windows Media Player [64Bits] – {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Windows Desktop Update [64Bits] – {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WindowsSystem32shell32.dll
    O40 – ASIC: Web Platform Customizations [64Bits] – {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation – Utilitaire d'initialisation d'Internet Explorer par utilisateur.) — C:WindowsSystem32ie4uinit.exe
    O40 – ASIC: (no name) [64Bits] – {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation – Microsoft .NET IE SECURITY REGISTRATION.) — C:Windowssystem32mscories.dll
    ~ Active Setup: 10 Scanned in 00mn 00s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: C:WindowsSystem32driversafd.sys (AFD) . (.Microsoft Corporation – Ancillary Function Driver for WinSock.) – C:Windowssystem32driversafd.sys
    O41 – Driver: (b786bdb3c67d) . (.Windows (R) Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) – C:WindowsSystem32driversb786bdb3c67d.sys
    O41 – Driver: (blbdrive) . (.Microsoft Corporation – BLB Drive Driver.) – C:WindowsSystem32DRIVERSblbdrive.sys
    O41 – Driver: (cdrom) . (.Microsoft Corporation – SCSI CD-ROM Driver.) – C:WindowsSystem32DRIVERScdrom.sys
    O41 – Driver: C:WindowsSystem32driversdfsc.sys (DfsC) . (.Microsoft Corporation – DFS Namespace Client Driver.) – C:WindowsSystem32Driversdfsc.sys
    O41 – Driver: C:WindowsSystem32driversdiscache.sys (discache) . (.Microsoft Corporation – System Indexer/Cache Driver.) – C:WindowsSystem32driversdiscache.sys
    O41 – Driver: (mssmbios) . (.Microsoft Corporation – System Management BIOS Driver.) – C:WindowsSystem32DRIVERSmssmbios.sys
    O41 – Driver: (NetBIOS) . (.Microsoft Corporation – NetBIOS interface driver.) – C:WindowsSystem32DRIVERSnetbios.sys
    O41 – Driver: C:WindowsSystem32driversnetbt.sys (NetBT) . (.Microsoft Corporation – MBT Transport driver.) – C:WindowsSystem32DRIVERSnetbt.sys
    O41 – Driver: C:WindowsSystem32driversnsiproxy.sys (nsiproxy) . (.Microsoft Corporation – NSI Proxy.) – C:WindowsSystem32driversnsiproxy.sys
    O41 – Driver: C:WindowsSystem32driverspacer.sys (Psched) . (.Microsoft Corporation – Planificateur de paquets QoS.) – C:WindowsSystem32DRIVERSpacer.sys
    O41 – Driver: C:WindowsSystem32wkssvc.dll (rdbss) . (.Microsoft Corporation – Pilote du sous-système de mise en mémoire t.) – C:WindowsSystem32DRIVERSrdbss.sys
    O41 – Driver: C:WindowsSystem32DRIVERSRDPCDD.sys (RDPCDD) . (.Microsoft Corporation – RDP Miniport.) – C:WindowsSystem32DRIVERSRDPCDD.sys
    O41 – Driver: C:WindowsSystem32driversRDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation – RDP Encoder Miniport.) – C:WindowsSystem32driversrdpencdd.sys
    O41 – Driver: C:WindowsSystem32driversRdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation – RDP Reflector Driver Miniport.) – C:WindowsSystem32driversrdprefmp.sys
    O41 – Driver: (Serial) . (.Microsoft Corporation – Pilote de périphérique série.) – C:WindowsSystem32DRIVERSserial.sys
    O41 – Driver: C:WindowsSystem32tcpipcfg.dll (tdx) . (.Microsoft Corporation – TDI Translation Driver.) – C:WindowsSystem32DRIVERStdx.sys
    O41 – Driver: (TermDD) . (.Microsoft Corporation – Remote Desktop Server Driver.) – C:WindowsSystem32DRIVERStermdd.sys
    O41 – Driver: (VgaSave) . (.Microsoft Corporation – VGA/Super VGA Video Driver.) – C:Windowssystem32driversvga.sys
    O41 – Driver: C:WindowsSystem32rascfg.dll (Wanarpv6) . (.Microsoft Corporation – MS Remote Access and Routing ARP Driver.) – C:WindowsSystem32DRIVERSwanarp.sys
    O41 – Driver: (WfpLwf) . (.Microsoft Corporation – WFP NDIS 6.20 Lightweight Filter Driver.) – C:WindowsSystem32DRIVERSwfplwf.sys
    ~ Drivers: 63 Scanned in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: 7-Zip 9.20 – (…) [HKLM][64Bits] — 7-Zip
    O42 – Logiciel: Adobe Flash Player 15 ActiveX – (.Adobe Systems Incorporated.) [HKLM][64Bits] — Adobe Flash Player ActiveX
    O42 – Logiciel: Adobe Flash Player 15 Plugin – (.Adobe Systems Incorporated.) [HKLM][64Bits] — Adobe Flash Player Plugin
    O42 – Logiciel: Adobe Reader 9.3 – Français – (.Adobe Systems Incorporated.) [HKLM][64Bits] — {AC76BA86-7AD7-1036-7B44-A93000000001}
    O42 – Logiciel: Archiveur WinRAR – (…) [HKLM][64Bits] — WinRAR archiver
    O42 – Logiciel: Battle.net – (.Blizzard Entertainment.) [HKLM][64Bits] — Battle.net
    O42 – Logiciel: CCleaner – (.Piriform.) [HKLM][64Bits] — CCleaner
    O42 – Logiciel: CDBurnerXP – (.CDBurnerXP.) [HKLM][64Bits] — {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
    O42 – Logiciel: D3DX10 – (.Microsoft.) [HKLM][64Bits] — {E09C4DB7-630C-4F06-A631-8EA7239923AF}
    O42 – Logiciel: EPSON Logiciel imprimante – (…) [HKLM][64Bits] — EPSON Printer and Utilities
    O42 – Logiciel: Galerie de photos – (.Microsoft Corporation.) [HKLM][64Bits] — {439B34FF-F74E-4807-B5E2-4B758551DA6B}
    O42 – Logiciel: Hearthstone – (.Blizzard Entertainment.) [HKLM][64Bits] — Hearthstone
    O42 – Logiciel: Junk Mail filter update – (.Microsoft Corporation.) [HKLM][64Bits] — {0BE9E708-5DC0-4963-9CFD-0AA519090E79}
    O42 – Logiciel: MSVCRT – (.Microsoft.) [HKLM][64Bits] — {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
    O42 – Logiciel: MSVCRT110 – (.Microsoft.) [HKLM][64Bits] — {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
    O42 – Logiciel: MSVCRT110_amd64 – (.Microsoft.) [HKLM][64Bits] — {E9FA781F-3E80-4399-825A-AD3E11C28C77}
    O42 – Logiciel: MSVCRT_amd64 – (.Microsoft.) [HKLM][64Bits] — {D0B44725-3666-492D-BEF6-587A14BD9BD9}
    O42 – Logiciel: Malwarebytes Anti-Malware version 2.0.3.1025 – (.Malwarebytes Corporation.) [HKLM][64Bits] — Malwarebytes Anti-Malware_is1
    O42 – Logiciel: Microsoft OneDrive – (.Microsoft Corporation.) [HKCU][64Bits] — OneDriveSetup.exe
    O42 – Logiciel: Microsoft Security Client – (.Microsoft Corporation.) [HKLM][64Bits] — {23F2C78C-E131-4CA0-8F84-3473FB7728BA}
    O42 – Logiciel: Microsoft Security Essentials – (.Microsoft Corporation.) [HKLM][64Bits] — Microsoft Security Client
    O42 – Logiciel: Microsoft Silverlight – (.Microsoft Corporation.) [HKLM][64Bits] — {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 – Logiciel: Mises à jour NVIDIA 1.10.8 – (.NVIDIA Corporation.) [HKLM][64Bits] — {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update
    O42 – Logiciel: NVIDIA Pilote graphique 307.83 – (.NVIDIA Corporation.) [HKLM][64Bits] — {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
    O42 – Logiciel: OpenOffice 4.1.0 – (.Apache Software Foundation.) [HKLM][64Bits] — {B3B009FC-6909-4E00-9F43-FFB5CA93D606}
    O42 – Logiciel: Path of Exile – (.Grinding Gear Games.) [HKLM][64Bits] — {90A4562F-D4A1-4B65-906D-41F236CF6902}
    O42 – Logiciel: Realtek Ethernet Controller Driver – (.Realtek.) [HKLM][64Bits] — {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
    O42 – Logiciel: Realtek High Definition Audio Driver – (.Realtek Semiconductor Corp..) [HKLM][64Bits] — {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
    O42 – Logiciel: Renesas Electronics USB 3.0 Host Controller Driver – (.Renesas Electronics Corporation.) [HKLM][64Bits] — InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}
    O42 – Logiciel: Renesas Electronics USB 3.0 Host Controller Driver – (.Renesas Electronics Corporation.) [HKLM][64Bits] — {5442DAB8-7177-49E1-8B22-09A049EA5996}
    O42 – Logiciel: Super-Charger – (.MSI CO.,LTD..) [HKLM][64Bits] — Super-Charger_is1
    O42 – Logiciel: VLC media player 2.1.3 – (.VideoLAN.) [HKLM][64Bits] — VLC media player =>.VideoLAN
    O42 – Logiciel: WinZip – (…) [HKLM][64Bits] — WinZip
    ~ Logic: 40 Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftware7-Zip]
    [HKCUSoftwareAdobe]
    [HKCUSoftwareAppDataLow]
    [HKCUSoftwareBlizzard Entertainment]
    [HKCUSoftwareCanneverbe Limited]
    [HKCUSoftwareClasses]
    [HKCUSoftwareClients]
    [HKCUSoftwareCores]
    [HKCUSoftwareEPSON]
    [HKCUSoftwareGrindingGearGames]
    [HKCUSoftwareIM Providers]
    [HKCUSoftwareLocal AppWizard-Generated Applications]
    [HKCUSoftwareMacromedia]
    [HKCUSoftwareMozilla]
    [HKCUSoftwareNVIDIA Corporation]
    [HKCUSoftwareNetscape]
    [HKCUSoftwareNico Mak Computing]
    [HKCUSoftwareOpenOffice]
    [HKCUSoftwarePiriform]
    [HKCUSoftwarePolicies]
    [HKCUSoftwareRealtek]
    [HKCUSoftwareTrolltech]
    [HKCUSoftwareWinRAR SFX]
    [HKCUSoftwareWinRAR]
    [HKCUSoftwareWow6432Node]
    [HKCUSoftwareZebHelpProcess Helper]
    [HKCUSoftwaredrpsu]
    [HKLMSoftwareATI Technologies]
    [HKLMSoftwareCBSTEST]
    [HKLMSoftwareClasses]
    [HKLMSoftwareClients]
    [HKLMSoftwareEPSON]
    [HKLMSoftwareIntel]
    [HKLMSoftwareKhronos]
    [HKLMSoftwareMacromedia]
    [HKLMSoftwareMozillaPlugins]
    [HKLMSoftwareMozilla]
    [HKLMSoftwareNVIDIA Corporation]
    [HKLMSoftwareODBC]
    [HKLMSoftwarePiriform]
    [HKLMSoftwarePolicies]
    [HKLMSoftwareRTLSetup]
    [HKLMSoftwareRealtek]
    [HKLMSoftwareRegisteredApplications]
    [HKLMSoftwareSRS Labs]
    [HKLMSoftwareSonic]
    [HKLMSoftwareWaves Audio]
    [HKLMSoftwareWow6432NodeAdobe]
    [HKLMSoftwareWow6432NodeAdwCleaner]
    [HKLMSoftwareWow6432NodeBlizzard Entertainment]
    [HKLMSoftwareWow6432NodeClasses]
    [HKLMSoftwareWow6432NodeClients]
    [HKLMSoftwareWow6432NodeDownloaderAssistant]
    [HKLMSoftwareWow6432NodeEPSON]
    [HKLMSoftwareWow6432NodeFastPlayer] =>PUP.FastPlayer
    [HKLMSoftwareWow6432NodeGoogle]
    [HKLMSoftwareWow6432NodeIntel]
    [HKLMSoftwareWow6432NodeKasperskyLab]
    [HKLMSoftwareWow6432NodeKhronos]
    [HKLMSoftwareWow6432NodeMSI]
    [HKLMSoftwareWow6432NodeMacromedia]
    [HKLMSoftwareWow6432NodeMalwarebytes' Anti-Malware]
    [HKLMSoftwareWow6432NodeMcAfee]
    [HKLMSoftwareWow6432NodeMozillaPlugins]
    [HKLMSoftwareWow6432NodeMozilla]
    [HKLMSoftwareWow6432NodeNVIDIA Corporation]
    [HKLMSoftwareWow6432NodeNico Mak Computing]
    [HKLMSoftwareWow6432NodeNuance]
    [HKLMSoftwareWow6432NodeODBC]
    [HKLMSoftwareWow6432NodeOpenOffice]
    [HKLMSoftwareWow6432NodePolicies]
    [HKLMSoftwareWow6432NodeRealtek Semiconductor Corp.]
    [HKLMSoftwareWow6432NodeRealtek]
    [HKLMSoftwareWow6432NodeRegisteredApplications]
    [HKLMSoftwareWow6432NodeUniversal]
    [HKLMSoftwareWow6432NodeVideoLAN]
    [HKLMSoftwareWow6432NodeWinRAR]
    [HKLMSoftwareWow6432Nodemozilla.org]
    [HKLMSoftwareWow6432Node]
    ~ Key Software: 155 Scanned in 00mn 00s[/spoiler:q55pf6zt]

    bibiludo
    Participant
    Nombre d'articles : 18

    La suite :

    Spoiler for 2zhhuie1

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 03/11/2014 – 13:35:07 – [0] —-D C:Program Files (x86)ca45c95134d
    O43 – CFD: 03/07/2014 – 07:29:17 – [] —-D C:Program Files (x86)7-Zip
    O43 – CFD: 03/07/2014 – 07:34:08 – [] —-D C:Program Files (x86)Adobe
    O43 – CFD: 03/07/2014 – 07:30:28 – [] —-D C:Program Files (x86)CDBurnerXP
    O43 – CFD: 01/08/2014 – 20:46:51 – [] —-D C:Program Files (x86)Common Files
    O43 – CFD: 26/07/2014 – 18:26:02 – [] —-D C:Program Files (x86)EPSON
    O43 – CFD: 12/10/2014 – 08:53:26 – [] —-D C:Program Files (x86)Grinding Gear Games
    O43 – CFD: 03/07/2014 – 09:11:09 – [] –H-D C:Program Files (x86)InstallShield Installation Information
    O43 – CFD: 03/07/2014 – 08:40:58 – [] —-D C:Program Files (x86)Intel
    O43 – CFD: 16/10/2014 – 17:21:19 – [] —-D C:Program Files (x86)Internet Explorer
    O43 – CFD: 01/11/2014 – 10:34:37 – [] —-D C:Program Files (x86)Malwarebytes Anti-Malware
    O43 – CFD: 03/07/2014 – 07:30:57 – [] —-D C:Program Files (x86)Microsoft Office
    O43 – CFD: 01/08/2014 – 21:37:31 – [] —-D C:Program Files (x86)Microsoft OneDrive
    O43 – CFD: 11/09/2014 – 12:28:41 – [] —-D C:Program Files (x86)Microsoft Security Client
    O43 – CFD: 26/07/2014 – 16:54:24 – [] —-D C:Program Files (x86)Microsoft Silverlight
    O43 – CFD: 01/08/2014 – 21:45:40 – [] —-D C:Program Files (x86)Microsoft SQL Server Compact Edition
    O43 – CFD: 03/07/2014 – 13:25:08 – [] —-D C:Program Files (x86)Microsoft.NET
    O43 – CFD: 03/11/2014 – 21:05:24 – [] —-D C:Program Files (x86)Mozilla Firefox
    O43 – CFD: 14/07/2009 – 06:32:38 – [] —-D C:Program Files (x86)MSBuild
    O43 – CFD: 03/07/2014 – 08:49:00 – [] —-D C:Program Files (x86)MSI
    O43 – CFD: 03/07/2014 – 19:36:51 – [] —-D C:Program Files (x86)NVIDIA Corporation
    O43 – CFD: 03/07/2014 – 07:33:23 – [] —-D C:Program Files (x86)OpenOffice 4
    O43 – CFD: 03/07/2014 – 08:49:27 – [] —-D C:Program Files (x86)Realtek
    O43 – CFD: 14/07/2009 – 06:32:38 – [] —-D C:Program Files (x86)Reference Assemblies
    O43 – CFD: 03/07/2014 – 08:48:08 – [] —-D C:Program Files (x86)Renesas Electronics
    O43 – CFD: 03/07/2014 – 09:11:39 – [0] –H-D C:Program Files (x86)Temp
    O43 – CFD: 14/07/2009 – 05:57:06 – [0] –H-D C:Program Files (x86)Uninstall Information
    O43 – CFD: 03/07/2014 – 07:31:14 – [] —-D C:Program Files (x86)VideoLAN
    O43 – CFD: 03/07/2014 – 13:44:15 – [] —-D C:Program Files (x86)Windows Defender
    O43 – CFD: 01/08/2014 – 21:45:37 – [] —-D C:Program Files (x86)Windows Live
    O43 – CFD: 12/04/2011 – 10:16:36 – [] —-D C:Program Files (x86)Windows Mail =>.Microsoft Corporation
    O43 – CFD: 03/07/2014 – 13:44:22 – [] —-D C:Program Files (x86)Windows Media Player =>.Microsoft Corporation
    O43 – CFD: 14/07/2009 – 06:32:38 – [] —-D C:Program Files (x86)Windows NT
    O43 – CFD: 12/04/2011 – 10:16:36 – [] —-D C:Program Files (x86)Windows Photo Viewer
    O43 – CFD: 21/11/2010 – 04:31:38 – [] —-D C:Program Files (x86)Windows Portable Devices
    O43 – CFD: 12/04/2011 – 10:16:36 – [] —-D C:Program Files (x86)Windows Sidebar
    O43 – CFD: 03/07/2014 – 07:28:52 – [] —-D C:Program Files (x86)WinRAR
    O43 – CFD: 03/07/2014 – 07:28:59 – [] —-D C:Program Files (x86)WinZip
    O43 – CFD: 04/11/2014 – 15:26:17 – [] —-D C:Program Files (x86)ZHPDiag =>.Nicolas Coolman
    O43 – CFD: 03/07/2014 – 07:34:11 – [] —-D C:Program Files (x86)Common FilesAdobe
    O43 – CFD: 31/07/2014 – 13:45:53 – [] —-D C:Program Files (x86)Common FilesBlizzard Entertainment
    O43 – CFD: 03/07/2014 – 08:49:10 – [] —-D C:Program Files (x86)Common FilesInstallShield
    O43 – CFD: 01/08/2014 – 21:39:07 – [] —-D C:Program Files (x86)Common Filesmicrosoft shared
    O43 – CFD: 14/07/2009 – 04:20:08 – [] —-D C:Program Files (x86)Common FilesServices
    O43 – CFD: 14/07/2009 – 04:20:08 – [] —-D C:Program Files (x86)Common FilesSpeechEngines
    O43 – CFD: 03/07/2014 – 13:44:21 – [] —-D C:Program Files (x86)Common FilesSystem
    O43 – CFD: 01/08/2014 – 20:46:51 – [] —-D C:Program Files (x86)Common FilesWindows Live
    O43 – CFD: 29/08/2014 – 09:17:35 – [] —-D C:ProgramDataAdobe
    O43 – CFD: 14/07/2009 – 06:08:56 – [] -SH-D C:ProgramDataApplication Data
    O43 – CFD: 31/07/2014 – 13:29:58 – [] —-D C:ProgramDataBattle.net
    O43 – CFD: 31/07/2014 – 13:37:34 – [] —-D C:ProgramDataBlizzard Entertainment
    O43 – CFD: 02/07/2014 – 14:31:03 – [] -SH-D C:ProgramDataBureau
    O43 – CFD: 14/07/2009 – 06:08:56 – [] -SH-D C:ProgramDataDesktop
    O43 – CFD: 14/07/2009 – 06:08:56 – [] -SH-D C:ProgramDataDocuments
    O43 – CFD: 03/07/2014 – 08:47:42 – [] —-D C:ProgramDataDownloaded Installations
    O43 – CFD: 26/07/2014 – 18:25:10 – [] —-D C:ProgramDataEPSON
    O43 – CFD: 02/07/2014 – 14:31:03 – [] -SH-D C:ProgramDataFavoris
    O43 – CFD: 14/07/2009 – 06:08:56 – [] -SH-D C:ProgramDataFavorites
    O43 – CFD: 01/09/2014 – 12:39:37 – [] —-D C:ProgramDataMalwarebytes
    O43 – CFD: 02/07/2014 – 14:31:04 – [] -SH-D C:ProgramDataMenu Démarrer
    O43 – CFD: 01/08/2014 – 21:40:39 – [] -S–D C:ProgramDataMicrosoft
    O43 – CFD: 01/08/2014 – 21:37:22 – [] —-D C:ProgramDataMicrosoft OneDrive
    O43 – CFD: 02/07/2014 – 14:31:04 – [] -SH-D C:ProgramDataModèles
    O43 – CFD: 03/07/2014 – 07:31:33 – [] —-D C:ProgramDataMozilla
    O43 – CFD: 04/07/2014 – 08:42:30 – [] —-D C:ProgramDataNVIDIA
    O43 – CFD: 03/07/2014 – 12:36:48 – [] —-D C:ProgramDataNVIDIA Corporation
    O43 – CFD: 14/07/2009 – 06:08:56 – [] -SH-D C:ProgramDataStart Menu
    O43 – CFD: 14/07/2009 – 06:08:56 – [] -SH-D C:ProgramDataTemplates
    O43 – CFD: 29/08/2014 – 09:17:05 – [] —-D C:UsersUSERAppDataRoamingAdobe
    O43 – CFD: 31/07/2014 – 14:53:18 – [] —-D C:UsersUSERAppDataRoamingBattle.net
    O43 – CFD: 02/07/2014 – 14:31:27 – [] —-D C:UsersUSERAppDataRoamingIdentities
    O43 – CFD: 27/07/2014 – 17:07:02 – [] —-D C:UsersUSERAppDataRoamingMacromedia
    O43 – CFD: 12/04/2011 – 10:27:52 – [0] —-D C:UsersUSERAppDataRoamingMedia Center Programs
    O43 – CFD: 01/11/2014 – 10:36:28 – [] -S–D C:UsersUSERAppDataRoamingMicrosoft
    O43 – CFD: 03/07/2014 – 07:35:44 – [] —-D C:UsersUSERAppDataRoamingMozilla
    O43 – CFD: 31/07/2014 – 13:37:49 – [] —-D C:UsersUSERAppDataRoamingNVIDIA
    O43 – CFD: 26/07/2014 – 16:50:34 – [] —-D C:UsersUSERAppDataRoamingOpenOffice
    O43 – CFD: 11/10/2014 – 13:46:58 – [] —-D C:UsersUSERAppDataRoamingvlc
    O43 – CFD: 12/10/2014 – 13:15:16 – [0] —-D C:UsersUSERAppDataRoamingWindows Live Writer
    O43 – CFD: 23/08/2014 – 20:04:28 – [0] —-D C:UsersUSERAppDataRoamingWinRAR
    O43 – CFD: 04/11/2014 – 15:27:42 – [] —-D C:UsersUSERAppDataRoamingZHP =>.Nicolas Coolman
    O43 – CFD: 21/10/2014 – 10:15:28 – [] —-D C:UsersUSERAppDataLocalAdobe
    O43 – CFD: 02/07/2014 – 14:31:12 – [] -SH-D C:UsersUSERAppDataLocalApplication Data
    O43 – CFD: 31/10/2014 – 17:00:36 – [] —-D C:UsersUSERAppDataLocalBattle.net
    O43 – CFD: 31/07/2014 – 14:53:22 – [] —-D C:UsersUSERAppDataLocalBlizzard
    O43 – CFD: 31/07/2014 – 13:37:48 – [] —-D C:UsersUSERAppDataLocalBlizzard Entertainment
    O43 – CFD: 03/07/2014 – 20:04:50 – [] -SH-D C:UsersUSERAppDataLocalEmieSiteList
    O43 – CFD: 03/07/2014 – 20:04:50 – [] -SH-D C:UsersUSERAppDataLocalEmieUserList
    O43 – CFD: 01/11/2014 – 10:31:14 – [] —-D C:UsersUSERAppDataLocalfastplayer =>PUP.FastPlayer
    O43 – CFD: 02/07/2014 – 14:31:12 – [] -SH-D C:UsersUSERAppDataLocalHistorique
    O43 – CFD: 27/07/2014 – 17:07:02 – [] —-D C:UsersUSERAppDataLocalMacromedia
    O43 – CFD: 04/11/2014 – 11:50:20 – [] —-D C:UsersUSERAppDataLocalMicrosoft
    O43 – CFD: 03/07/2014 – 07:35:44 – [] —-D C:UsersUSERAppDataLocalMozilla
    O43 – CFD: 01/09/2014 – 12:39:13 – [] —-D C:UsersUSERAppDataLocalPrograms
    O43 – CFD: 04/11/2014 – 15:26:18 – [] —-D C:UsersUSERAppDataLocalTemp
    O43 – CFD: 02/07/2014 – 14:31:12 – [] -SH-D C:UsersUSERAppDataLocalTemporary Internet Files
    O43 – CFD: 02/07/2014 – 14:31:24 – [0] —-D C:UsersUSERAppDataLocalVirtualStore
    O43 – CFD: 12/10/2014 – 13:14:55 – [] —-D C:UsersUSERAppDataLocalWindows Live
    O43 – CFD: 12/10/2014 – 13:15:25 – [] —-D C:UsersUSERAppDataLocalWindows Live Writer
    O43 – CFD: 14/07/2009 – 05:54:32 – [] R—D C:UsersUSERAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
    O43 – CFD: 23/08/2014 – 20:02:56 – [] R—D C:UsersUSERAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
    O43 – CFD: 14/07/2009 – 05:49:38 – [] R—D C:UsersUSERAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
    O43 – CFD: 02/11/2014 – 09:11:07 – [] R—D C:UsersUSERAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
    O43 – CFD: 03/07/2014 – 07:28:52 – [] —-D C:UsersUSERAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR
    O43 – CFD: 03/07/2014 – 07:29:05 – [0] —-D C:UsersUSERAppDataRoamingMicrosoftWindowsStart MenuProgramsWinZip
    ~ Program Folder: 105 Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.FD252CB816CD1192B7DB3126A667C819] – 01/11/2014 – 10:27:23 —A- . (.Corsica – Web Instrumentation Driver.) — C:WindowsSystem32DriverswebinstrNew.sys [58040]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 01/11/2014 – 10:27:26 –HA- . (…) — C:WindowsSystem32DriversMsft_Kernel_webinstrNew_01009.Wdf [0]
    O44 – LFC:[MD5.943FD73F4B01E712DF04B2DBE0EC3C59] – 01/11/2014 – 10:27:29 —A- . (…) — C:Windowspatsearch.bin [1930]
    O44 – LFC:[MD5.26C43960C99EE861A5D0EDC4DCF3B1C3] – 02/11/2014 – 20:26:34 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WindowsSystem32DriversMBAMSwissArmy.sys [129752]
    O44 – LFC:[MD5.DF1ED6840F27E6A45CE95A6529BEC418] – 04/11/2014 – 13:28:43 —A- . (…) — C:DelFix.txt [1234]
    O44 – LFC:[MD5.454C9B3854EBB64BC9C7EA1B01FCB876] – 04/11/2014 – 14:05:18 —A- . (…) — C:WindowsPFRO.log [869616]
    O44 – LFC:[MD5.E099B1557B9A08FF572C1F0797E51680] – 04/11/2014 – 15:22:03 -S-A- . (…) — C:Windowsbootstat.dat [67584]
    O44 – LFC:[MD5.F0F3152F7A6D6D976AE01EF7635D0A62] – 04/11/2014 – 15:22:06 —A- . (…) — C:Windowssetupact.log [18537]
    O44 – LFC:[MD5.E6F3D14DB4E4D335CCDB3D0FF850A7E5] – 04/11/2014 – 15:25:45 —A- . (…) — C:WindowsWindowsUpdate.log [1767526]
    O44 – LFC:[MD5.8CBAF0292065FB89EA3705562DB64F44] – 04/11/2014 – 15:26:32 —A- . (…) — C:WindowsSystem32PerfStringBackup.INI [1667292]
    O44 – LFC:[MD5.DA19DC839C8DA8473FD17F7DF9CE5A14] – 04/11/2014 – 15:26:32 —A- . (…) — C:WindowsSystem32perfc009.dat [121398]
    O44 – LFC:[MD5.C044CD68FD326DB5D907058D2F4C5A1F] – 04/11/2014 – 15:26:32 —A- . (…) — C:WindowsSystem32perfc00C.dat [149440]
    O44 – LFC:[MD5.28172E3DCD049012F02699CEE2A4132F] – 04/11/2014 – 15:26:32 —A- . (…) — C:WindowsSystem32perfh009.dat [653526]
    O44 – LFC:[MD5.801ECA38F3B9729A1B7F23D6FC23C8CE] – 04/11/2014 – 15:26:32 —A- . (…) — C:WindowsSystem32perfh00C.dat [746916]
    O44 – LFC:[MD5.A7B22A0542D02AB67A0A0D3107DD53F0] – 30/10/2014 – 12:25:26


    . (.Microsoft Corporation – Microsoft Malware Protection Signature Upda.) — C:WindowsSystem32MpSigStub.exe [275080]
    O44 – LFC:[MD5.667CFA0E392113156ADB131129CEC2EF] – 30/10/2014 – 14:12:20 —A- . (.Windows (R) Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) — C:WindowsSystem32Driversb786bdb3c67d.sys [47408]
    ~ Files: 16 Scanned in 00mn 06s

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WindowsSystem32schannel.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Pku2u Security Package.) — C:WindowsSystem32pku2u.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corp. – LiveSSP.) — C:WindowsSystem32livessp.dll
    ~ LSA: 9 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (.Microsoft Corporation – RDP Encoder Miniport.) — C:WindowsSystem32Driversrdpencdd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    ~ CSB: 13 Scanned in 00mn 00s

    —\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.l3acm”=”C:WindowsSystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    O52 – TDSD: drivers.desc”C:WindowsSystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    ~ TDSD: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAdobe ARM [Key] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O53 – SMSR:HKLM…startupregAdobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe
    O53 – SMSR:HKLM…startupregSuper-Charger [Key] . (.TODO: – TODO: .) — C:Program Files (x86)MSISuper-ChargerStartSuperCharger.exe
    ~ SMSR Keys: 3 Scanned in 00mn 00s

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    ~ MSCP: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorAdmin”=5
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorUser”=3
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableInstallerDetection”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableSecureUIAPaths”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableVirtualization”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “ValidateAdminCodeSignatures”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “scforceoption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktop”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “ForceActiveDesktopOn”=0
    ~ MWPE Keys: 3 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:14/07/2009 – 02:52:21 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [491088]
    O58 – SDL:14/07/2009 – 02:52:21 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [339536]
    O58 – SDL:14/07/2009 – 02:52:21 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver (X64).) — C:WindowsSystem32Driversadpu320.sys [182864]
    O58 – SDL:14/07/2009 – 02:52:21 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [15440]
    O58 – SDL:11/03/2011 – 07:41:12 —A- . (.Advanced Micro Devices – AHCI 1.2 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [107904]
    O58 – SDL:14/07/2009 – 02:52:20 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows -.) — C:WindowsSystem32Driversamdsbs.sys [194128]
    O58 – SDL:11/03/2011 – 07:41:12 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [27008]
    O58 – SDL:14/07/2009 – 02:52:21 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [87632]
    O58 – SDL:14/07/2009 – 02:52:21 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [97856]
    O58 – SDL:10/06/2009 – 21:34:23 —A- . (.Broadcom Corporation – Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) — C:WindowsSystem32Driversb57nd60a.sys [270848]
    O58 – SDL:30/10/2014 – 14:12:20 —A- . (.Windows (R) Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) — C:WindowsSystem32Driversb786bdb3c67d.sys [47408]
    O58 – SDL:10/06/2009 – 21:41:06 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [18432]
    O58 – SDL:10/06/2009 – 21:41:06 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [8704]
    O58 – SDL:14/07/2009 – 02:19:07 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [286720]
    O58 – SDL:10/06/2009 – 21:41:10 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [47104]
    O58 – SDL:10/06/2009 – 21:41:10 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [14976]
    O58 – SDL:10/06/2009 – 21:41:10 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [14720]
    O58 – SDL:10/06/2009 – 21:34:28 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbda.sys [468480]
    O58 – SDL:14/07/2009 – 02:52:31 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [17488]
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/06/2009 – 21:34:33 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbda.sys [3286016]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:23/01/2013 – 15:57:32 —A- . (.Intel Corporation – Intel(R) Management Engine Interface.) — C:WindowsSystem32DriversHECIx64.sys [64624]
    O58 – SDL:21/11/2010 – 04:23:47 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [78720]
    O58 – SDL:11/03/2011 – 07:41:26 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – x64.) — C:WindowsSystem32DriversiaStorV.sys [410496]
    O58 – SDL:14/07/2009 – 02:48:04 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [44112]
    O58 – SDL:22/02/2013 – 02:40:14 —A- . (.Intel Corporation – Intel(R) USB 3.0 Host Controller Switch Driver.) — C:WindowsSystem32Driversiusb3hcs.sys [20464]
    O58 – SDL:14/07/2009 – 02:48:04 —A- . (.LSI Corporation – LSI Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [114752]
    O58 – SDL:14/07/2009 – 02:48:04 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [106560]
    O58 – SDL:14/07/2009 – 02:48:04 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [65600]
    O58 – SDL:14/07/2009 – 02:48:04 —A- . (.LSI Corporation – LSI Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [115776]
    O58 – SDL:01/10/2014 – 11:11:12 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WindowsSystem32Driversmbam.sys [25816]
    O58 – SDL:01/10/2014 – 11:11:16 —A- . (.Malwarebytes Corporation – Malwarebytes Chameleon Protection Driver.) — C:WindowsSystem32Driversmbamchameleon.sys [93400]
    O58 – SDL:02/11/2014 – 20:26:34 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WindowsSystem32DriversMBAMSwissArmy.sys [129752]
    O58 – SDL:18/11/2009 – 00:12:00 —A- . (.Creative Technology Ltd. – Creative Audio Driver.) — C:WindowsSystem32DriversMBfilt64.sys [32344]
    O58 – SDL:14/07/2009 – 02:48:04 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows 7Server 2008 R2 for.) — C:WindowsSystem32Driversmegasas.sys [35392]
    O58 – SDL:14/07/2009 – 02:48:04 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [284736]
    O58 – SDL:01/10/2014 – 11:11:26 —A- . (.Malwarebytes Corporation – Malwarebytes Web Access Control.) — C:WindowsSystem32Driversmwac.sys [63704]
    O58 – SDL:14/07/2009 – 02:48:26 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [51264]
    O58 – SDL:10/02/2011 – 13:52:34 —A- . (.Renesas Electronics Corporation – USB 3.0 Hub Driver.) — C:WindowsSystem32Driversnusb3hub.sys [82432]
    O58 – SDL:10/02/2011 – 13:52:34 —A- . (.Renesas Electronics Corporation – USB 3.0 Host Controller Driver.) — C:WindowsSystem32Driversnusb3xhc.sys [181760]
    O58 – SDL:19/02/2013 – 21:32:18 —A- . (.NVIDIA Corporation – NVIDIA Windows Kernel Mode Driver, Version 307.83.) — C:WindowsSystem32Driversnvlddmkm.sys [13531936]
    O58 – SDL:11/03/2011 – 07:41:34 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [148352]
    O58 – SDL:11/03/2011 – 07:41:34 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [166272]
    O58 – SDL:14/07/2009 – 02:45:46 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1524816]
    O58 – SDL:14/07/2009 – 02:45:45 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [128592]
    O58 – SDL:10/06/2011 – 05:34:52 —A- . (.Realtek – Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) — C:WindowsSystem32DriversRt64win7.sys [539240]
    O58 – SDL:24/02/2011 – 11:21:10 —A- . (.Realtek Semiconductor Corp. – Realtek(r) High Definition Audio Function Driver.) — C:WindowsSystem32DriversRTKVHD64.sys [2753512]
    O58 – SDL:10/06/2009 – 21:37:19 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [23040]
    O58 – SDL:14/07/2009 – 02:45:45 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [43584]
    O58 – SDL:14/07/2009 – 02:45:46 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [80464]
    O58 – SDL:12/11/2009 – 13:48:56 —A- . (…) — C:WindowsSystem32DriversStarOpen.sys [5504]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [17488]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [161872]
    O58 – SDL:01/11/2014 – 10:27:23 —A- . (.Corsica – Web Instrumentation Driver.) — C:WindowsSystem32DriverswebinstrNew.sys [58040]
    O58 – SDL:12/11/2009 – 13:48:56 —A- . (…) — C:WindowsSysWOW64driversStarOpen.sys [7168]
    ~ Drivers: 57 Scanned in 00mn 19s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 01/11/2014 – 15:29:32 —A- . (…) — C:UsersUSERAppDataRoamingAdobeAcrobat9.0UserCache.bin [48725]
    O61 – LFC: 01/11/2014 – 15:29:34 —A- . (.AVAST Software.) — C:UsersUSERDownloadsavast_free_antivirus_setup_online.exe [5004328]
    O61 – LFC: 03/11/2014 – 15:28:13 —A- . (…) — C:UsersUSERAppDataLocalMicrosoftInternet ExplorerUrlBlockManagerurlblocklist.bin [0]
    O61 – LFC: 04/11/2014 – 15:29:33 —A- . (…) — C:UsersUSERDesktopadwcleaner_3.311.exe [1375089]
    O61 – LFC: 04/11/2014 – 15:29:33 —A- . (.Nicolas Coolman.) — C:UsersUSERDesktopZHPDiag2.exe [6862899] =>.Nicolas Coolman
    ~ 35 Fichiers temporaires (Temporary files)
    ~ 355 Fichiers cookies (Cookies files)
    ~ Files: 5 Scanned in 01mn 23s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 30/10/2014 – C:WindowsSystem32driversb786bdb3c67d.sys (b786bdb3c67d) .(.Windows (R) Win 7 DDK provider – NetFilter SDK WFP Driver (WPP).) – LEGACY_B786BDB3C67D
    O64 – Services: CurCS – 10/06/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
    O64 – Services: CurCS – 01/11/2014 – C:Windowssystem32DriverswebinstrNew.sys (webinstrNew) .(.Corsica – Web Instrumentation Driver.) – LEGACY_WEBINSTRNEW
    ~ Legacy: 109 Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
    ~ FASS Keys: 10 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program FilesMozilla Firefoxfirefox.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {CE69C730-569F-4A95-9F0D-A1D31D47491C} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [72192]
    O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [80384]
    O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [80384]
    O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [236032]
    O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [777728]
    O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [859648]
    O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [679424]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [99328]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [344064]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [97792]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [64512]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [359424]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [316928]
    O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes du serveur hôte de session Burea.) — C:WindowsSystem32termsrv.dll [681984]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [2477536]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [849920]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [370688]
    O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [569344]
    O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [30720]
    O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [70144]
    O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [156672]
    O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [67584]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [242688]
    O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [121856]
    O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [136704]
    O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [111104]
    O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [1110016]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [90624]
    O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [84480]
    O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [209920]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [44544]
    O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [100864]
    ~ Services: 32 Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.12EFD5FA51597F188E5DB50BE20EE597] [SPRF][04/11/2014] (…) — C:UsersUSERDesktopadwcleaner_3.311.exe [1375089]
    [MD5.21D01F9DEEB59DC61BFDCCF32FCE78A2] [SPRF][04/11/2014] (.Nicolas Coolman – ZHPDiag Setup.) — C:UsersUSERDesktopZHPDiag2.exe [6862899]
    ~ Files: 2 Scanned in 00mn 00s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingFastPlayer_RASAPI32 =>PUP.FastPlayer
    HKLMSOFTWAREWow6432NodeMicrosoftTracingFastPlayer_RASMANCS =>PUP.FastPlayer
    ~ BTK: 29 Scanned in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 21/10/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) – c:Program FilesMicrosoft Security ClientMsMpEng.exe
    SR – | Auto 04/03/2010 71096 | (NMSAccess) . (…) – C:Program Files (x86)CDBurnerXPNMSAccessU.exe
    SR – | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 05s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by USER at 04/11/2014 15:30:01
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Scanned in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by USER at 04/11/2014 15:30:03
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (03/11/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 1

    C:UsersUSERAppDataLocalfastplayer =>PUP.FastPlayer^
    [HKLMSoftwareWow6432NodeFastPlayer] =>PUP.FastPlayer^
    ~ Additionnel Scan: 185111 Items scanned in 00mn 10s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/” onclick=”window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ AMI: 3 Scanned in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://www.nicolascoolman.fr/blog/” onclick=”window.open(this.href);return false; =>PUP.FastPlayer
    ~ MSI: 1 link(s) detected in 00mn 00s

    End of the scan (886 lines in 03mn 00s)(0)[/spoiler:2zhhuie1]

    jacques.gache
    Participant
    Nombre d'articles : 678

    bonjour, tu fais zhpfix comme expliqué, tu postes le rapport et tu nous diras se que tu as exactement comme problème et ou !!

    • Copie les lignes en rouge ci dessous :

      Script ZHPFix
      SysRestore
      ShortcutFix
      ProxyFix
      FirewallRAZ
      EmptyCLSID
      EmptyTemp
      EmptyFlash
      [HKCUSoftwareCores]
      [HKLMSoftwareWow6432NodeFastPlayer]
      C:UsersUSERAppDataLocalfastplayer
      HKLMSOFTWAREWow6432NodeMicrosoftTracingFastPlayer_RASAPI32
      HKLMSOFTWAREWow6432NodeMicrosoftTracingFastPlayer_RASMANCS

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur Sosupload, puis copie/colle le lien fourni dans ta prochaine réponse.
    bibiludo
    Participant
    Nombre d'articles : 18

    Toujours le même problème avec ci joint, impossible d’agrandir la fenêtre !

    Je te met le rapport en spoiler

    Spoiler for 3t1rwhea

    Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
    Fichier d'export Registre :
    Run by USER at 04/11/2014 22:08:14
    High Elevated Privileges : OK
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

    Corbeille vidée (00mn 02s)
    Réparation des raccourcis navigateur

    ========== Clés du Registre ==========
    SUPPRIMÉ: HKCUSoftwareCores

    ========== Valeurs du Registre ==========
    ProxyFix : Configuration proxy supprimée avec succès
    SUPPRIMÉ ProxyServer Value
    SUPPRIMÉ ProxyEnable Value
    SUPPRIMÉ EnableHttp1_1 Value
    SUPPRIMÉ ProxyHttp1.1 Value
    SUPPRIMÉ ProxyOverride Value
    Aucune Valeur Standard Profile: FirewallRaz :
    Aucune Valeur Domain Profile: FirewallRaz :

    ========== Dossiers ==========
    Aucun dossiers CLSID Local utilisateur vide
    SUPPRIMÉS Temporaires Windows (24)
    SUPPRIMÉS Flash Cookies (0)
    SUPPRIMÉ: c:usersuserappdatalocalfastplayer

    ========== Fichiers ==========
    SUPPRIMÉS Temporaires Windows (61) (47 848 060 octets)
    SUPPRIMÉS Flash Cookies (0) (0 octets)

    ========== Restauration Système ==========
    Aucun Point de restauration du système crée

    ========== Récapitulatif ==========
    1 : Clés du Registre
    8 : Valeurs du Registre
    4 : Dossiers
    2 : Fichiers
    1 : Restauration Système

    End of clean in 00mn 06s

    ========== Chemin de fichier rapport ==========
    C:UsersUSERAppDataRoamingZHPZHPFix[R1].txt – 04/11/2014 22:08:16 [1357][/spoiler:3t1rwhea]

    Mes problèmes sont pubs à tout va sur mes problèmes de PC, des redirections, des demande de MAJ etc !

    jacques.gache
    Participant
    Nombre d'articles : 678

    bonjour, passes adsfix !

    • Désactive ton antivirus le temps du téléchargement et de l’utilisation.
    • Télécharge AdsFix
    • Enregistre-le sur le bureau, puis lance-le.
    • Clique sur Nettoyer.
    • Patiente pendant que le logiciel travaille. des fois plus de 2h
    • À la fin, l’ordinateur va redémarrer.
    • Le rapport se trouve sur le bureau, sinon va le chercher sous C:AdsFix_XX_XX_XX (Les X étant des chiffres).
    • Héberge-le comme ceci et poste-le dans ta prochaine réponse.
    bibiludo
    Participant
    Nombre d'articles : 18

    J’ai essayé de me le faire comme on me l’a conseillé ( après avoir désactiver mon antivirus ).
    ADSFIX s’est bloqué 2 X à 55 % et m’a mis ce message d’erreurs :
    line 15875 ( file:UserUSERDekstopAdsFix.exe)
    error : variable must be of type “object

    J’ai eu tout de même des éléments infectés mais le nettoyage ne s’est pas terminé !

    jacques.gache
    Participant
    Nombre d'articles : 678

    bonjour, regarde dans ton disque C il doit y avoir un rapport, postes le !!

    et puis fais u scan avec zhpcleaner

    • Désactive ton antivirus le temps du téléchargement et de l’utilisation.
    • Télécharge ZHPCleaner de Nicolas Coolman sur ton bureau.
    • Ferme ton navigateur
    • Fais un double clique sur l’icône pour le lancer
      Note: Clique droit sur l’icône puis Exécuter en tant qu’administrateur sous Windows Vista, Seven et Windows 8
    • Accepte “les conditions d’utilisation
    • Clique sur Scanner

    Note: Durant le scan, si l’outil te demande “Avez-vous installé ce proxy ?” et que tu n’en as pas installé, clique sur “Non” ou “Voulez-vous remplacer la page d’accueil ?, clique sur “Non

    • Héberge le rapport ZHPCleaner.txt présent sur ton bureau sur SosUpload puis copie/colle le lien fourni dans ta prochaine réponse.
    bibiludo
    Participant
    Nombre d'articles : 18

    C’est quand même incroyable !
    Tous les liens que tu me donnes s’ouvre en fenêtre que je n’arrive pas à agrandir, c’est hallucinant quand même !
    Je te met mon rapport en spoiler :

    Spoiler for 1sazkxc5

    ~ ZHPCleaner v2014.11.4.207 by Nicolas Coolman (04/11/2014)
    ~ Run by USER (Administrator) (05/11/2014 17:42:03)
    ~ WebSite : http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Forum : http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ State version : Version à jour
    ~ Type : Scanner
    ~ Report : C:UsersUSERDesktopZHPCleaner.txt
    ~ Quarantine : C:UsersUSERAppDataRoamingZHPZHPCleaner_Quarantine.txt
    ~ UAC : Deactivate
    ~ Windows 7, 64-bit Service Pack 1 (Build 7601)

    —\ Service. (0)
    ~ Aucun élément malicieux trouvé.

    —\ Navigateur internet. (15)
    TROUVÉ Proxy: ProxyHttp1.1 ( 1 )
    TROUVÉ Firefox: C:UsersUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js
    TROUVÉ Firefox: [vueby18u.default] – user_pref(“extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m[…] (PUP.Monetisation)
    TROUVÉ Firefox: C:UsersUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js
    TROUVÉ Firefox: [vueby18u.default] – user_pref(“extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m[…] (PUP.Monetisation)
    TROUVÉ Firefox: C:UsersUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js
    TROUVÉ Firefox: [vueby18u.default] – user_pref(“extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m[…] (PUP.Monetisation)
    TROUVÉ Firefox: C:UsersUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js
    TROUVÉ Firefox: [vueby18u.default] – user_pref(“extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m[…] (PUP.Monetisation)
    TROUVÉ Firefox: C:UsersUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js
    TROUVÉ Firefox: [vueby18u.default] – user_pref(“extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m[…] (PUP.Monetisation)
    TROUVÉ Firefox: C:UsersUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js
    TROUVÉ Firefox: [vueby18u.default] – user_pref(“extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m[…] (PUP.Monetisation)
    TROUVÉ Firefox: C:UsersUSERAppDataRoamingMozillaFirefoxProfilesvueby18u.defaultprefs.js
    TROUVÉ Firefox: [vueby18u.default] – user_pref(“extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m[…] (PUP.Monetisation)

    —\ Fichier hôte. (1)
    ~ Le fichier hôte est légitime. (21)

    —\ Tâche planifiée. (0)
    ~ Aucun élément malicieux trouvé.

    —\ Explorateur ( Dossiers, Fichiers ). (9)
    TROUVÉ: C:ProgramDataMicrosoftWindowsStart MenuProgramsFastPlayer (PUP.FastPlayer)
    TROUVÉ: C:ProgramDataMicrosoftWindowsStart MenuProgramsFastPlayerFastPlayer.lnk (PUP.FastPlayer)
    TROUVÉ: C:ProgramDataMicrosoftWindowsStart MenuProgramsFastPlayerUninstall FastPlayer.lnk (PUP.FastPlayer)
    TROUVÉ: C:UsersUSERAppDataRoaming1H1Q1V1N1N1O1R (Adware.InstallCore)
    TROUVÉ: C:UsersUSERAppDataRoaming1H1Q1V1N1N1O1RFile Extractor Packages (Adware.InstallCore)
    TROUVÉ: C:WindowsPrefetchOPTIMIZERPRO.EXE-80679D1C.pf (PUP.OptimizerPro)
    TROUVÉ: C:WindowsPrefetchOPTIMIZERPRO.TMP-92493BD8.pf (PUP.OptimizerPro)
    TROUVÉ: C:WindowsPrefetchOPTPROSTART.EXE-3C74C0B2.pf (PUP.OptimizerPro)
    TROUVÉ: C:WindowsPrefetchTERMTUTOR-SETUP-1.9.0.8.EXE-30540844.pf (PUP.TermTutor)

    —\ Base de Registres ( Clés, Valeurs, Données ). (2)
    TROUVÉ: HKCUSoftwareMicrosoftInternet ExplorerDOMStoragesuperfish.com (PUP.SpecialSavings)
    TROUVÉ: HKCUSoftwareMicrosoftInternet ExplorerDOMStoragewww.superfish.com (PUP.SpecialSavings)

    —\ Bilan de la réparation
    ~ Aucune réparation effectuée.
    ~ Ce navigateur est absent (Google Chrome)
    ~ Ce navigateur est absent (Opera Software)
    ~ Réparation annulée par l'utilisateur (Internet Explorer)

    End of clean at 17:43:19[/spoiler:1sazkxc5]

    bibiludo
    Participant
    Nombre d'articles : 18

    Je me suis permis de faire nettoyer…
    Ensuite, j’ai fait un scan avec ADW, je n’avais rien, redémarage mais dès que je me reconnecte sur le web, hop nouveau scan et 2 nouvelles key trouvées dans le registre !
    Ils reviennent systématiquement !

15 sujets de 1 à 15 (sur un total de 30)
  • Vous devez être connecté pour répondre à ce sujet.