15 sujets de 1 à 15 (sur un total de 24)
  • Auteur
    Messages
  • stef78
    Participant
    Nombre d'articles : 12

    Bonjour
    Depuis quelques temps mon Pc affiche toujours une ressource processeur d’environ 13%
    Dans mon gestionnaire de le tache c’est le taskhost qui tourne en tache de fond.

    Voici les rapports avec la procédure demandé:

    # AdwCleaner v3.212 – Rapport créé le 13/06/2014 à 08:02:31
    # Mis à jour le 05/06/2014 par Xplode
    # Système d’exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Nom d’utilisateur : Stephan – STEPHAN-PC
    # Exécuté depuis : C:UsersStephanDesktopadwcleaner_3.212.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataWPM
    Dossier Supprimé : C:Program Files (x86)SupTab
    Dossier Supprimé : C:UsersStephanAppDataRoamingqone8
    Dossier Supprimé : C:UsersStephanAppDataRoamingSupTab

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingLatestDLMgr_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingLatestDLMgr_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Valeur Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Clé Supprimée : HKLMSoftwareSupTab
    Clé Supprimée : HKLMSoftwaresupWPM
    Clé Supprimée : HKLMSoftwareWpm
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWpm

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17126

    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]

    -\ Google Chrome v35.0.1916.114

    [ Fichier : C:UsersStephanAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Extension] : bopakagnckmlgajfccecajhnimjiiedh

    *************************

    AdwCleaner[R0].txt – [2269 octets] – [13/06/2014 07:53:49]
    AdwCleaner[S0].txt – [1959 octets] – [13/06/2014 08:02:31]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [2019 octets] ##########

    Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l’examen: 13/06/2014
    Heure de l’examen: 08:08:08
    Fichier journal: Malware.txt
    Administrateur: Oui

    Version: 2.00.2.1012
    Base de données Malveillants: v2014.06.13.02
    Base de données Rootkits: v2014.06.02.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Self-protection: Désactivé(e)

    Système d’exploitation: Windows 7 Service Pack 1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: Stephan

    Type d’examen: Examen « Menaces »
    Résultat: Terminé
    Objets analysés: 285816
    Temps écoulé: 3 min, 32 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Heuristics: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0

    [spoiler:3cv5dvdk]~ Rapport de ZHPDiag v2014.6.12.90 – Nicolas Coolman (12/06/2014)
    ~ Lancé par Stephan (13/06/2014 08:21:49)
    ~ Adresse du Site Web http://nicolascoolman.fr » onclick= »window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17126
    GCIE: Google Chrome v35.0.1916.114 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : HYRR2
    Windows License : OK
    ~ Windows Remaining Initializations Number : 4
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2018
    Malwarebytes Anti-Malware version 2.0.2.1012
    Windows Defender W7 (Activate)

    —\ Logiciels d'optimisation du système
    CCleaner v4.13

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 14 Plugin
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 16367 MB (82% free)
    System Restore: Désactivé (Disabled)
    System drive C: has 35 GB (30%) free of 112 GB

    —\ Mode de connexion au système
    ~ Computer Name: STEPHAN-PC
    ~ User Name: Stephan
    ~ All Users Names: Stephan, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersStephanAppDataRoamingZHP
    ~ %AppData% : C:UsersStephanAppDataRoaming
    ~ %Desktop% : C:UsersStephanDesktop
    ~ %Favorites% : C:UsersStephanFavorites
    ~ %LocalAppData% : C:UsersStephanAppDataLocal
    ~ %StartMenu% : C:UsersStephanAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 35 Go of 112 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2791 Go of 3726 Go)
    E: Hard drive, Flash drive, Thumb drive (Free 673 Go of 932 Go)
    F: Hard drive, Flash drive, Thumb drive (Free 417 Go of 932 Go)
    G: CD-ROM drive (Not Inserted)
    H: CD-ROM drive (Not Inserted)
    I: Floppy drive, Flash card reader, USB Key (Not Inserted)
    J: Floppy drive, Flash card reader, USB Key (Not Inserted)
    K: Floppy drive, Flash card reader, USB Key (Not Inserted)
    L: Floppy drive, Flash card reader, USB Key (Not Inserted)
    M: Floppy drive, Flash card reader, USB Key (Not Inserted)
    N: CD-ROM drive (Free 0 Go of 2 Go)
    Q: Hard drive, Flash drive, Thumb drive (Free 377 Go of 932 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.40BFD9D6EC8E174145F012246CA73CCD] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.30/05/2014 – 08:56:56.) — C:WindowsSystem32wininet.dll [2266112]
    [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/14
    ~ Mes Videos (My Videos) : 1/2
    ~ Mes Favoris (My Favorites) : 1/94
    ~ Mes Documents (My Documents) : 2/5740
    ~ Mon Bureau (My Desktop) : 1/593
    ~ Menu demarrer (Programs) : 1/26
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6970168] [PID.2632]
    [MD5.EE73B56ED71EB6383F25FA5468923BB2] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2234144] [PID.3084]
    [MD5.AEDC5488205B84A3E2A44D3B5B76E534] – (.Pas de propriétaire – GUI MFC Application.) — C:Program Files (x86)GIGABYTEET6GUI.exe [219656] [PID.4356]
    [MD5.E289F991D355BEE11B6AA2C07A3D758A] – (.Gainward Co. – EXPERTool : Display Control Panel.) — C:Program Files (x86)EXPERToolTBPANEL.exe [2259568] [PID.1604]
    [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.1196]
    [MD5.C69BA1CF0DADD458E4ABA3F737285991] – (.Siber Systems – RoboForm TaskBar Icon.) — C:Program Files (x86)Siber SystemsAI RoboFormrobotaskbaricon.exe [109784] [PID.5016]
    [MD5.F96C73D7D525174B80CFD865A5D7E083] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.4956]
    [MD5.D2AEADFD998706B4216315B2BD3FA79E] – (.InstallShield Software Corporation – InstallShield Update Service Scheduler.) — C:Program Files (x86)Common FilesInstallShieldUpdateServiceissch.exe [81920] [PID.5204]
    [MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3890208] [PID.5508]
    [MD5.34BD660FDA6A4EF23DC393B4C352C047] – (.Contour Design, Inc. – Shuttle Device Helper Application.) — C:Program Files (x86)Contour ShuttleShuttleHelper.exe [118784] [PID.5520]
    [MD5.60F88F6CA6303E8273AF7AAA9AAFECAC] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [812248] [PID.6932]
    [MD5.E8B7FD67DA14A7BE57A5CB80E3139E60] – (.Google Inc. – Google Toolbar Broker.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe [309704] [PID.3820]
    [MD5.52A15203DD8B6EB9F6C7D675D6D773A5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8067072] [PID.3596]
    [MD5.718D79F2E7EC3AFFD3661DA81F93BBEA] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [413128] [PID.396]
    [MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1452]
    [MD5.B362181ED3771DC03B4141927C80F801] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65432] [PID.1732]
    [MD5.FDC0C5ADDE1CDE6EDB0BEF78F0699AF3] – (…) — C:Program Files (x86)GIGABYTEEnergySaver2des2svr.exe [68136] [PID.1100]
    [MD5.D84AEA3F3329D622DFC1297DDDF6163B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.2160]
    [MD5.4F45ED469906494F9BF754E476390DBD] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472] [PID.2268]
    [MD5.D2FE0376285A783693469422678E878B] – (.NVIDIA Corporation – NVIDIA Network Service.) — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1593632] [PID.2308]
    [MD5.A61E919F62EE4FF74195422D208ABC15] – (.Contour Design, Inc. – Shuttle Device Service.) — C:Program Files (x86)Contour ShuttleShuttleEngine.exe [86016] [PID.2456]
    [MD5.101556F6216E97F1258D87C38203695F] – (.Gigabyte Technology CO., LTD. – Smart TimeLock Service.) — C:Program Files (x86)GIGABYTESmart6TimelockTimeMgmtDaemon.exe [114688] [PID.2600]
    [MD5.43E54574C955BBF44AF883EB0F8C9D06] – (.Gigabyte Technology CO., LTD. – Time Management Application.) — C:Program Files (x86)GIGABYTESmart6TimelockAlarmClock.exe [1011712] [PID.5532]
    [MD5.E79A8E33BD136D14BAE1FA20EB2EF124] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.5372]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersStephanAppDataLocalGoogleChromeUser DataDefaultPreferences

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 1 Legitimates Filtered in 00mn 17s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    P2 – FPN: [HKLM] [adobe.com/AdobeAAMDetect] – (…) — C:Program Files (x86)Common FilesAdobeOOBEPDAppCCMUtilitiesnpAdobeAAMDetect64.dll (.not file.)
    ~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.free.fr » onclick= »window.open(this.href);return false;
    ~ IE Browser: 20 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 29

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Smart Recovery 2 – [HKLM]{1d09c093-f71e-43c3-b948-19316cbd695e} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    O3 – Toolbar: avast! WebRep – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (…) — (.not file.)
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll
    O3 – Toolbar: &RoboForm Toolbar – [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. – RoboForm Main Module.) — C:Program Files (x86)Siber SystemsAI RoboFormRoboForm-x64.dll
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSQuickLaunch [Stephan]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersStephanAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Global Startup: 1 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [IntelliType Pro] . (.Microsoft Corporation – IType.exe.) — C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe
    O4 – HKLM..Run: [IntelliPoint] . (.Microsoft Corporation – IPoint.exe.) — C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe
    O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
    O4 – HKLM..RunOnce: [RPMKickstart] . (.Gigabyte Technology CO., LTD. – Smart Recovery Kickstart Application.) — C:Program FilesGIGABYTESMART6RecoveryRPMKickstart.exe
    O4 – HKCU..Run: [ISUSPM Startup] . (.InstallShield Software Corporation – InstallShield Update Service Update Manager.) — C:Program Files (x86)Common FilesInstallShieldUpdateServiceISUSPM.exe
    O4 – HKCU..Run: [GAINWARD] . (.Gainward Co. – EXPERTool : Display Control Panel.) — C:Program Files (x86)EXPERToolTBPanel.exe
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [AdobeBridge] Clé orpheline
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKCU..Run: [RoboForm] . (.Siber Systems – RoboForm TaskBar Icon.) — C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe
    O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKCU..Run: [EPLTargetP0000000000000000] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIJCE.exe =>.Epson Seiko Corporation
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [ISUSScheduler] . (.InstallShield Software Corporation – InstallShield Update Service Scheduler.) — C:Program Files (x86)Common FilesInstallShieldUpdateServiceissch.exe
    O4 – HKLM..Wow6432NodeRun: [Quick-Drop] . (.Corel Corporation – Corel DVD MovieFactory.) — C:Program Files (x86)CorelCorel DVD MovieFactory 7Corel DVD MovieFactory 7Quick-Drop.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKLM..Wow6432NodeRun: [FLxHCIm64] . (.Windows (R) Win 7 DDK provider – Fresco Logic.) — C:Program FilesFresco LogicFresco Logic USB3.0 Host Controlleramd64_hostFLxHCIm.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
    O4 – HKLM..Wow6432NodeRun: [Contour Shuttle Device Helper] . (.Contour Design, Inc. – Shuttle Device Helper Application.) — C:Program Files (x86)Contour ShuttleShuttleHelper.exe
    O4 – HKLM..Wow6432NodeRunOnce: [EasyTuneVI] . (.Pas de propriétaire – ETcall MFC Application.) — C:Program Files (x86)GIGABYTEET6ETCall.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [ISUSPM Startup] . (.InstallShield Software Corporation – InstallShield Update Service Update Manager.) — C:Program Files (x86)Common FilesInstallShieldUpdateServiceISUSPM.exe
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [GAINWARD] . (.Gainward Co. – EXPERTool : Display Control Panel.) — C:Program Files (x86)EXPERToolTBPanel.exe
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [AdobeBridge] Clé orpheline
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [RoboForm] . (.Siber Systems – RoboForm TaskBar Icon.) — C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
    O4 – HKUSS-1-5-21-1038908844-1798142516-3508811120-1000..Run: [EPLTargetP0000000000000000] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIJCE.exe =>.Epson Seiko Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~3Office14ONBttnIE.dll (.not file.)
    O9 – Extra button: Remplir les formulaires [64Bits] – {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.Siber Systems Inc. – RoboForm Main Module.) — C:Program Files (x86)Siber SystemsAI RoboFormroboform.dll
    O9 – Extra button: Enregistrer les formulaires [64Bits] – {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.Siber Systems Inc. – RoboForm Main Module.) — C:Program Files (x86)Siber SystemsAI RoboFormroboform.dll
    O9 – Extra button: Barre RoboForm [64Bits] – {724d43aa-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. – RoboForm Main Module.) — C:Program Files (x86)Siber SystemsAI RoboFormroboform.dll
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~3Office14ONBTTN~1.dll (.not file.)
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab » onclick= »window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{44DDE45B-5432-43EE-9448-D7C61924E545}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{44DDE45B-5432-43EE-9448-D7C61924E545}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS2ServicesTcpip..{44DDE45B-5432-43EE-9448-D7C61924E545}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA shim initialization dll, Version 337.) – C:Windowssystem32nvinitx.dll
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Contour Shuttle Device Engine (ShuttleEngine) . (.Contour Design, Inc. – Shuttle Device Service.) – C:Program Files (x86)Contour ShuttleShuttleEngine.exe
    ~ Services: 16 Legitimates Filtered in 00mn 05s

    —\ Tâches planifiées en automatique (O39)
    [MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (…) — C:WindowsAutoKMSAutoKMS.exe [1923584] =>Trojan.Keygen
    [MD5.00000000000000000000000000000000] [APT] [Red Giant Link] (…) — C:Program Files (x86)Red Giant LinkRed Giant Link.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{45C0B780-4B0E-430B-A76B-AF082090FEF9}] (…) — C:UsersStephanDesktopContour Shuttle 2.10bcdi_shuttle_win_2.10.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{547FECE8-5565-409A-9078-7BC6ABF9FC98}] (…) — D:TMPwz4b63Contour Shuttle Installer v2.81cdi_shuttle_win_2.81.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: AutoKMS – (…) — C:WindowsTasksAutoKMS.job [268] =>Trojan.Keygen
    O39 – APT: AutoKMS – (…) — C:WindowsSystem32TasksAutoKMS [268] =>Trojan.Keygen
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1070]
    ~ Scheduled Task: 19 Legitimates Filtered in 00mn 01s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (VirtDiskBus) . (.Giga-Byte Technology CO., LTD. – 3TB+ Unlock Bus Enumerator.) – C:WindowsSystem32DRIVERSVirtDiskBus64.sys
    ~ Drivers: 81 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Contour Shuttle – (.Contour Design, Inc..) [HKLM][64Bits] — {51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}
    O42 – Logiciel: Officekeygen – (.Officekeygen.) [HKCU][64Bits] — 1f2b5061f789d083
    O42 – Logiciel: Transition Pack 1 – (.FilmImpact.net.) [HKLM][64Bits] — Transition Pack 1
    ~ Logic: 27 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareWow6432NodeContour Design]
    [HKLMSoftwareWow6432NodeFlexbyte]
    ~ Key Software: 302 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 12/06/2014 – 07:51:53 – [] —-D C:Program Files (x86)Contour Shuttle
    O43 – CFD: 09/05/2014 – 22:32:25 – [] —-D C:Program Files (x86)WebSite X5 v10 – Evolution
    O43 – CFD: 22/02/2013 – 21:24:32 – [] —-D C:Program Files (x86)WebSite X5 v8 – Evolution
    O43 – CFD: 09/05/2014 – 22:27:00 – [] —-D C:Program Files (x86)WebSite X5 v9 – Evolution
    O43 – CFD: 12/06/2014 – 07:51:39 – [] —-D C:Program Files (x86)Common FilesContour Design
    O43 – CFD: 10/05/2014 – 10:12:25 – [] —-D C:ProgramDataContour Design
    O43 – CFD: 10/05/2014 – 13:34:27 – [] —-D C:ProgramDatagoodasnew
    O43 – CFD: 28/05/2014 – 17:57:48 – [] —-D C:ProgramDatargt
    O43 – CFD: 10/06/2014 – 19:01:47 – [] —-D C:UsersStephanAppDataRoamingInternet Traffic Agent
    O43 – CFD: 23/02/2013 – 12:26:48 – [0] –HAD C:UsersStephanAppDataLocalOzq2bkVjUnrUQYP
    O43 – CFD: 23/02/2013 – 10:28:49 – [] —-D C:UsersStephanAppDataRoamingMicrosoftWindowsStart MenuProgramsOfficekeygen
    ~ Program Folder: 205 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.85C44E34A9554BFC938E64E27CB0AF05] – 13/06/2014 – 06:06:18 —A- . (…) — C:WindowsESCAN.LOG [2474]
    O44 – LFC:[MD5.8F373ECA20673C3F93CE6E77439C97EA] – 13/06/2014 – 06:06:18 —A- . (…) — C:Windowswin.ini [810]
    O44 – LFC:[MD5.08FE89ADBF2E0E350E08A63805EED9EC] – 13/06/2014 – 06:06:43 —A- . (…) — C:Windowsgeneral.log [684]
    O44 – LFC:[MD5.43D4EAB1E2500C5DC2D2843BC435F060] – 13/06/2014 – 06:06:45 —A- . (…) — C:WindowsLic.xxx [56]
    O44 – LFC:[MD5.8F50831285F21FE72168B3DBC9D0BD8C] – 13/06/2014 – 06:06:53 —A- . (…) — C:WindowsUPDLL.LOG [1082]
    O44 – LFC:[MD5.8126331FBD4ED29EB3B356F9C905064D] – 13/06/2014 – 07:05:12 —A- . (…) — C:WindowsGVTDrv64.sys [30528]
    ~ Files: 63 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~1MICROS~3Office14GROOVEEX.DLL
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~1MICROS~3Office14GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{1658e747-d821-11e3-86dc-1c6f65f982ca}AutoRuncommand. (.Microsoft Corporation – Microsoft Setup Bootstrapper.) — N:SETUP.exe
    O51 – MPSK:{a993a529-7d2a-11e2-a1a1-1c6f65f982ca}AutoRuncommand. (…) — O:SETUP.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktopChanges »=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:10/01/2011 – 18:16:08 —A- . (…) — C:WindowsSystem32DriversAppleCharger.sys [21104]
    O58 – SDL:09/05/2014 – 22:19:07 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
    O58 – SDL:09/05/2014 – 22:19:07 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
    O58 – SDL:09/05/2014 – 22:19:07 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [208416] =>.ALWIL Software
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:31/08/2007 – 14:15:34 —A- . (.eMPIA Technology, Inc. – USB EMP Audio Device.) — C:WindowsSystem32DriversemAudio64.sys [79872]
    O58 – SDL:21/06/2007 – 17:51:46 —A- . (.eMPIA Technology, Inc. – USB 28xx WDM Driver.) — C:WindowsSystem32DriversemDevice64.sys [215808]
    O58 – SDL:21/06/2007 – 17:51:32 —A- . (.eMPIA Technology, Inc. – USB 28xx WDM Lower filter.) — C:WindowsSystem32DriversemFilter64.sys [6400]
    O58 – SDL:21/06/2007 – 17:51:30 —A- . (.eMPIA Technology, Inc. – USB 28xx WDM Upper Filter.) — C:WindowsSystem32DriversemScan64.sys [6144]
    O58 – SDL:07/03/2011 – 10:22:00 —A- . (.Etron Technology Inc – Etron eXtensible Hub Driver..) — C:WindowsSystem32DriversEtronHub3.sys [40832]
    O58 – SDL:07/03/2011 – 10:22:00 —A- . (.Etron Technology Inc – Etron eXtensible Host Controller Driver..) — C:WindowsSystem32DriversEtronXHCI.sys [65280]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:08/02/2011 – 16:02:44 —A- . (.Giga-Byte Technology CO., LTD. – 3TB+ Unlock Bus Enumerator.) — C:WindowsSystem32DriversVirtDiskBus64.sys [66160]
    O58 – SDL:16/03/2007 – 10:11:20 —A- . (.Windows (R) Server 2003 DDK provider – Display Control Program.) — C:WindowsSysWOW64driversTBPanelx64.sys [15648]
    ~ Drivers: 84 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 06/06/2014 – 08:22:25 —A- . (…) — C:UsersStephanDownloadsCDCheckSetup.exe [1554889]
    O61 – LFC: 10/06/2014 – 08:22:23 —A- . (…) — C:UsersStephanAppDataLocalGoogleChromeUser Datanacl_validation_cache.bin [128]
    O61 – LFC: 12/06/2014 – 08:22:23 —A- . (…) — C:UsersStephanAppDataLocalMicrosoftWindows1036StructuredQuerySchema.bin [333410]
    O61 – LFC: 12/06/2014 – 08:22:25 —A- . (…) — C:UsersStephanDesktopmwav.exe [216155864]
    O61 – LFC: 13/06/2014 – 08:22:25 —A- . (…) — C:UsersStephanDesktopadwcleaner_3.212.exe [1333465]
    ~ 613 Fichiers temporaires (Temporary files)
    ~ 635 Fichiers cookies (Cookies files)
    ~ Files: 28 Legitimates Filtered in 00mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 09/05/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 91 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {60C984D2-B795-4F9B-AC0C-AC4DAE7011E3} [DefaultScope] – (Google) – http://www.google.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com » onclick= »window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:UsersStephanAppDataLocalApps2.0AWCHJYM.4JBZ1VVM592.1KAoffi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664Officekeygen.exe.cdf-ms =>.Crack,Keygen
    C:UsersStephanAppDataLocalApps2.0AWCHJYM.4JBZ1VVM592.1KAoffi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664Officekeygen.exe.manifest =>.Crack,Keygen
    C:UsersStephanAppDataLocalApps2.0AWCHJYM.4JBZ1VVM592.1KAoffi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664Officekeygen.exe.mwt =>.Crack,Keygen
    C:UsersStephanAppDataLocalApps2.0AWCHJYM.4JBZ1VVM592.1KAoffi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664Officekeygen.exe.cdf-ms =>.Crack,Keygen
    C:UsersStephanAppDataLocalApps2.0AWCHJYM.4JBZ1VVM592.1KAoffi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664Officekeygen.exe.manifest =>.Crack,Keygen
    C:UsersStephanAppDataLocalApps2.0AWCHJYM.4JBZ1VVM592.1KAoffi..tion_abeda1bc0436908d_0001.0000_71707f9069df3664Officekeygen.exe.mwt =>.Crack,Keygen
    ~ Files: Scanned in 02mn 06s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.42F24559E8C472F6FF745BB7C5465FB2] [SPRF][13/06/2014] (…) — C:UsersStephanDesktopadwcleaner_3.212.exe [1333465]
    [MD5.AFFADE9AA0C802BEB835306CA412FF77] [SPRF][11/05/2014] (.AG – CUDA Information Utility.) — C:UsersStephanDesktopCUDA-Z-0.8.207.exe [2216448]
    [MD5.73A2A79581E430B890486C16065E837F] [SPRF][24/07/2012] (.SteelBytes – Pas de description.) — C:UsersStephanDesktopHD_Speed.exe [91290]
    [MD5.BEADA164989A4165B2438086E9ADE6EE] [SPRF][12/06/2014] (…) — C:UsersStephanDesktopmwav.exe [216155864]
    ~ Files: 10 Legitimates Filtered in 00mn 01s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: « {5335C14F-44F1-4632-8787-6ED492FABA1A} » | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersStephanAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: « {AE1E1819-1B4C-4901-8D5C-AA730DDF5D69} » | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersStephanAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 2 Legitimates Filtered in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: « A747D90C74DB9A2419E5EC6B1BBBC711 » . (.Software Updater.) — C:WindowsInstaller{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}icon.ico =>PUP.Eorezo
    ~ Update Products: 1 Legitimates Filtered in 00mn 00s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
    ~ BTK: 113 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 11/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 06/04/2010 31272 | (AppleChargerSrv) . (…) – C:WindowsSystem32AppleChargerSrv.exe
    SS – | Auto 23/02/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 23/02/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 23/02/2013 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
    SS – | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 17/06/2009 68136 | (DES2 Service) . (…) – C:Program Files (x86)GIGABYTEEnergySaver2des2svr.exe
    SR – | Auto 11/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) – C:Windowssystem32EscSvc64.exe
    SR – | Auto 21/02/2012 151648 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) – C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.exe
    SR – | Auto 30/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 05/02/2014 1593632 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    SR – | Auto 05/02/2014 16941856 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    SR – | Auto 20/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 14/02/2011 86016 | (ShuttleEngine) . (.Contour Design, Inc..) – C:Program Files (x86)Contour ShuttleShuttleEngine.exe
    SR – | Auto 13/10/2009 114688 | (Smart TimeLock) . (.Gigabyte Technology CO., LTD..) – C:Program Files (x86)GIGABYTESmart6TimelockTimeMgmtDaemon.exe
    SR – | Auto 20/05/2014 413128 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 03s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Stephan at 13/06/2014 08:24:41
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
    Run by Stephan at 13/06/2014 08:24:43
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (12/06/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 3

    C:WindowsAutoKMSAutoKMS.exe =>Trojan.Keygen^
    C:WindowsTasksAutoKMS.job =>Trojan.Keygen^
    C:WindowsSystem32TasksAutoKMS =>Trojan.Keygen^
    ~ Additionnel Scan: 314702 Items scanned in 00mn 14s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ » onclick= »window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ AMI: 1 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-eorezo » onclick= »window.open(this.href);return false; =>PUP.Eorezo
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 911 Legitimates filtered by white list
    End of the scan (583 lines in 03mn 09s)(6)[/spoiler:3cv5dvdk]

    Merci pour votre aide
    De plus sur le pC je perd mainavec le curseur de la souris qui passe d’une fenetre à une autre.
    (No malicious items detected)

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 0
    (No malicious items detected)

    Secteurs physiques: 0
    (No malicious items detected)

    (end)

    buckhulk
    Participant
    Nombre d'articles : 2398

    Bonjour , stef78

    en effet plus grand chose , peux-tu passer USBFix s’il te plait
    :merci2:

    USBFix

    Télécharge : UsbFix par El Desaparecido sur ton Bureau.

    A / Si ton antivirus affiche une alerte, ignore-la et désactive l’antivirus temporairement. Tous les Antivirus

    B / Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    C / Double clique sur UsbFix.exe.
    D / Valide en cliquant sur Appliquer.
    E / UsbFix se relancera pour prendre en compte tes réglages.
    F / Clique sur Nettoyage.

    H / Laisse travailler l’outil, ton bureau ne sera pas accessible durant la phase de nettoyage.
    I / À la fin du scan, un rapport va s’afficher, poste-le dans ta prochaine réponse sur le forum.

    1 / Le rapport est aussi sauvegardé à la racine du disque système.
    ( C:UsbFixLogUsbFix [Clean 1] Nom de l’ordinateur.txt ).

    ( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )

    2 / ->> Tutoriel (aide) en images sur le site de l’auteur.

    :D

    stef78
    Participant
    Nombre d'articles : 12

    Merci pour ton aide

    Voici le rapport
    ############################## | UsbFix V 7.171 | [Recherche]

    Utilisateur: Stephan (Administrateur) # STEPHAN-PC
    Mis à jour le 09/06/2014 par El Desaparecido – SosVirus
    Lancé à 09:04:34 | 13/06/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : http://www.sosvirus.net/forum-virus-securite.html
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    PC: Gigabyte Technology Co., Ltd. (Z68XP-UD3P)
    CPU: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
    RAM -> [Total : 16367 Mo| Free : 13362 Mo]
    Bios: Award Software International, Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17126
    WB: Google Chrome : 35.0.1916.114

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%SystemDrive%) -> Disque fixe # 112 Go (35 Go libre(s) – 31%) [] # NTFS
    D: -> Disque fixe # 3726 Go (2791 Go libre(s) – 75%) [Stockage] # NTFS
    E: -> Disque fixe # 932 Go (673 Go libre(s) – 72%) [Dossier temporaires adobe] # NTFS
    F: -> Disque fixe # 932 Go (417 Go libre(s) – 45%) [export transfert vidéo 83] # NTFS
    G: -> CD-ROM
    H: -> CD-ROM
    N: -> CD-ROM
    P: -> Disque amovible # 7 Go (4 Go libre(s) – 52%) [] # NTFS
    Q: -> Disque fixe # 932 Go (377 Go libre(s) – 40%) [Perso] # NTFS

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 476|ParentID: 4|Système)
    C:WindowsSystem32wininit.exe (ID: 776|ParentID: 688)
    C:WindowsSystem32winlogon.exe (ID: 840|ParentID: 768)
    C:WindowsSystem32services.exe (ID: 868|ParentID: 776)
    C:WindowsSystem32lsass.exe (ID: 892|ParentID: 776)
    C:WindowsSystem32lsm.exe (ID: 900|ParentID: 776)
    C:WindowsSystem32svchost.exe (ID: 1000|ParentID: 868)
    C:WindowsSystem32nvvsvc.exe (ID: 372|ParentID: 868)
    C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID: 404|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 544|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 988|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 1048|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 1084|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 1116|ParentID: 868)
    C:WindowsSystem32audiodg.exe (ID: 1200|ParentID: 988)
    C:WindowsSystem32svchost.exe (ID: 1240|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 1392|ParentID: 868)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1460|ParentID: 868)
    C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1504|ParentID: 372)
    C:WindowsSystem32nvvsvc.exe (ID: 1512|ParentID: 372)
    C:WindowsSystem32dwm.exe (ID: 1776|ParentID: 1048|Stephan)
    C:Windowsexplorer.exe (ID: 1812|ParentID: 1756|Stephan)
    C:WindowsSystem32taskeng.exe (ID: 1876|ParentID: 1116)
    C:WindowsSystem32spoolsv.exe (ID: 1912|ParentID: 868)
    C:WindowsSystem32taskhost.exe (ID: 1928|ParentID: 868|Stephan)
    C:WindowsSystem32svchost.exe (ID: 1984|ParentID: 868)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1572|ParentID: 868)
    C:Program Files (x86)GIGABYTEEnergySaver2des2svr.exe (ID: 1992|ParentID: 868)
    C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.EXE (ID: 2060|ParentID: 868)
    C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 2144|ParentID: 868)
    C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe (ID: 2340|ParentID: 868)
    C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe (ID: 2416|ParentID: 868)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 2496|ParentID: 868)
    C:Program Files (x86)Contour ShuttleShuttleEngine.exe (ID: 2572|ParentID: 868)
    C:Program Files (x86)GIGABYTEsmart6timelockTimeMgmtDaemon.exe (ID: 2604|ParentID: 868)
    C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe (ID: 2632|ParentID: 2340|Stephan)
    C:WindowsSystem32svchost.exe (ID: 2640|ParentID: 868)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2672|ParentID: 868)
    C:WindowsSystem32escsvc64.exe (ID: 2796|ParentID: 868)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE (ID: 2896|ParentID: 2672)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 3052|ParentID: 2496)
    C:WindowsSystem32conhost.exe (ID: 3060|ParentID: 784)
    C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe (ID: 3096|ParentID: 2660|Stephan)
    C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 3356|ParentID: 868)
    C:WindowsSystem32rundll32.exe (ID: 3968|ParentID: 1000|Stephan)
    C:WindowsSystem32svchost.exe (ID: 1292|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 3972|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 3940|ParentID: 868)
    C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 4648|ParentID: 1504|Stephan)
    C:Program FilesGIGABYTESMART6RecoveryRPMDaemon.exe (ID: 4312|ParentID: 4812|Stephan)
    C:WindowsSystem32svchost.exe (ID: 5016|ParentID: 868)
    C:Program Files (x86)GIGABYTEET6GUI.exe (ID: 1160|ParentID: 5112|Stephan)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 1072|ParentID: 1812|Stephan)
    C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe (ID: 4536|ParentID: 1812|Stephan)
    C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe (ID: 4892|ParentID: 1812|Stephan)
    C:Program Files (x86)EXPERToolTBPANEL.exe (ID: 4100|ParentID: 1812|Stephan)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 4584|ParentID: 1812|Stephan)
    C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 4184|ParentID: 1812|Stephan)
    C:Program Files (x86)Siber SystemsAI RoboFormrobotaskbaricon.exe (ID: 3780|ParentID: 1812|Stephan)
    C:WindowsSystem32spooldriversx643E_IATIJCE.EXE (ID: 4156|ParentID: 1812|Stephan)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 1192|ParentID: 4692|Stephan)
    C:Program Files (x86)Common FilesInstallShieldUpdateServiceissch.exe (ID: 5188|ParentID: 4692|Stephan)
    C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 5572|ParentID: 4692|Stephan)
    C:Program FilesFresco LogicFresco Logic USB3.0 Host Controlleramd64_hostFLxHCIm.exe (ID: 5916|ParentID: 4692|Stephan)
    C:Program Files (x86)Contour ShuttleShuttleHelper.exe (ID: 5616|ParentID: 4692|Stephan)
    C:WindowsSystem32SearchIndexer.exe (ID: 5464|ParentID: 868)
    C:WindowsSystem32wbemunsecapp.exe (ID: 5564|ParentID: 1000|Stephan)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5560|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 1328|ParentID: 868)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5864|ParentID: 1812|Stephan)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 1608|ParentID: 5864|Stephan)
    C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe (ID: 5844|ParentID: 5864|Stephan)
    C:WindowsSystem32MacromedFlashFlashUtil64_13_0_0_214_ActiveX.exe (ID: 6920|ParentID: 1000|Stephan)
    C:Program Files (x86)GIGABYTEsmart6timelockAlarmClock.exe (ID: 6304|ParentID: 2604)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 7140|ParentID: 5864|Stephan)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 5328|ParentID: 5864|Stephan)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 7908|ParentID: 868)
    C:WindowsSystem32svchost.exe (ID: 1720|ParentID: 868)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 2112|ParentID: 5864|Stephan)
    C:WindowsSystem32taskmgr.exe (ID: 3504|ParentID: 840|Stephan)
    C:WindowsSystem32SearchProtocolHost.exe (ID: 3472|ParentID: 5464|Stephan)
    C:WindowsSystem32SearchFilterHost.exe (ID: 7992|ParentID: 5464|Système)
    C:UsbFixUsbFix.exe (ID: 4924|ParentID: 1812|Stephan)
    C:WindowsSystem32wermgr.exe (ID: 7824|ParentID: 3972|Stephan)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [ISUSPM Startup] C:PROGRA~2COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup
    04 – HKCU..Run : [GAINWARD] C:Program Files (x86)EXPERToolTBPanel.exe /A
    04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKCU..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
    04 – HKCU..Run : [RoboForm] « C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe »
    04 – HKCU..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools LiteDTLite.exe » -autorun
    04 – HKCU..Run : [EPLTargetP0000000000000000] C:Windowssystem32spoolDRIVERSx643E_IATIJCE.EXE /EPT « EPLTargetP0000000000000000 » /M « XP-600 Series »
    04 – HKLM..Run : [IAStorIcon] C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLM..Run : [ISUSScheduler] « C:Program Files (x86)Common FilesInstallShieldUpdateServiceissch.exe » -start
    04 – HKLM..Run : [Quick-Drop] « C:Program Files (x86)CorelCorel DVD MovieFactory 7Corel DVD MovieFactory 7Quick-Drop.exe » WINDOWCALL
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
    04 – HKLM..Run : [FLxHCIm64] « C:Program FilesFresco LogicFresco Logic USB3.0 Host Controlleramd64_hostFLxHCIm.exe »
    04 – HKLM..Run : [APSDaemon] « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
    04 – HKLM..Run : [QuickTime Task] « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLM..Run : [BCSSync] « C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe » /DelayServices
    04 – HKLM..Run : [Contour Shuttle Device Helper] C:Program Files (x86)Contour ShuttleShuttleHelper.exe
    04 – HKLM..RunOnce : [EasyTuneVI] C:Program Files (x86)GIGABYTEET6ETCall.exe
    04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [IntelliType Pro] « C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe »
    04 – [x64] HKLM..Run : [IntelliPoint] « C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe »
    04 – [x64] HKLM..Run : [AdobeAAMUpdater-1.0] « C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe »
    04 – [x64] HKLM..Run : [NvBackend] « C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe »
    04 – [x64] HKLM..Run : [ShadowPlay] C:Windowssystem32rundll32.exe C:Windowssystem32nvspcap64.dll,ShadowPlayOnSystemStart
    04 – [x64] HKLM..RunOnce : [RPMKickstart] C:Program FilesGIGABYTESMART6RecoveryRPMKickstart.exe
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [ISUSPM Startup] C:PROGRA~2COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [GAINWARD] C:Program Files (x86)EXPERToolTBPanel.exe /A
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [RoboForm] « C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe »
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools LiteDTLite.exe » -autorun
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [EPLTargetP0000000000000000] C:Windowssystem32spoolDRIVERSx643E_IATIJCE.EXE /EPT « EPLTargetP0000000000000000 » /M « XP-600 Series »
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! C:Windowsrundl132.exe

    ################## | Registre |

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

    buckhulk
    Participant
    Nombre d'articles : 2398

    tu as pas passé la suppression, (nettoyage) ?

    stef78
    Participant
    Nombre d'articles : 12

    Non effectivement je n’avais pas fais cette étape.
    Ci joint le nouveau rapport :

    ############################## | UsbFix V 7.171 | [Nettoyage]

    Utilisateur: Stephan (Administrateur) # STEPHAN-PC
    Mis à jour le 09/06/2014 par El Desaparecido – SosVirus
    Lancé à 10:59:44 | 13/06/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : http://www.sosvirus.net/forum-virus-securite.html
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    PC: Gigabyte Technology Co., Ltd. (Z68XP-UD3P)
    CPU: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
    RAM -> [Total : 16367 Mo| Free : 11562 Mo]
    Bios: Award Software International, Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17126
    WB: Google Chrome : 35.0.1916.114

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    AS: avast! Antivirus [(!) Disabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%SystemDrive%) -> Disque fixe # 112 Go (36 Go libre(s) – 32%) [] # NTFS
    D: -> Disque fixe # 3726 Go (2791 Go libre(s) – 75%) [Stockage] # NTFS
    E: -> Disque fixe # 932 Go (673 Go libre(s) – 72%) [Dossier temporaires adobe] # NTFS
    F: -> Disque fixe # 932 Go (417 Go libre(s) – 45%) [export transfert vidéo 83] # NTFS
    G: -> CD-ROM
    H: -> CD-ROM
    N: -> CD-ROM
    Q: -> Disque fixe # 932 Go (377 Go libre(s) – 40%) [Perso] # NTFS

    ################## | Processus Stoppés |

    C:WindowsSystem32nvvsvc.exe (ID: 372|ParentID: 868)
    C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID: 404|ParentID: 868)
    C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1504|ParentID: 372|Système)
    C:WindowsSystem32nvvsvc.exe (ID: 1512|ParentID: 372|Système)
    C:Windowsexplorer.exe (ID: 1812|ParentID: 1756|Stephan)
    C:WindowsSystem32spoolsv.exe (ID: 1912|ParentID: 868|Système)
    C:WindowsSystem32taskhost.exe (ID: 1928|ParentID: 868|Stephan)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1572|ParentID: 868|Système)
    C:Program Files (x86)GIGABYTEEnergySaver2des2svr.exe (ID: 1992|ParentID: 868|Système)
    C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.EXE (ID: 2060|ParentID: 868|Système)
    C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 2144|ParentID: 868|Système)
    C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe (ID: 2416|ParentID: 868|Système)
    C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe (ID: 2496|ParentID: 868|Système)
    C:Program Files (x86)Contour ShuttleShuttleEngine.exe (ID: 2572|ParentID: 868|Système)
    C:Program Files (x86)GIGABYTEsmart6timelockTimeMgmtDaemon.exe (ID: 2604|ParentID: 868|Système)
    C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe (ID: 2632|ParentID: 2340|Stephan)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2672|ParentID: 868|Système)
    C:WindowsSystem32escsvc64.exe (ID: 2796|ParentID: 868|Système)
    C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe (ID: 3096|ParentID: 2660|Stephan)
    C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 3356|ParentID: 868|SERVICE RÉSEAU)
    C:WindowsSystem32rundll32.exe (ID: 3968|ParentID: 1000|Stephan)
    C:WindowsSystem32WUDFHost.exe (ID: 4216|ParentID: 1048|SERVICE LOCAL)
    C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 4648|ParentID: 1504|Stephan)
    C:Program FilesGIGABYTESMART6RecoveryRPMDaemon.exe (ID: 4312|ParentID: 4812|Stephan)
    C:Program Files (x86)GIGABYTEET6GUI.exe (ID: 1160|ParentID: 5112|Stephan)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 1072|ParentID: 1812|Stephan)
    C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe (ID: 4536|ParentID: 1812|Stephan)
    C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe (ID: 4892|ParentID: 1812|Stephan)
    C:Program Files (x86)EXPERToolTBPANEL.exe (ID: 4100|ParentID: 1812|Stephan)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 4584|ParentID: 1812|Stephan)
    C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 4184|ParentID: 1812|Stephan)
    C:Program Files (x86)Siber SystemsAI RoboFormrobotaskbaricon.exe (ID: 3780|ParentID: 1812|Stephan)
    C:WindowsSystem32spooldriversx643E_IATIJCE.EXE (ID: 4156|ParentID: 1812|Stephan)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 1192|ParentID: 4692|Stephan)
    C:Program Files (x86)Common FilesInstallShieldUpdateServiceissch.exe (ID: 5188|ParentID: 4692|Stephan)
    C:Program FilesFresco LogicFresco Logic USB3.0 Host Controlleramd64_hostFLxHCIm.exe (ID: 5916|ParentID: 4692|Stephan)
    C:Program Files (x86)Contour ShuttleShuttleHelper.exe (ID: 5616|ParentID: 4692|Stephan)
    C:WindowsSystem32SearchIndexer.exe (ID: 5464|ParentID: 868|Système)
    C:WindowsSystem32wbemunsecapp.exe (ID: 5564|ParentID: 1000|Stephan)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5560|ParentID: 868|SERVICE RÉSEAU)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5864|ParentID: 1812|Stephan)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 1608|ParentID: 5864|Stephan)
    C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe (ID: 5844|ParentID: 5864|Stephan)
    C:WindowsSystem32MacromedFlashFlashUtil64_13_0_0_214_ActiveX.exe (ID: 6920|ParentID: 1000|Stephan)
    C:Program Files (x86)GIGABYTEsmart6timelockAlarmClock.exe (ID: 6304|ParentID: 2604|Système)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 7140|ParentID: 5864|Stephan)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 5328|ParentID: 5864|Stephan)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 7908|ParentID: 868|Système)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 2112|ParentID: 5864|Stephan)
    C:WindowsSystem32MsSpellCheckingFacility.exe (ID: 3884|ParentID: 1000|Stephan)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 7320|ParentID: 5864|Stephan)
    C:WindowsSystem32taskmgr.exe (ID: 7656|ParentID: 3504|Stephan)
    C:Program Files (x86)Windows LiveMailwlmail.exe (ID: 8332|ParentID: 1812|Stephan)
    C:Program Files (x86)Windows LiveContactswlcomm.exe (ID: 4032|ParentID: 1000|Stephan)
    C:Program Files (x86)Internet Exploreriexplore.exe (ID: 7836|ParentID: 5864|Stephan)
    C:WindowsSystem32taskhost.exe (ID: 11080|ParentID: 868|SERVICE LOCAL)
    C:WindowsSysWOW64notepad.exe (ID: 12776|ParentID: 7344|Stephan)

    ################## | Autorun |

    ################## | Recherche générique |

    Supprimé! C:Windowsrundl132.exe

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-1038908844-1798142516-3508811120-1000Software….Mountpoints2{1658e747-d821-11e3-86dc-1c6f65f982ca}
    Supprimé! HKUS-1-5-21-1038908844-1798142516-3508811120-1000Software….Mountpoints2{a993a529-7d2a-11e2-a1a1-1c6f65f982ca}

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [ISUSPM Startup] C:PROGRA~2COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup
    04 – HKCU..Run : [GAINWARD] C:Program Files (x86)EXPERToolTBPanel.exe /A
    04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKCU..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
    04 – HKCU..Run : [RoboForm] « C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe »
    04 – HKCU..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools LiteDTLite.exe » -autorun
    04 – HKCU..Run : [EPLTargetP0000000000000000] C:Windowssystem32spoolDRIVERSx643E_IATIJCE.EXE /EPT « EPLTargetP0000000000000000 » /M « XP-600 Series »
    04 – HKLM..Run : [IAStorIcon] C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLM..Run : [ISUSScheduler] « C:Program Files (x86)Common FilesInstallShieldUpdateServiceissch.exe » -start
    04 – HKLM..Run : [Quick-Drop] « C:Program Files (x86)CorelCorel DVD MovieFactory 7Corel DVD MovieFactory 7Quick-Drop.exe » WINDOWCALL
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
    04 – HKLM..Run : [FLxHCIm64] « C:Program FilesFresco LogicFresco Logic USB3.0 Host Controlleramd64_hostFLxHCIm.exe »
    04 – HKLM..Run : [APSDaemon] « C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe »
    04 – HKLM..Run : [QuickTime Task] « C:Program Files (x86)QuickTimeQTTask.exe » -atboottime
    04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLM..Run : [BCSSync] « C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe » /DelayServices
    04 – HKLM..Run : [Contour Shuttle Device Helper] C:Program Files (x86)Contour ShuttleShuttleHelper.exe
    04 – HKLM..RunOnce : [EasyTuneVI] C:Program Files (x86)GIGABYTEET6ETCall.exe
    04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [IntelliType Pro] « C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe »
    04 – [x64] HKLM..Run : [IntelliPoint] « C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe »
    04 – [x64] HKLM..Run : [AdobeAAMUpdater-1.0] « C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe »
    04 – [x64] HKLM..Run : [NvBackend] « C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe »
    04 – [x64] HKLM..Run : [ShadowPlay] C:Windowssystem32rundll32.exe C:Windowssystem32nvspcap64.dll,ShadowPlayOnSystemStart
    04 – [x64] HKLM..RunOnce : [RPMKickstart] C:Program FilesGIGABYTESMART6RecoveryRPMKickstart.exe
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [ISUSPM Startup] C:PROGRA~2COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [GAINWARD] C:Program Files (x86)EXPERToolTBPanel.exe /A
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [swg] « C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [RoboForm] « C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe »
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [DAEMON Tools Lite] « C:Program Files (x86)DAEMON Tools LiteDTLite.exe » -autorun
    04 – HKUS-1-5-21-1038908844-1798142516-3508811120-1000..Run : [EPLTargetP0000000000000000] C:Windowssystem32spoolDRIVERSx643E_IATIJCE.EXE /EPT « EPLTargetP0000000000000000 » /M « XP-600 Series »
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [22/02/2013 – 21:16:37 | D] – C:IExp0.tmp
    [22/02/2013 – 21:16:37 | D] – C:IExp1.tmp
    [13/06/2014 – 08:57:51 | ASH | 16759880 Ko] – C:pagefile.sys
    [13/06/2014 – 06:58:47 | D] – C:Config.Msi
    [22/02/2013 – 20:46:27 | | 2 Ko] – C:RHDSetup.log
    [22/02/2013 – 20:46:56 | | 0 Ko] – C:Install.log
    [22/02/2013 – 21:18:36 | | 477 Ko] – C:vcredist_x86.log
    [22/02/2013 – 20:33:12 | SHD] – C:$Recycle.Bin
    [13/06/2014 – 08:24:41 | | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [22/02/2013 – 20:14:08 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [22/02/2013 – 23:39:40 | D] – C:Windows_Loader_v2.1.7_
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [20/11/2010 – 14:40:07 | RASH | 375 Ko] – C:bootmgr
    [22/02/2013 – 23:42:28 | | 309 Ko] – C:SUAQY
    [23/02/2013 – 09:08:37 | SHD] – C:Boot
    [09/05/2014 – 21:46:23 | SHD] – C:Recovery
    [09/05/2014 – 22:30:47 | SHD] – C:System Volume Information
    [10/05/2014 – 00:29:25 | D] – C:Données Ciel
    [10/05/2014 – 20:39:27 | D] – C:Twixtor5AE
    [10/05/2014 – 20:39:28 | D] – C:Twixtor5AEManual
    [11/05/2014 – 15:47:40 | D] – C:Users
    [29/05/2014 – 15:44:25 | D] – C:Intel
    [11/06/2014 – 14:16:53 | RHD] – C:MSOCache
    [12/06/2014 – 22:05:45 | D] – C:TempBK
    [13/06/2014 – 08:02:31 | HD] – C:ProgramData
    [13/06/2014 – 08:02:36 | D] – C:AdwCleaner
    [13/06/2014 – 08:15:50 | D] – C:Program Files (x86)
    [13/06/2014 – 08:59:43 | D] – C:UsbFix
    [13/06/2014 – 09:10:17 | D] – C:temp
    [13/06/2014 – 09:17:54 | D] – C:Program Files
    [13/06/2014 – 11:00:07 | D] – C:Windows
    [13/06/2014 – 11:00:14 | D] – C:TMP

    ################## | D: – Disque Fixe (NTFS) |

    [07/11/2007 – 08:00:40 | N | 10 Ko] – D:eula.1033.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.3082.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.2052.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1042.txt
    [07/11/2007 – 08:00:40 | N | 0 Ko] – D:eula.1041.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1040.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1028.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1031.txt
    [07/11/2007 – 08:00:40 | N | 17 Ko] – D:eula.1036.txt
    [04/07/2012 – 11:42:08 | D] – D:msdownld.tmp
    [07/02/2014 – 23:27:25 | D] – D:IExp1.tmp
    [04/04/2013 – 16:51:14 | N | 512 Ko] – D:ntuser.dat{30e17751-9c5f-11e2-93e3-1c6f65f982ca}.TMContainer00000000000000000002.regtrans-ms
    [04/04/2013 – 16:51:14 | N | 512 Ko] – D:ntuser.dat{30e17751-9c5f-11e2-93e3-1c6f65f982ca}.TMContainer00000000000000000001.regtrans-ms
    [09/05/2014 – 22:08:15 | N | 512 Ko] – D:ntuser.dat{d68d94cd-d7b2-11e3-9ac6-1c6f65f982ca}.TMContainer00000000000000000002.regtrans-ms
    [09/05/2014 – 22:08:15 | N | 512 Ko] – D:ntuser.dat{d68d94cd-d7b2-11e3-9ac6-1c6f65f982ca}.TMContainer00000000000000000001.regtrans-ms
    [07/11/2007 – 08:12:28 | N | 228 Ko] – D:VC_RED.MSI
    [07/06/2014 – 17:06:25 | N | 326452 Ko] – D:Theatre Clara.mp4
    [09/05/2014 – 22:08:15 | N | 0 Ko] – D:ntuser.dat.LOG2
    [09/05/2014 – 22:08:15 | N | 5 Ko] – D:ntuser.dat.LOG1
    [07/11/2007 – 08:00:40 | N | 1 Ko] – D:install.ini
    [07/11/2007 – 08:00:40 | N | 1 Ko] – D:globdata.ini
    [11/06/2014 – 08:21:07 | N | 0 Ko] – D:AVScanner.ini
    [07/11/2007 – 08:03:18 | N | 550 Ko | VirusTotal – (0/54)] – D:install.exe
    [10/05/2011 – 16:32:24 | N | 1497 Ko | VirusTotal – (0/46)] – D:cdi_shuttle_win_2.81.exe
    [07/11/2007 – 08:03:18 | N | 93 Ko | VirusTotal – (0/53)] – D:install.res.1040.dll
    [07/11/2007 – 08:03:18 | N | 80 Ko | VirusTotal – (0/53)] – D:install.res.1041.dll
    [07/11/2007 – 08:03:18 | N | 78 Ko | VirusTotal – (0/53)] – D:install.res.1042.dll
    [07/11/2007 – 08:03:18 | N | 95 Ko | VirusTotal – (0/53)] – D:install.res.1036.dll
    [07/11/2007 – 08:03:18 | N | 94 Ko | VirusTotal – (0/53)] – D:install.res.3082.dll
    [07/11/2007 – 08:03:18 | N | 75 Ko | VirusTotal – (0/53)] – D:install.res.1028.dll
    [07/11/2007 – 08:03:18 | N | 89 Ko | VirusTotal – (0/53)] – D:install.res.1033.dll
    [07/11/2007 – 08:03:18 | N | 74 Ko | VirusTotal – (0/53)] – D:install.res.2052.dll
    [07/11/2007 – 08:03:18 | N | 94 Ko | VirusTotal – (0/53)] – D:install.res.1031.dll
    [09/04/2014 – 15:13:00 | N | 478 Ko | VirusTotal – (0/51)] – D:SecurityScanner.dll
    [09/05/2014 – 22:08:15 | N | 256 Ko] – D:ntuser.dat
    [07/11/2007 – 08:09:22 | N | 1409 Ko] – D:VC_RED.cab
    [07/11/2007 – 08:00:40 | N | 6 Ko] – D:vcredist.bmp
    [04/04/2013 – 16:51:14 | N | 64 Ko] – D:ntuser.dat{30e17751-9c5f-11e2-93e3-1c6f65f982ca}.TM.blf
    [09/05/2014 – 22:08:15 | N | 64 Ko] – D:ntuser.dat{d68d94cd-d7b2-11e3-9ac6-1c6f65f982ca}.TM.blf
    [09/05/2014 – 18:31:04 | SHD] – D:$RECYCLE.BIN
    [08/01/2012 – 19:25:36 | D] – D:Favorites
    [29/02/2012 – 09:46:40 | D] – D:My RoboForm Data
    [09/04/2012 – 17:46:35 | SHD] – D:System Volume Information
    [15/09/2012 – 18:03:01 | D] – D:ProgramData
    [29/01/2013 – 10:48:24 | D] – D:TEMPDIR
    [03/12/2013 – 19:35:13 | D] – D:site ecomvideo 2
    [30/01/2014 – 14:35:14 | D] – D:signature mail
    [13/02/2014 – 10:05:04 | D] – D:a virer
    [04/03/2014 – 10:09:18 | D] – D:Site aquanett
    [08/04/2014 – 14:02:38 | D] – D:site ecome vidéo
    [12/04/2014 – 08:12:57 | D] – D:commande vautrain
    [09/05/2014 – 23:01:19 | D] – D:site transfert video
    [05/06/2014 – 15:08:20 | D] – D:site mariage
    [06/06/2014 – 07:45:37 | D] – D:Mes documents
    [08/06/2014 – 08:01:52 | D] – D:Transfert video 83
    [10/06/2014 – 14:15:18 | D] – D:documents transfert vidéo
    [11/06/2014 – 10:47:05 | D] – D:torrent
    [11/06/2014 – 15:57:21 | D] – D:TEMP
    [11/06/2014 – 16:39:58 | D] – D:site exemple vente immo+
    [12/06/2014 – 11:17:44 | D] – D:TMP

    ################## | E: – Disque Fixe (NTFS) |

    [09/05/2014 – 18:31:04 | SHD] – E:$RECYCLE.BIN
    [26/10/2012 – 16:23:55 | SHD] – E:System Volume Information
    [04/05/2014 – 22:25:40 | D] – E:corel dvd temp
    [12/06/2014 – 13:16:44 | D] – E:adobe temp
    [12/06/2014 – 22:55:11 | D] – E:previsualisation vidéo
    [12/06/2014 – 22:55:11 | D] – E:Previsualisation audio

    ################## | F: – Disque Fixe (NTFS) |

    [09/05/2014 – 18:31:05 | SHD] – F:$RECYCLE.BIN
    [26/10/2012 – 16:23:55 | SHD] – F:System Volume Information
    [02/05/2014 – 12:15:37 | D] – F:Montaz
    [04/05/2014 – 14:01:04 | D] – F:Joray
    [06/05/2014 – 23:06:29 | D] – F:commande Delattre
    [14/05/2014 – 20:38:15 | D] – F:Caudron
    [22/05/2014 – 13:37:01 | D] – F:Garcia
    [22/05/2014 – 15:20:21 | D] – F:ridel
    [22/05/2014 – 16:17:25 | D] – F:Himam
    [25/05/2014 – 21:09:34 | D] – F:Lepage
    [27/05/2014 – 08:31:44 | D] – F:antoine
    [01/06/2014 – 13:35:48 | D] – F:rivier
    [04/06/2014 – 17:23:28 | D] – F:Lancelloti
    [05/06/2014 – 10:29:42 | D] – F:roucher
    [05/06/2014 – 11:29:01 | D] – F:Proutière
    [06/06/2014 – 12:28:54 | D] – F:ruotolo
    [10/06/2014 – 14:56:42 | D] – F:Millan
    [12/06/2014 – 15:52:37 | D] – F:Gautier

    ################## | Q: – Disque Fixe (NTFS) |

    [16/03/2013 – 17:34:26 | N | 12 Ko] – Q:essai cache ecran multiple.png
    [12/01/2014 – 17:53:28 | N | 1095 Ko] – Q:photo mathilde noir et blanc.jpg
    [23/10/2013 – 17:03:54 | N | 19 Ko] – Q:CV steph .docx
    [19/03/2014 – 10:03:09 | N | 17 Ko] – Q:post homologation drone.docx
    [09/05/2014 – 17:36:08 | N | 1 Ko] – Q:MediaID.bin
    [09/05/2014 – 18:31:05 | SHD] – Q:$RECYCLE.BIN
    [28/09/2012 – 09:16:44 | D] – Q:sauvegarde photos
    [28/09/2012 – 09:48:55 | D] – Q:Automobile
    [12/11/2012 – 18:51:29 | D] – Q:Vidéos familliales
    [23/02/2013 – 14:37:01 | SHD] – Q:System Volume Information
    [29/05/2013 – 20:26:47 | D] – Q:tuto mattrunk
    [04/10/2013 – 09:52:32 | D] – Q:Preset AE
    [08/10/2013 – 20:27:23 | D] – Q:Clip vidéo
    [08/10/2013 – 20:28:38 | D] – Q:Bandeau titres
    [21/12/2013 – 18:35:53 | D] – Q:sauvegarde pc
    [04/01/2014 – 22:04:41 | D] – Q:Formation vidéo
    [12/01/2014 – 00:14:47 | D] – Q:Site aquanett
    [12/01/2014 – 00:14:48 | D] – Q:site ecomvideo 2
    [12/01/2014 – 00:17:41 | D] – Q:site transfert video
    [12/01/2014 – 00:26:22 | D] – Q:site ecome vidéo
    [22/01/2014 – 15:09:02 | D] – Q:resources Ae
    [06/02/2014 – 22:53:46 | D] – Q:site mariage
    [27/02/2014 – 18:24:06 | D] – Q:Artbeats – Film Clutter
    [27/02/2014 – 18:25:06 | D] – Q:Artbeats – Film Clutter 2
    [28/04/2014 – 15:10:42 | D] – Q:Photos
    [09/05/2014 – 17:19:40 | D] – Q:Sauvegarde
    [09/05/2014 – 17:38:29 | D] – Q:WindowsImageBackup
    [10/05/2014 – 11:26:39 | D] – Q:Installation adobe + plugin
    [10/05/2014 – 12:08:25 | D] – Q:Bibliotheque
    [10/05/2014 – 13:11:04 | D] – Q:Logiciel divers
    [29/05/2014 – 20:55:21 | D] – Q:Prise de vue Xf100
    [04/06/2014 – 21:53:23 | D] – Q:animation Ae Pour TV
    [12/06/2014 – 09:46:06 | D] – Q:Banque d’images
    [12/06/2014 – 10:41:29 | D] – Q:Composition Ae perso

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    Q:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

    buckhulk
    Participant
    Nombre d'articles : 2398

    ok tu me refais un ZHPDiag s’il te plait …

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

    stef78
    Participant
    Nombre d'articles : 12

    En lien le fichier demandé

    http://upload.sosvirus.net/www/?a=d&i=fQtK0OKk8h » onclick= »window.open(this.href);return false;

    Merci beaucoup :merci2:

    buckhulk
    Participant
    Nombre d'articles : 2398

    désinstalle tes µtorrent car bien qu’il ne soient pas infectieux , c’est eux qui t’amènent des virus …

    Regarde ICI

    passe ensuite shorcut_Module et refait moi un ZHPDiag après je te ferais un script pour virer les restes :

    • Désactive ton antivirus sinon l’outil ne pourra pas travailler convenablement.
    • Télécharge Shortcut_Module sur ton bureau.

      Note : Enregistrer votre travail avant de continuer !

    • Lance Shortcut_Module,
    • Clic sur Nettoyer

      Note : Patiente le temps du scan

    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : « Supprimer le proxy« 
    • Héberge le rapport C:Shortcut_Module_date_heure.txt sur http://upload.sosvirus.net/ » onclick= »window.open(this.href);return false; puis donne le lien obtenu

    :merci2: ;)

    stef78
    Participant
    Nombre d'articles : 12

    Ok merci

    Hélas j’utilise des programmes que je ne peux désinstaller, il me serve tous les jours et me sont vraiment nécessaire.

    buckhulk
    Participant
    Nombre d'articles : 2398

    ok ok on va garder le µtorrents , as-tu passé Shortcut_Module ?

    si oui j’ai pas le rapport … et il me faudrait un autre ZHPDiag s’il te plait …

    :merci2:

    stef78
    Participant
    Nombre d'articles : 12

    J’ai bien passé Shortcut module .

    Ci joint le nouveau rapport :
    http://upload.sosvirus.net/www/?a=d&i=dtIG7SGP2t » onclick= »window.open(this.href);return false;

    Merci beaucoup :bravo1:

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8202

    salut pour avancer , il manque le rapport de shortcut_module tu le trouveras dans c:

    stef78
    Participant
    Nombre d'articles : 12

    Désolé le voici.

    http://upload.sosvirus.net/www/?a=d&i=rFBnGnxLgc » onclick= »window.open(this.href);return false;

    buckhulk
    Participant
    Nombre d'articles : 2398

    ok vu le rapport de S_M mais pas de ZHPDiag ?

    stef78
    Participant
    Nombre d'articles : 12

    En lien avec le message juste avant .

15 sujets de 1 à 15 (sur un total de 24)

Vous devez être connecté pour répondre à ce sujet.