Sujet Précédent Sujet Suivant

IMinent

Résolu
Madddy Messages postés 151 Statut Membre -  
Madddy Messages postés 151 Statut Membre -
Bonjour,
j'aimerais savoir si IMinent est un parasite ? car ce moteur de recherche s'est installé à la place de google et je n'arrive pas à le supprimer même en le désinstallant.

je suis sous Windows 7

merci de m'aider
à bientôt

Madddy
A voir également:

61 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

IMinent peut être considéré comme un hijacker qui remplace la page d'accueil et le moteur de recherche, compliquant la suppression sur Windows 7 et perturbant la navigation. Des solutions essentielles visent à réparer le système via l'invite de commandes ou un live CD, puis à créer un CD de récupération Windows 7 et à rétablir les paramètres du navigateur. Des éléments détectés dans les rapports et les processus lancés indiquent des programmes au démarrage ou des extensions potentiellement malveillants; il faut vérifier des composants comme Overwolf.exe et les redirections d'adresse.

Généré automatiquement par IA
sur la base des meilleures réponses
Réponse 1 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
slt

colles un rapport de suppression avec adwcleaner
0
Réponse 2 / 61
Madddy Messages postés 151 Statut Membre 1
 
d'accord, merci jmpjlp =)
0
Réponse 3 / 61
Madddy Messages postés 151 Statut Membre 1
 
# AdwCleaner v2.115 - Rapport créé le 22/03/2013 à 14:47:24
# Mis à jour le 17/03/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Mad - MAD-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Mad\Downloads\adwcleaner.exe
# Option [Suppression]

***** [Services] *****

***** [Fichiers / Dossiers] *****

***** [Registre] *****

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v19.0.2 (fr)

Fichier : C:\Users\Mad\AppData\Roaming\Mozilla\Firefox\Profiles\zt49o792.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [3675 octets] - [14/02/2013 08:50:30]
AdwCleaner[S2].txt - [30027 octets] - [22/03/2013 13:36:28]
AdwCleaner[S3].txt - [1014 octets] - [22/03/2013 13:58:01]
AdwCleaner[S4].txt - [947 octets] - [22/03/2013 14:47:24]

########## EOF - C:\AdwCleaner[S4].txt - [1006 octets] ##########
0
Réponse 4 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
tu l'as passé plusieurs fois donc...

AdwCleaner[S1].txt - [3675 octets] - [14/02/2013 08:50:30]
AdwCleaner[S2].txt - [30027 octets] - [22/03/2013 13:36:28]
AdwCleaner[S3].txt - [1014 octets] - [22/03/2013 13:58:01]
AdwCleaner[S4].txt - [947 octets] - [22/03/2013 14:47:24]

cela persiste?

pour voir

Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(outil de diagnostic)

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.com/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

ou sinon pour transmettre ton rapport:
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 61
Madddy Messages postés 151 Statut Membre 1
 
le problème persiste oui, dans la barre d'adresse j'ai ça : [http:// Effacée par la Modération ]

et le moteur de recherche c'est yahoo maintenant.

j'ai bien posté le rapport sur le site.

Maintenant je fais quoi ?
0
Réponse 6 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
tu fais passer le lien ici...
0
Réponse 7 / 61
Madddy Messages postés 151 Statut Membre 1
 
quel lien ?, et quand je clique sur lien que tu me donnes, ça fait rien...
0
Réponse 8 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
je le trouve comment ton rapport zhpdiag hébergé?
0
Madddy Messages postés 151 Statut Membre 1
 
Rapport de ZHPDiag v2013.3.22.72 par Nicolas Coolman, Update du 21/03/2013
Run by Mad at 22/03/2013 17:37:44
State :
High Elevated Privileges : OK
UAC : Deactivate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : KQVVG
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 261 GB (87%) free of 298 GB

---\\ Logged in mode
~ Computer Name: MAD-PC
~ User Name: Mad
~ All Users Names: Mad, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Mad\AppData\Roaming\
~ %Desktop% : C:\Users\Mad\Desktop\
~ %Favorites% : C:\Users\Mad\Favorites\
~ %LocalAppData% : C:\Users\Mad\AppData\Local\
~ %StartMenu% : C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 261 Go of 298 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Legitimates Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FA274190682AA41A46B285208ED46A74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 07:47:19.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 07:41:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Legitimates Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/238
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/89
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Legitimates Scanned in 00mn 01s



---\\ Processus lancés
[MD5.7B93B62841198A27C2A095DB0FB37DAB] - (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe [35256] [PID.1328]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.2632]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.2528]
[MD5.BAD8F451905AC8A73F7E4C3BC441E054] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [5889536] [PID.3940]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1824]
~ Processes Running: Legitimates Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Mad\AppData\Roaming\Mozilla\Firefox\Profiles\zt49o792.default\prefs.js
M3 - MFPP: Plugins - [Mad] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M0 - MFSP: prefs.js [Mad - zt49o792.default] http://start.iminent.com
M2 - MFEP: prefs.js [Mad - zt49o792.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20130129 (.WOT Services Oy.)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\Mad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: Legitimates Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/?gws_rd=ssl
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/?gws_rd=ssl
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: Legitimates Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.offerbox.com
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Legitimates Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Legitimates Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Legitimates Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
~ BHO: Legitimates Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe
O4 - HKCU\..\Run: [Overwolf] . (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2853837300-762174546-3832088544-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe
O4 - HKUS\S-1-5-21-2853837300-762174546-3832088544-1000\..\Run: [Overwolf] . (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
~ Application: Legitimates Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: e-Carte Bleue Banque Populaire.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files (x86)\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
~ Global Startup: Legitimates Scanned in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DFF9A65-4C6D-44F7-BD69-8B580102768B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DFF9A65-4C6D-44F7-BD69-8B580102768B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DFF9A65-4C6D-44F7-BD69-8B580102768B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Legitimates Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Legitimates Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
~ Services: 2 Legitimates Scanned in 00mn 03s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [1002]
[MD5.EA856F4A46320389D1899B2CAA7BF40F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656]
[MD5.B50B29A168885FDB523D71ACA6868454] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3262816]
[MD5.00000000000000000000000000000000] [APT] [{38AB43FE-F8E1-45B0-8928-12311DFC739E}] (...) -- C:\Users\Mad\Desktop\MinecraftUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B91CB174-9F7D-48A2-86B1-CA9DF10922B9}] (...) -- C:\Users\Mad\Desktop\MinecraftUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F2F7BED5-E903-4814-9EE0-238EBC418274}] (...) -- C:\Users\Mad\Desktop\MinecraftUpdate.exe (.not file.) [0]
~ Scheduled Task: Legitimates Scanned in 00mn 05s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 11 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 57 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Gameforge Live 1.0 "Legend" - (.Gameforge.) [HKLM][64Bits] -- {9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1
O42 - Logiciel: Overwolf - (.Overwolf.) [HKLM][64Bits] -- {6FB58056-0BD1-4E42-BC61-26A840895497}
O42 - Logiciel: Runes of Magic - (.Gameforge Productions GmbH.) [HKLM][64Bits] -- {A2F166A0-F031-4E27-A057-C69733219434}_is1
O42 - Logiciel: Tibia - (.CipSoft GmbH.) [HKLM][64Bits] -- Tibia_is1
~ Logic: 48 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Discreet Monsters]
[HKCU\Software\Discreet-Monsters]
[HKCU\Software\Gameforge4d]
[HKCU\Software\Overwolf]
[HKCU\Software\Pointsoft]
[HKLM\Software\Wow6432Node\Gameforge4d]
[HKLM\Software\Wow6432Node\Gameforge]
[HKLM\Software\Wow6432Node\Nostale_FR]
[HKLM\Software\Wow6432Node\Overwolf]
[HKLM\Software\Wow6432Node\Runes of Magic]
~ Key Software: 119 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/02/2013 - 08:12:07 - [1354,411] ----D C:\Program Files (x86)\GameforgeLive
O43 - CFD: 11/03/2013 - 22:28:26 - [85,255] ----D C:\Program Files (x86)\Overwolf
O43 - CFD: 18/03/2013 - 21:32:18 - [79,314] ----D C:\Program Files (x86)\Tibia
O43 - CFD: 11/03/2013 - 22:28:25 - [0,446] ----D C:\Program Files (x86)\Common Files\Overwolf
O43 - CFD: 28/07/2012 - 17:28:50 - [0] ----D C:\ProgramData\Modèles
O43 - CFD: 06/01/2013 - 17:42:09 - [84,375] ----D C:\ProgramData\Overwolf
O43 - CFD: 29/10/2012 - 11:40:28 - [0] ----D C:\Users\Mad\AppData\Roaming\app
O43 - CFD: 11/08/2012 - 13:43:28 - [0] ----D C:\Users\Mad\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 30/10/2012 - 13:51:13 - [37,599] ----D C:\Users\Mad\AppData\Roaming\Tibia
O43 - CFD: 24/12/2012 - 22:59:00 - [0,003] ----D C:\Users\Mad\AppData\Local\Gameforge4d
O43 - CFD: 22/03/2013 - 14:49:29 - [17,006] ----D C:\Users\Mad\AppData\Local\Overwolf
O43 - CFD: 04/02/2013 - 08:29:13 - [0,487] ----D C:\Users\Mad\AppData\Local\Purplizer
~ Program Folder: 106 Legitimates Scanned in 00mn 06s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.E4EC0AAC5D1CB2C09FC7A3C3B5EFF9AF] - 22/03/2013 - 16:45:39 ---A- . (...) -- C:\Windows\WindowsUpdate.log [39730]
O44 - LFC:[MD5.C1D2177D0E82E22A3209137076796B57] - 22/03/2013 - 14:48:30 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.7DCC062B08746E1E58D1338F2D3272FB] - 22/03/2013 - 14:47:34 ---A- . (...) -- C:\AdwCleaner[S4].txt [1075]
O44 - LFC:[MD5.3B93A27A4944DA17ED48078F3CBCEDA2] - 22/03/2013 - 13:58:11 ---A- . (...) -- C:\AdwCleaner[S3].txt [1014]
O44 - LFC:[MD5.7589825B55E1A1308568696CE836E183] - 22/03/2013 - 13:36:41 ---A- . (...) -- C:\AdwCleaner[S2].txt [30027]
O44 - LFC:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 22/03/2013 - 12:54:17 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\SysNative\hamachi.sys [33856]
O44 - LFC:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 22/03/2013 - 12:54:17 RSHAD . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856]
O44 - LFC:[MD5.E185BDA84E5F03F4E1D8DCA30E209277] - 19/03/2013 - 23:12:48 ---A- . (...) -- C:\Windows\epplauncher.mif [1912]
O44 - LFC:[MD5.85584A83B42C6A9C3C67010ACA604B72] - 15/03/2013 - 09:44:59 ---A- . (...) -- C:\Windows\client.config.ini [857]
O44 - LFC:[MD5.DFA65F31129C35DA05767C8755DD183E] - 07/03/2013 - 00:32:22 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\SysNative\aswBoot.exe [287840]
O44 - LFC:[MD5.DFA65F31129C35DA05767C8755DD183E] - 07/03/2013 - 00:32:22 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe [287840]
O44 - LFC:[MD5.A83639219E35F6DB7B840CDF7D243192] - 03/03/2013 - 13:44:47 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.28E5ECCCA1DA617F7B2A098B74F25C6F] - 03/03/2013 - 13:44:47 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106388]
O44 - LFC:[MD5.2C7156808F71645BBF1A955625C78572] - 03/03/2013 - 13:44:47 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130754]
O44 - LFC:[MD5.8516D87D06295DF15BBE6431EFB66373] - 03/03/2013 - 13:44:47 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [616008]
O44 - LFC:[MD5.BA04790CEB5B4970C58AE7633FEE0879] - 03/03/2013 - 13:44:47 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704480]
O44 - LFC:[MD5.A83639219E35F6DB7B840CDF7D243192] - 03/03/2013 - 13:44:47 RSHAD . (...) -- C:\Windows\System32\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.28E5ECCCA1DA617F7B2A098B74F25C6F] - 03/03/2013 - 13:44:47 RSHAD . (...) -- C:\Windows\System32\perfc009.dat [106388]
O44 - LFC:[MD5.2C7156808F71645BBF1A955625C78572] - 03/03/2013 - 13:44:47 RSHAD . (...) -- C:\Windows\System32\perfc00C.dat [130754]
O44 - LFC:[MD5.8516D87D06295DF15BBE6431EFB66373] - 03/03/2013 - 13:44:47 RSHAD . (...) -- C:\Windows\System32\perfh009.dat [616008]
O44 - LFC:[MD5.BA04790CEB5B4970C58AE7633FEE0879] - 03/03/2013 - 13:44:47 RSHAD . (...) -- C:\Windows\System32\perfh00C.dat [704480]
~ Files: Legitimates Scanned in 00mn 05s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.34FEB78D6BC2DCB63EEF0B641C9E59EF] - 16/03/2013 - 18:01:29 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.6CB946C045A6230125390498462AC7CF] - 17/03/2013 - 05:00:05 ---A- - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf
O45 - LFCP:[MD5.1DA931BA283802B4ED7F286C01C2DD2E] - 17/03/2013 - 13:38:04 ---A- - C:\Windows\Prefetch\JUSCHED.EXE-60F1FB86.pf
O45 - LFCP:[MD5.607B7AB3493E062546E4043F35DBC97E] - 17/03/2013 - 13:45:51 ---A- - C:\Windows\Prefetch\SC.EXE-945D79AE.pf
O45 - LFCP:[MD5.6FC798C5D4783D43688CDE9D4AB16010] - 18/03/2013 - 07:57:50 ---A- - C:\Windows\Prefetch\DW20.EXE-1EFBE0F9.pf
O45 - LFCP:[MD5.A08E51AF0C12C24847F799C66C4F06DE] - 18/03/2013 - 08:00:56 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-67751737.pf
O45 - LFCP:[MD5.4AB00AB24E9D0E806C0367711C257EE0] - 18/03/2013 - 08:03:15 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf
O45 - LFCP:[MD5.A94AAD2508AE88A36A100172950A1ACD] - 18/03/2013 - 10:59:15 ---A- - C:\Windows\Prefetch\SETUP.OVR-56BCD126.pf
O45 - LFCP:[MD5.7C6658E2CFF007EAE5A0D35938EEAE2E] - 18/03/2013 - 13:00:32 ---A- - C:\Windows\Prefetch\AVBUGREPORT.EXE-3B5B9E84.pf
O45 - LFCP:[MD5.5AE27C72516CFB0B90D59F22FEC0C90F] - 18/03/2013 - 13:04:31 ---A- - C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
O45 - LFCP:[MD5.E0D07D4202E8E496432D8B36FFCBFB15] - 18/03/2013 - 13:04:31 ---A- - C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
O45 - LFCP:[MD5.7603901F6158C53E35F3F379BF69F57A] - 18/03/2013 - 13:04:36 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
O45 - LFCP:[MD5.96FF6C876036B92DC6E6987713760049] - 18/03/2013 - 13:04:37 ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
O45 - LFCP:[MD5.5512F76097945ED976A947A1EE5CDBF9] - 18/03/2013 - 13:04:46 ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
O45 - LFCP:[MD5.A14FAD732A19D08C8F1ACE41D0A36DAE] - 18/03/2013 - 13:39:35 ---A- - C:\Windows\Prefetch\AVAST.SETUP-B1D66586.pf
O45 - LFCP:[MD5.2812F100AD60676E94EDBFCCFD111315] - 18/03/2013 - 13:39:44 ---A- - C:\Windows\Prefetch\ASWRUNDLL.EXE-08C9C8CB.pf
O45 - LFCP:[MD5.F233B7705CEDEC0023B3E5F1E1E40FA6] - 18/03/2013 - 13:41:43 ---A- - C:\Windows\Prefetch\CTFMON.EXE-5E5138CF.pf
O45 - LFCP:[MD5.41CA0D0CB8BA3AD4220DD15DBBC24E6F] - 18/03/2013 - 13:42:09 ---A- - C:\Windows\Prefetch\ASWREGSVR.EXE-AD27A91B.pf
O45 - LFCP:[MD5.861E3763CB367DD763AD94DA0663F452] - 18/03/2013 - 13:42:10 ---A- - C:\Windows\Prefetch\ASWREGSVR64.EXE-9CD9EB4D.pf
O45 - LFCP:[MD5.6CEBC6EDBFAC0BB6A97F982BB9104CEF] - 18/03/2013 - 13:42:10 ---A- - C:\Windows\Prefetch\VISTHAUX.EXE-E83618CB.pf
O45 - LFCP:[MD5.6E405C267305FCAAF784E19CFE4B865C] - 18/03/2013 - 13:42:13 ---A- - C:\Windows\Prefetch\AVASTEMUPDATE.EXE-6EF4B603.pf
O45 - LFCP:[MD5.6152C7FEDD5CDF8CB8A516B01E6C221E] - 18/03/2013 - 13:42:20 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf
O45 - LFCP:[MD5.D376B8892F218921A829639A8EAA87D9] - 18/03/2013 - 13:43:41 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-37549B7E.pf
O45 - LFCP:[MD5.D993A7B6C97C7B8325E51470287A50FB] - 18/03/2013 - 13:45:31 ---A- - C:\Windows\Prefetch\AVASTUI.EXE-56B29A08.pf
O45 - LFCP:[MD5.6EFEB00E68C0CE95FD57A5048FF9FB2F] - 18/03/2013 - 13:50:42 ---A- - C:\Windows\Prefetch\MICROSOFT-SECURITY-ESSENTIALS-E4E1921C.pf
O45 - LFCP:[MD5.945A6F2EC9C4C65720A2AEBBAFDC9F1B] - 18/03/2013 - 13:50:43 ---A- - C:\Windows\Prefetch\EPPLAUNCHER.EXE-C8FEEA68.pf
O45 - LFCP:[MD5.92C81ECB28FB0F097699BA523CF8F010] - 18/03/2013 - 13:54:01 ---A- - C:\Windows\Prefetch\EPPLAUNCHER.EXE-E7B914EB.pf
O45 - LFCP:[MD5.16FCBD6BF06007F7277807DA47F3E351] - 18/03/2013 - 13:54:01 ---A- - C:\Windows\Prefetch\MICROSOFT-SECURITY-ESSENTIALS-9C43FA15.pf
O45 - LFCP:[MD5.7170A6149FCB29F0B49A84474E42A6D5] - 18/03/2013 - 13:54:01 ---A- - C:\Windows\Prefetch\SETUP.EXE-8C601695.pf
O45 - LFCP:[MD5.F49B88CE3D9E65B455732F80FC428C7F] - 18/03/2013 - 13:59:52 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-5E95E876.pf
O45 - LFCP:[MD5.60CC76171F9A75E1D4AB06A25ACD33BC] - 18/03/2013 - 13:59:53 ---A- - C:\Windows\Prefetch\AM_ENGINE.EXE-69ACF71F.pf
O45 - LFCP:[MD5.4036CD3CCB6E0D46DA10DA3B785D3BC2] - 18/03/2013 - 13:59:57 ---A- - C:\Windows\Prefetch\AM_BASE.EXE-808FC880.pf
O45 - LFCP:[MD5.5A039D14D26262B7C4E3381E371B21BD] - 18/03/2013 - 13:59:57 ---A- - C:\Windows\Prefetch\NIS_BASE.EXE-0D026D8C.pf
O45 - LFCP:[MD5.0CEEC5CC7DA597E3ED185BE13D178481] - 18/03/2013 - 13:59:57 ---A- - C:\Windows\Prefetch\NIS_ENGINE.EXE-C0E9776B.pf
O45 - LFCP:[MD5.40DB4BE516662373CF823DB930A8D656] - 18/03/2013 - 14:20:25 ---A- - C:\Windows\Prefetch\MSSECES.EXE-E7D2F51E.pf
O45 - LFCP:[MD5.9CE6371E6B12FEE9E57F2ABE329F759E] - 18/03/2013 - 14:31:56 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
O45 - LFCP:[MD5.24EC66DA737DD4818274C7693926928C] - 18/03/2013 - 14:32:01 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf
O45 - LFCP:[MD5.BF66FCC965BB0C2370B8FFC56A7EFF8A] - 18/03/2013 - 21:32:20 ---A- - C:\Windows\Prefetch\PATCH.EXE-BA6F1C56.pf
O45 - LFCP:[MD5.28CDF264FEA500C63071CCD55A62638F] - 19/03/2013 - 12:49:33 ---A- - C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
O45 - LFCP:[MD5.9047C94758EF0852D76BD299AC2EE511] - 19/03/2013 - 15:01:03 ---A- - C:\Windows\Prefetch\JAVAW.EXE-2AB1E03D.pf
O45 - LFCP:[MD5.C5349BE3C453AF46E4215CD3998E1D99] - 19/03/2013 - 15:01:03 ---A- - C:\Windows\Prefetch\JAVAWS.EXE-6F609AD4.pf
O45 - LFCP:[MD5.93E11EF9C6215BDD9F0157F821301546] - 19/03/2013 - 19:01:52 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C4E7262A.pf
O45 - LFCP:[MD5.D606CF51458E017CF5A1E3E8A4425C69] - 19/03/2013 - 19:14:30 ---A- - C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf
O45 - LFCP:[MD5.9D13BABE905FD1DF5B07CD648100067D] - 19/03/2013 - 19:14:49 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-98A1AB93.pf
O45 - LFCP:[MD5.41CADB7AAE03F0494F936E2ADAF0885B] - 19/03/2013 - 19:16:54 ---A- - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
O45 - LFCP:[MD5.8920BD2D714683348C94FD4F474468D1] - 19/03/2013 - 19:17:04 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-5224E61E.pf
O45 - LFCP:[MD5.2D3A6CEE56F1D6CA81EAE23706D84F29] - 19/03/2013 - 19:17:07 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-848A914F.pf
O45 - LFCP:[MD5.7191D13B7C1B949E866C88CA82B6FFF2] - 19/03/2013 - 19:21:22 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A717B81B.pf
O45 - LFCP:[MD5.DEF1AD320236E2554C8007256DE4898D] - 19/03/2013 - 19:21:59 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-72BDE93B.pf
O45 - LFCP:[MD5.8A25F0FF1B844D379A273267295CFE3D] - 19/03/2013 - 19:38:53 ---A- - C:\Windows\Prefetch\JP2LAUNCHER.EXE-6240744E.pf
O45 - LFCP:[MD5.BDDAF12A85248DB595F2FCF49C8230DD] - 19/03/2013 - 23:12:02 ---A- - C:\Windows\Prefetch\UPDATEINSTALL.EXE-2473D63A.pf
O45 - LFCP:[MD5.81627BBB136EA27FD2D7F6AB25A64429] - 19/03/2013 - 23:12:08 ---A- - C:\Windows\Prefetch\SETUP.EXE-69049370.pf
O45 - LFCP:[MD5.DF78F1F131E18A98C7E9DB1842FFC6F0] - 19/03/2013 - 23:12:34 ---A- - C:\Windows\Prefetch\MSMPENG.EXE-BF70A5C2.pf
O45 - LFCP:[MD5.41C3E7FB322664EC5C151CF1B61BA024] - 19/03/2013 - 23:12:48 ---A- - C:\Windows\Prefetch\EVENTCREATE.EXE-5D198EF6.pf
O45 - LFCP:[MD5.CD0053204F4C44E9D3AAFBEE6AFFFEAB] - 19/03/2013 - 23:12:50 ---A- - C:\Windows\Prefetch\NISSRV.EXE-78BBD390.pf
O45 - LFCP:[MD5.80830C100B3AC907E7DA16D7B68447FF] - 20/03/2013 - 18:31:45 ---A- - C:\Windows\Prefetch\AM_ENGINE_PATCH1.EXE-8DA43CB7.pf
O45 - LFCP:[MD5.98DBB6E87BAA86329B8F51B8CEFD1382] - 20/03/2013 - 18:31:46 ---A- - C:\Windows\Prefetch\AM_BASE_PATCH1.EXE-FC84E7C0.pf
O45 - LFCP:[MD5.057F1EC102F1C7DE4443D7A1F6EC8659] - 20/03/2013 - 18:31:56 ---A- - C:\Windows\Prefetch\AM_DELTA.EXE-B7261F63.pf
O45 - LFCP:[MD5.573A050486233A14F2BE0E373D211A41] - 20/03/2013 - 21:28:52 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf
O45 - LFCP:[MD5.90D1395961D9EEB673ED88B54C380058] - 21/03/2013 - 10:19:24 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
O45 - LFCP:[MD5.D2FF5269EF61B9B078B05FA544A6BC59] - 21/03/2013 - 21:30:07 ---A- - C:\Windows\Prefetch\NIS_DELTA_PATCH.EXE-8D924A02.pf
O45 - LFCP:[MD5.E855805FA476219A47E91956B45E36CD] - 21/03/2013 - 21:30:17 ---A- - C:\Windows\Prefetch\AM_DELTA_PATCH_1.147.81.0.EXE-6C5DF749.pf
O45 - LFCP:[MD5.CADFB8B4AFC3B26D410393BA8B646A11] - 21/03/2013 - 21:30:17 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf
O45 - LFCP:[MD5.EA1272532DFE2BA21744E12908A8FF3E] - 21/03/2013 - 22:22:42 ---A- - C:\Windows\Prefetch\EHREC.EXE-BFABB40F.pf
O45 - LFCP:[MD5.B84CD371894AE95DBCCF4A62C0AD17C6] - 21/03/2013 - 22:22:43 ---A- - C:\Windows\Prefetch\MCUPDATE.EXE-62E74733.pf
O45 - LFCP:[MD5.84CA6C39F98A92E4D0028CF83C486A38] - 21/03/2013 - 22:22:45 ---A- - C:\Windows\Prefetch\EHSCHED.EXE-7A86D5F8.pf
O45 - LFCP:[MD5.D560F7D7A4BA15F93CA31B4930C83B13] - 21/03/2013 - 22:22:45 ---A- - C:\Windows\Prefetch\EHTRAY.EXE-FEBFC005.pf
O45 - LFCP:[MD5.C43364486481425AFC4CFE1F0BD2F9F4] - 21/03/2013 - 22:23:08 ---A- - C:\Windows\Prefetch\MCGLIDHOST.EXE-E3F0E99A.pf
O45 - LFCP:[MD5.C8392E8692258E9957984556ED13FA9F] - 21/03/2013 - 22:23:11 ---A- - C:\Windows\Prefetch\EHRECVR.EXE-96B31E37.pf
O45 - LFCP:[MD5.B7DB893089451DEDA59D22C917DD231E] - 22/03/2013 - 06:40:25 ---A- - C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-73BE9E78.pf
O45 - LFCP:[MD5.D96ADEA1BD165FD160438F76117F850B] - 22/03/2013 - 06:41:57 ---A- - C:\Windows\Prefetch\TIBIA.EXE-94994F63.pf
O45 - LFCP:[MD5.8198C59AC2E4F2C91FE83C8AF37B5409] - 22/03/2013 - 08:01:48 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf
O45 - LFCP:[MD5.44B91C323BE5248CBB19BE3F94751285] - 22/03/2013 - 08:08:39 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf
O45 - LFCP:[MD5.649D7CAC6052C86FA8CC1841CC51A0A7] - 22/03/2013 - 11:54:30 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.C18E2795A92D8F04CF74886DAC6308FE] - 22/03/2013 - 12:48:59 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2853837300-762174546-3832088544-1000.db
O45 - LFCP:[MD5.46236D1610B869B26FDB0CEDE8C82743] - 22/03/2013 - 12:48:59 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2853837300-762174546-3832088544-1000.db
O45 - LFCP:[MD5.794C61FD1EFD901C3BE96BAA410641B0] - 22/03/2013 - 12:50:48 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_LOGME-6CD34A6D.pf
O45 - LFCP:[MD5.25CE3DF3CF9E6AFEC97C337B25C624C4] - 22/03/2013 - 12:53:51 ---A- - C:\Windows\Prefetch\OFFERBOXSETUP.EXE-7905F637.pf
O45 - LFCP:[MD5.CF6E21CDB1A8D7A6AE15700AB5D4CC44] - 22/03/2013 - 12:53:57 ---A- - C:\Windows\Prefetch\INTERNAL_SETUP.EXE-6F4227A1.pf
O45 - LFCP:[MD5.F230E65A72D5F0E70F8BD8B72A044186] - 22/03/2013 - 12:53:58 ---A- - C:\Windows\Prefetch\OFFERBOXUPDATESERVICE.EXE-50C7FAFB.pf
O45 - LFCP:[MD5.7958861D229AD4E686F12FD5D1D3AEA5] - 22/03/2013 - 12:54:00 ---A- - C:\Windows\Prefetch\OB.EXE-92329258.pf
O45 - LFCP:[MD5.D03E4C8F37E9BF4C957A9A69B76A994B] - 22/03/2013 - 12:54:09 ---A- - C:\Windows\Prefetch\OFFERBOX.EXE-D78979DF.pf
O45 - LFCP:[MD5.B301A6DE2D825A74292227A47887676F] - 22/03/2013 - 12:54:09 ---A- - C:\Windows\Prefetch\OFFERBOXHTTPPROXY.EXE-89A342F1.pf
O45 - LFCP:[MD5.4CCF7341226F05D40DA9DC1D5698CDAB] - 22/03/2013 - 12:54:10 ---A- - C:\Windows\Prefetch\IMINENTSETUP.EXE-A5AC277C.pf
O45 - LFCP:[MD5.CFFB8114831D56D8B3931A9638D530C9] - 22/03/2013 - 12:54:16 ---A- - C:\Windows\Prefetch\HAMA71E.TMP-F08D2E72.pf
O45 - LFCP:[MD5.DA75DFD0AB8FA55626AC32DBA019A224] - 22/03/2013 - 12:54:16 ---A- - C:\Windows\Prefetch\NETSH.EXE-CD959116.pf
O45 - LFCP:[MD5.3B3F489C733010CBFF88E77C1379F17C] - 22/03/2013 - 12:54:31 ---A- - C:\Windows\Prefetch\HAMACHI-2-UI.EXE-23CC2390.pf
O45 - LFCP:[MD5.DFCD42553E1D4282531300927EE81006] - 22/03/2013 - 12:55:07 ---A- - C:\Windows\Prefetch\IMINENTTOOLBARINSTALLERCHR.EX-CB40FC04.pf
O45 - LFCP:[MD5.0E94DB79C0394C3458F6CBCCA2F5784B] - 22/03/2013 - 12:55:08 ---A- - C:\Windows\Prefetch\IMINENTTOOLBARCHROME.EXE-3D723F94.pf
O45 - LFCP:[MD5.92834661956065E85A2878141205DC18] - 22/03/2013 - 12:55:18 ---A- - C:\Windows\Prefetch\IMINENTTOOLBARFF.EXE-5A809B6A.pf
O45 - LFCP:[MD5.3B06DA09A81873B9895BCB47FF7B4A10] - 22/03/2013 - 12:55:18 ---A- - C:\Windows\Prefetch\UMBRELLA.EXE-9B266DB9.pf
O45 - LFCP:[MD5.153AD4C6429D8ECD43E727D9931D14F1] - 22/03/2013 - 12:55:20 ---A- - C:\Windows\Prefetch\IMINENT.EXE-239E2AD1.pf
O45 - LFCP:[MD5.72E11DC61705B3EEA79975B249CF3BBF] - 22/03/2013 - 12:55:24 ---A- - C:\Windows\Prefetch\IMINENTTOOLBARINSTALLERFF.EXE-D0C710A7.pf
O45 - LFCP:[MD5.03CF74BA0D7809A47CA669D9FC096231] - 22/03/2013 - 12:55:56 ---A- - C:\Windows\Prefetch\TBHELPER2.EXE-5D93C724.pf
O45 - LFCP:[MD5.A94B9117AB62F6EB687E46FA3C164243] - 22/03/2013 - 12:56:07 ---A- - C:\Windows\Prefetch\MINIBARFIREFOX.EXE-5496234C.pf
O45 - LFCP:[MD5.DDDC98465452B5268AEB0728772F679C] - 22/03/2013 - 12:56:20 ---A- - C:\Windows\Prefetch\FIREFOXINSTALLER.EXE-ED5E13E7.pf
O45 - LFCP:[MD5.08F355FC2607D8D932CF40678E0B6B69] - 22/03/2013 - 12:56:29 ---A- - C:\Windows\Prefetch\CSC.EXE-4C85A8F6.pf
O45 - LFCP:[MD5.4B830E5971AEE373A1D0E4EF3B9EDD67] - 22/03/2013 - 12:56:29 ---A- - C:\Windows\Prefetch\CVTRES.EXE-CDAB491C.pf
O45 - LFCP:[MD5.0D618DD80D4A97559918B71ADD5F6489] - 22/03/2013 - 13:36:19 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
O45 - LFCP:[MD5.BB81DFDB31D3002BB30FAE5D37DD842E] - 22/03/2013 - 13:36:58 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
O45 - LFCP:[MD5.2EDE8022DB6FCFDEB9DEA1D0A81606CC] - 22/03/2013 - 13:41:44 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf
O45 - LFCP:[MD5.F2104B2BD1B0721627470E6D58D08116] - 22/03/2013 - 13:49:57 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf
O45 - LFCP:[MD5.823738BF056FF90C88D5FF1B6529AD2D] - 22/03/2013 - 13:51:39 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-E09A077A.pf
O45 - LFCP:[MD5.9D5D0785A64625839563C2A81E92F6DC] - 22/03/2013 - 13:51:49 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
O45 - LFCP:[MD5.F68ECFA506CB79A36EF1DA58D1FB004A] - 22/03/2013 - 13:51:49 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.EC6E6F2AF7A276719FBC0A904DA09C3B] - 22/03/2013 - 13:52:35 ---A- - C:\Windows\Prefetch\HAMACHI-2.EXE-17069489.pf
O45 - LFCP:[MD5.6B48B94F29C025E84E0301FC6DF4F50F] - 22/03/2013 - 13:53:00 ---A- - C:\Windows\Prefetch\TASKKILL.EXE-E0105477.pf
O45 - LFCP:[MD5.2851DBA7F1E10B9B19480EAFF11E9D89] - 22/03/2013 - 13:53:04 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf
O45 - LFCP:[MD5.C839D7FD1D48E65646D906E6FEEB400D] - 22/03/2013 - 13:53:08 ---A- - C:\Windows\Prefetch\REGASM.EXE-4EFC4B44.pf
O45 - LFCP:[MD5.DE761F33120DEB54DEC39F70BA874A39] - 22/03/2013 - 13:53:09 ---A- - C:\Windows\Prefetch\INSTALLUTIL.EXE-D7AF7FBA.pf
O45 - LFCP:[MD5.06812E38AB261373F237DF158801FDB7] - 22/03/2013 - 13:54:40 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
O45 - LFCP:[MD5.EC46E2597768A663171BBA52CD48B0F3] - 22/03/2013 - 14:22:10 ---A- - C:\Windows\Prefetch\CCLEANER64.EXE-779BD542.pf
O45 - LFCP:[MD5.F64174AAE8984E36A96F996E0EC49CEB] - 22/03/2013 - 14:47:21 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf
O45 - LFCP:[MD5.567D29E233E5E0D9ED8D5903EAAF19BE] - 22/03/2013 - 14:47:21 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C835004E.pf
O45 - LFCP:[MD5.FDD07C51D033A4407D85F417FE100CE7] - 22/03/2013 - 14:47:52 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.8FCC2CB76A5203EB2E53F7D86C9EBDD2] - 22/03/2013 - 14:49:46 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
O45 - LFCP:[MD5.536DD20882A5105E633F1301CDE5601A] - 22/03/2013 - 14:50:27 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
O45 - LFCP:[MD5.64786EA4BFF8782722E56D689B8836A1] - 22/03/2013 - 14:50:43 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
O45 - LFCP:[MD5.CB8234C132191DF3BA2CC19990BE0DB8] - 22/03/2013 - 14:50:43 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
O45 - LFCP:[MD5.E51B3E7537015799366295E1B260E22D] - 22/03/2013 - 14:52:43 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.FBD59089B9672105CEC5115D8504657F] - 22/03/2013 - 14:54:50 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf
O45 - LFCP:[MD5.37D605470B3AFE2587D55E46AB8E94EB] - 22/03/2013 - 14:54:51 ---A- - C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-F01D2D2D.pf
O45 - LFCP:[MD5.BA74A18B72DFDC181286949E25BDC38B] - 22/03/2013 - 15:01:40 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.FA528707F5A1D23B53B0AC45EF9E9336] - 22/03/2013 - 16:14:00 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
O45 - LFCP:[MD5.68C42E4E23E628208EBDE22D7AF0B062] - 22/03/2013 - 16:14:08 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.DA4CDA74C0D94AF89F6241C263E0740D] - 22/03/2013 - 17:04:37 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.5C6949AFA518EAA38AC52DEB47D45CB9] - 22/03/2013 - 17:04:37 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.57F11B90E9420C7D18E9728C4CF8DF24] - 22/03/2013 - 17:04:37 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.24023EC35FB4B21132BC7D4706752D8C] - 22/03/2013 - 17:04:37 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.7915713262C7A2736BA7057F7923D3B8] - 22/03/2013 - 17:30:00 ---A- - C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf
O45 - LFCP:[MD5.49BE8DA5A638AFEF09AF5178F2786AEF] - 22/03/2013 - 17:30:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
O45 - LFCP:[MD5.5123BA3D6FF87B84B042B5A0161DEB83] - 22/03/2013 - 17:35:17 ---A- - C:\Windows\Prefetch\MPCMDRUN.EXE-6AA90EA5.pf
O45 - LFCP:[MD5.6C05715DA6CC90A656167B665E950C21] - 22/03/2013 - 17:35:54 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
O45 - LFCP:[MD5.54C3127C8AFFF16B7DB41011510E8E3C] - 22/03/2013 - 17:36:54 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.09B39F48508238848D7F532543DD6059] - 22/03/2013 - 17:37:54 ---A- - C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
O45 - LFCP:[MD5.2BE41729ACFF80CF85C102C2D97EE3F5] - 22/03/2013 - 17:37:54 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
O45 - LFCP:[MD5.A688209BF6BF38674076476AFF195CC2] - 22/03/2013 - 17:37:55 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
~ Prefetcher: Legitimates Scanned in 00mn 02s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51) (None)

---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (...) -- C:\Program Files (x86)\Skype\Phone\Skype.exe (.not file.)
~ SMSR Keys: Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Keys: Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ Keys: Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 18/03/2009 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856]
~ Drivers: Legitimates Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/03/2013 - 23:11:01 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-19-13_10-50-58.Game.html [30999]
O61 - LFC: 20/03/2013 - 21:56:28 ---A- C:\Users\Mad\Documents\retirer une page abonnée sur facebook.txt [451]
O61 - LFC: 20/03/2013 - 23:22:34 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-20-13_18-21-11.Game.html [24543]
O61 - LFC: 21/03/2013 - 12:11:13 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-21-13_09-35-40.Game.html [20568]
O61 - LFC: 22/03/2013 - 00:24:13 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-21-13_21-19-15.Game.html [16097]
O61 - LFC: 22/03/2013 - 06:49:45 ---A- C:\Users\Mad\AppData\Roaming\Tibia\Automap\12612507.map [131169]
O61 - LFC: 22/03/2013 - 06:56:21 ---A- C:\Users\Mad\AppData\Roaming\Tibia\Automap\12812506.map [131099]
O61 - LFC: 22/03/2013 - 06:56:21 ---A- C:\Users\Mad\AppData\Roaming\Tibia\Automap\12812507.map [131094]
O61 - LFC: 22/03/2013 - 06:56:21 ---A- C:\Users\Mad\AppData\Roaming\Tibia\Tibia.cfg [1415]
O61 - LFC: 22/03/2013 - 12:50:05 ---A- C:\Users\Mad\Downloads\SoftonicDownloader_pour_logmein-hamachi.exe [393064]
O61 - LFC: 22/03/2013 - 13:35:25 ---A- C:\Users\Mad\Downloads\adwcleaner.exe [609993]
O61 - LFC: 22/03/2013 - 13:36:32 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-22-13_06-04-45.Game.html [68656]
O61 - LFC: 22/03/2013 - 13:52:31 ---A- C:\Users\Mad\AppData\Local\LogMeIn Hamachi\h2-ui-peers.cfg [4]
O61 - LFC: 22/03/2013 - 13:52:31 ---A- C:\Users\Mad\AppData\Local\LogMeIn Hamachi\h2-ui.cfg [1375]
O61 - LFC: 22/03/2013 - 13:58:03 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-22-13_13-38-33.Game.html [29033]
O61 - LFC: 22/03/2013 - 13:58:14 --HA- C:\Users\Mad\AppData\Local\IconCache.db [1975201]
O61 - LFC: 22/03/2013 - 14:47:27 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-22-13_14-00-02.Game.html [18057]
O61 - LFC: 22/03/2013 - 14:49:28 ---A- C:\Users\Mad\AppData\Local\Temp\FXSAPIDebugLogFile.txt [0]
O61 - LFC: 22/03/2013 - 14:49:30 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\OWLog.cfg [4166]
O61 - LFC: 22/03/2013 - 14:49:30 ---A- C:\Users\Mad\AppData\Local\Overwolf\Log\Overwolf_03-22-13_14-49-30.Game.html [13597]
O61 - LFC: 22/03/2013 - 14:49:37 ---A- C:\Users\Mad\AppData\Local\Overwolf\Apps\AddIns\AddIns.store [589]
O61 - LFC: 22/03/2013 - 14:49:37 ---A- C:\Users\Mad\AppData\Local\Overwolf\Apps\PipelineSegments.store [19580]
O61 - LFC: 22/03/2013 - 14:49:37 ---A- C:\Users\Mad\AppData\Local\Overwolf\Settings\SettingsPageGeneral.xml [6020]
O61 - LFC: 22/03/2013 - 14:49:44 ---A- C:\Users\Mad\AppData\Local\Overwolf\Settings\SettingsPageStats.xml [1128]
O61 - LFC: 22/03/2013 - 14:50:30 ---A- C:\Users\Mad\AppData\Local\Overwolf\Settings\SettingsPageCache.xml [213]
O61 - LFC: 22/03/2013 - 17:35:08 ---A- C:\Users\Mad\Downloads\ZHPDiag2.exe [5430355]
O61 - LFC: 22/03/2013 - 17:37:34 -SHA- C:\Users\Mad\AppData\Local\Historique\History.IE5\index.dat [98304]
~ Files: 27 Legitimates Scanned in 01mn 11s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Legitimates Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Services: Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Legitimates Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Mad - zt49o792.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Legitimates Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 175 Legitimates Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11299 - (21/03/2013)
Clés trouvées (Keys found) : 34
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
~ Additionnel: Legitimates Scanned in 00mn 14s



---\\ Recherche détournement de DNS routeur (O89) (None)

---\\ Product Upgrade Codes (O90)
O90 - PUC: "65085BF61DB024E4CB16628A04984579" . (.Overwolf.) -- C:\Windows\Installer\{6FB58056-0BD1-4E42-BC61-26A840895497}\_853F67D554F05449430E7E.exe
~ Update Products: 32 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 05/03/2013 18360 | (OverwolfUpdaterService) . (.Overwolf Ltd.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Mad at 22/03/2013 17:40:27

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Mad at 22/03/2013 17:40:29

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Legitimates Scanned in 00mn 04s



End of the scan (738 lines in 02mn 44s)(0)
0
Réponse 9 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag en cliquant sur l'écusson vert)
Copie/colle les lignes en gras suivantes :

----------------------------------------------------------


R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com

M0 - MFSP: prefs.js [Mad - zt49o792.default] http://start.iminent.com
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.offerbox.com
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
EmptyCLSID
EmptyFlash
EmptyTemp


_____________________________________________

* Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
* Clique sur l'icone représentant le presse-papier ("coller le presse-papier")
e script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le (Ctrl+v)
* Clique sur le bouton GO pour lancer le nettoyage
* Copie/colle la totalité du rapport dans ta prochaine réponse.
0
Réponse 10 / 61
Madddy Messages postés 151 Statut Membre 1
 
d'accord, je recommence tout, pour pouvoir poster le rapport. Merci pour ta patience.
0
Réponse 11 / 61
Madddy Messages postés 151 Statut Membre 1
 
je ne vois pas le bouton GO pour lancer le nettoyage.

j'ai posté à nouveau le rapport et j'ai l'adresse cette fois : https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130323_u15n5k11l11n8
0
Réponse 12 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
tu as lancé ZHPDIAG et non ZHPFIX qui doit etre sur ton bureau http://www.bing.com/images/search?q=zhpfix&FORM=HDRSC2#view=detail&id=7510F88C866756110F75E03A2AFCF699AA8F5872&selectedIndex=10
0
Réponse 13 / 61
Madddy Messages postés 151 Statut Membre 1
 
bonjour, jlpjlp,
je fais quoi maintenant ?
à bientot, merci
0
Réponse 14 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
tu fais zhpfix comme indiqué dans mes deux derniers message et non zhpdiag
0
Réponse 15 / 61
Madddy Messages postés 151 Statut Membre 1
 
J'ai utilisé zhpfix, j'ai cliqué sur la loupe, et je n'ai plus qu'un écran noir...
En mode sans echec pareil tout est noir...
Je fais comment maintenant, je ne sais plus quoi faire.
À bientôt, merci de m'aider
0
Réponse 16 / 61
Madddy Messages postés 151 Statut Membre 1
 
S'il te plait jlpjlp, aide moi, merci
0
Réponse 17 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
tu as mis que le texte signalé dans zhpfix ou autre chose ???
0
Réponse 18 / 61
Madddy Messages postés 151 Statut Membre 1
 
Mon pc à planté, je ne sais plus quoi faire
0
Réponse 19 / 61
Madddy Messages postés 151 Statut Membre 1
 
Je n'ai pas vu la fin du nettoyage. Quand j'allume mon pc, ça commenve normalement, mais ensuite je n'ai pas d'icône.
0
Réponse 20 / 61
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
répare windows depuis le cd de récupération

https://www.commentcamarche.net/faq/35705-creer-et-utiliser-un-disque-de-reparation-avec-windows

sinon tente d'aller en mode sans echec puis restaure windows avant ce problème
0
  • 1
  • 2
  • 3
  • 4

Discussions similaires

Comment faire partir NCH Toolbar?
Ardesco -
yo -

72 réponses
désinstaller Iminent
Elody -
kriss -

15 réponses
Iminent Désinstallation impossible...
diremado -
ricco114 -

17 réponses
HKLM\Software\Iminent (PUP.Optional.Iminent.A)
Riri -
Riri -

35 réponses
Comment Supprimer iminent de mon Pc?
AireForce -
Midnight -

17 réponses