Centre de Sécurité et Firewal désactivés
Résolu
musicox
Messages postés
317
Date d'inscription
Statut
Membre
Dernière intervention
-
musicox Messages postés 317 Date d'inscription Statut Membre Dernière intervention -
musicox Messages postés 317 Date d'inscription Statut Membre Dernière intervention -
Bonjour, bonsoir tout le Monde,
Je suis déprimé je viens de m'apercevoir que mon Centre de sécurité est désactivé et quand j'appuie sur le bouton "activer maintenant" une croix rouge avec message "impossible de démarrer le service Centre de sécurité".
Pareil pour Firewall "le service firewall ne s'éxecute pas et les mises à jours ne peuvent être installées (message d'erreur).
Je ne sais pas quoi faire. Quelqu'un aurait-il la gentillesse et la patience de m'aider. Par avance je vous en remercie.A Bientôt j'espère.
Je suis déprimé je viens de m'apercevoir que mon Centre de sécurité est désactivé et quand j'appuie sur le bouton "activer maintenant" une croix rouge avec message "impossible de démarrer le service Centre de sécurité".
Pareil pour Firewall "le service firewall ne s'éxecute pas et les mises à jours ne peuvent être installées (message d'erreur).
Je ne sais pas quoi faire. Quelqu'un aurait-il la gentillesse et la patience de m'aider. Par avance je vous en remercie.A Bientôt j'espère.
A voir également:
- Centre de Sécurité et Firewal désactivés
- Question de sécurité - Guide
- Votre appareil ne dispose pas des correctifs de qualité et de sécurité importants - Guide
- Mode securite - Guide
- Centre de messagerie - Guide
- Clé de sécurité windows 10 gratuit - Guide
77 réponses
BonjoMalwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.05.07.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
eric :: CROCBLANC [administrateur]
Protection: Activé
08/05/2013 04:48:49
mbam-log-2013-05-08 (04-48-49).txt
Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 373292
Temps écoulé: 5 heure(s), 16 minute(s), 10 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
ur Guillaume !!
Voici le rapport Mbam il a tourné toute la nuit !!
www.malwarebytes.org
Version de la base de données: v2013.05.07.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
eric :: CROCBLANC [administrateur]
Protection: Activé
08/05/2013 04:48:49
mbam-log-2013-05-08 (04-48-49).txt
Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 373292
Temps écoulé: 5 heure(s), 16 minute(s), 10 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
ur Guillaume !!
Voici le rapport Mbam il a tourné toute la nuit !!
Bonjour Guillaume ,
J'espère que tu as passé une bonne nuit et merci encore pour ton aide précieuse.
J'espère que tu as passé une bonne nuit et merci encore pour ton aide précieuse.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour
Télécharge Farbar Service Scanner sur ton Bureau.
? Coche les cases suivantes:
Internet Services
Windows Firewall
System Restore
Security Center/action Center
Windows Update
Windows Defender
Others Services
? Clique sur "Scan".
? Un rapport FSS.txt est crée dans le dossier où se trouve l'outil.
Héberge le rapport sur FEC Upload et poste le lien obtenu en échange
@+
Télécharge Farbar Service Scanner sur ton Bureau.
? Coche les cases suivantes:
Internet Services
Windows Firewall
System Restore
Security Center/action Center
Windows Update
Windows Defender
Others Services
? Clique sur "Scan".
? Un rapport FSS.txt est crée dans le dossier où se trouve l'outil.
Héberge le rapport sur FEC Upload et poste le lien obtenu en échange
@+
Re
Utilise Eset (ESET SirefefEVCleaner & ESET ServicesRepair):
http://kb.eset.com/esetkb/index?page=content&id=SOLN2895&viewlocale=fr_FR
@+
Utilise Eset (ESET SirefefEVCleaner & ESET ServicesRepair):
http://kb.eset.com/esetkb/index?page=content&id=SOLN2895&viewlocale=fr_FR
@+
ESET SIREFET n'a pas trouvé de menace et mon ordi n'est pas infecté.Mais l'analyse n'a duré que 2 seconde !! Est-ce normal ?
Au secours je n'ai pas EsetNod32 ou ESET smartsecurity sur mon ordi (pour le lancer et faire l'analyse)Je n'ai que EsetSirefet qui est dans mon dossier téléchargement.
Je vais acheter des cigarettes çà me détendra , je reviens de suite .Dis moi quoi faire.Merci.
Je vais acheter des cigarettes çà me détendra , je reviens de suite .Dis moi quoi faire.Merci.
Je n'ai pas bien compris . Il faut que j'installe Eset Nod32antivirus pour faire une analyse ?
Dans ce cas il faut que je désinstalle Avast ..je suis perdu !! o--((
Dans ce cas il faut que je désinstalle Avast ..je suis perdu !! o--((
J'ai bien regarder les tutoriels mais ce n'est pas çà le problème c'est que quand j'excecute ESETEsriefefcleaner une fenetre s'ouvre en 1seconde et me dit qu'il n'i a rien de trouvé.Ensuite je ne peux pas faire l'analyse (je n'ai pas de dossiereset repair).Donc voici ce uue j'ai fait
je t'envoie ce que j'ai.Désolé mais les liensne sont pas toujours faciles à piger ^^
Log Opened: 2013-05-10 @ 21:33:12
21:33:12 - -----------------
21:33:12 - | Begin Logging |
21:33:12 - -----------------
21:33:12 - Fix started on a WIN_VISTA X86 computer
21:33:12 - Prep in progress. Please Wait.
21:33:21 - Prep complete
21:33:21 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
21:33:31 - Services Repair Complete.
21:33:40 - Reboot Initiated
je t'envoie ce que j'ai.Désolé mais les liensne sont pas toujours faciles à piger ^^
Log Opened: 2013-05-10 @ 21:33:12
21:33:12 - -----------------
21:33:12 - | Begin Logging |
21:33:12 - -----------------
21:33:12 - Fix started on a WIN_VISTA X86 computer
21:33:12 - Prep in progress. Please Wait.
21:33:21 - Prep complete
21:33:21 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
21:33:31 - Services Repair Complete.
21:33:40 - Reboot Initiated
Re
N'aurais tu pas touché à quelque chose à l'intérieur de ton PC;une nappe serait débranchée?
Poste moi un nouveau rapport ZHPDiag;merci
@+
N'aurais tu pas touché à quelque chose à l'intérieur de ton PC;une nappe serait débranchée?
Poste moi un nouveau rapport ZHPDiag;merci
@+
Rapport de ZHPDiag v2013.5.10.84 par Nicolas Coolman, Update du 09/05/2013
Run by eric at 11/05/2013 17:31:58
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v25.0.1364.172 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ System Protection
avast! Ad Blocker v1.0.0.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.19 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1918 MB (33% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (46%) free of 104 GB
---\\ Logged in mode
~ Computer Name: CROCBLANC
~ User Name: eric
~ All Users Names: eric, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\eric\AppData\Roaming\
~ %Desktop% : C:\Users\eric\Desktop\
~ %Favorites% : C:\Users\eric\Favorites\
~ %LocalAppData% : C:\Users\eric\AppData\Local\
~ %StartMenu% : C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 104 Go)
---\\ Security Center & Tools Informations
~ Security Center: 36 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/697
~ Mes musiques (My Musics) : 2/47
~ Mes Videos (My Videos) : 2/40
~ Mes Favoris (My Favorites) : 1/161
~ Mes Documents (My Documents) : 1/78
~ Mon Bureau (My Desktop) : 0/41
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 07s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2380]
[MD5.916B09138B35CBC306D71509E21330BA] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104] [PID.2960]
[MD5.B6BEACE54E97A33BC0CE9786BB1F7325] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4018176] [PID.3012]
[MD5.EF1FDB2A4B30AA4761376183FD81CC18] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624] [PID.3028]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3100]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3116]
[MD5.0A780C1F763E8999073CC4E6A6E6C2BE] - (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1053056] [PID.3124]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3140]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3252]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.3540]
[MD5.B95AC0CDB8F068F0C024CD344B354298] - (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe [1274320] [PID.3952]
[MD5.4388770A5959B1EEF927898F4713571D] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [148016] [PID.2728]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.1152]
[MD5.7E6EA9CB72B5DE84A5D700BED877E5F9] - (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe [397312] [PID.3940]
[MD5.7D75E5AB2C2AB3123108C0B879657E74] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7288832] [PID.4732]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1248]
[MD5.A31B68E0DF98D20B23338D6478D4DC9E] - (.Pas de propriétaire - ASLDR Service.) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe [90112] [PID.1612]
[MD5.0C6326E8F52930296A67AFDE42F0D3F2] - (.ATK0100 - HControl.) -- C:\Program Files\ATK Hotkey\Hcontrol.exe [225280] [PID.1636]
[MD5.16DEF7EBCB7BB73A55F7486C6D42E288] - (.Pas de propriétaire - ATKOSD.) -- C:\Program Files\ATK Hotkey\ATKOSD.exe [2420736] [PID.1792]
[MD5.76B35CB0F3A4E69D6DFF27F542B9F856] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe [216968] [PID.1404]
[MD5.C96C52D0D80666AF585516FFA97B7C00] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616] [PID.1568]
[MD5.10DBAA1703253FB511D0F5C5F6064B00] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [77824] [PID.2108]
[MD5.8C5FBB748C0A4FFF541998597950E130] - (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\system32\lxdccoms.exe [537520] [PID.2132]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2156]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2192]
[MD5.B6C48D01147EC020DE7F1856734127F8] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720] [PID.2736]
[MD5.668043F192AB9659761A349A4703600D] - (.Nokia - ServiceLayer Module.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [718384] [PID.1856]
[MD5.DC63C75658B7931704DD3F79B5786B05] - (.Nokia - USB Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe [173104] [PID.3764]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.3440]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5268]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] https://www.lequipe.fr/
~ Google Browser: 11 Legitimates Filtered in 00mn 30s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 13s
~ Nombre de lignes (Lines number): 15373
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll (.not file.)
O4 - HKLM\..\Run: [NvSvc] . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 97.54.) -- C:\Windows\system32\nvsvc.dll
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI1752_1552] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-4155205564-3866926074-2956358519-1002\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4155205564-3866926074-2956358519-1002\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-4155205564-3866926074-2956358519-1002\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail (2).lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Chess Titans.LNK - Clé orpheline
O4 - GS\QuickLaunch: eBay.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.)
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Internet Everywhere.lnk . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\Launcher\Launcher.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.) -- C:\Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.) -- C:\Program Files\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: 4. Windows Live Hotmail.lnk - Clé orpheline
O4 - GS\Desktop: adwcleaner (1).exe - Raccourci.lnk . (...) -- C:\Users\eric\Downloads\adwcleaner (1).exe
O4 - GS\Desktop: aller sur MSN.fr.lnk - Clé orpheline
O4 - GS\Desktop: Assistance Livebox.lnk . (...) -- C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - GS\Desktop: AusLogics Disk Defrag.lnk . (.Auslogics - Auslogics Disk Defrag.) -- C:\Program Files\Auslogics\AusLogics Disk Defrag\diskdefrag.exe
O4 - GS\Desktop: Bison Camera.lnk . (.Microsoft Corporation - Capture Application (Sample).) -- C:\drivers\CMOS\Bison\Preview.exe
O4 - GS\Desktop: Character Map.lnk . (.Microsoft Corporation - Table des caractères.) -- C:\Windows\System32\charmap.exe
O4 - GS\Desktop: ESETSirefefEVCleaner.exe - Raccourci.lnk . (.ESET - ESET Win32/Sirefef cleaner.) -- C:\Users\eric\Downloads\ESETSirefefEVCleaner.exe
O4 - GS\Desktop: Gmail.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\eric\Desktop\mail Orange.url . (.Microsoft Corporation - Internet Explorer.) -- C:\Users\eric\Desktop\mail Orange.url
O4 - GS\Desktop: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\System32\notepad.exe
O4 - Global Startup: C:\Users\eric\Desktop\Orange Messenger by Windows Live.url . (.Microsoft Corporation - Bloc-notes.) -- C:\Users\eric\Desktop\Orange Messenger by Windows Live.url
O4 - Global Startup: C:\Users\eric\Desktop\Portail Orange.url . (.Microsoft Corporation - Bloc-notes.) -- C:\Users\eric\Desktop\Portail Orange.url
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: RogueKiller.exe - Raccourci.lnk . (...) -- C:\Users\eric\Downloads\RogueKiller.exe
O4 - GS\Desktop: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\System32\SnippingTool.exe
O4 - GS\Desktop: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Desktop: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -- Clé orpheline
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 6 Legitimates Filtered in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ((no name)) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} ((no name)) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} ((no name)) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} ((no name)) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ((no name)) - https://www.eset.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236591244401
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} ((no name)) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEE0A92E-5598-4706-864C-ED668A5811E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{FEE0A92E-5598-4706-864C-ED668A5811E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASLDR Service (ASLDRService) . (.Pas de propriétaire - ASLDR Service.) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 10 Legitimates Filtered in 00mn 31s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{3A41B577-6C79-48BE-8C92-1D9EB8D80003}] (...) -- C:\Program Files\MSN Pictures Displayer\VBRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7E653C1F-04E3-44E9-B946-72893BD33849}] (...) -- C:\Users\eric\Downloads\AAInstaller21\AAInstaller21.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A0BCF3ED-6C80-4B98-BA2A-2A18E1BC0DBF}] (...) -- C:\Program Files\Windows Live Safety Center\UnInstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C44A9FE7-F728-4AC6-BE68-8E7A0B2B4233}] (...) -- C:\Users\eric\Desktop\Flash_Disinfector.exe (.not file.) [0]
[MD5.3FC2C2F428DE217C6D49D0F4CC45EBF6] [APT] [{DAB92590-BA65-40EF-8909-116E1A3FEF67}] (...) -- c:\users\eric\appdata\local\daihvdcq.bat [90]
[MD5.00000000000000000000000000000000] [APT] [{EE9E3792-25EC-49C6-93B3-193BF3571570}] (...) -- C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Protected Search] (...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) [0] =>Spyware.ProtectedSearch
~ Scheduled Task: 24 Legitimates Filtered in 00mn 18s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
~ Key Software: 194 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/11/2009 - 15:41:55 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/11/2009 - 15:44:09 - [501,796] ----D C:\Users\eric\AppData\Local\IM
O43 - CFD: 03/08/2011 - 21:25:14 - [0] ----D C:\Users\eric\AppData\Local\PokerStars.FR
O43 - CFD: 07/05/2013 - 20:33:03 - [0,030] ----D C:\Users\eric\AppData\Local\Temp(114)
O43 - CFD: 18/03/2009 - 03:58:25 - [0,021] ----D C:\Users\eric\AppData\Local\Temp(61)
~ 9 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 208 Legitimates Filtered in 00mn 44s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CA9D5826A58411E0095BA6D41E31FF9B] - 10/05/2013 - 02:55:01 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [4003]
~ Files: 54 Legitimates Filtered in 00mn 52s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.8E7554544E6C264EFE601236F6172B2E] - 11/05/2013 - 03:10:19 ---A- - C:\Windows\Prefetch\MATSWIZ.EXE-271C4D12.pf
O45 - LFCP:[MD5.2EBCE58A0A845F5DC4276D9F85F36D25] - 11/05/2013 - 03:10:42 ---A- - C:\Windows\Prefetch\MATSHOST.EXE-040A4296.pf
O45 - LFCP:[MD5.13D2C83643366878900571CFCA7C28F9] - 11/05/2013 - 03:38:10 ---A- - C:\Windows\Prefetch\WMLAUNCH.EXE-5EDC7699.pf
O45 - LFCP:[MD5.879BC059346F20497E2FDEEE9709D1F1] - 11/05/2013 - 15:32:36 ---A- - C:\Windows\Prefetch\6835E9D4-2724-48CD-88BE-23F20-55547930.pf
~ Prefetcher: 106 Legitimates Filtered in 00mn 02s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{9a346d2d-fa50-11de-a3da-001d6051979b}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 08/05/2013 - 01:34:15 ---A- C:\Users\eric\Downloads\mbam-setup-1.75.0.1300 (2).exe [10285040]
O61 - LFC: 08/05/2013 - 19:08:09 ---A- C:\Users\eric\Downloads\adwcleaner (1).exe [628743]
O61 - LFC: 08/05/2013 - 19:38:19 ---A- C:\Users\eric\Downloads\avast_free_antivirus_setup.exe [116651696]
O61 - LFC: 08/05/2013 - 20:12:00 ---A- C:\Users\eric\eric - Raccourci.lnk [335]
O61 - LFC: 08/05/2013 - 20:12:20 ---A- C:\Users\eric\eric - Raccourci (2).lnk [335]
O61 - LFC: 09/05/2013 - 23:46:16 ---A- C:\Users\eric\AppData\Roaming\Microsoft\MMC\taskschd [86517]
O61 - LFC: 10/05/2013 - 02:50:28 ---A- C:\Users\eric\Downloads\chromeinstall-7u21 (1).exe [903072]
O61 - LFC: 10/05/2013 - 02:51:58 ---A- C:\Users\eric\Downloads\chromeinstall-7u21 (2).exe [903072]
O61 - LFC: 10/05/2013 - 16:07:39 ---A- C:\Users\eric\Downloads\FSS.exe [354299]
O61 - LFC: 10/05/2013 - 16:09:51 ---A- C:\Users\eric\Downloads\FSS.txt [5938]
O61 - LFC: 10/05/2013 - 16:29:51 ---A- C:\Users\eric\Downloads\FSS.exe - Raccourci.lnk [826]
O61 - LFC: 10/05/2013 - 16:47:16 ---A- C:\Users\eric\Downloads\ESETSirefefEVCleaner.exe [339432]
O61 - LFC: 10/05/2013 - 17:02:21 ---A- C:\Users\eric\Downloads\ESETSirefefEVCleaner (1).exe [339432]
O61 - LFC: 10/05/2013 - 20:31:06 ---A- C:\Users\eric\Downloads\ESETSirefefRemover.exe [138120]
O61 - LFC: 10/05/2013 - 20:31:33 ---A- C:\Users\eric\Downloads\ServicesRepair.exe [4009167]
O61 - LFC: 11/05/2013 - 03:09:07 ---A- C:\Users\eric\Downloads\MicrosoftFixit.dvd.RNP.36291668863432924.1.1.Run.exe [347424]
O61 - LFC: 11/05/2013 - 03:09:07 ---A- C:\Users\eric\Downloads\MicrosoftFixit.dvd.RNP.36291668863432924.1.2.Run.exe [347424]
O61 - LFC: 11/05/2013 - 03:19:06 ---A- C:\Users\eric\AppData\Local\d3d9caps.dat [8160]
O61 - LFC: 11/05/2013 - 14:48:34 ---A- C:\Users\eric\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [271160]
O61 - LFC: 11/05/2013 - 15:26:32 ---A- C:\Users\eric\Downloads\avast_free_antivirus_setup (1).exe [117478104]
O61 - LFC: 11/05/2013 - 16:33:37 ---A- C:\Users\eric\AppData\Local\Google\Chrome\User Data\Local State [32108]
~ 8 Fichiers temporaires (Temporary files)
~ Files: 380 Legitimates Filtered in 02mn 38s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: Rooter - (.IDN.)
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {4831E2E3-E17F-490F-B53E-CB5C25F911B7} - (Live Search, le moteur de MSN) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.BC68B5EC0910CD88A315BA60C736C109] [SPRF][16/02/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.B7321814A4201BD498A07553FC5996F4] [SPRF][03/02/2010] (...) -- C:\Users\eric\AppData\Local\d3d8caps.dat [552]
[MD5.52C33AB8B7896129D34C5F47D1014F54] [SPRF][11/05/2013] (...) -- C:\Users\eric\AppData\Local\d3d9caps.dat [8160]
[MD5.3FC2C2F428DE217C6D49D0F4CC45EBF6] [SPRF][05/03/2009] (...) -- C:\Users\eric\AppData\Local\daihvdcq.bat [90]
[MD5.F1B3F4606D382C30C820D139C3BD03B2] [SPRF][02/10/2008] (...) -- C:\Users\eric\AppData\Local\fusioncache.dat [92]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][11/05/2013] (...) -- C:\Users\eric\AppData\Local\Temp\NOSEventMessages.dll [1536]
[MD5.D80B7C2FE89448B8C5059D55769EC6C0] [SPRF][11/05/2013] (...) -- C:\Users\eric\AppData\Roaming\nvModes.dat [12978]
[MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][10/03/2009] (...) -- C:\Users\eric\AppData\Roaming\SetValue.bat [35]
[MD5.09ABDA585D93C12F5B8A0B57EDE18C45] [SPRF][28/11/2011] (...) -- C:\Users\eric\AppData\Roaming\wklnhst.dat [1158]
[MD5.0B8767A2E9051F4A925473ED1C870B1E] [SPRF][05/03/2009] (.Dassault Systèmes - Updater.) -- C:\Windows\Downloaded Program Files\3DVIA_player_installer.exe [210248]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648]
[MD5.191C0C2FF2A506A9B7D0144CF5D3C5A5] [SPRF][09/01/2009] (.Microgaming.co.uk - Microgaming Flash Casino Helper Control.) -- C:\Windows\Downloaded Program Files\iefax.dll [111424]
[MD5.FD7F0F64F0A1A9508E00E76AB9164DCD] [SPRF][01/12/2008] (.Kiwee - Installer Control.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [921600]
[MD5.2D54DAECBA60EB03F9E63DD50669F634] [SPRF][24/10/2008] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [488736]
[MD5.6D61950F8B7A023A64D19F650A314B45] [SPRF][05/06/2008] (.Akamai Technologies, Inc. - Download Manager ActiveX Control.) -- C:\Windows\Downloaded Program Files\Manager.exe [660856]
[MD5.1B3C87DE7DDCFC23EDE7D41A49C7AC7C] [SPRF][17/05/2005] (.Winwise - WwGame.) -- C:\Windows\Downloaded Program Files\npwwg.dll [300032]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12033 - (09/05/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
C:\ProgramData\Software =>Adware.Boxore
C:\Users\eric\AppData\Local\Software =>Adware.Boxore
~ Additionnel Scan: 217914 Items scanned in 01mn 06s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 90112 | (ASLDRService) . (...) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 387616 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 25/08/2009 77824 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Auto 21/12/2008 133104 | (gupdate1c9632cc7caf680) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/12/2008 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 537520 | (lxdc_device) . (...) - C:\Windows\system32\lxdccoms.exe
SS - | Demand 17/12/2009 243056 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 178720 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 27/10/2011 718384 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by eric at 11/05/2013 17:41:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1561 Legitimates filtered by white list
End of the scan (509 lines in 09mn 23s)(0)
Run by eric at 11/05/2013 17:31:58
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v25.0.1364.172 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ System Protection
avast! Ad Blocker v1.0.0.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.19 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1918 MB (33% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (46%) free of 104 GB
---\\ Logged in mode
~ Computer Name: CROCBLANC
~ User Name: eric
~ All Users Names: eric, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\eric\AppData\Roaming\
~ %Desktop% : C:\Users\eric\Desktop\
~ %Favorites% : C:\Users\eric\Favorites\
~ %LocalAppData% : C:\Users\eric\AppData\Local\
~ %StartMenu% : C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 104 Go)
---\\ Security Center & Tools Informations
~ Security Center: 36 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/697
~ Mes musiques (My Musics) : 2/47
~ Mes Videos (My Videos) : 2/40
~ Mes Favoris (My Favorites) : 1/161
~ Mes Documents (My Documents) : 1/78
~ Mon Bureau (My Desktop) : 0/41
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 07s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2380]
[MD5.916B09138B35CBC306D71509E21330BA] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104] [PID.2960]
[MD5.B6BEACE54E97A33BC0CE9786BB1F7325] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4018176] [PID.3012]
[MD5.EF1FDB2A4B30AA4761376183FD81CC18] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624] [PID.3028]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3100]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3116]
[MD5.0A780C1F763E8999073CC4E6A6E6C2BE] - (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1053056] [PID.3124]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3140]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3252]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.3540]
[MD5.B95AC0CDB8F068F0C024CD344B354298] - (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe [1274320] [PID.3952]
[MD5.4388770A5959B1EEF927898F4713571D] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [148016] [PID.2728]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.1152]
[MD5.7E6EA9CB72B5DE84A5D700BED877E5F9] - (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe [397312] [PID.3940]
[MD5.7D75E5AB2C2AB3123108C0B879657E74] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7288832] [PID.4732]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1248]
[MD5.A31B68E0DF98D20B23338D6478D4DC9E] - (.Pas de propriétaire - ASLDR Service.) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe [90112] [PID.1612]
[MD5.0C6326E8F52930296A67AFDE42F0D3F2] - (.ATK0100 - HControl.) -- C:\Program Files\ATK Hotkey\Hcontrol.exe [225280] [PID.1636]
[MD5.16DEF7EBCB7BB73A55F7486C6D42E288] - (.Pas de propriétaire - ATKOSD.) -- C:\Program Files\ATK Hotkey\ATKOSD.exe [2420736] [PID.1792]
[MD5.76B35CB0F3A4E69D6DFF27F542B9F856] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe [216968] [PID.1404]
[MD5.C96C52D0D80666AF585516FFA97B7C00] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616] [PID.1568]
[MD5.10DBAA1703253FB511D0F5C5F6064B00] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [77824] [PID.2108]
[MD5.8C5FBB748C0A4FFF541998597950E130] - (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\system32\lxdccoms.exe [537520] [PID.2132]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2156]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2192]
[MD5.B6C48D01147EC020DE7F1856734127F8] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720] [PID.2736]
[MD5.668043F192AB9659761A349A4703600D] - (.Nokia - ServiceLayer Module.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [718384] [PID.1856]
[MD5.DC63C75658B7931704DD3F79B5786B05] - (.Nokia - USB Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe [173104] [PID.3764]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.3440]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5268]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] https://www.lequipe.fr/
~ Google Browser: 11 Legitimates Filtered in 00mn 30s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 13s
~ Nombre de lignes (Lines number): 15373
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll (.not file.)
O4 - HKLM\..\Run: [NvSvc] . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 97.54.) -- C:\Windows\system32\nvsvc.dll
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI1752_1552] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-4155205564-3866926074-2956358519-1002\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4155205564-3866926074-2956358519-1002\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-4155205564-3866926074-2956358519-1002\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail (2).lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Chess Titans.LNK - Clé orpheline
O4 - GS\QuickLaunch: eBay.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.)
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Internet Everywhere.lnk . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\Launcher\Launcher.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.) -- C:\Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.) -- C:\Program Files\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: 4. Windows Live Hotmail.lnk - Clé orpheline
O4 - GS\Desktop: adwcleaner (1).exe - Raccourci.lnk . (...) -- C:\Users\eric\Downloads\adwcleaner (1).exe
O4 - GS\Desktop: aller sur MSN.fr.lnk - Clé orpheline
O4 - GS\Desktop: Assistance Livebox.lnk . (...) -- C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - GS\Desktop: AusLogics Disk Defrag.lnk . (.Auslogics - Auslogics Disk Defrag.) -- C:\Program Files\Auslogics\AusLogics Disk Defrag\diskdefrag.exe
O4 - GS\Desktop: Bison Camera.lnk . (.Microsoft Corporation - Capture Application (Sample).) -- C:\drivers\CMOS\Bison\Preview.exe
O4 - GS\Desktop: Character Map.lnk . (.Microsoft Corporation - Table des caractères.) -- C:\Windows\System32\charmap.exe
O4 - GS\Desktop: ESETSirefefEVCleaner.exe - Raccourci.lnk . (.ESET - ESET Win32/Sirefef cleaner.) -- C:\Users\eric\Downloads\ESETSirefefEVCleaner.exe
O4 - GS\Desktop: Gmail.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\eric\Desktop\mail Orange.url . (.Microsoft Corporation - Internet Explorer.) -- C:\Users\eric\Desktop\mail Orange.url
O4 - GS\Desktop: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\System32\notepad.exe
O4 - Global Startup: C:\Users\eric\Desktop\Orange Messenger by Windows Live.url . (.Microsoft Corporation - Bloc-notes.) -- C:\Users\eric\Desktop\Orange Messenger by Windows Live.url
O4 - Global Startup: C:\Users\eric\Desktop\Portail Orange.url . (.Microsoft Corporation - Bloc-notes.) -- C:\Users\eric\Desktop\Portail Orange.url
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: RogueKiller.exe - Raccourci.lnk . (...) -- C:\Users\eric\Downloads\RogueKiller.exe
O4 - GS\Desktop: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\System32\SnippingTool.exe
O4 - GS\Desktop: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Desktop: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -- Clé orpheline
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 6 Legitimates Filtered in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ((no name)) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} ((no name)) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} ((no name)) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} ((no name)) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ((no name)) - https://www.eset.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236591244401
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} ((no name)) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEE0A92E-5598-4706-864C-ED668A5811E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{FEE0A92E-5598-4706-864C-ED668A5811E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASLDR Service (ASLDRService) . (.Pas de propriétaire - ASLDR Service.) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 10 Legitimates Filtered in 00mn 31s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{3A41B577-6C79-48BE-8C92-1D9EB8D80003}] (...) -- C:\Program Files\MSN Pictures Displayer\VBRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7E653C1F-04E3-44E9-B946-72893BD33849}] (...) -- C:\Users\eric\Downloads\AAInstaller21\AAInstaller21.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A0BCF3ED-6C80-4B98-BA2A-2A18E1BC0DBF}] (...) -- C:\Program Files\Windows Live Safety Center\UnInstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C44A9FE7-F728-4AC6-BE68-8E7A0B2B4233}] (...) -- C:\Users\eric\Desktop\Flash_Disinfector.exe (.not file.) [0]
[MD5.3FC2C2F428DE217C6D49D0F4CC45EBF6] [APT] [{DAB92590-BA65-40EF-8909-116E1A3FEF67}] (...) -- c:\users\eric\appdata\local\daihvdcq.bat [90]
[MD5.00000000000000000000000000000000] [APT] [{EE9E3792-25EC-49C6-93B3-193BF3571570}] (...) -- C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Protected Search] (...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) [0] =>Spyware.ProtectedSearch
~ Scheduled Task: 24 Legitimates Filtered in 00mn 18s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
~ Key Software: 194 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/11/2009 - 15:41:55 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/11/2009 - 15:44:09 - [501,796] ----D C:\Users\eric\AppData\Local\IM
O43 - CFD: 03/08/2011 - 21:25:14 - [0] ----D C:\Users\eric\AppData\Local\PokerStars.FR
O43 - CFD: 07/05/2013 - 20:33:03 - [0,030] ----D C:\Users\eric\AppData\Local\Temp(114)
O43 - CFD: 18/03/2009 - 03:58:25 - [0,021] ----D C:\Users\eric\AppData\Local\Temp(61)
~ 9 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 208 Legitimates Filtered in 00mn 44s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CA9D5826A58411E0095BA6D41E31FF9B] - 10/05/2013 - 02:55:01 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [4003]
~ Files: 54 Legitimates Filtered in 00mn 52s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.8E7554544E6C264EFE601236F6172B2E] - 11/05/2013 - 03:10:19 ---A- - C:\Windows\Prefetch\MATSWIZ.EXE-271C4D12.pf
O45 - LFCP:[MD5.2EBCE58A0A845F5DC4276D9F85F36D25] - 11/05/2013 - 03:10:42 ---A- - C:\Windows\Prefetch\MATSHOST.EXE-040A4296.pf
O45 - LFCP:[MD5.13D2C83643366878900571CFCA7C28F9] - 11/05/2013 - 03:38:10 ---A- - C:\Windows\Prefetch\WMLAUNCH.EXE-5EDC7699.pf
O45 - LFCP:[MD5.879BC059346F20497E2FDEEE9709D1F1] - 11/05/2013 - 15:32:36 ---A- - C:\Windows\Prefetch\6835E9D4-2724-48CD-88BE-23F20-55547930.pf
~ Prefetcher: 106 Legitimates Filtered in 00mn 02s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{9a346d2d-fa50-11de-a3da-001d6051979b}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 08/05/2013 - 01:34:15 ---A- C:\Users\eric\Downloads\mbam-setup-1.75.0.1300 (2).exe [10285040]
O61 - LFC: 08/05/2013 - 19:08:09 ---A- C:\Users\eric\Downloads\adwcleaner (1).exe [628743]
O61 - LFC: 08/05/2013 - 19:38:19 ---A- C:\Users\eric\Downloads\avast_free_antivirus_setup.exe [116651696]
O61 - LFC: 08/05/2013 - 20:12:00 ---A- C:\Users\eric\eric - Raccourci.lnk [335]
O61 - LFC: 08/05/2013 - 20:12:20 ---A- C:\Users\eric\eric - Raccourci (2).lnk [335]
O61 - LFC: 09/05/2013 - 23:46:16 ---A- C:\Users\eric\AppData\Roaming\Microsoft\MMC\taskschd [86517]
O61 - LFC: 10/05/2013 - 02:50:28 ---A- C:\Users\eric\Downloads\chromeinstall-7u21 (1).exe [903072]
O61 - LFC: 10/05/2013 - 02:51:58 ---A- C:\Users\eric\Downloads\chromeinstall-7u21 (2).exe [903072]
O61 - LFC: 10/05/2013 - 16:07:39 ---A- C:\Users\eric\Downloads\FSS.exe [354299]
O61 - LFC: 10/05/2013 - 16:09:51 ---A- C:\Users\eric\Downloads\FSS.txt [5938]
O61 - LFC: 10/05/2013 - 16:29:51 ---A- C:\Users\eric\Downloads\FSS.exe - Raccourci.lnk [826]
O61 - LFC: 10/05/2013 - 16:47:16 ---A- C:\Users\eric\Downloads\ESETSirefefEVCleaner.exe [339432]
O61 - LFC: 10/05/2013 - 17:02:21 ---A- C:\Users\eric\Downloads\ESETSirefefEVCleaner (1).exe [339432]
O61 - LFC: 10/05/2013 - 20:31:06 ---A- C:\Users\eric\Downloads\ESETSirefefRemover.exe [138120]
O61 - LFC: 10/05/2013 - 20:31:33 ---A- C:\Users\eric\Downloads\ServicesRepair.exe [4009167]
O61 - LFC: 11/05/2013 - 03:09:07 ---A- C:\Users\eric\Downloads\MicrosoftFixit.dvd.RNP.36291668863432924.1.1.Run.exe [347424]
O61 - LFC: 11/05/2013 - 03:09:07 ---A- C:\Users\eric\Downloads\MicrosoftFixit.dvd.RNP.36291668863432924.1.2.Run.exe [347424]
O61 - LFC: 11/05/2013 - 03:19:06 ---A- C:\Users\eric\AppData\Local\d3d9caps.dat [8160]
O61 - LFC: 11/05/2013 - 14:48:34 ---A- C:\Users\eric\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [271160]
O61 - LFC: 11/05/2013 - 15:26:32 ---A- C:\Users\eric\Downloads\avast_free_antivirus_setup (1).exe [117478104]
O61 - LFC: 11/05/2013 - 16:33:37 ---A- C:\Users\eric\AppData\Local\Google\Chrome\User Data\Local State [32108]
~ 8 Fichiers temporaires (Temporary files)
~ Files: 380 Legitimates Filtered in 02mn 38s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: Rooter - (.IDN.)
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\eric\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {4831E2E3-E17F-490F-B53E-CB5C25F911B7} - (Live Search, le moteur de MSN) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.BC68B5EC0910CD88A315BA60C736C109] [SPRF][16/02/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.B7321814A4201BD498A07553FC5996F4] [SPRF][03/02/2010] (...) -- C:\Users\eric\AppData\Local\d3d8caps.dat [552]
[MD5.52C33AB8B7896129D34C5F47D1014F54] [SPRF][11/05/2013] (...) -- C:\Users\eric\AppData\Local\d3d9caps.dat [8160]
[MD5.3FC2C2F428DE217C6D49D0F4CC45EBF6] [SPRF][05/03/2009] (...) -- C:\Users\eric\AppData\Local\daihvdcq.bat [90]
[MD5.F1B3F4606D382C30C820D139C3BD03B2] [SPRF][02/10/2008] (...) -- C:\Users\eric\AppData\Local\fusioncache.dat [92]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][11/05/2013] (...) -- C:\Users\eric\AppData\Local\Temp\NOSEventMessages.dll [1536]
[MD5.D80B7C2FE89448B8C5059D55769EC6C0] [SPRF][11/05/2013] (...) -- C:\Users\eric\AppData\Roaming\nvModes.dat [12978]
[MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][10/03/2009] (...) -- C:\Users\eric\AppData\Roaming\SetValue.bat [35]
[MD5.09ABDA585D93C12F5B8A0B57EDE18C45] [SPRF][28/11/2011] (...) -- C:\Users\eric\AppData\Roaming\wklnhst.dat [1158]
[MD5.0B8767A2E9051F4A925473ED1C870B1E] [SPRF][05/03/2009] (.Dassault Systèmes - Updater.) -- C:\Windows\Downloaded Program Files\3DVIA_player_installer.exe [210248]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648]
[MD5.191C0C2FF2A506A9B7D0144CF5D3C5A5] [SPRF][09/01/2009] (.Microgaming.co.uk - Microgaming Flash Casino Helper Control.) -- C:\Windows\Downloaded Program Files\iefax.dll [111424]
[MD5.FD7F0F64F0A1A9508E00E76AB9164DCD] [SPRF][01/12/2008] (.Kiwee - Installer Control.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [921600]
[MD5.2D54DAECBA60EB03F9E63DD50669F634] [SPRF][24/10/2008] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [488736]
[MD5.6D61950F8B7A023A64D19F650A314B45] [SPRF][05/06/2008] (.Akamai Technologies, Inc. - Download Manager ActiveX Control.) -- C:\Windows\Downloaded Program Files\Manager.exe [660856]
[MD5.1B3C87DE7DDCFC23EDE7D41A49C7AC7C] [SPRF][17/05/2005] (.Winwise - WwGame.) -- C:\Windows\Downloaded Program Files\npwwg.dll [300032]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12033 - (09/05/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
C:\ProgramData\Software =>Adware.Boxore
C:\Users\eric\AppData\Local\Software =>Adware.Boxore
~ Additionnel Scan: 217914 Items scanned in 01mn 06s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 90112 | (ASLDRService) . (...) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 387616 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 25/08/2009 77824 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Auto 21/12/2008 133104 | (gupdate1c9632cc7caf680) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/12/2008 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 537520 | (lxdc_device) . (...) - C:\Windows\system32\lxdccoms.exe
SS - | Demand 17/12/2009 243056 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 178720 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 27/10/2011 718384 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by eric at 11/05/2013 17:41:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1561 Legitimates filtered by white list
End of the scan (509 lines in 09mn 23s)(0)
Re
Utilisation de l'outil ZHPFix :
* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
-------------------------------------------------------------------------------------------------
[MD5.00000000000000000000000000000000] [APT] [Protected Search] (...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) [0]
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
C:\ProgramData\Software
C:\Users\eric\AppData\Local\Software
O4 - GS\QuickLaunch: Chess Titans.LNK - Clé orpheline
O4 - GS\Desktop: 4. Windows Live Hotmail.lnk - Clé orpheline
O4 - GS\Desktop: aller sur MSN.fr.lnk - Clé orpheline
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} ((no name)) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
[MD5.00000000000000000000000000000000] [APT] [{3A41B577-6C79-48BE-8C92-1D9EB8D80003}] (...) -- C:\Program Files\MSN Pictures Displayer\VBRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7E653C1F-04E3-44E9-B946-72893BD33849}] (...) -- C:\Users\eric\Downloads\AAInstaller21\AAInstaller21.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A0BCF3ED-6C80-4B98-BA2A-2A18E1BC0DBF}] (...) -- C:\Program Files\Windows Live Safety Center\UnInstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C44A9FE7-F728-4AC6-BE68-8E7A0B2B4233}] (...) -- C:\Users\eric\Desktop\Flash_Disinfector.exe (.not file.) [0]
[HKCU\Software\IncrediMail]
O43 - CFD: 30/11/2009 - 15:41:55 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/11/2009 - 15:44:09 - [501,796] ----D C:\Users\eric\AppData\Local\IM
O43 - CFD: 03/08/2011 - 21:25:14 - [0] ----D C:\Users\eric\AppData\Local\PokerStars.FR
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
O4 - GS\Desktop: ESETSirefefEVCleaner.exe - Raccourci.lnk . (.ESET - ESET Win32/Sirefef cleaner.) -- C:\Users\eric\Downloads\ESETSirefefEVCleaner.exe
[MD5.3FC2C2F428DE217C6D49D0F4CC45EBF6] [APT] [{DAB92590-BA65-40EF-8909-116E1A3FEF67}] (...) -- c:\users\eric\appdata\local\daihvdcq.bat [90]
FirewallRAZ
Emptytemp
EmptyCLSID
--------------------------------------------------------------------------------------------
* Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
* Clique sur l'icone représentant le presse-papier ("coller le presse-papier")
le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le (Ctrl+v)
* Clique sur le bouton GO pour lancer le nettoyage
* Copie/colle la totalité du rapport dans ta prochaine réponse.
-> laisse travailler l'outil et ne touche à rien ...
-> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
( ce rapport est en outre sauvegardé dans ce dossier C:/ZHP/ZHPFix(R1)
@+
Utilisation de l'outil ZHPFix :
* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
-------------------------------------------------------------------------------------------------
[MD5.00000000000000000000000000000000] [APT] [Protected Search] (...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) [0]
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
C:\ProgramData\Software
C:\Users\eric\AppData\Local\Software
O4 - GS\QuickLaunch: Chess Titans.LNK - Clé orpheline
O4 - GS\Desktop: 4. Windows Live Hotmail.lnk - Clé orpheline
O4 - GS\Desktop: aller sur MSN.fr.lnk - Clé orpheline
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} ((no name)) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
[MD5.00000000000000000000000000000000] [APT] [{3A41B577-6C79-48BE-8C92-1D9EB8D80003}] (...) -- C:\Program Files\MSN Pictures Displayer\VBRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7E653C1F-04E3-44E9-B946-72893BD33849}] (...) -- C:\Users\eric\Downloads\AAInstaller21\AAInstaller21.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A0BCF3ED-6C80-4B98-BA2A-2A18E1BC0DBF}] (...) -- C:\Program Files\Windows Live Safety Center\UnInstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C44A9FE7-F728-4AC6-BE68-8E7A0B2B4233}] (...) -- C:\Users\eric\Desktop\Flash_Disinfector.exe (.not file.) [0]
[HKCU\Software\IncrediMail]
O43 - CFD: 30/11/2009 - 15:41:55 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/11/2009 - 15:44:09 - [501,796] ----D C:\Users\eric\AppData\Local\IM
O43 - CFD: 03/08/2011 - 21:25:14 - [0] ----D C:\Users\eric\AppData\Local\PokerStars.FR
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
O4 - GS\Desktop: ESETSirefefEVCleaner.exe - Raccourci.lnk . (.ESET - ESET Win32/Sirefef cleaner.) -- C:\Users\eric\Downloads\ESETSirefefEVCleaner.exe
[MD5.3FC2C2F428DE217C6D49D0F4CC45EBF6] [APT] [{DAB92590-BA65-40EF-8909-116E1A3FEF67}] (...) -- c:\users\eric\appdata\local\daihvdcq.bat [90]
FirewallRAZ
Emptytemp
EmptyCLSID
--------------------------------------------------------------------------------------------
* Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
* Clique sur l'icone représentant le presse-papier ("coller le presse-papier")
le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le (Ctrl+v)
* Clique sur le bouton GO pour lancer le nettoyage
* Copie/colle la totalité du rapport dans ta prochaine réponse.
-> laisse travailler l'outil et ne touche à rien ...
-> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
( ce rapport est en outre sauvegardé dans ce dossier C:/ZHP/ZHPFix(R1)
@+
çà été long mon ordi rame et j'ai du le forcer à s'arreter pas d'autre choix il ne répondait plus.
Pff!! j'en ai ras le bol !
Pff!! j'en ai ras le bol !
