Désinfection pour léopard86
Fermé
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
-
7 juil. 2013 à 23:02
lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 - 23 juil. 2013 à 11:03
lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 - 23 juil. 2013 à 11:03
A voir également:
- Désinfection pour léopard86
- Pour désinfecter un ordinateur, il est recommandé de le redémarrer depuis un cd-rom ou une clef usb; pourquoi ? ✓ - Forum Virus
- Aide pour désinfection pc ✓ - Forum Virus
- Demande de désinfection! - Forum Virus
- Besoin d'une désinfection ✓ - Forum Virus
- Demande de désinfection SVP !!! - Forum Virus
29 réponses
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
8 juil. 2013 à 22:37
8 juil. 2013 à 22:37
Non léopard puisqu'il est à jour
Mais c'est lui qui t'a refilé toutes les m*rdes
Bref on continue demain
Mais c'est lui qui t'a refilé toutes les m*rdes
Bref on continue demain
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
9 juil. 2013 à 17:23
9 juil. 2013 à 17:23
Hello léopard
Si tu es là fais moi signe
Si tu es là fais moi signe
léopard86
Messages postés
68
Date d'inscription
dimanche 7 juillet 2013
Statut
Membre
Dernière intervention
31 décembre 2014
2
10 juil. 2013 à 01:28
10 juil. 2013 à 01:28
bonsoir
absent de tte la journée et demain tte la journée au zoo si jamais ^^"
absent de tte la journée et demain tte la journée au zoo si jamais ^^"
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
13 juil. 2013 à 08:12
13 juil. 2013 à 08:12
hello léopard
Si tu es là fais moi signe :)
Si tu es là fais moi signe :)
léopard86
Messages postés
68
Date d'inscription
dimanche 7 juillet 2013
Statut
Membre
Dernière intervention
31 décembre 2014
2
14 juil. 2013 à 15:37
14 juil. 2013 à 15:37
coucou !
J'étais partit en vacance 3 jour :)
Me voila de retour frais comme un gardon!
Alors comment continuons nous ?
J'étais partit en vacance 3 jour :)
Me voila de retour frais comme un gardon!
Alors comment continuons nous ?
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
14 juil. 2013 à 15:43
14 juil. 2013 à 15:43
Refais moi un zhpdiag il y a eu une mise à jour
bonjour,
la mise a jour a été faite et j'ai relancer un scan
Rapport de ZHPDiag v2013.7.20.351 par Nicolas Coolman, Update du 21/07/2013
Run by Raphael at 22/07/2013 11:35:47
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16635
MFIE: Mozilla Firefox 22.0 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : 4VRD7
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Kaspersky Anti-Virus 2013 v13.0.1.4190
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8
---\\ System Optimizer
---\\ Peer To Peer (P2P)
Pando Media Booster v2.6.0.7
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ System Information
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8154 MB (80% free)
System Restore: Activé (Enable)
System drive C: has 349 GB (79%) free of 439 GB
---\\ Logged in mode
~ Computer Name: JBR
~ User Name: Raphael
~ All Users Names: Raphael, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Raphael\AppData\Roaming\
~ %Desktop% : C:\Users\Raphael\Desktop\
~ %Favorites% : C:\Users\Raphael\Favorites\
~ %LocalAppData% : C:\Users\Raphael\AppData\Local\
~ %StartMenu% : C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 349 Go of 439 Go)
D:\ CD-ROM drive (Free 0 Go of 8 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 492 Go of 492 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/66
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376] [PID.1652]
[MD5.5F9C07E201B05CEB8AE9B0BBF1AE2DEC] - (.Vimicro Corporation - Monitor SnapShot Button.) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168] [PID.728]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770608] [PID.536]
[MD5.C8D28F8B498CADBB9445AC4545BD41B7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.2664]
[MD5.E9349A03FD81B4806714A16796B5E20A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.3996]
[MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.2800]
[MD5.B68BA29CC976337B3E0E980FD0EB14A7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7744512] [PID.2944]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\zrzfbfmo.default\prefs.js
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [VMonitorVMUVC] . (.Vimicro Corporation - Monitor SnapShot Button.) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
O4 - HKUS\S-1-5-21-4193736707-284631613-3346140376-1001\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
O4 - GS\Desktop: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe
O4 - GS\Desktop: MicroCapture.lnk . (...) -- C:\Program Files (x86)\MicroCapture\MicroCapture.exe
O4 - GS\Desktop: MicroCapture_veho_vms004.lnk . (...) -- C:\Program Files (x86)\MicroCapture\MicroCapture.exe
O4 - GS\Desktop: RIFT.lnk . (.Trion Worlds Inc. - RIFT - Patcher.) -- C:\Program Files (x86)\RIFT\riftpatchlive.exe
O4 - GS\Desktop: Wordpad.lnk . (.Microsoft Corporation - Application Windows Wordpad.) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico
O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED52E155-52ED-4D90-A500-F416C8D5D2E1}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED52E155-52ED-4D90-A500-F416C8D5D2E1}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Toolbar.DeltaSearch
~ Logic: 52 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch
[HKCU\Software\Mindware Studios]
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Duuqu] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Mindware Studios]
[HKLM\Software\Wow6432Node\StarterTV] =>Adware.StarterTV
~ Key Software: 140 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1955753BB0548934AF9FAA3B3B116DB2] - 17/07/2013 - 23:35:10 ---A- . (...) -- C:\Windows\win.ini [101]
O44 - LFC:[MD5.1C1DB86A882AB2532EEC09507190E019] - 17/07/2013 - 23:30:30 ---A- . (.Pas de propriétaire - CameraFixer MFC Application.) -- C:\Windows\FixCamera.exe [20480]
O44 - LFC:[MD5.287C948178B5E52E02C679C5257B26ED] - 17/07/2013 - 00:56:45 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [386642]
O44 - LFC:[MD5.287C948178B5E52E02C679C5257B26ED] - 17/07/2013 - 00:56:45 RSHAD . (...) -- C:\Windows\System32\ApnDatabase.xml [386642]
O44 - LFC:[MD5.F390146AE3A191CF2C6F7E06F7A79D6A] - 08/07/2013 - 11:47:55 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [98]
O44 - LFC:[MD5.2462D2CF6260C9F16517C967BF37949D] - 07/07/2013 - 18:09:55 ---A- . (...) -- C:\Windows\DirectX.log [10085]
O44 - LFC:[MD5.AADAFDA81303668BE6ED82AA357564CE] - 07/07/2013 - 12:19:52 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [449481]
~ Files: 368 Legitimates Filtered in 00mn 21s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.9F5F52AB9BDF0F2A84B1DAEE77010C84] - 05/07/2013 - 21:29:32 ---A- - C:\Windows\Prefetch\GW2.EXE-DBF852CC.pf
O45 - LFCP:[MD5.BD06254CE54D58693B2E07AB7F2BA6E4] - 06/07/2013 - 21:18:17 ---A- - C:\Windows\Prefetch\EAUTORUN.EXE-BF9DB5E3.pf
O45 - LFCP:[MD5.F7C524E06B36D5D7EDDB3553F057FA02] - 06/07/2013 - 21:18:27 ---A- - C:\Windows\Prefetch\AUTORUN.EXE-D28490C2.pf
O45 - LFCP:[MD5.E4E67E91D43B7FFC1CB2110B7075759E] - 06/07/2013 - 21:18:44 ---A- - C:\Windows\Prefetch\SET780A.TMP-D0C49573.pf
O45 - LFCP:[MD5.A38D46B2BB7B010EE022AD9F4E1D12BB] - 06/07/2013 - 21:52:34 ---A- - C:\Windows\Prefetch\OVERDOSE.EXE-BE57E8DF.pf
O45 - LFCP:[MD5.9DA349DB04DAC8FC23207581AD69FD4C] - 07/07/2013 - 12:19:24 ---A- - C:\Windows\Prefetch\VISTA_WIN7_WIN8_R271.EXE-EEF28585.pf
O45 - LFCP:[MD5.DE79C1F2E94E3B53D86346A484BE9373] - 07/07/2013 - 13:08:51 ---A- - C:\Windows\Prefetch\LEAGUEOFLEGENDS_EUW_INSTALLER-EAF76AF3.pf
O45 - LFCP:[MD5.21C9D6AD73A2EE510D5ED1A6052460C8] - 07/07/2013 - 13:09:14 ---A- - C:\Windows\Prefetch\FONDUE.EXE-DE4A269F.pf
O45 - LFCP:[MD5.0BCC3A927D136069865F7A50F721D56F] - 07/07/2013 - 18:01:24 ---A- - C:\Windows\Prefetch\RIFT-INSTALL-0-THMP7J.EXE-A1C3A401.pf
O45 - LFCP:[MD5.AB6D689F631BAE58BD0C2B6D5425B52C] - 07/07/2013 - 18:28:20 ---A- - C:\Windows\Prefetch\AIR8D0C.EXE-C1648803.pf
O45 - LFCP:[MD5.5F38D8C8D9826D027D0B0FC020450567] - 07/07/2013 - 18:29:30 ---A- - C:\Windows\Prefetch\AIR9B1E.EXE-2228224D.pf
O45 - LFCP:[MD5.77FE945CE1479DE4A0B403C2E2FEC10F] - 07/07/2013 - 18:29:34 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-38A35AD1.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.13CE25FEDD68D0534A90330ED1836FBB] - 07/07/2013 - 18:29:47 ---A- - C:\Windows\Prefetch\AIRED75-17A8.EXE-A135B13F.pf
O45 - LFCP:[MD5.6EAE8EBF1480F1F54605FBA4993F2981] - 07/07/2013 - 18:29:59 ---A- - C:\Windows\Prefetch\AIR870.EXE-5CFE3EBB.pf
O45 - LFCP:[MD5.EAD17A670D7987FE3EF65634DA27F365] - 07/07/2013 - 18:30:11 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-1210B798.pf =>Adware.IMBooster
O45 - LFCP:[MD5.7DDFCA78AAAFDFDBAA22A57AE89A290F] - 07/07/2013 - 18:30:27 ---A- - C:\Windows\Prefetch\AIR66ED.TMP-93F7BC12.pf
O45 - LFCP:[MD5.09BF6B1AC1D437C62E9670BCAF3FB4DE] - 07/07/2013 - 20:40:44 ---A- - C:\Windows\Prefetch\50B892E5-D96C-476B-834E-555C5-CCC71C01.pf
O45 - LFCP:[MD5.1A2EA31DF63E2FC43526C13A6F9F3918] - 07/07/2013 - 20:41:11 ---A- - C:\Windows\Prefetch\ANTIVIRUS_FREE_EDITION.EXE-DFB8C03F.pf
O45 - LFCP:[MD5.A7433084ABA27B18BAEFB3A92CCEC57D] - 07/07/2013 - 20:41:16 ---A- - C:\Windows\Prefetch\STARTERTV_1406_FR-CE7486B6.TM-C228CC70.pf =>Adware.StarterTV
O45 - LFCP:[MD5.212C4EC81E2F81ED9F39C8010265F76A] - 07/07/2013 - 20:42:08 ---A- - C:\Windows\Prefetch\RO-RO.EXE-A28AACC1.pf
O45 - LFCP:[MD5.2F71C9447DC22A6660C17CD7C44B7E7A] - 07/07/2013 - 20:42:14 ---A- - C:\Windows\Prefetch\ANTIVIRUS_FREE_EDITION_X64.EX-D627A1EC.pf
O45 - LFCP:[MD5.DE5E5205A76316236722D4D9620215D6] - 07/07/2013 - 20:42:15 ---A- - C:\Windows\Prefetch\INSTALLER.EXE-C1847606.pf
O45 - LFCP:[MD5.25121540CCA6A7081606A5B0918B0409] - 07/07/2013 - 23:39:07 ---A- - C:\Windows\Prefetch\RO-RO.EXE-0EF4F61F.pf
O45 - LFCP:[MD5.DB24C06FB45C4D79BD8F7544CB0B1A4E] - 08/07/2013 - 00:00:06 ---A- - C:\Windows\Prefetch\RIFTPATCHLIVE.EXE-40765A45.pf
O45 - LFCP:[MD5.E000BE06A72FEC73EE4AC52CE6465B1C] - 08/07/2013 - 00:00:17 ---A- - C:\Windows\Prefetch\RIFT.EXE-24032E3D.pf
O45 - LFCP:[MD5.B7AB7DCE80A74EE3FAA055294BFC8303] - 08/07/2013 - 09:47:28 ---A- - C:\Windows\Prefetch\UPSTV_FR_3.EXE-F2C84BCD.pf
O45 - LFCP:[MD5.10780C4D29E3FC86A1D7C4C811C88A40] - 08/07/2013 - 10:12:55 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-50DE7585.pf
O45 - LFCP:[MD5.2364176F79B3A82D917EE24095E70168] - 08/07/2013 - 10:13:22 ---A- - C:\Windows\Prefetch\28176U~1.EXE-AF11F1B8.pf
O45 - LFCP:[MD5.25B9D7EB2897CFE6C734775CB138648C] - 08/07/2013 - 10:13:58 ---A- - C:\Windows\Prefetch\BOOTSTRAPPER.EXE-A76488EF.pf
O45 - LFCP:[MD5.A4759830CE37BF4E159682674E2F00B9] - 09/07/2013 - 20:23:45 ---A- - C:\Windows\Prefetch\GW2.EXE-28B4C5AF.pf
O45 - LFCP:[MD5.8B8D7D6D657FED333A03A0306F28090F] - 12/07/2013 - 23:15:45 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-32EE8CFF.pf
O45 - LFCP:[MD5.D6E0539F5F4834B4FC87E7404D8A1B76] - 14/07/2013 - 13:44:34 ---A- - C:\Windows\Prefetch\FFXIV.EXE-61DD81AA.pf
O45 - LFCP:[MD5.FD6F9C41D25C891A215C9FBA2DF62877] - 15/07/2013 - 23:42:11 ---A- - C:\Windows\Prefetch\FFXIVBOOT.EXE-4E62E340.pf
O45 - LFCP:[MD5.0779D602E9AAB84236C685E8B4D18936] - 17/07/2013 - 23:30:45 ---A- - C:\Windows\Prefetch\VSNP2STD.EXE-3D29AA48.pf
O45 - LFCP:[MD5.A8BF9A3EAE423D18A6B21B963591F4C2] - 17/07/2013 - 23:35:02 ---A- - C:\Windows\Prefetch\SONIXDRV.EXE-190C55FF.pf
O45 - LFCP:[MD5.ACFC0703341AD62E25C2834A059D2A63] - 17/07/2013 - 23:39:02 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-985981D8.pf
O45 - LFCP:[MD5.3771FEB32D93C729CE21C5630E8B52B2] - 17/07/2013 - 23:45:38 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-C8243B7B.pf
O45 - LFCP:[MD5.9860523D983D0F37B5691DBEFD18A066] - 17/07/2013 - 23:46:03 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-04AA8A1C.pf
O45 - LFCP:[MD5.F828F270A8C892BF54D7C47C7DB80970] - 17/07/2013 - 23:46:26 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-4FAE6556.pf
O45 - LFCP:[MD5.75C03BD5ECB178234A3801E6F9B6401F] - 17/07/2013 - 23:46:35 ---A- - C:\Windows\Prefetch\VMDRV.EXE-81FCB7CC.pf
O45 - LFCP:[MD5.097E3ADD14961543DD1F94BDE98BF7DE] - 17/07/2013 - 23:46:51 ---A- - C:\Windows\Prefetch\VMDRV.EXE-B04A25EB.pf
O45 - LFCP:[MD5.208069CFFF9620369A70EDE2E0B2B1DB] - 21/07/2013 - 14:36:18 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-ED823DAF.pf
O45 - LFCP:[MD5.4C77299A3C2E202CB3C8714A27A6A395] - 21/07/2013 - 14:49:24 ---A- - C:\Windows\Prefetch\VMUVC.EXE-665F5376.pf
O45 - LFCP:[MD5.A0A316B6A1E8EC2B9B841F7EE3626D80] - 21/07/2013 - 17:59:14 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.2FE337C61304E93CDEB1E4EA580DA90C] - 22/07/2013 - 06:06:17 ---A- - C:\Windows\Prefetch\VMONITOR.EXE-259FE7AF.pf
~ Prefetcher: 245 Legitimates Filtered in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(...) -- C:\Windows\system32\sessmgr.exe (.not file.)
~ Keys Export: 4 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{03733758-ce8b-11e2-be66-806e6f6e6963}\AutoRun\command. (.ArenaNet - Guild Wars 2 Game Client.) -- D:\Gw2Setup.exe
~ Keys: Scanned in 00mn 11s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 21/07/2013 - 15:11:58 ---A- C:\Users\Raphael\AppData\Local\microcapture\mv.db [58]
O61 - LFC: 21/07/2013 - 15:11:58 ---A- C:\Users\Raphael\AppData\Local\microcapture\mv2.db [58]
~ Files: 30 Legitimates Filtered in 00mn 28s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {241F1883-3AB6-F186-5DBD-65475D58FAA4} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.CFCE42850CCC6C1C8E47E0D99CFD574E] [SPRF][07/07/2013] (...) -- C:\ProgramData\1373226125.bdinstall.bin [30243]
[MD5.4FA18AE880B493C95A163E35FAC3A8BE] [SPRF][07/07/2013] (...) -- C:\ProgramData\1373236737.bdinstall.bin [32880]
[MD5.BE79F054B4D15F6C7C442CC6F6CFEB11] [SPRF][07/07/2013] (.Setup © - Setup.) -- C:\Users\Raphael\AppData\Local\Temp\28176uninstall.exe [359936]
[MD5.D57E10A046DA9F71B96BA9F4CD50C6CC] [SPRF][07/07/2013] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\Raphael\AppData\Local\Temp\86BA_install_flashplayer11x32_mssd_aih.exe [1017920]
[MD5.485D8E669C7174BE9F4B580F1E119E25] [SPRF][07/07/2013] (.Speedchecker Limited - Pas de description.) -- C:\Users\Raphael\AppData\Local\Temp\air66ED.exe [3694280]
[MD5.E8EFB9EF24C1E0CED84CFA3C2AE9DC2F] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\air86B9.exe [782832]
[MD5.B64555302CC0AA406C95D89718EB7767] [SPRF][07/07/2013] (.Iminent - Iminent Setup.) -- C:\Users\Raphael\AppData\Local\Temp\air870.exe [857920] =>Adware.IMBooster
[MD5.A75BF712567B60395A97278F92F3A330] [SPRF][07/07/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Raphael\AppData\Local\Temp\air8D0C.exe [1116072]
[MD5.26BE92795A8885ADE37CFE7A6D7254B7] [SPRF][07/07/2013] (.WebCake LLC - Installer.) -- C:\Users\Raphael\AppData\Local\Temp\airED75.exe [289760] =>Adware.WebCake
[MD5.FD6057B33E15A553DDC5D9873723CE8F] [SPRF][07/07/2013] (.Microsoft Corporation - DirectX 9.0 Web setup.) -- C:\Users\Raphael\AppData\Local\Temp\dxwebsetup.exe [288088]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][05/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\Gw2.dat [0]
[MD5.373FB81B6A551DD74767B7E08630EF48] [SPRF][05/07/2013] (.ArenaNet - Guild Wars 2 Game Client.) -- C:\Users\Raphael\AppData\Local\Temp\Gw2.exe [22793552]
[MD5.A75BF712567B60395A97278F92F3A330] [SPRF][07/07/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Raphael\AppData\Local\Temp\setup.exe [1116072]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\Sqlite3.dll [599419]
[MD5.1D70BE6C8303EB57079B005BA6B399AD] [SPRF][07/07/2013] (.Eclipse Foundation - SWT for Windows native library.) -- C:\Users\Raphael\AppData\Local\Temp\swt-win32-3349.dll [139672]
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Raphael\AppData\Local\Temp\uninst1.exe [389632] =>Toolbar.Babylon
[MD5.DE1F74C3471F2C9A8C0B3969E692F7B2] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition.exe [162208]
[MD5.8A51B1824A263F906A3783E84C3D2446] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition_x64.exe [8691304]
~ Files: Scanned in 00mn 00s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "6034A56F179DB704A0F88D3E2F0079E1" . (.AMD Wireless Display v3.0.) -- C:\Windows\Installer\{F65A4306-D971-407B-0A8F-D8E3F200971E}\ARPPRODUCTICON.exe
~ Update Products: 47 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 04/06/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/06/2013 356376 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
SR - | Auto 09/06/2013 2635600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 18/06/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 05/01/2007 774144 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 23/12/2006 262144 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Raphael at 22/07/2013 11:37:56
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Raphael at 22/07/2013 11:37:58
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12804 - (21/07/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 7
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\StarterTV] =>
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>Toolbar.DeltaSearch^
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch^
[HKLM\Software\Wow6432Node\Duuqu] =>Toolbar.DeltaSearch^
C:\Users\Raphael\AppData\Local\Temp\air870.exe =>Adware.IMBooster^
C:\Users\Raphael\AppData\Local\Temp\airED75.exe =>Adware.WebCake^
C:\Users\Raphael\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
~ Additionnel Scan: 140914 Items scanned in 00mn 09s
---\\ Malicius Software Information
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/29259213-adware-startertv =>Adware.StarterTV
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ MSI: 7 link(s) detected in 00mn 09s
~ 1377 Legitimates filtered by white list
End of the scan (439 lines in 02mn 20s)(0)
la mise a jour a été faite et j'ai relancer un scan
Rapport de ZHPDiag v2013.7.20.351 par Nicolas Coolman, Update du 21/07/2013
Run by Raphael at 22/07/2013 11:35:47
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16635
MFIE: Mozilla Firefox 22.0 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : 4VRD7
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Kaspersky Anti-Virus 2013 v13.0.1.4190
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8
---\\ System Optimizer
---\\ Peer To Peer (P2P)
Pando Media Booster v2.6.0.7
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ System Information
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8154 MB (80% free)
System Restore: Activé (Enable)
System drive C: has 349 GB (79%) free of 439 GB
---\\ Logged in mode
~ Computer Name: JBR
~ User Name: Raphael
~ All Users Names: Raphael, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Raphael\AppData\Roaming\
~ %Desktop% : C:\Users\Raphael\Desktop\
~ %Favorites% : C:\Users\Raphael\Favorites\
~ %LocalAppData% : C:\Users\Raphael\AppData\Local\
~ %StartMenu% : C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 349 Go of 439 Go)
D:\ CD-ROM drive (Free 0 Go of 8 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 492 Go of 492 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/66
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376] [PID.1652]
[MD5.5F9C07E201B05CEB8AE9B0BBF1AE2DEC] - (.Vimicro Corporation - Monitor SnapShot Button.) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168] [PID.728]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770608] [PID.536]
[MD5.C8D28F8B498CADBB9445AC4545BD41B7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.2664]
[MD5.E9349A03FD81B4806714A16796B5E20A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.3996]
[MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.2800]
[MD5.B68BA29CC976337B3E0E980FD0EB14A7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7744512] [PID.2944]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\zrzfbfmo.default\prefs.js
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [VMonitorVMUVC] . (.Vimicro Corporation - Monitor SnapShot Button.) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
O4 - HKUS\S-1-5-21-4193736707-284631613-3346140376-1001\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
O4 - GS\Desktop: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe
O4 - GS\Desktop: MicroCapture.lnk . (...) -- C:\Program Files (x86)\MicroCapture\MicroCapture.exe
O4 - GS\Desktop: MicroCapture_veho_vms004.lnk . (...) -- C:\Program Files (x86)\MicroCapture\MicroCapture.exe
O4 - GS\Desktop: RIFT.lnk . (.Trion Worlds Inc. - RIFT - Patcher.) -- C:\Program Files (x86)\RIFT\riftpatchlive.exe
O4 - GS\Desktop: Wordpad.lnk . (.Microsoft Corporation - Application Windows Wordpad.) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico
O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED52E155-52ED-4D90-A500-F416C8D5D2E1}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED52E155-52ED-4D90-A500-F416C8D5D2E1}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Toolbar.DeltaSearch
~ Logic: 52 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch
[HKCU\Software\Mindware Studios]
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Duuqu] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Mindware Studios]
[HKLM\Software\Wow6432Node\StarterTV] =>Adware.StarterTV
~ Key Software: 140 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1955753BB0548934AF9FAA3B3B116DB2] - 17/07/2013 - 23:35:10 ---A- . (...) -- C:\Windows\win.ini [101]
O44 - LFC:[MD5.1C1DB86A882AB2532EEC09507190E019] - 17/07/2013 - 23:30:30 ---A- . (.Pas de propriétaire - CameraFixer MFC Application.) -- C:\Windows\FixCamera.exe [20480]
O44 - LFC:[MD5.287C948178B5E52E02C679C5257B26ED] - 17/07/2013 - 00:56:45 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [386642]
O44 - LFC:[MD5.287C948178B5E52E02C679C5257B26ED] - 17/07/2013 - 00:56:45 RSHAD . (...) -- C:\Windows\System32\ApnDatabase.xml [386642]
O44 - LFC:[MD5.F390146AE3A191CF2C6F7E06F7A79D6A] - 08/07/2013 - 11:47:55 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [98]
O44 - LFC:[MD5.2462D2CF6260C9F16517C967BF37949D] - 07/07/2013 - 18:09:55 ---A- . (...) -- C:\Windows\DirectX.log [10085]
O44 - LFC:[MD5.AADAFDA81303668BE6ED82AA357564CE] - 07/07/2013 - 12:19:52 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [449481]
~ Files: 368 Legitimates Filtered in 00mn 21s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.9F5F52AB9BDF0F2A84B1DAEE77010C84] - 05/07/2013 - 21:29:32 ---A- - C:\Windows\Prefetch\GW2.EXE-DBF852CC.pf
O45 - LFCP:[MD5.BD06254CE54D58693B2E07AB7F2BA6E4] - 06/07/2013 - 21:18:17 ---A- - C:\Windows\Prefetch\EAUTORUN.EXE-BF9DB5E3.pf
O45 - LFCP:[MD5.F7C524E06B36D5D7EDDB3553F057FA02] - 06/07/2013 - 21:18:27 ---A- - C:\Windows\Prefetch\AUTORUN.EXE-D28490C2.pf
O45 - LFCP:[MD5.E4E67E91D43B7FFC1CB2110B7075759E] - 06/07/2013 - 21:18:44 ---A- - C:\Windows\Prefetch\SET780A.TMP-D0C49573.pf
O45 - LFCP:[MD5.A38D46B2BB7B010EE022AD9F4E1D12BB] - 06/07/2013 - 21:52:34 ---A- - C:\Windows\Prefetch\OVERDOSE.EXE-BE57E8DF.pf
O45 - LFCP:[MD5.9DA349DB04DAC8FC23207581AD69FD4C] - 07/07/2013 - 12:19:24 ---A- - C:\Windows\Prefetch\VISTA_WIN7_WIN8_R271.EXE-EEF28585.pf
O45 - LFCP:[MD5.DE79C1F2E94E3B53D86346A484BE9373] - 07/07/2013 - 13:08:51 ---A- - C:\Windows\Prefetch\LEAGUEOFLEGENDS_EUW_INSTALLER-EAF76AF3.pf
O45 - LFCP:[MD5.21C9D6AD73A2EE510D5ED1A6052460C8] - 07/07/2013 - 13:09:14 ---A- - C:\Windows\Prefetch\FONDUE.EXE-DE4A269F.pf
O45 - LFCP:[MD5.0BCC3A927D136069865F7A50F721D56F] - 07/07/2013 - 18:01:24 ---A- - C:\Windows\Prefetch\RIFT-INSTALL-0-THMP7J.EXE-A1C3A401.pf
O45 - LFCP:[MD5.AB6D689F631BAE58BD0C2B6D5425B52C] - 07/07/2013 - 18:28:20 ---A- - C:\Windows\Prefetch\AIR8D0C.EXE-C1648803.pf
O45 - LFCP:[MD5.5F38D8C8D9826D027D0B0FC020450567] - 07/07/2013 - 18:29:30 ---A- - C:\Windows\Prefetch\AIR9B1E.EXE-2228224D.pf
O45 - LFCP:[MD5.77FE945CE1479DE4A0B403C2E2FEC10F] - 07/07/2013 - 18:29:34 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-38A35AD1.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.13CE25FEDD68D0534A90330ED1836FBB] - 07/07/2013 - 18:29:47 ---A- - C:\Windows\Prefetch\AIRED75-17A8.EXE-A135B13F.pf
O45 - LFCP:[MD5.6EAE8EBF1480F1F54605FBA4993F2981] - 07/07/2013 - 18:29:59 ---A- - C:\Windows\Prefetch\AIR870.EXE-5CFE3EBB.pf
O45 - LFCP:[MD5.EAD17A670D7987FE3EF65634DA27F365] - 07/07/2013 - 18:30:11 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-1210B798.pf =>Adware.IMBooster
O45 - LFCP:[MD5.7DDFCA78AAAFDFDBAA22A57AE89A290F] - 07/07/2013 - 18:30:27 ---A- - C:\Windows\Prefetch\AIR66ED.TMP-93F7BC12.pf
O45 - LFCP:[MD5.09BF6B1AC1D437C62E9670BCAF3FB4DE] - 07/07/2013 - 20:40:44 ---A- - C:\Windows\Prefetch\50B892E5-D96C-476B-834E-555C5-CCC71C01.pf
O45 - LFCP:[MD5.1A2EA31DF63E2FC43526C13A6F9F3918] - 07/07/2013 - 20:41:11 ---A- - C:\Windows\Prefetch\ANTIVIRUS_FREE_EDITION.EXE-DFB8C03F.pf
O45 - LFCP:[MD5.A7433084ABA27B18BAEFB3A92CCEC57D] - 07/07/2013 - 20:41:16 ---A- - C:\Windows\Prefetch\STARTERTV_1406_FR-CE7486B6.TM-C228CC70.pf =>Adware.StarterTV
O45 - LFCP:[MD5.212C4EC81E2F81ED9F39C8010265F76A] - 07/07/2013 - 20:42:08 ---A- - C:\Windows\Prefetch\RO-RO.EXE-A28AACC1.pf
O45 - LFCP:[MD5.2F71C9447DC22A6660C17CD7C44B7E7A] - 07/07/2013 - 20:42:14 ---A- - C:\Windows\Prefetch\ANTIVIRUS_FREE_EDITION_X64.EX-D627A1EC.pf
O45 - LFCP:[MD5.DE5E5205A76316236722D4D9620215D6] - 07/07/2013 - 20:42:15 ---A- - C:\Windows\Prefetch\INSTALLER.EXE-C1847606.pf
O45 - LFCP:[MD5.25121540CCA6A7081606A5B0918B0409] - 07/07/2013 - 23:39:07 ---A- - C:\Windows\Prefetch\RO-RO.EXE-0EF4F61F.pf
O45 - LFCP:[MD5.DB24C06FB45C4D79BD8F7544CB0B1A4E] - 08/07/2013 - 00:00:06 ---A- - C:\Windows\Prefetch\RIFTPATCHLIVE.EXE-40765A45.pf
O45 - LFCP:[MD5.E000BE06A72FEC73EE4AC52CE6465B1C] - 08/07/2013 - 00:00:17 ---A- - C:\Windows\Prefetch\RIFT.EXE-24032E3D.pf
O45 - LFCP:[MD5.B7AB7DCE80A74EE3FAA055294BFC8303] - 08/07/2013 - 09:47:28 ---A- - C:\Windows\Prefetch\UPSTV_FR_3.EXE-F2C84BCD.pf
O45 - LFCP:[MD5.10780C4D29E3FC86A1D7C4C811C88A40] - 08/07/2013 - 10:12:55 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-50DE7585.pf
O45 - LFCP:[MD5.2364176F79B3A82D917EE24095E70168] - 08/07/2013 - 10:13:22 ---A- - C:\Windows\Prefetch\28176U~1.EXE-AF11F1B8.pf
O45 - LFCP:[MD5.25B9D7EB2897CFE6C734775CB138648C] - 08/07/2013 - 10:13:58 ---A- - C:\Windows\Prefetch\BOOTSTRAPPER.EXE-A76488EF.pf
O45 - LFCP:[MD5.A4759830CE37BF4E159682674E2F00B9] - 09/07/2013 - 20:23:45 ---A- - C:\Windows\Prefetch\GW2.EXE-28B4C5AF.pf
O45 - LFCP:[MD5.8B8D7D6D657FED333A03A0306F28090F] - 12/07/2013 - 23:15:45 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-32EE8CFF.pf
O45 - LFCP:[MD5.D6E0539F5F4834B4FC87E7404D8A1B76] - 14/07/2013 - 13:44:34 ---A- - C:\Windows\Prefetch\FFXIV.EXE-61DD81AA.pf
O45 - LFCP:[MD5.FD6F9C41D25C891A215C9FBA2DF62877] - 15/07/2013 - 23:42:11 ---A- - C:\Windows\Prefetch\FFXIVBOOT.EXE-4E62E340.pf
O45 - LFCP:[MD5.0779D602E9AAB84236C685E8B4D18936] - 17/07/2013 - 23:30:45 ---A- - C:\Windows\Prefetch\VSNP2STD.EXE-3D29AA48.pf
O45 - LFCP:[MD5.A8BF9A3EAE423D18A6B21B963591F4C2] - 17/07/2013 - 23:35:02 ---A- - C:\Windows\Prefetch\SONIXDRV.EXE-190C55FF.pf
O45 - LFCP:[MD5.ACFC0703341AD62E25C2834A059D2A63] - 17/07/2013 - 23:39:02 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-985981D8.pf
O45 - LFCP:[MD5.3771FEB32D93C729CE21C5630E8B52B2] - 17/07/2013 - 23:45:38 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-C8243B7B.pf
O45 - LFCP:[MD5.9860523D983D0F37B5691DBEFD18A066] - 17/07/2013 - 23:46:03 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-04AA8A1C.pf
O45 - LFCP:[MD5.F828F270A8C892BF54D7C47C7DB80970] - 17/07/2013 - 23:46:26 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-4FAE6556.pf
O45 - LFCP:[MD5.75C03BD5ECB178234A3801E6F9B6401F] - 17/07/2013 - 23:46:35 ---A- - C:\Windows\Prefetch\VMDRV.EXE-81FCB7CC.pf
O45 - LFCP:[MD5.097E3ADD14961543DD1F94BDE98BF7DE] - 17/07/2013 - 23:46:51 ---A- - C:\Windows\Prefetch\VMDRV.EXE-B04A25EB.pf
O45 - LFCP:[MD5.208069CFFF9620369A70EDE2E0B2B1DB] - 21/07/2013 - 14:36:18 ---A- - C:\Windows\Prefetch\MICROCAPTURE.EXE-ED823DAF.pf
O45 - LFCP:[MD5.4C77299A3C2E202CB3C8714A27A6A395] - 21/07/2013 - 14:49:24 ---A- - C:\Windows\Prefetch\VMUVC.EXE-665F5376.pf
O45 - LFCP:[MD5.A0A316B6A1E8EC2B9B841F7EE3626D80] - 21/07/2013 - 17:59:14 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.2FE337C61304E93CDEB1E4EA580DA90C] - 22/07/2013 - 06:06:17 ---A- - C:\Windows\Prefetch\VMONITOR.EXE-259FE7AF.pf
~ Prefetcher: 245 Legitimates Filtered in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(...) -- C:\Windows\system32\sessmgr.exe (.not file.)
~ Keys Export: 4 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{03733758-ce8b-11e2-be66-806e6f6e6963}\AutoRun\command. (.ArenaNet - Guild Wars 2 Game Client.) -- D:\Gw2Setup.exe
~ Keys: Scanned in 00mn 11s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 21/07/2013 - 15:11:58 ---A- C:\Users\Raphael\AppData\Local\microcapture\mv.db [58]
O61 - LFC: 21/07/2013 - 15:11:58 ---A- C:\Users\Raphael\AppData\Local\microcapture\mv2.db [58]
~ Files: 30 Legitimates Filtered in 00mn 28s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {241F1883-3AB6-F186-5DBD-65475D58FAA4} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.CFCE42850CCC6C1C8E47E0D99CFD574E] [SPRF][07/07/2013] (...) -- C:\ProgramData\1373226125.bdinstall.bin [30243]
[MD5.4FA18AE880B493C95A163E35FAC3A8BE] [SPRF][07/07/2013] (...) -- C:\ProgramData\1373236737.bdinstall.bin [32880]
[MD5.BE79F054B4D15F6C7C442CC6F6CFEB11] [SPRF][07/07/2013] (.Setup © - Setup.) -- C:\Users\Raphael\AppData\Local\Temp\28176uninstall.exe [359936]
[MD5.D57E10A046DA9F71B96BA9F4CD50C6CC] [SPRF][07/07/2013] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\Raphael\AppData\Local\Temp\86BA_install_flashplayer11x32_mssd_aih.exe [1017920]
[MD5.485D8E669C7174BE9F4B580F1E119E25] [SPRF][07/07/2013] (.Speedchecker Limited - Pas de description.) -- C:\Users\Raphael\AppData\Local\Temp\air66ED.exe [3694280]
[MD5.E8EFB9EF24C1E0CED84CFA3C2AE9DC2F] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\air86B9.exe [782832]
[MD5.B64555302CC0AA406C95D89718EB7767] [SPRF][07/07/2013] (.Iminent - Iminent Setup.) -- C:\Users\Raphael\AppData\Local\Temp\air870.exe [857920] =>Adware.IMBooster
[MD5.A75BF712567B60395A97278F92F3A330] [SPRF][07/07/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Raphael\AppData\Local\Temp\air8D0C.exe [1116072]
[MD5.26BE92795A8885ADE37CFE7A6D7254B7] [SPRF][07/07/2013] (.WebCake LLC - Installer.) -- C:\Users\Raphael\AppData\Local\Temp\airED75.exe [289760] =>Adware.WebCake
[MD5.FD6057B33E15A553DDC5D9873723CE8F] [SPRF][07/07/2013] (.Microsoft Corporation - DirectX 9.0 Web setup.) -- C:\Users\Raphael\AppData\Local\Temp\dxwebsetup.exe [288088]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][05/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\Gw2.dat [0]
[MD5.373FB81B6A551DD74767B7E08630EF48] [SPRF][05/07/2013] (.ArenaNet - Guild Wars 2 Game Client.) -- C:\Users\Raphael\AppData\Local\Temp\Gw2.exe [22793552]
[MD5.A75BF712567B60395A97278F92F3A330] [SPRF][07/07/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Raphael\AppData\Local\Temp\setup.exe [1116072]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\Sqlite3.dll [599419]
[MD5.1D70BE6C8303EB57079B005BA6B399AD] [SPRF][07/07/2013] (.Eclipse Foundation - SWT for Windows native library.) -- C:\Users\Raphael\AppData\Local\Temp\swt-win32-3349.dll [139672]
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Raphael\AppData\Local\Temp\uninst1.exe [389632] =>Toolbar.Babylon
[MD5.DE1F74C3471F2C9A8C0B3969E692F7B2] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition.exe [162208]
[MD5.8A51B1824A263F906A3783E84C3D2446] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition_x64.exe [8691304]
~ Files: Scanned in 00mn 00s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "6034A56F179DB704A0F88D3E2F0079E1" . (.AMD Wireless Display v3.0.) -- C:\Windows\Installer\{F65A4306-D971-407B-0A8F-D8E3F200971E}\ARPPRODUCTICON.exe
~ Update Products: 47 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 04/06/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/06/2013 356376 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
SR - | Auto 09/06/2013 2635600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 18/06/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 05/01/2007 774144 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 23/12/2006 262144 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Raphael at 22/07/2013 11:37:56
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Raphael at 22/07/2013 11:37:58
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12804 - (21/07/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 7
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\StarterTV] =>
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>Toolbar.DeltaSearch^
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch^
[HKLM\Software\Wow6432Node\Duuqu] =>Toolbar.DeltaSearch^
C:\Users\Raphael\AppData\Local\Temp\air870.exe =>Adware.IMBooster^
C:\Users\Raphael\AppData\Local\Temp\airED75.exe =>Adware.WebCake^
C:\Users\Raphael\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
~ Additionnel Scan: 140914 Items scanned in 00mn 09s
---\\ Malicius Software Information
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/29259213-adware-startertv =>Adware.StarterTV
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ MSI: 7 link(s) detected in 00mn 09s
~ 1377 Legitimates filtered by white list
End of the scan (439 lines in 02mn 20s)(0)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
22 juil. 2013 à 18:15
22 juil. 2013 à 18:15
Hello léopard
Content que tu ai donné des nouvelles :D
Je vais regarder ton rapport
Content que tu ai donné des nouvelles :D
Je vais regarder ton rapport
léopard86
Messages postés
68
Date d'inscription
dimanche 7 juillet 2013
Statut
Membre
Dernière intervention
31 décembre 2014
2
23 juil. 2013 à 09:38
23 juil. 2013 à 09:38
bonjour !
dispo tte la journée et tte la semaine :)
dispo tte la journée et tte la semaine :)
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
23 juil. 2013 à 09:43
23 juil. 2013 à 09:43
Hello
Est ce que tu connais ceci
[MD5.DE1F74C3471F2C9A8C0B3969E692F7B2] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition.exe [162208]
[MD5.8A51B1824A263F906A3783E84C3D2446] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition_x64.exe [8691304]
Est ce que tu connais ceci
[MD5.DE1F74C3471F2C9A8C0B3969E692F7B2] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition.exe [162208]
[MD5.8A51B1824A263F906A3783E84C3D2446] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\Desktop\Antivirus_Free_Edition_x64.exe [8691304]
léopard86
Messages postés
68
Date d'inscription
dimanche 7 juillet 2013
Statut
Membre
Dernière intervention
31 décembre 2014
2
23 juil. 2013 à 10:05
23 juil. 2013 à 10:05
ça me rappel juste que l'informaticien m'a donné un antivirus gratuit kaspersky
sinon rien :/
sinon rien :/
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
23 juil. 2013 à 10:14
23 juil. 2013 à 10:14
Gratuit kapersky?
C'est juste pas possible
Est t-il légal ton Kapersky?
C'est juste pas possible
Est t-il légal ton Kapersky?
léopard86
Messages postés
68
Date d'inscription
dimanche 7 juillet 2013
Statut
Membre
Dernière intervention
31 décembre 2014
2
23 juil. 2013 à 10:38
23 juil. 2013 à 10:38
Avec l'achat d'un pc neuf et pour une durée d'an seulement.. ( version OEM, je sais pas si ça compte )
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
23 juil. 2013 à 10:46
23 juil. 2013 à 10:46
Hello
Ok ce sont des restes
Je te prépare ça je te le poste guère après
Ok ce sont des restes
Je te prépare ça je te le poste guère après
léopard86
Messages postés
68
Date d'inscription
dimanche 7 juillet 2013
Statut
Membre
Dernière intervention
31 décembre 2014
2
23 juil. 2013 à 10:50
23 juil. 2013 à 10:50
d'accord
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
23 juil. 2013 à 11:03
23 juil. 2013 à 11:03
Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !
* Copies uniquement les lignes indiquées en gras ci-dessous dans le presse papier(tu surlignes avec la souris puis clic droit copier)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.5F38D8C8D9826D027D0B0FC020450567] - 07/07/2013 - 18:29:30 ---A- - C:\Windows\Prefetch\AIR9B1E.EXE-2228224D.pf
O45 - LFCP:[MD5.77FE945CE1479DE4A0B403C2E2FEC10F] - 07/07/2013 - 18:29:34 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-38A35AD1.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.13CE25FEDD68D0534A90330ED1836FBB] - 07/07/2013 - 18:29:47 ---A- - C:\Windows\Prefetch\AIRED75-17A8.EXE-A135B13F.pf
O45 - LFCP:[MD5.6EAE8EBF1480F1F54605FBA4993F2981] - 07/07/2013 - 18:29:59 ---A- - C:\Windows\Prefetch\AIR870.EXE-5CFE3EBB.pf
O45 - LFCP:[MD5.EAD17A670D7987FE3EF65634DA27F365] - 07/07/2013 - 18:30:11 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-1210B798.pf =>Adware.IMBooster
O45 - LFCP:[MD5.7DDFCA78AAAFDFDBAA22A57AE89A290F] - 07/07/2013 - 18:30:27 ---A- - C:\Windows\Prefetch\AIR66ED.TMP-93F7BC12.pf
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
[MD5.BE79F054B4D15F6C7C442CC6F6CFEB11] [SPRF][07/07/2013] (.Setup © - Setup.) -- C:\Users\Raphael\AppData\Local\Temp\28176uninstall.exe [359936]
[MD5.485D8E669C7174BE9F4B580F1E119E25] [SPRF][07/07/2013] (.Speedchecker Limited - Pas de description.) -- C:\Users\Raphael\AppData\Local\Temp\air66ED.exe [3694280]
[MD5.E8EFB9EF24C1E0CED84CFA3C2AE9DC2F] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\air86B9.exe [782832]
[MD5.B64555302CC0AA406C95D89718EB7767] [SPRF][07/07/2013] (.Iminent - Iminent Setup.) -- C:\Users\Raphael\AppData\Local\Temp\air870.exe [857920] =>Adware.IMBooster
[MD5.A75BF712567B60395A97278F92F3A330] [SPRF][07/07/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Raphael\AppData\Local\Temp\air8D0C.exe [1116072]
[MD5.26BE92795A8885ADE37CFE7A6D7254B7] [SPRF][07/07/2013] (.WebCake LLC - Installer.) -- C:\Users\Raphael\AppData\Local\Temp\airED75.exe [289760] =>Adware.WebCake
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Raphael\AppData\Local\Temp\uninst1.exe [389632] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>Toolbar.DeltaSearch^
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch^
[HKLM\Software\Wow6432Node\Duuqu] =>Toolbar.DeltaSearch^
C:\Users\Raphael\AppData\Local\Temp\air870.exe =>Adware.IMBooster^
C:\Users\Raphael\AppData\Local\Temp\airED75.exe =>Adware.WebCake^
C:\Users\Raphael\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\StarterTV] =>Adware.StarterTV
Sysrestore
EmptyTemp
EmptyCLSID
* Lance ZHPFix (icône seringue)en tant qu'administrateur(si tu es sous Vista/7/8)sinon double clique sur l'icône en forme de seringue puis clique sur OK pour continuer.
* Tu dois voir les lignes ci-dessus dans le cadre blanc de ZHPFix, vérifie bien que ce sont ces lignes.
* Si tu ne vois pas les lignes clic droit dans l'encadré puis coller
* Si tu ne vois pas le bouton GO cliques sur l'icône "coller le presse papier"
* Clique sur le bouton GO pour lancer le nettoyage, et laisse l'outil travailler.
* Redémarre le PC et poste le rapport C:\ZHP\ZHPFixReport.txt
* Copies uniquement les lignes indiquées en gras ci-dessous dans le presse papier(tu surlignes avec la souris puis clic droit copier)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.5F38D8C8D9826D027D0B0FC020450567] - 07/07/2013 - 18:29:30 ---A- - C:\Windows\Prefetch\AIR9B1E.EXE-2228224D.pf
O45 - LFCP:[MD5.77FE945CE1479DE4A0B403C2E2FEC10F] - 07/07/2013 - 18:29:34 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-38A35AD1.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.13CE25FEDD68D0534A90330ED1836FBB] - 07/07/2013 - 18:29:47 ---A- - C:\Windows\Prefetch\AIRED75-17A8.EXE-A135B13F.pf
O45 - LFCP:[MD5.6EAE8EBF1480F1F54605FBA4993F2981] - 07/07/2013 - 18:29:59 ---A- - C:\Windows\Prefetch\AIR870.EXE-5CFE3EBB.pf
O45 - LFCP:[MD5.EAD17A670D7987FE3EF65634DA27F365] - 07/07/2013 - 18:30:11 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-1210B798.pf =>Adware.IMBooster
O45 - LFCP:[MD5.7DDFCA78AAAFDFDBAA22A57AE89A290F] - 07/07/2013 - 18:30:27 ---A- - C:\Windows\Prefetch\AIR66ED.TMP-93F7BC12.pf
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
[MD5.BE79F054B4D15F6C7C442CC6F6CFEB11] [SPRF][07/07/2013] (.Setup © - Setup.) -- C:\Users\Raphael\AppData\Local\Temp\28176uninstall.exe [359936]
[MD5.485D8E669C7174BE9F4B580F1E119E25] [SPRF][07/07/2013] (.Speedchecker Limited - Pas de description.) -- C:\Users\Raphael\AppData\Local\Temp\air66ED.exe [3694280]
[MD5.E8EFB9EF24C1E0CED84CFA3C2AE9DC2F] [SPRF][07/07/2013] (...) -- C:\Users\Raphael\AppData\Local\Temp\air86B9.exe [782832]
[MD5.B64555302CC0AA406C95D89718EB7767] [SPRF][07/07/2013] (.Iminent - Iminent Setup.) -- C:\Users\Raphael\AppData\Local\Temp\air870.exe [857920] =>Adware.IMBooster
[MD5.A75BF712567B60395A97278F92F3A330] [SPRF][07/07/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Raphael\AppData\Local\Temp\air8D0C.exe [1116072]
[MD5.26BE92795A8885ADE37CFE7A6D7254B7] [SPRF][07/07/2013] (.WebCake LLC - Installer.) -- C:\Users\Raphael\AppData\Local\Temp\airED75.exe [289760] =>Adware.WebCake
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Raphael\AppData\Local\Temp\uninst1.exe [389632] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>Toolbar.DeltaSearch^
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch^
[HKLM\Software\Wow6432Node\Duuqu] =>Toolbar.DeltaSearch^
C:\Users\Raphael\AppData\Local\Temp\air870.exe =>Adware.IMBooster^
C:\Users\Raphael\AppData\Local\Temp\airED75.exe =>Adware.WebCake^
C:\Users\Raphael\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\StarterTV] =>Adware.StarterTV
Sysrestore
EmptyTemp
EmptyCLSID
* Lance ZHPFix (icône seringue)en tant qu'administrateur(si tu es sous Vista/7/8)sinon double clique sur l'icône en forme de seringue puis clique sur OK pour continuer.
* Tu dois voir les lignes ci-dessus dans le cadre blanc de ZHPFix, vérifie bien que ce sont ces lignes.
* Si tu ne vois pas les lignes clic droit dans l'encadré puis coller
* Si tu ne vois pas le bouton GO cliques sur l'icône "coller le presse papier"
* Clique sur le bouton GO pour lancer le nettoyage, et laisse l'outil travailler.
* Redémarre le PC et poste le rapport C:\ZHP\ZHPFixReport.txt
8 juil. 2013 à 22:50
Oui on vois ça demain, merci pour tout en tout cas ! ^^