Adware bprotect
Fermé
n°9
-
13 sept. 2013 à 22:13
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 - 5 oct. 2013 à 17:00
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 - 5 oct. 2013 à 17:00
A voir également:
- Adware bprotect
- Adware cleaner - Télécharger - Antivirus & Antimalwares
- Supprimer adware - Guide
- Adware xiaomi - Guide
- Adware elex shrtcln ✓ - Forum Virus
- Adware agent ✓ - Forum Virus
42 réponses
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
4 oct. 2013 à 18:42
4 oct. 2013 à 18:42
Salut,
Ça bloque aussi avec le lien que je t'ai donné ?
Pareil en mode sans échec ?
Sinon redésinstalle-le et réessaye en le téléchargeant ici : https://www.usbfix.net/
Gabriel.
Ça bloque aussi avec le lien que je t'ai donné ?
Pareil en mode sans échec ?
Sinon redésinstalle-le et réessaye en le téléchargeant ici : https://www.usbfix.net/
Gabriel.
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
13 sept. 2013 à 22:19
13 sept. 2013 à 22:19
Bonsoir,
Poste le rapport AdwCleaner.
Gabriel.
Poste le rapport AdwCleaner.
Gabriel.
# AdwCleaner v3.003 - Rapport créé le 13/09/2013 à 21:52:03
# Mis à jour le 07/09/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : jamillanbettir - DELLHOME
# Exécuté depuis : C:\Users\jamillanbettir\Downloads\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Users\jamillanbettir\AppData\Roaming\Systweak
Fichier Supprimé : C:\Windows\System32\roboot64.exe
***** [ Raccourcis ] *****
***** [ Registre ] *****
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=3
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=9
Clé Supprimée : HKCU\Software\distromatic
Clé Supprimée : HKLM\Software\systweak
***** [ Navigateurs ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Google Chrome v29.0.1547.66
[ Fichier : C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Fichier : C:\Users\Bastien & Gabin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Fichier : C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1629 octets] - [13/09/2013 21:50:45]
AdwCleaner[S0].txt - [1462 octets] - [13/09/2013 21:52:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1522 octets] ##########
# Mis à jour le 07/09/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : jamillanbettir - DELLHOME
# Exécuté depuis : C:\Users\jamillanbettir\Downloads\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Users\jamillanbettir\AppData\Roaming\Systweak
Fichier Supprimé : C:\Windows\System32\roboot64.exe
***** [ Raccourcis ] *****
***** [ Registre ] *****
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=3
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=9
Clé Supprimée : HKCU\Software\distromatic
Clé Supprimée : HKLM\Software\systweak
***** [ Navigateurs ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Google Chrome v29.0.1547.66
[ Fichier : C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Fichier : C:\Users\Bastien & Gabin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Fichier : C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1629 octets] - [13/09/2013 21:50:45]
AdwCleaner[S0].txt - [1462 octets] - [13/09/2013 21:52:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1522 octets] ##########
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
13 sept. 2013 à 22:58
13 sept. 2013 à 22:58
Re,
Ok, fais un diagnostic de ton PC avec ZHPDiag et poste le rapport hébergé sur cjoint : http://www.forum-entraide-informatique.com/support/zhpdiag-tutoriel-t4831.html
Gabriel.
Ok, fais un diagnostic de ton PC avec ZHPDiag et poste le rapport hébergé sur cjoint : http://www.forum-entraide-informatique.com/support/zhpdiag-tutoriel-t4831.html
Gabriel.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour,
La suite... aprés DIAG,
~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman (11/09/2013)
~ Lancé par jamillanbettir (13/09/2013 23:10:02)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660
GCIE: Google Chrome v29.0.1547.66 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 387 GB (85%) free of 452 GB
---\\ Mode de connexion au système
~ Computer Name: DELLHOME
~ User Name: jamillanbettir
~ All Users Names: jamillanbettir, HomeGroupUser$, Didier, Bastien & Gabin, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\jamillanbettir\AppData\Roaming\
~ %Desktop% : C:\Users\jamillanbettir\Desktop\
~ %Favorites% : C:\Users\jamillanbettir\Favorites\
~ %LocalAppData% : C:\Users\jamillanbettir\AppData\Local\
~ %StartMenu% : C:\Users\jamillanbettir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 387 Go of 452 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.09/08/2012 - 16:59:23.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/08/2012 - 16:59:25.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/08/2012 - 16:59:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4615
~ Mes musiques (My Musics) : 1/330
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/60
~ Mon Bureau (My Desktop) : 0/21
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lancés
[MD5.9EB4CDA2DFC1A555292CDC23205F10A8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416] [PID.4132]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4484]
[MD5.13F44960416C1D24DAAC3CBBBAE49D35] - (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024] [PID.4504]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4616]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4624]
[MD5.AC5B083C4B2874F9F9FFF0B6C99A6005] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.4764]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4784]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4836]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.5536]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.5776]
[MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7946240] [PID.2036]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1768]
[MD5.BC7E8D3CC0B41B027495E7ECF83D6C87] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.1972]
[MD5.9A59DF2CA690019FEA3B265D5A7EB619] - (.Conexant Systems, Inc. - Utility Service.) -- C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184] [PID.1268]
[MD5.812E1BA5C52A78F13EA6AA10DF708B1D] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1908]
[MD5.0D14E1675A8C34229E6162558487D65B] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.2440]
[MD5.EA1412DE64832ED9D920E88A9464196E] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.4344]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.3364]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.5812]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.6168]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.3584]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 7 Legitimates Filtered in 00mn 08s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google SketchUp 8.lnk . (.Google, Inc. - SketchUp Application.) -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
O4 - GS\Program [Public]: Basculement Graphique.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Program [Public]: Zinio Reader 4.lnk . (...) -- C:\Program Files (x86)\Zinio Reader 4\Zinio Reader 4.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.) -- C:\Windows\system32\mblctr.exe
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Moniteur de ressources et de performances.) -- C:\Windows\system32\perfmon.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\system32\taskschd.msc
O4 - GS\Desktop [jamillanbettir]: Sweet Home 3D.lnk . (.eTeks - Sweet Home 3D.) -- C:\Program Files (x86)\Sweet Home 3D\SweetHome3D.exe
~ Global Startup: 96 Legitimates Filtered in 00mn 04s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jamillanbettir]: Alertes de surveillance de l'encre - HP Photosmart 5520 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll
O4 - GS\Startup [jamillanbettir]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Software Update (Software_update (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) =>Adware.Boxore
O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: 28 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
~ 2 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 162 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7FD1632A1021FB6B1452357EC7490F04] - 07/09/2013 - 17:07:32 ---A- . (...) -- C:\Windows\Enjoy 6e Uninstaller.exe [428658]
~ Files: 49 Legitimates Filtered in 01mn 18s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{e2e098f8-eeca-11e1-909d-685d43e41c3a}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NeroLauncher [Key] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
O53 - SMSR:HKLM\...\startupreg\Stage Remote [Key] . (.Pas de propriétaire - Stage Remote Manager.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.449D90F1FB6402773C2F1ECCEAE15F74] - 05/12/2011 - 15:22:58 . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/03/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 02/02/2012 - C:\Windows\System32\drivers\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
O64 - Services: CurCS - 19/03/2012 - C:\Windows\System32\DRIVERS\igdpmd64.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 120 Legitimates Filtered in 00mn 01s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.RGEBCMGRCZV7OP4MOVNH56OSJY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Didier\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [SPRF][24/06/2013] (.Ask.com - AskStub Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe [358600]
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][13/05/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe [10304672]
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore
[MD5.740D35D9CDC90AF32C357942B7643625] [SPRF][12/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg [1597076]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe [344583]
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][13/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252]
~ Files: 9 Legitimates Filtered in 00mn 06s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "ED2CDF1571907B64AECE3577057410ED" . (.PowerXpressHybrid.) -- c:\Windows\Installer\{51FDC2DE-0917-46B7-EAEC-5377504701DE}\ARPPRODUCTICON.exe
~ Update Products: 117 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.DB30D95BB743A11B26CE4CA8ECE79350] [WIS][15/03/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\465ff3.msi [1511424] =>Adware.Boxore
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\6c43e7.msi [50302976]
~ WIS: 120 Legitimates Filtered in 00mn 21s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/12/2011 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
SR - | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
SR - | Auto 15/05/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 15/05/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 15/05/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 05/12/2011 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 19/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 18/05/2012 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 02/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/01/2012 627936 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 21/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 08/03/2011 224704 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/08/2010 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 10/07/1658 0 | (Software_update_m) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 21/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 27s
---\\ Scan Additionnel (O88)
Database Version : 12911 - (11/09/2013)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 8
[HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Software =>Adware.Boxore
C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing^
C:\Windows\Installer\465ff3.msi =>Adware.Boxore^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
~ Additionnel Scan: 300162 Items scanned in 00mn 20s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing
~ MSI: 4 link(s) detected in 00mn 20s
~ 1134 Legitimates filtered by white list
End of the scan (463 lines in 03mn 46s)(0)
merci
La suite... aprés DIAG,
~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman (11/09/2013)
~ Lancé par jamillanbettir (13/09/2013 23:10:02)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660
GCIE: Google Chrome v29.0.1547.66 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 387 GB (85%) free of 452 GB
---\\ Mode de connexion au système
~ Computer Name: DELLHOME
~ User Name: jamillanbettir
~ All Users Names: jamillanbettir, HomeGroupUser$, Didier, Bastien & Gabin, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\jamillanbettir\AppData\Roaming\
~ %Desktop% : C:\Users\jamillanbettir\Desktop\
~ %Favorites% : C:\Users\jamillanbettir\Favorites\
~ %LocalAppData% : C:\Users\jamillanbettir\AppData\Local\
~ %StartMenu% : C:\Users\jamillanbettir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 387 Go of 452 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.09/08/2012 - 16:59:23.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/08/2012 - 16:59:25.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/08/2012 - 16:59:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4615
~ Mes musiques (My Musics) : 1/330
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/60
~ Mon Bureau (My Desktop) : 0/21
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lancés
[MD5.9EB4CDA2DFC1A555292CDC23205F10A8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416] [PID.4132]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4484]
[MD5.13F44960416C1D24DAAC3CBBBAE49D35] - (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024] [PID.4504]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4616]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4624]
[MD5.AC5B083C4B2874F9F9FFF0B6C99A6005] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.4764]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4784]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4836]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.5536]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.5776]
[MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7946240] [PID.2036]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1768]
[MD5.BC7E8D3CC0B41B027495E7ECF83D6C87] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.1972]
[MD5.9A59DF2CA690019FEA3B265D5A7EB619] - (.Conexant Systems, Inc. - Utility Service.) -- C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184] [PID.1268]
[MD5.812E1BA5C52A78F13EA6AA10DF708B1D] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1908]
[MD5.0D14E1675A8C34229E6162558487D65B] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.2440]
[MD5.EA1412DE64832ED9D920E88A9464196E] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.4344]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.3364]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.5812]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.6168]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.3584]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 7 Legitimates Filtered in 00mn 08s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google SketchUp 8.lnk . (.Google, Inc. - SketchUp Application.) -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
O4 - GS\Program [Public]: Basculement Graphique.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Program [Public]: Zinio Reader 4.lnk . (...) -- C:\Program Files (x86)\Zinio Reader 4\Zinio Reader 4.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.) -- C:\Windows\system32\mblctr.exe
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Moniteur de ressources et de performances.) -- C:\Windows\system32\perfmon.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\system32\taskschd.msc
O4 - GS\Desktop [jamillanbettir]: Sweet Home 3D.lnk . (.eTeks - Sweet Home 3D.) -- C:\Program Files (x86)\Sweet Home 3D\SweetHome3D.exe
~ Global Startup: 96 Legitimates Filtered in 00mn 04s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jamillanbettir]: Alertes de surveillance de l'encre - HP Photosmart 5520 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll
O4 - GS\Startup [jamillanbettir]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Software Update (Software_update (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) =>Adware.Boxore
O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: 28 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
~ 2 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 162 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7FD1632A1021FB6B1452357EC7490F04] - 07/09/2013 - 17:07:32 ---A- . (...) -- C:\Windows\Enjoy 6e Uninstaller.exe [428658]
~ Files: 49 Legitimates Filtered in 01mn 18s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{e2e098f8-eeca-11e1-909d-685d43e41c3a}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NeroLauncher [Key] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
O53 - SMSR:HKLM\...\startupreg\Stage Remote [Key] . (.Pas de propriétaire - Stage Remote Manager.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.449D90F1FB6402773C2F1ECCEAE15F74] - 05/12/2011 - 15:22:58 . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/03/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 02/02/2012 - C:\Windows\System32\drivers\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
O64 - Services: CurCS - 19/03/2012 - C:\Windows\System32\DRIVERS\igdpmd64.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 120 Legitimates Filtered in 00mn 01s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.RGEBCMGRCZV7OP4MOVNH56OSJY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Didier\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [SPRF][24/06/2013] (.Ask.com - AskStub Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe [358600]
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][13/05/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe [10304672]
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore
[MD5.740D35D9CDC90AF32C357942B7643625] [SPRF][12/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg [1597076]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe [344583]
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][13/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252]
~ Files: 9 Legitimates Filtered in 00mn 06s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "ED2CDF1571907B64AECE3577057410ED" . (.PowerXpressHybrid.) -- c:\Windows\Installer\{51FDC2DE-0917-46B7-EAEC-5377504701DE}\ARPPRODUCTICON.exe
~ Update Products: 117 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.DB30D95BB743A11B26CE4CA8ECE79350] [WIS][15/03/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\465ff3.msi [1511424] =>Adware.Boxore
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\6c43e7.msi [50302976]
~ WIS: 120 Legitimates Filtered in 00mn 21s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/12/2011 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
SR - | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
SR - | Auto 15/05/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 15/05/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 15/05/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 05/12/2011 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 19/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 18/05/2012 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 02/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/01/2012 627936 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 21/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 08/03/2011 224704 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/08/2010 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 10/07/1658 0 | (Software_update_m) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 21/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 27s
---\\ Scan Additionnel (O88)
Database Version : 12911 - (11/09/2013)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 8
[HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Software =>Adware.Boxore
C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing^
C:\Windows\Installer\465ff3.msi =>Adware.Boxore^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
~ Additionnel Scan: 300162 Items scanned in 00mn 20s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing
~ MSI: 4 link(s) detected in 00mn 20s
~ 1134 Legitimates filtered by white list
End of the scan (463 lines in 03mn 46s)(0)
merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
14 sept. 2013 à 14:35
14 sept. 2013 à 14:35
Salut,
Ok, fais ZHPFix comme ceci avec ces lignes, et poste le rapport.
Gabriel.
Ok, fais ZHPFix comme ceci avec ces lignes, et poste le rapport.
Gabriel.
Script ZHPFix
O23 - Service: Service Software Update (Software_update (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) =>Adware.Boxore
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.DB30D95BB743A11B26CE4CA8ECE79350] [WIS][15/03/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\465ff3.msi [1511424] =>Adware.Boxore
SS - | Auto 10/07/1658 0 | (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 10/07/1658 0 | (Software_update_m) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
[HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Software =>Adware.Boxore
C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Windows\Installer\465ff3.msi =>Adware.Boxore^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.) => Fichier absent
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][13/05/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe [10304672] => Temporary file not necessary
[MD5.740D35D9CDC90AF32C357942B7643625] [SPRF][12/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg [1597076] => Temporary file not necessary
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe [344583] => Temporary file not necessary
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][13/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252] => Temporary file not necessary
O69 - SBI: SearchScopes [HKCU] {75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [SPRF][24/06/2013] (.Ask.com - AskStub Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe [358600]
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing^
EmptyTemp
EmptyFlash
EmptyCLSID
SysRestore
O23 - Service: Service Software Update (Software_update (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) =>Adware.Boxore
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.DB30D95BB743A11B26CE4CA8ECE79350] [WIS][15/03/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\465ff3.msi [1511424] =>Adware.Boxore
SS - | Auto 10/07/1658 0 | (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 10/07/1658 0 | (Software_update_m) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
[HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Software =>Adware.Boxore
C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Windows\Installer\465ff3.msi =>Adware.Boxore^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.) => Fichier absent
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][13/05/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe [10304672] => Temporary file not necessary
[MD5.740D35D9CDC90AF32C357942B7643625] [SPRF][12/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg [1597076] => Temporary file not necessary
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe [344583] => Temporary file not necessary
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][13/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252] => Temporary file not necessary
O69 - SBI: SearchScopes [HKCU] {75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [SPRF][24/06/2013] (.Ask.com - AskStub Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe [358600]
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing^
EmptyTemp
EmptyFlash
EmptyCLSID
SysRestore
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
14 sept. 2013 à 15:09
14 sept. 2013 à 15:09
Non tu m'as collé mon script là^^
Gabriel.
Gabriel.
Rapport de ZHPFix 2013.9.11.6 par Nicolas Coolman, Update du 11/09/2013
Fichier d'export Registre :
Run by jamillanbettir at 14/09/2013 15:10:48
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Corbeille vidée
========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe
========== Clés du Registre ==========
SUPPRIMÉ: Service: Software_update
SUPPRIMÉ: Service: Software_update_m
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
SUPPRIMÉ: SearchScopes :{75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9}
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
========== Dossiers ==========
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\{48ACCB21-B4D9-4CDE-B211-B86E587D2AAC}
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\{AD7FE461-7C3F-4493-A8A2-959A3F84C258}
========== Fichiers ==========
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\boxoreinstaller.exe
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\uninst1.exe
SUPPRIMÉ: C:\Windows\Installer\465ff3.msi
SUPPRIMÉ:* c:\windows\installer\465ff3.msi
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log
SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\documentation d'aide de dell.lnk
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\backupsetup.exe
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\defaultcache.reg
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\quarantine.exe
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\vlc-2.0.8-win32.exe
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\apnstub.exe
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies
========== Restauration Système ==========
Point de restauration du système créé avec succès
========== Récapitulatif ==========
6 : Processus mémoire
20 : Clés du Registre
2 : Dossiers
15 : Fichiers
1 : Restauration Système
End of clean in 00mn 52s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 14/09/2013 15:10:56 [4649]
Cette fois c'est...BON?????
Fichier d'export Registre :
Run by jamillanbettir at 14/09/2013 15:10:48
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Corbeille vidée
========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe
========== Clés du Registre ==========
SUPPRIMÉ: Service: Software_update
SUPPRIMÉ: Service: Software_update_m
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
SUPPRIMÉ: SearchScopes :{75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9}
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
========== Dossiers ==========
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\{48ACCB21-B4D9-4CDE-B211-B86E587D2AAC}
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\{AD7FE461-7C3F-4493-A8A2-959A3F84C258}
========== Fichiers ==========
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\boxoreinstaller.exe
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\uninst1.exe
SUPPRIMÉ: C:\Windows\Installer\465ff3.msi
SUPPRIMÉ:* c:\windows\installer\465ff3.msi
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log
SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\documentation d'aide de dell.lnk
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\backupsetup.exe
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\defaultcache.reg
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\quarantine.exe
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\vlc-2.0.8-win32.exe
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\apnstub.exe
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies
========== Restauration Système ==========
Point de restauration du système créé avec succès
========== Récapitulatif ==========
6 : Processus mémoire
20 : Clés du Registre
2 : Dossiers
15 : Fichiers
1 : Restauration Système
End of clean in 00mn 52s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 14/09/2013 15:10:56 [4649]
Cette fois c'est...BON?????
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
14 sept. 2013 à 15:21
14 sept. 2013 à 15:21
Re,
Oui c'est bon. :)
Fais un examen complet sur tous les disques avec MBAM. Tu supprimeras tous les éléments détectés et me posteras le rapport : http://www.forum-entraide-informatique.com/support/malwarebytes-anti-malware-mbam-tutoriel-t6.html
Gabriel.
Oui c'est bon. :)
Fais un examen complet sur tous les disques avec MBAM. Tu supprimeras tous les éléments détectés et me posteras le rapport : http://www.forum-entraide-informatique.com/support/malwarebytes-anti-malware-mbam-tutoriel-t6.html
Gabriel.
Bcp plus tard...aprés examen MBAM
Voici le rapport;
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.09.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
jamillanbettir :: DELLHOME [administrateur]
Protection: Activé
14/09/2013 15:31:02
mbam-log-2013-09-14 (15-31-02).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 442091
Temps écoulé: 1 heure(s), 23 minute(s), 12 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Users\jamillanbettir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MECEODWH\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jamillanbettir\Downloads\rcpafterdownloadcm_ad_8063_cm2.exe (PUP.Optional.RegCleanerPro) -> Mis en quarantaine et supprimé avec succès.
(fin)
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.09.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
jamillanbettir :: DELLHOME [administrateur]
Protection: Activé
14/09/2013 15:31:02
mbam-log-2013-09-14 (15-31-02).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 442091
Temps écoulé: 1 heure(s), 23 minute(s), 12 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Users\jamillanbettir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MECEODWH\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jamillanbettir\Downloads\rcpafterdownloadcm_ad_8063_cm2.exe (PUP.Optional.RegCleanerPro) -> Mis en quarantaine et supprimé avec succès.
(fin)
Voici le rapport;
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.09.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
jamillanbettir :: DELLHOME [administrateur]
Protection: Activé
14/09/2013 15:31:02
mbam-log-2013-09-14 (15-31-02).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 442091
Temps écoulé: 1 heure(s), 23 minute(s), 12 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Users\jamillanbettir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MECEODWH\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jamillanbettir\Downloads\rcpafterdownloadcm_ad_8063_cm2.exe (PUP.Optional.RegCleanerPro) -> Mis en quarantaine et supprimé avec succès.
(fin)
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.09.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
jamillanbettir :: DELLHOME [administrateur]
Protection: Activé
14/09/2013 15:31:02
mbam-log-2013-09-14 (15-31-02).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 442091
Temps écoulé: 1 heure(s), 23 minute(s), 12 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Users\jamillanbettir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MECEODWH\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jamillanbettir\Downloads\rcpafterdownloadcm_ad_8063_cm2.exe (PUP.Optional.RegCleanerPro) -> Mis en quarantaine et supprimé avec succès.
(fin)
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
14 sept. 2013 à 21:19
14 sept. 2013 à 21:19
Re,
Ok, toujours des soucis ?
Fais moi un nouveau rapport ZHPDiag.
Gabriel.
Ok, toujours des soucis ?
Fais moi un nouveau rapport ZHPDiag.
Gabriel.
Je viens juste de me connecter!
merci!
je fais un ZHP Diag et te le poste.
merci!
je fais un ZHP Diag et te le poste.
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
15 sept. 2013 à 13:02
15 sept. 2013 à 13:02
Salut, ok :)
Re...
Vraiment un grand merci !
~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman (11/09/2013)
~ Lancé par jamillanbettir (15/09/2013 13:24:07)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
GCIE: Google Chrome v29.0.1547.66 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 390 GB (86%) free of 452 GB
---\\ Mode de connexion au système
~ Computer Name: DELLHOME
~ User Name: jamillanbettir
~ All Users Names: jamillanbettir, HomeGroupUser$, Didier, Bastien & Gabin, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\jamillanbettir\AppData\Roaming\
~ %Desktop% : C:\Users\jamillanbettir\Desktop\
~ %Favorites% : C:\Users\jamillanbettir\Favorites\
~ %LocalAppData% : C:\Users\jamillanbettir\AppData\Local\
~ %StartMenu% : C:\Users\jamillanbettir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 390 Go of 452 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.09/08/2012 - 16:59:23.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/08/2012 - 16:59:25.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/08/2012 - 16:59:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4622
~ Mes musiques (My Musics) : 1/330
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/60
~ Mon Bureau (My Desktop) : 1/21
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3752]
[MD5.9EB4CDA2DFC1A555292CDC23205F10A8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416] [PID.4112]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4452]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4868]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4552]
[MD5.13F44960416C1D24DAAC3CBBBAE49D35] - (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024] [PID.4600]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4312]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4396]
[MD5.AC5B083C4B2874F9F9FFF0B6C99A6005] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.5664]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.3632]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.6308]
[MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7946240] [PID.4900]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1784]
[MD5.BC7E8D3CC0B41B027495E7ECF83D6C87] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.1888]
[MD5.9A59DF2CA690019FEA3B265D5A7EB619] - (.Conexant Systems, Inc. - Utility Service.) -- C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184] [PID.2040]
[MD5.812E1BA5C52A78F13EA6AA10DF708B1D] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1508]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1936]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2056]
[MD5.0D14E1675A8C34229E6162558487D65B] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.2484]
[MD5.EA1412DE64832ED9D920E88A9464196E] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.5948]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6552]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.5104]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.4000]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.4020]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 7 Legitimates Filtered in 00mn 08s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Basculement Graphique.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Program [Public]: Zinio Reader 4.lnk . (...) -- C:\Program Files (x86)\Zinio Reader 4\Zinio Reader 4.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.) -- C:\Windows\system32\mblctr.exe
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Moniteur de ressources et de performances.) -- C:\Windows\system32\perfmon.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\system32\taskschd.msc
~ Global Startup: 93 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jamillanbettir]: Alertes de surveillance de l'encre - HP Photosmart 5520 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll
O4 - GS\Startup [jamillanbettir]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BBAC5985D6A6C2CF22212F9BE05DAA05] - 14/09/2013 - 16:09:53 ---A- . (...) -- C:\log.txt [360]
O44 - LFC:[MD5.7FD1632A1021FB6B1452357EC7490F04] - 07/09/2013 - 17:07:32 ---A- . (...) -- C:\Windows\Enjoy 6e Uninstaller.exe [428658]
~ Files: 145 Legitimates Filtered in 01mn 25s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{e2e098f8-eeca-11e1-909d-685d43e41c3a}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NeroLauncher [Key] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
O53 - SMSR:HKLM\...\startupreg\Stage Remote [Key] . (.Pas de propriétaire - Stage Remote Manager.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.449D90F1FB6402773C2F1ECCEAE15F74] - 05/12/2011 - 15:22:58 . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/03/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 02/02/2012 - C:\Windows\System32\drivers\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
O64 - Services: CurCS - 19/03/2012 - C:\Windows\System32\DRIVERS\igdpmd64.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
O64 - Services: CurCS - 04/04/2013 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 121 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.RGEBCMGRCZV7OP4MOVNH56OSJY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Didier\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "ED2CDF1571907B64AECE3577057410ED" . (.PowerXpressHybrid.) -- c:\Windows\Installer\{51FDC2DE-0917-46B7-EAEC-5377504701DE}\ARPPRODUCTICON.exe
~ Update Products: 115 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\6c43e7.msi [50302976]
~ WIS: 117 Legitimates Filtered in 00mn 20s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/12/2011 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 15/05/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 15/05/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 15/05/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 05/12/2011 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 19/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 18/05/2012 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 02/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/01/2012 627936 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 21/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 08/03/2011 224704 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/08/2010 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 21/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 22s
---\\ Scan Additionnel (O88)
Database Version : 12911 - (11/09/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 269641 Items scanned in 00mn 25s
~ 1235 Legitimates filtered by white list
End of the scan (396 lines in 02mn 52s)(0)
Vraiment un grand merci !
~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman (11/09/2013)
~ Lancé par jamillanbettir (15/09/2013 13:24:07)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
GCIE: Google Chrome v29.0.1547.66 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 390 GB (86%) free of 452 GB
---\\ Mode de connexion au système
~ Computer Name: DELLHOME
~ User Name: jamillanbettir
~ All Users Names: jamillanbettir, HomeGroupUser$, Didier, Bastien & Gabin, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\jamillanbettir\AppData\Roaming\
~ %Desktop% : C:\Users\jamillanbettir\Desktop\
~ %Favorites% : C:\Users\jamillanbettir\Favorites\
~ %LocalAppData% : C:\Users\jamillanbettir\AppData\Local\
~ %StartMenu% : C:\Users\jamillanbettir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 390 Go of 452 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.09/08/2012 - 16:59:23.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/08/2012 - 16:59:25.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/08/2012 - 16:59:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4622
~ Mes musiques (My Musics) : 1/330
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/60
~ Mon Bureau (My Desktop) : 1/21
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3752]
[MD5.9EB4CDA2DFC1A555292CDC23205F10A8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416] [PID.4112]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4452]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4868]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4552]
[MD5.13F44960416C1D24DAAC3CBBBAE49D35] - (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024] [PID.4600]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4312]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4396]
[MD5.AC5B083C4B2874F9F9FFF0B6C99A6005] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.5664]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.3632]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.6308]
[MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7946240] [PID.4900]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1784]
[MD5.BC7E8D3CC0B41B027495E7ECF83D6C87] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.1888]
[MD5.9A59DF2CA690019FEA3B265D5A7EB619] - (.Conexant Systems, Inc. - Utility Service.) -- C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184] [PID.2040]
[MD5.812E1BA5C52A78F13EA6AA10DF708B1D] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1508]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1936]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2056]
[MD5.0D14E1675A8C34229E6162558487D65B] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.2484]
[MD5.EA1412DE64832ED9D920E88A9464196E] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.5948]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6552]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.5104]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.4000]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.4020]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 7 Legitimates Filtered in 00mn 08s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Basculement Graphique.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Program [Public]: Zinio Reader 4.lnk . (...) -- C:\Program Files (x86)\Zinio Reader 4\Zinio Reader 4.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.) -- C:\Windows\system32\mblctr.exe
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Moniteur de ressources et de performances.) -- C:\Windows\system32\perfmon.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\system32\taskschd.msc
~ Global Startup: 93 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jamillanbettir]: Alertes de surveillance de l'encre - HP Photosmart 5520 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll
O4 - GS\Startup [jamillanbettir]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BBAC5985D6A6C2CF22212F9BE05DAA05] - 14/09/2013 - 16:09:53 ---A- . (...) -- C:\log.txt [360]
O44 - LFC:[MD5.7FD1632A1021FB6B1452357EC7490F04] - 07/09/2013 - 17:07:32 ---A- . (...) -- C:\Windows\Enjoy 6e Uninstaller.exe [428658]
~ Files: 145 Legitimates Filtered in 01mn 25s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{e2e098f8-eeca-11e1-909d-685d43e41c3a}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NeroLauncher [Key] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
O53 - SMSR:HKLM\...\startupreg\Stage Remote [Key] . (.Pas de propriétaire - Stage Remote Manager.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.449D90F1FB6402773C2F1ECCEAE15F74] - 05/12/2011 - 15:22:58 . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/03/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 02/02/2012 - C:\Windows\System32\drivers\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
O64 - Services: CurCS - 19/03/2012 - C:\Windows\System32\DRIVERS\igdpmd64.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
O64 - Services: CurCS - 04/04/2013 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 121 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.RGEBCMGRCZV7OP4MOVNH56OSJY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Didier\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "ED2CDF1571907B64AECE3577057410ED" . (.PowerXpressHybrid.) -- c:\Windows\Installer\{51FDC2DE-0917-46B7-EAEC-5377504701DE}\ARPPRODUCTICON.exe
~ Update Products: 115 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\6c43e7.msi [50302976]
~ WIS: 117 Legitimates Filtered in 00mn 20s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/12/2011 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 15/05/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 15/05/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 15/05/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 05/12/2011 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 19/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 18/05/2012 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 02/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/01/2012 627936 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 21/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 08/03/2011 224704 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/08/2010 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 21/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 22s
---\\ Scan Additionnel (O88)
Database Version : 12911 - (11/09/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 269641 Items scanned in 00mn 25s
~ 1235 Legitimates filtered by white list
End of the scan (396 lines in 02mn 52s)(0)
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
15 sept. 2013 à 13:34
15 sept. 2013 à 13:34
Re,
Je t'en prie. :)
Y'a-t-il encore des soucis ou on peut finaliser ?
Gabriel.
Je t'en prie. :)
Y'a-t-il encore des soucis ou on peut finaliser ?
Gabriel.
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
15 sept. 2013 à 16:36
15 sept. 2013 à 16:36
Re,
Voici la procédure : http://www.forum-entraide-informatique.com/support/finalisation-t8237.html
Tiens moi au courant de ton avancée au fur et à mesure.
Gabriel.
Voici la procédure : http://www.forum-entraide-informatique.com/support/finalisation-t8237.html
Tiens moi au courant de ton avancée au fur et à mesure.
Gabriel.
je tenterais une demande en début de soirée vers 21HOO...
Merci
Merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
15 sept. 2013 à 19:38
15 sept. 2013 à 19:38
une demande de quoi ?
je vais sur le forum de finalisation seulement maintenant... A + donc
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
15 sept. 2013 à 21:41
15 sept. 2013 à 21:41
Ok @+ :)
bonsoir Gabriel, voici le rapport USBFix
############################## | UsbFix V 7.134 | [Recherche]
Utilisateur: jamillanbettir (Administrateur) # DELLHOME
Mis à jour le 06/09/2013 par El Desaparecido
Lancé à 21:47:02 | 15/09/2013
Site Web: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://wwww.sosvirus.net/contact_eldesaparecido.php
PC: Dell Inc. (Inspiron 7520) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (2501)
RAM -> [Total : 3998 | Free : 2235]
BIOS: InsydeH2O Version 03.72.02A02
BOOT: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Protection antivirus et antispyware McAfee [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 452 Go (387 Go libre(s) - 86%) [OS] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\Windows\system32\csrss.exe (636)
C:\Windows\system32\wininit.exe (928)
C:\Windows\system32\services.exe (992)
C:\Windows\system32\lsass.exe (1008)
C:\Windows\system32\lsm.exe (1016)
C:\Windows\system32\svchost.exe (604)
C:\Windows\system32\svchost.exe (764)
C:\Windows\system32\atiesrxx.exe (812)
C:\Windows\System32\svchost.exe (936)
C:\Windows\System32\svchost.exe (1056)
C:\Windows\system32\svchost.exe (1104)
C:\Windows\system32\svchost.exe (1140)
C:\Windows\system32\svchost.exe (1316)
C:\Windows\system32\WLANExt.exe (1416)
C:\Windows\system32\conhost.exe (1424)
C:\Windows\System32\spoolsv.exe (1540)
C:\Windows\system32\svchost.exe (1600)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1784)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (1888)
C:\Windows\system32\svchost.exe (2016)
C:\Program Files\Conexant\SA3\CxUtilSvc.exe (2040)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (1432)
C:\Windows\system32\svchost.exe (1832)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (1508)
c:\Program Files\Intel\iCLS Client\HeciServer.exe (1756)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1936)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2056)
C:\Windows\system32\mfevtps.exe (2084)
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (2196)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2232)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2416)
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (2460)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (2484)
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (2524)
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (2616)
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (2680)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2864)
C:\Windows\system32\wbem\unsecapp.exe (3304)
C:\Windows\system32\wbem\wmiprvse.exe (3724)
C:\Windows\system32\svchost.exe (4072)
C:\Windows\system32\SearchIndexer.exe (3124)
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (5948)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5700)
C:\Windows\System32\svchost.exe (5536)
C:\Windows\system32\DllHost.exe (1064)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (6396)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (6516)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (6552)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5104)
C:\Program Files (x86)\Nero\Update\NASvc.exe (4000)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (4020)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3712)
C:\Windows\system32\csrss.exe (6264)
C:\Windows\system32\winlogon.exe (10840)
C:\Windows\system32\atieclxx.exe (9392)
C:\Windows\system32\taskhost.exe (5772)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (10540)
C:\Windows\system32\Dwm.exe (7588)
C:\Windows\Explorer.EXE (4552)
C:\Program Files\Elantech\ETDCtrl.exe (9052)
C:\Windows\System32\igfxtray.exe (8520)
C:\Windows\System32\hkcmd.exe (3424)
C:\Windows\System32\igfxpers.exe (9868)
C:\Program Files\Dell\QuickSet\quickset.exe (6092)
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (11032)
C:\Windows\System32\rundll32.exe (3944)
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (5112)
C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (8448)
C:\Windows\system32\RunDll32.exe (7620)
C:\Program Files\Conexant\SA3\SmartAudio3.exe (2360)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (6692)
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (4948)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (8596)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (6988)
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (10308)
C:\Program Files\mcafee.com\agent\mcagent.exe (4240)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (7496)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (8080)
C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe (7176)
C:\Program Files\Elantech\ETDCtrlHelper.exe (5424)
C:\Program Files\Elantech\ETDGesture.exe (5896)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (4572)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (10312)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8148)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3896)
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (9308)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (11148)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3900)
C:\UsbFix\Go.exe (4740)
C:\Windows\system32\wbem\wmiprvse.exe (8576)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [StartCCC] - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
HKLM\SOFTWARE | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE\wow6432Node | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | Run : [HP Photosmart 5520 series (NET)] - "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN373138480602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | RunOnce : [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | RunOnce : [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
################## | Éléments infectieux |
################## | Registre |
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{e2e098f8-eeca-11e1-909d-685d43e41c3a}
Shell\AutoRun\Command = E:\LaunchU3.exe -a
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | http://www.sosvirus.net |
voilà !
############################## | UsbFix V 7.134 | [Recherche]
Utilisateur: jamillanbettir (Administrateur) # DELLHOME
Mis à jour le 06/09/2013 par El Desaparecido
Lancé à 21:47:02 | 15/09/2013
Site Web: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://wwww.sosvirus.net/contact_eldesaparecido.php
PC: Dell Inc. (Inspiron 7520) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (2501)
RAM -> [Total : 3998 | Free : 2235]
BIOS: InsydeH2O Version 03.72.02A02
BOOT: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Protection antivirus et antispyware McAfee [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 452 Go (387 Go libre(s) - 86%) [OS] # NTFS
D:\ -> CD-ROM
################## | Processus Actif |
C:\Windows\system32\csrss.exe (636)
C:\Windows\system32\wininit.exe (928)
C:\Windows\system32\services.exe (992)
C:\Windows\system32\lsass.exe (1008)
C:\Windows\system32\lsm.exe (1016)
C:\Windows\system32\svchost.exe (604)
C:\Windows\system32\svchost.exe (764)
C:\Windows\system32\atiesrxx.exe (812)
C:\Windows\System32\svchost.exe (936)
C:\Windows\System32\svchost.exe (1056)
C:\Windows\system32\svchost.exe (1104)
C:\Windows\system32\svchost.exe (1140)
C:\Windows\system32\svchost.exe (1316)
C:\Windows\system32\WLANExt.exe (1416)
C:\Windows\system32\conhost.exe (1424)
C:\Windows\System32\spoolsv.exe (1540)
C:\Windows\system32\svchost.exe (1600)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1784)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (1888)
C:\Windows\system32\svchost.exe (2016)
C:\Program Files\Conexant\SA3\CxUtilSvc.exe (2040)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (1432)
C:\Windows\system32\svchost.exe (1832)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (1508)
c:\Program Files\Intel\iCLS Client\HeciServer.exe (1756)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1936)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2056)
C:\Windows\system32\mfevtps.exe (2084)
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (2196)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2232)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2416)
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (2460)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (2484)
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (2524)
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (2616)
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (2680)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2864)
C:\Windows\system32\wbem\unsecapp.exe (3304)
C:\Windows\system32\wbem\wmiprvse.exe (3724)
C:\Windows\system32\svchost.exe (4072)
C:\Windows\system32\SearchIndexer.exe (3124)
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (5948)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5700)
C:\Windows\System32\svchost.exe (5536)
C:\Windows\system32\DllHost.exe (1064)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (6396)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (6516)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (6552)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5104)
C:\Program Files (x86)\Nero\Update\NASvc.exe (4000)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (4020)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3712)
C:\Windows\system32\csrss.exe (6264)
C:\Windows\system32\winlogon.exe (10840)
C:\Windows\system32\atieclxx.exe (9392)
C:\Windows\system32\taskhost.exe (5772)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (10540)
C:\Windows\system32\Dwm.exe (7588)
C:\Windows\Explorer.EXE (4552)
C:\Program Files\Elantech\ETDCtrl.exe (9052)
C:\Windows\System32\igfxtray.exe (8520)
C:\Windows\System32\hkcmd.exe (3424)
C:\Windows\System32\igfxpers.exe (9868)
C:\Program Files\Dell\QuickSet\quickset.exe (6092)
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (11032)
C:\Windows\System32\rundll32.exe (3944)
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (5112)
C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (8448)
C:\Windows\system32\RunDll32.exe (7620)
C:\Program Files\Conexant\SA3\SmartAudio3.exe (2360)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (6692)
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (4948)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (8596)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (6988)
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (10308)
C:\Program Files\mcafee.com\agent\mcagent.exe (4240)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (7496)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (8080)
C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe (7176)
C:\Program Files\Elantech\ETDCtrlHelper.exe (5424)
C:\Program Files\Elantech\ETDGesture.exe (5896)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (4572)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (10312)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8148)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3896)
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (9308)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (11148)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3900)
C:\UsbFix\Go.exe (4740)
C:\Windows\system32\wbem\wmiprvse.exe (8576)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [StartCCC] - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
HKLM\SOFTWARE | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE\wow6432Node | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | Run : [HP Photosmart 5520 series (NET)] - "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN373138480602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | RunOnce : [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | RunOnce : [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
################## | Éléments infectieux |
################## | Registre |
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{e2e098f8-eeca-11e1-909d-685d43e41c3a}
Shell\AutoRun\Command = E:\LaunchU3.exe -a
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | http://www.sosvirus.net |
voilà !
5 oct. 2013 à 16:43
La situation est inchangée...usbfix stoppe à 95%.
J'ai désactivé en vain je ne sais combien de fois,l'antivirus Macafee; sur icone,ds Security center aussi.
Voilà ...Un peu marre non ?
5 oct. 2013 à 16:44
Laisse tomber UsbFix alors, tant pis..
Gabriel.
5 oct. 2013 à 16:59
5 oct. 2013 à 17:00