Sujet Précédent Sujet Suivant

Adware bprotect

Fermé
n°9 - 13 sept. 2013 à 22:13
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 - 5 oct. 2013 à 17:00
Bonjour,
Encore une fois le pc est infecté...
Aprés avoir téléchargé adwcleaner que fire avec le 1er rapport?
Merci de votre aide



A voir également:

42 réponses

Réponse 1 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
4 oct. 2013 à 18:42
Salut,

Ça bloque aussi avec le lien que je t'ai donné ?
Pareil en mode sans échec ?

Sinon redésinstalle-le et réessaye en le téléchargeant ici : https://www.usbfix.net/

Gabriel.
1
n°9
5 oct. 2013 à 16:43
Bonjour tout le monde!!!
La situation est inchangée...usbfix stoppe à 95%.
J'ai désactivé en vain je ne sais combien de fois,l'antivirus Macafee; sur icone,ds Security center aussi.
Voilà ...Un peu marre non ?
0
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
5 oct. 2013 à 16:44
Salut,

Laisse tomber UsbFix alors, tant pis..

Gabriel.
0
n°9
5 oct. 2013 à 16:59
merci à toutes et tous de votre aide
0
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
5 oct. 2013 à 17:00
:)
0
Réponse 2 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
13 sept. 2013 à 22:19
Bonsoir,

Poste le rapport AdwCleaner.

Gabriel.
0
Réponse 3 / 42
n°9
13 sept. 2013 à 22:32
# AdwCleaner v3.003 - Rapport créé le 13/09/2013 à 21:52:03
# Mis à jour le 07/09/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : jamillanbettir - DELLHOME
# Exécuté depuis : C:\Users\jamillanbettir\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Users\jamillanbettir\AppData\Roaming\Systweak
Fichier Supprimé : C:\Windows\System32\roboot64.exe

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=3
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=9
Clé Supprimée : HKCU\Software\distromatic
Clé Supprimée : HKLM\Software\systweak

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Google Chrome v29.0.1547.66

[ Fichier : C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\Bastien & Gabin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1629 octets] - [13/09/2013 21:50:45]
AdwCleaner[S0].txt - [1462 octets] - [13/09/2013 21:52:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1522 octets] ##########
0
Réponse 4 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
13 sept. 2013 à 22:58
Re,

Ok, fais un diagnostic de ton PC avec ZHPDiag et poste le rapport hébergé sur cjoint : http://www.forum-entraide-informatique.com/support/zhpdiag-tutoriel-t4831.html

Gabriel.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 42
n°9
14 sept. 2013 à 14:29
bonjour,
La suite... aprés DIAG,



~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman (11/09/2013)
~ Lancé par jamillanbettir (13/09/2013 23:10:02)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660
GCIE: Google Chrome v29.0.1547.66 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 25

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 387 GB (85%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: DELLHOME
~ User Name: jamillanbettir
~ All Users Names: jamillanbettir, HomeGroupUser$, Didier, Bastien & Gabin, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\jamillanbettir\AppData\Roaming\
~ %Desktop% : C:\Users\jamillanbettir\Desktop\
~ %Favorites% : C:\Users\jamillanbettir\Favorites\
~ %LocalAppData% : C:\Users\jamillanbettir\AppData\Local\
~ %StartMenu% : C:\Users\jamillanbettir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 387 Go of 452 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.09/08/2012 - 16:59:23.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/08/2012 - 16:59:25.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/08/2012 - 16:59:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4615
~ Mes musiques (My Musics) : 1/330
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/60
~ Mon Bureau (My Desktop) : 0/21
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lancés
[MD5.9EB4CDA2DFC1A555292CDC23205F10A8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416] [PID.4132]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4484]
[MD5.13F44960416C1D24DAAC3CBBBAE49D35] - (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024] [PID.4504]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4616]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4624]
[MD5.AC5B083C4B2874F9F9FFF0B6C99A6005] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.4764]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4784]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4836]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.5536]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.5776]
[MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7946240] [PID.2036]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1768]
[MD5.BC7E8D3CC0B41B027495E7ECF83D6C87] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.1972]
[MD5.9A59DF2CA690019FEA3B265D5A7EB619] - (.Conexant Systems, Inc. - Utility Service.) -- C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184] [PID.1268]
[MD5.812E1BA5C52A78F13EA6AA10DF708B1D] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1908]
[MD5.0D14E1675A8C34229E6162558487D65B] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.2440]
[MD5.EA1412DE64832ED9D920E88A9464196E] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.4344]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.3364]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.5812]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.6168]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.3584]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 7 Legitimates Filtered in 00mn 08s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google SketchUp 8.lnk . (.Google, Inc. - SketchUp Application.) -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
O4 - GS\Program [Public]: Basculement Graphique.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Program [Public]: Zinio Reader 4.lnk . (...) -- C:\Program Files (x86)\Zinio Reader 4\Zinio Reader 4.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.) -- C:\Windows\system32\mblctr.exe
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Moniteur de ressources et de performances.) -- C:\Windows\system32\perfmon.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\system32\taskschd.msc
O4 - GS\Desktop [jamillanbettir]: Sweet Home 3D.lnk . (.eTeks - Sweet Home 3D.) -- C:\Program Files (x86)\Sweet Home 3D\SweetHome3D.exe
~ Global Startup: 96 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jamillanbettir]: Alertes de surveillance de l'encre - HP Photosmart 5520 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll
O4 - GS\Startup [jamillanbettir]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Software Update (Software_update (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) =>Adware.Boxore
O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: 28 Legitimates Filtered in 00mn 04s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
~ 2 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 162 Legitimates Filtered in 00mn 37s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7FD1632A1021FB6B1452357EC7490F04] - 07/09/2013 - 17:07:32 ---A- . (...) -- C:\Windows\Enjoy 6e Uninstaller.exe [428658]
~ Files: 49 Legitimates Filtered in 01mn 18s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{e2e098f8-eeca-11e1-909d-685d43e41c3a}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NeroLauncher [Key] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
O53 - SMSR:HKLM\...\startupreg\Stage Remote [Key] . (.Pas de propriétaire - Stage Remote Manager.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.449D90F1FB6402773C2F1ECCEAE15F74] - 05/12/2011 - 15:22:58 . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
~ Drivers: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/03/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 02/02/2012 - C:\Windows\System32\drivers\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
O64 - Services: CurCS - 19/03/2012 - C:\Windows\System32\DRIVERS\igdpmd64.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 120 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.RGEBCMGRCZV7OP4MOVNH56OSJY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Didier\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [SPRF][24/06/2013] (.Ask.com - AskStub Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe [358600]
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][13/05/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe [10304672]
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore
[MD5.740D35D9CDC90AF32C357942B7643625] [SPRF][12/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg [1597076]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe [344583]
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][13/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252]
~ Files: 9 Legitimates Filtered in 00mn 06s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "ED2CDF1571907B64AECE3577057410ED" . (.PowerXpressHybrid.) -- c:\Windows\Installer\{51FDC2DE-0917-46B7-EAEC-5377504701DE}\ARPPRODUCTICON.exe
~ Update Products: 117 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.DB30D95BB743A11B26CE4CA8ECE79350] [WIS][15/03/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\465ff3.msi [1511424] =>Adware.Boxore
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\6c43e7.msi [50302976]
~ WIS: 120 Legitimates Filtered in 00mn 21s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/12/2011 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
SR - | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
SR - | Auto 15/05/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 15/05/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 15/05/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 05/12/2011 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 19/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 18/05/2012 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 02/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/01/2012 627936 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 21/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 08/03/2011 224704 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/08/2010 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 10/07/1658 0 | (Software_update_m) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 21/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 27s



---\\ Scan Additionnel (O88)
Database Version : 12911 - (11/09/2013)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 8

[HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Software =>Adware.Boxore
C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing^
C:\Windows\Installer\465ff3.msi =>Adware.Boxore^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
~ Additionnel Scan: 300162 Items scanned in 00mn 20s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing
~ MSI: 4 link(s) detected in 00mn 20s



~ 1134 Legitimates filtered by white list
End of the scan (463 lines in 03mn 46s)(0)

merci
0
Réponse 6 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
14 sept. 2013 à 14:35
Salut,

Ok, fais ZHPFix comme ceci avec ces lignes, et poste le rapport.

Gabriel.
0
Réponse 7 / 42
n°9
14 sept. 2013 à 15:07
Script ZHPFix
O23 - Service: Service Software Update (Software_update (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) =>Adware.Boxore
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.DB30D95BB743A11B26CE4CA8ECE79350] [WIS][15/03/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\465ff3.msi [1511424] =>Adware.Boxore
SS - | Auto 10/07/1658 0 | (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 10/07/1658 0 | (Software_update_m) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
[HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Software =>Adware.Boxore
C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Windows\Installer\465ff3.msi =>Adware.Boxore^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.) => Fichier absent
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][13/05/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe [10304672] => Temporary file not necessary
[MD5.740D35D9CDC90AF32C357942B7643625] [SPRF][12/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg [1597076] => Temporary file not necessary
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe [344583] => Temporary file not necessary
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][13/09/2013] (...) -- C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252] => Temporary file not necessary
O69 - SBI: SearchScopes [HKCU] {75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [SPRF][24/06/2013] (.Ask.com - AskStub Application.) -- C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe [358600]
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing^
EmptyTemp
EmptyFlash
EmptyCLSID
SysRestore
0
Réponse 8 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
14 sept. 2013 à 15:09
Non tu m'as collé mon script là^^

Gabriel.
0
Réponse 9 / 42
n°9
14 sept. 2013 à 15:19
Rapport de ZHPFix 2013.9.11.6 par Nicolas Coolman, Update du 11/09/2013
Fichier d'export Registre :
Run by jamillanbettir at 14/09/2013 15:10:48
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée

========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\BoxoreInstaller.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\uninst1.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\BackupSetup.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\Quarantine.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\vlc-2.0.8-win32.exe
SUPPRIMÉ: Memory Process: C:\Users\jamillanbettir\AppData\Local\Temp\APNStub.exe

========== Clés du Registre ==========
SUPPRIMÉ: Service: Software_update
SUPPRIMÉ: Service: Software_update_m
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
SUPPRIMÉ: SearchScopes :{75F9D6C9-3A41-4E8E-AA19-D5E36BD5CAF9}
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32

========== Dossiers ==========
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\{48ACCB21-B4D9-4CDE-B211-B86E587D2AAC}
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\{AD7FE461-7C3F-4493-A8A2-959A3F84C258}

========== Fichiers ==========
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\boxoreinstaller.exe
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\uninst1.exe
SUPPRIMÉ: C:\Windows\Installer\465ff3.msi
SUPPRIMÉ:* c:\windows\installer\465ff3.msi
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller1.log
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\GoogleToolbarInstaller2.log
SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\documentation d'aide de dell.lnk
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\backupsetup.exe
SUPPRIMÉ: C:\Users\jamillanbettir\AppData\Local\Temp\defaultCache.reg
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\defaultcache.reg
SUPPRIMÉ:* c:\users\jamillanbettir\appdata\local\temp\quarantine.exe
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\vlc-2.0.8-win32.exe
SUPPRIMÉ: c:\users\jamillanbettir\appdata\local\temp\apnstub.exe
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
6 : Processus mémoire
20 : Clés du Registre
2 : Dossiers
15 : Fichiers
1 : Restauration Système


End of clean in 00mn 52s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 14/09/2013 15:10:56 [4649]


Cette fois c'est...BON?????
0
Réponse 10 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
14 sept. 2013 à 15:21
Re,

Oui c'est bon. :)

Fais un examen complet sur tous les disques avec MBAM. Tu supprimeras tous les éléments détectés et me posteras le rapport : http://www.forum-entraide-informatique.com/support/malwarebytes-anti-malware-mbam-tutoriel-t6.html

Gabriel.
0
Réponse 11 / 42
n°9
14 sept. 2013 à 18:21
Bcp plus tard...aprés examen MBAM
Voici le rapport;


Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.09.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
jamillanbettir :: DELLHOME [administrateur]

Protection: Activé

14/09/2013 15:31:02
mbam-log-2013-09-14 (15-31-02).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 442091
Temps écoulé: 1 heure(s), 23 minute(s), 12 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Users\jamillanbettir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MECEODWH\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jamillanbettir\Downloads\rcpafterdownloadcm_ad_8063_cm2.exe (PUP.Optional.RegCleanerPro) -> Mis en quarantaine et supprimé avec succès.

(fin)

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.09.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
jamillanbettir :: DELLHOME [administrateur]

Protection: Activé

14/09/2013 15:31:02
mbam-log-2013-09-14 (15-31-02).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 442091
Temps écoulé: 1 heure(s), 23 minute(s), 12 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Users\jamillanbettir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MECEODWH\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jamillanbettir\Downloads\rcpafterdownloadcm_ad_8063_cm2.exe (PUP.Optional.RegCleanerPro) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Réponse 12 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
14 sept. 2013 à 21:19
Re,

Ok, toujours des soucis ?

Fais moi un nouveau rapport ZHPDiag.

Gabriel.
0
Réponse 13 / 42
n°9
15 sept. 2013 à 12:39
Je viens juste de me connecter!
merci!
je fais un ZHP Diag et te le poste.
0
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
15 sept. 2013 à 13:02
Salut, ok :)
0
Réponse 14 / 42
n°9
15 sept. 2013 à 13:32
Re...
Vraiment un grand merci !



~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman (11/09/2013)
~ Lancé par jamillanbettir (15/09/2013 13:24:07)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
GCIE: Google Chrome v29.0.1547.66 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 25

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 390 GB (86%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: DELLHOME
~ User Name: jamillanbettir
~ All Users Names: jamillanbettir, HomeGroupUser$, Didier, Bastien & Gabin, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\jamillanbettir\AppData\Roaming\
~ %Desktop% : C:\Users\jamillanbettir\Desktop\
~ %Favorites% : C:\Users\jamillanbettir\Favorites\
~ %LocalAppData% : C:\Users\jamillanbettir\AppData\Local\
~ %StartMenu% : C:\Users\jamillanbettir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 390 Go of 452 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.09/08/2012 - 16:59:23.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/08/2012 - 16:59:25.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/08/2012 - 16:59:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4622
~ Mes musiques (My Musics) : 1/330
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/60
~ Mon Bureau (My Desktop) : 1/21
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3752]
[MD5.9EB4CDA2DFC1A555292CDC23205F10A8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416] [PID.4112]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4452]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4868]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4552]
[MD5.13F44960416C1D24DAAC3CBBBAE49D35] - (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024] [PID.4600]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4312]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4396]
[MD5.AC5B083C4B2874F9F9FFF0B6C99A6005] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.5664]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.3632]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.6308]
[MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7946240] [PID.4900]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1784]
[MD5.BC7E8D3CC0B41B027495E7ECF83D6C87] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.1888]
[MD5.9A59DF2CA690019FEA3B265D5A7EB619] - (.Conexant Systems, Inc. - Utility Service.) -- C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184] [PID.2040]
[MD5.812E1BA5C52A78F13EA6AA10DF708B1D] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1508]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1936]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2056]
[MD5.0D14E1675A8C34229E6162558487D65B] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.2484]
[MD5.EA1412DE64832ED9D920E88A9464196E] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.5948]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6552]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.5104]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.4000]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.4020]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jamillanbettir\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 7 Legitimates Filtered in 00mn 08s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Basculement Graphique.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O4 - GS\Program [Public]: Zinio Reader 4.lnk . (...) -- C:\Program Files (x86)\Zinio Reader 4\Zinio Reader 4.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.) -- C:\Windows\system32\mblctr.exe
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Moniteur de ressources et de performances.) -- C:\Windows\system32\perfmon.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\system32\taskschd.msc
~ Global Startup: 93 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jamillanbettir]: Alertes de surveillance de l'encre - HP Photosmart 5520 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll
O4 - GS\Startup [jamillanbettir]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [BLEServicesCtrl] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - Webcam Central.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-1803025300-301612537-1702093733-1000\..\RunOnce: [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{D69D48A1-133F-4F36-927C-71B062089550}: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6D4605B-4698-4130-8D2F-A13AB4F43A1A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BBAC5985D6A6C2CF22212F9BE05DAA05] - 14/09/2013 - 16:09:53 ---A- . (...) -- C:\log.txt [360]
O44 - LFC:[MD5.7FD1632A1021FB6B1452357EC7490F04] - 07/09/2013 - 17:07:32 ---A- . (...) -- C:\Windows\Enjoy 6e Uninstaller.exe [428658]
~ Files: 145 Legitimates Filtered in 01mn 25s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{e2e098f8-eeca-11e1-909d-685d43e41c3a}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NeroLauncher [Key] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
O53 - SMSR:HKLM\...\startupreg\Stage Remote [Key] . (.Pas de propriétaire - Stage Remote Manager.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.449D90F1FB6402773C2F1ECCEAE15F74] - 05/12/2011 - 15:22:58 . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
~ Drivers: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/03/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 02/02/2012 - C:\Windows\System32\drivers\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
O64 - Services: CurCS - 19/03/2012 - C:\Windows\System32\DRIVERS\igdpmd64.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
O64 - Services: CurCS - 04/04/2013 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 121 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.RGEBCMGRCZV7OP4MOVNH56OSJY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Didier\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "ED2CDF1571907B64AECE3577057410ED" . (.PowerXpressHybrid.) -- c:\Windows\Installer\{51FDC2DE-0917-46B7-EAEC-5377504701DE}\ARPPRODUCTICON.exe
~ Update Products: 115 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\6c43e7.msi [50302976]
~ WIS: 117 Legitimates Filtered in 00mn 20s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/12/2011 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 15/05/2012 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 15/05/2012 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 15/05/2012 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 05/12/2011 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 19/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 18/05/2012 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 02/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/01/2012 627936 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 21/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 08/03/2011 224704 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/08/2010 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 21/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 22s



---\\ Scan Additionnel (O88)
Database Version : 12911 - (11/09/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 269641 Items scanned in 00mn 25s



~ 1235 Legitimates filtered by white list
End of the scan (396 lines in 02mn 52s)(0)
0
Réponse 15 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
15 sept. 2013 à 13:34
Re,

Je t'en prie. :)

Y'a-t-il encore des soucis ou on peut finaliser ?

Gabriel.
0
Réponse 16 / 42
n°9
15 sept. 2013 à 16:35
je suis rentrée...
On peut finaliser qd tu veux dés que tu seras dipos!
0
Réponse 17 / 42
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
15 sept. 2013 à 16:36
Re,

Voici la procédure : http://www.forum-entraide-informatique.com/support/finalisation-t8237.html
Tiens moi au courant de ton avancée au fur et à mesure.

Gabriel.
0
Réponse 18 / 42
n°9
15 sept. 2013 à 19:34
je tenterais une demande en début de soirée vers 21HOO...
Merci
0
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
15 sept. 2013 à 19:38
une demande de quoi ?
0
Réponse 19 / 42
n°9
15 sept. 2013 à 21:30
je vais sur le forum de finalisation seulement maintenant... A + donc
0
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
15 sept. 2013 à 21:41
Ok @+ :)
0
Réponse 20 / 42
n°9
15 sept. 2013 à 21:52
bonsoir Gabriel, voici le rapport USBFix
############################## | UsbFix V 7.134 | [Recherche]

Utilisateur: jamillanbettir (Administrateur) # DELLHOME
Mis à jour le 06/09/2013 par El Desaparecido
Lancé à 21:47:02 | 15/09/2013

Site Web: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://wwww.sosvirus.net/contact_eldesaparecido.php

PC: Dell Inc. (Inspiron 7520) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (2501)
RAM -> [Total : 3998 | Free : 2235]
BIOS: InsydeH2O Version 03.72.02A02
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Protection antivirus et antispyware McAfee [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 452 Go (387 Go libre(s) - 86%) [OS] # NTFS
D:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (636)
C:\Windows\system32\wininit.exe (928)
C:\Windows\system32\services.exe (992)
C:\Windows\system32\lsass.exe (1008)
C:\Windows\system32\lsm.exe (1016)
C:\Windows\system32\svchost.exe (604)
C:\Windows\system32\svchost.exe (764)
C:\Windows\system32\atiesrxx.exe (812)
C:\Windows\System32\svchost.exe (936)
C:\Windows\System32\svchost.exe (1056)
C:\Windows\system32\svchost.exe (1104)
C:\Windows\system32\svchost.exe (1140)
C:\Windows\system32\svchost.exe (1316)
C:\Windows\system32\WLANExt.exe (1416)
C:\Windows\system32\conhost.exe (1424)
C:\Windows\System32\spoolsv.exe (1540)
C:\Windows\system32\svchost.exe (1600)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1784)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (1888)
C:\Windows\system32\svchost.exe (2016)
C:\Program Files\Conexant\SA3\CxUtilSvc.exe (2040)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (1432)
C:\Windows\system32\svchost.exe (1832)
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (1508)
c:\Program Files\Intel\iCLS Client\HeciServer.exe (1756)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (1936)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (2056)
C:\Windows\system32\mfevtps.exe (2084)
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (2196)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2232)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2416)
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (2460)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (2484)
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (2524)
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (2616)
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (2680)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2864)
C:\Windows\system32\wbem\unsecapp.exe (3304)
C:\Windows\system32\wbem\wmiprvse.exe (3724)
C:\Windows\system32\svchost.exe (4072)
C:\Windows\system32\SearchIndexer.exe (3124)
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (5948)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5700)
C:\Windows\System32\svchost.exe (5536)
C:\Windows\system32\DllHost.exe (1064)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (6396)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (6516)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (6552)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5104)
C:\Program Files (x86)\Nero\Update\NASvc.exe (4000)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (4020)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3712)
C:\Windows\system32\csrss.exe (6264)
C:\Windows\system32\winlogon.exe (10840)
C:\Windows\system32\atieclxx.exe (9392)
C:\Windows\system32\taskhost.exe (5772)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (10540)
C:\Windows\system32\Dwm.exe (7588)
C:\Windows\Explorer.EXE (4552)
C:\Program Files\Elantech\ETDCtrl.exe (9052)
C:\Windows\System32\igfxtray.exe (8520)
C:\Windows\System32\hkcmd.exe (3424)
C:\Windows\System32\igfxpers.exe (9868)
C:\Program Files\Dell\QuickSet\quickset.exe (6092)
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (11032)
C:\Windows\System32\rundll32.exe (3944)
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (5112)
C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (8448)
C:\Windows\system32\RunDll32.exe (7620)
C:\Program Files\Conexant\SA3\SmartAudio3.exe (2360)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (6692)
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (4948)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (8596)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (6988)
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (10308)
C:\Program Files\mcafee.com\agent\mcagent.exe (4240)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (7496)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (8080)
C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe (7176)
C:\Program Files\Elantech\ETDCtrlHelper.exe (5424)
C:\Program Files\Elantech\ETDGesture.exe (5896)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (4572)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (10312)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8148)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3896)
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (9308)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (11148)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3900)
C:\UsbFix\Go.exe (4740)
C:\Windows\system32\wbem\wmiprvse.exe (8576)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [StartCCC] - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
HKLM\SOFTWARE | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\SOFTWARE\wow6432Node | Run : [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | Run : [HP Photosmart 5520 series (NET)] - "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN373138480602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | RunOnce : [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-1803025300-301612537-1702093733-1000\SOFTWARE | RunOnce : [Uninstall C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jamillanbettir\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"

################## | Éléments infectieux |


################## | Registre |

Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{e2e098f8-eeca-11e1-909d-685d43e41c3a}
Shell\AutoRun\Command = E:\LaunchU3.exe -a



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.sosvirus.net |

voilà !
0

Discussions similaires

adware.pokki
SuperFun -
SuperFun -

9 réponses
virus crossrider
viaumax -
viaumax -

6 réponses
c'est quoi un tracking cookie?
Berivan -
Berivan -

45 réponses
Win32:Adware-gen [Adw]
nico -
nico -

98 réponses
Comment supprimer pokki
cathykiki17 -
DianeA1 -

24 réponses