Bonjour, à l'ouverture de certaines applications telles que Youtube, Météo France etc, il apparait la page ci-jointe. comment rémédier à ce problème? le vous remercie..

Problèmes sur applications [Résolu]

Réponse 1 / 21

unmaxdemontagne
15 sept. 2013 à 08:12

Je n'arrive pas à poster la capture d'écran qui concerne le problème

unmaxdemontagne
15 sept. 2013 à 08:50

Rapport de ZHPDiag v2013.9.14.26 - Nicolas Coolman (14/09/2013)
~ Lancé par carladous.max@orange (15/09/2013 08:36:23)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 - Français

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4093 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 754 GB (82%) free of 918 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-MAX
~ User Name: carladous.max@orange
~ All Users Names: carladous.max@orange, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\carladous.max@orange\AppData\Roaming\
~ %Desktop% : C:\Users\carladous.max@orange\Desktop\
~ %Favorites% : C:\Users\carladous.max@orange\Favorites\
~ %LocalAppData% : C:\Users\carladous.max@orange\AppData\Local\
~ %StartMenu% : C:\Users\carladous.max@orange\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 754 Go of 918 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)

---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.75F110F4005DAE430AECA787FDEA9CBB] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.31/07/2013 - 14:19:03.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/5612
~ Mes musiques (My Musics) : 7/29
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/50
~ Mes Documents (My Documents) : 2/2550
~ Mon Bureau (My Desktop) : 1/22
~ Menu demarrer (Programs) : 1/80
~ Hidden Files: Scanned in 00mn 00s

---\\ Processus lancés
[MD5.D5543E09953C8A8B12801A3A7AFEE155] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.2072]
[MD5.CC37819A9C45FDF9E0577D71D8044319] - (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.2084]
[MD5.A1993250DD28B823D0B2477CFE9B331F] - (.Apple Inc. - BookmarkDAV_client.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720] [PID.2092]
[MD5.6FD13B36C8E7CBD5E09F95220484E71D] - (.Panasonic Corporation - AutoStartService.) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [174064] [PID.2108]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\program\soffice.exe [10376704] [PID.2164]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.2184]
[MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2308]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\program\soffice.bin [10368512] [PID.2692]
[MD5.61E4289E91E88C90478D7F4BEB10DCF7] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720] [PID.3520]
[MD5.D645B082E49F8655F14C61DB4EEBBA1D] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [367016] [PID.4916]
[MD5.59A409BAB55E72D33409A8A99F50DB17] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [264616] [PID.4800]
[MD5.D0D60548015BA79AD371BA4A562E79CB] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe [815496] [PID.5156]
[MD5.D15FE044EF9776466FBA00D7FBD7B7B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7953408] [PID.4356]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe [69120] [PID.5372]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.2404]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2420]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\carladous.max@orange\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.softonic.fr =>Toolbar.Conduit
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.aol.fr
G0 - GCSP: Preference [User Data\Default] http://www.aol.fr
G2 - GCE: Preference [User Data\Default] [pbjcbkbcncfkoljakenekllbfdonhjef] LyricsSay-1 v.1.24.15, (Activé) =>Adware.AddLyrics
~ Google Browser: 27 Legitimates Filtered in 00mn 18s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\carladous.max@orange\AppData\Roaming\Mozilla\Firefox\Profiles\hxt27szr.default\prefs.js
C:\Users\carladous.max@orange\AppData\Roaming\Mozilla\Firefox\Profiles\sq8szelx.default\prefs.js
M2 - MFEP: prefs.js [carladous.max@orange - hxt27szr.default\***@***] [] LyricsSay-1 v (..) =>Adware.AddLyrics
~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 16 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 116.50.60.6:3128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\Desktop [Public]: PHOTOfunSTUDIO 6.0.lnk . (.Panasonic Corporation - PHOTOfunSTUDIO.) -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 6.0\PHOTOfunSTUDIO.exe
O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\QuickLaunch [carladous.max@orange]: CompeGPS LAND (2).lnk . (...) -- C:\Program Files\CompeGPS\CompeGPSLAND.exe (.not file.)
O4 - GS\QuickLaunch [carladous.max@orange]: CompeGPS LAND (3).lnk . (...) -- C:\Program Files\CompeGPS\CompeGPSLAND.exe (.not file.)
O4 - GS\QuickLaunch [carladous.max@orange]: CompeGPS LAND (4).lnk . (...) -- C:\Program Files\CompeGPS\CompeGPSLAND.exe (.not file.)
O4 - GS\QuickLaunch [carladous.max@orange]: CompeGPS LAND.lnk . (...) -- C:\Program Files\CompeGPS\CompeGPSLAND.exe (.not file.)
O4 - GS\QuickLaunch [carladous.max@orange]: GIMP 2.lnk . (...) -- C:\Program Files\GIMP 2\bin\gimp-2.8.exe (.not file.)
O4 - GS\QuickLaunch [carladous.max@orange]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [carladous.max@orange]: GOM Video Converter.lnk . (.Gretech Corporation - Launcher.) -- C:\Program Files (x86)\GRETECH\GOMVideoConverter\GomVC.exe
O4 - GS\QuickLaunch [carladous.max@orange]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\QuickLaunch [carladous.max@orange]: incredimail_install - Raccourci.lnk . (...) -- C:\Users\carladous.max@orange\Downloads\incredimail_install.exe
O4 - GS\QuickLaunch [carladous.max@orange]: iTunes64Setup - Raccourci.lnk . (...) -- C:\Users\carladous.max@orange\Documents\Downloads\iTunes64Setup.exe (.not file.)
O4 - GS\QuickLaunch [carladous.max@orange]: IZArc.lnk . (.IZSoftware - IZArc Archiver.) -- C:\Program Files (x86)\IZArc\IZArc.exe
O4 - GS\QuickLaunch [carladous.max@orange]: Outil de mise à jour Google (2).lnk . (.Google - Google Updater.) -- C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
O4 - GS\QuickLaunch [carladous.max@orange]: Outil de mise à jour Google.lnk . (.Google - Google Updater.) -- C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe
O4 - GS\QuickLaunch [carladous.max@orange]: SOS Photos perdues.lnk . (.GetData Pty Ltd - SOS Photos perdues.) -- C:\Program Files (x86)\Micro Application\SOS Photos perdues\RecoverMyPhotos.exe
O4 - GS\QuickLaunch [carladous.max@orange]: SpeedUpMyPC.lnk . (...) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe (.not file.) =>Rogue SpeedUpMyPC
O4 - GS\Desktop [carladous.max@orange]: AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - GS\Desktop [carladous.max@orange]: Assistance Livebox.lnk . (...) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - GS\Desktop [carladous.max@orange]: CompeGPS LAND.lnk . (.CompeGPS TEAM, S.L. - CompeGPSLAND Application.) -- C:\Program Files (x86)\CompeGPS\CompeGPSLAND.exe
O4 - GS\Desktop [carladous.max@orange]: Kizo-Player.lnk . (...) -- C:\Program Files (x86)\Kizoa\kizoastarter.exe
O4 - GS\Desktop [carladous.max@orange]: Maxthon Cloud Browser.lnk . (.Maxthon International ltd. - Maxthon Cloud Browser.) -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
~ Global Startup: 97 Legitimates Filtered in 00mn 00s

---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: PHOTOfunSTUDIO 6.0.lnk . (.Panasonic Corporation - AutoStartService.) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O4 - GS\Startup [carladous.max@orange]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\program\quickstart.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.)
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] . (.Apple Inc. - BookmarkDAV_client.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Wow6432Node\Run: [Best-Softs] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Nikon Message Center 2] . (.Nikon Corporation - Nikon Message Center 2.) -- C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [CompeGPSDev] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.)
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [com.apple.dav.bookmarks.daemon] . (.Apple Inc. - BookmarkDAV_client.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKUS\S-1-5-21-791831690-1571322809-2409202431-1000\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
~ Application: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DE97D4-4318-4858-8003-62BD44881886}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2DE97D4-4318-4858-8003-62BD44881886}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2DE97D4-4318-4858-8003-62BD44881886}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Update BrowseFox (Update BrowseFox) . (...) - C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe (.not file.) =>Adware.BrowseFox
O23 - Service: (vToolbarUpdater15.5.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 8 Legitimates Filtered in 00mn 03s

---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\carladous.max@orange\Pictures\1239940_464792853621557_288929909_n.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\carladous.max@orange\Pictures\1239940_464792853621557_288929909_n.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [350]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [350]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\LyricsSay-1-chromeinstaller.job [1932] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\LyricsSay-1-codedownloader.job [1224] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\LyricsSay-1-enabler.job [1124] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\LyricsSay-1-firefoxinstaller.job [1856] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\LyricsSay-1-updater.job [1320] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Registry ***@*** [412]
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_HP_rmv] (...) -- C:\Windows\TEMP\{30B0F3C4-270A-4B67-9652-073EB8C54189}.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (...) -- C:\Windows\TEMP\{0E20BBD1-8E30-4EE3-AB0D-F3CC077B9AA5}.exe (.not file.) [0]
[MD5.D794902B7FA2EF438AB0A700361F0D1A] [APT] [LyricsSay-1-chromeinstaller] (.Lyrics.) -- C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe [484864] =>Adware.AddLyrics
[MD5.481A4D54F8EBD1703C2D5A014A7C7973] [APT] [LyricsSay-1-codedownloader] (.Lyrics.) -- C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe [487424] =>Adware.AddLyrics
[MD5.7936A4812E09EFC385DD2A2B73230685] [APT] [LyricsSay-1-enabler] (.Lyrics.) -- C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe [343552] =>Adware.AddLyrics
[MD5.4BF0E1879D0544D182722AAB76D441E9] [APT] [LyricsSay-1-firefoxinstaller] (.Lyrics.) -- C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe [722944] =>Adware.AddLyrics
[MD5.658E14CF34A75C4523D86DF124DC64B5] [APT] [LyricsSay-1-updater] (.Lyrics.) -- C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe [363520] =>Adware.AddLyrics
[MD5.00000000000000000000000000000000] [APT] [{32EED65C-4C17-4F8E-B778-CEE74A029B5E}] (...) -- C:\Program Files (x86)\INCRED~2\UNWISE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{697F19FA-5284-4E2A-80AD-6A08D7E07FE2}] (...) -- C:\Windows\Kiriasse\Uninstal.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6C1A72E7-DB6B-4C47-8BA2-26C420F70A5A}] (...) -- C:\Users\carladous.max@orange\gps\Setup_TwoNavPocket_2.1.2.exe (.not file.) [0]
~ Scheduled Task: 88 Legitimates Filtered in 00mn 01s

---\\ Logiciels installés (O42)
O42 - Logiciel: GPS TrackMaker - (.Geo Studio Technology Ltd.) [HKLM][64Bits] -- {4AA1480E-2789-47F2-8963-C5AAB60C563E}
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail
O42 - Logiciel: LyricsSay-1 - (.Lyrics.) [HKLM][64Bits] -- LyricsSay-1 =>Adware.AddLyrics
O42 - Logiciel: MPEG2 Codec(libmpeg2/mad) - (...) [HKLM][64Bits] -- MPEG2 Codec(libmpeg2/mad)
O42 - Logiciel: Super LoiLoScope WebShortcut - (.LoiLo.) [HKLM][64Bits] -- {AC589470-884E-4E15-96D8-437780F8185D}
O42 - Logiciel: UpdateBest-Softs 1.3 - (.Best-Softs.) [HKLM][64Bits] -- UpdateBest-Softs_is1
~ Logic: 151 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Best-Softs]
[HKCU\Software\Error Handlers]
[HKCU\Software\Filters]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstalledThirdPartyPrograms]
[HKCU\Software\KeepVid]
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo
[HKCU\Software\fAfvfSfP [fVf#f" fEfBfU [fh'Å ¶ ¬'³'ê'½f [fJf< fAfvfSfP [fVf#f"]
[HKLM\Software\InstalledThirdPartyPrograms]
[HKLM\Software\Wow6432Node\Best-Softs]
[HKLM\Software\Wow6432Node\WiseConvert_1.5] =>Toolbar.Conduit
~ Key Software: 281 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/09/2013 - 11:23:15 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster
O43 - CFD: 15/02/2013 - 19:34:24 - [25,082] ----D C:\Program Files (x86)\IncrediMail
O43 - CFD: 13/09/2013 - 11:16:47 - [8,349] ----D C:\Program Files (x86)\LyricsSay-1 =>Adware.AddLyrics
O43 - CFD: 09/09/2010 - 15:51:05 - [0,139] ----D C:\Program Files (x86)\MSNFix
O43 - CFD: 27/04/2010 - 10:36:14 - [7,741] ----D C:\Program Files (x86)\TrackMaker
O43 - CFD: 14/12/2012 - 11:43:23 - [0] ----D C:\Program Files (x86)\WiseConvert_1.5 =>Toolbar.Conduit
O43 - CFD: 09/12/2010 - 14:56:16 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 09/12/2010 - 14:52:19 - [6,530] ----D C:\ProgramData\IncrediMail
O43 - CFD: 05/05/2010 - 06:07:12 - [2,039] ----D C:\Users\carladous.max@orange\AppData\Roaming\Best-Softs
O43 - CFD: 12/05/2010 - 15:37:31 - [0] ----D C:\Users\carladous.max@orange\AppData\Local\ICS
O43 - CFD: 14/12/2010 - 17:14:25 - [399,453] ----D C:\Users\carladous.max@orange\AppData\Local\IM
O43 - CFD: 09/12/2010 - 15:55:37 - [0,001] ----D C:\Users\carladous.max@orange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\christmas_wallpaper1
O43 - CFD: 16/01/2012 - 09:04:33 - [0] ----D C:\Users\carladous.max@orange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GOM Video Converter
O43 - CFD: 27/04/2010 - 10:36:17 - [0,003] ----D C:\Users\carladous.max@orange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker
~ Program Folder: 257 Legitimates Filtered in 00mn 02s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.ECFB4023046201000BFBA37D9364C82E] - 15/09/2013 - 06:56:06 ---A- . (...) -- C:\Ad-Report-CLEAN[23].txt [4183]
~ Files: 63 Legitimates Filtered in 00mn 01s

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.46B8262494DFB7201CE7CDCD92DFAB32] - 15/09/2013 - 04:15:10 ---A- - C:\Windows\Prefetch\LYRICSSAY-1-FIREFOXINSTALLER.-76099BCC.pf =>Adware.AddLyrics
O45 - LFCP:[MD5.5B4D5F03D5AB1FD08D9EC7F812CCCCFE] - 15/09/2013 - 04:16:00 ---A- - C:\Windows\Prefetch\LYRICSSAY-1-CODEDOWNLOADER.EX-27881B71.pf =>Adware.AddLyrics
O45 - LFCP:[MD5.0F0360CCF3390364E2C581BFC57018DF] - 15/09/2013 - 04:16:00 ---A- - C:\Windows\Prefetch\LYRICSSAY-1-ENABLER.EXE-D5FEC2FC.pf =>Adware.AddLyrics
O45 - LFCP:[MD5.5C3B8BFFCEBBA716AC9D685D634449AA] - 15/09/2013 - 07:01:41 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-DC2B876B.pf
O45 - LFCP:[MD5.16C3CB74C09F307837D326CF5D59119B] - 15/09/2013 - 07:01:46 ---A- - C:\Windows\Prefetch\IMAPP.EXE-7F79DBD5.pf
O45 - LFCP:[MD5.556B7A100447DF3E9E167E580FD8FAD7] - 15/09/2013 - 07:01:49 ---A- - C:\Windows\Prefetch\IMLPP.EXE-0A75031C.pf
O45 - LFCP:[MD5.52707D4B78642C039E57A739E6B5C63C] - 15/09/2013 - 07:16:11 ---A- - C:\Windows\Prefetch\WINDOWSPHOTOGALLERY.EXE-11A60553.pf
O45 - LFCP:[MD5.2B45ADB62C2DFE12364DB484D084EB78] - 15/09/2013 - 07:21:32 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-36EF4378.pf
O45 - LFCP:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 29/11/2659 - 07:51:09 - C:\Windows\Prefetch\ReadyBoot
~ Prefetcher: 116 Legitimates Filtered in 00mn 00s

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\PROGRA~2\Kizoa\kizoastarter.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files (x86)\Kizoa\kizoastarter.exe
O47 - AAKE:Key Export SP - "C:\PROGRA~2\Kizoa\kizoplayer.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files (x86)\Kizoa\kizoplayer.exe
O47 - AAKE:Key Export SP - "C:\PROGRA~2\Kizoa\tools\ffmpeg.exe" [Enabled] .(...) -- C:\Program Files (x86)\Kizoa\tools\ffmpeg.exe (.not file.)
~ Keys Export: 4 Legitimates Filtered in 00mn 00s

---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4b9cabbe-9f98-11df-b65b-002421ad7963}\AutoRun\command. (...) -- G:\pccompanion\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\PowerArchiver Tray [Key] . (.ConeXware, Inc. - PowerArchiver Starter.) -- C:\Program Files (x86)\PowerArchiver\PASTARTER.exe
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableLockWorkstation"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableChangePassword"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.40014A6251A68D1EC48001B1653CCEE0] - 21/01/2008 - 03:47:30 . (...) -- C:\Windows\System32\Drivers\bdasup.sys [15616]
~ Drivers: 19 Legitimates Filtered in 00mn 00s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 12/09/2013 - 12:43:07 ---A- . (...) -- C:\Users\carladous.max@orange\Downloads\pci_filerecovery.exe [3462033]
O61 - LFC: 12/09/2013 - 12:44:12 ---A- . (.Rene.e Laboratory.) -- C:\Users\carladous.max@orange\Downloads\ReneeUndeleter_2013.exe [6819392]
O61 - LFC: 12/09/2013 - 13:29:59 ---A- . (.Asoftech Photo Recovery.) -- C:\Users\carladous.max@orange\Downloads\apr.exe [4311560]
O61 - LFC: 13/09/2013 - 10:11:46 ---A- . (. Firseria.) -- C:\Users\carladous.max@orange\Downloads\Microsoft%20SkyDrive.exe [233272]
O61 - LFC: 13/09/2013 - 15:18:31 ---A- . (...) -- C:\Users\carladous.max@orange\Downloads\hommage à camille.mp4.b2942rc.partial [14525513]
O61 - LFC: 13/09/2013 - 15:37:12 ---A- . (...) -- C:\Users\carladous.max@orange\Downloads\hommage à camille (1).mp4 [237271318]
O61 - LFC: 15/09/2013 - 06:43:39 ---A- . (...) -- C:\Users\carladous.max@orange\AppData\Local\Google\Chrome\User Data\Local State [41981]
O61 - LFC: 15/09/2013 - 06:43:40 ---A- . (...) -- C:\Users\carladous.max@orange\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 15/09/2013 - 07:01:39 ---A- . (...) -- C:\Users\carladous.max@orange\AppData\Local\IM\content.xml [45885]
~ 1055 Fichiers temporaires (Temporary files)
~ Files: 1083 Legitimates Filtered in 00mn 09s

---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <OperaStable>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <exefile>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <OperaStable>[HKCU\..\open\Command] (...) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <OperaStable>[HKCR\..\open\Command] (...) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 22 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C441C310511CDFD000562EDE6EE7AAEA] [SPRF][15/09/2013] (...) -- C:\ProgramData\nvModes.dat [268542]
[MD5.55FA5CED6B47A3AD7596F9EEB3DFC198] [SPRF][09/09/2010] (...) -- C:\Users\carladous.max@orange\AppData\Local\d3d9caps64.dat [732]
[MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][09/09/2010] (...) -- C:\Users\carladous.max@orange\AppData\Roaming\SetValue.bat [35]
~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{B4D15047-4C13-4B54-8AE4-55BC158A1ACE}C:\windows\lmiba52.tmp\lmi_rescue.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows\lmiba52.tmp\lmi_rescue.exe (.not file.)
O87 - FAEL: "UDP Query User{291C1AB5-BC85-4B2C-91DD-06610CF4BC3F}C:\windows\lmiba52.tmp\lmi_rescue.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows\lmiba52.tmp\lmi_rescue.exe (.not file.)
O87 - FAEL: "{D847D9F1-8F11-4A5B-B042-69E04FBBD205}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{147EABFA-C645-45C4-BC4A-0648112AD30C}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{FF73DE77-98F7-429A-B80E-F6FE43A9EF4B}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{2EEF46F9-720F-494C-90BC-5E5C5B1496F8}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{00E34BA1-051E-4F9C-B63E-EE3EA37F82D2}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{6641E62A-79C8-4385-97B5-37724464DD0E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{49EDC58A-975D-4C36-B624-EA6B053624A8}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{102556C8-489B-44DD-98A9-4A4300ECCC16}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{41FB8225-EC8A-4044-B26E-1211743716F6}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{72BE3CF5-DD63-4944-8F7E-2274AD2C3B6F}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{02749E85-FCFD-4AF8-92E9-3CD95CCEADA5}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{983B4281-FBF7-4F25-9CBF-0F442EC03BEF}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{99F8CAC7-C69C-43E5-893B-D8F84911CBD3}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
~ Firewall: 225 Legitimates Filtered in 00mn 00s

---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "074985CAE48851E4698D3477088F81D5" . (.Super LoiLoScope WebShortcut.) -- C:\Windows\Installer\{AC589470-884E-4E15-96D8-437780F8185D}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe
~ Update Products: 72 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4729F44A902F98DB253697C0B7B1ED73] [WIS][17/02/2011] (.LG PC Suite - Blank Project Template.) -- C:\Windows\Installer\1f334f3.msi [196096]
[MD5.E3E9AA702E91264BAC37F279622C27E7] [WIS][15/02/2013] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\2bc8e86.msi [2683904]
[MD5.98A21E7CDE9A4F90E8FE11D741248518] [WIS][24/07/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\44b18.msi [24064] =>Toolbar.Google
[MD5.E0452A80CA2048D448BA7816CC845BBA] [WIS][07/12/2009] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\73b51.msi [121344]
[MD5.1309CC665B5DF2556F24644316592FD3] [WIS][23/06/2010] (.ConeXware, Inc. - PowerArchiver 2010 French.) -- C:\Windows\Installer\bab5dd.msi [389120]
~ WIS: 75 Legitimates Filtered in 00mn 00s

---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Disabled 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 26/05/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/05/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 24/07/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Disabled 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 17/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/05/2009 381984 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Demand 02/02/2009 23536 | (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Disabled 29/01/2008 394704 | (Symantec RemoteAssist) . (.Symantec, Inc..) - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
SS - | Auto 10/07/1658 0 | (Update BrowseFox) . (...) - C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe =>Adware.BrowseFox
SS - | Auto 10/07/1658 0 | (vToolbarUpdater15.5.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by carladous.max@orange at 15/09/2013 08:37:41
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by carladous.max@orange at 15/09/2013 08:37:43

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)
Database Version : 12917 - (14/09/2013)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 19

[HKLM\Software\Google\Chrome\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef] =>Adware.AddLyrics^
[HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseFox] =>Adware.BrowseFox^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.5.0] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LyricsSay-1] =>Adware.AddLyrics^
[HKLM\Software\Wow6432Node\WiseConvert_1.5] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma
[HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4AEF748E79236FE469A405B26E2B5A04] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D92398073AB35641B056738A78E8772] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\824013852C6ECBB4BAC41F54837AA901] =>Adware.IMBooster
[HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422152252}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322712280}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422152252}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Users\carladous.max@orange\AppData\Roaming\Mozilla\Firefox\Profiles\hxt27szr.default\***@*** =>Adware.AddLyrics^
C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster^
C:\Program Files (x86)\LyricsSay-1 =>Adware.AddLyrics^
C:\Program Files (x86)\WiseConvert_1.5 =>Toolbar.Conduit^
C:\Users\carladous.max@orange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef =>Adware.AddLyrics^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google^
C:\Windows\Tasks\LyricsSay-1-chromeinstaller.job =>Adware.AddLyrics^
C:\Windows\Tasks\LyricsSay-1-codedownloader.job =>Adware.AddLyrics^
C:\Windows\Tasks\LyricsSay-1-enabler.job =>Adware.AddLyrics^
C:\Windows\Tasks\LyricsSay-1-firefoxinstaller.job =>Adware.AddLyrics^
C:\Windows\Tasks\LyricsSay-1-updater.job =>Adware.AddLyrics^
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe =>Adware.AddLyrics^
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe =>Adware.AddLyrics^
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe =>Adware.AddLyrics^
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe =>Adware.AddLyrics^
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe =>Adware.AddLyrics^
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo^
C:\Windows\Prefetch\LYRICSSAY-1-FIREFOXINSTALLER.-76099BCC.pf =>Adware.AddLyrics^
C:\Windows\Prefetch\LYRICSSAY-1-CODEDOWNLOADER.EX-27881B71.pf =>Adware.AddLyrics^
C:\Windows\Prefetch\LYRICSSAY-1-ENABLER.EXE-D5FEC2FC.pf =>Adware.AddLyrics^
C:\Windows\Installer\44b18.msi =>Toolbar.Google^
C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe =>Adware.BrowseFox^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^
~ Additionnel Scan: 331679 Items scanned in 00mn 24s

---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 10 link(s) detected in 00mn 24s

~ 2582 Legitimates filtered by white list
End of the scan (648 lines in 01mn 44s)(0)

Réponse 2 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 08:19

salut

pour en savoir plus sur ton problème, fais ceci s'il te plaît

télécharge zhpdiag sur ton bureau (outil de diagnostic)

le lien https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

le tuto http://www.security-helpzone.com/forum/Thread-ZHPDiag-Generer-un-rapport

utilisateurs vista-w7-w8 exécuter en tant qu'administrateur (clic droit)

clique sur configurer et dans la page qui s'ouvre, clique sur la loupe avec le +

le rapport s'affichera sur ton bureau et dans C:\zhpdiag.txt

poste le rapport via ce lien https://www.cjoint.com/

@+

Réponse 3 / 21

unmaxdemontagne
15 sept. 2013 à 09:00

Je ne trouve pas l'endroit où mettre l'utilisateur dans le 2ème lien w7 etc......

Réponse 4 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 09:15

re

c'est bon, j'ai le rapport complet

fais ceci s'il te plaît

télécharge adwcleaner sur ton bureau (clique sur la flèche verte)

le lien http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

utlisateurs vista-w7-w8 exécuter en tant qu'administrateur (clic droit)

clique sur Scanner puis patiente le temps du scan

une fois le scan terminé clique sur le bouton Nettoyer

clique sur rapport pour qu'il s'affiche sur ton bureau

le rapport est aussi sauvegarder dans C:\AdwCleaner[S0].txt

poste le rapport via 1 copier/coller

@+

Réponse 5 / 21

Utilisateur anonyme
15 sept. 2013 à 09:21

bonjour,

il est inutile de créer de doublon, je transfère tes rapports ici :

Voici le lien du rapport ZHPDiag
https://www.cjoint.com/?CIpjlgoT7Rq

pour répondre à ce sujet, il suffit de cliquer sur le bouton bleu "répondre au sujet" !

bonne continuation :-)

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 09:25

salut Elec,

merci et bonne journée

@+

Utilisateur anonyme
15 sept. 2013 à 09:26

;-)

Réponse 6 / 21

unmaxdemontagne
15 sept. 2013 à 09:28

# AdwCleaner v3.004 - Rapport créé le 15/09/2013 à 09:19:55
# Mis à jour le 15/09/2013 par Xplode
# Système d'exploitation : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Nom d'utilisateur : carladous.max@orange - PC-DE-MAX
# Exécuté depuis : C:\Users\carladous.max@orange\Downloads\adwcleaner (1).exe
# Option : Nettoyer

***** [ Services ] *****

[#] Service Supprimé : Update BrowseFox

***** [ Fichiers / Dossiers ] *****

[!] Dossier Supprimé : C:\Program Files (x86)\IminentToolbar
[!] Dossier Supprimé : C:\Users\carladous.max@orange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Navigateurs ] *****

-\\ Internet Explorer v9.0.8112.16506

-\\ Mozilla Firefox v23.0.1 (fr)

[ Fichier : C:\Users\carladous.max@orange\AppData\Roaming\Mozilla\Firefox\Profiles\hxt27szr.default\prefs.js ]

[ Fichier : C:\Users\carladous.max@orange\AppData\Roaming\Mozilla\Firefox\Profiles\sq8szelx.default\prefs.js ]

-\\ Google Chrome v29.0.1547.66

[ Fichier : C:\Users\carladous.max@orange\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : search_url
Supprimée : suggest_url
Supprimée : keyword

*************************

AdwCleaner[R0].txt - [24121 octets] - [01/09/2013 07:15:33]
AdwCleaner[R1].txt - [1250 octets] - [01/09/2013 07:24:44]
AdwCleaner[R2].txt - [1431 octets] - [13/09/2013 05:40:21]
AdwCleaner[R3].txt - [5059 octets] - [13/09/2013 11:58:21]
AdwCleaner[R4].txt - [1930 octets] - [15/09/2013 09:19:22]
AdwCleaner[S0].txt - [23358 octets] - [01/09/2013 07:16:21]
AdwCleaner[S1].txt - [1311 octets] - [01/09/2013 07:25:17]
AdwCleaner[S2].txt - [4989 octets] - [13/09/2013 11:58:53]
AdwCleaner[S3].txt - [1877 octets] - [15/09/2013 09:19:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1937 octets] ##########

Réponse 7 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 09:31

re

relance adwcleaner et choisis désinstaller

ensuite fais ceci

http://www.security-helpzone.com/gen-hackman/tutos-canneds/junkware-removal-tool/

poste le rapport via 1 copier/coller

@+

Réponse 8 / 21

unmaxdemontagne
15 sept. 2013 à 09:45

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by carladous.max@orange on 15/09/2013 at 9:38:17,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-791831690-1571322809-2409202431-1000\Software\IB Updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-791831690-1571322809-2409202431-1000\Software\Wajam
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322712280}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422152252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355715580}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455155552}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366716680}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344714480}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444154452}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322712280}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422152252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355715580}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455155552}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366716680}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344714480}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444154452}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355715580}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455155552}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366716680}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344714480}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444154452}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355715580}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455155552}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366716680}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466156652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344714480}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444154452}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0D66C07F-C3B8-4341-B9AB-EF84AE59D476}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\LyricsSay-1-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\LyricsSay-1-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\LyricsSay-1-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\LyricsSay-1-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\LyricsSay-1-updater.job
Successfully deleted: [File] "C:\Users\carladous.max@orange\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\lyricssay-1"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\carladous.max@orange\AppData\Roaming\mozilla\firefox\profiles\hxt27szr.default\prefs.js

user_pref("extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_FR.value", "%22var%20ca
user_pref("extensions.iminent.admin", false);
user_pref("extensions.iminent.aflt", "orgnl");
user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
user_pref("extensions.iminent.autoRvrt", "false");
user_pref("extensions.iminent.dfltLng", "");
user_pref("extensions.iminent.excTlbr", false);
user_pref("extensions.iminent.ffxUnstlRst", false);
user_pref("extensions.iminent.id", "3c3bdb46000000000000002421ad7963");
user_pref("extensions.iminent.instlDay", "15961");
user_pref("extensions.iminent.instlRef", "");
user_pref("extensions.iminent.newTab", false);
user_pref("extensions.iminent.prdct", "iminent");
user_pref("extensions.iminent.prtnrId", "iminent");
user_pref("extensions.iminent.rvrt", "false");
user_pref("extensions.iminent.smplGrp", "none");
user_pref("extensions.iminent.tlbrId", "base");
user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
user_pref("extensions.iminent.vrsn", "1.8.25.0");
user_pref("extensions.iminent.vrsnTs", "1.8.25.011:17:23");
user_pref("extensions.iminent.vrsni", "1.8.25.0");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.version", "7.36.1.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1379064124702,\"InstallEvent\":\"True\"}");
Emptied folder: C:\Users\carladous.max@orange\AppData\Roaming\mozilla\firefox\profiles\hxt27szr.default\minidumps [283 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/09/2013 at 9:43:59,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Réponse 9 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 09:52

re

ok, fais ceci s'il te plaît

Télécharge roguekiller sur ton bureau

prends le x64>>regarde l'image

Le lien https://www.luanagames.com/index.fr.html

Le tuto http://tigzyrk.blogspot.be/2012/10/fr-roguekiller-tutoriel-officiel.html

Quitte tous tes programmes en cours

Lance roguekiller (utilisateurs vista-w7-w8 exécuter en tant qu'administrateur- clic droit)

Laisse faire le prescan

Clique sur scan

Le rapport s'affichera sur ton bureau et dans C: RKReport[#].txt

Poste le rapport via 1 copier/coller

@+

Réponse 10 / 21

unmaxdemontagne
15 sept. 2013 à 10:16

RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Demarrage : Mode normal
Utilisateur : carladous.max@orange [Droits d'admin]
Mode : Recherche -- Date : 09/15/2013 10:12:07
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 10 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (116.50.60.6:3128) -> TROUVÉ
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (0x00000000) -> TROUVÉ
[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (0x00000000) -> TROUVÉ
[HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify (0x00000000) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Tâches planifiées : 5 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{0E20BBD1-8E30-4EE3-AB0D-F3CC077B9AA5}.exe - --uninstall=1 [x] -> TROUVÉ
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{30B0F3C4-270A-4B67-9652-073EB8C54189}.exe - --uninstall=1 [x] -> TROUVÉ
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{30B0F3C4-270A-4B67-9652-073EB8C54189}.exe - --uninstall=1 [x] -> TROUVÉ
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{0E20BBD1-8E30-4EE3-AB0D-F3CC077B9AA5}.exe - --uninstall=1 [x] -> TROUVÉ
[V2][SUSP PATH] EPUpdater : C:\Users\CARLAD~1.MAX\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> TROUVÉ

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65L5B1 ATA Device +++++
--- User ---
[MBR] 3b443bbf6665b4fdcceeb3ed87c698a5
[BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939743 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924594560 | Size: 14123 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EADS-65L5B1 ATA Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[0]_S_09152013_101207.txt >>

Réponse 11 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 10:29

re

relance roguekiller et clique sur suppression>>regarde l'image
fais la même chose en cliquant sur proxy raz>> regarde l'image

ps: vérifie que tout soit coché avant de supprimer

poste les rapports via 1 copier/coller

merci

@+

Réponse 12 / 21

unmaxdemontagne
15 sept. 2013 à 10:54

RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Demarrage : Mode normal
Utilisateur : carladous.max@orange [Droits d'admin]
Mode : Suppression -- Date : 09/15/2013 10:53:32
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 3 ¤¤¤
[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify () -> REMPLACÉ ()
[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify () -> REMPLACÉ ()
[HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify () -> REMPLACÉ ()

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65L5B1 ATA Device +++++
--- User ---
[MBR] 3b443bbf6665b4fdcceeb3ed87c698a5
[BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939743 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924594560 | Size: 14123 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EADS-65L5B1 ATA Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[0]_D_09152013_105332.txt >>
RKreport[0]_D_09152013_104901.txt;RKreport[0]_D_09152013_105119.txt;RKreport[0]_S_09152013_101207.txt
RKreport[0]_S_09152013_104852.txt;RKreport[0]_S_09152013_105104.txt;RKreport[0]_S_09152013_105318.txt

Réponse 13 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 11:25

re

il faut encore le rapport de proxy raz

@+

Réponse 14 / 21

unmaxdemontagne
15 sept. 2013 à 11:28

En tout cas, un grand merci pour ton aide et à +

Réponse 15 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 11:36

re

de rien mais ce n'est pas fini^^

poste le rapport de roguekiller apreès suppression avec proxy raz

merci

@+

Réponse 16 / 21

unmaxdemontagne
15 sept. 2013 à 11:47

RogueKiller V8.6.11 _x64_ [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Demarrage : Mode normal
Utilisateur : carladous.max@orange [Droits d'admin]
Mode : Suppression -- Date : 09/15/2013 11:46:12
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 3 ¤¤¤
[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify () -> REMPLACÉ ()
[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify () -> REMPLACÉ ()
[HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify () -> REMPLACÉ ()

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65L5B1 ATA Device +++++
--- User ---
[MBR] 3b443bbf6665b4fdcceeb3ed87c698a5
[BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939743 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924594560 | Size: 14123 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EADS-65L5B1 ATA Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[0]_D_09152013_114612.txt >>
RKreport[0]_D_09152013_114444.txt;RKreport[0]_S_09152013_114437.txt;RKreport[0]_S_09152013_114554.txt

Réponse 17 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 11:56

re

tu as posté le rapport de suppression et j'ai demandé le rapport avec proxy raz

(Mode : Suppression -- Date : 09/15/2013 11:46:12 )

regarde l'image

@+

Réponse 18 / 21

unmax de mpntagne
15 sept. 2013 à 12:02

Est-ce que c'est ça que tu attends?

RogueKiller V8.6.11 _x64_ [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Demarrage : Mode normal
Utilisateur : carladous.max@orange [Droits d'admin]
Mode : DNS RAZ -- Date : 09/15/2013 12:00:15
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

Termine : << RKreport[0]_DN_09152013_120015.txt >>
RKreport[0]_D_09152013_120011.txt;RKreport[0]_S_09152013_120010.txt

Réponse 19 / 21

billmaxime Messages postés 50261 Date d'inscription dimanche 20 novembre 2011 Statut Contributeur Dernière intervention 24 septembre 2024 5 988
15 sept. 2013 à 12:16

re

non, ça c'est DNS RAZ et je demande que tu cliques sur PROXY RAZ

Mode : DNS RAZ -- Date : 09/15/2013 12:00:15

je te met l'image

dis moi si tu trouves

@+

Réponse 20 / 21

unmaxdemontagne
15 sept. 2013 à 12:22

RogueKiller V8.6.11 _x64_ [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Demarrage : Mode normal
Utilisateur : carladous.max@orange [Droits d'admin]
Mode : Proxy RAZ -- Date : 09/15/2013 12:19:49
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

Termine : << RKreport[0]_PR_09152013_121949.txt >>
RKreport[0]_D_09152013_121942.txt;RKreport[0]_S_09152013_121934.txt

Problèmes sur applications

21 réponses

Discussions similaires

Newsletters