Mon ordinateur est très lent
sylvie45
-
sylvie45 -
sylvie45 -
bonjour,
mon ordinateur est très très lent. pouvez-vous m'aider s'il vous plaît ?
je vous remercie à l'avance
mon ordinateur est très très lent. pouvez-vous m'aider s'il vous plaît ?
je vous remercie à l'avance
73 réponses
- 1
- 2
- 3
- 4
Suivant
Résumé de la discussion
L’ordinateur est lent, et les échanges portent sur des solutions de sécurité et de nettoyage pour identifier des nuisances potentielles et optimiser les performances globales. Parmi les éléments évoqués figurent Malwarebytes' Anti-Malware et un rapport de diagnostic (ZHPDiag) afin de repérer les programmes et les modules indésirables et de proposer des actions correctrices. Des outils de sécurité et de maintenance tels que Avast, CCleaner et des éléments du système Windows XP sont mentionnés, avec des détails sur les processus actifs et les éléments démarrés. D’autres éléments utiles peuvent inclure la vérification des programmes au démarrage et des extensions de navigateur qui ralentissent le système, ainsi que l’écoute des résultats d’outils de diagnostic pour cibler les actions.
-
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
c'est quoi cette version moisie ? ^^
maintenant c'est plutôt :
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.09.25.06-
-
ou elle a conservé cette vieille version
le lien officiel : https://fr.malwarebytes.com/mwb-download/ -
-
-
~ Rapport de ZHPDiag v2013.9.23.44 - Nicolas Coolman (23/09/2013)
~ Lancé par ARTISTES SERVICES (25/09/2013 20:18:47)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome
---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.62.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v3.06 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 15 Model 2 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (17% free)
System Restore: Activé (Enable)
System drive C: has 29 GB (40%) free of 72 GB
---\\ Mode de connexion au système
~ Computer Name: GUILLAUME
~ User Name: ARTISTES SERVICES
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, ARTISTES SERVICES, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\ARTISTES SERVICES\Application Data\
~ %Desktop% : C:\Documents and Settings\ARTISTES SERVICES\Bureau\
~ %Favorites% : C:\Documents and Settings\ARTISTES SERVICES\Favoris\
~ %LocalAppData% : C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 29 Go of 72 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 33 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 03s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/327
~ Mes musiques (My Musics) : 6/166
~ Mes Videos (My Videos) : 1/74
~ Mes Favoris (My Favorites) : 1/53
~ Mes Documents (My Documents) : 3/707
~ Mon Bureau (My Desktop) : 0/21
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1300]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1692]
[MD5.4F4D4AA1E0849FECC0CF5AACD59030B5] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182184] [PID.1884]
[MD5.FF552B88ACD6D939FD6D2F6413E64D12] - (...) -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe [3596288] [PID.1920]
[MD5.576918B02840A360702051BC4269B13F] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [5071712] [PID.272]
[MD5.9ACCBC5891BA51B5B29C1A88F80D4CE3] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [421888] [PID.2064]
[MD5.E558CDE2913DAA077D4E25732D1AA176] - (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152] [PID.2100]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816] [PID.2108]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.2136]
[MD5.CE42DFE915F78246364D464902E47360] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.2192]
[MD5.4C4CF9220E628D1378F9807EC5175488] - (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000] [PID.2232]
[MD5.C519CEC624CF9BCBA3059F32266C8FFF] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [258048] [PID.2324]
[MD5.DCFC84480C76D862D9BFD386EA6E8DE7] - (.Microsoft Corporation - ActiveSync RAPI Manager.) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe [199464] [PID.2400]
[MD5.D8B8B5A8FE57CF4F307A540D9A153C23] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3400]
[MD5.CF55FF59BEA561F7A7A023237B5F42C5] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe [12614496] [PID.3456]
[MD5.DB58E795398E59C2ED31411376B73115] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe [195936] [PID.2580]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3548]
[MD5.2B11FF4D377A65A7B3F394060C451539] - (.TeamViewer GmbH - TeamViewer 8.) -- c:\program files\teamviewer\version8\TeamViewer_Desktop.exe [4536160] [PID.21496]
[MD5.B114DB354D13A21C1AC2B1807EE2F500] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\update\realsched.exe [273544] [PID.17100]
[MD5.D63791AEA2D98C5B3A2881A230613B8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8006144] [PID.25964]
~ Processes Running: Scanned in 00mn 10s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} . (.Pas de propriétaire - Easy-WebPrint EWPBrowseLoader Module.) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {69B3CFE1-5849-45AF-A237-22531B8A498D} Clé orpheline
~ BHO: 12 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{968631B6-4729-440D-9BF4-251F5593EC9A} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: IncrediMail.lnk . (...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.)
O4 - GS\Program [AllUsers]: MSN Messenger 6.1.lnk . (...) -- C:\WINNT\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314600155}\MsblIco.exe (.not file.)
O4 - GS\Program [AllUsers]: RealOne Player.lnk . (.RealNetworks, Inc. - RealOne Player.) -- C:\Program Files\Real\RealOne Player\realplay.exe
O4 - GS\Program [AllUsers]: VideoLink Mail.lnk . (.Smith Micro Software, Inc. - VideoLink Mail.) -- C:\Program Files\VideoLink Mail\VideoLink Mail.exe
O4 - GS\Program [Administrateur]: Lecteur Windows Media .lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 17 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] bthprops.cpl
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
O4 - HKCU\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.
O4 - HKCU\..\RunOnce: [Shockwave Updater] . (.Adobe Systems, Inc. - Shockwave Helper.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\RunOnce: [Shockwave Updater] . (.Adobe Systems, Inc. - Shockwave Helper.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
~ Application: Scanned in 00mn 01s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MICROS~4\INetRepl.dll
O9 - Extra button: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Clé orpheline
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -- C:\Program Files\bt_hot_icon.ico (.not file.)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} ((no name)) - http://dx.mastacash.com/loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ((no name)) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89B6297-4B44-435D-8176-0C64A7E1528D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F89B6297-4B44-435D-8176-0C64A7E1528D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F89B6297-4B44-435D-8176-0C64A7E1528D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: awtqopm . (...) -- awtqopm.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: MySQL (MySQL) . (...) - C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt" (.not file.)
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 8 (TeamViewer8) . (.TeamViewer GmbH - TeamViewer 8.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
~ Services: 6 Legitimates Filtered in 01mn 16s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
~ Drivers: 66 Legitimates Filtered in 00mn 10s
---\\ Logiciels installés (O42)
O42 - Logiciel: MegaCam - (...) [HKLM] -- {77F69001-4D35-4BEA-A074-26DA04EA0CDA}
O42 - Logiciel: SiS Audio Driver - (...) [HKLM] -- SiS7012
O42 - Logiciel: Winkaa 1.0 1.0 - (...) [HKLM] -- Winkaa 1.0
O42 - Logiciel: WunderWeb 3.0.0 - (.WunderWeb.) [HKLM] -- WunderWeb
~ Logic: 124 Legitimates Filtered in 00mn 05s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Euro Fax]
[HKCU\Software\IncrediMail]
[HKCU\Software\Montorgueil]
[HKCU\Software\SudoPlanet]
[HKCU\Software\WunderWeb]
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKLM\Software\OTask]
[HKLM\Software\SQ]
[HKLM\Software\Yahoo] =>Toolbar.Yahoo
~ Key Software: 257 Legitimates Filtered in 00mn 05s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/10/2006 - 14:00:38 - [0,008] ----D C:\Program Files\Carpe Diem
O43 - CFD: 30/04/2008 - 18:37:26 - [0,009] ----D C:\Program Files\Documents To Go
O43 - CFD: 15/06/2008 - 18:41:03 - [0,064] ----D C:\Program Files\Emoticons-plus.com
O43 - CFD: 23/11/2003 - 20:15:08 - [1,837] ----D C:\Program Files\PEP2000
O43 - CFD: 17/03/2005 - 11:55:53 - [0] ----D C:\Program Files\SpeedProject
O43 - CFD: 05/09/2003 - 19:58:43 - [0,028] ----D C:\Program Files\Tsunami_Filter_Pack_Mini
O43 - CFD: 01/05/2008 - 16:53:20 - [0] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 29/01/2007 - 13:15:31 - [4,892] ----D C:\Program Files\Fichiers communs\PWC2000
O43 - CFD: 08/02/2006 - 15:57:18 - [0,034] ----D C:\Program Files\Fichiers communs\WhenU
O43 - CFD: 20/01/2013 - 16:34:21 - [0,012] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail
O43 - CFD: 19/06/2013 - 17:53:29 - [7,608] ----D C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\IM
~ Program Folder: 257 Legitimates Filtered in 03mn 34s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.74E5A2983D77EE8A9FF3A4DB1E459818] - 25/09/2013 - 19:19:09 ---A- . (...) -- C:\Documents [160]
O44 - LFC:[MD5.107A77042160BBAACC84F9FE6DEDA59F] - 24/09/2013 - 20:26:39 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
O44 - LFC:[MD5.BA8D38BBC9E648DEBEF64AA111528D58] - 24/09/2013 - 20:26:31 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 24/09/2013 - 09:55:16 ---A- . (...) -- C:\WINDOWS\system32\TrueSight.sys [26624]
O44 - LFC:[MD5.4320AC6E22C2941134486B01EDA07D11] - 23/09/2013 - 13:04:36 ---A- . (.Dmitry Streblechenko - Outlook Redemption COM library.) -- C:\WINDOWS\system32\Scanner.dll [495616]
O44 - LFC:[MD5.4FDC8ED8BEF2A10508FECAD324E2AC2A] - 23/09/2013 - 13:04:35 ---A- . (.Kelly Ethridge - VB.EXT Core Class Library.) -- C:\WINDOWS\system32\vbcorlib.dll [4145264]
O44 - LFC:[MD5.C500123DB19EF47F2E0B5A420A04B921] - 23/09/2013 - 13:04:34 ---A- . (.Conaito - Conaito Evo VoIP client.) -- C:\WINDOWS\system32\EvoVoIP.dll [856064]
O44 - LFC:[MD5.7112190518B5AEAA05B259BBE393C9ED] - 22/09/2013 - 16:13:42 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.7FD60B174D07FE3AA7B95BBE384FCC97] - 13/09/2013 - 09:06:16 ---A- . (...) -- C:\WINDOWS\MAHJONGG.INI [41]
O44 - LFC:[MD5.4B227C8051A9D8468C4908464C14EC1A] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [24650]
O44 - LFC:[MD5.2D2214BBCF3B77992BE1794BDA3587A9] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\comsetup.log [119247]
O44 - LFC:[MD5.7CE4A07BC608F5C64FFADD3677256599] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\iis6.log [389821]
O44 - LFC:[MD5.0BDC641A375F2A633D06B96902C3DF2C] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.A536FAF27870C6AA0298ECE8B8B87050] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\netfxocm.log [62814]
O44 - LFC:[MD5.4AE537982F40EA4DCD42E968398B3154] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [72169]
O44 - LFC:[MD5.B293A7B7B738875128816D06088C5907] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\ocgen.log [171448]
O44 - LFC:[MD5.3391544B31A14469891DF9B0EEE979F8] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\ocmsn.log [19836]
O44 - LFC:[MD5.72AC5CE69438A705B9A72A0C9AED1226] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\tabletoc.log [18038]
O44 - LFC:[MD5.260EA560B13A85F68240552FD14DDE7A] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\tsoc.log [163626]
O44 - LFC:[MD5.4753601B1A7DA500EFEB611A79B4CD2E] - 11/09/2013 - 16:26:35 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [358643]
O44 - LFC:[MD5.BADE18AAC901849C7BB17BAC5B8E57F1] - 11/09/2013 - 16:26:35 ---A- . (...) -- C:\WINDOWS\msgsocm.log [17922]
O44 - LFC:[MD5.AF4A3029F1FFA89FF2A5D8B6340119C1] - 11/09/2013 - 16:26:33 ---A- . (...) -- C:\WINDOWS\msmqinst.log [111422]
O44 - LFC:[MD5.31EEEB752642DC84C298559707008EDD] - 11/09/2013 - 16:26:20 ---A- . (...) -- C:\WINDOWS\updspapi.log [40879]
O44 - LFC:[MD5.8B4A881E907636C2DECA15C55990B0B5] - 11/09/2013 - 16:19:50 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.130D32B81EF95E51DD9D0B2C9DC7874A] - 11/09/2013 - 16:13:06 ---A- . (...) -- C:\WINDOWS\win.ini [1773]
~ Files: 49 Legitimates Filtered in 02mn 02s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.D98905F2E49D95F504B8BC0450C5F1FD] - 23/09/2013 - 06:22:29 ---A- - C:\WINDOWS\Prefetch\FRAMEFOX.EXE-1285825C.pf =>PUP.FrameFox
O45 - LFCP:[MD5.53753378B5C1C11614EE7266CFB35387] - 23/09/2013 - 06:22:38 ---A- - C:\WINDOWS\Prefetch\BITGUARD.EXE-0101BB75.pf =>PUP.BitGuard
O45 - LFCP:[MD5.8D3DA735F9B52CE7D1628464CC6D881C] - 23/09/2013 - 13:00:39 ---A- - C:\WINDOWS\Prefetch\OUTLOOKMESSENGERSETUP[1].EXE-10A8CAF7.pf
O45 - LFCP:[MD5.DB8A99D3506DFA57CE2F2755BB3EF0A9] - 23/09/2013 - 13:01:08 ---A- - C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0DE3261B.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.086CB32B807AA219FAF02D1025AFCEB7] - 23/09/2013 - 13:02:14 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3-5.EXE-05487A42.pf =>Adware.PlusHD
O45 - LFCP:[MD5.101D29489139B34F2D67239B1A0DDD7C] - 23/09/2013 - 13:02:34 ---A- - C:\WINDOWS\Prefetch\ROFGNIKEUIKTPC.EXE-1C0916B7.pf
O45 - LFCP:[MD5.C0EDE30F50B002EC9EB3A7F8B8356AB9] - 23/09/2013 - 13:02:56 ---A- - C:\WINDOWS\Prefetch\ALZIP.EXE-328886AF.pf
O45 - LFCP:[MD5.AC4720E2FE7655BD74F4A7629F917BD6] - 23/09/2013 - 13:02:57 ---A- - C:\WINDOWS\Prefetch\ALBNCOLLECTOR.EXE-3496DC3B.pf
O45 - LFCP:[MD5.ADA1606F9A604795FAAD79A2A0A34B23] - 23/09/2013 - 13:06:56 ---A- - C:\WINDOWS\Prefetch\OUTLOOKMESSENGER.EXE-23AABDEF.pf
O45 - LFCP:[MD5.616BC04F08C7457B139740BC938A0D87] - 23/09/2013 - 16:39:45 ---A- - C:\WINDOWS\Prefetch\TUTO4PC_WIDGET.EXE-2EEF5266.pf =>PUP.Eorezo
O45 - LFCP:[MD5.27F6C82BCC691DBF141728193CF4D484] - 23/09/2013 - 19:22:31 ---A- - C:\WINDOWS\Prefetch\UNWISE.EXE-0AFE923E.pf
O45 - LFCP:[MD5.7D4C423307340AA3E04164BFD6F7B72E] - 23/09/2013 - 19:23:08 ---A- - C:\WINDOWS\Prefetch\UNREGAAW.EXE-088D06FB.pf
O45 - LFCP:[MD5.CF987D08A01C16BBA632B684CBE689DE] - 23/09/2013 - 19:23:15 ---A- - C:\WINDOWS\Prefetch\GLB1A2B.EXE-2E9AFCB0.pf
O45 - LFCP:[MD5.697372C96E15B060B0B0A5AB17AC5716] - 23/09/2013 - 19:24:04 ---A- - C:\WINDOWS\Prefetch\SASCORE.EXE-22E1D4D0.pf
O45 - LFCP:[MD5.61DEB2F320B14426895C8A18ACDB986B] - 24/09/2013 - 09:15:41 ---A- - C:\WINDOWS\Prefetch\WCESCOMM.EXE-062FDF7F.pf
O45 - LFCP:[MD5.2D9DE15C344764BAF49AE60609710774] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\MYSQLD-NT.EXE-20E33EF6.pf
O45 - LFCP:[MD5.7875397FE2336013F1363E3D87D07556] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\ORANGEINSIDE.EXE-033DBE1D.pf
O45 - LFCP:[MD5.98C02B2DAB59E8A349040A62D08963E5] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\RAPIMGR.EXE-086AD32F.pf
O45 - LFCP:[MD5.A372EF30ED1ECFC7DC3564CA2295447F] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\UPDATERSERVICE.EXE-38536B88.pf
O45 - LFCP:[MD5.07AFDDB7CD6A6CF26DED1D97288C1B44] - 24/09/2013 - 09:24:48 ---A- - C:\WINDOWS\Prefetch\UPT4PC_FR_63.EXE-3B1093E7.pf
O45 - LFCP:[MD5.38545D02CD6AF0CD526CBB83C2B435F3] - 24/09/2013 - 09:25:24 ---A- - C:\WINDOWS\Prefetch\TUTO4PC_FR_63.EXE-09D28613.pf =>PUP.Eorezo
O45 - LFCP:[MD5.EC1EAF88A44019634B4341DE2639FCA4] - 24/09/2013 - 09:50:54 ---A- - C:\WINDOWS\Prefetch\84C8D1A4-C6AA-46A4-84D3-2D96E-1296B14F.pf
O45 - LFCP:[MD5.B8F61F6848E9C355D4B917BDDCC32788] - 24/09/2013 - 14:46:00 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-2AAB6361.pf
O45 - LFCP:[MD5.F5599CF05BF3D1C705699F8A1A8B1755] - 24/09/2013 - 15:12:43 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-BG.EXE-02EAD3CA.pf =>Adware.PlusHD
O45 - LFCP:[MD5.990EB51F09BF9C491B814958B5B0812F] - 24/09/2013 - 17:15:17 ---A- - C:\WINDOWS\Prefetch\DUUQUCRASHHANDLER.EXE-30FB2A3D.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.1250CA0B8D82AFC4894B15EF7B28BCC6] - 24/09/2013 - 19:03:25 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-CODEDOWNLOADER.EX-27679EFA.pf =>Adware.PlusHD
O45 - LFCP:[MD5.91C67571375CEF703FB59745DF732922] - 24/09/2013 - 19:04:52 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-ENABLER.EXE-0243AC48.pf =>Adware.PlusHD
O45 - LFCP:[MD5.5D2B205E9782881BB8ED93FE98174DF4] - 24/09/2013 - 20:20:15 ---A- - C:\WINDOWS\Prefetch\UPDATEWUNDERWEB.EXE-1D2FAEDD.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 06s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" [Enabled] .(...) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\WinFax eXPert\WinFax.exe" [Enabled] .(...) -- C:\Program Files\WinFax eXPert\WinFax.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\WinFax eXPert\BvrpKrnl.exe" [Enabled] .(...) -- C:\Program Files\WinFax eXPert\BvrpKrnl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\coktel\ADI5\TTS\SpeechCube.exe" [Disabled] .(...) -- C:\coktel\ADI5\TTS\SpeechCube.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\WJSCFRBT\incredimail_install[1].exe" [Enabled] .(...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\WJSCFRBT\incredimail_install[1].exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\IncMail.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\ImApp.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\0C9NNO1T\BubblehitSetup[1].exe" [Enabled] .(...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\0C9NNO1T\BubblehitSetup[1].exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" [Enabled] .(.Srimax Software System.) -- C:\Program Files\Outlook Messenger\OutlookMessenger.exe
~ Keys Export: 28 Legitimates Filtered in 00mn 03s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (...) -- C:\WINDOWS\system32\gebya.dll
~ LSA: 7 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Easy-PrintToolBox [Key] . (...) -- C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\OpScheduler [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Opware14 [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PDF Converter Registry Controller [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SSBkgdUpdate [Key] . (...) -- C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SSPrnAgent [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WhenUSearch [Key] . (...) -- C:\Program Files\WhenUSearch\Search.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WhenUSearchWHSE [Key] . (...) -- C:\Program Files\WhenUSearch\whse.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WorkFlowTray [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe (.not file.)
~ SMSR Keys: 17 Legitimates Filtered in 00mn 01s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.FA72FA503F580C3C628DD8C7D7622E37] - 30/08/2013 - 08:48:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/09/2013 - 13:56:39 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Recent\chez Eveline.lnk [534]
O61 - LFC: 22/09/2013 - 16:32:47 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Recent\MegaCam.lnk [423]
O61 - LFC: 23/09/2013 - 12:36:39 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [7246]
O61 - LFC: 23/09/2013 - 12:46:25 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Internet Explorer\Desktop.htt [2724]
O61 - LFC: 23/09/2013 - 12:46:57 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat [6854]
O61 - LFC: 23/09/2013 - 13:03:24 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\avgchrome\avgp [15415]
O61 - LFC: 23/09/2013 - 13:05:28 -S-A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1606980848-839522115-1003\8895bd1f0432cb55fb56db375ef9d8fe_5ae7043f-d906-4ba6-a63b-3825be57b3b4 [82]
O61 - LFC: 23/09/2013 - 13:05:28 -S-A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1606980848-839522115-1003\fab1c32e3949ceaa74a47b78146214ef_5ae7043f-d906-4ba6-a63b-3825be57b3b4 [82]
O61 - LFC: 23/09/2013 - 13:05:38 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Mes documents\OMessenger\settings\ARTISTES SERVICES.xml [715]
O61 - LFC: 23/09/2013 - 15:39:02 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Favoris\Accueil de Cjoint.com.url [1082]
O61 - LFC: 23/09/2013 - 19:46:04 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Mes documents\OMessenger\ARTISTES SERVICES@GUILLAUME [2]
O61 - LFC: 23/09/2013 - 19:46:04 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Mes documents\OMessenger\OM004.dat [2]
O61 - LFC: 24/09/2013 - 11:48:29 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Recent\ZHPDiag.txt.lnk [507] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 15:23:01 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 15:23:01 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 20:21:42 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\Internet Explorer.lnk [901]
O61 - LFC: 24/09/2013 - 20:21:42 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (Aucun module complémentaire).lnk [781]
O61 - LFC: 24/09/2013 - 20:21:42 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\Programmes\Internet Explorer.lnk [769]
O61 - LFC: 24/09/2013 - 20:21:43 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk [781]
O61 - LFC: 24/09/2013 - 20:21:43 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk [781]
O61 - LFC: 24/09/2013 - 20:22:20 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences [15415]
O61 - LFC: 24/09/2013 - 20:26:12 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1202660629-1606980848-839522115-1003\Credentials [2730]
O61 - LFC: 25/09/2013 - 09:12:40 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\ZHP\ZHPDiag.txt [51419] =>.Nicolas Coolman
O61 - LFC: 25/09/2013 - 12:18:40 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\IECompatCache\index.dat [868352]
O61 - LFC: 25/09/2013 - 12:18:40 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\PrivacIE\index.dat [16187392]
O61 - LFC: 25/09/2013 - 12:26:12 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Favoris\Connexion.url [820]
O61 - LFC: 25/09/2013 - 19:18:13 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\IETldCache\index.dat [262144]
O61 - LFC: 25/09/2013 - 19:27:46 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\ZHP\Log.txt [128271] =>.Nicolas Coolman
~ 32 Fichiers temporaires (Temporary files)
~ 291 Fichiers cookies (Cookies files)
~ Files: 510 Legitimates Filtered in 06mn 54s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/03/2003 - Pas de propriétaire (BANTExt) .(...) - LEGACY_BANTEXT
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (BTKRNL) .(...) - LEGACY_BTKRNL
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (FILESpy) .(...) - LEGACY_FILESPY
O64 - Services: CurCS - 05/10/2004 - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia Licensing Service) .(.Pas de propriétaire - System Level Service Utilty.) - LEGACY_MACROMEDIA_LICENSING_SERVICE
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (MySQL) .(...) - LEGACY_MYSQL
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (Profos) .(...) - LEGACY_PROFOS
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (REGSpy) .(...) - LEGACY_REGSPY
~ Legacy: 169 Legitimates Filtered in 00mn 11s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" http://www.qvo6.com =>Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {843F9ABB-E35F-4E11-A9AB-C70351ABBFE7} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Program Files\Keygen winace 2.20.exe
~ Files: Scanned in 07mn 33s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FA4AC51F114492B9973A3C6F640169F9] [SPRF][11/04/2006] (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\fusioncache.dat [140]
[MD5.BC5E5F0E9AC9AB1FCA186FA7ADC7955F] [SPRF][25/10/2004] (.Netopsystems AG - Netopsystems FEAD Recomposer.) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\AdbeRdr60_fra_full.exe [18810320]
[MD5.73499DB2B0D7A4BE39502DF36D1932CA] [SPRF][19/08/2005] (.DivX Networks, Inc. - DivX 6.0, DivX Player 6.0 (DVXA).) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\DivXPlay.exe [7739192]
[MD5.488804D7E9732487D3A16C83850765DC] [SPRF][27/07/2005] (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\iTunesSetup.exe [22786672]
[MD5.F14FC50CBDC621AEC539CA9F0A1F3C0F] [SPRF][01/07/2004] (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\PDFCreator-Setup-0_7_1.exe [7749804]
[MD5.F0A8F6A7A6C9CE86DCAEFB15387FE431] [SPRF][06/07/2006] (...) -- C:\Program Files\Keygen winace 2.20.exe [70144]
[MD5.7258B3B943025D6B1BD6F311EAADA565] [SPRF][14/07/2002] (...) -- C:\Program Files\Traduction francaise winace 2.20.exe [318743]
[MD5.271D80553FB8646F1AC38CB2A099B2F6] [SPRF][14/07/2002] (.e-merge GmbH - http://www.winace.com.) -- C:\Program Files\Winace 2.20.exe [2826786]
~ Files: 17 Legitimates Filtered in 00mn 08s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CD705E2C14F0084A79D58861F77C4138] [WIS][20/01/2013] (.Nom de votre société - Photo Notifier and Animation Creator.) -- C:\Windows\Installer\16d6b08.msi [1106944]
[MD5.A71C25CAB8BCE94F8F4596781E271ADE] [WIS][30/09/2008] (./ - Runtime 8.0 Libraries.) -- C:\Windows\Installer\6a10610.msi [148992]
~ WIS: 81 Legitimates Filtered in 00mn 43s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 23/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 26/06/2008 31592 | (getPlus(R) Helper) . (.NOS Microsystems Ltd..) - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
SR - | Demand 16/08/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 12/06/2013 182184 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 05/10/2004 68096 | (Macromedia Licensing Service) . (...) - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
SR - | Auto 10/07/1658 0 | (MySQL) . (...) - C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt"
SS - | Auto 29/09/2004 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Disabled 14/01/2005 53248 | (STI Simulator) . (...) - C:\WINDOWS\System32\PAStiSvc.exe
SR - | Auto 12/09/2013 5071712 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
~ Services: Scanned in 00mn 52s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ARTISTES SERVICES at 25/09/2013 20:43:55
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 05s
---\\ Scan Additionnel (O88)
Database Version : 12930 - (23/09/2013)
Clés trouvées (Keys found) : 15
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 12
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1fc80e00-41b0-4f74-bc16-2c83ed49cac9}] =>Trojan.FakeAlert
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSearch] =>Adware.WhenUSearch
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSearchWHSE] =>Adware.WhenUSearch
C:\Program Files\Yahoo! =>Toolbar.Yahoo^
C:\Program Files\Fichiers communs\WhenU =>Adware.WhenUSearch
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKLM\Software\Yahoo] =>Toolbar.Yahoo^
C:\WINDOWS\Prefetch\FRAMEFOX.EXE-1285825C.pf =>PUP.FrameFox^
C:\WINDOWS\Prefetch\BITGUARD.EXE-0101BB75.pf =>PUP.BitGuard^
C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0DE3261B.pf =>Toolbar.Wajam^
C:\WINDOWS\Prefetch\PLUS-HD-3-5.EXE-05487A42.pf =>Adware.PlusHD^
C:\WINDOWS\Prefetch\TUTO4PC_WIDGET.EXE-2EEF5266.pf =>PUP.Eorezo^
C:\WINDOWS\Prefetch\TUTO4PC_FR_63.EXE-09D28613.pf =>PUP.Eorezo^
C:\WINDOWS\Prefetch\PLUS-HD-3.5-BG.EXE-02EAD3CA.pf =>Adware.PlusHD^
C:\WINDOWS\Prefetch\DUUQUCRASHHANDLER.EXE-30FB2A3D.pf =>Toolbar.DeltaSearch^
C:\WINDOWS\Prefetch\PLUS-HD-3.5-CODEDOWNLOADER.EX-27679EFA.pf =>Adware.PlusHD^
C:\WINDOWS\Prefetch\PLUS-HD-3.5-ENABLER.EXE-0243AC48.pf =>Adware.PlusHD^
~ Additionnel Scan: 280412 Items scanned in 04mn 38s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/32789922-pup-framefox =>PUP.FrameFox
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/29006589-adware-whenusearch =>Adware.WhenUSearch
~ MSI: 10 link(s) detected in 04mn 38s
~ 1805 Legitimates filtered by white list
End of the scan (641 lines in 29mn 49s)(1) -
Essaie de virer les virus avec MBAM et ADW Cleaner en premier lieu.
-
Si tu as Windows XP c'est normal mais si tu n'as pas windows xp et que tu as beaucoup de jeux ou de dossiers qui prennent beaucoup de place sur ton ordi supprime le maximum
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Hello
Fais ceci d'abord
* Télécharge ZHPDiag (de Nicolas Coolman)
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
ftp://zebulon.fr/ZHPDiag2.exe
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin
* A l'ouverture du logiciel il te sera proposé deux options "rechercher" et "configurer"
* Cliques sur configurer
* Options puis tous
* Clique sur l'icône représentant une loupe + (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Pour héberger le rapport, clique sur la flèche bleue ce qui va te diriger vers Pjjoint
pour héberger ce rapport.
* Clique sur Parcourir pour chercher le rapport dans ton PC.
* Le rapport est sauvegardé dans C:\ZHP\ZHPDiag.txt
* Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir
* Clique sur envoyer le fichier, puis poste le lien en bleu qu'on va te fournir.
* Si problème d'hébergement sur Pjoint passe par cjoint
* Pour t'aider http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html
-
bonjour lilidurhone
je te remercie pour ta réponse.
ceci concerne l'ordinateur de ma mère. puis-je faire les manipulations de chez moi sur mon ordinateur en prenant le contrôle du sien avec teamwiever ? -
Oui tu peux sans problème :)
-
-
Ok JRT maintenant
-
bonjour et merci de m'aider
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by ARTISTES SERVICES on 25/09/2013 at 0:22:29,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] update wunderweb
Successfully deleted: [Service] update wunderweb
~~~ Registry Values
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1202660629-1606980848-839522115-1003\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322712280}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355715580}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366716680}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344714480}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355715580}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366716680}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344714480}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5e4c391-8b22-4fc2-a122-b3cb35e2faad}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{f5e4c391-8b22-4fc2-a122-b3cb35e2faad}
~~~ Files
Successfully deleted: [File] C:\WINDOWS\Tasks\dsmonitor.job
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\wunderweb"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/09/2013 at 0:48:38,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Super
Réessaye zhpdiag
-
-
T'as pas réessayer zhpdiag?
On va faire un scan généralisé pour voir si d'autres infections ne se cachent pas
Attention le scan peut durer assez longtemps environ 2h voire plus suivant la capacité des disques durs
* Télécharge MalwareBytes' anti-malware sur le bureau
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
* Cliques droit sur l'icône Download_mbam-setup.exe afin de l'exécuter en tant qu'admin pour lancer le processus d'installation
* Si le pare-feu demande l'autorisation de se connecter pour malwareBytes, accepte
* Décoche pour la version d'essai pour malwarebytes pro
* Il va se mettre à jour une fois faite
* Va dans l'onglet recherche
* Sélectionne exécuter un examen complet
* Clique sur rechercher
* Le scan démarre
* A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
* Clique sur afficher les résultats pour afficher les objets trouvés
* Clique sur OK pour poursuivre
* Si des malwares ont été détectés, cliquer sur afficher les résultats
* Sélectionne tout (ou laisser coché)
* Clique sur tout supprimer
* MalwareBytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
* Malwarebytes va ouvrir le bloc-note et y copier le rapport
* Redémarre le PC
* Une fois redémarré, double-clique sur MalwareBytes
* Va dans l'onglet rapport/log
* Clique dessus pour l'afficher une fois affiché, cliquer sur édition
en haut du bloc-note puis sur sélectionner tout
* Reviens sur édition, puis sur copier et reviens
sur le forum dans ta réponse
* Clic droit dans le cadre de la réponse et coller
Bonne chance
-
Ok en attente du rapport mbam
-
-
~ Rapport de ZHPDiag v2013.9.23.44 - Nicolas Coolman (23/09/2013)
~ Lancé par ARTISTES SERVICES (25/09/2013 20:18:47)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome
---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.62.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v3.06 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 15 Model 2 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (17% free)
System Restore: Activé (Enable)
System drive C: has 29 GB (40%) free of 72 GB
---\\ Mode de connexion au système
~ Computer Name: GUILLAUME
~ User Name: ARTISTES SERVICES
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, ARTISTES SERVICES, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\ARTISTES SERVICES\Application Data\
~ %Desktop% : C:\Documents and Settings\ARTISTES SERVICES\Bureau\
~ %Favorites% : C:\Documents and Settings\ARTISTES SERVICES\Favoris\
~ %LocalAppData% : C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 29 Go of 72 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 33 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 03s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/327
~ Mes musiques (My Musics) : 6/166
~ Mes Videos (My Videos) : 1/74
~ Mes Favoris (My Favorites) : 1/53
~ Mes Documents (My Documents) : 3/707
~ Mon Bureau (My Desktop) : 0/21
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1300]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1692]
[MD5.4F4D4AA1E0849FECC0CF5AACD59030B5] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182184] [PID.1884]
[MD5.FF552B88ACD6D939FD6D2F6413E64D12] - (...) -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe [3596288] [PID.1920]
[MD5.576918B02840A360702051BC4269B13F] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [5071712] [PID.272]
[MD5.9ACCBC5891BA51B5B29C1A88F80D4CE3] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [421888] [PID.2064]
[MD5.E558CDE2913DAA077D4E25732D1AA176] - (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152] [PID.2100]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816] [PID.2108]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.2136]
[MD5.CE42DFE915F78246364D464902E47360] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.2192]
[MD5.4C4CF9220E628D1378F9807EC5175488] - (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000] [PID.2232]
[MD5.C519CEC624CF9BCBA3059F32266C8FFF] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [258048] [PID.2324]
[MD5.DCFC84480C76D862D9BFD386EA6E8DE7] - (.Microsoft Corporation - ActiveSync RAPI Manager.) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe [199464] [PID.2400]
[MD5.D8B8B5A8FE57CF4F307A540D9A153C23] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3400]
[MD5.CF55FF59BEA561F7A7A023237B5F42C5] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe [12614496] [PID.3456]
[MD5.DB58E795398E59C2ED31411376B73115] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe [195936] [PID.2580]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3548]
[MD5.2B11FF4D377A65A7B3F394060C451539] - (.TeamViewer GmbH - TeamViewer 8.) -- c:\program files\teamviewer\version8\TeamViewer_Desktop.exe [4536160] [PID.21496]
[MD5.B114DB354D13A21C1AC2B1807EE2F500] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\update\realsched.exe [273544] [PID.17100]
[MD5.D63791AEA2D98C5B3A2881A230613B8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8006144] [PID.25964]
~ Processes Running: Scanned in 00mn 10s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} . (.Pas de propriétaire - Easy-WebPrint EWPBrowseLoader Module.) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {69B3CFE1-5849-45AF-A237-22531B8A498D} Clé orpheline
~ BHO: 12 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{968631B6-4729-440D-9BF4-251F5593EC9A} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: IncrediMail.lnk . (...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.)
O4 - GS\Program [AllUsers]: MSN Messenger 6.1.lnk . (...) -- C:\WINNT\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314600155}\MsblIco.exe (.not file.)
O4 - GS\Program [AllUsers]: RealOne Player.lnk . (.RealNetworks, Inc. - RealOne Player.) -- C:\Program Files\Real\RealOne Player\realplay.exe
O4 - GS\Program [AllUsers]: VideoLink Mail.lnk . (.Smith Micro Software, Inc. - VideoLink Mail.) -- C:\Program Files\VideoLink Mail\VideoLink Mail.exe
O4 - GS\Program [Administrateur]: Lecteur Windows Media .lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 17 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] bthprops.cpl
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
O4 - HKCU\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.
O4 - HKCU\..\RunOnce: [Shockwave Updater] . (.Adobe Systems, Inc. - Shockwave Helper.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.
O4 - HKUS\S-1-5-21-1202660629-1606980848-839522115-1003\..\RunOnce: [Shockwave Updater] . (.Adobe Systems, Inc. - Shockwave Helper.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
~ Application: Scanned in 00mn 01s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MICROS~4\INetRepl.dll
O9 - Extra button: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Clé orpheline
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -- C:\Program Files\bt_hot_icon.ico (.not file.)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} ((no name)) - http://dx.mastacash.com/loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ((no name)) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89B6297-4B44-435D-8176-0C64A7E1528D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F89B6297-4B44-435D-8176-0C64A7E1528D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F89B6297-4B44-435D-8176-0C64A7E1528D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: awtqopm . (...) -- awtqopm.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: MySQL (MySQL) . (...) - C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt" (.not file.)
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TeamViewer 8 (TeamViewer8) . (.TeamViewer GmbH - TeamViewer 8.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
~ Services: 6 Legitimates Filtered in 01mn 16s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
~ Drivers: 66 Legitimates Filtered in 00mn 10s
---\\ Logiciels installés (O42)
O42 - Logiciel: MegaCam - (...) [HKLM] -- {77F69001-4D35-4BEA-A074-26DA04EA0CDA}
O42 - Logiciel: SiS Audio Driver - (...) [HKLM] -- SiS7012
O42 - Logiciel: Winkaa 1.0 1.0 - (...) [HKLM] -- Winkaa 1.0
O42 - Logiciel: WunderWeb 3.0.0 - (.WunderWeb.) [HKLM] -- WunderWeb
~ Logic: 124 Legitimates Filtered in 00mn 05s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Euro Fax]
[HKCU\Software\IncrediMail]
[HKCU\Software\Montorgueil]
[HKCU\Software\SudoPlanet]
[HKCU\Software\WunderWeb]
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKLM\Software\OTask]
[HKLM\Software\SQ]
[HKLM\Software\Yahoo] =>Toolbar.Yahoo
~ Key Software: 257 Legitimates Filtered in 00mn 05s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/10/2006 - 14:00:38 - [0,008] ----D C:\Program Files\Carpe Diem
O43 - CFD: 30/04/2008 - 18:37:26 - [0,009] ----D C:\Program Files\Documents To Go
O43 - CFD: 15/06/2008 - 18:41:03 - [0,064] ----D C:\Program Files\Emoticons-plus.com
O43 - CFD: 23/11/2003 - 20:15:08 - [1,837] ----D C:\Program Files\PEP2000
O43 - CFD: 17/03/2005 - 11:55:53 - [0] ----D C:\Program Files\SpeedProject
O43 - CFD: 05/09/2003 - 19:58:43 - [0,028] ----D C:\Program Files\Tsunami_Filter_Pack_Mini
O43 - CFD: 01/05/2008 - 16:53:20 - [0] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 29/01/2007 - 13:15:31 - [4,892] ----D C:\Program Files\Fichiers communs\PWC2000
O43 - CFD: 08/02/2006 - 15:57:18 - [0,034] ----D C:\Program Files\Fichiers communs\WhenU
O43 - CFD: 20/01/2013 - 16:34:21 - [0,012] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail
O43 - CFD: 19/06/2013 - 17:53:29 - [7,608] ----D C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\IM
~ Program Folder: 257 Legitimates Filtered in 03mn 34s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.74E5A2983D77EE8A9FF3A4DB1E459818] - 25/09/2013 - 19:19:09 ---A- . (...) -- C:\Documents [160]
O44 - LFC:[MD5.107A77042160BBAACC84F9FE6DEDA59F] - 24/09/2013 - 20:26:39 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
O44 - LFC:[MD5.BA8D38BBC9E648DEBEF64AA111528D58] - 24/09/2013 - 20:26:31 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 24/09/2013 - 09:55:16 ---A- . (...) -- C:\WINDOWS\system32\TrueSight.sys [26624]
O44 - LFC:[MD5.4320AC6E22C2941134486B01EDA07D11] - 23/09/2013 - 13:04:36 ---A- . (.Dmitry Streblechenko - Outlook Redemption COM library.) -- C:\WINDOWS\system32\Scanner.dll [495616]
O44 - LFC:[MD5.4FDC8ED8BEF2A10508FECAD324E2AC2A] - 23/09/2013 - 13:04:35 ---A- . (.Kelly Ethridge - VB.EXT Core Class Library.) -- C:\WINDOWS\system32\vbcorlib.dll [4145264]
O44 - LFC:[MD5.C500123DB19EF47F2E0B5A420A04B921] - 23/09/2013 - 13:04:34 ---A- . (.Conaito - Conaito Evo VoIP client.) -- C:\WINDOWS\system32\EvoVoIP.dll [856064]
O44 - LFC:[MD5.7112190518B5AEAA05B259BBE393C9ED] - 22/09/2013 - 16:13:42 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.7FD60B174D07FE3AA7B95BBE384FCC97] - 13/09/2013 - 09:06:16 ---A- . (...) -- C:\WINDOWS\MAHJONGG.INI [41]
O44 - LFC:[MD5.4B227C8051A9D8468C4908464C14EC1A] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [24650]
O44 - LFC:[MD5.2D2214BBCF3B77992BE1794BDA3587A9] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\comsetup.log [119247]
O44 - LFC:[MD5.7CE4A07BC608F5C64FFADD3677256599] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\iis6.log [389821]
O44 - LFC:[MD5.0BDC641A375F2A633D06B96902C3DF2C] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.A536FAF27870C6AA0298ECE8B8B87050] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\netfxocm.log [62814]
O44 - LFC:[MD5.4AE537982F40EA4DCD42E968398B3154] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [72169]
O44 - LFC:[MD5.B293A7B7B738875128816D06088C5907] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\ocgen.log [171448]
O44 - LFC:[MD5.3391544B31A14469891DF9B0EEE979F8] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\ocmsn.log [19836]
O44 - LFC:[MD5.72AC5CE69438A705B9A72A0C9AED1226] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\tabletoc.log [18038]
O44 - LFC:[MD5.260EA560B13A85F68240552FD14DDE7A] - 11/09/2013 - 16:26:36 ---A- . (...) -- C:\WINDOWS\tsoc.log [163626]
O44 - LFC:[MD5.4753601B1A7DA500EFEB611A79B4CD2E] - 11/09/2013 - 16:26:35 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [358643]
O44 - LFC:[MD5.BADE18AAC901849C7BB17BAC5B8E57F1] - 11/09/2013 - 16:26:35 ---A- . (...) -- C:\WINDOWS\msgsocm.log [17922]
O44 - LFC:[MD5.AF4A3029F1FFA89FF2A5D8B6340119C1] - 11/09/2013 - 16:26:33 ---A- . (...) -- C:\WINDOWS\msmqinst.log [111422]
O44 - LFC:[MD5.31EEEB752642DC84C298559707008EDD] - 11/09/2013 - 16:26:20 ---A- . (...) -- C:\WINDOWS\updspapi.log [40879]
O44 - LFC:[MD5.8B4A881E907636C2DECA15C55990B0B5] - 11/09/2013 - 16:19:50 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.130D32B81EF95E51DD9D0B2C9DC7874A] - 11/09/2013 - 16:13:06 ---A- . (...) -- C:\WINDOWS\win.ini [1773]
~ Files: 49 Legitimates Filtered in 02mn 02s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.D98905F2E49D95F504B8BC0450C5F1FD] - 23/09/2013 - 06:22:29 ---A- - C:\WINDOWS\Prefetch\FRAMEFOX.EXE-1285825C.pf =>PUP.FrameFox
O45 - LFCP:[MD5.53753378B5C1C11614EE7266CFB35387] - 23/09/2013 - 06:22:38 ---A- - C:\WINDOWS\Prefetch\BITGUARD.EXE-0101BB75.pf =>PUP.BitGuard
O45 - LFCP:[MD5.8D3DA735F9B52CE7D1628464CC6D881C] - 23/09/2013 - 13:00:39 ---A- - C:\WINDOWS\Prefetch\OUTLOOKMESSENGERSETUP[1].EXE-10A8CAF7.pf
O45 - LFCP:[MD5.DB8A99D3506DFA57CE2F2755BB3EF0A9] - 23/09/2013 - 13:01:08 ---A- - C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0DE3261B.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.086CB32B807AA219FAF02D1025AFCEB7] - 23/09/2013 - 13:02:14 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3-5.EXE-05487A42.pf =>Adware.PlusHD
O45 - LFCP:[MD5.101D29489139B34F2D67239B1A0DDD7C] - 23/09/2013 - 13:02:34 ---A- - C:\WINDOWS\Prefetch\ROFGNIKEUIKTPC.EXE-1C0916B7.pf
O45 - LFCP:[MD5.C0EDE30F50B002EC9EB3A7F8B8356AB9] - 23/09/2013 - 13:02:56 ---A- - C:\WINDOWS\Prefetch\ALZIP.EXE-328886AF.pf
O45 - LFCP:[MD5.AC4720E2FE7655BD74F4A7629F917BD6] - 23/09/2013 - 13:02:57 ---A- - C:\WINDOWS\Prefetch\ALBNCOLLECTOR.EXE-3496DC3B.pf
O45 - LFCP:[MD5.ADA1606F9A604795FAAD79A2A0A34B23] - 23/09/2013 - 13:06:56 ---A- - C:\WINDOWS\Prefetch\OUTLOOKMESSENGER.EXE-23AABDEF.pf
O45 - LFCP:[MD5.616BC04F08C7457B139740BC938A0D87] - 23/09/2013 - 16:39:45 ---A- - C:\WINDOWS\Prefetch\TUTO4PC_WIDGET.EXE-2EEF5266.pf =>PUP.Eorezo
O45 - LFCP:[MD5.27F6C82BCC691DBF141728193CF4D484] - 23/09/2013 - 19:22:31 ---A- - C:\WINDOWS\Prefetch\UNWISE.EXE-0AFE923E.pf
O45 - LFCP:[MD5.7D4C423307340AA3E04164BFD6F7B72E] - 23/09/2013 - 19:23:08 ---A- - C:\WINDOWS\Prefetch\UNREGAAW.EXE-088D06FB.pf
O45 - LFCP:[MD5.CF987D08A01C16BBA632B684CBE689DE] - 23/09/2013 - 19:23:15 ---A- - C:\WINDOWS\Prefetch\GLB1A2B.EXE-2E9AFCB0.pf
O45 - LFCP:[MD5.697372C96E15B060B0B0A5AB17AC5716] - 23/09/2013 - 19:24:04 ---A- - C:\WINDOWS\Prefetch\SASCORE.EXE-22E1D4D0.pf
O45 - LFCP:[MD5.61DEB2F320B14426895C8A18ACDB986B] - 24/09/2013 - 09:15:41 ---A- - C:\WINDOWS\Prefetch\WCESCOMM.EXE-062FDF7F.pf
O45 - LFCP:[MD5.2D9DE15C344764BAF49AE60609710774] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\MYSQLD-NT.EXE-20E33EF6.pf
O45 - LFCP:[MD5.7875397FE2336013F1363E3D87D07556] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\ORANGEINSIDE.EXE-033DBE1D.pf
O45 - LFCP:[MD5.98C02B2DAB59E8A349040A62D08963E5] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\RAPIMGR.EXE-086AD32F.pf
O45 - LFCP:[MD5.A372EF30ED1ECFC7DC3564CA2295447F] - 24/09/2013 - 09:20:43 ---A- - C:\WINDOWS\Prefetch\UPDATERSERVICE.EXE-38536B88.pf
O45 - LFCP:[MD5.07AFDDB7CD6A6CF26DED1D97288C1B44] - 24/09/2013 - 09:24:48 ---A- - C:\WINDOWS\Prefetch\UPT4PC_FR_63.EXE-3B1093E7.pf
O45 - LFCP:[MD5.38545D02CD6AF0CD526CBB83C2B435F3] - 24/09/2013 - 09:25:24 ---A- - C:\WINDOWS\Prefetch\TUTO4PC_FR_63.EXE-09D28613.pf =>PUP.Eorezo
O45 - LFCP:[MD5.EC1EAF88A44019634B4341DE2639FCA4] - 24/09/2013 - 09:50:54 ---A- - C:\WINDOWS\Prefetch\84C8D1A4-C6AA-46A4-84D3-2D96E-1296B14F.pf
O45 - LFCP:[MD5.B8F61F6848E9C355D4B917BDDCC32788] - 24/09/2013 - 14:46:00 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-2AAB6361.pf
O45 - LFCP:[MD5.F5599CF05BF3D1C705699F8A1A8B1755] - 24/09/2013 - 15:12:43 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-BG.EXE-02EAD3CA.pf =>Adware.PlusHD
O45 - LFCP:[MD5.990EB51F09BF9C491B814958B5B0812F] - 24/09/2013 - 17:15:17 ---A- - C:\WINDOWS\Prefetch\DUUQUCRASHHANDLER.EXE-30FB2A3D.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.1250CA0B8D82AFC4894B15EF7B28BCC6] - 24/09/2013 - 19:03:25 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-CODEDOWNLOADER.EX-27679EFA.pf =>Adware.PlusHD
O45 - LFCP:[MD5.91C67571375CEF703FB59745DF732922] - 24/09/2013 - 19:04:52 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-ENABLER.EXE-0243AC48.pf =>Adware.PlusHD
O45 - LFCP:[MD5.5D2B205E9782881BB8ED93FE98174DF4] - 24/09/2013 - 20:20:15 ---A- - C:\WINDOWS\Prefetch\UPDATEWUNDERWEB.EXE-1D2FAEDD.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 06s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" [Enabled] .(...) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\WinFax eXPert\WinFax.exe" [Enabled] .(...) -- C:\Program Files\WinFax eXPert\WinFax.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\WinFax eXPert\BvrpKrnl.exe" [Enabled] .(...) -- C:\Program Files\WinFax eXPert\BvrpKrnl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\coktel\ADI5\TTS\SpeechCube.exe" [Disabled] .(...) -- C:\coktel\ADI5\TTS\SpeechCube.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\WJSCFRBT\incredimail_install[1].exe" [Enabled] .(...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\WJSCFRBT\incredimail_install[1].exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\IncMail.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\ImApp.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\0C9NNO1T\BubblehitSetup[1].exe" [Enabled] .(...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Temporary Internet Files\Content.IE5\0C9NNO1T\BubblehitSetup[1].exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Outlook Messenger\OutlookMessenger.exe" [Enabled] .(.Srimax Software System.) -- C:\Program Files\Outlook Messenger\OutlookMessenger.exe
~ Keys Export: 28 Legitimates Filtered in 00mn 03s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (...) -- C:\WINDOWS\system32\gebya.dll
~ LSA: 7 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Easy-PrintToolBox [Key] . (...) -- C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\OpScheduler [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Opware14 [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PDF Converter Registry Controller [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SSBkgdUpdate [Key] . (...) -- C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SSPrnAgent [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WhenUSearch [Key] . (...) -- C:\Program Files\WhenUSearch\Search.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WhenUSearchWHSE [Key] . (...) -- C:\Program Files\WhenUSearch\whse.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WorkFlowTray [Key] . (...) -- C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe (.not file.)
~ SMSR Keys: 17 Legitimates Filtered in 00mn 01s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.FA72FA503F580C3C628DD8C7D7622E37] - 30/08/2013 - 08:48:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/09/2013 - 13:56:39 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Recent\chez Eveline.lnk [534]
O61 - LFC: 22/09/2013 - 16:32:47 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Recent\MegaCam.lnk [423]
O61 - LFC: 23/09/2013 - 12:36:39 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [7246]
O61 - LFC: 23/09/2013 - 12:46:25 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Internet Explorer\Desktop.htt [2724]
O61 - LFC: 23/09/2013 - 12:46:57 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat [6854]
O61 - LFC: 23/09/2013 - 13:03:24 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\avgchrome\avgp [15415]
O61 - LFC: 23/09/2013 - 13:05:28 -S-A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1606980848-839522115-1003\8895bd1f0432cb55fb56db375ef9d8fe_5ae7043f-d906-4ba6-a63b-3825be57b3b4 [82]
O61 - LFC: 23/09/2013 - 13:05:28 -S-A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1606980848-839522115-1003\fab1c32e3949ceaa74a47b78146214ef_5ae7043f-d906-4ba6-a63b-3825be57b3b4 [82]
O61 - LFC: 23/09/2013 - 13:05:38 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Mes documents\OMessenger\settings\ARTISTES SERVICES.xml [715]
O61 - LFC: 23/09/2013 - 15:39:02 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Favoris\Accueil de Cjoint.com.url [1082]
O61 - LFC: 23/09/2013 - 19:46:04 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Mes documents\OMessenger\ARTISTES SERVICES@GUILLAUME [2]
O61 - LFC: 23/09/2013 - 19:46:04 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Mes documents\OMessenger\OM004.dat [2]
O61 - LFC: 24/09/2013 - 11:48:29 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Recent\ZHPDiag.txt.lnk [507] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 15:23:01 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 15:23:01 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 20:21:42 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\Internet Explorer.lnk [901]
O61 - LFC: 24/09/2013 - 20:21:42 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (Aucun module complémentaire).lnk [781]
O61 - LFC: 24/09/2013 - 20:21:42 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\Programmes\Internet Explorer.lnk [769]
O61 - LFC: 24/09/2013 - 20:21:43 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk [781]
O61 - LFC: 24/09/2013 - 20:21:43 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk [781]
O61 - LFC: 24/09/2013 - 20:22:20 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences [15415]
O61 - LFC: 24/09/2013 - 20:26:12 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1202660629-1606980848-839522115-1003\Credentials [2730]
O61 - LFC: 25/09/2013 - 09:12:40 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\ZHP\ZHPDiag.txt [51419] =>.Nicolas Coolman
O61 - LFC: 25/09/2013 - 12:18:40 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\IECompatCache\index.dat [868352]
O61 - LFC: 25/09/2013 - 12:18:40 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\PrivacIE\index.dat [16187392]
O61 - LFC: 25/09/2013 - 12:26:12 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Favoris\Connexion.url [820]
O61 - LFC: 25/09/2013 - 19:18:13 -SHA- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\IETldCache\index.dat [262144]
O61 - LFC: 25/09/2013 - 19:27:46 ---A- . (...) -- C:\Documents and Settings\ARTISTES SERVICES\Application Data\ZHP\Log.txt [128271] =>.Nicolas Coolman
~ 32 Fichiers temporaires (Temporary files)
~ 291 Fichiers cookies (Cookies files)
~ Files: 510 Legitimates Filtered in 06mn 54s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/03/2003 - Pas de propriétaire (BANTExt) .(...) - LEGACY_BANTEXT
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (BTKRNL) .(...) - LEGACY_BTKRNL
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (FILESpy) .(...) - LEGACY_FILESPY
O64 - Services: CurCS - 05/10/2004 - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia Licensing Service) .(.Pas de propriétaire - System Level Service Utilty.) - LEGACY_MACROMEDIA_LICENSING_SERVICE
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (MySQL) .(...) - LEGACY_MYSQL
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (Profos) .(...) - LEGACY_PROFOS
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (REGSpy) .(...) - LEGACY_REGSPY
~ Legacy: 169 Legitimates Filtered in 00mn 11s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" http://www.qvo6.com =>Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {843F9ABB-E35F-4E11-A9AB-C70351ABBFE7} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Program Files\Keygen winace 2.20.exe
~ Files: Scanned in 07mn 33s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FA4AC51F114492B9973A3C6F640169F9] [SPRF][11/04/2006] (...) -- C:\Documents and Settings\ARTISTES SERVICES\Local Settings\Application Data\fusioncache.dat [140]
[MD5.BC5E5F0E9AC9AB1FCA186FA7ADC7955F] [SPRF][25/10/2004] (.Netopsystems AG - Netopsystems FEAD Recomposer.) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\AdbeRdr60_fra_full.exe [18810320]
[MD5.73499DB2B0D7A4BE39502DF36D1932CA] [SPRF][19/08/2005] (.DivX Networks, Inc. - DivX 6.0, DivX Player 6.0 (DVXA).) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\DivXPlay.exe [7739192]
[MD5.488804D7E9732487D3A16C83850765DC] [SPRF][27/07/2005] (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\iTunesSetup.exe [22786672]
[MD5.F14FC50CBDC621AEC539CA9F0A1F3C0F] [SPRF][01/07/2004] (...) -- C:\Documents and Settings\ARTISTES SERVICES\Bureau\PDFCreator-Setup-0_7_1.exe [7749804]
[MD5.F0A8F6A7A6C9CE86DCAEFB15387FE431] [SPRF][06/07/2006] (...) -- C:\Program Files\Keygen winace 2.20.exe [70144]
[MD5.7258B3B943025D6B1BD6F311EAADA565] [SPRF][14/07/2002] (...) -- C:\Program Files\Traduction francaise winace 2.20.exe [318743]
[MD5.271D80553FB8646F1AC38CB2A099B2F6] [SPRF][14/07/2002] (.e-merge GmbH - http://www.winace.com.) -- C:\Program Files\Winace 2.20.exe [2826786]
~ Files: 17 Legitimates Filtered in 00mn 08s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CD705E2C14F0084A79D58861F77C4138] [WIS][20/01/2013] (.Nom de votre société - Photo Notifier and Animation Creator.) -- C:\Windows\Installer\16d6b08.msi [1106944]
[MD5.A71C25CAB8BCE94F8F4596781E271ADE] [WIS][30/09/2008] (./ - Runtime 8.0 Libraries.) -- C:\Windows\Installer\6a10610.msi [148992]
~ WIS: 81 Legitimates Filtered in 00mn 43s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 23/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 26/06/2008 31592 | (getPlus(R) Helper) . (.NOS Microsystems Ltd..) - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
SR - | Demand 16/08/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 12/06/2013 182184 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 05/10/2004 68096 | (Macromedia Licensing Service) . (...) - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
SR - | Auto 10/07/1658 0 | (MySQL) . (...) - C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt"
SS - | Auto 29/09/2004 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Disabled 14/01/2005 53248 | (STI Simulator) . (...) - C:\WINDOWS\System32\PAStiSvc.exe
SR - | Auto 12/09/2013 5071712 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
~ Services: Scanned in 00mn 52s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ARTISTES SERVICES at 25/09/2013 20:43:55
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 05s
---\\ Scan Additionnel (O88)
Database Version : 12930 - (23/09/2013)
Clés trouvées (Keys found) : 15
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 12
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1fc80e00-41b0-4f74-bc16-2c83ed49cac9}] =>Trojan.FakeAlert
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSearch] =>Adware.WhenUSearch
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSearchWHSE] =>Adware.WhenUSearch
C:\Program Files\Yahoo! =>Toolbar.Yahoo^
C:\Program Files\Fichiers communs\WhenU =>Adware.WhenUSearch
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKLM\Software\Yahoo] =>Toolbar.Yahoo^
C:\WINDOWS\Prefetch\FRAMEFOX.EXE-1285825C.pf =>PUP.FrameFox^
C:\WINDOWS\Prefetch\BITGUARD.EXE-0101BB75.pf =>PUP.BitGuard^
C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0DE3261B.pf =>Toolbar.Wajam^
C:\WINDOWS\Prefetch\PLUS-HD-3-5.EXE-05487A42.pf =>Adware.PlusHD^
C:\WINDOWS\Prefetch\TUTO4PC_WIDGET.EXE-2EEF5266.pf =>PUP.Eorezo^
C:\WINDOWS\Prefetch\TUTO4PC_FR_63.EXE-09D28613.pf =>PUP.Eorezo^
C:\WINDOWS\Prefetch\PLUS-HD-3.5-BG.EXE-02EAD3CA.pf =>Adware.PlusHD^
C:\WINDOWS\Prefetch\DUUQUCRASHHANDLER.EXE-30FB2A3D.pf =>Toolbar.DeltaSearch^
C:\WINDOWS\Prefetch\PLUS-HD-3.5-CODEDOWNLOADER.EX-27679EFA.pf =>Adware.PlusHD^
C:\WINDOWS\Prefetch\PLUS-HD-3.5-ENABLER.EXE-0243AC48.pf =>Adware.PlusHD^
~ Additionnel Scan: 280412 Items scanned in 04mn 38s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/32789922-pup-framefox =>PUP.FrameFox
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/29006589-adware-whenusearch =>Adware.WhenUSearch
~ MSI: 10 link(s) detected in 04mn 38s
~ 1805 Legitimates filtered by white list
End of the scan (641 lines in 29mn 49s)(1) -
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600 Service Pack 3
28/11/2009 18:07:38
mbam-log-2009-11-28 (18-07-38).txt
Type de recherche: Examen rapide
Eléments examinés: 69
Temps écoulé: 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté) -
https://forums.commentcamarche.net/forum/affich-28757582-mon-ordinateur-est-tres-lent?page=2#41
Pas la bonne version obsolète!
-
j'ai désinstallé la version que j'avais et j'ai réinstallé la version que vous m'avez donné.
-
Faire un scan complet
- 1
- 2
- 3
- 4
Suivant
