Trojan sur mon ordi

guepard123 Messages postés 61 Statut Membre -  
lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

apperemment j ai pris un trojan
que faire

20 réponses

  1. guepard123 Messages postés 61 Statut Membre
     
    voici mon hijactis
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:56:19, on 22/09/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16448)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.jerecherche.org/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jerecherche.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.jerecherche.org/keyword/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jerecherche.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.jerecherche.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111912&tt=3812_4&babsrc=HP_ss&mntrId=b8a7cab200000000000002f803f80000
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=12&barid={D6A9B5E8-D963-11E1-BB2F-485B39A1A1B3}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jerecherche.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {249d74a3-bd19-4657-b6ce-e62f480a20de} - (no file)
    R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
    R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    O2 - BHO: CrossriderApp0004479 - {11111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~1\MAPSGA~2\bar\1.bin\39bar.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
    O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
    O2 - BHO: SpecialSavings - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SpecialSavings\SpecialSavingsSinged.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll
    O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll
    O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll
    O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~1\MAPSGA~2\bar\1.bin\39brmon.exe
    O4 - HKLM\..\Run: [Boxore Client] C:\Program Files\Boxore\BoxoreClient\boxore.exe
    O4 - HKLM\..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
    O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe /startup
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\regis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
    O9 - Extra button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SpecialSavings\SpecialSavingsSinged.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.chat-land.org
    O20 - AppInit_DLLs: c:\progra~2\pcperf~1\22639~1.201\{16cdf~1\pcpmngr.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: Avira Planificateur (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Protection temps réel (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
    O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~1\MAPSGA~2\bar\1.bin\39barsvc.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: PC Performer Manager - Unknown owner - C:\ProgramData\PC Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\pcpmngr.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
    O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Software Update Service (supdate) (supdate) - Unknown owner - C:\Program Files\Software\Update\SoftwareUpdate.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
    O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    0
  2. Utilisateur anonyme
     
    salut, je te redirige dans sécurité/virus la materiel c'est pas trop ca^^
    bn chance...
    0
  3. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Tu as dû installer des logiciels potentiellement indésirables

    Pour éviter ce genre de problème :

    - Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects. A noter que certains sites connus comme O1net, Softronic, Tuto4PC, etc modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires ==> Préfère toujours le téléchargement directement sur le site de l'éditeur.

    - Au cours de l'installation d'un programme gratuit, lis bien attentivement et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils.

    Pour ton information lis ces dossier sur les Programmes Potentiellement Indésirables et Les Barres d'Outils ce n'est pas obligatoires

    * Télécharge cet outil simple d'utilisation

    http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner (de Xplode) sur ton bureau.

    * Si problème avec le 1er lien prends le ici https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/

    * Lance le (Sous vista/seven/8 clic droit dessus,et sur exécuter en tant qu'administrateur)si tu es sous xp double cliques dessus

    * Cliques sur scanner
    * Poste le rapport de recherche C:\Adwcleaner[R]

    * Note le rapport de recherche est également sauvegardé sous C:\Adwcleaner[R1]

    0
  4. guepard123 Messages postés 61 Statut Membre
     
    bonjour
    voici le rapport adwclenear
    AdwCleaner v3.015 - Rapport créé le 15/12/2013 à 14:05:23
    # Mis à jour le 10/12/2013 par Xplode
    # Système d'exploitation : Windows 7 Professional Service Pack 1 (32 bits)
    # Nom d'utilisateur : regis - REGIS-PC
    # Exécuté depuis : C:\Users\regis\Downloads\adwcleaner-3.015.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : BackupStack

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:\Program Files\MyPC Backup
    Dossier Supprimé : C:\Users\regis\AppData\Local\iac
    Dossier Supprimé : C:\Users\regis\AppData\LocalLow\iac
    Dossier Supprimé : C:\Users\regis\AppData\Roaming\Systweak
    Dossier Supprimé : C:\Users\regis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    Fichier Supprimé : C:\Users\regis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    Fichier Supprimé : C:\Users\regis\Desktop\MyPC Backup.lnk
    Fichier Supprimé : C:\Users\regis\AppData\Roaming\Mozilla\Firefox\Profiles\ns2l7cth.default\invalidprefs.js
    Fichier Supprimé : C:\Users\regis\AppData\Roaming\Mozilla\Firefox\Profiles\ns2l7cth.default\searchplugins\bingp.xml
    Fichier Supprimé : C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
    Fichier Supprimé : C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
    Fichier Supprimé : C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
    Fichier Supprimé : C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
    Fichier Supprimé : C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
    Fichier Supprimé : C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
    Clé Supprimée : HKCU\Software\Conduit
    Clé Supprimée : HKCU\Software\IM
    Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
    Clé Supprimée : HKLM\Software\systweak
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E25BB07-62EB-476F-87FC-6AF426AB059E}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\70BB52E0BE26F67478CFA64F62BA50E9
    Clé Supprimée : HKLM\Software\Classes\Installer\Features\70BB52E0BE26F67478CFA64F62BA50E9
    Clé Supprimée : HKLM\Software\Classes\Installer\Products\70BB52E0BE26F67478CFA64F62BA50E9

    ***** [ Navigateurs ] *****

    -\\ Internet Explorer v11.0.9600.16428

    -\\ Mozilla Firefox v26.0 (fr)

    [ Fichier : C:\Users\regis\AppData\Roaming\Mozilla\Firefox\Profiles\ns2l7cth.default\prefs.js ]

    Ligne Supprimée : user_pref("CT2494504_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384700826170,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    Ligne Supprimée : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Ligne Supprimée : user_pref("extensions.crossrider.bic", "13af039b688a1a32291dc6f251923463");
    Ligne Supprimée : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2494504&SearchSource=2&CUI=UN21599992292620010&UM=1&q=");
    Ligne Supprimée : user_pref("plugin.state.npconduitfirefoxplugin", 2);
    Ligne Supprimée : user_pref("smartbar.machineId", "BBH0HDUXRXIYLQYCJUVURPLRPDIQP93XZFOWYUFEZ3WGTTPZMFDXMBTQ8S2T+HT+VTZCZI+QDXLZ4ZXUYVTHBW");

    -\\ Google Chrome v

    [ Fichier : C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Supprimée : icon_url
    Supprimée : search_url
    Supprimée : keyword

    *************************

    AdwCleaner[R0].txt - [10538 octets] - [15/12/2013 09:21:18]
    AdwCleaner[S0].txt - [5262 octets] - [15/12/2013 14:05:23]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5322 octets] ##########
    merci encore
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    * Télécharge ZHPDiag (de Nicolas Coolman)
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html ou https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

    * Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
    ftp://zebulon.fr/ZHPDiag2.exe

    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

    * Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin
    https://www.cjoint.com/13sp/CIvuQfap3YY_zhpdiag.png

    * A l'ouverture du logiciel il te sera proposé deux options "rechercher" et "configurer"

    * Cliques sur configurer

    * Options puis tous

    * Clique sur l'icône représentant une loupe + (« Lancer le diagnostic »)

    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette

    * Pour héberger le rapport, rends toi sur cjoint.com
    * Clique sur choisissez un fichier va chercher le rapport dans ton PC.

    * Le rapport est sauvegardé dans C:\ZHP\ZHPDiag.txt

    * Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir

    * Choisis le type de diffusion(je te conseille privée 4 jours il sera détruit)

    * Puis cliques sur créer le lien cjoint

    * Une fois que tu auras obtenu le lien copies colle dans ta prochaine réponse

    * Pour t'aider http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html
    0
  7. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Désinstalles

    => McAfee Security Scan Plus v3.8.130.10

    * Télécharge sur le bureau RogueKiller

    * Quitte tous tes programmes en cours.

    * Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur

    * Sinon lance simplement RogueKiller.exe

    * Patiente pendant le pre-scan, puis clique sur le bouton Scan

    * Un rapport RKreport.txt a du se créer sur le bureau, poste-le.

    Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.

    0
  8. guepard123 Messages postés 61 Statut Membre
     
    RogueKiller V8.7.11 [Dec 3 2013] par Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Remontees : http://www.adlice.com/forum/
    Site Web : https://www.luanagames.com/index.fr.html
    Blog : http://tigzyrk.blogspot.com/

    Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Demarrage : Mode normal
    Utilisateur : regis [Droits d'admin]
    Mode : Recherche -- Date : 12/15/2013 23:33:05
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrees de registre : 3 ¤¤¤
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

    ¤¤¤ Tâches planifiées : 0 ¤¤¤

    ¤¤¤ Entrées Startup : 0 ¤¤¤

    ¤¤¤ Navigateurs web : 0 ¤¤¤

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver : [CHARGE] ¤¤¤
    [Address] SSDT[84] : NtCreateSection @ 0x82E3313D -> HOOKED (Unknown @ 0x8EAA84FE)
    [Address] SSDT[299] : NtRequestWaitReplyPort @ 0x82E4DB22 -> HOOKED (Unknown @ 0x8EAA8508)
    [Address] SSDT[316] : NtSetContextThread @ 0x82EED84F -> HOOKED (Unknown @ 0x8EAA8503)
    [Address] SSDT[347] : NtSetSecurityObject @ 0x82E11805 -> HOOKED (Unknown @ 0x8EAA850D)
    [Address] SSDT[368] : NtSystemDebugControl @ 0x82E95802 -> HOOKED (Unknown @ 0x8EAA8512)
    [Address] SSDT[370] : NtTerminateProcess @ 0x82E6AD9A -> HOOKED (Unknown @ 0x8EAA849F)
    [Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8EAA8526)
    [Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8EAA852B)
    [Inline] EAT @firefox.exe (?UndefinedHandleValue@JS@@3V?$Handle@VValue@JS@@@1@B) : mozjs.dll -> HOOKED (Unknown @ 0x64C511B1)
    [Inline] EAT @firefox.exe (?singleton@CrossCompartmentWrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x4CC4D6CC)
    [Inline] EAT @firefox.exe (?singleton@Wrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x64C4DBDC)
    [Inline] EAT @firefox.exe (?singletonWithPrototype@Wrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x65C4DBF0)

    ¤¤¤ Ruches Externes: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500630AS ATA Device +++++
    --- User ---
    [MBR] e9c8c3f8a75188193c96f7d42e38a73c
    [BSP] 9f4c4ca60399d1368ea8d636164f958c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476836 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Termine : << RKreport[0]_S_12152013_233305.txt >>

    ci joint le rapport de roguekiller
    apparemment il a trouve des virus
    0
    1. guepard123 Messages postés 61 Statut Membre
       
      bonjour
      mon ordi va beaucoup mieux mais je ne sais si les problemes de virus son completement resolu
      pourriez vous me rassurer
      merci encore
      0
  9. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    * Quitte tous tes programmes en cours

    * Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur

    * Sinon lance simplement RogueKiller.exe

    * Patiente pendant le pre-scan, clique sur Scan

    * Vérifie que tous les éléments sont cochés puis clique sur Suppression

    * Poste le rapport RKreport.txt présent sur le bureau.
    0
  10. guepard123 Messages postés 61 Statut Membre
     
    bonsoir
    voici le rapport qu en pensez vous
    RogueKiller V8.7.12 [Dec 14 2013] par Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Remontees : http://www.adlice.com/forum/
    Site Web : https://www.luanagames.com/index.fr.html
    Blog : https://www.adlice.com/

    Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Demarrage : Mode normal
    Utilisateur : regis [Droits d'admin]
    Mode : Suppression -- Date : 12/17/2013 00:10:05
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrees de registre : 0 ¤¤¤

    ¤¤¤ Tâches planifiées : 0 ¤¤¤

    ¤¤¤ Entrées Startup : 0 ¤¤¤

    ¤¤¤ Navigateurs web : 0 ¤¤¤

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver : [NON CHARGE 0xc0000033] ¤¤¤

    ¤¤¤ Ruches Externes: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500630AS ATA Device +++++
    --- User ---
    [MBR] e9c8c3f8a75188193c96f7d42e38a73c
    [BSP] 9f4c4ca60399d1368ea8d636164f958c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476836 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Termine : << RKreport[0]_D_12172013_001005.txt >>
    RKreport[0]_D_12152013_233818.txt;RKreport[0]_S_12152013_233305.txt;RKreport[0]_S_12172013_000932.txt

    merci encore
    0
  11. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Très bien :)

    Refais un zhpdiag
    0
  12. guepard123 Messages postés 61 Statut Membre
     
    bonsoir
    ci joint le fichier zhpdiag
    merci encore

    ~ Rapport de ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
    ~ Lancé par regis (23/12/2013 21:01:11)
    ~ Adresse du Site Web https://nicolascoolman.webs.com/
    ~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    ---\\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16476
    MFIE: Mozilla Firefox 26.0 (Defaut)
    GCIE: Google Chrome v24.0.1312.57

    ---\\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : PV9HW
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    ---\\ Logiciels de protection du système
    Avira Free Antivirus v14.0.2.286
    Malwarebytes Anti-Malware version 1.75.0.1300
    McAfee Security Scan Plus v3.8.130.10
    Windows Defender W7

    ---\\ Logiciels d'optimisation du système

    ---\\ Logiciels de partage PeerToPeer

    ---\\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI

    ---\\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2047 MB (52% free)
    System Restore: Activé (Enable)
    System drive C: has 407 GB (87%) free of 466 GB

    ---\\ Mode de connexion au système
    ~ Computer Name: REGIS-PC
    ~ User Name: regis
    ~ All Users Names: UpdatusUser, regis, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    ---\\ Variables d'environnement
    ~ System Unit : C:\
    ~ %AppZHP% : C:\Users\regis\AppData\Roaming\ZHP\
    ~ %AppData% : C:\Users\regis\AppData\Roaming\
    ~ %Desktop% : C:\Users\regis\Desktop\
    ~ %Favorites% : C:\Users\regis\Favorites\
    ~ %LocalAppData% : C:\Users\regis\AppData\Local\
    ~ %StartMenu% : C:\Users\regis\AppData\Roaming\Microsoft\Windows\Start Menu\
    ~ %Windir% : C:\Windows\
    ~ %System% : C:\Windows\System32\

    ---\\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 407 Go of 466 Go)
    D: CD-ROM drive (Not Inserted)

    ---\\ Etat du Centre de Sécurité Windows
    ~ Security Center: 38 Legitimates Filtered in 00mn 00s

    ---\\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
    [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 07:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
    [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
    [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
    [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 00s

    ---\\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/14
    ~ Mes Videos (My Videos) : 1/4
    ~ Mes Favoris (My Favorites) : 1/19
    ~ Mes Documents (My Documents) : 1/74
    ~ Mon Bureau (My Desktop) : 1/4481
    ~ Menu demarrer (Programs) : 1/27
    ~ Hidden Files: Scanned in 00mn 02s

    ---\\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2380]
    [MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2944]
    [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3664]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\regis\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.2684]
    [MD5.672593A4AAAB8DC8C0A5C4C1AD0A6048] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18680424] [PID.3716]
    [MD5.D3D4BD94434A9CB4B35E82283EAE8EFB] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [273296] [PID.3744]
    [MD5.AE5A69F44C1F97EDC83237FC0B29B6FB] - (.Google Inc. - Google Crash Handler.) -- C:\Users\regis\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe [212432] [PID.2708]
    [MD5.D645B082E49F8655F14C61DB4EEBBA1D] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe [367016] [PID.3604]
    [MD5.59A409BAB55E72D33409A8A99F50DB17] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe [264616] [PID.3764]
    [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.5604]
    ~ Processes Running: Scanned in 00mn 00s

    ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Preferences
    G1 - GCS: Preference [User Data\Default] https://www.google.com/?gws_rd=ssl
    ~ Google Browser: 1 Legitimates Filtered in 00mn 09s

    ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:\Users\regis\AppData\Roaming\Mozilla\Firefox\Profiles\ns2l7cth.default\prefs.js
    M2 - MFEP: prefs.js [regis - ns2l7cth.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (..)
    ~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
    F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    ---\\ Autres liens utilisateurs (O4)
    O4 - GS\Desktop [Public]: Augmentez la vitesse de votre ordinateur !.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\IncrediMail\Bin\Iobit.url (.not file.)
    O4 - GS\Desktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
    O4 - GS\Desktop [Public]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
    O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\Desktop [Public]: Utilitaire de configuration sans fil.lnk . (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
    O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\QuickLaunch [regis]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O4 - GS\QuickLaunch [regis]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\TaskBar [regis]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\regis\AppData\Local\Google\Chrome\Application\chrome.exe
    O4 - GS\TaskBar [regis]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\TaskBar [regis]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\Program [regis]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\SystemTools [regis]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Desktop [regis]: carte grise opel vendu.lnk . (...) -- C:\Users\regis\Pictures\2012-10-31\001.jpg
    O4 - GS\Desktop [regis]: Downloads.lnk . (...) -- C:\Users\regis\Downloads
    O4 - GS\Desktop [regis]: emule - Raccourci.lnk . (.https://www.emule-project.net/home/perl/general.cgi?l=1 - eMule.) -- C:\Program Files\eMule\emule.exe
    O4 - GS\Desktop [regis]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\regis\AppData\Local\Google\Chrome\Application\chrome.exe
    ~ Global Startup: 81 Legitimates Filtered in 00mn 03s

    ---\\ Applications lancées au démarrage du sytème (O4)
    O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    O4 - GS\Startup [Public]: Utilitaire de configuration sans fil.lnk . (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
    O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
    O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\regis\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
    O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-21-4048668918-317212966-2366150432-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\regis\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
    O4 - HKUS\S-1-5-21-4048668918-317212966-2366150432-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
    ~ Application: Scanned in 00mn 00s

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
    ~ Objets ActiveX: Scanned in 00mn 00s

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2999D5-2353-484E-9ACE-B221CC3863C1}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FCF3F6B-55B3-4DD9-AAC8-02915EE8A665}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4F2999D5-2353-484E-9ACE-B221CC3863C1}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7FCF3F6B-55B3-4DD9-AAC8-02915EE8A665}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4F2999D5-2353-484E-9ACE-B221CC3863C1}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7FCF3F6B-55B3-4DD9-AAC8-02915EE8A665}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    ~ Domain: Scanned in 00mn 00s

    ---\\ Protocole additionnel (O18)
    O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    ---\\ Tâches planifiées en automatique (O39)
    [MD5.1F5A2D61E31AABFF329E4580DAD29702] [APT] [{3E6663EA-FF9A-4FEB-AED8-EC7E22189F2E}] (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [512000]
    [MD5.1F5A2D61E31AABFF329E4580DAD29702] [APT] [{841D96BB-4E8D-4B0D-AEBE-0628251E9139}] (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [512000]
    ~ Scheduled Task: 13 Legitimates Filtered in 00mn 05s

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
    O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
    ~ Logic: 13 Legitimates Filtered in 00mn 00s

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\IncrediMail]
    [HKCU\Software\Phison]
    ~ Key Software: 150 Legitimates Filtered in 00mn 00s

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 04/07/2012 - 21:40:48 - [26,463] ----D C:\Program Files\IncrediMail
    O43 - CFD: 15/12/2013 - 14:05:25 - [0,004] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
    O43 - CFD: 04/07/2012 - 21:41:21 - [0] ----D C:\ProgramData\IM
    O43 - CFD: 04/07/2012 - 21:40:48 - [6,697] ----D C:\ProgramData\IncrediMail
    O43 - CFD: 02/11/2012 - 17:51:39 - [678,482] ----D C:\Users\regis\AppData\Local\IM
    ~ 49 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 181 Legitimates Filtered in 00mn 18s

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.326B9B781F50578FDBE831C48E30BEEB] - 14/12/2013 - 23:56:45 ---A- . (...) -- C:\Windows\ntbtlog.txt [2330538]
    O44 - LFC:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 17/12/2013 - 00:08:37 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp32.sys.bak [10216]
    O44 - LFC:[MD5.0F24624106D8042E7F27882D9D6FF5C0] - 17/12/2013 - 00:08:37 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys.bak [6504]
    O44 - LFC:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] - 17/12/2013 - 00:08:38 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys.bak [12400]
    O44 - LFC:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 17/12/2013 - 00:08:38 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp64.sys.bak [11832]
    O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 17/12/2013 - 00:08:45 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
    O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 17/12/2013 - 00:09:17 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
    ~ Files: 348 Legitimates Filtered in 00mn 55s

    ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 - LFCP:[MD5.795891D0715E37F91C918D7BBA60F69C] - 21/12/2013 - 15:47:28 ---A- - C:\Windows\Prefetch\CCUAC.EXE-E2BC9557.pf
    O45 - LFCP:[MD5.9ADB54508A75C3A6EB92C2B9B67652FF] - 23/12/2013 - 20:48:24 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-E138605A.pf
    O45 - LFCP:[MD5.BBCFF45BA931AF164C5574010851205A] - 23/12/2013 - 20:58:25 ---A- - C:\Windows\Prefetch\IMLPP.EXE-8B4B9E1E.pf
    O45 - LFCP:[MD5.4F6889C1C9A255914A86B3DA2E9B79C6] - 23/12/2013 - 20:58:35 ---A- - C:\Windows\Prefetch\IMAPP.EXE-005076D7.pf
    O45 - LFCP:[MD5.B1D4B2152BB37B197CC9C81F68CFB59F] - 23/12/2013 - 21:02:37 ---A- - C:\Windows\Prefetch\IMBPP.EXE-8150060C.pf
    O45 - LFCP:[MD5.A32D37326450E2D2919FB4553929118A] - 23/12/2013 - 21:02:37 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-8674A44D.pf
    ~ Prefetcher: 135 Legitimates Filtered in 00mn 01s

    ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 - SMSR:HKLM\...\startupreg\appinfo [Key] . (...) -- C:\Users\regisappinfo.exe (.not file.)
    O53 - SMSR:HKLM\...\startupreg\tempHome [Key] . (...) -- C:\Users\regis\AppData\Local\Temp\racourci.vbe (.not file.)
    ~ SMSR Keys: 2 Legitimates Filtered in 00mn 00s

    ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    ---\\ Liste des pilotes du système (SDL) (O58)
    O58 - SDL:[MD5.0F24624106D8042E7F27882D9D6FF5C0] - 13/05/2009 - 18:11:34 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [6504]
    O58 - SDL:[MD5.0F24624106D8042E7F27882D9D6FF5C0] - 17/12/2013 - 00:08:37 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys.bak [6504]
    O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 04/01/2008 - 12:34:42 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp32.sys [10216]
    O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 17/12/2013 - 00:08:37 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp32.sys.bak [10216]
    O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 04/01/2008 - 12:34:48 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp64.sys [11832]
    O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 17/12/2013 - 00:08:38 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp64.sys.bak [11832]
    O58 - SDL:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] - 17/12/2007 - 16:14:06 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [12400]
    O58 - SDL:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] - 17/12/2013 - 00:08:38 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys.bak [12400]
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 17/12/2013 - 00:08:45 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
    O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
    O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 17/12/2013 - 00:08:49 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624]
    O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 10/11/2013 - 09:42:42 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
    O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/12/2013 - 00:09:17 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys.bak [28520]
    O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
    O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 17/12/2013 - 00:09:17 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
    O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
    O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
    O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
    O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
    O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
    O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
    O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
    O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
    O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
    O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
    O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
    O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
    O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
    O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
    O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
    ~ Drivers: 16 Legitimates Filtered in 00mn 01s

    ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 - LFC: 21/12/2013 - 21:04:23 ---A- . (...) -- C:\Users\regis\cv regis\regis garbe.pdf [76178]
    O61 - LFC: 23/12/2013 - 21:03:24 ---A- . (...) -- C:\Users\regis\AppData\Local\IM\content.xml [24002]
    O61 - LFC: 23/12/2013 - 21:04:23 ---A- . (...) -- C:\Users\regis\AppData\Roaming\ZHP\Log.txt [16629] =>.Nicolas Coolman
    O61 - LFC: 23/12/2013 - 21:04:23 ---A- . (...) -- C:\Users\regis\AppData\Roaming\ZHP\TestsZHPDiag.txt [2811] =>.Nicolas Coolman
    O61 - LFC: 23/12/2013 - 21:04:23 ---A- . (...) -- C:\Users\regis\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
    O61 - LFC: 23/12/2013 - 21:04:23 ---A- . (...) -- C:\Users\regis\AppData\Roaming\ZHP\ZHPDiag.txt [38725] =>.Nicolas Coolman
    ~ 45 Fichiers temporaires (Temporary files)
    ~ Files: 168 Legitimates Filtered in 01mn 17s

    ---\\ Liste des outils de désinfection (LATC) (O63)
    O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
    O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
    ~ ADS: Scanned in 00mn 00s

    ---\\ Menu de démarrage Internet (SMI) (O68)
    O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O68 - StartMenuInternet: <Google Chrome.G4MC7EGPHYI4PBU3MAXV3N4ZFQ> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\regis\AppData\Local\Google\Chrome\Application\chrome.exe
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
    O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
    O69 - SBI: SearchScopes [HKCU] {b0441a0e-a49a-4e16-afc1-74ecced1921f} - (My Web Search) - https://hp.mywebsearch.com/mywebsearch/index.html =>Adware.MyWebSearch
    O69 - SBI: SearchScopes [HKCU] {C0403094-4196-4340-9020-7C371F5815AE} - (Yahoo!) - http://klit.startnow.com =>Adware.Zugo
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][29/10/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\regis\AppData\Local\Temp\AskSLib.dll [248008]
    [MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][16/11/2013] (...) -- C:\Users\regis\AppData\Local\Temp\BackupSetup.exe [10355400]
    [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (...) -- C:\Users\regis\AppData\Local\Temp\Quarantine.exe [360051]
    [MD5.0D75F4C765AEB8E927435BA34AD70BF4] [SPRF][16/11/2013] (...) -- C:\Users\regis\AppData\Local\Temp\SkypeSetup.exe [12748800]
    ~ Files: 7 Legitimates Filtered in 00mn 00s

    ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 - FAEL: "{3B1CE9BA-A51A-43AF-99BA-C1B71E82D12A}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O87 - FAEL: "{62643633-ED0A-4CBD-8AF2-29050D1FAC8D}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O87 - FAEL: "{C0072E42-1359-49FB-A1AE-406D2B924006}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{22654960-55C4-4C47-8D9C-8A2F7D1509FC}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{28FD3AF1-9880-427C-92F0-33AB2FC80FD5}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    O87 - FAEL: "{DBB271E3-DD96-4473-B186-056BED939B1A}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    O87 - FAEL: "{8D29C87D-D53A-416C-821E-20D593FD168E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{72F6EA0E-0267-4E8E-BE93-3E75540D3E35}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{95E3F830-89FF-4F41-BD0F-EDBDBF76A5B6}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{1AFDA7FE-4DD7-4D9D-A1BA-ABF6D2E4050A}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{261DE0BF-23B7-44D0-B28B-C8AB5C9CA609}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O87 - FAEL: "{6AA95B51-EFA8-4D5D-826D-73F5B147ED99}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O87 - FAEL: "{1F9ABB49-91E9-4791-9A60-602050D87D1A}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{501D2DA0-EAF4-4C17-82AC-1809C99F5FD3}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{F4481318-F8CA-4F86-9FD3-6E1EDDB132FB}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    O87 - FAEL: "{77E5AF79-25F3-43C1-BBD0-BAB685E2AA05}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    ~ Firewall: 249 Legitimates Filtered in 00mn 01s

    ---\\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe
    ~ Update Products: 54 Legitimates Filtered in 00mn 00s

    ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][18/02/2013] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\105a36.msi [45056] =>Adware.Boxore
    [MD5.AD0D3E2D2761E96364C21C5C0ECD1C85] [WIS][23/02/2013] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\5353247.msi [2688512]
    ~ WIS: 56 Legitimates Filtered in 00mn 06s

    ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS - | Demand 14/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    SS - | Auto 17/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
    SS - | Demand 17/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
    SS - | Demand 06/09/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
    SS - | Demand 13/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

    SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    SR - | Auto 21/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    SR - | Auto 21/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
    SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
    SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    SR - | Auto 01/06/2011 2337144 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    SR - | Auto 14/12/2012 3467768 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
    SR - | Auto 26/06/2008 167936 | (WlanWpsSvc) . (...) - C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
    SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    ~ Services: Scanned in 00mn 08s

    ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog
    Run by regis at 23/12/2013 21:05:02

    ********* Dump file Name *********
    C:\PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    ---\\ Scan Additionnel (O88)
    Database Version : 13013 - (14/12/2013)
    Clés trouvées (Keys found) : 4
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 1

    [HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
    [HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
    [HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
    [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
    C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
    C:\ProgramData\Software =>Adware.Boxore
    C:\Users\regis\AppData\Local\Software =>Adware.Boxore
    C:\Windows\Installer\105a36.msi =>Adware.Boxore^
    ~ Additionnel Scan: 171924 Items scanned in 00mn 22s

    ---\\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/26828293-adware-zugo =>Adware.Zugo
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
    ~ MSI: 7 link(s) detected in 00mn 22s

    ~ 1616 Legitimates filtered by white list
    End of the scan (501 lines in 04mn 14s)(0)
    0
  13. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Désinstalles McAfee Security Scan Plus v3.8.130.10

    * Télécharge Junkware Removal Tool à cette adresse (ne clique pas sur télécharger, le téléchargement va débuter automatiquement) : https://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/

    * Enregistre-le sur ton bureau.

    * Ferme toutes les applications en cours.

    * Ouvre JRT.exe et appuie sur Entrée : si tu es sous Windows Vista, 7 ou 8, ouvre-le en faisant : clic droit => Exécuter en tant qu'administrateur.

    * Patiente le temps que l'outil travaille : le bureau va disparaître quelques instants, c'est tout à fait normal.

    * À la fin de l'analyse, un rapport nommé JRT.txt va s'ouvrir. Héberge-le comme ceci et poste le lien obtenu dans ta prochaine réponse.

    Tutoriel : http://www.forum-entraide-informatique.com/support/junkware-removal-tool-tutoriel-t8260.html
    0
  14. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Désinstalles McAfee Security Scan Plus v3.8.130.10

    0
  15. guepard123
     
    McAfee Security Scan Plus v3.8.130.10
    je l ai desinstallé
    0
  16. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Petite info

    Je serais moins présente dès demain soir

    Donc on reprend jeudi :)
    0
  17. guepard123 Messages postés 61 Statut Membre
     
    bonjour
    toujours des soucis ma souris se bloque mon ecran aussi obligé de couper l ordi et celui-ci ne redemarre pas toujours
    pouvez vous m aider
    merci d avance
    0
  18. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Refais un zhpdiag
    0
  19. guepard123 Messages postés 61 Statut Membre
     
    bonjour
    ci joint un zhpdiag
    Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
    ~ Lancé par regis (04/01/2014 13:30:44)
    ~ Adresse du Site Web https://nicolascoolman.webs.com/
    ~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    ---\\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16476
    MFIE: Mozilla Firefox 26.0 (Defaut)
    GCIE: Google Chrome v24.0.1312.57

    ---\\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : PV9HW
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    ---\\ Logiciels de protection du système
    Avira Free Antivirus v14.0.2.286
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    ---\\ Logiciels d'optimisation du système

    ---\\ Logiciels de partage PeerToPeer

    ---\\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI

    ---\\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2047 MB (50% free)
    System Restore: Activé (Enable)
    System drive C: has 409 GB (87%) free of 466 GB

    ---\\ Mode de connexion au système
    ~ Computer Name: REGIS-PC
    ~ User Name: regis
    ~ All Users Names: UpdatusUser, regis, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    ---\\ Variables d'environnement
    ~ System Unit : C:\
    ~ %AppZHP% : C:\Users\regis\AppData\Roaming\ZHP\
    ~ %AppData% : C:\Users\regis\AppData\Roaming\
    ~ %Desktop% : C:\Users\regis\Desktop\
    ~ %Favorites% : C:\Users\regis\Favorites\
    ~ %LocalAppData% : C:\Users\regis\AppData\Local\
    ~ %StartMenu% : C:\Users\regis\AppData\Roaming\Microsoft\Windows\Start Menu\
    ~ %Windir% : C:\Windows\
    ~ %System% : C:\Windows\System32\

    ---\\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 409 Go of 466 Go)
    D: CD-ROM drive (Not Inserted)

    ---\\ Etat du Centre de Sécurité Windows
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    ---\\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
    [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 07:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
    [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
    [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
    [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 00s

    ---\\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/15
    ~ Mes Videos (My Videos) : 1/4
    ~ Mes Favoris (My Favorites) : 1/19
    ~ Mes Documents (My Documents) : 1/74
    ~ Mon Bureau (My Desktop) : 1/4472
    ~ Menu demarrer (Programs) : 1/27
    ~ Hidden Files: Scanned in 00mn 02s

    ---\\ Processus lancés
    [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2552]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\regis\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.2600]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2644]
    [MD5.672593A4AAAB8DC8C0A5C4C1AD0A6048] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18680424] [PID.2708]
    [MD5.AE5A69F44C1F97EDC83237FC0B29B6FB] - (.Google Inc. - Google Crash Handler.) -- C:\Users\regis\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe [212432] [PID.2748]
    [MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2972]
    [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4060]
    [MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2372]
    [MD5.5D60EE718D0C708D69DFF4B3336B68BF] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.3672]
    [MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.1064]
    ~ Processes Running: Scanned in 00mn 01s

    ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:\Users\regis\AppData\Local\Google\Chrome\User Data\Default\Preferences
    G1 - GCS: Preference [User Data\Default] http://www.delta-search.com =>Toolbar.DeltaSearch
    ~ Google Browser: 1 Legitimates Filtered in 00mn 09s

    ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:\Users\regis\AppData\Roaming\Mozilla\Firefox\Profiles\ns2l7cth.default\prefs.js
    M3 - MFPP: Plugins - [regis] -- C:\Users\regis\AppData\Roaming\Mozilla\Firefox\Profiles\ns2l7cth.default\searchplugins\ask-web-search.xml
    M2 - MFEP: prefs.js [regis - ns2l7cth.default\9pffxtbr@OnlineMapFinder_9p.com] [] OnlineMapFinder v5.75.3.1814 (..)
    M2 - MFEP: prefs.js [regis - ns2l7cth.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (..)
    ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
    F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    ---\\ Autres liens utilisateurs (O4)
    O4 - GS\Desktop [Public]: Augmentez la vitesse de votre ordinateur !.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\IncrediMail\Bin\Iobit.url (.not file.)
    O4 - GS\Desktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O4 - GS\Desktop [Public]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
    O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\Desktop [Public]: Utilitaire de configuration sans fil.lnk . (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
    O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\QuickLaunch [regis]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O4 - GS\QuickLaunch [regis]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\TaskBar [regis]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\regis\AppData\Local\Google\Chrome\Application\chrome.exe
    O4 - GS\TaskBar [regis]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\TaskBar [regis]: Mozilla Firefox (2).lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\TaskBar [regis]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\Program [regis]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\SystemTools [regis]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Desktop [regis]: carte grise opel vendu.lnk . (...) -- C:\Users\regis\Pictures\2012-10-31\001.jpg
    O4 - GS\Desktop [regis]: Downloads.lnk . (...) -- C:\Users\regis\Downloads
    O4 - GS\Desktop [regis]: emule - Raccourci.lnk . (.https://www.emule-project.net/home/perl/general.cgi?l=1 - eMule.) -- C:\Program Files\eMule\emule.exe
    O4 - GS\Desktop [regis]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\regis\AppData\Local\Google\Chrome\Application\chrome.exe
    O4 - GS\Desktop [regis]: remorque armee - Raccourci.lnk . (...) -- C:\Users\regis\Pictures\remorque\remorque armee.JPG
    ~ Global Startup: 80 Legitimates Filtered in 00mn 04s

    ---\\ Applications lancées au démarrage du sytème (O4)
    O4 - GS\Startup [Public]: Utilitaire de configuration sans fil.lnk . (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
    O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
    O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\regis\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
    O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-21-4048668918-317212966-2366150432-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\regis\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
    O4 - HKUS\S-1-5-21-4048668918-317212966-2366150432-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
    ~ Application: Scanned in 00mn 00s

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
    ~ Objets ActiveX: Scanned in 00mn 00s

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2999D5-2353-484E-9ACE-B221CC3863C1}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FCF3F6B-55B3-4DD9-AAC8-02915EE8A665}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4F2999D5-2353-484E-9ACE-B221CC3863C1}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7FCF3F6B-55B3-4DD9-AAC8-02915EE8A665}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4F2999D5-2353-484E-9ACE-B221CC3863C1}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7FCF3F6B-55B3-4DD9-AAC8-02915EE8A665}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    ~ Domain: Scanned in 00mn 00s

    ---\\ Protocole additionnel (O18)
    O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    ---\\ Tâches planifiées en automatique (O39)
    [MD5.1F5A2D61E31AABFF329E4580DAD29702] [APT] [{3E6663EA-FF9A-4FEB-AED8-EC7E22189F2E}] (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [512000]
    [MD5.1F5A2D61E31AABFF329E4580DAD29702] [APT] [{841D96BB-4E8D-4B0D-AEBE-0628251E9139}] (...) -- C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [512000]
    ~ Scheduled Task: 13 Legitimates Filtered in 00mn 05s

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
    O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
    ~ Logic: 13 Legitimates Filtered in 00mn 00s

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\IncrediMail]
    [HKCU\Software\Phison]
    ~ Key Software: 147 Legitimates Filtered in 00mn 00s

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 04/07/2012 - 21:40:48 - [26,463] ----D C:\Program Files\IncrediMail
    O43 - CFD: 04/07/2012 - 21:41:21 - [0] ----D C:\ProgramData\IM
    O43 - CFD: 04/07/2012 - 21:40:48 - [6,697] ----D C:\ProgramData\IncrediMail
    O43 - CFD: 02/11/2012 - 17:51:39 - [695,757] ----D C:\Users\regis\AppData\Local\IM
    ~ Program Folder: 123 Legitimates Filtered in 00mn 18s

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.716E1AA717423ADFF8342B3820C336C1] - 25/12/2013 - 23:50:07 ---A- . (...) -- C:\DelFix.txt [1956]
    O44 - LFC:[MD5.BC34D66DE17A2D4815C70DC81C3CCBA9] - 27/12/2013 - 18:58:11 ---A- . (...) -- C:\Windows\ntbtlog.txt [2621582]
    ~ Files: 15 Legitimates Filtered in 00mn 54s

    ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 - LFCP:[MD5.22C397F9E810E982337D15D6A4A33CE7] - 04/01/2014 - 07:10:25 ---A- - C:\Windows\Prefetch\IMLPP.EXE-8B4B9E1E.pf
    O45 - LFCP:[MD5.D940E31C76DEDB4AF119223A0600D548] - 04/01/2014 - 07:10:30 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-8674A44D.pf
    O45 - LFCP:[MD5.124CFDAF0BC24F664034CF9AC15A01AC] - 04/01/2014 - 07:10:34 ---A- - C:\Windows\Prefetch\IMAPP.EXE-005076D7.pf
    O45 - LFCP:[MD5.2B7AA9DDD7A7986874AC789F0FB59C3A] - 04/01/2014 - 07:11:28 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-E138605A.pf
    ~ Prefetcher: 124 Legitimates Filtered in 00mn 01s

    ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 - SMSR:HKLM\...\startupreg\appinfo [Key] . (...) -- C:\Users\regisappinfo.exe (.not file.)
    O53 - SMSR:HKLM\...\startupreg\tempHome [Key] . (...) -- C:\Users\regis\AppData\Local\Temp\racourci.vbe (.not file.)
    ~ SMSR Keys: 2 Legitimates Filtered in 00mn 00s

    ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    ---\\ Liste des pilotes du système (SDL) (O58)
    O58 - SDL:[MD5.0F24624106D8042E7F27882D9D6FF5C0] - 13/05/2009 - 18:11:34 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [6504]
    O58 - SDL:[MD5.0F24624106D8042E7F27882D9D6FF5C0] - 17/12/2013 - 00:08:37 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys.bak [6504]
    O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 04/01/2008 - 12:34:42 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp32.sys [10216]
    O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 17/12/2013 - 00:08:37 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp32.sys.bak [10216]
    O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 04/01/2008 - 12:34:48 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp64.sys [11832]
    O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 17/12/2013 - 00:08:38 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp64.sys.bak [11832]
    O58 - SDL:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] - 17/12/2007 - 16:14:06 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [12400]
    O58 - SDL:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] - 17/12/2013 - 00:08:38 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys.bak [12400]
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 17/12/2013 - 00:08:45 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
    O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
    O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 17/12/2013 - 00:08:49 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624]
    O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 10/11/2013 - 09:42:42 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
    O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/12/2013 - 00:09:17 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys.bak [28520]
    O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
    O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 17/12/2013 - 00:09:17 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
    O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
    O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
    O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
    O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
    O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
    O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
    O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
    O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
    O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
    O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
    O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
    O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
    O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
    O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
    O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
    ~ Drivers: 18 Legitimates Filtered in 00mn 02s

    ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 - LFC: 04/01/2014 - 13:33:00 ---A- . (...) -- C:\Users\regis\AppData\Local\IM\content.xml [24002]
    O61 - LFC: 04/01/2014 - 13:34:04 ---A- . (...) -- C:\Users\regis\AppData\Roaming\ZHP\Log.txt [16178] =>.Nicolas Coolman
    O61 - LFC: 04/01/2014 - 13:34:04 ---A- . (...) -- C:\Users\regis\AppData\Roaming\ZHP\TestsZHPDiag.txt [2808] =>.Nicolas Coolman
    ~ 16 Fichiers temporaires (Temporary files)
    ~ Files: 88 Legitimates Filtered in 01mn 20s

    ---\\ Liste des outils de désinfection (LATC) (O63)
    O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
    O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
    ~ ADS: Scanned in 00mn 00s

    ---\\ Menu de démarrage Internet (SMI) (O68)
    O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O68 - StartMenuInternet: <Google Chrome.G4MC7EGPHYI4PBU3MAXV3N4ZFQ> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\regis\AppData\Local\Google\Chrome\Application\chrome.exe
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 - SBI: prefs.js [regis - ns2l7cth.default] user_pref("extensions.mywebsearch.prevKwdEnabled", true); =>Adware.MyWebSearch
    O69 - SBI: prefs.js [regis - ns2l7cth.default] user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
    O69 - SBI: prefs.js [regis - ns2l7cth.default] user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
    O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
    O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][29/10/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\regis\AppData\Local\Temp\AskSLib.dll [248008]
    [MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][16/11/2013] (...) -- C:\Users\regis\AppData\Local\Temp\BackupSetup.exe [10355400]
    [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (...) -- C:\Users\regis\AppData\Local\Temp\Quarantine.exe [360051]
    [MD5.0D75F4C765AEB8E927435BA34AD70BF4] [SPRF][16/11/2013] (...) -- C:\Users\regis\AppData\Local\Temp\SkypeSetup.exe [12748800]
    ~ Files: 6 Legitimates Filtered in 00mn 00s

    ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 - FAEL: "{3B1CE9BA-A51A-43AF-99BA-C1B71E82D12A}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O87 - FAEL: "{62643633-ED0A-4CBD-8AF2-29050D1FAC8D}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O87 - FAEL: "{C0072E42-1359-49FB-A1AE-406D2B924006}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{22654960-55C4-4C47-8D9C-8A2F7D1509FC}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{28FD3AF1-9880-427C-92F0-33AB2FC80FD5}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    O87 - FAEL: "{DBB271E3-DD96-4473-B186-056BED939B1A}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    O87 - FAEL: "{8D29C87D-D53A-416C-821E-20D593FD168E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{72F6EA0E-0267-4E8E-BE93-3E75540D3E35}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{95E3F830-89FF-4F41-BD0F-EDBDBF76A5B6}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{1AFDA7FE-4DD7-4D9D-A1BA-ABF6D2E4050A}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{F4481318-F8CA-4F86-9FD3-6E1EDDB132FB}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    O87 - FAEL: "{77E5AF79-25F3-43C1-BBD0-BAB685E2AA05}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
    O87 - FAEL: "{B9ACD40C-657C-4D19-9020-B403DA13893A}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{8602F6C1-2914-4C7D-B575-C9BF2DC760DE}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    O87 - FAEL: "{3A78E042-CDF3-4EF8-887D-A9090AEA33DC}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    O87 - FAEL: "{3546BFB5-D7B7-430D-AA34-02069FA66BED}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    ~ Firewall: 249 Legitimates Filtered in 00mn 01s

    ---\\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe
    ~ Update Products: 54 Legitimates Filtered in 00mn 00s

    ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][18/02/2013] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\105a36.msi [45056] =>Adware.Boxore
    [MD5.AD0D3E2D2761E96364C21C5C0ECD1C85] [WIS][23/02/2013] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\5353247.msi [2688512]
    ~ WIS: 56 Legitimates Filtered in 00mn 06s

    ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS - | Demand 14/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    SS - | Auto 17/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
    SS - | Demand 17/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
    SS - | Demand 13/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

    SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    SR - | Auto 21/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    SR - | Auto 21/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
    SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
    SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    SR - | Auto 01/06/2011 2337144 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    SR - | Auto 14/12/2012 3467768 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
    SR - | Auto 26/06/2008 167936 | (WlanWpsSvc) . (...) - C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
    SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    ~ Services: Scanned in 00mn 08s

    ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Run by regis at 04/01/2014 13:34:37

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    1 ntkrnlpa!IofCallDriver[0x82C70BBA] >> \Device\Harddisk0\DR0[0x85A61700]
    kernel: MBR read successfully
    user & kernel MBR OK

    ~ MBR: 13 Legitimates Filtered in 00mn 02s

    ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog
    Run by regis at 04/01/2014 13:34:39

    ********* Dump file Name *********
    C:\PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    ---\\ Scan Additionnel (O88)
    Database Version : 13018 - (02/01/2014)
    Clés trouvées (Keys found) : 4
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 1

    [HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
    [HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
    [HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
    [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
    C:\Windows\Installer\105a36.msi =>Adware.Boxore^
    ~ Additionnel Scan: 171379 Items scanned in 00mn 21s

    ---\\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
    ~ MSI: 5 link(s) detected in 00mn 21s

    ~ 1149 Legitimates filtered by white list
    End of the scan (502 lines in 04mn 17s)(0)
    0
  20. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Incredimail est à éviter comme client de messagerie !!

    Il faudrait si possible de choisir Thunderbirds
    0