Bonsoir, Mon ordinateur - window 7entreprise - est TRES lent, je me demande si je n'ai pas un virus. J'avais Avast, que j'ai désinstallé pour Microsoft Security Essentials. Comment savoir si mon ordinateur est infecté? Et, au passage, si Avast a correctement été désinstallé ?

Virus?

Réponse 21 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
6 janv. 2014 à 21:31

ok

oui lance ZHPFix et poste le rapport

Réponse 22 / 77

Iris 1045
14 janv. 2014 à 19:11

Bonjour, j'ai essayé plusieurs fois de lancer ZHPFix, je crois que ça ne marche pas, il tourne mais ne charge pas (la barre en bas est verte sur 3 milimètres seulement alors que ça fait des heures que je l'ai lancé)
Y a t il une autre solution?

Réponse 23 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
14 janv. 2014 à 19:16

Re,

essais de le faire mode sans échec avec prise en charge de réseau <<<<

Au redémarrage de ton pc tapote sur la touche F8 où F5 dans le menu qui s'affiche choisis mode sans échec avec prise en charge de réseau (avec la flèche de direction du haut)

=> Comment rebooter en mode sans échec Sous XP/Vista/Win7/Win8

Réponse 24 / 77

Iris1045
15 janv. 2014 à 08:39

Je l'ai relance en mode sans echec, meme resultat : il a tourne toute la nuit sans avancees...
Est ce que je dois reprendre depuis le debut et refaire un ZHPDiag ?
Merci beaucoup

Réponse 25 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
15 janv. 2014 à 08:51

Re,

ok on va refaire le le fix !

pour contrôle refais un nouveau log ZHPDiag: stp
regarde l'image ici => https://www.cjoint.com/c/CJukFzALKYy
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/

Réponse 26 / 77

Iris 1045
15 janv. 2014 à 10:41

Merci pour votre patience :-)

Voici le rapport ZHPDiag :

~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013)
~ Launched by user (1/15/2014 10:55:22 AM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user

---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_MAK channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Trend Micro OfficeScan Client v10.5
Windows Defender W7

---\\ System optimization software
CCleaner v4.07 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002.8 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 173 GB (64%) free of 270 GB

---\\ Connection to the system mode
~ Computer Name: USER-LAP
~ User Name: user
~ All Users Names: user, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 270 Go)
D: Hard drive, Flash drive, Thumb drive (Free 195 Go of 195 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)

---\\ State of the Windows Security Center
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn AMs

---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:30:54 AM.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 8:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 1:17:56 PM.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 1:21:26 PM.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 2:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:12 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:34 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:30 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:46 AM.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 3:45:29 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 11:24:48 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:18 AM.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 1:30:18 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 04mn AMs

---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/5046
~ Mes musiques (My Musics) : 1/1422
~ Mes Videos (My Videos) : 1/55
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 3/809
~ Mon Bureau (My Desktop) : 3/322
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 09mn AMs

---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2868]
[MD5.B63E5C7807334A3A8F731062F15462CC] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008] [PID.3128]
[MD5.CF8826B8A0C15E6F08AED52A91A832DE] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [882776] [PID.3148]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3212]
[MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.3228]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.3236]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.3268]
[MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.3452]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4700]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.4128]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\RunDll32.exe [0] [PID.1252]
~ Processes Running: Scanned in 02mn AMs

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aafjadljlfmdflceamoombjnhbfilggh] Search.us Home v.2.0.0.1599, (Activé) =>PUP.StartSearch
G2 - GCE: Preference [User Data\Default] [dfogncpkkfnegidlbhiijikjekagckkk] Search.us Search v.2.0.0.1599, (Activé) =>Adware.Bandoo
G2 - GCE: Preference [User Data\Default] [jfgomgcnnjcbkodippaajplchmepkkcm] Manta Ray v.1.5 (Activé)
~ Google Browser: 20 Legitimates Filtered in 14mn AMs

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll =>PUP.StartSearch
P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll =>PUP.StartSearch
~ Firefox Browser: 12 Legitimates Filtered in 01mn AMs

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.us.com =>PUP.StartSearch
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Search.Us.com - npAPI Ghost Plugin.) (No version) -- (.not file.) =>PUP.StartSearch
~ IE Browser: 11 Legitimates Filtered in 00mn AMs

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 22

---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 75 Legitimates Filtered in 33mn AMs

---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
~ Application: Scanned in 02mn AMs

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn AMs

---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
~ Objets ActiveX: Scanned in 00mn AMs

---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.30.30.107 10.30.30.148
~ Domain: Scanned in 00mn AMs

---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs

---\\ Software installed (O42)
O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {682545CE-8E7A-4BF5-ABE4-A9547C8F4380} =>PUP.StartSearch
O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {BCF727E5-7B53-48C7-8A8C-F36B13FDD18D} =>PUP.StartSearch
~ Logic: 26 Legitimates Filtered in 02mn AMs

---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.627501FD298ACACBB327CC4269CA3AF0] - 1/14/2014 - 8:27:45 PM ---A- . (...) -- C:\Windows\ntbtlog.txt [125254]
O44 - LFC:[MD5.82E4D00AFB920F5935821CF16912EBCC] - 1/15/2014 - 11:00:39 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20960]
O44 - LFC:[MD5.82E4D00AFB920F5935821CF16912EBCC] - 1/15/2014 - 11:00:39 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20960]
~ Files: 10 Legitimates Filtered in 50mn AMs

---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.737E39C0D3859F0A9551EC9339120CD7] - 1/15/2014 - 10:49:31 AM ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-2F20F093.pf
~ Prefetcher: 58 Legitimates Filtered in 01mn AMs

---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs

---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{c13f622b-fe79-11e1-9aee-806e6f6e6963}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn AMs

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn AMs

---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 3:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 12:54:14 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 3:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 11:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 11:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 11:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 11:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 11:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 11:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 11:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 11:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 11:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 11:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 11:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 11:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 11:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 06mn AMs

---\\ Last modified or created user files (O61)
O61 - LFC: 1/14/2014 - 11:13:15 AM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267844]
O61 - LFC: 1/14/2014 - 11:21:32 AM ---A- . (...) -- C:\Users\user\Downloads\Ibn Taymiya http.docx [16300]
O61 - LFC: 1/15/2014 - 11:13:15 AM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [6]
O61 - LFC: 1/15/2014 - 11:14:58 AM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [54065]
O61 - LFC: 1/15/2014 - 11:16:40 AM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\Log.txt [87218] =>.Nicolas Coolman
O61 - LFC: 1/15/2014 - 11:16:40 AM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\TestsZHPDiag.txt [2783] =>.Nicolas Coolman
~ 10 Fichiers temporaires (Temporary files)
~ Files: 224 Legitimates Filtered in 34mn AMs

---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs

---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {8E638C7A-12A8-4B2E-A401-421E0835D0AB} - (Search.us) - http://search.us.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {A6D36A1B-A63D-4847-BD27-91A947F7EF04} - (Yahoo) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {CA6B071B-2601-4077-B3E1-54764FB645DB} - (Yahoo!) - http://search.yahoo.com
~ Keys: Scanned in 00mn AMs

---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/13/2013] (...) -- C:\Users\user\AppData\Local\Temp\mpam-41c501fb.exe [0]
[MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][12/10/2013] (...) -- C:\Users\user\AppData\Local\Temp\Quarantine.exe [360051]
~ Files: 3 Legitimates Filtered in 03mn AMs

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 10/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 7/27/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 10/23/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 12/17/2012 1574936 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Demand 9/11/2012 345648 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
SR - | Auto 12/17/2012 1650376 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
SR - | Demand 4/15/2011 497272 | (TmPfw) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
SR - | Demand 4/15/2011 689680 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 07mn AMs

---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 02mn AMs

---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by user at 1/15/2014 11:35:35 AM

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 04mn AMs

---\\ Scan Additionnel (O88)
Database Version : 13013 - (12/14/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKLM\Software\Google\Chrome\Extensions\aafjadljlfmdflceamoombjnhbfilggh] =>PUP.StartSearch^
[HKLM\Software\Google\Chrome\Extensions\dfogncpkkfnegidlbhiijikjekagckkk] =>Adware.Bandoo^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682545CE-8E7A-4BF5-ABE4-A9547C8F4380}] =>PUP.StartSearch^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}] =>PUP.StartSearch^
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CFBFAE00-17A6-11D0-99CB-00C04FD64497} =>PUP.StartSearch^
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh =>PUP.StartSearch^
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk =>Adware.Bandoo^
~ Additionnel Scan: 200038 Items scanned in 38mn AMs

---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 3 link(s) detected in 38mn AMs

~ 1116 Legitimates filtered by white list
End of the scan (446 lines in 53mn AMs)(0)

Réponse 27 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
15 janv. 2014 à 10:56

=> Télécharge sur le bureau => RogueKiller

=> Quitte tous tes programmes en cours.

=> Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur

=> Sinon lance simplement RogueKiller.exe

NOTE: Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe

=> Patiente pendant le pre-scan, puis clique sur le bouton Scan

=> Un rapport RKreport.txt a du se créer sur le bureau, poste-le.

=> Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.

Réponse 28 / 77

Iris 1045
Modifié par Iris 1045 le 15/01/2014 à 20:49

Le lien ne corresponds pas à ma version window 7, j'ai téléchargée une autre mais à la fin de l'analyse il met que : version is outdated. Le seul rapport :

[Params]
EulaAccepted=true

Réponse 29 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
Modifié par kingk06 le 15/01/2014 à 20:55

SUPPRIMER LA PREMIÈRE VERSION ET PREND CELUI-CI=>

ici => RogueKiller

Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés Bonne année :D

Réponse 30 / 77

Iris 1045
15 janv. 2014 à 20:52

J'ai parlé trop vite il marche apres 3 essais

Réponse 31 / 77

Iris 1045
15 janv. 2014 à 20:54

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 01/15/2014 21:54:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

192.168.15.19 ossrv1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] c57d75757a7e7c1cc62adde52f878812
[BSP] bcf821d318a8c5b85f0be73f6c0b1203 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 276839 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 567173120 | Size: 199999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01152014_215404.txt >>

Réponse 32 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
15 janv. 2014 à 20:56

=> Quitte tous tes programmes en cours

=> Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur

=> Sinon lance simplement RogueKiller.exe

=> Patiente pendant le pre-scan, clique sur Scan

=> Vérifie que tous les éléments sont cochés puis clique sur [Suppression]

=> Poste le rapport RKreport.txt présent sur le bureau .

Réponse 33 / 77

Iris 1045
15 janv. 2014 à 21:28

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 01/15/2014 22:17:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

192.168.15.19 ossrv1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] c57d75757a7e7c1cc62adde52f878812
[BSP] bcf821d318a8c5b85f0be73f6c0b1203 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 276839 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 567173120 | Size: 199999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01152014_221721.txt >>
RKreport[0]_S_01152014_215404.txt

Réponse 34 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
15 janv. 2014 à 21:50

Utilisation de l'outil ZHPFix :

puis fais ceci =>


>>>Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !<<<

=> Copie tout le texte existant dans le fichier hébergé :
<<< ouvre le fiches ICI >>> http://cjoint.com/data3/3ApvXAEQl3N.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner").

=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue)
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)

=> Une fois ZHPFix ouvert

=> clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici

clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données

==> laisse travailler l'outil et ne touche à rien ...

==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt .

==> Copie/colle la totalité du rapport dans ta prochaine réponse.
==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse.

( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt )

Redémarre le PC et poste le rapport stp.

tuto ici ==> ZHPFi

ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider

Réponse 35 / 77

Iris 1045
18 janv. 2014 à 14:36

Bonjour,
J'ai lancé le ZHPFix, mais même résultat : il a tourné toute la nuit mais sans avancer ...

Réponse 36 / 77

iris 1045
25 janv. 2014 à 12:10

Bonjour!
Voila le rapport de pre_scan

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 4.01.23.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 12:37:09

~ Update on 23/01/2014 | 08.30 by g3n-h@ckm@n
~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/
~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/
~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/

~ [user (Administrator)] - [USER-LAP]
~ SID = S-1-5-21-3495645949-2252045420-2483743716-1000

~ System : Windows 7 Enterprise (32 bits) Enterprise Service Pack 1
~ TotalValidations : 2
~ ProcessorNameString : Intel(R) Core(TM)2 Solo CPU U3500 @ 1.40GHz
~ Identifier : x86 Family 6 Model 23 Stepping 10

~ Memory RAM = Total (MB) : 3075 | Free (MB) : 2274
~ Pagefile = Total (MB) : 6148 | Free (MB) : 5117
~ Virtual = Total (MB) : 2097 | Free (MB) : 1881

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

C:\Windows\Setup\Scripts\Setupcomplete.cmd

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\-> [Fixed] | [] | Total : 276840 Mo | Free : 177310 Mo -> NTFS
d:\-> [Fixed] | [] | Total : 200000 Mo | Free : 199650 Mo -> NTFS
e:\-> [CDROM] | [Audio CD]

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Last(s) détection(s) : 2014-01-25 10:31:53
Last(s) download(s) : 2014-01-16 07:40:32
Last(s) installation(s) : 2014-01-16 06:47:12
Next search : 2014-01-26 08:02:44

¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\user
~ C:\Users\Administrator

New restorepoint created : To restore the registry : C:\Pre_Scan\Save\Scan\ERDNT.exe

Standby deleted !

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.16428 (© Microsoft Corporation.)
GC : 32.0.1700.76 (Copyright 2012 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 11.3.300.265
FlashPlayer Plugin : 11.3.300.265

¤¤¤¤¤¤¤¤¤¤ | Security

AV : Trend Micro OfficeScan Antivirus Disabled
AS : Microsoft Security Essentials Disabled
FW : Trend Micro Personal Firewall Disabled

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

1500 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe
1660 | C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.6.5.0) -> "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
1708 | C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"
1832 | C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (.Skype Technologies S.A. - Skype C2C Service.) - (6.13.0.13771) -> "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
420 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) -> "taskhost.exe"
620 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
1088 | C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
2128 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE
2572 | C:\Program Files\Common Files\Java\Java Update\jusched.exe (.Oracle Corporation - Java(TM) Update Scheduler.) - (2.1.9.8) -> "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
2580 | C:\Windows\System32\igfxtray.exe (.Intel Corporation - igfxTray Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxtray.exe"
2588 | C:\Windows\System32\hkcmd.exe (.Intel Corporation - hkcmd Module.) - (8.15.10.2202) -> "C:\Windows\System32\hkcmd.exe"
2596 | C:\Windows\System32\igfxpers.exe (.Intel Corporation - persistence Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxpers.exe"
2604 | C:\Program Files\Microsoft Security Client\msseces.exe (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.4.304.0) -> "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
2612 | C:\Program Files\Windows Sidebar\sidebar.exe (.Microsoft Corporation - Windows Desktop Gadgets.) - (6.1.7601.17514) -> "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
2628 | C:\Windows\System32\StikyNot.exe (.Microsoft Corporation - Sticky Notes.) - (6.1.7600.16385) -> "C:\Windows\System32\StikyNot.exe"
3416 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding
4152 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe"
2928 | C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (.Trend Micro Inc. - Trend Micro OfficeScan Client Plug-in Service Manager.) - (2.0.0.1188) -> "C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe"
4892 | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) -> "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
2736 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) -> "taskhost.exe"
3616 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) -> taskeng.exe {1DD3B762-9536-4BB2-8494-2C43524BF9CE}
5776 | C:\Program Files\Google\Update\GoogleUpdate.exe (.Google Inc. - Google Installer.) - (1.3.21.103) -> "C:\Program Files\Google\Update\GoogleUpdate.exe" /c
5592 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files\Google\Chrome\Application\chrome.exe"
3192 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5592.0.853070250\270502690" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,5,13,23 --disable-accelerated-video-decode --gpu-vendor-id=8086 --gpu-device-id=2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2202 --ignored=" --type=renderer " /prefetch:822062411
3716 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe"
152 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group3 pct:10c stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5592.4.749822958\1969739152" /prefetch:673131151
2488 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
2532 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 500 504 512 65536 508

Boot : Normal

¤¤¤¤¤¤¤¤¤¤ | Running processes

[07/10/2013 19:52:45] - 336 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [69632 Ko]
[14/07/2009 01:11:09] - 432 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko]
[14/07/2009 01:36:49] - 484 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) -> wininit.exe [96256 Ko]
[14/07/2009 01:11:09] - 492 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko]
[14/09/2012 20:21:51] - 548 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.17514) -> winlogon.exe [286720 Ko]
[14/07/2009 01:11:26] - 584 | C:\Windows\system32\services.exe (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [259072 Ko]
[13/11/2013 16:03:46] - 600 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18270) -> C:\Windows\system32\lsass.exe [22016 Ko]
[14/09/2012 20:22:03] - 608 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [267776 Ko]
[14/07/2009 01:19:28] - 716 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko]
[14/07/2009 01:19:28] - 820 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko]
[23/10/2013 15:01:10] - 868 | C:\Program Files\Microsoft Security Client\MsMpEng.exe (.Microsoft Corporation - Antimalware Service Executable.) - (4.4.304.0) -> "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22208 Ko]
[14/07/2009 01:19:28] - 1004 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko]
[14/07/2009 01:19:28] - 1056 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko]
[14/07/2009 01:19:28] - 1080 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko]
[14/07/2009 01:19:28] - 1116 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko]
[14/07/2009 01:19:28] - 1396 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko]
[14/07/2009 01:19:28] - 1536 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko]
[19/12/2013 12:24:55] - 1748 | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 Ko]
[16/01/2012 20:01:48] - 1796 | C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (.Trend Micro Inc. - Trend Micro Common Client Real-time Scan Service (32-bit).) - (11.5.0.1824) -> "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" [1574936 Ko]
[16/01/2012 20:07:24] - 1252 | C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (.Trend Micro Inc. - Trend Micro Common Client Communication Service.) - (11.5.0.1824) -> "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" [1650376 Ko]
[14/07/2009 01:24:23] - 2064 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [92672 Ko]
[14/07/2009 01:19:28] - 2472 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko]
[18/01/2012 03:58:20] - 2564 | C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) - (10.5.0.2328) -> "C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe" -HideWindow [882776 Ko]
[15/04/2011 21:26:56] - 3004 | C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (.Trend Micro Inc. - Trend Micro Personal Firewall Service.) - (5.82.0.1030) -> "C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe" [497272 Ko]
[14/07/2009 01:19:28] - 3724 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko]
[17/09/2012 21:42:54] - 3932 | C:\Program Files\Trend Micro\BM\TMBMSRV.exe (.Trend Micro Inc. - Manages the Trend Micro unauthorized change prevention feature.) - (2.95.0.1162) -> "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [345648 Ko]
[15/04/2011 21:20:54] - 3236 | C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (.Trend Micro Inc. - Trend Micro Proxy Service.) - (5.82.0.1030) -> "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe" [689680 Ko]
[25/01/2014 12:24:00] - 3508 | C:\Users\user\Downloads\Pre_Scan.exe (. - Pre_Scan.) - (4.1.23.1) -> "C:\Users\user\Downloads\Pre_Scan.exe" [2698752 Ko]
[14/09/2012 20:21:45] - 2560 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko]
[29/03/2011 05:31:14] - 5052 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [1713536 Ko]
[29/03/2011 05:31:16] - 5308 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 5052 [193920 Ko]
[14/09/2012 19:51:29] - 1340 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [427520 Ko]
[14/09/2012 20:21:59] - 4964 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1121792 Ko]
[14/09/2012 19:53:07] - 1844 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe [317440 Ko]
[14/09/2012 20:22:05] - 4072 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Windows Modules Installer.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe [204800 Ko]
[14/07/2009 01:41:43] - 708 | C:\Windows\System32\rundll32.exe (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) -> C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding [44544 Ko]
[14/09/2012 19:51:29] - 6076 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" [164352 Ko]
[14/09/2012 19:51:29] - 4868 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 500 504 512 65536 508 [86528 Ko]

¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !

¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe

¤

Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0

¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO

¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

Deleted : HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{c13f622b-fe79-11e1-9aee-806e6f6e6963} | AutoRun\command : E:\autorun.exe

¤¤¤¤¤¤¤¤¤¤ | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

¤¤¤¤¤¤¤¤¤¤ | Security Center

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2
Repaired : [HKLM | Services\SharedAccess] : 4 -> 2
Repaired : [HKLM | Services\windefend] : 3 -> 2
Repaired : [HKLM | Services\wudfsvc] : 3 -> 2
Repaired : [HKLM | Services\WerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://search.us.com/?guid={BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}&serpv=5 -> http://www.google.com/
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : http://search.us.com/?guid={BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}&serpv=5 -> res://ieframe.dll/tabswelcome.htm

¤

Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint

¤¤¤¤¤¤¤¤¤¤ | Offsets detection

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Removed : C:\$Recycle.bin\S-1-5-21-3495645949-2252045420-2483743716-500
Removed : C:\$Recycle.bin\S-1-5-21-4292706814-1702609081-6705846-1922
Removed : C:\$Recycle.bin\S-1-5-21-3495645949-2252045420-2483743716-1000

Moved to quarantine successfully : C:\Users\user\AppData\Local\microsoft\windows\WebCacheLock.dat
Moved to quarantine successfully : C:\Windows\assembly\tmp\
Moved to quarantine successfully : C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

Prefetch -> Emptied

D:\ : Vaccinated (Vaccin created by Pre_Scan)
E:\ : Impossible to vaccinate

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive C:] : Hidden : 1 | Restored : 1
~ [Program Files] : Hidden : 3 | Restored : 3
~ [Users] : Hidden : 2 | Restored : 2
~ [Pictures] : Hidden : 6 | Restored : 6
~ [Documents] : Hidden : 75 | Restored : 75
~ [Desktop] : Hidden : 13 | Restored : 13
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 78 | Restored : 78
~ [Libraries] : Hidden : 44 | Restored : 44

¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

Disk: 0 Size=477G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 277G No No 206,848 566,966,272
2 2 07-NTFS 200G No No 567,173,120 409,597,952

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 12:50:39

Standby Restored !
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 298

Réponse 37 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
25 janv. 2014 à 12:14

Re,

ok ;)

pour contrôle refais un nouveau log ZHPDiag: stp
regarde l'image ici => https://www.cjoint.com/c/CJukFzALKYy
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/

Réponse 38 / 77

iris 1045
25 janv. 2014 à 13:12

voila !

~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013)
~ Launched by user (1/25/2014 1:29:09 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user

---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.76 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_MAK channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Trend Micro OfficeScan Client v10.5
Windows Defender W7

---\\ System optimization software
CCleaner v4.07 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002.8 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 173 GB (63%) free of 270 GB

---\\ Connection to the system mode
~ Computer Name: USER-LAP
~ User Name: user
~ All Users Names: user, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 270 Go)
D: Hard drive, Flash drive, Thumb drive (Free 195 Go of 195 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)

---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn AMs

---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:30:54 AM.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 8:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 1:17:56 PM.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 1:21:26 PM.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 2:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:12 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:34 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:30 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:46 AM.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 3:45:29 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 11:24:48 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:18 AM.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 1:30:18 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn AMs

---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/5046
~ Mes musiques (My Musics) : 1/1422
~ Mes Videos (My Videos) : 1/55
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/814
~ Mon Bureau (My Desktop) : 1/346
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 03mn AMs

---\\ Process running
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.388]
[MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.2040]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.492]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1316]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.296]
[MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.2056]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2512]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.984]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.4084]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.5548]
~ Processes Running: Scanned in 00mn AMs

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aafjadljlfmdflceamoombjnhbfilggh] Search.us Home v.2.0.0.1599, (Activé) =>PUP.StartSearch
G2 - GCE: Preference [User Data\Default] [dfogncpkkfnegidlbhiijikjekagckkk] Search.us Search v.2.0.0.1599, (Activé) =>Adware.Bandoo
G2 - GCE: Preference [User Data\Default] [jfgomgcnnjcbkodippaajplchmepkkcm] Manta Ray v.1.5 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 20 Legitimates Filtered in 18mn AMs

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll =>PUP.StartSearch
P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll =>PUP.StartSearch
~ Firefox Browser: 12 Legitimates Filtered in 00mn AMs

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Search.Us.com - npAPI Ghost Plugin.) (No version) -- (.not file.) =>PUP.StartSearch
~ IE Browser: 11 Legitimates Filtered in 00mn AMs

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21

---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [user]: Donate.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.)
O4 - GS\Desktop [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 77 Legitimates Filtered in 19mn AMs

---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
~ Application: Scanned in 01mn AMs

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn AMs

---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
~ Objets ActiveX: Scanned in 00mn AMs

---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.11.67.1
~ Domain: Scanned in 00mn AMs

---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs

---\\ Software installed (O42)
O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {682545CE-8E7A-4BF5-ABE4-A9547C8F4380} =>PUP.StartSearch
O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {BCF727E5-7B53-48C7-8A8C-F36B13FDD18D} =>PUP.StartSearch
~ Logic: 26 Legitimates Filtered in 00mn AMs

---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.627501FD298ACACBB327CC4269CA3AF0] - 1/14/2014 - 8:27:45 PM ---A- . (...) -- C:\Windows\ntbtlog.txt [125254]
O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 1/15/2014 - 9:52:16 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 1/15/2014 - 9:53:27 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
O44 - LFC:[MD5.777B9966DB87CE8B25A9124FE2778A5D] - 1/25/2014 - 12:50:41 PM R--A- . (...) -- C:\Pre_Scan_25_01_2014_12_50_41.txt [24196]
O44 - LFC:[MD5.EAE96FA4E26925D1B08042923664B11E] - 1/25/2014 - 1:34:13 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20960]
O44 - LFC:[MD5.EAE96FA4E26925D1B08042923664B11E] - 1/25/2014 - 1:34:13 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20960]
~ Files: 329 Legitimates Filtered in 24mn AMs

---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.522B7DE372810F3AF10FCC909F07B9AF] - 1/16/2014 - 9:33:20 PM ---A- - C:\Windows\Prefetch\32.0.1700.76_31.0.1650.63_CHR-AA6FA0F3.pf
O45 - LFCP:[MD5.2645385078800B70D6F30B5C0E366721] - 1/25/2014 - 12:56:45 PM ---A- - C:\Windows\Prefetch\TMBMSRV.EXE-AB2757B7.pf
O45 - LFCP:[MD5.06893B9AEBE9AE636DD77B4DFF99DE85] - 1/25/2014 - 1:13:08 PM ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-2F20F093.pf
~ Prefetcher: 57 Legitimates Filtered in 01mn AMs

---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs

---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 3:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 1/15/2014 - 9:52:16 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 12:54:14 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 1/15/2014 - 9:52:23 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 3:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 1/15/2014 - 9:53:27 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 11:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 11:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 11:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 11:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 11:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 11:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 11:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 11:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 11:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 11:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 11:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 11:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 11:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 09mn AMs

---\\ Last modified or created user files (O61)
O61 - LFC: 1/25/2014 - 1:49:59 PM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [55832]
O61 - LFC: 1/25/2014 - 1:50:36 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\Log.txt [111301] =>.Nicolas Coolman
O61 - LFC: 1/25/2014 - 1:50:36 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\TestsZHPDiag.txt [2783] =>.Nicolas Coolman
O61 - LFC: 1/25/2014 - 1:54:54 PM ---A- . (...) -- C:\Users\user\Downloads\Hama ou Hamah.docx [26547]
O61 - LFC: 1/25/2014 - 1:54:54 PM ---A- . (.Anne-Marie.) -- C:\Users\user\Downloads\Harbin moi.doc [24576]
O61 - LFC: 1/25/2014 - 1:54:55 PM ---A- . (...) -- C:\Users\user\Downloads\Ibn taymiyya[1].docx [33714]
~ 5 Fichiers temporaires (Temporary files)
~ Files: 100 Legitimates Filtered in 19mn AMs

---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs

---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {8E638C7A-12A8-4B2E-A401-421E0835D0AB} - (Search.us) - http://search.us.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {A6D36A1B-A63D-4847-BD27-91A947F7EF04} - (Yahoo) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {CA6B071B-2601-4077-B3E1-54764FB645DB} - (Yahoo!) - http://search.yahoo.com
~ Keys: Scanned in 00mn AMs

---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.381DA081E8005C2ABB5AE4BAE87E3AD4] [SPRF][1/25/2014] (.No owner - Pre_Scan.) -- C:\Users\user\Desktop\Pre_Scan.exe [2698752]
~ Files: 1 Legitimates Filtered in 01mn AMs

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 10/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 7/27/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 10/23/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 12/17/2012 1574936 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Demand 9/11/2012 345648 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
SR - | Auto 12/17/2012 1650376 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
SR - | Demand 4/15/2011 497272 | (TmPfw) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
SR - | Demand 4/15/2011 689680 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 57mn AMs

---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 02mn AMs

---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by user at 1/25/2014 2:06:53 PM

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 04mn AMs

---\\ Scan Additionnel (O88)
Database Version : 13013 - (12/14/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKLM\Software\Google\Chrome\Extensions\aafjadljlfmdflceamoombjnhbfilggh] =>PUP.StartSearch^
[HKLM\Software\Google\Chrome\Extensions\dfogncpkkfnegidlbhiijikjekagckkk] =>Adware.Bandoo^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682545CE-8E7A-4BF5-ABE4-A9547C8F4380}] =>PUP.StartSearch^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}] =>PUP.StartSearch^
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CFBFAE00-17A6-11D0-99CB-00C04FD64497} =>PUP.StartSearch^
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh =>PUP.StartSearch^
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk =>Adware.Bandoo^
~ Additionnel Scan: 194305 Items scanned in 04mn AMs

---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 3 link(s) detected in 04mn AMs

~ 1310 Legitimates filtered by white list
End of the scan (449 lines in 50mn AMs)(0)

Réponse 39 / 77

kingk06 Messages postés 10277 Date d'inscription mercredi 12 juin 2013 Statut Membre Dernière intervention 17 mars 2015 536
25 janv. 2014 à 13:36

Utilisation de l'outil ZHPFix :

puis fais ceci =>


>>>Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !<<<

=> Copie tout le texte existant dans le fichier hébergé :
<<< ouvre le fiches ICI >>> http://cjoint.com/data3/3AznGVQbXl8.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner").

=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue)
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)

=> Une fois ZHPFix ouvert

=> clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici

clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données

==> laisse travailler l'outil et ne touche à rien ...

==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt .

==> Copie/colle la totalité du rapport dans ta prochaine réponse.
==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse.

( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt )

Redémarre le PC et poste le rapport stp.

tuto ici ==> ZHPFi

ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider

Réponse 40 / 77

iris 1045
26 janv. 2014 à 13:04

ZHPfix n'a toujours pas fonctionné, il a tourné toute la nuit et n'a pas avancé !

Virus?

77 réponses

Discussions similaires