Virus dans PC
ASBH95
Messages postés
63
Statut
Membre
-
ASBH95 Messages postés 63 Statut Membre -
ASBH95 Messages postés 63 Statut Membre -
Bonjour,
Je pense être infecté par un virus.
Comment puis - je faire pour me débarrasser de ce problème
merci
Je pense être infecté par un virus.
Comment puis - je faire pour me débarrasser de ce problème
merci
17 réponses
-
-
Bonjour
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.sosvirus.net/telecharger/zhpdiag/
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
# N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
# L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.
.
Double-clique sur l'icône ZHPDiag pour lancer le programme. Sous Vista ; Seven ou Windows 8 clic droit « exécuter en tant que administrateur »
Dans la fenêtre ZHPDiag qui vient de s'ouvrir, clique sur "Complet"
Laisse l'outil travailler, il peut être assez long.
Tutoriel :http://www.sosvirus.net/zhpdiag-nicolas-coolman-t82500.html
Un rapport s'ouvre. Ce rapport se trouve également sur ton bureau
Pour transmettre le rapport clique sur ce lien:
http://pasteandfurious.com/
Tutoriel pasteandfurious :http://www.sosvirus.net/tutoriel-paste-and-furious-t104985.html
Si problème utilise un des suivants
https://www.cjoint.com/
Regarde sur le bureau
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
-
-
-
Voici le rapport ZHPDiag
~ Rapport de ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Lancé par Cyrille (18/12/2014 21:59:13)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17416
GCIE: Google Chrome v39.0.2171.95 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : HFPMG
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.4.1028
Windows Defender W8
---\\ Logiciels d'optimisation du système
CCleaner v5.00 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8084 MB (78% free)
System Restore: Activé (Enable)
System drive C: has 812 GB (89%) free of 906 GB
---\\ Mode de connexion au système
~ Computer Name: MAISON
~ User Name: Cyrille
~ All Users Names: postgres, Cyrille, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cyrille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cyrille\AppData\Roaming\
~ %Desktop% : C:\Users\Cyrille\Desktop\
~ %Favorites% : C:\Users\Cyrille\Favorites\
~ %LocalAppData% : C:\Users\Cyrille\AppData\Local\
~ %StartMenu% : C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 812 Go of 906 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.ACDBE1ED38167C8B01B8F63161BB2CEA] - (.Microsoft Corporation - Explorateur Windows.) (.23/08/2014 - 08:48:28.) -- C:\Windows\Explorer.exe [2374784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.BF1FC65A307B31939ADF7F976FDE033C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.31/10/2014 - 04:45:17.) -- C:\Windows\System32\wininet.dll [2365440]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.18/03/2014 - 11:09:53.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 11:09:55.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2014 - 22:49:43.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 11:09:57.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/04/2014 - 07:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/07/2014 - 16:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 10:41:24.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/13
~ Mes musiques (My Musics) : 1/244
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/278
~ Mon Bureau (My Desktop) : 1/7308
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.4300]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4172]
[MD5.312C7978F0A42DB0475CE31D884DCE88] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5227112] [PID.6108]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.5924]
[MD5.85778366674083C3070834AE7A917214] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.6092]
[MD5.0E33C03867675B923DCAF0A36DD646CA] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.1396]
[MD5.A0251ED3ABBA7ACC84416738C8282ACA] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.2712]
[MD5.5CCF60E8557F42D6494ACE11144E16C3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.3872]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 2037
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Avast Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Desktop [Public]: HP Quick Start.lnk . (.Hewlett-Packard - HP Quick Start.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe
O4 - GS\Desktop [Public]: Stellarium.lnk . (...) -- C:\Program Files (x86)\Stellarium\stellarium.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\QuickLaunch [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Cyrille]: PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe
O4 - GS\QuickLaunch [Cyrille]: VSO Media Player 1.lnk . (.VSO Software SARL - VSO Media Player.) -- C:\Program Files (x86)\VSO\VSO Media Player\1\VMP.exe
O4 - GS\TaskBar [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Cyrille]: Documents.lnk . (...) -- C:\Users\Cyrille\Documents
O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Cyrille]: myCANAL.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
O4 - GS\Desktop [Cyrille]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Cyrille]: myCANAL.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
O4 - GS\Desktop [Cyrille]: PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe
O4 - GS\Desktop [Cyrille]: VSO Media Player 1.lnk . (.VSO Software SARL - VSO Media Player.) -- C:\Program Files (x86)\VSO\VSO Media Player\1\VMP.exe
~ Global Startup: 76 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEFE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Power2GoExpress8] Clé orpheline
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [EPSON Stylus SX200 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEFE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [Power2GoExpress8] Clé orpheline
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\RunOnce: [Adobe Speed Launcher] Clé orpheline
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
[MD5.00000000000000000000000000000000] [APT] [{29DC2616-5782-4A9E-B35C-457099BA6027}] (...) -- G:\epson324599eu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EDBF8529-BDB9-4C04-A4B1-96048C7B9374}] (...) -- C:\Program Files (x86)\click-n-mark-5\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 42 Legitimates Filtered in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
~ Logic: 43 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\PMU]
[HKCU\Software\PartyFrance]
[HKLM\Software\HoldemManager2]
[HKLM\Software\Wow6432Node\IVTUPDATE]
~ Key Software: 292 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/07/2014 - 12:34:55 - [43,420] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 17/02/2014 - 19:09:28 - [19,795] ----D C:\Users\Cyrille\AppData\Roaming\cef-cache
O43 - CFD: 03/12/2014 - 21:11:22 - [9,471] ----D C:\Users\Cyrille\AppData\Roaming\HoldemManager
O43 - CFD: 17/02/2014 - 19:09:18 - [0,015] ----D C:\Users\Cyrille\AppData\Roaming\PartyFrance
O43 - CFD: 16/02/2014 - 00:49:24 - [0,019] ----D C:\Users\Cyrille\AppData\Roaming\PMU
O43 - CFD: 08/02/2014 - 18:43:48 - [0] ----D C:\Users\Cyrille\AppData\Roaming\wam
O43 - CFD: 08/02/2014 - 18:43:49 - [3,836] ----D C:\Users\Cyrille\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 03/12/2014 - 20:11:18 - [0,001] ----D C:\Users\Cyrille\AppData\Roaming\{3D2B3714-F20B-486C-81A2-1949BAE31CF2}_AZ
O43 - CFD: 29/08/2014 - 18:30:11 - [2,606] ----D C:\Users\Cyrille\AppData\Local\Canal.MyCanal
O43 - CFD: 03/12/2014 - 20:12:42 - [0] -SH-D C:\Users\Cyrille\AppData\Local\EmieBrowserModeList
O43 - CFD: 26/04/2014 - 23:11:18 - [0] -SH-D C:\Users\Cyrille\AppData\Local\EmieSiteList
O43 - CFD: 26/04/2014 - 23:11:18 - [0] -SH-D C:\Users\Cyrille\AppData\Local\EmieUserList
O43 - CFD: 26/04/2014 - 22:49:59 - [0] ----D C:\Users\Cyrille\AppData\Local\PackageStaging
~ Program Folder: 167 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.6EF6BBB33D28BA40F6CE1549D5C84BEB] - 02/12/2014 - 21:19:18 ---A- - C:\Windows\Prefetch\LOADER_HM.EXE-FCAEADFE.pf
O45 - LFCP:[MD5.40D75AE18C135D2CFBEC8BD132B935BC] - 02/12/2014 - 21:21:28 ---A- - C:\Windows\Prefetch\HOLDEMMANAGER2SETUP_2.0.0.675-FDFFADD2.pf
O45 - LFCP:[MD5.2907230E1D88FA17A279A3BA459D4D5A] - 02/12/2014 - 21:21:55 ---A- - C:\Windows\Prefetch\ACROEXT.EXE-34F419F0.pf
O45 - LFCP:[MD5.5B76BD0EE38A1AA0F8A09BAA943FE5B3] - 02/12/2014 - 21:28:14 ---A- - C:\Windows\Prefetch\LOADER_HM.EXE-7F19B9B0.pf
O45 - LFCP:[MD5.68F6493A8794A8DBDBC540404946BC0A] - 02/12/2014 - 21:35:43 ---A- - C:\Windows\Prefetch\HOLDEMMANAGER.EXE-E7FB5D45.pf
O45 - LFCP:[MD5.8E32884A4959AC911FF98A06F38EBBA6] - 02/12/2014 - 21:43:22 ---A- - C:\Windows\Prefetch\LOADER_HM.EXE-406D189C.pf
O45 - LFCP:[MD5.BE3AA855715FF8A6CA99A88F858FF4DF] - 02/12/2014 - 22:36:18 ---A- - C:\Windows\Prefetch\LOADER_HM.EXE-D7B85C86.pf
O45 - LFCP:[MD5.95C5E70D5F4953DE492B0A3B00619E16] - 02/12/2014 - 22:48:33 ---A- - C:\Windows\Prefetch\HOLDEMMANAGER.EXE-C7F19DF3.pf
O45 - LFCP:[MD5.F6A2986A758E92514B12E634FF1C8CAA] - 03/12/2014 - 20:12:17 ---A- - C:\Windows\Prefetch\POKERSTOVE121.EXE-604CC08B.pf
O45 - LFCP:[MD5.FB8D0EC7FAC887BF576F67A51A5892D7] - 03/12/2014 - 20:18:10 ---A- - C:\Windows\Prefetch\DIGIHELP.PURBROWSE64.EXE-6EEC3885.pf
O45 - LFCP:[MD5.39220CCFDDFF79077E718EE95A5392AA] - 04/12/2014 - 21:34:26 ---A- - C:\Windows\Prefetch\PIANO8.EXE-7C6FAF9B.pf
O45 - LFCP:[MD5.054D478FDDC7C4CF62306EF63366FBF5] - 05/12/2014 - 20:12:43 ---A- - C:\Windows\Prefetch\JUNTOS_1RE_ANNEE.EXE-65A491E4.pf
O45 - LFCP:[MD5.88FA1F7BBF748D5BB78FCA033C09F556] - 05/12/2014 - 20:12:53 ---A- - C:\Windows\Prefetch\SWWIN.EXE-651CE9E9.pf
O45 - LFCP:[MD5.6A43B8C7E7C2F2615EB0A7FABCD4FE02] - 11/12/2014 - 21:08:32 ---A- - C:\Windows\Prefetch\FIRSTRUN.EXE-ED4F9EAB.pf
O45 - LFCP:[MD5.635103F40D38EB14DCB9B513E8BD6E5A] - 11/12/2014 - 21:12:59 ---A- - C:\Windows\Prefetch\FIXMAPI.EXE-E6CF670C.pf
O45 - LFCP:[MD5.2CE107C434AC82BFA1834B6CB0D5D172] - 14/12/2014 - 17:50:32 ---A- - C:\Windows\Prefetch\WINAMAX POKER.EXE-C751BD0F.pf
O45 - LFCP:[MD5.9CDD4FC0750B0151755AD2C2F5891990] - 15/12/2014 - 18:49:18 ---A- - C:\Windows\Prefetch\HPCONNECTEDMUSIC.EXE-DB7F6AE9.pf
O45 - LFCP:[MD5.FF56F4B8E8E6070637CCF0A73F7E522D] - 16/12/2014 - 20:18:42 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.5CFB32E27FE397711C40B538B5F31061] - 16/12/2014 - 20:54:36 ---A- - C:\Windows\Prefetch\JRT.EXE-A5080F11.pf
O45 - LFCP:[MD5.8CF759621B70248D700DCE345CCB720C] - 17/12/2014 - 16:45:30 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.235BC00E9F28F883CDBAAFA2AC3E4401] - 18/12/2014 - 13:27:54 ---A- - C:\Windows\Prefetch\PfPre_1add30ac.db
O45 - LFCP:[MD5.F1A645CEB0D37E6582830275AEC53702] - 18/12/2014 - 21:10:04 ---A- - C:\Windows\Prefetch\REGFIREFOXADDON.EXE-B493DCC0.pf
O45 - LFCP:[MD5.B83EABC73D6DC540E552053B2558A966] - 18/12/2014 - 21:10:13 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.8E83D03C957887A05B9CE97D1B0014E8] - 18/12/2014 - 21:31:48 ---A- - C:\Windows\Prefetch\1FBF57E8_STP.EXE-02C60A3C.pf
O45 - LFCP:[MD5.79997E8449B975B4DEC2262768A966BC] - 18/12/2014 - 21:32:32 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.25C6743E80252F83C65191F8398664D6] - 18/12/2014 - 21:42:17 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
O45 - LFCP:[MD5.46DD5FDAE1235A3D9536F0420BDB9276] - 26/11/2014 - 20:46:31 ---A- - C:\Windows\Prefetch\POSTGRESQL-8.4.7-1-WINDOWS.EX-4C5E38F4.pf
O45 - LFCP:[MD5.8DA09E96C33A25ABE9F6D6B0FB6C205D] - 26/11/2014 - 22:51:14 ---A- - C:\Windows\Prefetch\PRINTDIALOGHOST.EXE-90923561.pf
~ Prefetcher: 229 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.9BE9F2B83DE80E2752B1405CC427E2EC] - 03/12/2014 - 21:23:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O58 - SDL:[MD5.1323269A92645705DEFA053F3596829D] - 03/12/2014 - 21:23:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.1A5BDDE65B648DC3AD48B6ECAA3AE9C8] - 03/12/2014 - 21:23:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 23/01/2014 - 04:21:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 23/01/2014 - 04:21:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 20 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 15/12/2014 - 21:59:58 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar\broker_metrics.xml [16198]
O61 - LFC: 15/12/2014 - 21:59:59 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\metadata.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 21:59:59 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\metadata.db\LOG [148]
O61 - LFC: 15/12/2014 - 21:59:59 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\metadata.db\MANIFEST-000120 [113]
O61 - LFC: 15/12/2014 - 21:59:59 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\overlay.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 21:59:59 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\overlay.db\LOG [145]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\overlay.db\MANIFEST-000086 [50]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\playlists.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\playlists.db\LOG [145]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\playlists.db\MANIFEST-000086 [50]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\profiledata.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\profiledata.db\LOG [267]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\profiledata.db\MANIFEST-000127 [52]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\profiles2.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\profiles2.db\LOG [145]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\profiles2.db\MANIFEST-000086 [50]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\storage.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\storage.db\LOG [148]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\storage.db\MANIFEST-000107 [161]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\sync.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\sync.db\LOG [145]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\sync.db\MANIFEST-000086 [50]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\tinysooid.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\tinysooid.db\LOG [148]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\tinysooid.db\MANIFEST-000151 [175]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\zone_160181cbfb0dfc86c744bc77f91c635435db.db\CURRENT [16]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\zone_160181cbfb0dfc86c744bc77f91c635435db.db\LOG [265]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Core\zone_160181cbfb0dfc86c744bc77f91c635435db.db\MANIFEST-000137 [204]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Registry\Client\clockskew [11]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Registry\Client\devicecapabilities [4080]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Database\Registry\Client\saved_window_pos [17]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Logs\Sooloos_log.txt [7870]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Logs\import_log.txt [364778]
O61 - LFC: 15/12/2014 - 22:00:00 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\HPConnectedMusic\Settings\minimize_to_taskbar [6]
O61 - LFC: 16/12/2014 - 21:59:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [236]
O61 - LFC: 17/12/2014 - 21:59:53 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Canal.MyCanal\links [0]
O61 - LFC: 17/12/2014 - 21:59:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\EVWhitelist\5\_metadata\verified_contents.json [1553]
O61 - LFC: 17/12/2014 - 21:59:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\EVWhitelist\5\_platform_specific\all\ev_hashes_whitelist.bin [865071]
O61 - LFC: 17/12/2014 - 21:59:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\EVWhitelist\5\manifest.fingerprint [66]
O61 - LFC: 17/12/2014 - 21:59:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\EVWhitelist\5\manifest.json [338]
O61 - LFC: 17/12/2014 - 22:00:38 ---A- . (...) -- C:\Users\Cyrille\Downloads\AdwCleaner-4.105 (1).exe [2166272]
O61 - LFC: 17/12/2014 - 22:00:38 ---A- . (...) -- C:\Users\Cyrille\Downloads\AdwCleaner-4.105.exe [2166272]
O61 - LFC: 18/12/2014 - 21:59:53 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [203679]
O61 - LFC: 18/12/2014 - 21:59:53 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 18/12/2014 - 21:59:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Local State [100302]
O61 - LFC: 18/12/2014 - 22:00:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\AVAST Software\Avast\remotecache.zip [214000]
O61 - LFC: 18/12/2014 - 22:00:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\AVAST Software\Avast\uicred2.dat [230]
O61 - LFC: 18/12/2014 - 22:00:37 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\Log.txt [138959] =>.Nicolas Coolman
O61 - LFC: 18/12/2014 - 22:00:37 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\TestsZHPDiag.txt [2879] =>.Nicolas Coolman
O61 - LFC: 18/12/2014 - 22:00:37 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPDiag.txt [30075] =>.Nicolas Coolman
O61 - LFC: 18/12/2014 - 22:00:39 ---A- . (...) -- C:\Users\Cyrille\Downloads\FlvPlayerSetup.exe [797824]
~ 28 Fichiers temporaires (Temporary files)
~ Files: 291 Legitimates Filtered in 00mn 49s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A59E292A-3546-4D84-AD99-44E0B9E485D5}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{C1B64D8E-BB88-4BE3-B26D-54F3AA606E7E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 223 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/07/1658 0 | (AvastVBoxSvc) . (...) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SS - | Demand 25/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 10/07/1658 0 | (postgresql-8.4) . (...) - c:\postgreSQL\bin\pg_ctl.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 03/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/02/2014 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 12/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 03/12/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 19/08/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 25/12/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 22/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 30/04/2014 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/04/2014 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 30/04/2014 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 21/11/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21/11/2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Cyrille at 18/12/2014 22:01:49
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Cyrille at 18/12/2014 22:01:51
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\InstallCore] =>Adware.InstallCore
~ Additionnel Scan: 278446 Items scanned in 00mn 14s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ MSI: 2 link(s) detected in 00mn 14s
~ 1529 Legitimates filtered by white list
End of the scan (526 lines in 02mn 52s)(0)
-
-
-
j'ai télécharger Pokerstove et après je n'avais plus de boite mail et ni google.
Après-coup j'ai tout supprimer mais je me suis rendu compte qu'il y avait WindowsManger dans le PC. Maitenant le ne peux plus supprimer certans logiciel tel que winamax pour le réinstaller car je n'ai plus d'accès à ce logiciel. -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
-
tenter une restauration ? attention je ne connais pas grand choses en informatique
-
-
J'ai commencé une restauration depuis hier vers minuit et le PC tourne toujours. Est ce que c'est normal?
-
-
-
-
-
-
-
-
Si mais j'ai rallume le PC et de nouveau il marque patientez
-
