Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par jeje76
#10288
bonjour

j'ai depuis quelques temps des mail delevry en nombre sur Outlook
j'ai change le mot de passe de ma messagerie et ne me sert plus pour le moment de Outlook mais je vais devoir y retourner car j'ai plein de mails sauvegardés dont j'ai besoin
j'ai fait un zph diag

voici le rapport
Code: Tout sélectionner
~ Rapport de ZHPDiag v2013.10.4.9 - Nicolas Coolman (04/10/2013)
~ Lancé par Utilisateur (05/10/2013 10:40:22)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686 (Defaut)
GCIE: Google Chrome v30.0.1599.69

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : YY6HX
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner v2.29 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 294 GB (63%) free of 466 GB

---\\ Mode de connexion au système
~ Computer Name: JEJE
~ User Name: Utilisateur
~ All Users Names: Utilisateur, UpdatusUser, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Utilisateur\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 294 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 1 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 36 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.535F6263035F2530A62D5D64EF6E73D3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 04:59:10.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/15484
~ Mes musiques (My Musics) : 22/5130
~ Mes Videos (My Videos) : 2/344
~ Mes Favoris (My Favorites) : 1/75
~ Mes Documents (My Documents) : 2/3861
~ Mon Bureau (My Desktop) : 1/3551
~ Menu demarrer (Programs) : 1/68
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.6DDF679C5DD24B5D2954AC38E356C05D] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6707744] [PID.516]
[MD5.54FA8528EDA1B6B34615F4EA3FCB35E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.1660]
[MD5.28FD28A29C637C9AFEFE0A26E27C6DFE] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432] [PID.492]
[MD5.A591CADA7FAEA205F5A4FA1D156AE6A8] - (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX3000.exe [762736] [PID.2056]
[MD5.E774F875819DEE4A312A921A88F779FE] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576] [PID.2132]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2368]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2628]
[MD5.CFE4BD7C25A750D71A5BD2390953BEB6] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640] [PID.2668]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2852]
[MD5.B2387FD351A3D4780A917E4C00A83310] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3076]
[MD5.CC6BC45DD5A58158645E7FB2953604FE] - (.GRISOFT s.r.o. - AVG Anti-Spyware.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312] [PID.3084]
[MD5.8EEFD0B92F46B6762A5EC41EF55F7043] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208] [PID.3312]
[MD5.B9184A1E68A132A505A61796B31035D0] - (...) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe [421888] [PID.3320]
[MD5.B2F2C6B80624CF017504B125E843B3D3] - (.Voxmobili - Voxsync Desktop Companion.) -- C:\Program Files\PC Sync\Voxsync.exe [712704] [PID.3336]
[MD5.F0EA603E7B91046CA48EA4B3593A007D] - (.Micro Application - Pas de description.) -- C:\Program Files\Micro Application\LauncherMA.exe [485376] [PID.3344]
[MD5.ABC2C67DFD48930F846934B907C3D606] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [7424000] [PID.3372]
[MD5.C95EC84F61F1ACD19248FB686B010FDD] - (...) -- C:\Program Files\PC Sync\SyncManager.exe [139264] [PID.3392]
[MD5.15D982E21248E9BE337D9B40247AF30E] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [7418368] [PID.3504]
[MD5.37287D98A1BF5D56AA729CEB9B27C6B1] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [770648] [PID.5132]
[MD5.9A3A9C55E58B3AE097B226680C74742C] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe [815496] [PID.5356]
[MD5.6BB84262CF78A16DC79D0A5DA441D7D3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8042496] [PID.2556]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.804]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.828]
[MD5.37F77AEBFF23A99D1BFB4F34CD2D07F2] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.980]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1344]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1684]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1736]
[MD5.8726802EA4FBFFA3FD54FD2449BF51D4] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe [217992] [PID.1628]
[MD5.5DCD235C061022BCDA9AA48670B64211] - (.GRISOFT s.r.o. - AVG Anti-Spyware guard.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880] [PID.2360]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2412]
[MD5.25A3B42033D056718A7BF29C2367EBDA] - (.F-Secure - Terra Giga Drive.) -- C:\Program Files\Orange\mes contenus - mon disque\mounter.exe [75648] [PID.2456]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2524]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2548]
[MD5.D98350792A7CE82E7459A7C36481BEDA] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [139632] [PID.2568]
[MD5.8CFCA7E2FD4B57C2BEF929C1C1A4C56E] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760] [PID.2704]
[MD5.0765EE4A7A0D6609BF91CA2E4700E885] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.2788]
[MD5.C00149A7027081539A66DC5A46695EAD] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3836]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.5936]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: AVG Anti-Spyware.lnk . (.GRISOFT s.r.o. - AVG Anti-Spyware.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - GS\QuickLaunch [Utilisateur]: Livephone.lnk . (...) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - GS\QuickLaunch [Utilisateur]: Zipeg.lnk . (.www.zipeg.com - Zipeg Archive Explorer.) -- C:\Users\Utilisateur\AppData\Local\Zipeg\Application\zipeg.exe
O4 - GS\Program [Utilisateur]: Zipeg.lnk . (.www.zipeg.com - Zipeg Archive Explorer.) -- C:\Users\Utilisateur\AppData\Local\Zipeg\Application\zipeg.exe
O4 - GS\Desktop [Utilisateur]: Casto 3D Salle de Bain.lnk . (...) -- C:\Users\Utilisateur\AppData\Local\SquareClock.Production_Castorama_Bathroom_Internet\SQ.3D.Modeller.exe
O4 - GS\Desktop [Utilisateur]: Orange mes contenus.lnk . (.F-Secure - Orange mes contenus.) -- C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe
O4 - GS\Desktop [Utilisateur]: SosVirus Forum.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.sosvirus.net
O4 - GS\Desktop [Utilisateur]: SosVirus On Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.facebook.com
O4 - GS\Desktop [UpdatusUser]: LG Burning Tool.lnk . (.CyberLink Corp. - Power2Go Express.) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
O4 - GS\Desktop [UpdatusUser]: LG Power Tools.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
~ Global Startup: 73 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: PC Sync.lnk . (.Voxmobili - Voxsync Desktop Companion.) -- C:\Program Files\PC Sync\Voxsync.exe
O4 - GS\Startup [Utilisateur]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files\Micro Application\LauncherMA.exe
O4 - GS\Startup [Utilisateur]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [LGODDFU] . (.BitLeader - Pas de description.) -- C:\Program Files\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [snpstd] . (.Pas de propriétaire - CameraMonitor MFC Application.) -- C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
O4 - HKLM\..\Run: [VX3000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] . (.GRISOFT s.r.o. - AVG Anti-Spyware.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [orangeinside] . (...) -- C:\Users\Utilisateur\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKCU\..\Run: [Orange mes contenus] . (.F-Secure - Orange mes contenus.) -- C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe
O4 - HKUS\S-1-5-18\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1019762965-377897471-781530967-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-1019762965-377897471-781530967-1000\..\Run: [orangeinside] . (...) -- C:\Users\Utilisateur\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
O4 - HKUS\S-1-5-21-1019762965-377897471-781530967-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-1019762965-377897471-781530967-1000\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-21-1019762965-377897471-781530967-1000\..\Run: [Orange mes contenus] . (.F-Secure - Orange mes contenus.) -- C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - https://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} ((no name)) - https://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} ((no name)) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} ((no name)) - https://sdb3d.leroymerlin.fr/leroymerlin_sdb_planner/Core/Player/2020PlayerAX_WEB_Win32.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} ((no name)) - https://wanadoofr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E405601-CDCE-4E78-B5CC-F0EC0235BE5A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D38E65FE-B726-4063-8FF4-C9E6BAF579BA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D38E65FE-B726-4063-8FF4-C9E6BAF579BA}: DhcpDomain = Belkin
O17 - HKLM\System\CS1\Services\Tcpip\..\{6E405601-CDCE-4E78-B5CC-F0EC0235BE5A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D38E65FE-B726-4063-8FF4-C9E6BAF579BA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D38E65FE-B726-4063-8FF4-C9E6BAF579BA}: DhcpDomain = Belkin
O17 - HKLM\System\CS2\Services\Tcpip\..\{6E405601-CDCE-4E78-B5CC-F0EC0235BE5A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D38E65FE-B726-4063-8FF4-C9E6BAF579BA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D38E65FE-B726-4063-8FF4-C9E6BAF579BA}: DhcpDomain = Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 02s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (AVG Anti-Spyware Driver) . (...) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
O41 - Driver: (ixmeydvc) . (. - .) - C:\Windows\system32\drivers\ixmeydvc.sys (.not file.)
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: CSI NY - (...) [HKLM] -- CSINYUbisoft
O42 - Logiciel: Chateau Magique RCT3 - (...) [HKLM] -- Chateau Magique RCT3
O42 - Logiciel: Chateau Magique RCT3 set 2 - (...) [HKLM] -- Chateau Magique RCT3 set 2
O42 - Logiciel: MaxiGet - (...) [HKCU] -- MaxiGet_is1
O42 - Logiciel: Pack Travaux RCT3 - (...) [HKLM] -- Pack Travaux RCT3
O42 - Logiciel: Rock'n rollercoaster RCT3 - (...) [HKLM] -- Rock'n rollercoaster RCT3
O42 - Logiciel: Ski Park Manager 2003 Demo - (.Microids.) [HKCU] -- Ski Park Manager 2003 Demo_is1
O42 - Logiciel: Skyscraper Simulator - (...) [HKLM] -- Skyscraper Simulator
O42 - Logiciel: Zipeg - (.https://zipeg.com.&#41; [HKCU] -- Zipeg
~ Logic: 132 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\CSI NY]
~ Key Software: 178 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/02/2012 - 15:48:18 - [146,726] ----D C:\Program Files\Skyscraper Simulator
O43 - CFD: 25/02/2012 - 16:35:40 - [386,985] ----D C:\Program Files\Transport ferroviaire Simulator
O43 - CFD: 04/02/2011 - 18:54:16 - [1,368] ----D C:\Program Files\Zipeg
O43 - CFD: 23/04/2013 - 13:19:38 - [0,003] ----D C:\ProgramData\clp
O43 - CFD: 19/04/2012 - 14:56:47 - [0,003] ----D C:\Users\Utilisateur\AppData\Roaming\Telephone sur PC
O43 - CFD: 12/12/2010 - 20:28:36 - [0,080] ----D C:\Users\Utilisateur\AppData\Roaming\Zipeg
O43 - CFD: 06/11/2010 - 09:31:42 - [0,001] ----D C:\Users\Utilisateur\AppData\Local\com.zipeg
O43 - CFD: 31/08/2013 - 15:59:36 - [24,060] ----D C:\Users\Utilisateur\AppData\Local\Maxiget
O43 - CFD: 29/05/2012 - 13:13:39 - [3,770] ----D C:\Users\Utilisateur\AppData\Local\Zipeg
O43 - CFD: 19/06/2010 - 11:17:38 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chateau Magique RCT3
O43 - CFD: 31/08/2013 - 15:59:34 - [0,004] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxiGet
O43 - CFD: 06/11/2010 - 10:30:20 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rock'n rollercoaster RCT3
~ 809 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1052 Legitimates Filtered in 00mn 18s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CB17A47D090938A02DACB066D6D5A124] - 28/09/2013 - 14:07:18 ---A- . (...) -- C:\Windows\System32\rp_rules.dat [44]
O44 - LFC:[MD5.8A3D5B46FF8C9CED46304F1EBB5F9AFE] - 28/09/2013 - 14:07:18 ---A- . (...) -- C:\Windows\System32\rp_stats.dat [64]
O44 - LFC:[MD5.784A88124B0B08C78F15450A817BB5D3] - 30/09/2013 - 18:05:33 ---A- . (...) -- C:\UsbFix [Clean 1] JEJE.txt [13468]
O44 - LFC:[MD5.DB72332581E2EE7FAB753FE4F23F3D47] - 30/09/2013 - 18:24:18 ---A- . (...) -- C:\aaw7boot.log [114345]
~ Files: 13 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.B8CC3D0C86501448F5B17B81DC21E770] - 05/10/2013 - 08:49:50 ---A- - C:\Windows\Prefetch\30.0.1599.69_29.0.1547.76_CHR-C0C0B387.pf
O45 - LFCP:[MD5.EFB0077EEF284E590A52386E50E8F145] - 30/09/2013 - 19:33:04 ---A- - C:\Windows\Prefetch\AD-AWAREADMIN.EXE-6DA58883.pf
~ Prefetcher: 73 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - AVG Anti-Spyware 7.5 - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E5E3B2808E716621220B295810204A82] - 18/07/2012 - 14:16:32 ---A- . (.Windows (R) Win 7 DDK provider - Dokan Filesystem Driver.) -- C:\Windows\System32\Drivers\dokan.sys [64384]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/10/2013 - 09:40:06 ---A- . (...) -- C:\Users\Utilisateur\AppData\Roaming\ZHP\TestsZHPDiag.txt [2960] =>.Nicolas Coolman
O61 - LFC: 05/10/2013 - 09:41:19 ---A- . (...) -- C:\Users\Utilisateur\AppData\Roaming\ZHP\Log.txt [17936] =>.Nicolas Coolman
~ Files: 379 Legitimates Filtered in 00mn 13s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - https://www.usbfix.net.&#41; [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 30/05/2007 - Pas de propriétaire (AVG Anti-Spyware Driver) .(...) - LEGACY_AVG_ANTI-SPYWARE_DRIVER
~ Legacy: 163 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - https://rws.search.ke.voila.fr
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Program Files\Atari\RollerCoaster Tycoon 3\Style\Themed\WAGIDisneyAmerica3\WAGI-DisneyAmericaSet3\WAGIDA-ColorCrackerFireworks.common.ovl
C:\Users\Utilisateur\Desktop\rct3\WAGI DisneyAmerica3\WAGI DisneyAmerica3\WAGIDisneyAmerica3\WAGI-DisneyAmericaSet3\WAGIDA-ColorCrackerFireworks.common.ovl
C:\Program Files\Atari\RollerCoaster Tycoon 3\Style\Themed\WAGIDisneyAmerica3\WAGI-DisneyAmericaSet3\WAGIDA-ColorCrackerFireworks.common.ovl
C:\Users\Utilisateur\Desktop\rct3\WAGI DisneyAmerica3\WAGI DisneyAmerica3\WAGIDisneyAmerica3\WAGI-DisneyAmericaSet3\WAGIDA-ColorCrackerFireworks.common.ovl
~ Files: Scanned in 00mn 15s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\Quarantine.exe [344583]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "02639FE151B44BD40BAE88E9F2810718" . (.FreeCompressor.) -- C:\Windows\Installer\{1EF93620-4B15-4DB4-B0EA-889E2F187081}\ARPPRODUCTICON.exe
~ Update Products: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.6AB691CA3DEB6C244DF3757ABEBFB98A] [WIS][22/01/2012] (.Micro Application - LauncherMA.) -- C:\Windows\Installer\6f9988.msi [623616]
~ WIS: 52 Legitimates Filtered in 00mn 05s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 20/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/05/2007 312880 | (AVG Anti-Spyware Guard) . (.GRISOFT s.r.o..) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 20/07/2012 75648 | (DokanMounter) . (.F-Secure.) - C:\Program Files\Orange\mes contenus - mon disque\mounter.exe
SS - | Auto 17/04/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/04/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 17/09/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 15/04/2009 271760 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, https://www.gmer.net
Run by Utilisateur at 05/10/2013 10:42:02

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by Utilisateur at 05/10/2013 10:42:04

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12937 - (04/10/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\Installer\Features\02639FE151B44BD40BAE88E9F2810718] =>Adware.SPointer
[HKLM\Software\Classes\Installer\Products\02639FE151B44BD40BAE88E9F2810718] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\02639FE151B44BD40BAE88E9F2810718] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
~ Additionnel Scan: 344170 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
~ https://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 2 link(s) detected in 00mn 35s



~ 2444 Legitimates filtered by white list
End of the scan (525 lines in 02mn 16s)(4)
merci de votre aide
Avatar du membre
par g3n-h@ckm@n
#10342
salut tu utilises chrome ?
Avatar du membre
par g3n-h@ckm@n
#10360
  • Télécharge (de El Desaparecido) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisi l'option Suppression

    Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
Avatar du membre
par g3n-h@ckm@n
#10449
tu dois tout de meme avoir un rapport dans C:\
Avatar du membre
par jeje76
#11154
bonjour

désolé de répondre que maintenant mais je n'était pas a mon domicile

en effet j'ai un rapport et le voici
Code: Tout sélectionner
############################## | UsbFix V 7.143 | [Suppression]

Utilisateur: Utilisateur (Administrateur) # JEJE
Mis à jour le 05/10/2013 par El Desaparecido - Team SosVirus
Lancé à 14:05:21 | 06/10/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: MICRO-STAR INTERNATIONAL CO.,LTD (G31TM-P35 (MS-7529))
CPU: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
RAM -> [Total : 3071 | Free : 1947]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 466 Go (294 Go libre(s) - 63%) [] # NTFS
D:\ -> CD-ROM

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
HKLM\SOFTWARE | Run : [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM\SOFTWARE | Run : [UpdateLBPShortCut] - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\SOFTWARE | Run : [CLMLServer] - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
HKLM\SOFTWARE | Run : [UpdateP2GoShortCut] - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\SOFTWARE | Run : [RemoteControl8] - "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
HKLM\SOFTWARE | Run : [PDVD8LanguageShortcut] - "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
HKLM\SOFTWARE | Run : [UpdatePPShortCut] - "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
HKLM\SOFTWARE | Run : [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
HKLM\SOFTWARE | Run : [LGODDFU] - "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
HKLM\SOFTWARE | Run : [UpdatePSTShortCut] - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\SOFTWARE | Run : [snpstd] - C:\Windows\vsnpstd.exe
HKLM\SOFTWARE | Run : [LifeCam] - "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
HKLM\SOFTWARE | Run : [VX3000] - C:\Windows\vVX3000.exe
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\SOFTWARE | Run : [IntelliPoint] - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
HKLM\SOFTWARE | Run : [itype] - "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [!AVG Anti-Spyware] - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TELEPHONESURPCAGENT] - "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe" -run "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPC.exe"
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TELEPHONESURPCAGENT] - "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe" -run "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPC.exe"
HKU\S-1-5-21-1019762965-377897471-781530967-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1019762965-377897471-781530967-1000\SOFTWARE | Run : [orangeinside] - C:\Users\Utilisateur\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
HKU\S-1-5-21-1019762965-377897471-781530967-1000\SOFTWARE | Run : [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-1019762965-377897471-781530967-1000\SOFTWARE | Run : [TELEPHONESURPCAGENT] - "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe"
HKU\S-1-5-21-1019762965-377897471-781530967-1000\SOFTWARE | Run : [Orange mes contenus] - "C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe" /delayed
HKU\S-1-5-21-1019762965-377897471-781530967-1000_Classes\SOFTWARE | Run : [TELEPHONESURPCAGENT] - "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe" -run "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPC.exe"
HKU\S-1-5-18\SOFTWARE | Run : [TELEPHONESURPCAGENT] - "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe" -run "C:\Program Files\Orange\Telephone sur PC\TelephoneSurPC.exe"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\nvvsvc.exe (ID 800 |ParentID 560)
Stoppé! C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID 824 |ParentID 560)
Stoppé! c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID 936 |ParentID 560)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1408 |ParentID 800)
Stoppé! C:\Windows\system32\nvvsvc.exe (ID 1416 |ParentID 800)
Stoppé! C:\Windows\System32\spoolsv.exe (ID 1660 |ParentID 560)
Stoppé! C:\Windows\system32\taskhost.exe (ID 1960 |ParentID 560)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID 2044 |ParentID 1684)
Stoppé! C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (ID 300 |ParentID 1684)
Stoppé! C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (ID 440 |ParentID 1684)
Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1804 |ParentID 560)
Stoppé! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 1036 |ParentID 560)
Stoppé! C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe (ID 2108 |ParentID 2088)
Stoppé! C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (ID 2132 |ParentID 560)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (ID 2164 |ParentID 560)
Stoppé! C:\Program Files\Orange\mes contenus - mon disque\mounter.exe (ID 2216 |ParentID 560)
Stoppé! C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 2292 |ParentID 560)
Stoppé! C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID 2388 |ParentID 560)
Stoppé! C:\Program Files\Microsoft LifeCam\MSCamS32.exe (ID 2448 |ParentID 560)
Stoppé! C:\Program Files\CyberLink\Shared files\RichVideo.exe (ID 2544 |ParentID 560)
Stoppé! C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (ID 2620 |ParentID 560)
Stoppé! C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID 2684 |ParentID 2388)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID 3148 |ParentID 1408)
Stoppé! C:\Windows\vVX3000.exe (ID 3320 |ParentID 1684)
Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (ID 3460 |ParentID 1684)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID 3480 |ParentID 560)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID 3968 |ParentID 1104)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 4064 |ParentID 560)
Stoppé! C:\Program Files\Microsoft IntelliPoint\ipoint.exe (ID 2892 |ParentID 1684)
Stoppé! C:\Program Files\Microsoft IntelliType Pro\itype.exe (ID 2904 |ParentID 1684)
Stoppé! C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID 1724 |ParentID 1684)
Stoppé! C:\Program Files\iTunes\iTunesHelper.exe (ID 1632 |ParentID 1684)
Stoppé! C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (ID 3476 |ParentID 1684)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (ID 3912 |ParentID 560)
Stoppé! C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (ID 2096 |ParentID 1684)
Stoppé! C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe (ID 3340 |ParentID 1684)
Stoppé! C:\Program Files\PC Sync\Voxsync.exe (ID 3540 |ParentID 1684)
Stoppé! C:\Program Files\Micro Application\LauncherMA.exe (ID 3844 |ParentID 1684)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.exe (ID 4020 |ParentID 2408)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.bin (ID 2140 |ParentID 4020)
Stoppé! C:\Program Files\PC Sync\SyncManager.exe (ID 1728 |ParentID 3540)
Stoppé! C:\Program Files\Internet Explorer\iexplore.exe (ID 4244 |ParentID 1684)
Stoppé! C:\Program Files\Internet Explorer\iexplore.exe (ID 4308 |ParentID 4244)
Stoppé! C:\Program Files\Internet Explorer\iexplore.exe (ID 3060 |ParentID 1684)
Stoppé! C:\Program Files\Internet Explorer\iexplore.exe (ID 1744 |ParentID 3060)
Stoppé! C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe (ID 1152 |ParentID 740)
Stoppé! C:\Windows\system32\wermgr.exe (ID 892 |ParentID 936)

################## | à‰léments infectieux |

merci encore de votre aide

pour infos, je n'ai plus de message no delivery depuis que j'ai change mon mdp de ma messagerie
Avatar du membre
par g3n-h@ckm@n
#11161
ok c'est deja ca......

desinstalle la version d'usbfix que tu as et retelecharge-le il a été mis à jour

ensuite relance-le en mode sans echec
Avatar du membre
par g3n-h@ckm@n
#13304
Salut pas de réponses , ton problème est considéré comme résolu , bonne suite :)

    Coucou, :) Avant de tout réinstaller en […]

    Suspicion de virus crypto

    Ok bonne route :)

    Problème avec Adsfix

    bonsoir ok , à te lire prochainement :)

    suspicion de contamination

    ok très bien, merci