Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
#11136
Bonjour,
Windoxs Internet Explorer se refermant sans cesse et d'une façon répétitive, j'ai fait une analyse avec Malwarebytes Anti-Malware qui m'a trouvé les résultats ci-dessous.
Pour l'instant j'ai mis ces 6 éléments en quarantaine. Pourriez-vous me dire si je dois les supprimer ou les restaurer et si c'est grave ?


Malwarebytes Anti-Malware (Essai) 1.75.0.1300


Version de la base de données: v2013.10.12.08

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Alice :: ACER-3FAFADAADF [administrateur]

Protection: Activé

13/10/2013 02:36:20
mbam-log-2013-10-13 (02-36-20).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 213066
Temps écoulé: 9 minute(s), 43 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Program Files\LyricsBuddy-1 (PUP.Optional.LyricsBuddy.A) -> Aucune action effectuée.

Fichier(s) détecté(s): 5
C:\WINDOWS\Tasks\LyricsBuddy-1-codedownloader.job (PUP.Optional.Lyrics.A) -> Aucune action effectuée.
C:\WINDOWS\Tasks\LyricsBuddy-1-enabler.job (PUP.Optional.Lyrics.A) -> Aucune action effectuée.
C:\WINDOWS\Tasks\LyricsBuddy-1-updater.job (PUP.Optional.Lyrics.A) -> Aucune action effectuée.
C:\Program Files\LyricsBuddy-1\background.html (PUP.Optional.LyricsBuddy.A) -> Aucune action effectuée.
C:\Program Files\LyricsBuddy-1\Installer.log (PUP.Optional.LyricsBuddy.A) -> Aucune action effectuée.

(fin)
#11142
Hello :hello: ,

Bienvenue sur SosVirus :welcome: ,
  • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Choisi l'option Scanner
    2. Choisi l'option Nettoyer
  • Accepte l'avertissement en cliquant sur OK

    Image
  • Acceptes les avertissements/informations en cliquant sur OK
  • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
#11245
Bonsoir,
Désolée, j'ai dà» m'absenter tout l'après-midi !
Voici le rapport de AdwCleaner, que dois-je faire maintenant ?
Merci d'avance, à bientôt.

# AdwCleaner v3.007 - Rapport créé le 13/10/2013 à 19:35:47
# Mis à jour le 09/10/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Alice - ACER-3FAFADAADF
# Exécuté depuis : C:\Documents and Settings\Alice\Local Settings\Temporary Internet Files\Content.IE5\9DN6E47F\adwcleaner[1].exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[ Fichier : C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1253 octets] - [13/10/2013 19:33:52]
AdwCleaner[S0].txt - [1177 octets] - [13/10/2013 19:35:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1237 octets] ##########
#11258
Désolée, j'ai dà» m'absenter tout l'après-midi !
Pas de soucis ;)
que dois-je faire maintenant ?
Ca se termine ;) :

Nous allons éffectuer un diagnostic de ton ordinateur afin de voir si ton pc contient d'autres types d'infection ou pas.
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

    Image
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier à été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
#11377
Bonjour,

Peux-tu me donner un conseil pour ce vieux PC de 2006 que j'ai complètement réinstaller, suite à quoi, j'ai choppé les 6 malwares qui sont l'objet du sujet que nous essayons de traiter:
Après toutes les mises à jour Windows, j‚ai réussi à stabiliser Internet Explorer 8 qui s‚interrompait sans cesse en le réinitialisant avec l'aide de Microsoft, mais ça m‚a désactivé les Toolbars d‚Avira et du coup je n‚ai plus de protection Web.
Faut-il essayer de réinstaller cette "terrible" Toolbar ou désinstaller Avira Free pour mettre un autre antivirus ?
Que me conseillerais-tu comme bon antivirus gratuit ?


Voici donc mon rapport ZHPDiag :

~ Rapport de ZHPDiag v2013.10.13.35 - Nicolas Coolman (13/10/2013)
~ Lancé par Alice (14/10/2013 03:41:18)
~ Adresse du Site Web
~ Forums gratuits d'Assistance à la désinfection :
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v4.06 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 894 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 26 GB (58%) free of 44 GB

---\\ Mode de connexion au système
~ Computer Name: ACER-3FAFADAADF
~ User Name: Alice
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Alice, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Alice\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Alice\Application Data\
~ %Desktop% : C:\Documents and Settings\Alice\Bureau\
~ %Favorites% : C:\Documents and Settings\Alice\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Alice\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Alice\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 44 Go)
D: Hard drive, Flash drive, Thumb drive (Free 44 Go of 44 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 31 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:34.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/9
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/80
~ Mes Documents (My Documents) : 1/40
~ Mon Bureau (My Desktop) : 0/38
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.B2906F9E62A6AC6AD7F5F35DE9656098] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [401408] [PID.996]
[MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1756]
[MD5.9C69E6A25F5500501B14AF43311F8D8B] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [64512] [PID.188]
[MD5.33F7659872C1C2CE295FBD1754B63957] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16248320] [PID.268]
[MD5.3B743D7A1B3C2162D475D4E34E5C6070] - (.Pas de propriétaire - Acer ePower Management DMC.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [421888] [PID.300]
[MD5.59307A84CACE50B66089DBD5F74EA17A] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761946] [PID.340]
[MD5.3FD55016CA34850ED208F1A0D3FFD2DE] - (.Dritek System Inc. - Acer Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe [602112] [PID.356]
[MD5.C67E00C1DCA52FB369DC54E9EE653D47] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [413696] [PID.372]
[MD5.72292AE254AD01236143E750D8952D03] - (.Adobe Systems Incorporated - Adobe Photo Downloader 3.0 component.) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752] [PID.400]
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.408]
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.428] =>Toolbar.Ask
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\eHome\ehmsas.exe [46592] [PID.476]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.548]
[MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [45056] [PID.560]
[MD5.CC5CB8DC9144F3D3F86BC9FEA6843EAA] - (.Acer Inc. - Acer Empowering Techonology Framework Launc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [45056] [PID.736]
[MD5.3CAABC2D0F87413EB1E0C7E0B3245E67] - (.Acer Inc. - Pas de description.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.2476]
[MD5.63AB43534CBF5D7F3EB81DFDC8161490] - (...) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712] [PID.2612]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.2680]
[MD5.6D46AB4C073FE2692FD72D1808CA2260] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [164816] [PID.2724]
[MD5.D039A0C347632622934906BD59A4E1EA] - (.Microsoft Corporation - Media Center Receiver Service.) -- C:\WINDOWS\eHome\ehRecvr.exe [237568] [PID.2760]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) -- C:\WINDOWS\eHome\ehSched.exe [103424] [PID.2776]
[MD5.AB8134127F786C9603817B5318DCEEAA] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [73728] [PID.2836]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3024]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3044]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3304]
[MD5.F30BF9FC4275156F2AE96FCDF1ED5EE4] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.3968]
[MD5.07E1BF2B3776AA67A621DED3810C1626] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [815160] [PID.3988]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.3640]
[MD5.2176B4590387405E5F2405C3CEF0C02A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8078848] [PID.2260]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 39s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Avira
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [Alice]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [Alice]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 15 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: Acer Empowering Technology.lnk . (.Acer Inc. - Acer Empowering Techonology Framework Launc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Clé orpheline
O4 - HKLM\..\Run: [AzMixerSel] . (.Realtek Semiconductor Corp. - Azalia Mixer Selector.) -- C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] . (...) -- C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] . (.Pas de propriétaire - AcerePre Application.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [ePower_DMC] . (.Pas de propriétaire - Acer ePower Management DMC.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] . (...) -- C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Acer Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ATICCC] . (...) -- C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
O4 - HKLM\..\Run: [eRecoveryService] . (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Adobe Photo Downloader] . (.Adobe Systems Incorporated - Adobe Photo Downloader 3.0 component.) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1222565020-3402336239-1393892285-1005\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1222565020-3402336239-1393892285-1005\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} ((no name)) -
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07DC3C58-0E3F-40A3-84C8-D6BF5140AE0E}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{07DC3C58-0E3F-40A3-84C8-D6BF5140AE0E}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{07DC3C58-0E3F-40A3-84C8-D6BF5140AE0E}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: 10 Legitimates Filtered in 00mn 09s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\Wallpaper\Acer.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\Wallpaper\Acer.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\TEXTware A/S]
~ Key Software: 145 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/10/2013 - 02:26:22 - [3,228] ----D C:\Program Files\TEXTware
O43 - CFD: 12/10/2013 - 07:10:44 - [9,956] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 12/10/2013 - 07:10:44 - [0,783] ----D C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
O43 - CFD: 13/10/2013 - 00:12:00 - [0] ----D C:\Documents and Settings\All Users\Application Data\APN
O43 - CFD: 12/10/2013 - 03:29:30 - [0] ----D C:\Documents and Settings\Alice\Local Settings\Application Data\.SIPPS
~ Program Folder: 98 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4E62F28838D07ADD88EE668FE75EE68D] - 11/10/2013 - 02:15:52 ---A- . (...) -- C:\WINDOWS\GVista.exe [633446]
O44 - LFC:[MD5.C1EEC2F7ABE39469D03AE5C5C62D1FD0] - 11/10/2013 - 02:15:53 ---A- . (...) -- C:\WINDOWS\AntiV.EXE [589824]
O44 - LFC:[MD5.59A19AB5FDD804121737758DB90EBB8B] - 11/10/2013 - 02:15:53 ---A- . (...) -- C:\WINDOWS\AntiV.INI [2790]
O44 - LFC:[MD5.24BCB56893AD1C611912893BBF5244EF] - 11/10/2013 - 02:15:54 ---A- . (...) -- C:\WINDOWS\CLEANUP.CMD [991]
O44 - LFC:[MD5.76669A64D2E6E21C81B0EED2F12D600C] - 11/10/2013 - 02:15:57 ---A- . (...) -- C:\WINDOWS\EMEAPAGE.EXE [159821]
O44 - LFC:[MD5.C1026A45EE866826BD463C1FC91168ED] - 11/10/2013 - 02:15:57 ---A- . (...) -- C:\WINDOWS\EMEAPAGE.INI [84]
O44 - LFC:[MD5.F1CFD87B0891DBF3E012829B1758BFB0] - 11/10/2013 - 02:15:58 ---A- . (...) -- C:\WINDOWS\HotFix.bat [903]
O44 - LFC:[MD5.4B718D109217E78FA6781A64B56D932C] - 11/10/2013 - 02:25:06 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [37441]
O44 - LFC:[MD5.A60423F0F71BAE47B9AFB9680F917B33] - 11/10/2013 - 02:27:40 ---A- . (...) -- C:\RHDSetup.log [559]
O44 - LFC:[MD5.7171E197044E987B1094F4E98021720F] - 11/10/2013 - 02:33:32 ---A- . (...) -- C:\WINDOWS\LManager.UNI [83]
O44 - LFC:[MD5.C1EDCC75FF20871AC6B1CB8D7AD082E9] - 11/10/2013 - 02:46:28 ---A- . (...) -- C:\WINDOWS\system32\Acer EULA.txt [7549]
O44 - LFC:[MD5.FF4CBFD9DC16A3334D50EC5DE7C65B6C] - 11/10/2013 - 02:46:28 ---A- . (...) -- C:\WINDOWS\system32\ClearEvent.exe [16384]
O44 - LFC:[MD5.F0A3381C068FD9797D0508322A2C9E42] - 11/10/2013 - 02:46:28 ---A- . (...) -- C:\WINDOWS\system32\setup.iss [552]
O44 - LFC:[MD5.70727E4147ABC5CF9BF8362FB4F4A911] - 11/10/2013 - 02:52:16 ---A- . (...) -- C:\WINDOWS\GridV.UNI [92]
O44 - LFC:[MD5.4E4743BF83581C88B20759EDFBB225EA] - 11/10/2013 - 02:52:26 ---A- . (...) -- C:\WINDOWS\ALaunch.ini [81]
O44 - LFC:[MD5.1DF5191C4F1F3A0E03961D66379B3640] - 11/10/2013 - 20:49:48 ---A- . (...) -- C:\WINDOWS\SEC120.PNF [2948]
O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 11/10/2013 - 20:50:42 RSHA- . (...) -- C:\ntldr [252240]
O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 11/10/2013 - 20:50:54 ----- . (...) -- C:\WINDOWS\system32\Drivers\netwlan5.img [67866]
O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 11/10/2013 - 20:50:55 ----- . (...) -- C:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045]
O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 11/10/2013 - 20:50:56 ----- . (...) -- C:\WINDOWS\system32\Drivers\ativmc20.cod [64352]
O44 - LFC:[MD5.8AC96E7871FC19BDD4DC21172F672EF8] - 11/10/2013 - 20:57:24 ---A- . (...) -- C:\WINDOWS\SEC13EC.PNF [8840]
O44 - LFC:[MD5.5C174F8108BAB900D3AB1DF1A29A58E5] - 11/10/2013 - 21:03:00 ---A- . (...) -- C:\WINDOWS\system32\spupdwxp.log [90]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 11/10/2013 - 21:03:06 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.7D99A501FFF82838E48001EFB5485430] - 12/10/2013 - 01:26:23 ---A- . (.TEXTware A/S - Illuminator Kernel.) -- C:\WINDOWS\system32\ILLKRN.DLL [160768]
O44 - LFC:[MD5.BE5F8368C87DA4F261A1B69CF6276AD8] - 12/10/2013 - 01:26:23 ---A- . (.TEXTware A/S - Illuminator Parser.) -- C:\WINDOWS\system32\Illprs.dll [199168]
O44 - LFC:[MD5.F4F81FE11FE0A04ED2CCC1916769D01D] - 12/10/2013 - 01:26:24 ---A- . (...) -- C:\WINDOWS\system32\ILXTBS.DLL [143360]
O44 - LFC:[MD5.7B4686A01EEF3F571AEEDB9100719D88] - 12/10/2013 - 01:26:24 ---A- . (.TEXTware A/S - HTML Viewer.) -- C:\WINDOWS\system32\HTML.ILX [434688]
O44 - LFC:[MD5.E4A5D2EB9F8B58A046FD59F42DDED463] - 12/10/2013 - 01:26:24 ---A- . (.TEXTware A/S - Illuminator PlugIn.) -- C:\WINDOWS\system32\TWATBS.ILX [62464]
O44 - LFC:[MD5.D62AE0BC8EEF7D4FEEE4963E5118EB0A] - 12/10/2013 - 01:26:24 ---A- . (.TEXTware A/S - Pas de description.) -- C:\WINDOWS\system32\ListBox.ILX [81920]
O44 - LFC:[MD5.466D8731BC5C4AD1C5628C80C2BCFB0A] - 12/10/2013 - 01:26:25 ---A- . (...) -- C:\WINDOWS\system32\ASpell.ILX [305152]
O44 - LFC:[MD5.4FA2C0DC19266EFB344EFCEBC28EE760] - 12/10/2013 - 01:26:25 ---A- . (...) -- C:\WINDOWS\system32\Bass.ILX [52224]
O44 - LFC:[MD5.9E8D8A2A068E01B6F54A822E4F756DE9] - 12/10/2013 - 01:26:25 ---A- . (...) -- C:\WINDOWS\system32\PolyHot.ILX [47104]
O44 - LFC:[MD5.4AFD52E2BDA5BC49FD8B0E439069F086] - 12/10/2013 - 01:26:25 ---A- . (...) -- C:\WINDOWS\system32\TWAIED02.DLL [18432]
O44 - LFC:[MD5.C0EEB726654FF7D8A0F4500848A21BC1] - 12/10/2013 - 01:26:25 ---A- . (...) -- C:\WINDOWS\system32\TwaBcu.ILX [28672]
O44 - LFC:[MD5.4644D2C5DFAA0A10F4FA79911A2458BF] - 12/10/2013 - 01:26:25 ---A- . (...) -- C:\WINDOWS\system32\WavRecpk4.bpl [17408]
O44 - LFC:[MD5.960C3FC5D1BE0D190D3F97B88A65C754] - 12/10/2013 - 01:26:25 ---A- . (...) -- C:\WINDOWS\system32\bass.dll [99092]
O44 - LFC:[MD5.80C61F596F8689BFDDBAA72F457986A9] - 12/10/2013 - 01:26:25 ---A- . (.Polar - Polar SpellChecker ActiveX Control Module.) -- C:\WINDOWS\system32\polspell.dll [70656]
O44 - LFC:[MD5.A784B3BFAF8C56B95BEFF8AC4D00E779] - 12/10/2013 - 01:26:25 ---A- . (.TEXTware A/S - Illuminator MPegPlayer.) -- C:\WINDOWS\system32\MPegPlay.ILX [162304]
O44 - LFC:[MD5.F3605BECD45BF268A015389D918DAB52] - 12/10/2013 - 01:26:25 ---A- . (.TEXTware A/S - Illuminator PlugIn.) -- C:\WINDOWS\system32\Textv.ILX [140288]
O44 - LFC:[MD5.FF9F5C6E86452027F69675FD2F7E66B7] - 12/10/2013 - 01:26:25 ---A- . (.TEXTware A/S - Pas de description.) -- C:\WINDOWS\system32\Whelp.ILX [36352]
O44 - LFC:[MD5.CA44D04708FECD41F2465636D3965FAF] - 12/10/2013 - 01:26:26 ---A- . (...) -- C:\WINDOWS\system32\QFClient.ILX [48128]
O44 - LFC:[MD5.2B17E36156517FC8B5673AB844B33680] - 12/10/2013 - 01:26:26 ---A- . (...) -- C:\WINDOWS\system32\TWABTE32.TBM [258048]
O44 - LFC:[MD5.A1E49C7D9447614D79AA9F0FD4086EC5] - 12/10/2013 - 01:26:26 ---A- . (...) -- C:\WINDOWS\system32\TWATBS32.VBX [114688]
O44 - LFC:[MD5.2BDC73513C3FE7B3EC5316AC476C79E4] - 12/10/2013 - 01:26:26 ---A- . (...) -- C:\WINDOWS\system32\TWAVBX32.DLL [147456]
O44 - LFC:[MD5.428168B1BD467884618C49C06A3D6A7D] - 12/10/2013 - 01:26:26 ---A- . (.TEXTware A/S - TwaBcu01.) -- C:\WINDOWS\system32\TwaBcu01.dll [69632]
O44 - LFC:[MD5.FFAA8EBDE18C937336E7D882CBACFC1A] - 12/10/2013 - 01:26:32 ---A- . (...) -- C:\WINDOWS\TEXTware.ini [63]
O44 - LFC:[MD5.597ECD1EC5F5B3E0212B3407651AD730] - 12/10/2013 - 01:32:38 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 12/10/2013 - 02:43:54 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.4A46D7FB7433CD7AD0AFD4BE5A2D34CC] - 12/10/2013 - 02:53:44 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6144]
O44 - LFC:[MD5.2B65C8D167F74D2F7AFE7A3CA1A7937A] - 13/10/2013 - 01:12:16 ---A- . (...) -- C:\UsbFix [Scan 2] ACER-3FAFADAADF.txt [7159]
O44 - LFC:[MD5.BA60B3E63D88BEEC318034529D593AC6] - 13/10/2013 - 07:11:28 ---A- . (...) -- C:\UsbFix [Scan 3] ACER-3FAFADAADF.txt [7018]
O44 - LFC:[MD5.F6D14EAB791E48A49760B2EB3426DAE9] - 13/10/2013 - 07:15:04 ---A- . (...) -- C:\UsbFix [Clean 1] ACER-3FAFADAADF.txt [6351]
O44 - LFC:[MD5.43DB477EE7036732645E1FD10EB8F2E1] - 13/10/2013 - 07:45:40 ---A- . (...) -- C:\UsbFix [Scan 4] ACER-3FAFADAADF.txt [7017]
O44 - LFC:[MD5.AE653F2B8D1A319934C41BED68A3700F] - 13/10/2013 - 08:08:18 ---A- . (...) -- C:\drwtsn32.log [16900]
O44 - LFC:[MD5.8715347D6B7B2E3A7CFE5ADF2D510CE3] - 13/10/2013 - 08:27:04 ---A- . (...) -- C:\WINDOWS\win.ini [477]
O44 - LFC:[MD5.B54EA4CA2CF631EBC8D510C3DD7F0A05] - 13/10/2013 - 23:58:32 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.419F98A890C96B0EE6A243482A93CAC2] - 14/10/2013 - 02:26:14 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.40935A0663A94C26A60C38A368ED26A5] - 14/10/2013 - 02:27:00 ---A- . (...) -- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt [4122]
~ Files: 391 Legitimates Filtered in 00mn 09s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.9352113E58ABDC48350E3123DDD2E1CA] - 12/10/2013 - 05:34:02 ---A- - C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf
O45 - LFCP:[MD5.400A94E5C1E75C0781841D4422686EEC] - 12/10/2013 - 05:34:16 ---A- - C:\WINDOWS\Prefetch\THE SIMS 2 DOUBLE DELUXE_CODE-1117FA0C.pf
O45 - LFCP:[MD5.C3E03E0DA280797AB9FAC9BEC0C95800] - 12/10/2013 - 17:20:02 ---A- - C:\WINDOWS\Prefetch\LYRICSBUDDY-1-ENABLER.EXE-32DEC2C2.pf =>Adware.AddLyrics
O45 - LFCP:[MD5.1F46B1BFD349CE4025A72995BDC5B0A6] - 12/10/2013 - 21:46:44 ---A- - C:\WINDOWS\Prefetch\LYRICSBUDDY-1-CODEDOWNLOADER.-37EB4EBF.pf =>Adware.AddLyrics
O45 - LFCP:[MD5.1F829D5695B6DE60C58B6CBBF8114176] - 12/10/2013 - 22:03:00 ---A- - C:\WINDOWS\Prefetch\LYRICSBUDDY-1-BG.EXE-1B696D3F.pf =>Adware.AddLyrics
O45 - LFCP:[MD5.326EAFE798F5E33FC5F77124584892F5] - 13/10/2013 - 04:48:50 ---A- - C:\WINDOWS\Prefetch\BOOT.EXE-358A5EE6.pf
O45 - LFCP:[MD5.2969EADC421FB9D795D528E2AF03E788] - 13/10/2013 - 04:49:00 ---A- - C:\WINDOWS\Prefetch\CASPOL.EXE-25914F74.pf
O45 - LFCP:[MD5.2BB3BCE6B3213311F77D6B40F8808E11] - 13/10/2013 - 04:50:58 ---A- - C:\WINDOWS\Prefetch\SERVICELOCATOR.EXE-0B4CC2EC.pf
O45 - LFCP:[MD5.E6FE3CABC9E4DBEC2C047EF07F1472EA] - 13/10/2013 - 04:51:06 ---A- - C:\WINDOWS\Prefetch\TOOLBAR.EXE-3B812A9B.pf
O45 - LFCP:[MD5.BC99D6EA33BEBB7D7E91E7E47D1819B9] - 13/10/2013 - 09:00:12 ---A- - C:\WINDOWS\Prefetch\OFFERCAST_AVIRAV7_.EXE-37EAF9E2.pf
O45 - LFCP:[MD5.DFC0D39EF0AC7F25EADD409D470C7B85] - 13/10/2013 - 09:04:38 ---A- - C:\WINDOWS\Prefetch\TBNOTIFIER.EXE-314E8EDE.pf
O45 - LFCP:[MD5.87535B04A450AE836FDBF7BD0F3B7B40] - 14/10/2013 - 02:26:46 ---A- - C:\WINDOWS\Prefetch\APNMCP.EXE-2DD2CB13.pf
O45 - LFCP:[MD5.F0BE413D916D89E520EC08544D95797A] - 14/10/2013 - 02:26:46 ---A- - C:\WINDOWS\Prefetch\FXSSVC.EXE-140862E7.pf
O45 - LFCP:[MD5.A3692A21B15E835A39B67295ECD44CDF] - 14/10/2013 - 02:27:04 ---A- - C:\WINDOWS\Prefetch\SCNODVIS.EXE-17E99A96.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" [Disabled] .(.Pas de propriétaire.) -- C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
~ Keys Export: 6 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "InstallVisualStyle"=1
O55 - MWPS:[HKLM\...\Policies\System] - "InstallTheme"=1
~ MWPS: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 10/08/2004 - 19:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 10/08/2004 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 11/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\ApplicationHistory\LockMon.exe.7987f3da.ini.inuse [0]
O61 - LFC: 11/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico [894]
O61 - LFC: 11/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak [7915]
O61 - LFC: 11/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML [12787]
O61 - LFC: 11/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML [53]
O61 - LFC: 11/10/2013 - 03:42:39 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\fusioncache.dat [128]
O61 - LFC: 11/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Accessoires\Carnet d'adresses.lnk [682]
O61 - LFC: 11/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Accessoires\Divertissement\Lecteur Windows Media.lnk [712] =>.Microsoft Corporation
O61 - LFC: 11/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk [741]
O61 - LFC: 11/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Accessoires\Visite guidée de Windows XP.lnk [1435]
O61 - LFC: 11/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Lecteur Windows Media.lnk [700] =>.Microsoft Corporation
O61 - LFC: 11/10/2013 - 03:43:12 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Hotmail.url [113]
O61 - LFC: 11/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Guide des stations de radio.url [197]
O61 - LFC: 11/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\MSN.com.url [119]
O61 - LFC: 11/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Microsoft Websites\IE Add-on site.url [133]
O61 - LFC: 11/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Microsoft Websites\IE site on Microsoft.com.url [133]
O61 - LFC: 11/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Microsoft Websites\Microsoft At Home.url [133]
O61 - LFC: 11/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Microsoft Websites\Microsoft At Work.url [133]
O61 - LFC: 11/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Microsoft Websites\Microsoft Store.url [134]
O61 - LFC: 11/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\Lecteur Windows Media.lnk [694] =>.Microsoft Corporation
O61 - LFC: 11/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\Microsoft Fix it.url [123]
O61 - LFC: 11/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\Raccourci vers Connexion réseau sans fil.lnk [384]
O61 - LFC: 11/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Links\Suggested Sites.url [302]
O61 - LFC: 11/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Links\Web Slice Gallery.url [226]
O61 - LFC: 11/10/2013 - 03:43:16 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [723]
O61 - LFC: 11/10/2013 - 03:43:16 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk [1386]
O61 - LFC: 11/10/2013 - 03:43:16 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\brndlog.txt [10390]
O61 - LFC: 11/10/2013 - 03:43:16 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\MMC\dfrg [3952]
O61 - LFC: 11/10/2013 - 03:43:16 --H-- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\LastFlashConfig.WFC [1714]
O61 - LFC: 11/10/2013 - 03:43:18 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Templates\Normal.dotm [15605]
O61 - LFC: 11/10/2013 - 03:43:19 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Address Book\Alice.wab [176604]
O61 - LFC: 11/10/2013 - 03:43:19 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Address Book\Alice.wab~ [176604]
O61 - LFC: 12/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Mes documents\avira_free_antivirus.exe [2296952]
O61 - LFC: 12/10/2013 - 03:43:12 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Antivir - Télécharger Antivir (gratuit).url [1979]
O61 - LFC: 12/10/2013 - 03:43:12 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\L‚installation d‚Avira Free Antivirus a réussi!.url [5595]
O61 - LFC: 12/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Defraggler - Télécharger.url [631]
O61 - LFC: 12/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Virus autorun.inf Aie! [Résolu].url [2417]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Cambridge\ENF001CP\ENF001CP.INI [1515]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Cambridge\ENF001CP\ENF001CP.ntf [2955]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Cambridge\ENF001CP\FRE001CP.INI [1426]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Cambridge\ENF001CP\FRE001CP.ntf [2760]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Cambridge\ENF001CP\addictEF.cfg [506]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Cambridge\ENF001CP\addictFE.cfg [506]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\vlc\ml.xspf [304]
O61 - LFC: 12/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\vlc\vlcrc [83997]
O61 - LFC: 12/10/2013 - 03:43:22 ---A- . (...) -- C:\Documents and Settings\Alice\default.pls [172]
O61 - LFC: 13/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt [6601]
O61 - LFC: 13/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [28438]
O61 - LFC: 13/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat [7226]
O61 - LFC: 13/10/2013 - 03:42:39 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCK [0]
O61 - LFC: 13/10/2013 - 03:42:39 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences [159911]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [56320]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [142]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [142]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [40960]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\History [114688]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [16384]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [12288]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\User StyleSheets\Custom.css [0]
O61 - LFC: 13/10/2013 - 03:42:40 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [73728]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data [12288]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\README [180]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOCK [0]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [263]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [261]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000010 [170]
O61 - LFC: 13/10/2013 - 03:42:52 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3 [167936]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Bookmarks [8297]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Bookmarks.bak [7246]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0 [8192]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1 [270336]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2 [8192]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3 [8192]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\index [262512]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Google Profile.ico [181623]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\CURRENT [16]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOCK [0]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOG [47]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000002 [32]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager [13312]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [1272]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Local State [42567]
O61 - LFC: 13/10/2013 - 03:42:53 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 13/10/2013 - 03:42:54 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [3523680]
O61 - LFC: 13/10/2013 - 03:42:54 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [551826]
O61 - LFC: 13/10/2013 - 03:42:54 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135236]
O61 - LFC: 13/10/2013 - 03:42:54 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [1076264]
O61 - LFC: 13/10/2013 - 03:42:54 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19592]
O61 - LFC: 13/10/2013 - 03:42:54 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6608]
O61 - LFC: 13/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Accessoires\Bloc-notes.lnk [1427] =>.Microsoft Corporation
O61 - LFC: 13/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (Aucun module complémentaire).lnk [741]
O61 - LFC: 13/10/2013 - 03:42:55 ---A- . (...) -- C:\Documents and Settings\Alice\Menu Démarrer\Programmes\Internet Explorer.lnk [711]
O61 - LFC: 13/10/2013 - 03:42:57 ---A- . (...) -- C:\Documents and Settings\Alice\Mes documents\cc_20131013_043236.reg [176978]
O61 - LFC: 13/10/2013 - 03:42:57 ---A- . (.Alice.) -- C:\Documents and Settings\Alice\Mes documents\Bienvenue sur SosVirus.doc [101376]
O61 - LFC: 13/10/2013 - 03:43:12 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Galerie de composants Web Slice.url [226]
O61 - LFC: 13/10/2013 - 03:43:12 ---A- . (...) -- C:\Documents and Settings\Alice\Mes documents\avast_free_antivirus_setup.exe [131918888]
O61 - LFC: 13/10/2013 - 03:43:12 ---A- . (...) -- C:\Documents and Settings\Alice\Voisinage réseau\SharedDocs sur Acer-3fafadaadf\target.lnk [558]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\AOL.fr E-mail gratuit, Actualité, Météo, Sport et Culture sur AOL.url [725]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\AV10 Mode d‚emploi pour la désinstallation manuelle.url [306]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\CPU-Z - Télécharger CPU-Z (gratuit).url [308]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Malekal's forum • AdwCleaner Programmes utiles.url [3604]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Nettoyage PC portable Acer Aspire 1640, 1650, 1680, 1690, 3000, 3630, 5000, 5510...url [259]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\SOS Virus - Instructions à suivre avant d'ouvrir un sujet.url [869]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\SOS Virus - UsbFix - Tutoriel UsbFix [Recherche].url [889]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Sites suggérés.url [302]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Tester son materiel avec des logiciels.url [2891]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Télécharger AdwCleaner - 01net.com - Telecharger.url [10718]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Télécharger CrystalDiskInfo - Logithèque PC Astuces.url [3904]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\Télécharger Safari - 01net.com - Telecharger.url [777]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\UsbFix - Télécharger UsbFix (gratuit).url [310]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\adwcleaner se débarrasser facilement des Adware, toolbar, etc. Plug'n Geek.url [4082]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\avast! - Wikipédia.url [251]
O61 - LFC: 13/10/2013 - 03:43:13 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Liens\avast! Uninstall Utility Download aswClear for avast! Removal.url [254]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\AdwCleaner[S0].txt [1317]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\Chrome.txt [149]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\CrystalDiskInfo.lnk [1551]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\MBAM-log-2013-10-13 (03-16-56).txt [3236]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\Microsoft Office Word 2007.lnk [2575]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\SosVirus Forum Gratuit.lnk [1669]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\UsbFix Faire un Don.lnk [1685]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\UsbFix [Clean 1] ACER-3FAFADAADF.txt [6351]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\UsbFix [Scan 2] ACER-3FAFADAADF.txt [7159]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\UsbFix [Scan 3] ACER-3FAFADAADF.txt [7018]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\UsbFix [Scan 4] ACER-3FAFADAADF.txt [7017]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\ZHPDiag.lnk [1431] =>.Nicolas Coolman
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\ZHPFix.lnk [1536] =>.Nicolas Coolman
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\mbam-log-2013-10-13 (02-36-20).txt [3234]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Bureau\mbam-log-2013-10-13 (03-21-53)après mise en quarantaine.txt [2188]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Sites Web Microsoft\Microsoft Store.url [134]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (...) -- C:\Documents and Settings\Alice\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url [133]
O61 - LFC: 13/10/2013 - 03:43:14 ---A- . (.Alice.) -- C:\Documents and Settings\Alice\Bureau\Bienvenue sur SosVirus.doc [101376]
O61 - LFC: 13/10/2013 - 03:43:15 -S-A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1222565020-3402336239-1393892285-1005\932a2db58c237abd381d22df4c63a04a_7adec50b-f935-4a12-9e21-d272bae9b3f5 [87]
O61 - LFC: 13/10/2013 - 03:43:16 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk [723]
O61 - LFC: 13/10/2013 - 03:43:16 -SHA- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Desktop.htt [2570]
O61 - LFC: 13/10/2013 - 03:43:16 -SHA- . (...) -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\UserData\index.dat [32768]
O61 - LFC: 13/10/2013 - 03:43:22 ---A- . (...) -- C:\Documents and Settings\Alice\Recent\Mes images.lnk [373]
O61 - LFC: 13/10/2013 - 03:43:22 ---A- . (...) -- C:\Documents and Settings\Alice\UserData\6JUZI16F\oWindowsUpdate[1].xml [28]
O61 - LFC: 13/10/2013 - 03:43:22 ---A- . (...) -- C:\Documents and Settings\Alice\UserData\index.dat [32768]
O61 - LFC: 13/10/2013 - 03:43:22 -SHA- . (...) -- C:\Documents and Settings\Alice\IECompatCache\index.dat [16384]
O61 - LFC: 13/10/2013 - 03:43:22 -SHA- . (...) -- C:\Documents and Settings\Alice\IETldCache\index.dat [262144]
O61 - LFC: 13/10/2013 - 03:43:22 -SHA- . (...) -- C:\Documents and Settings\Alice\PrivacIE\index.dat [786432]
O61 - LFC: 14/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse [0]
O61 - LFC: 14/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse [0]
O61 - LFC: 14/10/2013 - 03:42:38 ---A- . (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse [0]
O61 - LFC: 14/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\ZHP\Log.txt [55235] =>.Nicolas Coolman
O61 - LFC: 14/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\ZHP\TestsZHPDiag.txt [3190] =>.Nicolas Coolman
O61 - LFC: 14/10/2013 - 03:43:21 ---A- . (...) -- C:\Documents and Settings\Alice\Application Data\ZHP\ZHPDiag.txt [38023] =>.Nicolas Coolman
~ 35 Fichiers temporaires (Temporary files)
~ 41 Fichiers cookies (Cookies files)
~ Files: 815 Legitimates Filtered in 00mn 47s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - .) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 24/09/2013 - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (APNMCP) .(.APN LLC. - APN Updater.) - LEGACY_APNMCP
~ Legacy: 177 Legitimates Filtered in 00mn 02s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
Modifié en dernier par Doriarella le mar. 15 oct. 2013 00:57, modifié 2 fois.
#11378
Suite du rapport car cela dépassait le nombres de caractères :

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) -
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.30A91E684A40DE0F03D96B1BFCD81EAA] [SPRF][11/10/2013] (...) -- C:\Documents and Settings\Alice\Local Settings\Application Data\fusioncache.dat [128]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC05010" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0501}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 30 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.048ED754627879AFCB5B9D4910320FE1] [WIS][13/10/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\2a79dd.msi [760832] =>Toolbar.Avira
~ WIS: 32 Legitimates Filtered in 00mn 05s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 29/03/2006 28672 | (AcerMemUsageCheckService) . (.Acer Inc..) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 22/12/2006 108712 | (AdobeActiveFileMonitor5.0) . (...) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
SR - | Auto 13/10/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/10/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 13/10/2013 815160 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 24/09/2013 164816 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
SR - | Auto 17/07/2006 401408 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 17/02/2006 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: Scanned in 00mn 06s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
Run by Alice at 14/10/2013 03:44:05

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x85274AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13,
Run by Alice at 14/10/2013 03:44:07

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12946 - (13/10/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 7

[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Avira^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Avira^
C:\WINDOWS\Prefetch\LYRICSBUDDY-1-ENABLER.EXE-32DEC2C2.pf =>Adware.AddLyrics^
C:\WINDOWS\Prefetch\LYRICSBUDDY-1-CODEDOWNLOADER.-37EB4EBF.pf =>Adware.AddLyrics^
C:\WINDOWS\Prefetch\LYRICSBUDDY-1-BG.EXE-1B696D3F.pf =>Adware.AddLyrics^
C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0501}\ToolbarIcon.exe =>Toolbar.Avira^
C:\Windows\Installer\2a79dd.msi =>Toolbar.Avira^
~ Additionnel Scan: 155775 Items scanned in 00mn 18s



---\\ Récapitulatif des détections trouvées sur votre station
~ =>Toolbar.Ask
~ =>Toolbar.Avira
~ =>Adware.AddLyrics
~ MSI: 3 link(s) detected in 00mn 18s



~ 2088 Legitimates filtered by white list
End of the scan (700 lines in 03mn 09s)(0)

Utilisateurs parcourant ce forum : Google [Bot], Majestic-12 [Bot] et 39 invités

Coucou, :) Avant de tout réinstaller en […]

Suspicion de virus crypto

Ok bonne route :)

Problème avec Adsfix

bonsoir ok , à te lire prochainement :)

suspicion de contamination

ok très bien, merci