Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par El Desaparecido
#13026
Hello :hello: ,

Redémarre l'ordinateur et dis moi comment va le PC stp .

Refais un scan ZHPDiag et post le nouveau rapport.
Avatar du membre
par smeggy
#13028
Pc toujours pareil
~ Rapport de ZHPDiag v2013.10.27.68 - Nicolas Coolman (27/10/2013)
~ Lancé par Christian (27/10/2013 10:23:44)
~ Adresse du Site Web
~ Forums gratuits d'Assistance à la désinfection :
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v30.0.1599.101

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (67% free)
System Restore: Désactivé (Disabled)
System drive C: has 541 GB (58%) free of 920 GB

---\\ Mode de connexion au système
~ Computer Name: CHRISTIAN-PC
~ User Name: Christian
~ All Users Names: HomeGroupUser$, Christian, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Christian\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Christian\AppData\Roaming\
~ %Desktop% : C:\Users\Christian\Desktop\
~ %Favorites% : C:\Users\Christian\Favorites\
~ %LocalAppData% : C:\Users\Christian\AppData\Local\
~ %StartMenu% : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 541 Go of 920 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 12 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1242
~ Mes musiques (My Musics) : 5/547
~ Mes Videos (My Videos) : 2/1082
~ Mes Favoris (My Favorites) : 1/308
~ Mes Documents (My Documents) : 3/3687
~ Mon Bureau (My Desktop) : 2/49
~ Menu demarrer (Programs) : 1/76
~ Hidden Files: Scanned in 00mn 12s



---\\ Processus lancés
[MD5.B80293D462EC959097A940D70C857BC3] - (.Orange - Executable Orange Inside.) -- C:\Users\Christian\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1530008] [PID.1876]
[MD5.D6D36A01E927480C19333C5A7FB8DE49] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [525248] [PID.1884]
[MD5.5478A1AA166146E113FB8A517749887F] - (.Orange-France - Le Cloud d'Orange - Transfert de fichiers.) -- C:\Users\Christian\AppData\Local\Le Cloud Orange\omclient.exe [1168160] [PID.1164]
[MD5.9ABF368A2DA03C6852C353D837D374AB] - (.eMPIA Technology, Inc. - BDA Monitor Application.) -- C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe [81408] [PID.1540]
[MD5.F0EA603E7B91046CA48EA4B3593A007D] - (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe [485376] [PID.2068]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.2420]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576] [PID.2528]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [17408] [PID.2596]
[MD5.03C217B77BCA3F50A8B8A300C2E5BC4A] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [319574] [PID.2604]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2764]
[MD5.A9A5CDFDA52257DB4488F457C3F4022A] - (.American Power Conversion Corporation - PowerChute system tray power icon.) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe [417855] [PID.4076]
[MD5.084D14D1283EC4D78A1D0B8C3D0187DD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8137728] [PID.456]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1356]
[MD5.DC45AB27932447B598848B10650313C5] - (.American Power Conversion Corporation - Battery backup management service.) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [176193] [PID.1380]
[MD5.7EF47644B74EBE721CC32211D3C35E76] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.1424]
[MD5.18D87D378D3C7DFBB045C9753A3632E8] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1765484] [PID.1936]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.1976]
[MD5.1786949693843A089918AE2CC105D7D6] - (.Google Inc. - Processus relatif à l'hôte.) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\30.0.1599.56\remoting_host.exe [50128] [PID.1580]
[MD5.2DFB151FD34DF104DAC0ADF070EDA83C] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [92216] [PID.2404]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2484]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2568]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2664]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] - (.pdfforge GmbH - PDF Architect Helper Service.) -- C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496] [PID.2912]
[MD5.B90A279073A815A4AA2C45A09EE004FA] - (.pdfforge GmbH - PDF Architect Conversion Service.) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280] [PID.2952]
[MD5.AE6C778717DE2F6B0C0B5335036D3363] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [430136] [PID.3012]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\v3d57zdy.default\prefs.js
M2 - MFEP: prefs.js [Christian - v3d57zdy.default\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}] [] Forecastfox v2.2.2 (..)
~ Firefox Browser: 30 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Advanced Driver Updater.lnk . (...) -- C:\Program Files (x86)\Advanced Driver Updater\adu.exe (.not file.) =>PUP.AdvancedDriverUpdater
O4 - GS\Desktop [Public]: BlueSoleil Space.lnk . (...) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - GS\Desktop [Public]: InPixio Photo Clip.lnk . (...) -- C:\Program Files (x86)\InPixio Photo Clip\InPixio Photo Clip.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: PMB Launcher.lnk . (.Sony Corporation - PMB Launcher.) -- C:\Program Files (x86)\Sony\PMB\PMBLauncher.exe
O4 - GS\Desktop [Public]: Prism.lnk . (.NCH Software - Prism - Convertisseur de fichiers vidéo.) -- C:\Program Files (x86)\NCH Software\Prism\prism.exe
O4 - GS\Desktop [Public]: Speccy.lnk . (.Piriform Ltd - Speccy.) -- C:\Program Files\Speccy\Speccy64.exe
O4 - GS\Desktop [Public]: SUPER ©.lnk . (.eRightSoft - SUPER © - Simplified Universal Player Encod.) -- C:\Program Files (x86)\eRightSoft\SUPER\SUPER.exe
O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Switch, Convertisseur de fichiers audio.lnk . (.NCH Software - Switch, Convertisseur de fichiers audio.) -- C:\Program Files (x86)\NCH Swift Sound\Switch\switch.exe
O4 - GS\QuickLaunch [Christian]: Free Ringtone Maker.lnk . (...) -- C:\Program Files (x86)\Free Ringtone Maker\FreeRingtoneMaker.exe =>Adware.SPointer
O4 - GS\QuickLaunch [Christian]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Christian]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\QuickLaunch [Christian]: Jouer à HP Games.lnk . (.WildTangent, Inc. - GameConsole.) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe
O4 - GS\QuickLaunch [Christian]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Christian]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Christian]: RealArcade.lnk . (.RealNetworks - RealArcade.) -- C:\Program Files (x86)\Real\RealArcade\RNArcade.exe
O4 - GS\TaskBar [Christian]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Christian]: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\TaskBar [Christian]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\TaskBar [Christian]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Christian]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Christian]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Christian]: Bluetooth.lnk - Clé orpheline
O4 - GS\SendTo [Christian]: Unlocker.lnk . (...) -- C:\Program Files\Unlocker\Unlocker.exe
O4 - GS\Desktop [Christian]: amazingadventures.lnk . (.RealNetworks - Wrapper Application.) -- C:\My Games\Amazing Adventures Around the World(TM)\amazingadventures2_r1a.exe
O4 - GS\Desktop [Christian]: aquasphere.lnk . (.RealNetworks - Wrapper Application.) -- C:\My Games\AquaSphere\aquasphere_r1a.exe
O4 - GS\Desktop [Christian]: Assistance Livebox.lnk . (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - GS\Desktop [Christian]: CamApp.lnk . (.UVC - CamApp, Video capture tool.) -- C:\Program Files (x86)\UVC Like Driver\CamApp.exe
O4 - GS\Desktop [Christian]: Compte chèques postal.lnk . (...) -- C:\Program Files (x86)\BankPerfect\BankPerfect\Compte chèques postal.bp (.not file.)
O4 - GS\Desktop [Christian]: DivX Converter.lnk . (.DivX, Inc. - DivX Converter.) -- C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe
O4 - GS\Desktop [Christian]: EnigmaAgency_TheCaseofShadowsCE.lnk . (...) -- C:\Users\Christian\Documents\Jeux Téléchargés\Enigma Agency - Le Chaos des Ombres Edition Collector\EnigmaAgency_TheCaseofShadowsCE.exe
O4 - GS\Desktop [Christian]: IJ Scan Utility.lnk . (.CANON INC. - Canon IJ Scan Utility.) -- C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe
O4 - GS\Desktop [Christian]: Mallette magique.lnk . (...) -- C:\Users\Christian\Documents\Mallette magique
O4 - GS\Desktop [Christian]: Mystery Case Files.lnk . (.Macromedia, Inc. - Macromedia Projector.) -- C:\Program Files\Zylom Games\Mystery Case Files\mysterycasefiles.exe
O4 - GS\Desktop [Christian]: mysterypithenewyorkfortune.lnk . (.RealNetworks - Wrapper Application.) -- C:\My Games\Mystery P.I.(TM) - The New York Fortune - FR\mysterypithenewyorkfortune_r1a.exe
O4 - GS\Desktop [Christian]: mysteryville2.lnk . (...) -- C:\Users\Christian\Documents\Jeux Téléchargés\mysteryville2.exe
O4 - GS\Desktop [Christian]: Orange mes contenus.lnk . (.F-Secure - Orange mes contenus.) -- C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe
O4 - GS\Desktop [Christian]: Ricochet-LostWorld.lnk . (...) -- C:\Program Files (x86)\BoontyGames\Ricochet-LostWorld\Ricochet.exe
O4 - GS\Desktop [Christian]: Sauvegarde bp.lnk . (...) -- C:\Users\Christian\Documents\Sauvegarde bp.bp
O4 - GS\Desktop [Christian]: Sauvegarde épargne.lnk . (...) -- C:\Users\Christian\Documents\Sauvegarde épargne.bp
O4 - GS\Desktop [Christian]: The Heritage.lnk . (...) -- C:\Program Files (x86)\The Heritage\Heritage.exe
O4 - GS\Desktop [Christian]: Transferts vers le Cloud d'Orange.lnk . (...) -- C:\Users\Christian\Documents\Transferts vers le Cloud d'Orange
O4 - GS\Desktop [Christian]: XtrCtrlEx.lnk . (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- C:\Program Files (x86)\Hercules\DualPix Exchange\XtrCtrlEx.exe
~ Global Startup: 127 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: APC UPS Status.lnk . (.American Power Conversion Corporation - Startup notification module.) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
O4 - GS\Startup [Public]: emMon.lnk . (.eMPIA Technology, Inc. - BDA Monitor Application.) -- C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe
O4 - GS\Startup [Christian]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe
O4 - HKLM\..\Run: [PC-Doctor for Windows localizer] . (.PC-Doctor, Inc. - Hardware Diagnostic Tools Localizer.) -- C:\Program Files\PC-Doctor for Windows\localizer.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKCU\..\Run: [Le Cloud d'Orange - Transfert de fichiers Client] . (.Orange-France - Le Cloud d'Orange - Transfert de fichiers.) -- C:\Users\Christian\AppData\Local\Le Cloud Orange\omclient.exe
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Christian\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [UnlockerAssistant] . (...) -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Remote Solution] . (.Hewlett-Packard - HP Remote Solution.) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKUS\S-1-5-21-1355434068-3653106500-54649249-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1355434068-3653106500-54649249-1000\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKUS\S-1-5-21-1355434068-3653106500-54649249-1000\..\Run: [Le Cloud d'Orange - Transfert de fichiers Client] . (.Orange-France - Le Cloud d'Orange - Transfert de fichiers.) -- C:\Users\Christian\AppData\Local\Le Cloud Orange\omclient.exe
O4 - HKUS\S-1-5-21-1355434068-3653106500-54649249-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Christian\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: àƒâ‚¬ propos de Digital Connections [64Bits] - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADDD806B-037D-47D0-BCE6-5258DAF3F973}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9A3147-FFB0-4742-9C97-0716EA467503}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{ADDD806B-037D-47D0-BCE6-5258DAF3F973}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF9A3147-FFB0-4742-9C97-0716EA467503}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{ADDD806B-037D-47D0-BCE6-5258DAF3F973}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DF9A3147-FFB0-4742-9C97-0716EA467503}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SEARCH~1\SEARCH~1\x64\IEBHO.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
~ Services: 22 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job [298]
[MD5.00000000000000000000000000000000] [APT] [AdvancedDriverUpdater_UPDATES] (...) -- C:\Program Files (x86)\Advanced Driver Updater\adu.exe (.not file.) [0] =>PUP.AdvancedDriverUpdater
[MD5.00000000000000000000000000000000] [APT] [{00D36D3D-D1D8-4D09-B5A9-5FE3497A45BF}] (...) -- E:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{00EE6F64-E44F-4CA3-86E9-D0ADB0F2F59E}] (...) -- C:\Users\Christian\Downloads\Digital Connections.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0516A05F-4AEA-4B9B-B422-D380CF02183C}] (...) -- C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe (.not file.) [0] =>Adware.DomaIQ
[MD5.00000000000000000000000000000000] [APT] [{0A59D7A7-772E-4E6C-9C9D-F2A05F0180FB}] (...) -- C:\Users\Christian\Downloads\Mystery Case Files-Huntsville-francais.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{14C690F7-E8F9-4888-921A-65BD1A1A1BFA}] (...) -- C:\Users\Christian\Downloads\dap94.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1BE56B9F-29C9-419B-B827-F5B729500606}] (...) -- C:\Program Files (x86)\palmOne\Instapp.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{21622CD9-85B4-457E-B26A-DAB075FF7EF9}] (...) -- E:\PCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{43C40039-48AF-4154-8DEB-990A591E4940}] (...) -- C:\Users\Christian\Downloads\PCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4A53E3F8-132D-454F-9D01-DDF9FA5D02EB}] (...) -- C:\Users\Christian\Downloads\stubby_en.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E7DD52C-4AD7-4ED2-8532-9755B04F5ADC}] (...) -- C:\Users\Christian\Downloads\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5797E971-94AC-4042-AE41-D26BB19D7491}] (...) -- E:\PCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5BA6004C-099F-4CCD-A387-ACFAAE869B5C}] (...) -- C:\Users\Christian\Downloads\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5EFBC10E-0E76-4619-9E95-0507D0065D0C}] (...) -- G:\Programma installation\zlsSetup_70_462_000_fr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{60E7439A-90D2-43DC-B6B7-0564338F5674}] (...) -- C:\Users\Christian\Downloads\PCPEInstaller (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{61B1ED3D-2A99-486B-9953-729E5BB8517A}] (...) -- C:\Users\Christian\Downloads\PCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{626FE451-93E0-416F-8537-E7CAA0A41C9C}] (...) -- E:\DOTNET\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7654380F-63B6-4D4D-9588-FA228E755210}] (...) -- C:\Users\Christian\Downloads\pictureviz.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{780AFE9D-F765-48B9-AB18-B347CF10CF8B}] (...) -- C:\Users\Christian\Downloads\Programma installation\Ricochet-LostWorld_Telecharger%7B179511%7D.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7CAD1E71-B649-47B8-B3F1-8BFB9C888B39}] (...) -- C:\Program Files (x86)\IncrediGames\Dream Vacation Solitaire FREE\Launch.exe (.not file.) [0]
[MD5.D6ABC3C44E97BEEEA534E33E93AE97B4] [APT] [{817FE841-B611-4250-9971-19FA98B561B3}] (...) -- C:\Program Files (x86)\Night Before Christmas 3D Screensaver\unins000.exe [673546]
[MD5.00000000000000000000000000000000] [APT] [{82EE2E95-521B-4609-B5CB-1E901F2B60AC}] (...) -- C:\Users\Christian\Downloads\dotnetfx.exe (.not file.) [0]
[MD5.D6ABC3C44E97BEEEA534E33E93AE97B4] [APT] [{8DACB896-8B2A-4D41-BCBD-8E279AF6DD37}] (...) -- C:\Program Files (x86)\Night Before Christmas 3D Screensaver\unins000.exe [673546]
[MD5.79F559FB43105EA3969C14AD35239333] [APT] [{964FCB2B-F96F-493F-B3E9-652A47E834E2}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe [602208]
[MD5.00000000000000000000000000000000] [APT] [{9EC6252F-CC35-4C10-A721-AD723E117180}] (...) -- C:\Users\Christian\Downloads\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A3D37E0B-00ED-4029-8704-01F43570CDFE}] (...) -- C:\Users\Christian\Downloads\Programma installation\Dream_Vacation_Solitaire_FREE-setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B8C53036-D1B6-43C7-B5E8-17450131E324}] (...) -- E:\DOTNET\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BA979DF8-E5E5-46AC-B57D-E7AA11A849A7}] (...) -- C:\Users\Christian\Downloads\SoftyVisII.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C57B2327-3603-4847-A207-8B8C3175C585}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C5822018-DE47-4FE9-9F57-7800044C8B6E}] (...) -- C:\Users\Christian\Downloads\PCLEUSB.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CA8F5EEC-2269-4DC4-95CB-54016F0651F9}] (...) -- C:\Users\Christian\Downloads\Conversor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D87A1B59-EEFD-43DA-A769-A4694EF2AD72}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DC1C9C86-B839-4290-8E51-607C94FAFDFE}] (...) -- C:\Users\Christian\Downloads\Conversor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DE5BC9DD-4B20-4BAC-98AC-CB4DF0896E19}] (...) -- C:\Users\Christian\Downloads\NetFx64 (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E20265D3-E0BF-4FA4-9012-219DAF7EFA9F}] (...) -- C:\Users\Christian\Downloads\PCPEInstaller (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EB03271B-6211-4AF3-9E07-06579FB69ABB}] (...) -- E:\DOTNET\dotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EE9937F2-BC53-4F86-97C9-C3597E6B5101}] (...) -- C:\Users\Christian\Downloads\PVMsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7613075-E912-4A32-A723-4762DDB14314}] (...) -- E:\setup.exe (.not file.) [0]
~ Scheduled Task: 63 Legitimates Filtered in 00mn 07s



---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced Driver Updater - (.Systweak Inc.) [HKLM][64Bits] -- Advanced Driver Updater_is1 =>PUP.AdvancedDriverUpdater
O42 - Logiciel: DAP Plug-in for 64 bit IE - (.SpeedBit.) [HKLM][64Bits] -- {E06AF9BE-E1D6-4867-8DBF-74E4BA32BBB3}
O42 - Logiciel: DAZ|Studio 1.5.1.0 - (.DAZ Productions, Inc..) [HKLM][64Bits] -- DAZ|Studio
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM][64Bits] -- Download Accelerator Plus (DAP)
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail
O42 - Logiciel: Night Before Christmas 3D Screensaver - (...) [HKLM][64Bits] -- Night Before Christmas 3D Screensaver_is1
O42 - Logiciel: The Heritage - (...) [HKCU][64Bits] -- The Heritage
O42 - Logiciel: UVC Like Driver - (.UVC.) [HKLM][64Bits] -- {134F03AE-253D-48E7-B11B-30E7E6F153BD}
O42 - Logiciel: VersaTimer 1.02 - (.Lux Aeterna Software.) [HKLM][64Bits] -- VersaTimer_is1
O42 - Logiciel: conatiiNuettosaavve - (.continue to save.) [HKLM][64Bits] -- {C1C6816E-CBB3-A748-85F9-A8B47B68985B} =>PUP.OfferWare
~ Logic: 238 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\3DSavers]
[HKCU\Software\AllThatChords]
[HKCU\Software\IncrediMail]
[HKCU\Software\Kextaxqt]
[HKCU\Software\Lux Aeterna]
[HKCU\Software\SpeedBit]
[HKLM\Software\SpeedBit]
[HKLM\Software\Wow6432Node\APC]
[HKLM\Software\Wow6432Node\Kextaxqt]
[HKLM\Software\Wow6432Node\M5632]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\UVC]
[HKLM\Software\Wow6432Node\Web]
~ Key Software: 403 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/10/2013 - 18:57:02 - [5,930] ----D C:\Program Files (x86)\APC
O43 - CFD: 04/04/2012 - 07:24:18 - [13,520] ----D C:\Program Files (x86)\FoxTabVideoConverter
O43 - CFD: 17/05/2012 - 09:28:57 - [0,002] ----D C:\Program Files (x86)\Free 3D Christmas Screensaver
O43 - CFD: 24/04/2011 - 17:14:25 - [12,510] ----D C:\Program Files (x86)\Free Ringtone Maker
O43 - CFD: 10/06/2010 - 16:33:19 - [0] ----D C:\Program Files (x86)\IncrediGames
O43 - CFD: 10/06/2010 - 16:33:44 - [0] ----D C:\Program Files (x86)\Incredijeux
O43 - CFD: 07/03/2010 - 15:26:09 - [26,001] ----D C:\Program Files (x86)\IncrediMail
O43 - CFD: 03/09/2013 - 16:13:32 - [3,449] ----D C:\Program Files (x86)\InPixio Photo Clip
O43 - CFD: 26/07/2013 - 16:34:24 - [0,072] ----D C:\Program Files (x86)\Les Tudors
O43 - CFD: 03/10/2011 - 08:36:25 - [0] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 19/05/2012 - 08:56:41 - [0,645] ----D C:\Program Files (x86)\Night Before Christmas 3D Screensaver
O43 - CFD: 19/05/2012 - 08:56:41 - [94,742] ----D C:\Program Files (x86)\The Heritage
O43 - CFD: 09/07/2010 - 09:31:57 - [0,078] ----D C:\Program Files (x86)\USB_video_device
O43 - CFD: 09/07/2013 - 15:41:03 - [0,987] ----D C:\Program Files (x86)\UVC Like Driver
O43 - CFD: 14/08/2012 - 14:06:58 - [2,573] ----D C:\Program Files (x86)\Common Files\SpeedBit
O43 - CFD: 07/12/2010 - 11:08:14 - [31,661] ----D C:\ProgramData\BC Soft Games
O43 - CFD: 07/03/2010 - 15:26:57 - [0] ----D C:\ProgramData\IM
O43 - CFD: 07/03/2010 - 15:26:09 - [15,395] ----D C:\ProgramData\IncrediMail
O43 - CFD: 27/02/2010 - 18:12:06 - [49,759] ----D C:\ProgramData\SpeedBit
O43 - CFD: 30/01/2011 - 12:10:12 - [33,621] ----D C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
O43 - CFD: 10/01/2010 - 04:24:26 - [20,406] ----D C:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}
O43 - CFD: 10/10/2013 - 12:08:29 - [0,215] ----D C:\Users\Christian\AppData\Roaming\DominiGames
O43 - CFD: 24/04/2011 - 17:14:32 - [0,003] ----D C:\Users\Christian\AppData\Roaming\Free Ringtone Maker
O43 - CFD: 26/07/2010 - 17:09:46 - [0,038] ----D C:\Users\Christian\AppData\Roaming\Realv1005
O43 - CFD: 07/03/2010 - 19:04:52 - [34,888] ----D C:\Users\Christian\AppData\Local\IM
O43 - CFD: 19/05/2012 - 08:56:42 - [0,002] ----D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Heritage
~ Program Folder: 376 Legitimates Filtered in 02mn 45s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/10/2013 - 14:44:51 ---A- . (...) -- C:\Startvir.txt [0]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 24/10/2013 - 15:33:51 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 24/10/2013 - 15:33:51 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 24/10/2013 - 15:33:51 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 24/10/2013 - 15:33:51 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 24/10/2013 - 15:33:51 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 25/10/2013 - 09:36:15 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.49EE678AD3427E66FB336F9C52C7C83C] - 25/10/2013 - 09:52:36 ---A- . (...) -- C:\ComboFix.txt [39097]
~ Files: 29 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.010FDC47B4CF5DE58B258506E9E72AA2] - 25/10/2013 - 09:52:06 ---A- - C:\Windows\Prefetch\CF14423.3XE-93D6DB77.pf
O45 - LFCP:[MD5.5B85111AF2A356DF6E71BAD9E8C6971D] - 25/10/2013 - 18:08:12 ---A- - C:\Windows\Prefetch\BOONTYGAMES.0001-22CE5875.pf
O45 - LFCP:[MD5.ED94ED0AC091C3A5A8DD5541932F4B7F] - 26/10/2013 - 09:45:20 ---A- - C:\Windows\Prefetch\FIND.EXE-9AADDA11.pf
O45 - LFCP:[MD5.A4C2061C96CC33CCEFCFCF07BC68F70C] - 26/10/2013 - 09:45:24 ---A- - C:\Windows\Prefetch\SAFEBOOTKEYREPAIR.EXE-55B5EBA0.pf
O45 - LFCP:[MD5.0E9ADF081481C95C251F6FF8BA357F75] - 26/10/2013 - 16:14:19 ---A- - C:\Windows\Prefetch\APCSYSTRAY.EXE-DA7F5ED2.pf
O45 - LFCP:[MD5.671CADC05241A8F941AE7B94DC2EB1E3] - 26/10/2013 - 16:18:47 ---A- - C:\Windows\Prefetch\BANKPERFECT.EXE-73B3300B.pf
O45 - LFCP:[MD5.8DA6062D8B34A3A500A0D75FE8351D48] - 26/10/2013 - 16:19:39 ---A- - C:\Windows\Prefetch\THESAINTABYSSOFDESPAIR.EXE-07276C38.pf
O45 - LFCP:[MD5.D28355E40B51206EB9E6139EF786F1BF] - 26/10/2013 - 18:07:07 ---A- - C:\Windows\Prefetch\GAMEINSTALLER.EXE-DA49D578.pf
O45 - LFCP:[MD5.8316D651E14CB857C07701245D370457] - 26/10/2013 - 18:57:32 ---A- - C:\Windows\Prefetch\BOONTY.EXE-8369BB13.pf
O45 - LFCP:[MD5.EDF8480314852AD301814CB042B407BE] - 26/10/2013 - 18:57:32 ---A- - C:\Windows\Prefetch\BOONTYGAMES.0001-71D8E700.pf
O45 - LFCP:[MD5.DCDB89B03E7CDBBBEBDC668C19DD485A] - 26/10/2013 - 18:57:32 ---A- - C:\Windows\Prefetch\RICOCHET.EXE-E0225582.pf
O45 - LFCP:[MD5.CD24B280E0840CC8D5FF809AEA7B742E] - 27/10/2013 - 09:20:56 ---A- - C:\Windows\Prefetch\BSHELPCS.EXE-509DEB38.pf
O45 - LFCP:[MD5.F54A7103DCE236E27CF768F6C07D7E4D] - 27/10/2013 - 09:20:56 ---A- - C:\Windows\Prefetch\WLCRDPSYSTEM.EXE-09F2FD97.pf
O45 - LFCP:[MD5.69B11FF8E551E21333219E10B5C1D145] - 27/10/2013 - 09:35:26 ---A- - C:\Windows\Prefetch\HPSF_TASKS.EXE-9FFDF802.pf
O45 - LFCP:[MD5.15156B2223DFD823405DF6BDED0F5379] - 27/10/2013 - 09:45:07 ---A- - C:\Windows\Prefetch\CTR.EXE-72D6C1DD.pf
~ Prefetcher: 134 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\GBMLite8AgentLaCie [Key] . (...) -- C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.)
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C0D50877BB7EC88A953A2A56CEF170FA] - 06/04/2010 - 17:33:10 ---A- . (...) -- C:\Windows\System32\Drivers\btnetBus.sys [30088]
O58 - SDL:[MD5.3688D4B84E9F98F70A71D5B4B720940E] - 06/07/2009 - 15:33:50 ---A- . (.Hauppauge Computer Works, Inc. - hcw95bda HID Remote Control driver.) -- C:\Windows\System32\hcw95rc.sys [19456]
O58 - SDL:[MD5.D0D4F3CA1D3A4400E1F40F36A800CD12] - 13/05/2010 - 06:34:04 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136]
O58 - SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] - 22/05/2013 - 12:34:26 ---A- . (...) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys [37344]
~ Drivers: 19 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/01/2028 - 10:27:58 R-HA- . (...) -- C:\Users\Christian\Documents\Jeux Téléchargés\Enigma Agency - Le Chaos des Ombres Edition Collector\HURLUS.txt [20768]
O61 - LFC: 24/10/2013 - 10:27:45 ---A- . (...) -- C:\Users\Christian\AppData\Local\Le Cloud Orange\synclog.txt [505799]
O61 - LFC: 24/10/2013 - 10:27:45 ---A- . (...) -- C:\Users\Christian\AppData\Local\Screamer Radio\screamer.xml [5021]
O61 - LFC: 24/10/2013 - 10:27:58 ---A- . (...) -- C:\Users\Christian\Documents\Impots\Taxe habitation 2013.pdf [55918]
O61 - LFC: 24/10/2013 - 10:27:58 ---A- . (...) -- C:\Users\Christian\Downloads\elibagla.zip [103711]
O61 - LFC: 24/10/2013 - 10:27:58 -SHA- . (...) -- C:\Users\Christian\Documents\Impots\Thumbs.db [81408]
O61 - LFC: 24/10/2013 - 10:27:59 ---A- . (...) -- C:\Users\Christian\Downloads\fs-fixbagle.zip [898727]
O61 - LFC: 25/10/2013 - 10:27:53 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\fr.orange.assistancelivebox\Local Store\ALB.db [6144] =>.Orange Corporation
O61 - LFC: 25/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\HOSTS.txt [27] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\Documents\Cartes bancaires.ods [17602]
O61 - LFC: 26/10/2013 - 10:27:34 ---A- . (...) -- C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260408]
O61 - LFC: 26/10/2013 - 10:27:50 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\AlawarEntertainment\HappyArtist\The Saint Abyss of Despair\log.sflog [7122]
O61 - LFC: 26/10/2013 - 10:27:50 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\AlawarEntertainment\HappyArtist\The Saint Abyss of Despair\saves\ab1f8f289d14b859ed179c056282e15.sav [436160]
O61 - LFC: 26/10/2013 - 10:27:50 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\AlawarEntertainment\HappyArtist\The Saint Abyss of Despair\saves\options.xml [571]
O61 - LFC: 26/10/2013 - 10:27:50 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\AlawarEntertainment\HappyArtist\The Saint Abyss of Despair\saves\saves.xml [816]
O61 - LFC: 26/10/2013 - 10:27:50 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\AlawarEntertainment\HappyArtist\The Saint Abyss of Despair\saves\saves.xml.crc [9]
O61 - LFC: 26/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 26/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\ZHPDiag.txt [74972] =>.Nicolas Coolman
O61 - LFC: 26/10/2013 - 10:27:58 ---A- . (...) -- C:\Users\Christian\Documents\Sauvegarde bp.bp [192086]
O61 - LFC: 26/10/2013 - 10:27:58 ---A- . (...) -- C:\Users\Christian\Downloads\AdwCleaner[S0].txt [47022]
O61 - LFC: 26/10/2013 - 10:27:58 ---A- . (...) -- C:\Users\Christian\Downloads\adwcleaner.exe [1060070]
O61 - LFC: 26/10/2013 - 10:27:59 ---A- . (...) -- C:\Users\Christian\Downloads\SafeBootKeyRepair.exe [288654]
O61 - LFC: 26/10/2013 - 10:27:59 ---A- . (...) -- C:\Users\Christian\Downloads\mbam-log-2013-06-26 (09-58-17).txt [63868]
O61 - LFC: 26/10/2013 - 10:27:59 ---A- . (...) -- C:\Users\Christian\Downloads\safeboot_win7.reg [36536]
O61 - LFC: 27/10/2013 - 10:27:34 ---A- . (...) -- C:\Users\Christian\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 27/10/2013 - 10:27:43 ---A- . (...) -- C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Local State [72314]
O61 - LFC: 27/10/2013 - 10:27:45 ---A- . (...) -- C:\Users\Christian\AppData\Local\Le Cloud Orange\client00.svclog [96399]
O61 - LFC: 27/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\Log.txt [41050] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\Quarantine\fjdktmabw.job.VIR [316] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\TestsZHPDiag.txt [2962] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\ZHPExportRegistry-27-10-2013-09-40-07.txt [4050] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [71417] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 10:27:57 ---A- . (...) -- C:\Users\Christian\AppData\Roaming\ZHP\ZHPFix[R1].txt [47835] =>.Nicolas Coolman
O61 - LFC: 27/10/2013 - 10:27:58 ---A- . (...) -- C:\Users\Christian\Downloads\CTR (1).exe [938001]
~ 11 Fichiers temporaires (Temporary files)
~ Files: 261 Legitimates Filtered in 00mn 37s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {15F8D44C-1F6A-4afb-99E1-6DBF38826494} - (SpeedBit Search) -
O69 - SBI: SearchScopes [HKCU] {62F1AC2A-F452-4F1F-A3A6-33248E1055BF} - (Bing) -
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) -
O69 - SBI: SearchScopes [HKCU] {CA8330BE-D06A-4B02-A42F-D21DC729449A} - (Search) - =>PUP.Funmoods
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\Christian\Documents\Winrar\RarLab.WinRAR.v5.00.Cracked-EAT.rar
C:\Users\Christian\Documents\Winrar\RarLab.WinRAR.v5.00.Cracked-EAT.rar
~ Files: Scanned in 00mn 56s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EC7C9A61B6213C7FD86D949A1CEC73BF] [SPRF][24/09/2013] (...) -- C:\Users\Christian\AppData\LocalLow\lpm.dat [10498]
[MD5.8AE89101D7EC944A27FA7FE1DFD6188F] [SPRF][24/09/2011] (...) -- C:\Users\Christian\AppData\Roaming\wklnhst.dat [620]
[MD5.2267E4E850A6FFC01B7EED3EACFCC93F] [SPRF][27/10/2013] (.Pas de propriétaire - Contrôle et suppression restrictions.) -- C:\Users\Christian\Desktop\CTR.exe [938001]
[MD5.1F706E1F23E4E4A7FBE4F243D0A6D5C4] [SPRF][04/07/2011] (...) -- C:\Program Files (x86)\AssistanceLivebox.exe [147880]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{906C3559-9E77-4149-90B6-C2B4ECBFA1B5}C:\program files (x86)\limewire\limewire.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{53CAA8BF-98B1-4503-8AB7-00AF46B2F6E2}C:\program files (x86)\limewire\limewire.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{4CC312B8-B5A9-4BA9-8508-1544BF4D4E0E}C:\program files (x86)\dap\dap.exe" | In - Private - P6 - TRUE | .(.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\program files (x86)\dap\dap.exe
O87 - FAEL: "UDP Query User{32241AB4-D707-40F6-9ACF-EBEB3038DBD5}C:\program files (x86)\dap\dap.exe" | In - Private - P17 - TRUE | .(.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\program files (x86)\dap\dap.exe
O87 - FAEL: "{5FE8193C-BA75-4A7D-B4E6-48980A56E08E}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{C554E12B-DBD1-4638-B601-C103102BE8E2}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{80E72618-B78E-4FBE-AF4D-56F02A391B77}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{6B9180C8-8A95-4CD1-9060-5E705B03291C}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{8113B4D9-E49B-45AD-8E34-82FF2F819B70}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{95FB7AB8-1EF5-49E4-8D92-99A3B21AFBFF}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{5E131F23-5FDE-43EE-9397-91B2DC19E74D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{FA02CA1F-DD23-4BA5-8E71-BC7D7F67C68C}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{8745684C-95A3-40CD-B077-0F924ED6A013}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{424DA903-288A-4D18-9E32-F974207ACECC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
~ Firewall: 280 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\Windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
O90 - PUC: "F0BBACFFF1EE23245A36FD5976ED5BA2" . (.Chrome Remote Desktop Host.) -- C:\Windows\Installer\{FFCABB0F-EE1F-4232-A563-DF9567DEB52A}\chromoting.ico
~ Update Products: 166 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.37567A52FCB048AD2341BA1255A53D95] [WIS][26/05/2011] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\10f56b9.msi [2831360]
[MD5.648FBA78FBBBB8EA6E33020A2220D2A4] [WIS][27/02/2010] (.SpeedBit - DAP Plug-in for 64 bit IE.) -- C:\Windows\Installer\23e6da.msi [3657728]
~ WIS: 173 Legitimates Filtered in 00mn 32s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 06/07/2012 32768 | (AllShare Framework DMS) . (.Samsung.) - C:\Program Files\Samsung\AllShare Framework DMS\1.1.01\AllShareFrameworkManagerDMS.exe
SR - | Auto 02/12/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 12/12/2005 176193 | (APC UPS Service) . (.American Power Conversion Corporation.) - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
SR - | Auto 26/02/2012 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 26/10/2010 1765484 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 27/07/2012 69120 | (Boonty Games) . (.BOONTY.) - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
SR - | Demand 25/10/2010 192000 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
SR - | Auto 23/09/2013 50128 | (chromoting) . (.Google Inc..) - C:\Program Files (x86)\Google\Chrome Remote Desktop\30.0.1599.56\remoting_host.exe
SS - | Auto 10/06/2013 1966960 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
SR - | Auto 13/05/2010 119632 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SR - | Auto 20/07/2012 64384 | (DokanMounter) . (.F-Secure.) - C:\Program Files\Orange\mes contenus - mon disque\mounter.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 24/03/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 07/03/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/03/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 15/11/2010 126520 | (HP Health Check Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 14/10/2010 92216 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SS - | Demand 14/10/2010 751672 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 28/03/2012 140456 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SS - | Demand 27/03/2012 934760 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 10/07/1658 0 | (KiesAllShare) . (...) - C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 25/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\ConversionService.exe
SR - | Auto 24/08/2011 430136 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
SR - | Auto 24/04/2012 390632 | (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 34s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Christian at 27/10/2013 10:29:39
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13,
Run by Christian at 27/10/2013 10:29:41

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (27/10/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Driver Updater_is1] =>PUP.AdvancedDriverUpdater^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}] =>PUP.OfferWare^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
~ Additionnel Scan: 418207 Items scanned in 00mn 18s



---\\ Récapitulatif des détections trouvées sur votre station
~ =>Adware.SPointer
~ =>Adware.DomaIQ
~ =>PUP.Offerware
~ =>PUP.Funmoods
~ =>PUP.Datamngr
~ =>PUP.SweetIM
~ MSI: 6 link(s) detected in 00mn 18s



~ 2120 Legitimates filtered by white list
End of the scan (682 lines in 06mn 15s)(2)
Avatar du membre
par El Desaparecido
#13031
On va vérifier une chose :
  • Télécharges (de El Desaparecido) sur ton Bureau !
  • Exécute UsbFix
  • Choisi l'option Listing
  • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
Avatar du membre
par smeggy
#13034
Utilisateur: Christian (Administrateur) # CHRISTIAN-PC
Mis à jour le 17/10/2013 par El Desaparecido - Team SosVirus
Lancé à 11:15:27 | 27/10/2013

Site Web:
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact:

PC: PEGATRON CORPORATION (Narra6)
CPU: AMD Athlon(tm) II X2 215 Processor
RAM -> [Total : 4095 | Free : 2148]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 920 Go (541 Go libre(s) - 59%) [COMPAQ] # NTFS
D:\ -> Disque fixe # 12 Go (2 Go libre(s) - 14%) [FACTORY_IMAGE] # NTFS
E:\ -> CD-ROM

################## | Listing |

[25/10/2013 - 09:59:18 | D ] C:\$RECYCLE.BIN
[31/03/2013 - 09:33:13 | D ] C:\1517026d305382a9369b62ebcd3e
[31/03/2013 - 09:46:22 | D ] C:\4b569151f7f72666f7c74b57
[25/06/2010 - 19:26:29 | D ] C:\7e099a45c2b8b95971725751640a5b
[26/10/2013 - 17:51:36 | D ] C:\AdwCleaner
[05/05/2013 - 16:45:49 | D ] C:\AllShare Play
[16/11/2010 - 11:57:06 | A | 2006] C:\aqua_bitmap.cpp
[06/08/2010 - 07:57:31 | A | 254] C:\Bryce Uninstall.log
[01/05/2011 - 16:27:58 | D ] C:\CanoScan
[25/10/2013 - 09:52:36 | A | 39097] C:\ComboFix.txt
[24/10/2013 - 12:40:36 | D ] C:\Config.Msi
[22/09/2013 - 10:05:53 | D ] C:\divx
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[31/03/2013 - 09:45:07 | D ] C:\fb788de12609f32d64af5c4d
[11/05/2010 - 17:20:04 | A | 250] C:\FINIS_IT.TXT
[04/08/2013 - 08:41:48 | D ] C:\GameHouse Games
[27/10/2013 - 10:18:46 | ASH | 3220676608] C:\hiberfil.sys
[11/05/2010 - 17:20:02 | D ] C:\hp
[01/12/2006 - 23:37:14 | A | 904704] C:\msdia80.dll
[28/02/2012 - 19:28:22 | D ] C:\My Download Files
[04/08/2013 - 08:48:59 | D ] C:\My Games
[14/08/2012 - 08:23:11 | D ] C:\My Works
[27/10/2013 - 10:18:47 | ASH | 4294238208] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[27/10/2013 - 10:29:39 | A | 512] C:\PhysicalDisk0_MBR.bin
[26/10/2013 - 17:38:12 | RD ] C:\Program Files
[27/10/2013 - 09:39:30 | D ] C:\Program Files (x86)
[27/10/2013 - 09:39:30 | D ] C:\ProgramData
[25/10/2013 - 09:53:08 | D ] C:\Qoobox
[07/12/2012 - 14:37:56 | D ] C:\Samsung
[27/02/2010 - 10:29:21 | D ] C:\Securitoo
[27/02/2010 - 10:30:35 | A | 159] C:\Setup.log
[19/09/2013 - 09:50:36 | D ] C:\SkyDriveTemp
[24/10/2013 - 14:44:51 | A | 0] C:\Startvir.txt
[30/01/2011 - 12:07:57 | AD ] C:\swsetup
[24/10/2013 - 13:55:15 | SHD ] C:\System Volume Information
[30/01/2011 - 12:08:12 | D ] C:\SYSTEM.SAV
[26/03/2013 - 09:57:15 | D ] C:\Temp
[18/08/2012 - 16:47:38 | D ] C:\Upload
[27/10/2013 - 11:15:29 | D ] C:\UsbFix
[27/10/2013 - 11:15:29 | A | 3058] C:\UsbFix [Listing 1 ] CHRISTIAN-PC.txt
[04/04/2012 - 07:24:18 | A | 50] C:\user.js
[21/08/2013 - 10:24:18 | RD ] C:\Users
[26/10/2013 - 18:07:25 | D ] C:\Windows
[27/02/2010 - 10:12:08 | D ] D:\$RECYCLE.BIN
[27/02/2010 - 10:12:05 | D ] D:\boot
[13/07/2009 - 18:39:00 | ASH | 383562] D:\bootmgr
[27/02/2010 - 10:12:04 | SH | 0] D:\BT_COMPAQ.FLG
[10/01/2010 - 14:22:51 | ASH | 485] D:\CSP.DAT
[10/01/2010 - 14:41:01 | ASH | 15541] D:\DeployRp.log
[08/05/2010 - 09:57:28 | D ] D:\hp
[08/05/2010 - 09:57:28 | ASH | 0] D:\hpdrcu.prc
[27/02/2010 - 10:12:04 | ASH | 22] D:\language.ini
[27/02/2010 - 10:12:05 | D ] D:\preload
[27/02/2010 - 10:12:05 | D ] D:\Recovery
[10/01/2010 - 14:40:59 | ASH | 0] D:\RPCONFIG.LOG
[14/10/2013 - 08:27:34 | SHD ] D:\System Volume Information

################## | E.O.F |
Avatar du membre
par El Desaparecido
#13035
Ouvre l'invite de commande :

Menu démarrer -> accessoire -> clic droit sur Invite de commande -> choisi exécuter en tant qu'administrateur

Dans la fenêtre noire copie colle cette ligne :
sc start wscsvc
Valide par entrée.

Ensuite copie colle cette ligne :
sc start WinDefend
Valide par entrée. Redémarre ensuite le pc et dis moi comment va ton Centre de sécurité stp.
Avatar du membre
par smeggy
#13037
A chaque ligne saisie j'obtiens ce message: Le service ne peut pas etre démarré parce qu'il est désactivé ou qu'aucun périphérique active ne lui est associé.
Avatar du membre
par El Desaparecido
#13038
:(
  • Télécharges RogueKiller (de Tigzy) sur ton Bureau.
  • Lance RogueKiller, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

    Note : Attends que le PreScan ait fini.
  • Clique sur Scan.
  • Clique sur Supression
  • Une fois le scan terminé rends toi sur le bureau, le rapport RKreport[X]¤D¤.txt à été créé.
  • Héberge le rapport RKreport[X]¤D¤.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Image

Coucou, ;) Brrr.... C'est ce qui me dépla[…]

Suspicion de virus crypto

Ok bonne route :)

Problème avec Adsfix

bonsoir ok , à te lire prochainement :)

suspicion de contamination

ok très bien, merci