Infectée par rvzr-a.akamaihd.net 2013-11-29T15:15:51+00:00
  • Auteur
    Messages
  • Anonyme
    Post count: 1400

    [norephelpe:3o4kkxlj][/norephelpe:3o4kkxlj]

  • Anonyme
    Post count: 1400

    :hello: Plantu,

    je n’ai plus de nouvelles de ta part :interro:

    as-tu réussi a faire les mises a jour :interro:

    :merci2:

  • Anonyme
    Post count: 1400

    re

    pour la recherche des mises a jour, regarde ceci mettre xp a jour manuellement

    dis moi si tu y arrives

    @+

  • Plantu
    Participant
    Post count: 11

    Alors pour la mise à jour, je n’arrive pas à trouver comment faire, tout ce que je peux faire dans panneaux de configuration, c’est choisir l’heure à laquelle ça cherche des mises à jour, je peux pas voir ou j’en suis !?

    Sinon j’ai fait la manip, mais sos upload ne me propose que des formats images, j’essaye de te transmettre le rapport dans ce post du coup :

    Rapport de ZHPFix 2013.11.26.8 par Nicolas Coolman, Update du 26/11/2013
    Fichier d’export Registre :
    Run by Admin at 30/11/2013 15:12:03
    High Elevated Privileges : OK
    Windows XP Home Edition Service Pack 3 (Build 2600)

    Corbeille vidée (00mn 12s)

    ========== Clés du Registre ==========
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
    SUPPRIMÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
    SUPPRIMÉ: CLSID DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{6414512B-B978-451D-A0D8-FCFDF33E833C}]
    SUPPRIMÉ: CLSID DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
    SUPPRIMÉ: [HKLMSoftwareClassesInstallerProducts\452B63F044BF958498713877F821A0C7]
    SUPPRIMÉ: [HKLMSoftwareClassesInstallerFeatures452B63F044BF958498713877F821A0C7]
    SUPPRIMÉ: HKLMSoftwareClassesCLSID{1a03f196-9617-4ca0-842b-a83ceecb022b}
    SUPPRIMÉ: HKLMSoftwareClassesInstallerFeatures394E2E69484C3E34B9596DE27E4DD0A3
    SUPPRIMÉ: HKLMSoftwareClassesInstallerProducts394E2E69484C3E34B9596DE27E4DD0A3
    SUPPRIMÉ: HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products394E2E69484C3E34B9596DE27E4DD0A3

    ========== Valeurs du Registre ==========
    SUPPRIMÉ: Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}
    SUPPRIMÉ: Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}
    SUPPRIMÉ RunValue: BigDogPath
    SUPPRIMÉ AAKE KeyValue: C:WINDOWSsystem32dmwu.exe

    ========== Dossiers ==========
    SUPPRIMÉ: C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultextensionsjid1-FCM5fDwCW5M3AQ@jetpack
    SUPPRIMÉ: c:documents and settingsadminlocal settingsapplication datasoftware
    SUPPRIMÉS Temporaires Windows (7)
    SUPPRIMÉS Flash Cookies (1)

    ========== Fichiers ==========
    SUPPRIMÉ: C:WindowsInstaller18fbfc.msi
    SUPPRIMÉS Temporaires Windows (13) (3 372 433 octets)
    SUPPRIMÉS Flash Cookies (0) (0 octets)

    ========== Récapitulatif ==========
    13 : Clés du Registre
    4 : Valeurs du Registre
    4 : Dossiers
    3 : Fichiers

    End of clean in 00mn 15s

    ========== Chemin de fichier rapport ==========
    C:Documents and SettingsAdminApplication DataZHPZHPFix[R1].txt – 30/11/2013 15:12:15 [2302]

  • Anonyme
    Post count: 1400

    re

    pour les mises a jour ce n’est pas bon, tu devras recommencer

    fais ceci et poste le rapport s’il te plaît

    copie tout le texte depuis ce lien http://cjoint.com/?CKEbWT7dmSI” onclick=”window.open(this.href);return false;

    ensuite fais ceci

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

    :merci2:

  • Plantu
    Participant
    Post count: 11

    d’accord, bonne soirée ;)

  • Anonyme
    Post count: 1400

    re

    je reviens vers 22H30-23H

    @+

  • Plantu
    Participant
    Post count: 11

    Et voila la 2ème :

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.4E5E07098960B15A530D87F46C2DD819] – 29/11/2013 – 19:37:44 —A- . (…) — C:WINDOWSWudf01000Inst.log [13400]
    O44 – LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] – 29/11/2013 – 19:38:25 —A- . (…) — C:WINDOWSWMSysPr9.prx [316640]
    O44 – LFC:[MD5.AE842166AF8584D7B9B0D03172F6D49B] – 29/11/2013 – 19:38:29 —A- . (…) — C:WINDOWSWMFDist11.log [28715]
    O44 – LFC:[MD5.984DBC6A6BA881BCF7C71754C8241976] – 29/11/2013 – 19:39:00 —A- . (…) — C:WINDOWSupdspapi.log [69304]
    O44 – LFC:[MD5.FF572D46C15FC0604B9CFE3E70BA5BD8] – 29/11/2013 – 19:39:11 —A- . (…) — C:WINDOWSwin.ini [790]
    O44 – LFC:[MD5.E11C6FE8D376CF946FCBEE72A22C02A7] – 29/11/2013 – 19:39:14 —A- . (…) — C:WINDOWSimsins.BAK [1393]
    O44 – LFC:[MD5.817F4A62D23430D874FB5881FFBBA4A5] – 29/11/2013 – 19:39:14 —A- . (…) — C:WINDOWSwmp11.log [20114]
    O44 – LFC:[MD5.F06F78A75885B021D85D5626C1740445] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSFaxSetup.log [1224567]
    O44 – LFC:[MD5.D9DC722BC23DC90867649152171097EC] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSMSCompPackV1.log [7184]
    O44 – LFC:[MD5.32F64151CD134D47C169520EDE1EDD1C] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWScomsetup.log [418784]
    O44 – LFC:[MD5.8D70812F5B0C8FDF3C0501903EB216CC] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSiis6.log [194019]
    O44 – LFC:[MD5.6D49CD0BC7C8AA8AA129AC200A338631] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSimsins.log [1393]
    O44 – LFC:[MD5.7B494379654B950D5D7BBE2339425079] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSmsgsocm.log [61775]
    O44 – LFC:[MD5.1875292B085DD008DDF4152979C538ED] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSntdtcsetup.log [252111]
    O44 – LFC:[MD5.EB1FB0872E7595DB2AA156535C56B8F7] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSocgen.log [600019]
    O44 – LFC:[MD5.4D330ADAD5B185FD3BB51D778042D62C] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWSocmsn.log [68171]
    O44 – LFC:[MD5.D99546FE21E0103E4B9383498C5CB17F] – 29/11/2013 – 19:39:23 —A- . (…) — C:WINDOWStsoc.log [474486]
    O44 – LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] – 29/11/2013 – 19:55:13 —A- . (…) — C:WINDOWSsystem32amcompat.tlb [16832]
    O44 – LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] – 29/11/2013 – 19:55:13 —A- . (…) — C:WINDOWSsystem32nscompat.tlb [23392]
    O44 – LFC:[MD5.FDAC8ED561C3C51572A3A437B7C1057B] – 29/11/2013 – 20:09:29 —A- . (…) — C:WINDOWSwmsetup.log [117710]
    O44 – LFC:[MD5.EC2709711016753B786B4379DBDC2E0B] – 29/11/2013 – 20:23:57 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.51359B43C6A132EFD715C1C70D3A9285] – 29/11/2013 – 20:24:35 —A- . (…) — C:WINDOWSwiadebug.log [259]
    O44 – LFC:[MD5.D022F92CCC35D1002F1DBBCFA166BD33] – 29/11/2013 – 20:24:45 —A- . (…) — C:WINDOWSspupdsvc.log [53466]
    ~ Files: 41 Legitimates Filtered in 00mn 29s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “C:Documents and SettingsAdminLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe” [Enabled] .(.Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe
    O47 – AAKE:Key Export SP – “C:WINDOWSsystem32dmwu.exe” [Enabled] .(…) — C:WINDOWSsystem32dmwu.exe (.not file.)
    ~ Keys Export: 16 Legitimates Filtered in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{06be4ba8-b267-11e0-b9f2-806d6172696f}AutoRuncommand. (…) — D:ASRSetup.exe (.not file.)
    O51 – MPSK:{254a098a-b296-11e0-9a07-00252286c5e5}AutoRuncommand. (…) — O:start.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.85ECE26F326C2D07BA77A60343468272] – 30/12/2010 – 14:19:40 —A- . (.Wondershare – Wondershare Virtual Audio Device.) — C:WINDOWSsystem32DriversApowersoft_AudioDevice.sys [16640]
    O58 – SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] – 14/04/2008 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
    O58 – SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] – 14/04/2008 – 13:00:00 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
    O58 – SDL:[MD5.E7AC7B1E8AE57C3D55C661187CEEBF11] – 08/10/2004 – 12:58:32 R–A- . (…) — C:WINDOWSsystem32Driverslvcm.sys [585824]
    O58 – SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] – 14/04/2008 – 13:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
    O58 – SDL:[MD5.58C938BDD89281DC1A64B1DCE675FCE4] – 17/08/2004 – 04:44:22 —A- . (.VM – Video streaming and Capture Device Driver.) — C:WINDOWSsystem32DriversusbVM31b.sys [91263]
    O58 – SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] – 14/04/2008 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
    O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
    O58 – SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
    O58 – SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
    O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
    O58 – SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
    O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
    O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
    O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
    O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
    O58 – SDL:[MD5.CAAA108FD7BF71989946B39704323455] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
    O58 – SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
    O58 – SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
    O58 – SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
    O58 – SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
    ~ Drivers: 5 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 26/11/2013 – 20:30:52 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00769.txt [6842]
    O61 – LFC: 26/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00770.txt [6842]
    O61 – LFC: 26/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-26_32.json [15801]
    O61 – LFC: 26/11/2013 – 20:30:59 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultdownloads.sqlite [196608]
    O61 – LFC: 26/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultGPUCachedata_2 [1056768]
    O61 – LFC: 27/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00771.txt [6846]
    O61 – LFC: 27/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-27_32.json [15801]
    O61 – LFC: 27/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcontent-prefs.sqlite [229376]
    O61 – LFC: 28/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00772.txt [6844]
    O61 – LFC: 28/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-28_32.json [15801]
    O61 – LFC: 28/11/2013 – 20:31:00 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultindexedDBchromeidb2107386035db8d2l2a2n6r9e8t-n1i9.sqlite [524288]
    O61 – LFC: 28/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultindexedDBchromeidb3283997206db8d2c2n2y6s9a8m-o1c9.sqlite [524288]
    O61 – LFC: 28/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLast Tabs [70402]
    O61 – LFC: 28/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension Settingsldikpdnngdmeceeameoaannjilbjppnm00823.ldb [461271]
    O61 – LFC: 29/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00773.txt [6840]
    O61 – LFC: 29/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00774.txt [6840]
    O61 – LFC: 29/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00775.txt [6840]
    O61 – LFC: 29/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00776.txt [6840]
    O61 – LFC: 29/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00777.txt [6840]
    O61 – LFC: 29/11/2013 – 20:30:53 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00778.txt [6840]
    O61 – LFC: 29/11/2013 – 20:30:54 —A- . (…) — C:Documents and SettingsAdminApplication DataMedia Player Classicdefault.mpcpl [68]
    O61 – LFC: 29/11/2013 – 20:30:55 —A- . (…) — C:Documents and SettingsAdminApplication DataMicrosoftInternet ExplorerQuick LaunchWindows Media Player.lnk [800] =>.Microsoft Corporation
    O61 – LFC: 29/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultaddons.json [8695]
    O61 – LFC: 29/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultblocklist.xml [86992]
    O61 – LFC: 29/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-29_32.json [15801]
    O61 – LFC: 29/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcert8.db [196608]
    O61 – LFC: 29/11/2013 – 20:30:58 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcookies.sqlite [524288]
    O61 – LFC: 29/11/2013 – 20:31:00 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultextensions.sqlite [524288]
    O61 – LFC: 29/11/2013 – 20:31:00 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultformhistory.sqlite [196608]
    O61 – LFC: 29/11/2013 – 20:31:00 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaulthealthreport.sqlite [1146880]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultindexedDBmoz-safe-about+home.metadata [0]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultindexedDBmoz-safe-about+homeidb818200132aebmoouht.sqlite [557056]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultkey3.db [16384]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultlocalstore.rdf [7186]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultparent.lock [0]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultpermissions.sqlite [65536]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultplaces.sqlite [20971520]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultpluginreg.dat [10609]
    O61 – LFC: 29/11/2013 – 20:31:01 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultprefs.js [22447]
    O61 – LFC: 29/11/2013 – 20:31:02 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultsessionstore.bak [958]
    O61 – LFC: 29/11/2013 – 20:31:02 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultsessionstore.js [4631]
    O61 – LFC: 29/11/2013 – 20:31:02 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultsignons.sqlite [327680]
    O61 – LFC: 29/11/2013 – 20:31:02 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaulturlclassifierkey3.txt [154]
    O61 – LFC: 29/11/2013 – 20:31:02 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultwebappswebapps.json [2]
    O61 – LFC: 29/11/2013 – 20:31:02 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultwebappsstore.sqlite [262144]
    O61 – LFC: 29/11/2013 – 20:31:03 —A- . (…) — C:Documents and SettingsAdminApplication DataUnH SolutionsIE Privacy Keepersettings.iepk [3860]
    O61 – LFC: 29/11/2013 – 20:31:06 —A- . (…) — C:Documents and SettingsAdminApplication DataZHPLog.txt [39383] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 20:31:06 —A- . (…) — C:Documents and SettingsAdminApplication DataZHPTestsZHPDiag.txt [3257] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 20:31:06 —A- . (…) — C:Documents and SettingsAdminApplication DataZHPZHPDiag.txt [60805] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 20:31:06 —A- . (…) — C:Documents and SettingsAdminApplication Datavlcml.xspf [304]
    O61 – LFC: 29/11/2013 – 20:31:06 —A- . (…) — C:Documents and SettingsAdminApplication Datavlcvlcrc [77412]
    O61 – LFC: 29/11/2013 – 20:32:27 —A- . (…) — C:Documents and SettingsAdminBureausos virus.docx [15625]
    O61 – LFC: 29/11/2013 – 20:32:28 —A- . (…) — C:Documents and SettingsAdminBureauZHPDiag.lnk [1523] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 20:32:28 —A- . (…) — C:Documents and SettingsAdminBureauZHPFix.lnk [1628] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 20:32:28 –HA- . (…) — C:Documents and SettingsAdminBureau~$s virus.docx [162]
    O61 – LFC: 29/11/2013 – 20:32:31 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataCertificate Revocation Lists [269208]
    O61 – LFC: 29/11/2013 – 20:32:31 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultArchived History [3616768]
    O61 – LFC: 29/11/2013 – 20:32:31 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultArchived History-journal [16384]
    O61 – LFC: 29/11/2013 – 20:32:31 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies [1097728]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies-journal [16384]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCurrent Session [98175]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCurrent Tabs [692363]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension RulesCURRENT [16]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension RulesLOG [148]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension RulesLOG.old [148]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension State02621.ldb [393]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension State02623.ldb [68552]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension State02626.ldb [4194]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateCURRENT [16]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateLOG [275]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateLOG.old [276]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateMANIFEST-002625 [841]
    O61 – LFC: 29/11/2013 – 20:32:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultdatabaseschrome-extension_ldikpdnngdmeceeameoaannjilbjppnm_04 [379904]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultFavicons [3112960]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultFavicons-journal [16384]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultGPUCachedata_0 [45056]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultGPUCachedata_1 [270336]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultHistory [4874240]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultHistory Provider Cache [431066]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultHistory-journal [25136]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLast Session [650498]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension Settingsldikpdnngdmeceeameoaannjilbjppnm00828.ldb [174]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmCURRENT [16]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmLOG [269]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmLOG.old [267]
    O61 – LFC: 29/11/2013 – 20:32:36 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmMANIFEST-000827 [175]
    O61 – LFC: 29/11/2013 – 20:32:40 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_static.live-lyrics.com_0.localstorage [2843648] =>Adware.AddLyrics
    O61 – LFC: 29/11/2013 – 20:32:40 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_static.live-lyrics.com_0.localstorage-journal [16384] =>Adware.AddLyrics
    O61 – LFC: 29/11/2013 – 20:32:43 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_www.superfish.com_0.localstorage [5120]
    O61 – LFC: 29/11/2013 – 20:32:43 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_www.superfish.com_0.localstorage-journal [5672]
    O61 – LFC: 29/11/2013 – 20:32:46 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultNetwork Action Predictor [621568]
    O61 – LFC: 29/11/2013 – 20:32:46 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultNetwork Action Predictor-journal [16384]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences [212673]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultQuotaManager [13312]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultQuotaManager-journal [6704]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession Storage04673.ldb [147]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession Storage04675.ldb [188204]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession Storage04678.ldb [22941]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageCURRENT [16]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageLOG [276]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageLOG.old [277]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageMANIFEST-004677 [211]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultShortcuts [339968]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultShortcuts-journal [16384]
    O61 – LFC: 29/11/2013 – 20:32:48 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultTop Sites [606208]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultTop Sites-journal [16384]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultTransportSecurity [5411]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultVisited Links [524192]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultWeb Data [120832]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultWeb Data-journal [16384]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataLocal State [46685]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Bloom [7779436]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Bloom Prefix Set [1388636]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Cookies [6144]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Cookies-journal [4640]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Csd Whitelist [135388]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Download [1212424]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Download Whitelist [19504]
    O61 – LFC: 29/11/2013 – 20:32:49 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Extension Blacklist [6852]
    O61 – LFC: 29/11/2013 – 20:32:53 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftMedia PlayerCurrentDatabase_59R.wmdb [12996608]
    O61 – LFC: 29/11/2013 – 20:32:54 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftMedia Playerwmdbexport.xml [7912998]
    O61 – LFC: 29/11/2013 – 20:32:54 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftMedia Playerwmpfolders.wmdb [286]
    O61 – LFC: 29/11/2013 – 20:32:59 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWindows Media11.0WMSDKNS.DTD [498]
    O61 – LFC: 29/11/2013 – 20:32:59 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWindows Media11.0WMSDKNS.XML [10188]
    O61 – LFC: 29/11/2013 – 20:32:59 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWindows Media9.0WMSDKNS.DTD [498]
    O61 – LFC: 29/11/2013 – 20:32:59 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWindows Media9.0WMSDKNS.XML [12784]
    O61 – LFC: 29/11/2013 – 20:32:59 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMozillaFirefoxProfileskutfpq8i.defaultstartupCachestartupCache.4.little [1273636]
    O61 – LFC: 29/11/2013 – 20:33:00 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMozillaFirefoxProfileskutfpq8i.default_CACHE_CLEAN_ [1]
    O61 – LFC: 29/11/2013 – 20:33:00 —A- . (…) — C:Documents and SettingsAdminMenu DémarrerProgrammesWindows Media Player.lnk [788] =>.Microsoft Corporation
    O61 – LFC: 29/11/2013 – 20:33:59 —A- . (…) — C:Documents and SettingsAdminMes documentsDownloadsNetoyage PCadwcleaner (1).exe [1091882]
    O61 – LFC: 29/11/2013 – 20:34:00 —A- . (…) — C:Documents and SettingsAdminMes documentsDownloadsNetoyage PCdelfix.exe [707006]
    O61 – LFC: 29/11/2013 – 20:34:00 —A- . (…) — C:Documents and SettingsAdminMes documentsDownloadsNetoyage PCmbam-log-2013-11-29 (16-19-27).txt [13852]
    O61 – LFC: 29/11/2013 – 20:34:26 -SHA- . (…) — C:Documents and SettingsAdminMes documentsDownloadsThumbs.db [365056]
    O61 – LFC: 29/11/2013 – 20:36:46 -SHA- . (…) — C:Documents and SettingsAdminMes documentsTéléchargementsThumbs.db [231424]
    O61 – LFC: 29/11/2013 – 20:36:48 —A- . (…) — C:Documents and SettingsAdminRecentsos virus.lnk [488]
    O61 – LFC: 29/11/2013 – 20:36:48 -SHA- . (…) — C:Documents and SettingsAdminMes documentsVidéosFilmsà voirThumbs.db [198656]
    ~ 2 Fichiers temporaires (Temporary files)
    ~ 2 Fichiers cookies (Cookies files)
    ~ Files: 201 Legitimates Filtered in 05mn 59s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft 3gp Video Converter v3.1.5.0430b Winall Cracked-Czw.rar
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWCrackvideoenc.exe-up.txt
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWkeygen.exe
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWx-3gp-video-converter.exe
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft 3gp Video Converter v3.1.5.0430b Winall Cracked-Czw.rar
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWCrackvideoenc.exe-up.txt
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWkeygen.exe
    C:RECYCLERS-1-5-21-1957994488-796845957-682003330-1004Dc387Xilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWx-3gp-video-converter.exe
    ~ Files: Scanned in 00mn 33s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “0CC62614458A2044DA607D3959512C28” . (.Sibelius Scorch (Firefox, Opera, Netscape, Chrome only).) — C:WINDOWSInstaller{41626CC0-A854-4402-AD06-D7939515C282}ARPPRODUCTICON.exe
    O90 – PUC: “394E2E69484C3E34B9596DE27E4DD0A3” . (.Toolbar 4.7 by SweetPacks.) — C:WINDOWSInstaller{96E2E493-C484-43E3-9B95-D62EE7D40D3A}ARPPRODUCTICON.exe =>PUP.SweetIM
    O90 – PUC: “452B63F044BF958498713877F821A0C7” . (.Boxore Client.) — C:WINDOWSInstaller{0F36B254-FB44-4859-8917-83778F120A7C}boxore.ico =>Adware.Boxore
    O90 – PUC: “C01089B92E6A4D046AD9E70A42AECE97” . (.e-Sword.) — C:WINDOWSInstaller{9B98010C-A6E2-40D4-A69D-7EA024EAEC79}ARPPRODUCTICON.exe
    ~ Update Products: 75 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.4C42A805251908FC8D3DBB341AD1C6ED] [WIS][02/08/2013] (.Boxore OU – Boxore Client Installer.) — C:WindowsInstaller18fbfc.msi [474624] =>Adware.Boxore
    [MD5.E1E7D2CD47BE8EB890C7DD17997388E8] [WIS][29/07/2011] (.BibleStudyPro.com – Bible Study Pro.) — C:WindowsInstaller192c311.msi [914944]
    [MD5.4808135346AB22C3DC2862A1A94476DD] [WIS][29/07/2011] (.Rick Meyers – e-Sword.) — C:WindowsInstaller1cffac2.msi [2745856]
    ~ WIS: 77 Legitimates Filtered in 00mn 10s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 21/07/2011 72704 | (Adobe LM Service) . (.Adobe Systems.) – C:Program FilesFichiers communsAdobe Systems SharedServiceAdobelmsvc.exe
    SS – | Demand 01/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 09/09/2008 79144 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) – C:Program FilesSolidWorks CorpSolidWorksswSchedulerDTSCoordinatorService.exe
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Auto 10/11/2012 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 10/11/2012 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 14/11/2011 311928 | (maconfservice) . (.CybelSoft.) – C:Program Filesma-config.commaconfservice.exe
    SS – | Demand 10/07/1658 0 | (McComponentHostService) . (…) – C:Program FilesMcAfee Security Scan3.8.130McCHSvc.exe
    SS – | Demand 16/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 14/04/2009 163908 | (NVSvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvsvc32.exe
    SS – | Demand 07/01/2012 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) – C:Program FilesFichiers communsSolidWorks SharedServiceSolidWorksLicensing.exe

    SR – | Demand 25/01/2010 245760 | (BrYNSvc) . (.Brother Industries, Ltd..) – C:Program FilesBrowny02BrYNSvc.exe
    SR – | Auto 11/11/2010 11736 | (MsMpSvc) . (.Microsoft Corporation.) – C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

    ~ Services: Scanned in 00mn 11s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Admin at 29/11/2013 20:37:39

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
    C:WINDOWSsystem32driversnvgts.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
    1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceHarddisk0DR0[0x89B80AB8]
    kernel: MBR read successfully
    user & kernel MBR OK

    ~ MBR: 14 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Admin at 29/11/2013 20:37:41

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13001 – (28/11/2013)
    Clés trouvées (Keys found) : 4
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 2
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareClassesCLSID{1a03f196-9617-4ca0-842b-a83ceecb022b}] =>PUP.SweetIM
    [HKLMSoftwareClassesInstallerFeatures394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
    [HKLMSoftwareClassesInstallerProducts394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
    C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultextensionsjid1-FCM5fDwCW5M3AQ@jetpack =>Spyware.SmartDisplay^
    C:Documents and SettingsAdminLocal SettingsApplication DataSoftware =>Adware.Boxore
    C:WindowsInstaller18fbfc.msi =>Adware.Boxore^
    ~ Additionnel Scan: 267245 Items scanned in 00mn 14s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay” onclick=”window.open(this.href);return false; =>Spyware.SmartDisplay
    ~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ MSI: 4 link(s) detected in 00mn 14s

    ~ 1173 Legitimates filtered by white list
    End of the scan (670 lines in 09mn 09s)(8)

  • Plantu
    Participant
    Post count: 11

    je tente en 2 parties :

    ~ Rapport de ZHPDiag v2013.11.28.59 – Nicolas Coolman (28/11/2013)
    ~ Lancé par Admin (29/11/2013 20:28:47)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v6.0.2900.5512
    MFIE: Mozilla Firefox 25.0.1 (Defaut)
    GCIE: Google Chrome v31.0.1650.57

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows XP Home Edition Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client FR-FR Language Pack v2.0.0657.0
    McAfee Security Scan Plus v3.8.130.10

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X

    —\ Informations sur le système
    ~ Processor: x86 Family 16 Model 6 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1791 MB (69% free)
    System Restore: Activé (Enable)
    System drive C: has 23 GB (15%) free of 146 GB

    —\ Mode de connexion au système
    ~ Computer Name: ADMIN-732D4ABFF
    ~ User Name: Admin
    ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur, Admin,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and SettingsAdminApplication DataZHP
    ~ %AppData% : C:Documents and SettingsAdminApplication Data
    ~ %Desktop% : C:Documents and SettingsAdminBureau
    ~ %Favorites% : C:Documents and SettingsAdminFavoris
    ~ %LocalAppData% : C:Documents and SettingsAdminLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsAdminMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 23 Go of 146 Go)
    D: CD-ROM drive (Free 0 Go of 0 Go)
    E: Hard drive, Flash drive, Thumb drive (Free 31 Go of 152 Go)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)
    H: Floppy drive, Flash card reader, USB Key (Not Inserted)
    I: Floppy drive, Flash card reader, USB Key (Not Inserted)
    J: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 38 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.ACDDE3874BF2BEDB91B334307C68CA53] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 15:53:59.) — C:WINDOWSsystem32wininet.dll [672768]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 19:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/10227
    ~ Mes musiques (My Musics) : 1/2
    ~ Mes Videos (My Videos) : 2/4
    ~ Mes Favoris (My Favorites) : 1/9
    ~ Mes Documents (My Documents) : 2/22933
    ~ Mon Bureau (My Desktop) : 2/6935
    ~ Menu demarrer (Programs) : 1/33
    ~ Hidden Files: Scanned in 00mn 22s

    —\ Processus lancés
    [MD5.90DC23D940551DB35367FB1E40575B25] – (.Microsoft Corporation – Antimalware Service Executable.) — C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe [11736] [PID.976]
    [MD5.CF7B0E597C1F34E528285495721DEEE9] – (.Google Inc. – Google Crash Handler.) — C:Program FilesGoogleUpdate1.3.21.165GoogleCrashHandler.exe [237960] [PID.144]
    [MD5.B9F4E7FC374ED524A7564124B20F8C99] – (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe [33624064] [PID.1580]
    [MD5.F8D427DAE2984A4968E2D1CB53634784] – (.Nuance Communications, Inc. – OCR Aware.) — C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe [79400] [PID.1704]
    [MD5.5BA8A7DA5D0573F7923E02B260AAD2F1] – (.Logitech Inc. – LVCom Server.) — C:WINDOWSsystem32LVCOMSX.exe [221184] [PID.1716]
    [MD5.2D3BCCA5C7CA55FEDD60E3336D3A92AF] – (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe [217088] [PID.1760]
    [MD5.BE7B7CA2067F597AFFBC4A557167681E] – (.Dassault Systèmes SolidWorks Corp. – sldIM.) — C:Program FilesFichiers communsGestionnaire d’installation SolidWorksSchedulersldIMScheduler.exe [7218472] [PID.1776]
    [MD5.640609646D2E6F805E89238F0ADD3A1A] – (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program FilesBrowny02BrotherBrStMonW.exe [2621440] [PID.1800]
    [MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] – (.Brother Industries, Ltd. – Control Center 3 Main Program.) — C:Program FilesBrotherControlCenter3brccMCtl.exe [872448] [PID.1812]
    [MD5.F773D2886EDF879860F220EB59C4552B] – (.Pas de propriétaire – DivX Update.) — C:Program FilesDivXDivX UpdateDivXUpdate.exe [1263512] [PID.1904]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.1916]
    [MD5.7771618E69C8CC7AE91830F6F0B9D356] – (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe [1015808] [PID.2016]
    [MD5.9B385494F9FEC11696435F0466186A70] – (.Dassault Systèmes SolidWorks Corp. – swBOEngine.) — C:Program FilesSolidWorks CorpSolidWorksswSchedulerswBOEngine.exe [841000] [PID.1980]
    [MD5.1B11C113DC4383C6C07A45BFFBDC7D63] – (.Logitech Inc. – QuickCam Framework Server.) — C:Program FilesLogitechVideoFxSvr2.exe [192512] [PID.956]
    [MD5.EA7E57F87D6FEE5FD6C5F813C04E8CD2] – (.Brother Industries, Ltd. – BrYNCSvc.) — C:Program FilesBrowny02BrYNSvc.exe [245760] [PID.2584]
    [MD5.DBA0C529D62F6E2F59C6F4367A0A5543] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8256512] [PID.3472]
    ~ Processes Running: Scanned in 00mn 03s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
    ~ Google Browser: 16 Legitimates Filtered in 00mn 18s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultprefs.js
    M2 – MFEP: prefs.js [Admin – kutfpq8i.defaultjid1-FCM5fDwCW5M3AQ@jetpack] [] Smart Display v1.2 (..) =>Spyware.SmartDisplay
    P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsNPSibelius.dll
    P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsScorchAxPlugin.dll
    P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsScorchPDFWrapper.dll
    P2 – FPN: [HKLM] [@Sibelius.com/Scorch Plugin,version=6.2.0.88] – (…) — C:Program FilesSibelius SoftwareScorchnpsibelius.dll
    ~ Firefox Browser: 29 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [AllUsers]: HD ADeck.lnk . (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    O4 – GSProgram [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Admin]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe
    ~ Global Startup: 15 Legitimates Filtered in 00mn 01s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSProgram [Admin]: Moteur du Planificateur de tâches SolidWorks.lnk . (.Dassault Systèmes SolidWorks Corp. – swBOEngine.) — C:Program FilesSolidWorks CorpSolidWorksswSchedulerswBOEngine.exe
    O4 – HKLM..Run: [HDAudDeck] . (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    O4 – HKLM..Run: [NeroFilterCheck] . (.Ahead Software Gmbh – NeroCheck.) — C:WINDOWSsystem32NeroCheck.exe
    O4 – HKLM..Run: [CanonSolutionMenu] . (.CANON INC. – CNSLMAIN.) — C:Program FilesCanonSolutionMenuCNSLMAIN.exe
    O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
    O4 – HKLM..Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. – SSBkgdUpdate.) — C:Program FilesFichiers communsScansoft SharedSSBkgdUpdateSSBkgdupdate.exe
    O4 – HKLM..Run: [OpwareSE4] . (.Nuance Communications, Inc. – OCR Aware.) — C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe =>.ScanSoft, Inc
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [LVCOMSX] . (.Logitech Inc. – LVCom Server.) — C:WINDOWSsystem32LVCOMSX.exe
    O4 – HKLM..Run: [LogitechVideoRepair] . (.Logitech Inc. – Logitech QuickCam Startup Application.) — C:Program FilesLogitechVideoISStart.exe
    O4 – HKLM..Run: [LogitechVideoTray] . (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe
    O4 – HKLM..Run: [SolidWorks_CheckForUpdates] . (.Dassault Systèmes SolidWorks Corp. – sldIM.) — C:Program FilesFichiers communsGestionnaire d’installation SolidWorksSchedulersldIMScheduler.exe
    O4 – HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.exe (.not file.)
    O4 – HKLM..Run: [ControlCenter3] . (.Brother Industries, Ltd. – ControlCenter Program.) — C:Program FilesBrotherControlCenter3brctrcen.exe
    O4 – HKLM..Run: [BrStsMon00] . (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program FilesBrowny02BrotherBrStMonW.exe
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — C:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [DivXMediaServer] . (.Pas de propriétaire – DivX DLNA Media Server.) — C:Program FilesDivXDivX Media ServerDivXMediaServer.exe
    O4 – HKLM..Run: [DivXUpdate] . (.Pas de propriétaire – DivX Update.) — C:Program FilesDivXDivX UpdateDivXUpdate.exe
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKCU..Run: [IE Privacy Keeper] . (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe
    O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
    O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:Documents and SettingsAdminLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe
    O4 – HKCU..Run: [NBJ] . (.Ahead Software AG – Nero BackItUp Scheduler Application.) — C:Program FilesAheadNero BackItUpNBJ.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-18..Run: [DWQueuedReporting] . (.Microsoft Corporation – Watson Subscriber for SENS Network Notifica.) — C:Program FilesFichiers communsMicrosoft SharedDWDWTRIG20.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [IE Privacy Keeper] . (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:Documents and SettingsAdminLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [NBJ] . (.Ahead Software AG – Nero BackItUp Scheduler Application.) — C:Program FilesAheadNero BackItUpNBJ.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe =>.Google Inc
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311094778015” onclick=”window.open(this.href);return false;
    O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1376062795750” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: OpenSong Version 1.6 – (…) [HKLM] — OpenSong_is1
    O42 – Logiciel: Video Converter Packages – (…) [HKCU] — Video Converter Packages
    O42 – Logiciel: Video Converter Packages 42 – (…) [HKCU] — Video Converter Packages 42
    O42 – Logiciel: e-Sword – (.Rick Meyers.) [HKLM] — {9B98010C-A6E2-40D4-A69D-7EA024EAEC79}
    ~ Logic: 33 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareIncrediMail]
    [HKCUSoftwareSenvid]
    [HKLMSoftwareSenvid]
    ~ Key Software: 302 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 29/07/2011 – 22:19:15 – [50,202] —-D C:Program Filese-Sword
    O43 – CFD: 29/07/2011 – 20:37:05 – [0] —-D C:Program FilesMoNooN
    O43 – CFD: 26/10/2012 – 15:34:08 – [52,188] —-D C:Program FilesOpenSong
    O43 – CFD: 29/07/2011 – 22:09:51 – [1,051] —-D C:Program FilesFichiers communsEzTools
    O43 – CFD: 29/11/2013 – 20:24:11 – [3,316] —-D C:Documents and SettingsAdminApplication DataIM
    O43 – CFD: 26/10/2012 – 15:41:09 – [0,002] —-D C:Documents and SettingsAdminApplication DataOpenSong
    O43 – CFD: 13/07/2013 – 09:56:04 – [1,063] —-D C:Documents and SettingsAdminApplication DataVideo Converter Packages
    O43 – CFD: 29/07/2011 – 21:02:48 – [27,802] —-D C:Documents and SettingsAdminLocal SettingsApplication DataDownloaded Cashe
    ~ Program Folder: 193 Legitimates Filtered in 00mn 33s

  • Plantu
    Participant
    Post count: 11

    Je sais pas si c’est bon niveau mise à jour, elles étaient pourtant en mode auto, mais à 3h du mat, alors que le pc est toujours éteins à cette heure… là j’ai mis télécharger automatiquement et avertir. pour ie j’utilise firefox, faut quand même que je le mette à jour? J’ai refait un zhpdiag pour voir :

    Le rapport est trop gros et ça ne fait rien lorsque je le mets entre [spoiler:2ybjg2gp][/spoiler:2ybjg2gp] ?

  • Anonyme
    Post count: 1400

    re

    J’ai désinstallé McAfee Security Scan Plus v3.8.130.10 , mais je ne trouve pas comment désinstaller les Crack & Keygen ?

    regarde dans ajout/suppression de programme et supprime les de là

    dans le cas contraire, va les chercher dans C:Documents and SettingsAdminMes documentsApplications3GPXilisoft 3gp Video Converter v3.1.5.0430b Winall Cracked-Czw.rar

    et supprime les de là

    @+

  • Plantu
    Participant
    Post count: 11

    Merci pour tes conseils, j’ai fait un peu de vide :

    C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 146 Go) -> 21Go
    E: Hard drive, Flash drive, Thumb drive (Free 12 Go of 152 Go) -> 31Go

    Je pourrai en faire un peu plus après avoir fait du tri.

    J’ai désinstallé McAfee Security Scan Plus v3.8.130.10 , mais je ne trouve pas comment désinstaller les Crack & Keygen ?

  • Anonyme
    Post count: 1400

    re Plantu,

    c’est 1 peu le Vietnam dans ton pc :electriksock:

    ton pc n’est pas a jour et il te manque de l’espace sur les disques dur, il faut +- 15% d’espace libre sur les disques

    tu dois transférer des données sur 1 support externe (disque dur, cle usb)

    C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 146 Go)
    E: Hard drive, Flash drive, Thumb drive (Free 12 Go of 152 Go)

    désinstalle ceci via ajout/suppression de programme du panneau de configuration McAfee Security Scan Plus v3.8.130.10

    je te conseille fortement de désinstaller tout ceci, et de lire ceci sur les dangers des cr@cks

    http://forum.malekal.com/danger-des-cracks-t893.html” onclick=”window.open(this.href);return false;

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft 3gp Video Converter v3.1.5.0430b Winall Cracked-Czw.rar
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWCrackvideoenc.exe-up.txt
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWkeygen.exe
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWx-3gp-video-converter.exe
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft 3gp Video Converter v3.1.5.0430b Winall Cracked-Czw.rar
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWCrackvideoenc.exe-up.txt
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWkeygen.exe
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWx-3gp-video-converter.exe

    quand tu auras réalisé les différentes manipulations, tu devras mettre ton pc a jour via windows update du panneau de configuration

    tu as IE 6 et on est a la version 8 pour XP

    tu as Microsoft Security Client FR-FR Language Pack v2.0.0657.0 et on est a la version 4

    si tu as des questions, n’hésite pas a les posées

    :merci2:

  • Plantu
    Participant
    Post count: 11

    Et voila le dernier rapport ;)

    —\ Navigateurs Internet
    MSIE: Internet Explorer v6.0.2900.5512
    MFIE: Mozilla Firefox 25.0.1 (Defaut)
    GCIE: Google Chrome v31.0.1650.57

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows XP Home Edition Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client FR-FR Language Pack v2.0.0657.0
    McAfee Security Scan Plus v3.8.130.10

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X

    —\ Informations sur le système
    ~ Processor: x86 Family 16 Model 6 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1791 MB (50% free)
    System Restore: Activé (Enable)
    System drive C: has 5 GB (3%) free of 146 GB

    —\ Mode de connexion au système
    ~ Computer Name: ADMIN-732D4ABFF
    ~ User Name: Admin
    ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur, Admin,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and SettingsAdminApplication DataZHP
    ~ %AppData% : C:Documents and SettingsAdminApplication Data
    ~ %Desktop% : C:Documents and SettingsAdminBureau
    ~ %Favorites% : C:Documents and SettingsAdminFavoris
    ~ %LocalAppData% : C:Documents and SettingsAdminLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsAdminMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 146 Go)
    D: CD-ROM drive (Free 0 Go of 0 Go)
    E: Hard drive, Flash drive, Thumb drive (Free 12 Go of 152 Go)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)
    H: Floppy drive, Flash card reader, USB Key (Not Inserted)
    I: Floppy drive, Flash card reader, USB Key (Not Inserted)
    J: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 38 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.ACDDE3874BF2BEDB91B334307C68CA53] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 15:53:59.) — C:WINDOWSsystem32wininet.dll [672768]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 19:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/10227
    ~ Mes musiques (My Musics) : 1/2
    ~ Mes Videos (My Videos) : 2/4
    ~ Mes Favoris (My Favorites) : 1/9
    ~ Mes Documents (My Documents) : 2/22973
    ~ Mon Bureau (My Desktop) : 2/6938
    ~ Menu demarrer (Programs) : 1/33
    ~ Hidden Files: Scanned in 00mn 23s

    —\ Processus lancés
    [MD5.90DC23D940551DB35367FB1E40575B25] – (.Microsoft Corporation – Antimalware Service Executable.) — C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe [11736] [PID.980]
    [MD5.CF7B0E597C1F34E528285495721DEEE9] – (.Google Inc. – Google Crash Handler.) — C:Program FilesGoogleUpdate1.3.21.165GoogleCrashHandler.exe [237960] [PID.288]
    [MD5.B9F4E7FC374ED524A7564124B20F8C99] – (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe [33624064] [PID.1768]
    [MD5.F8D427DAE2984A4968E2D1CB53634784] – (.Nuance Communications, Inc. – OCR Aware.) — C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe [79400] [PID.1860]
    [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe [958576] [PID.1872]
    [MD5.5BA8A7DA5D0573F7923E02B260AAD2F1] – (.Logitech Inc. – LVCom Server.) — C:WINDOWSsystem32LVCOMSX.exe [221184] [PID.1884]
    [MD5.2D3BCCA5C7CA55FEDD60E3336D3A92AF] – (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe [217088] [PID.1708]
    [MD5.BE7B7CA2067F597AFFBC4A557167681E] – (.Dassault Systèmes SolidWorks Corp. – sldIM.) — C:Program FilesFichiers communsGestionnaire d’installation SolidWorksSchedulersldIMScheduler.exe [7218472] [PID.360]
    [MD5.640609646D2E6F805E89238F0ADD3A1A] – (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program FilesBrowny02BrotherBrStMonW.exe [2621440] [PID.508]
    [MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] – (.Brother Industries, Ltd. – Control Center 3 Main Program.) — C:Program FilesBrotherControlCenter3brccMCtl.exe [872448] [PID.540]
    [MD5.F773D2886EDF879860F220EB59C4552B] – (.Pas de propriétaire – DivX Update.) — C:Program FilesDivXDivX UpdateDivXUpdate.exe [1263512] [PID.1188]
    [MD5.7771618E69C8CC7AE91830F6F0B9D356] – (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe [1015808] [PID.1704]
    [MD5.EA7E57F87D6FEE5FD6C5F813C04E8CD2] – (.Brother Industries, Ltd. – BrYNCSvc.) — C:Program FilesBrowny02BrYNSvc.exe [245760] [PID.2072]
    [MD5.D3D4BD94434A9CB4B35E82283EAE8EFB] – (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe [273296] [PID.2408]
    [MD5.9B385494F9FEC11696435F0466186A70] – (.Dassault Systèmes SolidWorks Corp. – swBOEngine.) — C:Program FilesSolidWorks CorpSolidWorksswSchedulerswBOEngine.exe [841000] [PID.2420]
    [MD5.1B11C113DC4383C6C07A45BFFBDC7D63] – (.Logitech Inc. – QuickCam Framework Server.) — C:Program FilesLogitechVideoFxSvr2.exe [192512] [PID.2828]
    [MD5.59588AA5DDCB31B8155D49FE11987A69] – (.Microsoft Corporation – Microsoft Office Word.) — C:Program FilesMicrosoft OfficeOffice12WINWORD.exe [409776] [PID.2992]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [275568] [PID.3912]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.2096]
    [MD5.DBA0C529D62F6E2F59C6F4367A0A5543] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8256512] [PID.2140]
    ~ Processes Running: Scanned in 00mn 04s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
    ~ Google Browser: 16 Legitimates Filtered in 00mn 19s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultprefs.js
    M2 – MFEP: prefs.js [Admin – kutfpq8i.defaultjid1-FCM5fDwCW5M3AQ@jetpack] [] Smart Display v1.2 (..) =>Spyware.SmartDisplay
    P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsNPSibelius.dll
    P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsScorchAxPlugin.dll
    P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsScorchPDFWrapper.dll
    P2 – FPN: [HKLM] [@Sibelius.com/Scorch Plugin,version=6.2.0.88] – (…) — C:Program FilesSibelius SoftwareScorchnpsibelius.dll
    ~ Firefox Browser: 29 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [AllUsers]: HD ADeck.lnk . (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    O4 – GSProgram [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Admin]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe
    ~ Global Startup: 16 Legitimates Filtered in 00mn 01s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSProgram [AllUsers]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe
    O4 – GSProgram [Admin]: Moteur du Planificateur de tâches SolidWorks.lnk . (.Dassault Systèmes SolidWorks Corp. – swBOEngine.) — C:Program FilesSolidWorks CorpSolidWorksswSchedulerswBOEngine.exe
    O4 – HKLM..Run: [HDAudDeck] . (.VIA Technologies, Inc. – HDeck MFC Application.) — C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    O4 – HKLM..Run: [NeroFilterCheck] . (.Ahead Software Gmbh – NeroCheck.) — C:WINDOWSsystem32NeroCheck.exe
    O4 – HKLM..Run: [CanonSolutionMenu] . (.CANON INC. – CNSLMAIN.) — C:Program FilesCanonSolutionMenuCNSLMAIN.exe
    O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
    O4 – HKLM..Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. – SSBkgdUpdate.) — C:Program FilesFichiers communsScansoft SharedSSBkgdUpdateSSBkgdupdate.exe
    O4 – HKLM..Run: [OpwareSE4] . (.Nuance Communications, Inc. – OCR Aware.) — C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe =>.ScanSoft, Inc
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [LVCOMSX] . (.Logitech Inc. – LVCom Server.) — C:WINDOWSsystem32LVCOMSX.exe
    O4 – HKLM..Run: [LogitechVideoRepair] . (.Logitech Inc. – Logitech QuickCam Startup Application.) — C:Program FilesLogitechVideoISStart.exe
    O4 – HKLM..Run: [LogitechVideoTray] . (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe
    O4 – HKLM..Run: [SolidWorks_CheckForUpdates] . (.Dassault Systèmes SolidWorks Corp. – sldIM.) — C:Program FilesFichiers communsGestionnaire d’installation SolidWorksSchedulersldIMScheduler.exe
    O4 – HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.exe (.not file.)
    O4 – HKLM..Run: [ControlCenter3] . (.Brother Industries, Ltd. – ControlCenter Program.) — C:Program FilesBrotherControlCenter3brctrcen.exe
    O4 – HKLM..Run: [BrStsMon00] . (.Brother Industries, Ltd. – Brother Status Monitor Application.) — C:Program FilesBrowny02BrotherBrStMonW.exe
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — C:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [DivXMediaServer] . (.Pas de propriétaire – DivX DLNA Media Server.) — C:Program FilesDivXDivX Media ServerDivXMediaServer.exe
    O4 – HKLM..Run: [DivXUpdate] . (.Pas de propriétaire – DivX Update.) — C:Program FilesDivXDivX UpdateDivXUpdate.exe
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKCU..Run: [IE Privacy Keeper] . (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe
    O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
    O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:Documents and SettingsAdminLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe
    O4 – HKCU..Run: [NBJ] . (.Ahead Software AG – Nero BackItUp Scheduler Application.) — C:Program FilesAheadNero BackItUpNBJ.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-18..Run: [DWQueuedReporting] . (.Microsoft Corporation – Watson Subscriber for SENS Network Notifica.) — C:Program FilesFichiers communsMicrosoft SharedDWDWTRIG20.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [IE Privacy Keeper] . (.UnH Solutions – IE Privacy Keeper.) — C:Program FilesUnH SolutionsIE Privacy KeeperIEPrivacyKeeper.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:Documents and SettingsAdminLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [NBJ] . (.Ahead Software AG – Nero BackItUp Scheduler Application.) — C:Program FilesAheadNero BackItUpNBJ.exe
    O4 – HKUSS-1-5-21-1957994488-796845957-682003330-1004..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe =>.Google Inc
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311094778015” onclick=”window.open(this.href);return false;
    O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1376062795750” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{AD6314AB-591A-4471-80A1-EDA3243FEC35}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsAdminLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: OpenSong Version 1.6 – (…) [HKLM] — OpenSong_is1
    O42 – Logiciel: Update for Video Converter – (…) [HKCU] — DSite =>Hijacker.DSite
    O42 – Logiciel: Video Converter Packages – (…) [HKCU] — Video Converter Packages
    O42 – Logiciel: Video Converter Packages 42 – (…) [HKCU] — Video Converter Packages 42
    O42 – Logiciel: e-Sword – (.Rick Meyers.) [HKLM] — {9B98010C-A6E2-40D4-A69D-7EA024EAEC79}
    ~ Logic: 28 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareIncrediMail]
    [HKCUSoftwareSenvid]
    [HKLMSoftwareSenvid]
    ~ Key Software: 293 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 29/07/2011 – 22:19:15 – [50,202] —-D C:Program Filese-Sword
    O43 – CFD: 29/07/2011 – 20:37:05 – [0] —-D C:Program FilesMoNooN
    O43 – CFD: 26/10/2012 – 15:34:08 – [52,188] —-D C:Program FilesOpenSong
    O43 – CFD: 29/07/2011 – 22:09:51 – [1,051] —-D C:Program FilesFichiers communsEzTools
    O43 – CFD: 29/11/2013 – 17:29:00 – [3,316] —-D C:Documents and SettingsAdminApplication DataIM
    O43 – CFD: 26/10/2012 – 15:41:09 – [0,002] —-D C:Documents and SettingsAdminApplication DataOpenSong
    O43 – CFD: 13/07/2013 – 09:56:04 – [1,063] —-D C:Documents and SettingsAdminApplication DataVideo Converter Packages
    O43 – CFD: 29/07/2011 – 21:02:48 – [27,802] —-D C:Documents and SettingsAdminLocal SettingsApplication DataDownloaded Cashe
    ~ Program Folder: 195 Legitimates Filtered in 00mn 32s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.DCCE102BCC91AAAA9F8804BB2CCF5D9A] – 14/11/2013 – 19:17:35 —A- . (…) — C:WINDOWSimsins.BAK [1393]
    O44 – LFC:[MD5.EAE4CD03002391CB4810E05F463BD826] – 14/11/2013 – 19:17:52 —A- . (…) — C:WINDOWSFaxSetup.log [1193042]
    O44 – LFC:[MD5.B15449A38EA05CD8D8F7CCA9EA20EA4D] – 14/11/2013 – 19:17:52 —A- . (…) — C:WINDOWSmsgsocm.log [60060]
    O44 – LFC:[MD5.764626D9637CEEF86DDC0AA50F1270B7] – 14/11/2013 – 19:17:52 —A- . (…) — C:WINDOWSupdspapi.log [67461]
    O44 – LFC:[MD5.5E6CD2A2A4C35A9AD806A506A6F6FE70] – 14/11/2013 – 19:17:53 —A- . (…) — C:WINDOWScomsetup.log [408239]
    O44 – LFC:[MD5.07E5313D147D0B555773E5C1619CFD05] – 14/11/2013 – 19:17:53 —A- . (…) — C:WINDOWSiis6.log [189036]
    O44 – LFC:[MD5.95B31BF9B35A67DDCBB9E29190273D4D] – 14/11/2013 – 19:17:53 —A- . (…) — C:WINDOWSimsins.log [1393]
    O44 – LFC:[MD5.BC6179C754153342CBFF320A74985469] – 14/11/2013 – 19:17:53 —A- . (…) — C:WINDOWSntdtcsetup.log [245529]
    O44 – LFC:[MD5.8EA97B59C2667593137687544D39F454] – 14/11/2013 – 19:17:53 —A- . (…) — C:WINDOWSocgen.log [582426]
    O44 – LFC:[MD5.D8A9A31F76C2ADFA0B4108CE8F480D81] – 14/11/2013 – 19:17:53 —A- . (…) — C:WINDOWSocmsn.log [66334]
    O44 – LFC:[MD5.B0DF995FDCDF2AC5E5A517CC55673FB0] – 14/11/2013 – 19:17:53 —A- . (…) — C:WINDOWStsoc.log [461125]
    O44 – LFC:[MD5.493827604C937BEA5DDACF32F180530E] – 29/11/2013 – 17:28:40 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.8783201868204622F17FB3E8D370268A] – 29/11/2013 – 17:29:33 —A- . (…) — C:WINDOWSwiadebug.log [259]
    ~ Files: 28 Legitimates Filtered in 00mn 26s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.A1D82DE9E432B9188613A334F864F6F6] – 29/11/2013 – 17:29:49 —A- – C:WINDOWSPrefetchSWBOENGINE.EXE-10F36AB3.pf
    ~ Prefetcher: 29 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “C:Documents and SettingsAdminLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe” [Enabled] .(.Google.) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe
    O47 – AAKE:Key Export SP – “C:WINDOWSsystem32dmwu.exe” [Enabled] .(…) — C:WINDOWSsystem32dmwu.exe (.not file.)
    ~ Keys Export: 16 Legitimates Filtered in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{06be4ba8-b267-11e0-b9f2-806d6172696f}AutoRuncommand. (…) — D:ASRSetup.exe (.not file.)
    O51 – MPSK:{254a098a-b296-11e0-9a07-00252286c5e5}AutoRuncommand. (…) — O:start.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.85ECE26F326C2D07BA77A60343468272] – 30/12/2010 – 14:19:40 —A- . (.Wondershare – Wondershare Virtual Audio Device.) — C:WINDOWSsystem32DriversApowersoft_AudioDevice.sys [16640]
    O58 – SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] – 14/04/2008 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
    O58 – SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] – 14/04/2008 – 13:00:00 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
    O58 – SDL:[MD5.E7AC7B1E8AE57C3D55C661187CEEBF11] – 08/10/2004 – 12:58:32 R–A- . (…) — C:WINDOWSsystem32Driverslvcm.sys [585824]
    O58 – SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] – 14/04/2008 – 13:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
    O58 – SDL:[MD5.58C938BDD89281DC1A64B1DCE675FCE4] – 17/08/2004 – 04:44:22 —A- . (.VM – Video streaming and Capture Device Driver.) — C:WINDOWSsystem32DriversusbVM31b.sys [91263]
    O58 – SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] – 14/04/2008 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
    O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
    O58 – SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
    O58 – SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
    O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
    O58 – SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
    O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
    O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
    O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
    O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
    O58 – SDL:[MD5.CAAA108FD7BF71989946B39704323455] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
    O58 – SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
    O58 – SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
    O58 – SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
    O58 – SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
    ~ Drivers: 5 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 26/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00769.txt [6842]
    O61 – LFC: 26/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00770.txt [6842]
    O61 – LFC: 26/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-26_32.json [15801]
    O61 – LFC: 26/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultdownloads.sqlite [196608]
    O61 – LFC: 26/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultGPUCachedata_2 [1056768]
    O61 – LFC: 27/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00771.txt [6846]
    O61 – LFC: 27/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-27_32.json [15801]
    O61 – LFC: 27/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcontent-prefs.sqlite [229376]
    O61 – LFC: 28/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00772.txt [6844]
    O61 – LFC: 28/11/2013 – 17:45:39 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultaddons.json [8695]
    O61 – LFC: 28/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-28_32.json [15801]
    O61 – LFC: 28/11/2013 – 17:45:41 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultindexedDBchromeidb2107386035db8d2l2a2n6r9e8t-n1i9.sqlite [524288]
    O61 – LFC: 28/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultindexedDBchromeidb3283997206db8d2c2n2y6s9a8m-o1c9.sqlite [524288]
    O61 – LFC: 28/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLast Tabs [70402]
    O61 – LFC: 28/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension Settingsldikpdnngdmeceeameoaannjilbjppnm00823.ldb [461271]
    O61 – LFC: 29/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00773.txt [6840]
    O61 – LFC: 29/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00774.txt [6840]
    O61 – LFC: 29/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00775.txt [6840]
    O61 – LFC: 29/11/2013 – 17:45:33 —A- . (…) — C:Documents and SettingsAdminApplication DataIMsldIMSchedulerLog_20090-40000-1100_00776.txt [6840]
    O61 – LFC: 29/11/2013 – 17:45:39 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultblocklist.xml [86992]
    O61 – LFC: 29/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultbookmarkbackupsbookmarks-2013-11-29_32.json [15801]
    O61 – LFC: 29/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcert8.db [196608]
    O61 – LFC: 29/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcookies.sqlite [524288]
    O61 – LFC: 29/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcookies.sqlite-shm [32768]
    O61 – LFC: 29/11/2013 – 17:45:40 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultcookies.sqlite-wal [590288]
    O61 – LFC: 29/11/2013 – 17:45:41 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultextensions.sqlite [524288]
    O61 – LFC: 29/11/2013 – 17:45:41 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultformhistory.sqlite [196608]
    O61 – LFC: 29/11/2013 – 17:45:41 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaulthealthreport.sqlite-shm [32768]
    O61 – LFC: 29/11/2013 – 17:45:41 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaulthealthreport.sqlite-wal [131200]
    O61 – LFC: 29/11/2013 – 17:45:42


    . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultprefs.js [22045]
    O61 – LFC: 29/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultkey3.db [16384]
    O61 – LFC: 29/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultlocalstore.rdf [7073]
    O61 – LFC: 29/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultpermissions.sqlite [65536]
    O61 – LFC: 29/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultplaces.sqlite [20971520]
    O61 – LFC: 29/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultplaces.sqlite-shm [32768]
    O61 – LFC: 29/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultplaces.sqlite-wal [229576]
    O61 – LFC: 29/11/2013 – 17:45:42 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultpluginreg.dat [10830]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultsessionstore.bak [16807]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultsessionstore.js [106544]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultsignons.sqlite [327680]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaulturlclassifierkey3.txt [154]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultwebappswebapps.json [2]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultwebappsstore.sqlite [262144]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultwebappsstore.sqlite-shm [32768]
    O61 – LFC: 29/11/2013 – 17:45:43 —A- . (…) — C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultwebappsstore.sqlite-wal [0]
    O61 – LFC: 29/11/2013 – 17:45:44 —A- . (…) — C:Documents and SettingsAdminApplication DataUnH SolutionsIE Privacy Keepersettings.iepk [3860]
    O61 – LFC: 29/11/2013 – 17:45:47 —A- . (…) — C:Documents and SettingsAdminApplication DataZHPLog.txt [18391] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 17:45:47 —A- . (…) — C:Documents and SettingsAdminApplication DataZHPTestsZHPDiag.txt [3257] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 17:47:10 —A- . (…) — C:Documents and SettingsAdminBureauZHPDiag.lnk [1523] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 17:47:10 —A- . (…) — C:Documents and SettingsAdminBureauZHPFix.lnk [1628] =>.Nicolas Coolman
    O61 – LFC: 29/11/2013 – 17:47:10 —A- . (…) — C:Documents and SettingsAdminBureausos virus.docx [15402]
    O61 – LFC: 29/11/2013 – 17:47:10 –HA- . (…) — C:Documents and SettingsAdminBureau~$s virus.docx [162]
    O61 – LFC: 29/11/2013 – 17:47:15 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataCertificate Revocation Lists [269208]
    O61 – LFC: 29/11/2013 – 17:47:15 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultArchived History [3616768]
    O61 – LFC: 29/11/2013 – 17:47:15 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultArchived History-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:15 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies [1097728]
    O61 – LFC: 29/11/2013 – 17:47:15 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCurrent Session [650498]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultCurrent Tabs [692363]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension RulesCURRENT [16]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension RulesLOG [148]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension RulesLOG.old [148]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension State02621.ldb [393]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension State02623.ldb [68552]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateCURRENT [16]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateLOG [276]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateLOG.old [789]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtension StateMANIFEST-002622 [723]
    O61 – LFC: 29/11/2013 – 17:47:16 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultdatabaseschrome-extension_ldikpdnngdmeceeameoaannjilbjppnm_04 [379904]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultFavicons [3112960]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultFavicons-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultGPUCachedata_0 [45056]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultGPUCachedata_1 [270336]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultHistory [4874240]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultHistory Provider Cache [431066]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultHistory-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLast Session [484545]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension Settingsldikpdnngdmeceeameoaannjilbjppnm00828.ldb [174]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmCURRENT [16]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmLOG [269]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmLOG.old [267]
    O61 – LFC: 29/11/2013 – 17:47:20 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Extension SettingsldikpdnngdmeceeameoaannjilbjppnmMANIFEST-000827 [175]
    O61 – LFC: 29/11/2013 – 17:47:24 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_static.live-lyrics.com_0.localstorage [2843648] =>Adware.AddLyrics
    O61 – LFC: 29/11/2013 – 17:47:24 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_static.live-lyrics.com_0.localstorage-journal [16384] =>Adware.AddLyrics
    O61 – LFC: 29/11/2013 – 17:47:27 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_www.superfish.com_0.localstorage [5120]
    O61 – LFC: 29/11/2013 – 17:47:27 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehttp_www.superfish.com_0.localstorage-journal [5672]
    O61 – LFC: 29/11/2013 – 17:47:30 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultNetwork Action Predictor [621568]
    O61 – LFC: 29/11/2013 – 17:47:30 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultNetwork Action Predictor-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultQuotaManager [13312]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultQuotaManager-journal [6704]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession Storage04673.ldb [147]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession Storage04675.ldb [188204]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageCURRENT [16]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageLOG [277]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageLOG.old [790]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultSession StorageMANIFEST-004674 [166]
    O61 – LFC: 29/11/2013 – 17:47:32 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences [212673]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultShortcuts [339968]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultShortcuts-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultTop Sites [606208]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultTop Sites-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultTransportSecurity [5729]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultVisited Links [524192]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultWeb Data [120832]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultWeb Data-journal [16384]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataLocal State [46685]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Bloom [7763668]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Bloom Prefix Set [1386790]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Cookies [6144]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Cookies-journal [4640]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Csd Whitelist [135388]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Download [1210948]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Download Whitelist [19504]
    O61 – LFC: 29/11/2013 – 17:47:33 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Extension Blacklist [6852]
    O61 – LFC: 29/11/2013 – 17:47:47 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMozillaFirefoxProfileskutfpq8i.default_CACHE_CLEAN_ [1]
    O61 – LFC: 29/11/2013 – 17:47:47 —A- . (…) — C:Documents and SettingsAdminLocal SettingsApplication DataMozillaFirefoxProfileskutfpq8i.defaultstartupCachestartupCache.4.little [1236493]
    O61 – LFC: 29/11/2013 – 17:49:12 —A- . (…) — C:Documents and SettingsAdminMes documentsDownloadsNetoyage PCadwcleaner (1).exe [1091882]
    O61 – LFC: 29/11/2013 – 17:49:12 —A- . (…) — C:Documents and SettingsAdminMes documentsDownloadsNetoyage PCdelfix.exe [707006]
    O61 – LFC: 29/11/2013 – 17:49:12 —A- . (…) — C:Documents and SettingsAdminMes documentsDownloadsNetoyage PCmbam-log-2013-11-29 (16-19-27).txt [13852]
    O61 – LFC: 29/11/2013 – 17:49:31 -SHA- . (…) — C:Documents and SettingsAdminMes documentsDownloadsThumbs.db [365056]
    O61 – LFC: 29/11/2013 – 17:53:27 -SHA- . (…) — C:Documents and SettingsAdminMes documentsTéléchargementsThumbs.db [231424]
    O61 – LFC: 29/11/2013 – 17:53:31 —A- . (…) — C:Documents and SettingsAdminRecentsos virus.lnk [488]
    ~ 2 Fichiers temporaires (Temporary files)
    ~ 2 Fichiers cookies (Cookies files)
    ~ Files: 222 Legitimates Filtered in 08mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft 3gp Video Converter v3.1.5.0430b Winall Cracked-Czw.rar
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWCrackvideoenc.exe-up.txt
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWkeygen.exe
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWx-3gp-video-converter.exe
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft 3gp Video Converter v3.1.5.0430b Winall Cracked-Czw.rar
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWCrackvideoenc.exe-up.txt
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWkeygen.exe
    C:Documents and SettingsAdminMes documentsApplications3GPXilisoft.3GP.Video.Converter.v3.1.5.0430b.WinALL.Cracked-CzWx-3gp-video-converter.exe
    ~ Files: Scanned in 00mn 55s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “0CC62614458A2044DA607D3959512C28” . (.Sibelius Scorch (Firefox, Opera, Netscape, Chrome only).) — C:WINDOWSInstaller{41626CC0-A854-4402-AD06-D7939515C282}ARPPRODUCTICON.exe
    O90 – PUC: “394E2E69484C3E34B9596DE27E4DD0A3” . (.Toolbar 4.7 by SweetPacks.) — C:WINDOWSInstaller{96E2E493-C484-43E3-9B95-D62EE7D40D3A}ARPPRODUCTICON.exe =>PUP.SweetIM
    O90 – PUC: “452B63F044BF958498713877F821A0C7” . (.Boxore Client.) — C:WINDOWSInstaller{0F36B254-FB44-4859-8917-83778F120A7C}boxore.ico =>Adware.Boxore
    O90 – PUC: “C01089B92E6A4D046AD9E70A42AECE97” . (.e-Sword.) — C:WINDOWSInstaller{9B98010C-A6E2-40D4-A69D-7EA024EAEC79}ARPPRODUCTICON.exe
    ~ Update Products: 75 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.4C42A805251908FC8D3DBB341AD1C6ED] [WIS][02/08/2013] (.Boxore OU – Boxore Client Installer.) — C:WindowsInstaller18fbfc.msi [474624] =>Adware.Boxore
    [MD5.E1E7D2CD47BE8EB890C7DD17997388E8] [WIS][29/07/2011] (.BibleStudyPro.com – Bible Study Pro.) — C:WindowsInstaller192c311.msi [914944]
    [MD5.4808135346AB22C3DC2862A1A94476DD] [WIS][29/07/2011] (.Rick Meyers – e-Sword.) — C:WindowsInstaller1cffac2.msi [2745856]
    ~ WIS: 77 Legitimates Filtered in 00mn 09s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 21/07/2011 72704 | (Adobe LM Service) . (.Adobe Systems.) – C:Program FilesFichiers communsAdobe Systems SharedServiceAdobelmsvc.exe
    SS – | Demand 01/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 09/09/2008 79144 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) – C:Program FilesSolidWorks CorpSolidWorksswSchedulerDTSCoordinatorService.exe
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Auto 10/11/2012 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 10/11/2012 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 14/11/2011 311928 | (maconfservice) . (.CybelSoft.) – C:Program Filesma-config.commaconfservice.exe
    SS – | Demand 06/09/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.130McCHSvc.exe
    SS – | Demand 16/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 14/04/2009 163908 | (NVSvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvsvc32.exe
    SS – | Demand 07/01/2012 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) – C:Program FilesFichiers communsSolidWorks SharedServiceSolidWorksLicensing.exe

    SR – | Demand 25/01/2010 245760 | (BrYNSvc) . (.Brother Industries, Ltd..) – C:Program FilesBrowny02BrYNSvc.exe
    SR – | Auto 11/11/2010 11736 | (MsMpSvc) . (.Microsoft Corporation.) – C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

    ~ Services: Scanned in 00mn 11s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Admin at 29/11/2013 17:54:49

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
    C:WINDOWSsystem32driversnvgts.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
    1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceHarddisk0DR0[0x89B688C8]
    kernel: MBR read successfully
    user & kernel MBR OK

    ~ MBR: 14 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Admin at 29/11/2013 17:54:51

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13001 – (28/11/2013)
    Clés trouvées (Keys found) : 5
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 2
    Fichiers trouvés (Files found) : 1

    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallDSite] =>Hijacker.DSite^
    [HKLMSoftwareClassesCLSID{1a03f196-9617-4ca0-842b-a83ceecb022b}] =>PUP.SweetIM
    [HKLMSoftwareClassesInstallerFeatures394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
    [HKLMSoftwareClassesInstallerProducts394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
    C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultextensionsjid1-FCM5fDwCW5M3AQ@jetpack =>Spyware.SmartDisplay^
    C:Documents and SettingsAdminLocal SettingsApplication DataSoftware =>Adware.Boxore
    C:WindowsInstaller18fbfc.msi =>Adware.Boxore^
    ~ Additionnel Scan: 267684 Items scanned in 00mn 14s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay” onclick=”window.open(this.href);return false; =>Spyware.SmartDisplay
    ~ http://nicolascoolman.webs.com/apps/blog/show/35170315-hijacker-dsite” onclick=”window.open(this.href);return false; =>Hijacker.DSite
    ~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ MSI: 5 link(s) detected in 00mn 14s

    ~ 1193 Legitimates filtered by white list
    End of the scan (660 lines in 11mn 36s)(8)

  • Anonyme
    Post count: 1400

    re Plantu

    Ah oui je comprends, il y a un ti manque dans la procédure alors :p

    Il faudrait ajouter
    • Clique droit, tout cocher.
    entre
    • Cliquez sur OK puis “Afficher les résultats”.
    et
    • Choisissez l’option “Supprimer la sélection”.

    tu peux aussi le faire en manuel et choisir ce que tu veux où ne veux pas supprimer (ceci dit , en général on supprime tout)

    fais ceci et poste le rapport s’il te plaît

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

  • Plantu
    Participant
    Post count: 11

    Ah oui je comprends, il y a un ti manque dans la procédure alors :p

    Il faudrait ajouter
    • Clique droit, tout cocher.
    entre
    • Cliquez sur OK puis “Afficher les résultats”.
    et
    • Choisissez l’option “Supprimer la sélection”.

    Et c’est moi qui te remercie ;)

    voila donc ce que ça donne :

    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.11.29.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Admin :: ADMIN-732D4ABFF [administrateur]

    29/11/2013 17:16:04
    mbam-log-2013-11-29 (17-16-04).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 215632
    Temps écoulé: 8 minute(s), 36 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 18
    C:Documents and SettingsAdminMes documentsDownloadsWindows Live Movie Maker (1).exe (PUP.Optional.Solimba) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadsopenoffice.exe (PUP.Optional.MSILLoader.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadsiLividSetup.exe (PUP.Optional.Bandoo) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (10).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (11).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (12).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (2).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (3).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (4).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (5).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (6).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (7).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (8).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsAdminMes documentsDownloadssetup (9).exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5W3ANI1KRwajam_update[1].exe (PUP.Optional.Wajam.A) -> Mis en quarantaine et supprimé avec succès.
    C:WINDOWSInstaller1ae3ee8.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
    C:WINDOWSInstaller1ae3eef.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
    C:WINDOWSInstaller1ae3ef6.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.

    (fin)

  • Anonyme
    Post count: 1400

    re Plantu,

    pour adwcleaner, c’est bon ^^’

    pour MBAM, quand le scan est terminé, tu dois cliquer sur “afficher les résultats” puis faire 1 clic droit et choisir “tout cocher”

    quand c’est fait, tu cliques sur “supprimer” la sélection

    ensuite tu postes le rapport

    :merci2:

  • Plantu
    Participant
    Post count: 11

    Bonjour billmaxime, je ne suis pas sur de comprendre ce que j’ai mal fait / dois faire?

    J’ai fait

    • Cliquez sur OK puis “Afficher les résultats”.
    • Choisissez l’option “Supprimer la sélection”.

    Donc forcément cela décoche tout?

  • Plantu
    Participant
    Post count: 11

    Rapport Adwcleaner

    # AdwCleaner v3.013 – Rapport créé le 29/11/2013 à 16:53:13
    # Mis à jour le 24/11/2013 par Xplode
    # Système d’exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d’utilisateur : Admin – ADMIN-732D4ABFF
    # Exécuté depuis : C:Documents and SettingsAdminMes documentsDownloadsNetoyage PCadwcleaner (1).exe
    # Option : Nettoyer

    ***** [ Services ] *****

    [#] Service Supprimé : Software_update
    [#] Service Supprimé : Software_update_m

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Program FilesPlus-HD-3.5
    Dossier Supprimé : C:WINDOWSInstaller{0F36B254-FB44-4859-8917-83778F120A7C}
    Dossier Supprimé : C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultExtensionsd8222698-19e5-4827-b79e-0a077ea8eb7a@7b662f6d-3899-41e4-8864-6393447568da.com
    [!] Dossier Supprimé : C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsldikpdnngdmeceeameoaannjilbjppnm
    [!] Dossier Supprimé : C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsldikpdnngdmeceeameoaannjilbjppnm
    Fichier Supprimé : C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultExtensionsjid1-FCM5fDwCW5M3AQ@jetpack.xpi
    Fichier Supprimé : C:Documents and SettingsAdminMenu DémarrerProgrammesQtrax Player.lnk
    Fichier Supprimé : C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultinvalidprefs.js
    Fichier Supprimé : C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehxxp_www.wajam.com_0.localstorage
    Fichier Supprimé : C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultLocal Storagehxxp_www.wajam.com_0.localstorage-journal
    Fichier Supprimé : C:WINDOWSTasksPlus-HD-3.5-chromeinstaller.job
    Fichier Supprimé : C:WINDOWSTasksPlus-HD-3.5-codedownloader.job
    Fichier Supprimé : C:WINDOWSTasksPlus-HD-3.5-enabler.job
    Fichier Supprimé : C:WINDOWSTasksPlus-HD-3.5-firefoxinstaller.job
    Fichier Supprimé : C:WINDOWSTasksPlus-HD-3.5-updater.job

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKCUSoftwareClassesApplicationslollipop.exe
    Clé Supprimée : HKLMSOFTWAREMozillaPlugins@tools.Software.com/Software Update;version=3
    Clé Supprimée : HKLMSOFTWAREMozillaPlugins@tools.Software.com/Software Update;version=9
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{1A03F196-9617-4CA0-842B-A83CEECB022B}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{BB975E58-E769-4E5A-BA12-B765BC559FF3}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{F511AFDB-726E-4458-90E7-1ECB97406544}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{22222222-2222-2222-2222-220322712280}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{55555555-5555-5555-5555-550355715580}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66666666-6666-6666-6666-660366716680}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{44444444-4444-4444-4444-440344714480}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{1bdb145b-767c-46ef-941c-c920e7c10d97}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{210f6656-f108-4c6e-9b17-d30292af0b4b}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{4d0b703c-96be-4d48-87c9-5dbe0ce22cc2}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{77bad8f6-cade-49ac-b581-cdd61358730e}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{8b7e0055-ff19-49da-90fd-d6657811cb04}
    Valeur Supprimée : HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList [C:Program FilesSweetIMCommunicatorSweetPacksUpdateManager.exe]
    Valeur Supprimée : HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList [C:WINDOWSsystem32ARFCwrtc.exe]
    Clé Supprimée : HKCUSoftwaredsiteproducts
    Clé Supprimée : HKCUSoftwarePlus-HD-3.5
    Clé Supprimée : HKLMSoftwarePlus-HD-3.5
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{0F36B254-FB44-4859-8917-83778F120A7C}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallPlus-HD-3.5
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache{0F36B254-FB44-4859-8917-83778F120A7C}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCachePlus-HD-3.5
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFF2AEFF45EEA0A48A4B33C1973B6094
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components305B09CE8C53A214DB58887F62F25536
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v6.0.2900.5512

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Page_URL]

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:Documents and SettingsAdminApplication DataMozillaFirefoxProfileskutfpq8i.defaultprefs.js ]

    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.InstallationThankYouPage”, false);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.InstallationTime”, 1375455748);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.active”, true);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.addressbar”, “NA”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.addressbarenhanced”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.asyncdb_dbWasSet”, true);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.asyncdb_dbWasSet_FF25_FIX”, true);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.asyncinternaldb_dbWasSet”, true);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.asyncinternaldb_dbWasSet_FF25_FIX”, true);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.backgroundver”, 1);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.certdomaininstaller”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.changeprevious”, false);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.cookie.InstallationTime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.cookie.InstallationTime.value”, “1375455748”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.cookie.NoNeedForUpdate.expiration”, “Sat Nov 30 2013 05:23:50 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.cookie.NoNeedForUpdate.value”, “1”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.cookie.iframe-exists.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.cookie.iframe-exists.value”, “true”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.description”, “Turn YouTube videos to High Definition by default”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.domain”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.enablesearch”, false);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.homepage”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.iframe”, false);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.InstallerIdentifiers.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.InstallerIdentifiers.value”, “%7B%22installer_bic%22%3A%22852F18AD2EF8440AB9355146C54DA[…]
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_appVer.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_appVer.value”, “81”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_lastVersion.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_lastVersion.value”, “1”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_meta.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_meta.value”, “%7B%7D”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_nextCheck.expiration”, “Thu Nov 28 2013 23:23:35 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_nextCheck.value”, “true”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_queue.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_queue.value”, “%7B%7D”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_remote_resources.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.Resources_remote_resources.value”, “%7B%22remoteId%22%3A0%7D”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb._country_code_.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb._country_code_.value”, “%22FR%22”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.installer.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.internaldb.installer.value”, “%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22852F18AD[…]
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.lastDailyReport”, “1385655815673”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.lastUpdate”, “1385655810637”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.manifesturl”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.name”, “Plus-HD-3.5”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.newtab”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.opensearch”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.pluginsurl”, “hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/37180/plugins/093/ff/plugins.json”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.pluginsversion”, 70);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.publisher”, “Plus HD”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.searchstatus”, 0);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.setnewtab”, false);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.thankyou”, “”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.updateinterval”, 360);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.37180.ver”, 81);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.apps”, “37180”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.bic”, “1403f8d1fa05b924e904b8db53613745”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.cid”, 37180);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.firstrun”, false);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.hadappinstalled”, true);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.installationdate”, 1375455748);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.lastcheck”, 22974783);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.lastcheckitem”, 22974790);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.modetype”, “production”);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.reportInstall”, true);
    Ligne Supprimée : user_pref(“extensions.ad822269819e54827b79e0a077ea8eb7a7b662f6d389941e488646393447568dacom37180.statsDailyCounter”, 118);
    Ligne Supprimée : user_pref(“extensions.crossrider.bic”, “1403f8d1fa05b924e904b8db53613745”);
    Ligne Supprimée : user_pref(“extentions.webcake.defaultEnableAppsList”, “layers,brain/features,newOffers/wc”);
    Ligne Supprimée : user_pref(“extentions.webcake.installId”, “34ad3346-9396-443d-b779-a9c059ae32d5”);

    -\ Google Chrome v31.0.1650.57

    [ Fichier : C:Documents and SettingsAdminLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [17259 octets] – [29/11/2013 16:45:49]
    AdwCleaner[S0].txt – [17054 octets] – [29/11/2013 16:53:13]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [17115 octets] ##########

  • Anonyme
    Post count: 1400

    re Plantu,

    apparemment tu n’as pas coché ce que MBAM a trouvé (juste la dernière ligne) :hein:

    C:Program FilesPlus-HD-3.5utils.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadsFlashPlayer_V.76480712c.exe (Adware.DomaIQ) -> Mis en quarantaine et supprimé avec succès.

    si c’est le cas, recommence le scan “rapide” et coche ce que MBAM va trouvé et supprime la sélection puis poste le rapport

    :merci2:

  • Plantu
    Participant
    Post count: 11

    Rapport Malwarebytes

    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.11.29.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Admin :: ADMIN-732D4ABFF [administrateur]

    29/11/2013 16:19:27
    mbam-log-2013-11-29 (16-19-27).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 215780
    Temps écoulé: 8 minute(s), 7 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 9
    HKCRCLSID{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Aucune action effectuée.
    HKCUSOFTWAREPlus-HD-3.5 (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    HKCUSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Aucune action effectuée.
    HKLMSOFTWAREPlus-HD-3.5 (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    HKLMSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Aucune action effectuée.
    HKCRCLSID{22222222-2222-2222-2222-220322712280} (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    HKCRTypeLib{44444444-4444-4444-4444-440344714480} (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    HKCRInterface{55555555-5555-5555-5555-550355715580} (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallPlus-HD-3.5 (PUP.Optional.PlusHD.A) -> Aucune action effectuée.

    Valeur(s) du Registre détectée(s): 2
    HKCUSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Données: {F0D77F3A-61A6-11E2-9C81-00252286C5E5} -> Aucune action effectuée.
    HKLMSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Données: {F0D77F3A-61A6-11E2-9C81-00252286C5E5} -> Aucune action effectuée.

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 1
    C:Program FilesPlus-HD-3.5 (PUP.Optional.PlusHD.A) -> Aucune action effectuée.

    Fichier(s) détecté(s): 43
    C:Documents and SettingsAdminMes documentsDownloadsWindows Live Movie Maker (1).exe (PUP.Optional.Solimba) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadsopenoffice.exe (PUP.Optional.MSILLoader.A) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadsiLividSetup.exe (PUP.Optional.Bandoo) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (10).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (11).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (12).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (2).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (3).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (4).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (5).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (6).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (7).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (8).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadssetup (9).exe (PUP.Optional.OutBrowse) -> Aucune action effectuée.
    C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5W3ANI1KRwajam_update[1].exe (PUP.Optional.Wajam.A) -> Aucune action effectuée.
    C:WINDOWSInstaller1ae3ee8.msi (PUP.Optional.SweetIM) -> Aucune action effectuée.
    C:WINDOWSInstaller1ae3eef.msi (PUP.Optional.SweetIM) -> Aucune action effectuée.
    C:WINDOWSInstaller1ae3ef6.msi (PUP.Optional.SweetIM) -> Aucune action effectuée.
    C:WINDOWSTasksPlus-HD-3.5-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:WINDOWSTasksPlus-HD-3.5-codedownloader.job (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:WINDOWSTasksPlus-HD-3.5-enabler.job (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:WINDOWSTasksPlus-HD-3.5-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:WINDOWSTasksPlus-HD-3.5-updater.job (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-codedownloader.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.537180.crx (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.537180.xpi (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5background.html (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Installer.log (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-bg.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-bho.dll (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-buttonutil.dll (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-buttonutil.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-chromeinstaller.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-enabler.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-helper.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5-updater.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Plus-HD-3.5.ico (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5Uninstall.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Program FilesPlus-HD-3.5utils.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée.
    C:Documents and SettingsAdminMes documentsDownloadsFlashPlayer_V.76480712c.exe (Adware.DomaIQ) -> Mis en quarantaine et supprimé avec succès.

    (fin)

  • Anonyme
    Post count: 1400

    :hello: Plantu et :welcome: sur sosvirus

    en attente des rapports quand ils seront terminés ;)

    :merci2:

  • Plantu
    Participant
    Post count: 11

    Bonjour, depuis quelques temps je suis infecté par rvzr-a.akamaihd.net qui ouvre des fenêtres de publicité intempestive. J’ai lu la marche à suivre sur votre forum, je vais donc lancer les différents scans et les poster dans ce sujet. Merci par avance pour votre aide.

Le sujet ‘Infectée par rvzr-a.akamaihd.net’ est fermé à de nouvelles réponses.