j’ai peut-être un virus 2013-10-09T15:35:36+00:00
15 sujets de 1 à 15 (sur un total de 24)
  • Auteur
    Messages
  • psh
    Nombre d'articles : 0

    Bonjour,
    Je rencontre quelques problèmes avec cet ordi (windows vista). Ca a commencé par couper mon écran (philips) en affichant “pas d’entrée vidéo”. Je redémarre l’ordi et il y a eu un changement de résolution d’écran. Je remet la résolution d’écran comme il faut, ça finit par fonctionner après x tentatives. Ensuite les icônes, textes et sont pas à la bonne taille. Je règle la taille de la police en PPP, ça redémarre (l’ordi) et rebelote il faut rerégler la résolution d’écran enfin c’est un cercle vicieux à chaque redémarrage.
    Là j’ai voulu me connecter à mon compte facebook, impossible. J’essais mon deuxième compte pas de problème. Ai-je fais une erreur, je ne crois pas. Du coup, aurais-je eu un virus par le biais de facebook qui ferait beuguer mon ordi?
    J’ai analyser avec microsoft security essential et mc afee security scan plus. Mais rien. Là je viens de télécharger usbfix.
    Je ne comprends pas pourquoi tout ces problèmes? J’ai besoins de cet ordi pour finir de créer mon site commercial.
    Pouvez-vous m’aider s’il vous plait?

    Anonyme
    Nombre d'articles : 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome: ,

    Suis ce lien : instructions-suivre-avant-ouvrir-sujet-t18.html , reviens vers moi avec les 3 rapports demandés stp ;)

    psh
    Nombre d'articles : 0

    MERCI
    yes ça démarre enfin normalement, pourvu que ça dure!

    mbam:

    Spoiler for 1v9zdwc2

    Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.10.09.05

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Danet :: PC-DE-DANET [administrateur]

    Protection: Activé

    09/10/2013 18:15:33
    mbam-log-2013-10-09 (18-15-33).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 206809
    Temps écoulé: 10 minute(s), 3 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 3
    HKLMSYSTEMCurrentControlSetServicesWeb Assistant Updater (PUP.Optional.SweetPacks.A) -> Aucune action effectuée.
    HKCUSoftwareDistromaticToolbars (PUP.Optional.AlexaTB.A) -> Aucune action effectuée.
    HKCUSoftwareMicrosoftInternet ExplorerMenuExtRecherche avec cherche.us (Redir.ChercheUs) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 1
    HKLMSOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun|Firevall Administrating (Trojan.Backdoor) -> Données: rndll.exe -> Mis en quarantaine et supprimé avec succès.

    Elément(s) de données du Registre détecté(s): 5
    HKCUSOFTWAREMicrosoftInternet ExplorerMain|Start Page_bak (Hijack.StartPage) -> Mauvais: (http://www.cherche.us) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
    HKCUSOFTWAREMicrosoftInternet ExplorerMain|Default_Page_URL (Hijack.StartPage) -> Mauvais: (http://www.cherche.us) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
    HKCUSOFTWAREMicrosoftInternet ExplorerMain|Default_Search_URL (Hijack.SearchPage) -> Mauvais: (http://www.cherche.us/keyword/) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
    HKCUSOFTWAREMicrosoftInternet ExplorerSearchURL| (Hijack.SearchPage) -> Mauvais: (http://www.cherche.us/keyword/%s) Bon: (http://www.google.com/) -> Mis en quarantaine et réparé avec succès
    HKCUSOFTWAREMicrosoftInternet ExplorerSearchURL|SearchAssistant (Hijack.SearchPage) -> Mauvais: (http://www.cherche.us) Bon: (http://www.google.com/) -> Mis en quarantaine et réparé avec succès

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 3
    C:Program FilesWeb AssistantExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Aucune action effectuée.
    C:UsersDanetLocal SettingsTemporary Internet FilesContent.IE55S0I77BVrcpafterdownloadcp_ad_14019_cp1.exe (PUP.Optional.RegCleanerPro) -> Aucune action effectuée.
    C:WindowsSystem32roboot.exe (PUP.Optional.PCPerformer.A) -> Aucune action effectuée.

    (fin)[/spoiler:1v9zdwc2]

    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Bonsoir,

    Je prends le relais de la désinfection, je me nomme H.A.W.X :) Ravis de faire ta connaissance ! :yes

    Il te reste deux choses à faire, et deux rapports à poster.

    ++ ;)

    psh
    Nombre d'articles : 0

    ADWCLEANER:

    Spoiler for vvciu74e

    # AdwCleaner v3.007 – Rapport créé le 09/10/2013 à 18:39:33
    # Mis à jour le 09/10/2013 par Xplode
    # Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Nom d'utilisateur : Danet – PC-DE-DANET
    # Exécuté depuis : C:UsersDanetDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : Web Assistant Updater

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Program FilesConduit
    Dossier Supprimé : C:Program FilesConduitEngine
    Dossier Supprimé : C:Program FilesIncrediMail_MediaBar_2
    Dossier Supprimé : C:Program FilesMyPC Backup
    Dossier Supprimé : C:Program FilesWeb Assistant
    [!] Dossier Supprimé : C:UsersDanetprncnfgd
    Dossier Supprimé : C:UsersDanetAppDataLocalLowConduit
    Dossier Supprimé : C:UsersDanetAppDataLocalLowConduitEngine
    Dossier Supprimé : C:UsersDanetAppDataLocalLowIncrediMail_MediaBar_2
    Dossier Supprimé : C:UsersDanetAppDataRoamingSystweak
    Dossier Supprimé : C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.defaultExtensions{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
    Dossier Supprimé : C:UsersDanetAppDataLocalGoogleChromeUser DataDefaultExtensionspbjikboenpfhbbejgkoklgkhjpfogcam
    Fichier Supprimé : C:Windowssystem32roboot.exe
    Fichier Supprimé : C:UsersDaneterrorlog.tmp
    Fichier Supprimé : C:UsersDanetscriptjava.html
    Fichier Supprimé : C:Program FilesMozilla Firefox.autoreg
    Fichier Supprimé : C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.defaultsearchpluginsCherche.xml
    Fichier Supprimé : C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.defaultsearchpluginsMyStart Search.xml
    Fichier Supprimé : C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.defaultuser.js

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Valeur Supprimée : HKLMSOFTWAREMozillaFirefoxExtensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
    Valeur Supprimée : HKLMSOFTWAREMozillaFirefoxExtensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsdlnembnfbcpjnepmfjmngjenhhajpdfd
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerNew WindowsAllow [*.chat-land.org]
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainschat-land.org
    Clé Supprimée : HKLMSOFTWAREClassesAppIDExtension.DLL
    Clé Supprimée : HKLMSOFTWAREClassesConduit.Engine
    Clé Supprimée : HKLMSOFTWAREClassesExtension.ExtensionHelperObject
    Clé Supprimée : HKLMSOFTWAREClassesExtension.ExtensionHelperObject.1
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho.1
    Clé Supprimée : HKLMSOFTWAREClassesToolbar.CT2724386
    Clé Supprimée : HKLMSOFTWAREClassesAppID{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{336D0C35-8A85-403A-B9D2-65C292C39087}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{7452861C-3EE0-481B-A698-6E7A366B117F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{336D0C35-8A85-403A-B9D2-65C292C39087}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{336D0C35-8A85-403A-B9D2-65C292C39087}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{336D0C35-8A85-403A-B9D2-65C292C39087}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{7452861C-3EE0-481B-A698-6E7A366B117F}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{C255236F-CE14-45FA-8180-79DDFC8BFDC3}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{1D8D36BC-5593-410B-9E7F-E06729638554}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{557C21FE-7274-410D-853E-9ED4471BF193}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
    Clé Supprimée : HKCUSoftwareAlexa Internet
    Clé Supprimée : HKCUSoftwaredistromatic
    Clé Supprimée : HKCUSoftwareIM
    Clé Supprimée : HKCUSoftwareImInstaller
    Clé Supprimée : HKCUSoftwareYahooPartnerToolbar
    Clé Supprimée : HKCUSoftwareAppDataLowToolbar
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareConduit
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareconduitEngine
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareIncrediMail_MediaBar_2
    Clé Supprimée : HKLMSoftwareConduit
    Clé Supprimée : HKLMSoftwareconduitEngine
    Clé Supprimée : HKLMSoftwareImInstaller
    Clé Supprimée : HKLMSoftwareIncrediMail_MediaBar_2
    Clé Supprimée : HKLMSoftwaresystweak
    Clé Supprimée : HKLMSoftwareWeb Assistant
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallconduitEngine
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallIncrediMail_MediaBar_2 Toolbar
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheconduitEngine
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyPC Backup
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheIncrediMail_MediaBar_2 Toolbar
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFF2AEFF45EEA0A48A4B33C1973B6094
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components305B09CE8C53A214DB58887F62F25536

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v9.0.8112.16506

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [SearchMigratedDefaultName]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [SearchMigratedDefaultURL]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Secondary_Page_URL]

    -\ Mozilla Firefox v2.0.0.16 (fr)

    [ Fichier : C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.defaultprefs.js ]

    Ligne Supprimée : user_pref(“browser.search.defaultenginename”, “MyStart Search”);
    Ligne Supprimée : user_pref(“browser.search.selectedEngine”, “MyStart Search”);
    Ligne Supprimée : user_pref(“browser.startup.homepage”, “hxxp://mystart.incredimail.com?a=6R7O0AIfji”);

    -\ Google Chrome v30.0.1599.69

    [ Fichier : C:UsersDanetAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [11355 octets] – [09/10/2013 18:16:38]
    AdwCleaner[R1].txt – [10848 octets] – [09/10/2013 18:37:56]
    AdwCleaner[S0].txt – [9296 octets] – [09/10/2013 18:39:33]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [9356 octets] ##########[/spoiler:vvciu74e]

    psh
    Nombre d'articles : 0

    Ok bonjour H.A.W.X

    zhpdiag:

    Spoiler for 2mh7q9s3

    ~ Rapport de ZHPDiag v2013.10.9.26 – Nicolas Coolman (09/10/2013)
    ~ Lancé par Danet (09/10/2013 18:48:29)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421
    MFIE: Mozilla Firefox v2.0.0.16 (fr)
    GCIE: Google Chrome v30.0.1599.69 (Defaut)
    OBIE: Safari v5.33.16.0

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
    Windows Server License Manager Script : OK
    ~ Vista, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : MQ3CQ
    Windows License : OK
    Windows Automatic Updates : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client v4.3.0216.0
    McAfee Security Scan Plus v3.8.130.8

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.5 – Français
    Java 7 Update 40

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3061 MB (45% free)
    System Restore: Activé (Enable)
    System drive C: has 60 GB (42%) free of 141 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-DE-DANET
    ~ User Name: Danet
    ~ All Users Names: Danet, ASPNET, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersDanetAppDataRoamingZHP
    ~ %AppData% : C:UsersDanetAppDataRoaming
    ~ %Desktop% : C:UsersDanetDesktop
    ~ %Favorites% : C:UsersDanetFavorites
    ~ %LocalAppData% : C:UsersDanetAppDataLocal
    ~ %StartMenu% : C:UsersDanetAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 60 Go of 141 Go)
    D: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
    ~ Security Center: 36 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.11/04/2009 – 07:27:36.) — C:WindowsExplorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.19/01/2008 – 08:33:37.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.21A5424935A32080A58DD40F2712212C] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.31/07/2013 – 10:52:44.) — C:WindowsSystem32wininet.dll [1129472]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d'ouverture de session Windows.) (.11/04/2009 – 07:28:13.) — C:WindowsSystem32Winlogon.exe [314368]
    [MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.11/04/2009 – 07:32:26.) — C:Windowssystem32Driversatapi.sys [19944]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.19/01/2008 – 06:28:02.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.11/04/2009 – 05:39:17.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.11/04/2009 – 05:42:42.) — C:Windowssystem32DriversHDAudBus.sys [561152]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.19/01/2008 – 06:49:18.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.19/01/2008 – 06:56:28.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
    [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.11/04/2009 – 05:45:37.) — C:Windowssystem32DriversnetBT.sys [185856]
    [MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.03/03/2013 – 20:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
    [MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.19/01/2008 – 06:56:34.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.02/11/2006 – 10:03:00.) — C:Windowssystem32Driversrdpdr.sys [242688]
    [MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.11/04/2009 – 05:45:22.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.11/04/2009 – 05:45:56.) — C:Windowssystem32Driverstdx.sys [72192]
    [MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/08/2012 – 12:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
    ~ Generic Processes: Scanned in 00mn 04s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/3
    ~ Mes musiques (My Musics) : 19/208
    ~ Mes Videos (My Videos) : 1/2
    ~ Mes Favoris (My Favorites) : 1/57
    ~ Mes Documents (My Documents) : 1/3197
    ~ Mon Bureau (My Desktop) : 1/13644
    ~ Menu demarrer (Programs) : 1/25
    ~ Hidden Files: Scanned in 01mn 08s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe [532040] [PID.3052]
    [MD5.D4F80A8E700ADABEC388071C8C81F395] – (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [857648] [PID.1252]
    [MD5.BF38C273C3EC524880AF0AEB2E7CE160] – (.Sonic Solutions – RoxMMTrayApp Module.) — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe [232184] [PID.2348]
    [MD5.E26642C193B81F2AA06D6013D4E07D03] – (…) — C:Program FilesCyberLinkMagicSportsKernelMagicSportsMSPMirage.exe [102400] [PID.2828]
    [MD5.F371C6DF9A810EF2E6E4FA60ACBB5C33] – (.Intel Corporation – Event Monitor User Notification Tool.) — C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe [174872] [PID.3736]
    [MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.3588]
    [MD5.E3E35989184E217D5B10986E1207D3AA] – (.Guillemot Corporation S.A. – CamService Application.) — C:Program FilesHerculesDualPix ExchangeCamService.exe [81920] [PID.3668]
    [MD5.A244E67F073377DE0E53D3068932B040] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [142120] [PID.3096]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [254336] [PID.3452]
    [MD5.B1D8669CD13163585CA133332EDD60E3] – (.Packard Bell BV – SmpSys.exe.) — C:Program FilesPackard BellSetUpMyPCSmpSys.exe [1120568] [PID.3184]
    [MD5.BF08674925F151BD4537B89A493E3E0C] – (.Microsoft Corporation – Media Center Tray Applet.) — C:Windowsehomeehtray.exe [125952] [PID.3980]
    [MD5.43D083268A0919F3527A2837390BAF63] – (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe [218032] [PID.4000]
    [MD5.2A30429FDE9CA91D9547933C637A3D8D] – (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2HOMERunner.exe [206184] [PID.2552]
    [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.2304] =>Toolbar.Google
    [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] – (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe [366536] [PID.3280]
    [MD5.2DB9877A60E2343490D71C8EA7E26FE3] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [16945032] [PID.3804]
    [MD5.85EBCDF930AD766B46A521A9149D3276] – (.Pas de propriétaire – Netgear.) — C:Program FilesNETGEARWNA3100WNA3100.exe [4577760] [PID.3124]
    [MD5.1B898F334DE8CDCC142FEA0F99E3814D] – (.Broadcom Corporation. – Bluetooth Tray Application.) — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe [789032] [PID.3568]
    [MD5.0F4195B9B348DE5CF9B822F81704B20E] – (.Microsoft Corporation – Media Center Media Status Aggregator Servic.) — C:Windowsehomeehmsas.exe [37376] [PID.160]
    [MD5.D3D4BD94434A9CB4B35E82283EAE8EFB] – (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe [273296] [PID.2928]
    [MD5.32C26797AB646074A2BB562F9D10ADB5] – (.Microsoft Corporation – Microsoft Office OneNote Quick Launcher.) — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.exe [97680] [PID.1440]
    [MD5.2D4040F03702E79F6FA98D2E76BA831F] – (.Sonic Solutions – ROXHelpRunner Module.) — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMCPSHelpRunner.exe [17656] [PID.4424]
    [MD5.F4762082DDCFD241BE8BA5DD35133F4A] – (.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program FilesIncrediMailBinImApp.exe [264136] [PID.5608]
    [MD5.AA9CBDCD4675A48755DDA3A73BE3E283] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [757400] [PID.5692]
    [MD5.10B01048B1DA075CD1EE27E30B4CF342] – (.Google Inc. – Google Toolbar Broker.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe [308816] [PID.3408] =>Toolbar.Google
    [MD5.D52F1D46D9C862BB8271734E1834BA5A] – (.Adobe Systems, Inc. – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil11g_ActiveX.exe [250528] [PID.4328]
    [MD5.B4081C369797ED1BA5B9E8FFC821DE16] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8068608] [PID.5532]
    [MD5.6080A176D09435FC8E6E800996656E18] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.5148]
    [MD5.3EA6A1A744D79328AE7E2C6FAE4C4420] – (.Microsoft Corporation – Antimalware Service Executable.) — c:Program FilesMicrosoft Security ClientMsMpEng.exe [22216] [PID.1004]
    [MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1328]
    [MD5.095AAFC4129ED6CC8EA6BB1BC712AF72] – (.Lexmark International, Inc. – LexBce Service.) — C:WindowsSystem32LEXBCES.exe [311296] [PID.1756]
    [MD5.917672BCDCDE6A80663736D93FA073B2] – (.Lexmark International, Inc. – LEXPPS.EXE.) — C:WindowsSystem32LEXPPS.exe [174592] [PID.1812]
    [MD5.23C3A0680042C0D1DE1F360F8B62BC57] – (.Microsoft Corporation – Infrastructure d'extensibilité pour les ser.) — C:Windowssystem32WLANExt.exe [74240] [PID.2016]
    [MD5.D503DF3ABA595F551B98B9BAE017A271] – (.Apple Inc. – Apple Mobile Device Service.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [144672] [PID.380]
    [MD5.EBAD0F51D8D4DADE7660B1851ADDBD07] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [345376] [PID.404]
    [MD5.FE7FCACE3678200AE202EB29C9B6A8E8] – (.Broadcom Corporation. – Bluetooth Support Server.) — C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe [567848] [PID.560]
    [MD5.BCEEF2999CB7DE5BEB17C17D73784058] – (.Textalk AB – ExtraFilm upload service.) — C:Program FilesExtrafilm Designer FREFUploadSrv.exe [1716224] [PID.2056]
    [MD5.AE38A12F79A4980DDB88F36514F8A1DA] – (.Intel Corporation – RAID Monitor.) — C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe [355096] [PID.2168]
    [MD5.E076BAE968916E9D2980814CA7E7AB8C] – (.CybelSoft – Service de détection matériel.) — C:Program Filesma-config.comMaConfigAgent.exe [1786704] [PID.2240]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2584]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2752]
    [MD5.6987DC1DD7A7159752DFB1F6AABAE062] – (.Intel(R) Corporation – Intel(R) PROSet/Wireless Registry Service.) — C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe [481552] [PID.2912]
    [MD5.C3162AC1B592CEB43ABE2F972A7222D3] – (.Pas de propriétaire – RichVideo Module.) — C:Program FilesCyberLinkShared FilesRichVideo.exe [266343] [PID.2980]
    [MD5.D0697918519A4CF059C2C7E3B9E93A53] – (.Pas de propriétaire – Wifi Service.) — C:Program FilesNETGEARWNA3100WifiSvc.exe [285152] [PID.3380]
    [MD5.9D6A019DEA917F305AF23209FEDD5F16] – (.Intel(R) Corporation – Intel(R) PROSet/Wireless Event Log Service.) — C:Program FilesIntelWiFibinEvtEng.exe [870672] [PID.3424]
    [MD5.A1545B731579895D8CC44FC0481C1192] – (.Microsoft Corporation – Service de la passerelle de la couche Appli.) — C:WindowsSystem32alg.exe [59392] [PID.3876]
    [MD5.3C30491045DBBD44A42876B3D6F3917D] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [545576] [PID.4460]
    [MD5.F8D8BB3F6173FFF00128612F33D3197A] – (.Microsoft Corporation – WMI Reverse Performance Adapter Maintenance.) — C:Windowssystem32wbemWMIADAP.exe [117248] [PID.4300]
    [MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] – (.Microsoft Corporation – Programme d’installation de modules Windows.) — C:WindowsservicingTrustedInstaller.exe [39424] [PID.2176]
    ~ Processes Running: Scanned in 00mn 27s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersDanetAppDataLocalGoogleChromeUser DataDefaultPreferences
    ~ Google Browser: 12 Legitimates Filtered in 00mn 22s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.defaultprefs.js
    M3 – MFPP: Plugins – [Danet] — C:Program FilesMozilla FireFoxsearchpluginsMediaDICO-fr.xml
    M2 – MFEP: prefs.js [Danet – 66tq159t.default{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v3.1.20080730W (..) =>Toolbar.Google
    P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsNPSWF32.dll
    ~ Firefox Browser: 42 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R4 – HKCUSOFTWAREMicrosoftInternet ExplorerPhishingFilter,Enabled = 1
    ~ IE Browser: 13 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Assistant de configuration NETGEAR WNA3100.lnk . (…) — C:Program FilesNETGEARWNA3100WNA3100.exe
    O4 – GSDesktop [Public]: Augmentez la vitesse de votre ordinateur !.lnk . (…) — C:Program FilesIncrediMailBinIobit.url
    O4 – GSDesktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
    O4 – GSDesktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee.) — C:Program FilesMcAfee Security Scan3.8.130McUICnt.exe
    O4 – GSProgram [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
    O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{AFAC914D-9E83-4A89-8ABE-427521C82CCF}SafariIco.exe
    O4 – GSQuickLaunch [Danet]: Apple Safari.lnk . (…) — C:WindowsInstaller{AFAC914D-9E83-4A89-8ABE-427521C82CCF}SafariIco.exe
    O4 – GSQuickLaunch [Danet]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
    O4 – GSDesktop [Danet]: Ordinateur.lnk – Clé orpheline
    O4 – GSDesktop [Danet]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    ~ Global Startup: 71 Legitimates Filtered in 00mn 01s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: Assistant de configuration NETGEAR WNA3100.lnk . (…) — C:Program FilesNETGEARWNA3100WNA3100.exe
    O4 – GSStartup [Public]: Bluetooth.lnk . (.Broadcom Corporation. – Bluetooth Tray Application.) — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
    O4 – GSStartup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe
    O4 – GSStartup [Danet]: OneNote 2007 – Capture d'écran et lancement.lnk . (.Microsoft Corporation – Microsoft Office OneNote Quick Launcher.) — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.exe
    O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
    O4 – HKLM..Run: [JMB36X IDE Setup] . (…) — C:WindowsRaidToolxInsIDE.exe
    O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 – HKLM..Run: [RoxWatchTray] . (.Sonic Solutions – RoxMMTrayApp Module.) — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe =>.Sonic Solutions
    O4 – HKLM..Run: [MSPService] . (…) — C:Program FilesCyberLinkMagicSportsKernelMagicSportsMSPMirage.exe
    O4 – HKLM..Run: [toolbar_eula_launcher] . (…) — C:Program FilesPackard BellGOOGLE_EULAEULALauncher.exe
    O4 – HKLM..Run: [IAAnotif] . (.Intel Corporation – Event Monitor User Notification Tool.) — C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
    O4 – HKLM..Run: [NvSvc] . (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 156.5.) — C:Windowssystem32nvsvc.dll
    O4 – HKLM..Run: [NvCplDaemon] . (.NVIDIA Corporation – NVIDIA Display Properties Extension.) — C:Windowssystem32NvCpl.dll
    O4 – HKLM..Run: [NvMediaCenter] . (.NVIDIA Corporation – NVIDIA Media Center Library.) — C:Windowssystem32NvMcTray.dll
    O4 – HKLM..Run: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    O4 – HKLM..Run: [CamserviceDP] . (.Guillemot Corporation S.A. – CamService Application.) — C:Program FilesHerculesDualPix ExchangeCamservice.exe
    O4 – HKLM..Run: [Lexmark 2200 Series] C:Program FilesLexmark 2200 Serieslxbvbmgr.exe (.not file.)
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [SmpcSys] . (.Packard Bell BV – SmpSys.exe.) — C:Program FilesPackard BellSetUpMyPCSmpSys.exe
    O4 – HKCU..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
    O4 – HKCU..Run: [ISUSPM] . (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
    O4 – HKCU..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2HOMERunner.exe
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKCU..Run: [IncrediMail] . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailbinIncMail.exe
    O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] oobefldr.dll
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] oobefldr.dll
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [SmpcSys] . (.Packard Bell BV – SmpSys.exe.) — C:Program FilesPackard BellSetUpMyPCSmpSys.exe
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [ISUSPM] . (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2HOMERunner.exe
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [IncrediMail] . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailbinIncMail.exe
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) – http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{65D2E0DE-E92F-4221-8DD2-93E3ADB91311}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{6B5E9C55-FC6A-45C1-A038-251C36D12584}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{98F09440-8CCE-4390-A801-94E878C60A99}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{B3FA9D68-7E3E-4ACE-A9B1-8A2F82CFFC3C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{F22F5A6E-6E3B-4BAF-868C-D58A7F6BACA0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{65D2E0DE-E92F-4221-8DD2-93E3ADB91311}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{6B5E9C55-FC6A-45C1-A038-251C36D12584}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{98F09440-8CCE-4390-A801-94E878C60A99}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{B3FA9D68-7E3E-4ACE-A9B1-8A2F82CFFC3C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{F22F5A6E-6E3B-4BAF-868C-D58A7F6BACA0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{65D2E0DE-E92F-4221-8DD2-93E3ADB91311}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{6B5E9C55-FC6A-45C1-A038-251C36D12584}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{98F09440-8CCE-4390-A801-94E878C60A99}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{B3FA9D68-7E3E-4ACE-A9B1-8A2F82CFFC3C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{F22F5A6E-6E3B-4BAF-868C-D58A7F6BACA0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:Windowssystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l'interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: ExtraFilm upload service (EFUploadSrv) . (.Textalk AB – ExtraFilm upload service.) – C:Program FilesExtrafilm Designer FREFUploadSrv.exe
    O23 – Service: WSWNA3100 (WSWNA3100) . (.Pas de propriétaire – Wifi Service.) – C:Program FilesNETGEARWNA3100WifiSvc.exe
    ~ Services: 15 Legitimates Filtered in 00mn 14s

    —\ Tâches planifiées en automatique (O39)
    [MD5.1C4F38FF4F96589E48E6A5BE885156BC] [APT] [{11EA508C-021E-43BB-A0B3-C554A4DE4DCD}] (…) — C:Windowssystem32spooldriversw32x863LXBVUN5C.exe [101376]
    [MD5.00000000000000000000000000000000] [APT] [{324AF8FE-6993-43B3-AA9C-CE784C4A92EA}] (…) — D:NERO 6nero63115.exe (.not file.) [0]
    ~ Scheduled Task: 13 Legitimates Filtered in 00mn 05s

    —\ Logiciels installés (O42)
    O42 – Logiciel: GoogleToolbar – (…) [HKLM] — GoogleToolbar =>Toolbar.Google
    O42 – Logiciel: IncrediMail – (.IncrediMail.) [HKLM] — {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
    O42 – Logiciel: IncrediMail 2.0 – (.IncrediMail Ltd..) [HKLM] — IncrediMail
    ~ Logic: 121 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareIM]
    [HKCUSoftwareIncrediMail]
    ~ Key Software: 185 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 24/09/2013 – 13:59:00 – [0,095] —-D C:Program FilesBonjour(1)
    O43 – CFD: 17/01/2010 – 18:02:35 – [26,472] —-D C:Program FilesIncrediMail
    O43 – CFD: 17/01/2010 – 18:03:42 – [0] —-D C:ProgramDataIM
    O43 – CFD: 17/01/2010 – 18:02:36 – [11,784] —-D C:ProgramDataIncrediMail
    O43 – CFD: 19/04/2010 – 18:53:39 – [808,926] —-D C:UsersDanetAppDataLocalIM
    ~ 8 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 202 Legitimates Filtered in 00mn 54s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.86E4E3C69244CE51C565C0B7C6FD6114] – 08/10/2013 – 12:33:35 —A- . (…) — C:Windowsfsavunin_2.log [70]
    O44 – LFC:[MD5.D0A3F5942E970A5DEC6351E4FF10AB90] – 08/10/2013 – 12:33:46 —A- . (…) — C:Windowsfsavunin.log [31615]
    O44 – LFC:[MD5.7F69938CF338DFEF417C57AEC0DAB817] – 08/10/2013 – 12:34:06 —A- . (…) — C:Windowsdaasunin.LOG [824]
    O44 – LFC:[MD5.9A0C38C5DBFE1774C8DDF269250A1EF1] – 08/10/2013 – 12:34:09 —A- . (…) — C:WindowsFSLDIN.LOG [20684]
    O44 – LFC:[MD5.822F2CE17E06FB72DFFDFBEC309CB8AF] – 08/10/2013 – 12:34:11 —A- . (…) — C:WindowsFSGKIAIN.log [23877]
    O44 – LFC:[MD5.C723C061B56C42A5A2438C5B6B5F69AD] – 08/10/2013 – 12:34:20 —A- . (…) — C:WindowsFSDEPH.log [1257037]
    O44 – LFC:[MD5.E4FC18CD01C790849273B78427B6B3DD] – 08/10/2013 – 12:34:20 —A- . (…) — C:WindowsFSISU.log [18335670]
    O44 – LFC:[MD5.776DB1A12BEFE98186B57D78DE98E30C] – 08/10/2013 – 12:34:20 —A- . (…) — C:WindowsFSUNINST.log [842784]
    O44 – LFC:[MD5.2464E44D13A1076046E22695EA3DFC33] – 08/10/2013 – 12:34:20 —A- . (…) — C:Windowsuninstaller.log [122069]
    O44 – LFC:[MD5.DC5CF40F4B826C56CD8C0E1364F1A58C] – 09/10/2013 – 16:54:58 —A- . (…) — C:UsbFix [Clean 2] PC-DE-DANET.txt [11402]
    ~ Files: 25 Legitimates Filtered in 00mn 16s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.95CD9B5C6E800751D7A12996D12C513A] – 09/10/2013 – 11:47:39 —A- – C:WindowsPrefetchDPISCALING.EXE-B25934CE.pf
    O45 – LFCP:[MD5.1C8D57A28E51F0BA1D48F785DC7FAF4B] – 09/10/2013 – 11:59:39 —A- – C:WindowsPrefetchSECURITYSCAN_INNER.EXE-2A403820.pf
    O45 – LFCP:[MD5.2CE93322448F269FA7EBF62207FEDE1B] – 09/10/2013 – 16:37:52 —A- – C:WindowsPrefetchGO.EXE-0A7DE786.pf
    O45 – LFCP:[MD5.B2DB4D0CA32ED60AEDCF6C263A66443C] – 09/10/2013 – 16:39:25 —A- – C:WindowsPrefetchCONTENTDATS.EXE-82493AF7.pf
    O45 – LFCP:[MD5.BCE81595FACC3B95C11E0023E00D55F5] – 09/10/2013 – 16:46:55 —A- – C:WindowsPrefetchLEXBCES.EXE-DBA613A6.pf
    O45 – LFCP:[MD5.EEFA1B540399B7D57C32AD0C6D331674] – 09/10/2013 – 16:46:55 —A- – C:WindowsPrefetchLEXPPS.EXE-D81723A4.pf
    O45 – LFCP:[MD5.112057220FAE58DB89E19E63E78AB214] – 09/10/2013 – 17:39:33 —A- – C:WindowsPrefetchIMNOTFY.EXE-E138605A.pf
    O45 – LFCP:[MD5.C62D72C504ABB6A954545AC293EB290A] – 09/10/2013 – 17:43:26 —A- – C:WindowsPrefetchIWRAP.EXE-20582B89.pf
    O45 – LFCP:[MD5.78A8F89C1F14D65E76A79BFED43DC3A2] – 09/10/2013 – 17:44:49 —A- – C:WindowsPrefetchIMLPP.EXE-8B4B9E1E.pf
    O45 – LFCP:[MD5.AD3DCFB8FFB31782E59A9014BAA29FAA] – 09/10/2013 – 17:44:54 —A- – C:WindowsPrefetchAELDR.EXE-26B3893E.pf
    O45 – LFCP:[MD5.C23A3E63517D156AFBF955569FFC92FD] – 09/10/2013 – 17:44:54 —A- – C:WindowsPrefetchIMAPP.EXE-005076D7.pf
    ~ Prefetcher: 126 Legitimates Filtered in 00mn 00s

    —\ Export de clé d'application autorisée (O47)
    O47 – AAKE:Key Export SP – “C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.EXE” [Enabled] .(…) — C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.exe (.not file.)
    ~ Keys Export: 1 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] – 02/11/2006 – 10:51:34 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [316520]
    O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    ~ Drivers: 16 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 08/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalApplicationHistoryRestartExplorer.exe.d85212b3.ini.inuse [0]
    O61 – LFC: 08/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser DataLocal State~RF1d6815.TMP [42649]
    O61 – LFC: 08/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalGoogleToolbar Cache7.5.4413.1752frtranslate_element.js.content [2381]
    O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalGDIPFONTCACHEV1.DAT [118088]
    O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [260961]
    O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
    O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocald3d9caps.dat [8268]
    O61 – LFC: 09/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser DataLocal State [41087]
    O61 – LFC: 09/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalIMcontent.xml [22333]
    O61 – LFC: 09/10/2013 – 18:53:09 —A- . (…) — C:UsersDanetAppDataRoamingGoogleLocal Search Historygoogle%2Eweb.w [7582]
    O61 – LFC: 09/10/2013 – 18:53:12 —A- . (…) — C:UsersDanetAppDataRoamingZHPLog.txt [19641] =>.Nicolas Coolman
    O61 – LFC: 09/10/2013 – 18:53:12 —A- . (…) — C:UsersDanetAppDataRoamingZHPTestsZHPDiag.txt [2819] =>.Nicolas Coolman
    ~ 481 Fichiers temporaires (Temporary files)
    ~ 7 Fichiers cookies (Cookies files)
    ~ Files: 1196 Legitimates Filtered in 00mn 32s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
    O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
    ~ FASS Keys: 21 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program FilesSafariSafari.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.6E060DC0E34176DCADE58F9BCC5C2119] [SPRF][09/10/2013] (…) — C:UsersDanetAppDataLocald3d9caps.dat [8268]
    [MD5.AA801BC69CC63ABA85BA4E24AC027F8B] [SPRF][09/03/2008] (…) — C:UsersDanetAppDataLocalfusioncache.dat [93]
    [MD5.6EA18C193AAF14F9EDFF65EED8EFAB2C] [SPRF][09/10/2013] (…) — C:UsersDanetAppDataLocalTempQuarantine.exe [344355]
    [MD5.9AB2BD729256E1A47256D3468D6543A0] [SPRF][17/09/2013] (…) — C:UsersDanetAppDataRoamingnvModes.dat [65707]
    [MD5.537713D2F5AC4F5F16F4210C6415E84E] [SPRF][09/09/2010] (…) — C:UsersDanetAppDataRoamingwklnhst.dat [426]
    [MD5.31E39E9FF261030F71C0209C016580F4] [SPRF][09/10/2013] (…) — C:UsersDanetDesktopadwcleaner.exe [1048960]
    ~ Files: 12 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{21E544FF-3ABF-4DE6-9DEC-A7DE4E92810F}” | In – Public – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
    O87 – FAEL: “{02CFBD3F-C2D8-4916-9E49-B958EF4EF42A}” | In – Public – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
    O87 – FAEL: “{3E7046A7-EAE0-481A-A5F0-4247AE68771F}” | In – Public – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program FilesIncrediMailBinImApp.exe
    O87 – FAEL: “{BD734CA6-9AA2-4468-A240-5590D203505F}” | In – Public – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program FilesIncrediMailBinImApp.exe
    O87 – FAEL: “{73524291-5683-4D9F-B319-7457A85C0354}” | In – Public – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Content Importer.) — C:Program FilesIncrediMailBinImpCnt.exe
    O87 – FAEL: “{A4A19897-494E-4723-8A9B-8893A3F10087}” | In – Public – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Content Importer.) — C:Program FilesIncrediMailBinImpCnt.exe
    O87 – FAEL: “TCP Query User{5B662277-D5B6-4F54-AD66-13295C2B0C37}C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe” | In – Private – P6 – TRUE | .(…) — C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe
    O87 – FAEL: “UDP Query User{00911D61-4F1C-407C-829D-CB86748C9441}C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe” | In – Private – P17 – TRUE | .(…) — C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe
    ~ Firewall: 205 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “DB3F79E5CDDC8814D98935E241AFBBD5” . (.IncrediMail.) — C:WindowsInstaller{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}ARPPRODUCTICON.exe
    ~ Update Products: 88 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.234F1813D4E98B798BBB2259D48EB73D] [WIS][31/05/2012] (.IncrediMail – IncrediMail.) — C:WindowsInstaller55507.msi [2889216]
    ~ WIS: 89 Legitimates Filtered in 00mn 08s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 16/04/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 08/04/2010 345376 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 01/03/2009 567848 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
    SS – | Auto 10/07/1658 0 | (CLTNetCnService) . (…) – C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
    SR – | Auto 09/07/2009 1716224 | (EFUploadSrv) . (.Textalk AB.) – C:Program FilesExtrafilm Designer FREFUploadSrv.exe
    SR – | Auto 24/10/2011 870672 | (EvtEng) . (.Intel(R) Corporation.) – C:Program FilesIntelWiFibinEvtEng.exe
    SS – | Auto 02/02/2010 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 02/02/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 20/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Auto 21/03/2007 355096 | (IAANTMON) . (.Intel Corporation.) – C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
    SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
    SR – | Demand 28/04/2010 545576 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 14/01/2004 311296 | (LexBceS) . (.Lexmark International, Inc..) – C:WindowsSystem32LEXBCES.exe
    SR – | Auto 08/09/2013 1786704 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
    SS – | Demand 06/09/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.130McCHSvc.exe
    SR – | Auto 24/10/2011 481552 | (RegSrvc) . (.Intel(R) Corporation.) – C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
    SR – | Auto 06/03/2007 266343 | (RichVideo) . (…) – C:Program FilesCyberLinkShared FilesRichVideo.exe
    SS – | Demand 11/01/2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) – C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
    SS – | Auto 11/01/2007 166648 | (RoxWatch9) . (.Sonic Solutions.) – C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
    SS – | Demand 14/09/2006 73728 | (stllssvr) . (.MicroVision Development, Inc..) – C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
    SS – | Auto 19/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 26/08/2010 285152 | (WSWNA3100) . (…) – C:Program FilesNETGEARWNA3100WifiSvc.exe
    SR – | Auto 19/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 10s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Danet at 09/10/2013 18:54:01

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    C:Windowssystem32DRIVERSiaStor.sys Intel Corporation Intel Matrix Storage Manager driver
    1 ntkrnlpa!IofCallDriver[0x8207F916] >> DeviceHarddisk0DR0[0x8651C620]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 14 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Danet at 09/10/2013 18:54:03

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 12944 – (09/10/2013)
    Clés trouvées (Keys found) : 3
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 3

    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallGoogleToolbar] =>Toolbar.Google^
    [HKLMSoftwareClassesIncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
    [HKLMSoftwareClassesIncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
    C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.default{3112ca9c-de6d-4884-a869-9855de68056c} =>Toolbar.Google^
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google^
    C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe =>Toolbar.Google^
    C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
    ~ Additionnel Scan: 287290 Items scanned in 00mn 54s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
    ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    ~ MSI: 2 link(s) detected in 00mn 54s

    ~ 2435 Legitimates filtered by white list
    End of the scan (601 lines in 06mn 29s)(0)[/spoiler:2mh7q9s3]

    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Bonsoir,

    Au vu de ton rapport ZHPdiag fait ceci stp ;)

    • Télécharge SFTGC (de Pierre13) sur ton Bureau. IL NE PEUT PAS AILLLIEUR !
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFT.txt à été créé.
    • Héberge le rapport SFT.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    ++

    psh
    Nombre d'articles : 0
    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Bonsoir,

    Et bien ton disque dois mieux respiré : 7 Go libéré ! :) Alors on est pas bien sur SOSVirus ? :P:

    Ok tu as la barre d’outil de google veux tu qu’on la supprime ?

    psh
    Nombre d'articles : 0

    ah oui tourne beaucoup mieux merci, la barre google je préfère la garder.
    c’était quoi alors? des virus, ça venait d’où?

    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Re,

    Alors fait comme avant dernière manipulation et ensuite je répond à tes questions :)

    • Copie les lignes ci dessous :

    Script ZHPFix
    SysRestore

    HKLMSYSTEMCurrentControlSetServicesWeb Assistant Updater
    HKCUSoftwareDistromaticToolbars
    C:Program FilesWeb AssistantExtensionUpdaterService.exe
    C:UsersDanetLocal SettingsTemporary Internet FilesContent.IE55S0I77BVrcpafterdownloadcp_ad_14019_cp1.exe
    C:WindowsSystem32roboot.exe
    O4 - GSDesktop [Danet]: Ordinateur.lnk - Clé orpheline
    [MD5.00000000000000000000000000000000] [APT] [{324AF8FE-6993-43B3-AA9C-CE784C4A92EA}] (...) -- D:NERO 6nero63115.exe (.not file.) [0]
    O47 - AAKE:Key Export SP - "C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.EXE" [Enabled] .(...) -- C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.exe (.not file.)


    FirewallRaz
    PROXYFix
    EmptyFlash
    Emptytemp

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

    A tout de suite :)

    psh
    Nombre d'articles : 0

    il n’y a pas importé mais recherché

    psh
    Nombre d'articles : 0

    oups erreur corrigée
    https://antimalware.top/log/SosUpload.6a423cbb139df063f3202e33a5eda9cb.txt” onclick=”window.open(this.href);return false;

    H.A.W.X
    Participant
    Nombre d'articles : 1809

    Non non non, tu n’as pas bien lu :beaten: Toi tu as lancé ZHPDiag[/s:1ldqzknf], mais cette fois ci c’est ZHPFix !

    Je te remets la procédure :

    @H.A.W.X wrote:

    • Copie les lignes ci dessous :

    Script ZHPFix
    SysRestore

    HKLMSYSTEMCurrentControlSetServicesWeb Assistant Updater
    HKCUSoftwareDistromaticToolbars
    C:Program FilesWeb AssistantExtensionUpdaterService.exe
    C:UsersDanetLocal SettingsTemporary Internet FilesContent.IE55S0I77BVrcpafterdownloadcp_ad_14019_cp1.exe
    C:WindowsSystem32roboot.exe
    O4 - GSDesktop [Danet]: Ordinateur.lnk - Clé orpheline
    [MD5.00000000000000000000000000000000] [APT] [{324AF8FE-6993-43B3-AA9C-CE784C4A92EA}] (...) -- D:NERO 6nero63115.exe (.not file.) [0]
    O47 - AAKE:Key Export SP - "C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.EXE" [Enabled] .(...) -- C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.exe (.not file.)


    FirewallRaz
    PROXYFix
    EmptyFlash
    Emptytemp

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
    psh
    Nombre d'articles : 0

    oui je m’en suis rendu compte, on s’est croisé. Le lien du rapport est juste au dessus de ton message

15 sujets de 1 à 15 (sur un total de 24)
  • Vous devez être connecté pour répondre à ce sujet.