problème avec le USBFIX 2013-11-04T12:09:48+00:00
15 sujets de 1 à 15 (sur un total de 31)
  • Auteur
    Messages
  • Miaka
    Participant
    Nombre d'articles : 15

    Bonjour,
    Je suis nouvelle sur ce forum et d’ailleurs c’est la 1ère fois que je suis inscrite “tout court” dans un forum.
    Donc j’y connais rien.
    J’ai suivi les conseils que vous avez donnés à d’autres membres concernant l’utilisation de usbfix à installer sur son bureau, cliquer sur rechercher puis sur supprimer.

    Je l’ai fais une 1ère fois, ça a fonctionné sur ma clé usb et même sur les docs du pc.

    Maintenant, j’ai voulu refaire pareil avec mes 2 autres clés usb + mon appareil numérique et mon mp3 car ils sont tous infectés par le virus raccourci… rien n’y fait.

    J’ai désinstaller puis installé de nouveau USBFIX mais maintenant, il a plus la couleur rouge et jaune du début, il est plutôt rose et bleu et fonctionne pour la recherche (me donne un rapport).
    Par contre, quand je clique sur supprimer, il m’envoie direct sur votre site !!!!????

    Quel est le problème svp?

    D’avance je vous remercie… j’ai vraiment besoin de détruire complètement ce virus.

    bien à vous, :merci2:

    Anonyme
    Nombre d'articles : 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Post le dernier rapport UsbFix que tu as stp : C:UsbFix [Scan * ] … .txt

    Miaka
    Participant
    Nombre d'articles : 15

    Bonjour,
    Désolée j’ai supprimé le rapport…
    Ces derniers temps, comme le pc est hyper lent j’ai une fâcheuse tendance à tout supprimer..
    Il n’est plus dans ma corbeille non plus! ;(

    Désolée de rep en retard..

    Merci pour votre aide

    Anonyme
    Nombre d'articles : 0

    Nous allons éffectuer un diagnostic de ton ordinateur.

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
    Miaka
    Participant
    Nombre d'articles : 15

    Merci Monsieur, voici le rapport:

    ~ Rapport de ZHPDiag v2013.11.4.4 – Nicolas Coolman (4/11/2013)
    ~ Lancé par dell (5/11/2013 17:22:10)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows XP Professional Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : OK

    —\ Logiciels de protection du système
    Microsoft Security Client FR-FR Language Pack v2.1.1116.0

    —\ Logiciels d’optimisation du système
    CCleaner =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 ActiveX

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 758 MB (16% free)
    System Restore: Activé (Enable)
    System drive C: has 18 GB (48%) free of 37 GB

    —\ Mode de connexion au système
    ~ Computer Name: ADM-E6577662901
    ~ User Name: dell
    ~ All Users Names: SUPPORT_388945a0, HelpAssistant, dell, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and SettingsdellApplication DataZHP
    ~ %AppData% : C:Documents and SettingsdellApplication Data
    ~ %Desktop% : C:Documents and SettingsdellBureau
    ~ %Favorites% : C:Documents and SettingsdellFavoris
    ~ %LocalAppData% : C:Documents and SettingsdellLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsdellMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 18 Go of 37 Go)
    D: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
    ~ Security Center: 42 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.13/04/2008 – 19:34:04.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.F8DD21FC65131E064FBF11F01E4F4BFD] – (.Microsoft Corporation – Internet Extensions for Win32.) (.23/09/2013 – 19:23:33.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.13/04/2008 – 19:34:30.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 11:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 12:14:22.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 11:40:48.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.13/04/2008 – 18:57:40.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 9:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 11:41:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 11:57:16.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 12:19:44.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 12:21:02.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 12:15:54.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/04/2008 – 19:09:42.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 12:19:44.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 11:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 18:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.13/04/2008 – 18:56:06.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/25
    ~ Mes musiques (My Musics) : 2/4
    ~ Mes Videos (My Videos) : 0/0
    ~ Mes Favoris (My Favorites) : 1/34
    ~ Mes Documents (My Documents) : 2/35
    ~ Mon Bureau (My Desktop) : 2/10
    ~ Menu demarrer (Programs) : 1/29
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.0A7F86657755ADA92C57E597BF5151F7] – (.Microsoft Corporation – Antimalware Service Executable.) — c:Program FilesMicrosoft Security ClientMsMpEng.exe [22208] [PID.1084]
    [MD5.E89028D8068170E606AA0996D457AAA3] – (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe [85470352] [PID.1648]
    [MD5.2D894EDBC9348BD01168AF0D062BEEB1] – (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe [21223942] [PID.2904]
    [MD5.10247C15D999CC116C87DA36BD0AD64D] – (.Analog Devices, Inc. – SMax4PNP MFC Application.) — C:Program FilesAnalog DevicesCoresmax4pnp.exe [1404928] [PID.3244]
    [MD5.DDE4A991F26179573D2CFA7A093F56FA] – (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe [163840] [PID.3520]
    [MD5.EAF47A526B911B0961D3FECEB442E0C4] – (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe [135168] [PID.3688]
    [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] – (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe [1695232] [PID.1376]
    [MD5.E05E86D484CDA786CAA97B750F243DDC] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [20474528] [PID.968]
    [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [638816] [PID.516]
    [MD5.89BECCA60E9A652934D65EDB72A438A4] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8174080] [PID.3036]
    ~ Processes Running: Scanned in 00mn 06s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultprefs.js
    M3 – MFPP: Plugins – [dell] — C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsamazon.xml
    M3 – MFPP: Plugins – [dell] — C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsaskcom.xml
    M3 – MFPP: Plugins – [dell] — C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsbingp.xml
    M3 – MFPP: Plugins – [dell] — C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsSearch_Results.xml =>PUP.SearchResults
    M3 – MFPP: Plugins – [dell] — C:Program FilesMozilla FireFoxsearchpluginsSearch_Results.xml =>PUP.SearchResults
    M0 – MFSP: prefs.js [dell – 5lzax1qx.default] http://www.amazon.com” onclick=”window.open(this.href);return false;
    ~ Firefox Browser: 13 Legitimates Filtered in 00mn 04s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.amazon.com” onclick=”window.open(this.href);return false;
    ~ IE Browser: 10 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = cd.feuvert.be;
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 01s
    ~ Nombre de lignes (Lines number): 20

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: DataMngr – {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} . (.Bandoo Media Inc – Url Helper.) — C:Program FilesSearch Results ToolbarDatamngrBrowserConnection.dll =>Adware.Bandoo
    O2 – BHO: Search-Results Toolbar – {f34c9277-6577-4dff-b2d7-7d58092f272f} . (.APN LLC – dtx Dynamic Link Library.) — C:Program FilesSearch Results ToolbarDatamngrSRTOOL~1searchresultsDx.dll =>PUP.SearchResults
    ~ BHO: 16 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Search-Results Toolbar – [HKLM]{f34c9277-6577-4dff-b2d7-7d58092f272f} . (.APN LLC – dtx Dynamic Link Library.) — C:Program FilesSearch Results ToolbarDatamngrSRTOOL~1searchresultsDx.dll =>PUP.SearchResults
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [AllUsers]: MSN.lnk . (.Microsoft Corporation – Win32 Cabinet Self-Extractor.) — C:Program FilesMSNMSNCoreFilesInstallmsnsusii.exe =>.Microsoft Corporation
    O4 – GSProgram [dell]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
    ~ Global Startup: 7 Legitimates Filtered in 00mn 01s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – HKLM..Run: [SoundMAXPnP] . (.Analog Devices, Inc. – SMax4PNP MFC Application.) — C:Program FilesAnalog DevicesCoresmax4pnp.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [DATAMNGR] . (.Bandoo Media Inc – Data Manager.) — C:Program FilesSearch Results ToolbarDatamngrdatamngrUI.exe =>Adware.Bandoo
    O4 – HKLM..Run: [KernelFaultCheck] Clé orpheline
    O4 – HKLM..Run: [jusched7] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKLM..Run: [Intel(R)Bl] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKCU..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKCU..Run: [Intel(R)Bl4] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKLM..policiesExplorerRun: [jusched9] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKLM..policiesExplorerRun: [Intel(R)Bl5] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKCU..policiesExplorerRun: [jusched9] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKCU..policiesExplorerRun: [Intel(R)Bl5] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-18..Run: [DWQueuedReporting] . (.Microsoft Corporation – Watson Subscriber for SENS Network Notifica.) — C:Program FilesFichiers communsMicrosoft SharedDWDWTRIG20.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [Intel(R)Bl4] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~4Office14ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Notes &liées OneNote – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~4Office14ONBTTN~1.dll =>.Microsoft Corporation
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/xml – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: WgaLogon . (.Microsoft Corporation – Notifications Windows Genuine Advantage.) — C:WINDOWSsystem32WgaLogon.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.Bandoo Media Inc – Data Manager.) – C:Program FilesSEARCH~1Datamngrdatamngr.dll =>Adware.Bandoo
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. – Programme d’installation de Google.) – C:Program FilesGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O23 – Service: Skype Updater (SkypeUpdate) . (.Skype Technologies – Skype Updater Service.) – C:Program FilesSkypeUpdaterUpdater.exe
    ~ Services: 2 Legitimates Filtered in 00mn 07s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: (no name) – {X1A25B25-0C22-13AW-1V25-L5HMUV12V36O} . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    ~ Active Setup: 22 Legitimates Filtered in 00mn 01s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Search-Results Toolbar – (.APN LLC.) [HKLM] — ilividtoolbarguid =>Adware.Bandoo
    ~ Logic: 46 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAPN DTX]
    [HKCUSoftwareAlexa Internet]
    [HKCUSoftwareConduit] =>Toolbar.Conduit
    [HKCUSoftwareDataMngr] =>PUP.Datamngr
    [HKCUSoftwareDataMngr_Toolbar] =>PUP.Datamngr
    [HKCUSoftwarePoussin]
    [HKCUSoftwareiLivid] =>Adware.Bandoo
    [HKCUSoftwareÀ classé]
    [HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
    [HKLMSoftwareConduit] =>Toolbar.Conduit
    [HKLMSoftwareDataMngr] =>PUP.Datamngr
    [HKLMSoftwareDe Boeck & Larcier S.A.]
    [HKLMSoftwareiLividSRTB] =>Adware.Bandoo
    ~ Key Software: 110 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 27/05/2013 – 17:28:54 – [0,015] —-D C:Program FilesMyPC Backup =>PUP.MyPCBackup
    O43 – CFD: 6/12/2012 – 20:08:13 – [21,609] —-D C:Program FilesSearch Results Toolbar =>PUP.SearchResults
    O43 – CFD: 7/06/2013 – 11:03:37 – [0] —-D C:Documents and SettingsAll UsersApplication DataAsk
    O43 – CFD: 11/03/2012 – 19:18:41 – [0] —-D C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon
    O43 – CFD: 6/12/2012 – 20:07:11 – [0] —-D C:Documents and SettingsAll UsersApplication Databoost_interprocess
    O43 – CFD: 8/04/2005 – 3:16:43 – [0,022] –H-D C:Documents and SettingsdellApplication Data842810B
    O43 – CFD: 11/03/2012 – 19:18:41 – [0,011] —-D C:Documents and SettingsdellApplication DataBabylon =>Toolbar.Babylon
    O43 – CFD: 6/12/2012 – 20:08:44 – [0] —-D C:Documents and SettingsdellApplication Datasearchresultstb =>PUP.SearchResults
    O43 – CFD: 11/03/2012 – 19:18:42 – [13,007] —-D C:Documents and SettingsdellLocal SettingsApplication DataBabylon =>Toolbar.Babylon
    ~ Program Folder: 113 Legitimates Filtered in 00mn 25s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F76868188B955ACF92B41089C7FDF1B1] – 1/11/2013 – 15:48:06 —A- . (…) — C:WINDOWSwmsetup.log [3050]
    O44 – LFC:[MD5.59C6F6D7843521AADB43A82E3B94B064] – 2/11/2013 – 19:09:05 —A- . (…) — C:WINDOWSpLsd.dat [93102]
    O44 – LFC:[MD5.44697312B74BDD433CC3763579E4F06B] – 27/10/2013 – 23:20:07 —A- . (…) — C:WINDOWSpermis.ini [82]
    O44 – LFC:[MD5.05280EBDE8970201298787CB2AC5AC58] – 5/11/2013 – 16:32:58 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.1BFD18C488CC82B10F5713B044FA9574] – 5/11/2013 – 16:33:07 —A- . (…) — C:WINDOWSwiadebug.log [441]
    ~ Files: 18 Legitimates Filtered in 00mn 22s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.87E0EE68A051195883CBD384E2BDDDF3] – 2/11/2013 – 9:21:10 —A- – C:WINDOWSPrefetchFEUVERT.EXE-0CAAA735.pf
    O45 – LFCP:[MD5.74A38BCB3DCA0BB99314BD14736F811E] – 24/10/2013 – 20:32:20 —A- – C:WINDOWSPrefetchSEARCH_PROTECT.EXE-2CC42F38.pf
    O45 – LFCP:[MD5.1CEC2C9256D321F53217DBD3569274C4] – 27/10/2013 – 23:17:03 —A- – C:WINDOWSPrefetchSETUP_PDD0.EXE-0190A0C9.pf
    O45 – LFCP:[MD5.E9574403E4F8A05A6E7E0E8E9EB199EE] – 28/10/2013 – 23:20:01 —A- – C:WINDOWSPrefetchPERMIS.EXE-22BB8390.pf
    O45 – LFCP:[MD5.5D86AA95541F29D078F4E44A5FA68FBF] – 3/11/2013 – 13:21:59 —A- – C:WINDOWSPrefetchINTEL(R)GRAPH.EXE-30154E07.pf
    O45 – LFCP:[MD5.6C534FDB8E2B3C11258380FC34B723B8] – 3/11/2013 – 13:24:05 —A- – C:WINDOWSPrefetchINTEL(R)PL5.EXE-03189382.pf
    O45 – LFCP:[MD5.9B48DDE4A63D47137C3169110E5793D8] – 4/11/2013 – 10:25:27 —A- – C:WINDOWSPrefetchFSUM.COM-26E40E4F.pf
    O45 – LFCP:[MD5.AF9A4832589BE57F0B704BE23B0C8C86] – 4/11/2013 – 10:32:59 —A- – C:WINDOWSPrefetchGO.EXE-39722D3E.pf
    O45 – LFCP:[MD5.0F8DE88AFBEC3FDA9FAF065B5AC95989] – 5/11/2013 – 10:06:12 —A- – C:WINDOWSPrefetchINTEL(R)BL.EXE-35B8F253.pf
    O45 – LFCP:[MD5.F4CC948E678D137CB7E0E45D5ECF6251] – 5/11/2013 – 16:35:46 —A- – C:WINDOWSPrefetchDATAMN~1.EXE-0B977BB4.pf
    O45 – LFCP:[MD5.4CD44A77531E5F51DC78419E0313CC32] – 5/11/2013 – 16:36:13 —A- – C:WINDOWSPrefetchINTEL(R)BL.EXE-2D0670F3.pf
    ~ Prefetcher: 114 Legitimates Filtered in 00mn 01s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~1MICROS~4Office14GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “C:Program FilesSearch Results ToolbarDatamngrSRTOOL~1dtUser.exe” [Enabled] .(.APN LLC.) — C:Program FilesSearch Results ToolbarDatamngrSRTOOL~1dtUser.exe =>PUP.SearchResults
    ~ Keys Export: 13 Legitimates Filtered in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.E6F53D6C0DEA3D375362265E175CA638] – 24/02/2010 – 11:22:10 —A- . (.Protect Software GmbH – ProtectDisc x64/x86 Hybrid Driver.) — C:WINDOWSsystem32Driversacedrv11.sys [185472]
    O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 5/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    ~ Drivers: 5 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 2/11/2013 – 17:24:14 —A- . (…) — C:Documents and SettingsdellApplication DataZHPHOSTS.txt [790] =>.Nicolas Coolman
    O61 – LFC: 2/11/2013 – 17:24:21 —A- . (…) — C:Documents and SettingsdellFavoris2EMEMAIN EBAY KAPAZA2ememain.url [1685] =>Toolbar.eBay
    O61 – LFC: 2/11/2013 – 17:24:21 —A- . (…) — C:Documents and SettingsdellFavorisBROCANTES.url [1316]
    O61 – LFC: 2/11/2013 – 17:25:02 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftInternet Explorertabiconcache.dat [18740]
    O61 – LFC: 2/11/2013 – 17:28:32 —A- . (…) — C:Documents and SettingsdellRecentimages.lnk [250]
    O61 – LFC: 2/11/2013 – 17:28:34 —A- . (…) — C:Documents and SettingsdellRecentS4300292.lnk [359]
    O61 – LFC: 2/11/2013 – 17:28:34 —A- . (…) — C:Documents and SettingsdellRecentS4300584.lnk [359]
    O61 – LFC: 3/11/2013 – 17:23:36 –H– . (…) — C:Documents and SettingsdellApplication Data842810B3-11-2013 [1208]
    O61 – LFC: 3/11/2013 – 17:23:38 –H– . (…) — C:Documents and SettingsdellApplication Datadell-wchelper.dll [154283]
    O61 – LFC: 3/11/2013 – 17:28:34 —A- . (…) — C:Documents and SettingsdellRecentUsbFix [Scan 2] ADM-E6577662901.lnk [612]
    O61 – LFC: 3/11/2013 – 17:28:34 —A- . (…) — C:Documents and SettingsdellRecentUsbFix [Scan 3] ADM-E6577662901.lnk [612]
    O61 – LFC: 4/11/2013 – 17:23:36 –H– . (…) — C:Documents and SettingsdellApplication Data842810B4-11-2013 [12212]
    O61 – LFC: 4/11/2013 – 17:23:48 —A- . (…) — C:Documents and SettingsdellApplication DataMicrosoftMedia Player0B3338C.wpl [355]
    O61 – LFC: 4/11/2013 – 17:25:02 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftMedia PlayerCurrentDatabase_59R.wmdb [1900544]
    O61 – LFC: 4/11/2013 – 17:25:02 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftMedia Playerwmpfolders.wmdb [430]
    O61 – LFC: 4/11/2013 – 17:25:07 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftWindows Media9.0WMSDKNS.XML [13846]
    O61 – LFC: 4/11/2013 – 17:28:31 —A- . (…) — C:Documents and SettingsdellRecentCheb Hindi 2012 – Nekhdam Clandestin.lnk [393]
    O61 – LFC: 4/11/2013 – 17:28:31 —A- . (…) — C:Documents and SettingsdellRecentCheb Hindi Best Of 2013 – Sahabha Alamha Lamour.lnk [436]
    O61 – LFC: 4/11/2013 – 17:28:31 —A- . (…) — C:Documents and SettingsdellRecentCheb el Omari 2010.lnk [321]
    O61 – LFC: 4/11/2013 – 17:28:31 —A- . (…) — C:Documents and SettingsdellRecentcheb el hendi 2013 datni mp3.lnk [361]
    O61 – LFC: 4/11/2013 – 17:28:31 —A- . (…) — C:Documents and SettingsdellRecentcheb hindi nediha gawria 2012.lnk [369]
    O61 – LFC: 4/11/2013 – 17:28:32 —A- . (…) — C:Documents and SettingsdellRecentEl Hindi 2011 – Merga Had Chira.lnk [372]
    O61 – LFC: 4/11/2013 – 17:28:32 —A- . (…) — C:Documents and SettingsdellRecentlhbitri 2007.lnk [297]
    O61 – LFC: 4/11/2013 – 17:28:34 —A- . (…) — C:Documents and SettingsdellRecentUsbFix [Scan 1] ADM-E6577662901.lnk [612]
    O61 – LFC: 5/11/2013 – 17:23:36 –H– . (…) — C:Documents and SettingsdellApplication Data842810B5-11-2013 [9475]
    O61 – LFC: 5/11/2013 – 17:23:38 —A- . (…) — C:Documents and SettingsdellApplication Datadellv3.4.2.2.vbs [808]
    O61 – LFC: 5/11/2013 – 17:24:14 —A- . (…) — C:Documents and SettingsdellApplication DataZHPLog.txt [21313] =>.Nicolas Coolman
    O61 – LFC: 5/11/2013 – 17:24:14 —A- . (…) — C:Documents and SettingsdellApplication DataZHPTestsZHPDiag.txt [3172] =>.Nicolas Coolman
    O61 – LFC: 5/11/2013 – 17:24:14 —A- . (…) — C:Documents and SettingsdellBureauZHPDiag.lnk [1523] =>.Nicolas Coolman
    O61 – LFC: 5/11/2013 – 17:24:14 —A- . (…) — C:Documents and SettingsdellBureauZHPFix.lnk [1628] =>.Nicolas Coolman
    O61 – LFC: 5/11/2013 – 17:24:21 —A- . (…) — C:Documents and SettingsdellFavorisLa doudoune longue wow.url [1048]
    O61 – LFC: 5/11/2013 – 17:24:21 —A- . (…) — C:Documents and SettingsdellFavorisManteau long – A vendre €25 à Mettet 2ememain.be.url [4600]
    O61 – LFC: 5/11/2013 – 17:24:21 —A- . (…) — C:Documents and SettingsdellFavorisPC BANKINGPC BANKING FORTIS BANQUE.url [1088]
    O61 – LFC: 5/11/2013 – 17:24:21 —A- . (…) — C:Documents and SettingsdellFavorisParka capuche amovible SOFT GREY La Redoute.url [1059]
    O61 – LFC: 5/11/2013 – 17:24:21 —A- . (…) — C:Documents and SettingsdellFavorisTELECHARGER.url [596]
    O61 – LFC: 5/11/2013 – 17:24:21 -SHA- . (…) — C:Documents and SettingsdellIECompatCacheindex.dat [65536]
    O61 – LFC: 5/11/2013 – 17:24:21 -SHA- . (…) — C:Documents and SettingsdellIETldCacheindex.dat [262144]
    O61 – LFC: 5/11/2013 – 17:28:31 —A- . (…) — C:Documents and SettingsdellRecentAdele – Someone Like You.lnk [345]
    O61 – LFC: 5/11/2013 – 17:28:32 —A- . (…) — C:Documents and SettingsdellRecentMOUNIR (E).lnk [185]
    O61 – LFC: 5/11/2013 – 17:28:33 —A- . (…) — C:Documents and SettingsdellRecentmounir.lnk [249]
    O61 – LFC: 5/11/2013 – 17:28:34 —A- . (…) — C:Documents and SettingsdellRecent_____ _____ ______ (_____ ___ ______).lnk [473]
    O61 – LFC: 5/11/2013 – 17:28:34 —A- . (…) — C:Documents and SettingsdellRecentwill.i.am – Heartbreaker ft. Cheryl Cole.lnk [409]
    ~ 17 Fichiers temporaires (Temporary files)
    ~ 194 Fichiers cookies (Cookies files)
    ~ Files: 332 Legitimates Filtered in 04mn 58s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 9 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsaskcom.xml
    O69 – SBI: prefs.js [dell – 5lzax1qx.default] user_pref(“extensions.asktb.ff-original-keyword-url”, “http://www.amazon.com/websearch/ref=bit_bds-p12_serp_ff_us_display?ie=UTF8&[…]
    O69 – SBI: SearchScopes [HKCU] A144FA10FAB840C1BBB3C125047CF88B – (Amazon) – http://www.amazon.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {78539862-2E3B-4F4E-AA81-2E42695902C1} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    O69 – SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} – (Search Results) – http://dts.search-results.com” onclick=”window.open(this.href);return false; =>PUP.SearchResults
    O69 – SBI: SearchScopes [HKCU] {a5b9c0f5-5616-47cd-a95f-e43b488faccf} – (My Web Search) – http://search.mywebsearch.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    O69 – SBI: SearchScopes [HKCU] {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {FEC05A40-4F72-4D7B-8066-6CE05F5FF1C2} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.705FD70F8FF19A91F51F40D395C5FA05] [SPRF][2/10/2013] (.Java (TM) – Java (TM).) — C:Documents and SettingsdellLocal SettingsApplication DataIntel(TM)7z.exe [24675532]
    [MD5.CF43D0F929AE3335692D014F4DF05E6D] [SPRF][3/11/2013] (…) — C:Documents and SettingsdellApplication Datadell-wchelper.dll [154283]
    ~ Files: 3 Legitimates Filtered in 00mn 02s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.A20F87C59CDD86A1BB68D2058F2C5263] [WIS][16/05/2013] (.Google Inc. – Google Toolbar for Internet Explorer.) — C:WindowsInstaller137058.msi [24064] =>Toolbar.Google
    ~ WIS: 48 Legitimates Filtered in 00mn 10s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 9/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Auto 16/05/2013 136176 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/05/2013 136176 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/05/2013 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Auto 5/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    ~ Services: Scanned in 00mn 11s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by dell at 5/11/2013 17:29:56

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceHarddisk0DR0[0x82FE5AB8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 12 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by dell at 5/11/2013 17:29:58

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 12971 – (4/11/2013)
    Clés trouvées (Keys found) : 41
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 7
    Fichiers trouvés (Files found) : 4

    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}] =>Adware.Bandoo^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.SearchResults^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallilividtoolbarguid] =>Adware.Bandoo^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
    [HKLMSoftwareClassesTypeLib{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}] =>Adware.Bandoo
    [HKLMSoftwareClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}] =>Adware.Bandoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}] =>Adware.Bandoo
    [HKLMSoftwareClassesCLSID{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}] =>Adware.Bandoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{c98d5b61-b0ea-4d48-9839-1079d352d880}] =>Adware.MyWebSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{c98d5b61-b0ea-4d48-9839-1079d352d880}] =>Adware.MyWebSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
    [HKLMSoftwareClassesAppID{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
    [HKLMSoftwareClassesCLSID{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F443A627-5009-4323-9C1D-7FD598D0D712}] =>Toolbar.Amazon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{F443A627-5009-4323-9C1D-7FD598D0D712}] =>Toolbar.Amazon
    [HKLMSoftwareClassesAppIDBrowserConnection.dll] =>Adware.Bandoo
    [HKLMSoftwareClassesBrowserConnection.Loader] =>Adware.Bandoo
    [HKLMSoftwareClassesBrowserConnection.Loader.1] =>Adware.Bandoo
    [HKCUSoftwareMicrosoftInternet ExplorerMenuExt&search] =>Adware.BHO
    [HKCUSoftwareAPN DTX] =>Toolbar.Ask
    [HKCUSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareDataMngr] =>Adware.Bandoo
    [HKCUSoftwareDataMngr_Toolbar] =>Toolbar.Agent
    [HKLMSoftwareiLividSRTB] =>Adware.Bandoo
    [HKCUSoftwareilivid] =>Adware.Bandoo
    [HKLMSoftwareClassesProd.cap] =>Toolbar.Babylon
    [HKLMSoftwareClassesCLSID{9FF9AE6F-4553-41A7-B645-B0E88850EABF}] =>Adware.Bandoo
    [HKLMSoftwareClassesCLSID{CE4DB5A3-58E6-41F1-8761-47238DF4F468}] =>Adware.Bandoo
    [HKLMSoftwareClassesTypeLib{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}] =>Adware.Bandoo
    [HKLMSoftwareClassesInterface{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}] =>Adware.Bandoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{f34c9277-6577-4dff-b2d7-7d58092f272f} =>PUP.SearchResults^
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:DATAMNGR =>Adware.Bandoo^
    C:Program FilesMyPC Backup =>PUP.MyPCBackup^
    C:Program FilesSearch Results Toolbar =>PUP.SearchResults^
    C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon^
    C:Documents and SettingsdellApplication DataBabylon =>Toolbar.Babylon^
    C:Documents and SettingsdellApplication Datasearchresultstb =>PUP.SearchResults^
    C:Documents and SettingsdellLocal SettingsApplication DataBabylon =>Toolbar.Babylon^
    C:Program FilesAmazon Browser Bar =>Toolbar.Amazon
    [HKCUSoftwareConduit] =>Toolbar.Conduit^
    [HKCUSoftwareiLivid] =>Adware.Bandoo^
    [HKLMSoftwareConduit] =>Toolbar.Conduit^
    C:WindowsInstaller137058.msi =>Toolbar.Google^
    ~ Additionnel Scan: 163912 Items scanned in 00mn 27s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults” onclick=”window.open(this.href);return false; =>PUP.SearchResults
    ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    ~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/34702976-toolbar-ebay” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype” onclick=”window.open(this.href);return false; =>Toolbar.Skype
    ~ http://nicolascoolman.webs.com/apps/blog/show/28419247-toolbar-avira” onclick=”window.open(this.href);return false; =>Toolbar.Avira
    ~ http://nicolascoolman.webs.com/apps/blog/show/27157393-adware-mapsgalaxy” onclick=”window.open(this.href);return false; =>Adware.MapsGalaxy
    ~ MSI: 13 link(s) detected in 00mn 27s

    ~ 1164 Legitimates filtered by white list
    End of the scan (594 lines in 08mn 16s)(0)

    Anonyme
    Nombre d'articles : 0
    • Télécharge OTM de OldTimer sur ton bureau.
    • Double-clique sur OTM.exe pour le lancer.
    • Sous Vista/Seven , clic droit -> lancer en tant qu’administrateur
    • Copie la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.


    :files
    C:UsersPublic*.exe
    C:UsersPublic*.vbe
    C:Documents and SettingsdellApplication Data842810B
    C:WINDOWSPrefetch*.pf
    C:Documents and SettingsdellApplication Datadell-wchelper.dll
    C:Documents and SettingsdellApplication Data*.exe
    C:Documents and SettingsdellApplication DataPublic
    C:Documents and SettingsdellApplication Data*.vbs
    C:Documents and SettingsdellLocal SettingsApplication Data*.exe
    C:Documents and SettingsdellLocal SettingsApplication Data*.vbs

    :Reg
    [-HKEY_CURRENT_USERSoftwareÀ classé]
    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
    "8jusched"=-
    "Intel(R)Bl4"=-
    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
    "jusched7"=-
    "Intel(R)Bl"=-
    [HKEY_USERSS-1-5-21-1957994488-152049171-725345543-1003SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun]
    "8jusched"=-
    "Intel(R)Bl4"=-
    [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun]
    "9jusched"=-
    "Intel(R)Bl5"=-
    [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun]
    "9jusched"=-
    "Intel(R)Bl5"=-

    :commands
    [emptytemp]
    • Clique sur “MoveIt!” .
    • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l’ordinateur.
    • Si c’est le cas, acceptes en cliquant sur “YES”.
    • Post le rapport dans ta prochaine réponse.
    • Le rapport est situé dans C:_OTMMovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).
    Miaka
    Participant
    Nombre d'articles : 15

    merci de m’aider :)

    voici le contenu du rapport, si y a moyen de vous l’envoyer autrement pour que ça ne soit pas une grosse tartine, n’hésitez pas à me dire comment..

    merci d’avance

    All processes killed
    ========== FILES ==========
    C:UsersPublicIntel(R)Bl.exe moved successfully.
    C:UsersPublicIntel(R)Graph.exe moved successfully.
    C:UsersPublicIntel(R)Pl5.exe moved successfully.
    C:UsersPublicjusched.exe moved successfully.
    C:UsersPublic4z1z.VBE moved successfully.
    C:UsersPublic7z1z.VBE moved successfully.
    C:UsersPublic9eimmD.vbe moved successfully.
    C:UsersPublic9eizmmD.vbe moved successfully.
    C:UsersPublic9stiemD.VBE moved successfully.
    C:UsersPublic9stziemD.VBE moved successfully.
    C:Documents and SettingsdellApplication Data842810B folder moved successfully.
    C:WINDOWSPrefetchAM_DELTA_PATCH_1.161.1151.0.E-2BCF3F55.pf moved successfully.
    C:WINDOWSPrefetchAM_DELTA_PATCH_1.161.1251.0.E-2B58D3BC.pf moved successfully.
    C:WINDOWSPrefetchAM_DELTA_PATCH_1.161.1332.0.E-1F5B9583.pf moved successfully.
    C:WINDOWSPrefetchAM_DELTA_PATCH_1.161.659.0.EX-06D5063A.pf moved successfully.
    C:WINDOWSPrefetchAM_DELTA_PATCH_1.161.801.0.EX-1CC2825D.pf moved successfully.
    C:WINDOWSPrefetchAM_DELTA_PATCH_1.161.846.0.EX-0C338AD2.pf moved successfully.
    C:WINDOWSPrefetchAM_DELTA_PATCH_1.161.896.0.EX-19D9B98D.pf moved successfully.
    C:WINDOWSPrefetchAU_.EXE-05C8D81D.pf moved successfully.
    C:WINDOWSPrefetchCCLEANER.EXE-0BCE437C.pf moved successfully.
    C:WINDOWSPrefetchCLEANMGR.EXE-1F86EA8E.pf moved successfully.
    C:WINDOWSPrefetchCMD.EXE-087B4001.pf moved successfully.
    C:WINDOWSPrefetchCSCRIPT.EXE-1C26180C.pf moved successfully.
    C:WINDOWSPrefetchCTFMON.EXE-0E17969B.pf moved successfully.
    C:WINDOWSPrefetchDATAMN~1.EXE-0B977BB4.pf moved successfully.
    C:WINDOWSPrefetchDEFRAG.EXE-273F131E.pf moved successfully.
    C:WINDOWSPrefetchDFRGNTFS.EXE-269967DF.pf moved successfully.
    C:WINDOWSPrefetchDRWTSN32.EXE-2B4B52AC.pf moved successfully.
    C:WINDOWSPrefetchDUMPREP.EXE-1B46F901.pf moved successfully.
    C:WINDOWSPrefetchDW20.EXE-0F7C73AD.pf moved successfully.
    C:WINDOWSPrefetchDWWIN.EXE-30875ADC.pf moved successfully.
    C:WINDOWSPrefetchEXPLORER.EXE-082F38A9.pf moved successfully.
    C:WINDOWSPrefetchFACEBOOKUPDATE.EXE-14C47792.pf moved successfully.
    C:WINDOWSPrefetchFEUVERT.EXE-0CAAA735.pf moved successfully.
    C:WINDOWSPrefetchFINDSTR.EXE-0CA6274B.pf moved successfully.
    C:WINDOWSPrefetchFLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf moved successfully.
    C:WINDOWSPrefetchFSUM.COM-26E40E4F.pf moved successfully.
    C:WINDOWSPrefetchGO.EXE-39722D3E.pf moved successfully.
    C:WINDOWSPrefetchGOOGLECRASHHANDLER.EXE-27588DA3.pf moved successfully.
    C:WINDOWSPrefetchGOOGLECRASHHANDLER.EXE-39D7EE95.pf moved successfully.
    C:WINDOWSPrefetchGOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
    C:WINDOWSPrefetchGOOGLEUPDATE.EXE-2C9D1F31.pf moved successfully.
    C:WINDOWSPrefetchGREP.COM-2D03091C.pf moved successfully.
    C:WINDOWSPrefetchHELPSVC.EXE-2878DDA2.pf moved successfully.
    C:WINDOWSPrefetchHKCMD.EXE-1D05234B.pf moved successfully.
    C:WINDOWSPrefetchIASTORICON.EXE-2AA6B195.pf moved successfully.
    C:WINDOWSPrefetchIEXPLORE.EXE-27122324.pf moved successfully.
    C:WINDOWSPrefetchIGFXPERS.EXE-2C07C174.pf moved successfully.
    C:WINDOWSPrefetchIGFXSRVC.EXE-2FB63FE8.pf moved successfully.
    C:WINDOWSPrefetchIGFXTRAY.EXE-3391579A.pf moved successfully.
    C:WINDOWSPrefetchIKERNEL.EXE-048903CE.pf moved successfully.
    C:WINDOWSPrefetchIKERNEL.EXE-0F497BD1.pf moved successfully.
    C:WINDOWSPrefetchINTEL(R)BL.EXE-2D0670F3.pf moved successfully.
    C:WINDOWSPrefetchINTEL(R)BL.EXE-35B8F253.pf moved successfully.
    C:WINDOWSPrefetchINTEL(R)GRAPH.EXE-30154E07.pf moved successfully.
    C:WINDOWSPrefetchINTEL(R)PL5.EXE-03189382.pf moved successfully.
    C:WINDOWSPrefetchINTEL(TM)7Z.EXE-1F777EF7.pf moved successfully.
    C:WINDOWSPrefetchINTEL(TM)7Z.EXE-289DB3AB.pf moved successfully.
    C:WINDOWSPrefetchJUSCHED.EXE-0173BDFB.pf moved successfully.
    C:WINDOWSPrefetchJUSCHED.EXE-116B8467.pf moved successfully.
    C:WINDOWSPrefetchJUSCHED.EXE-158C0737.pf moved successfully.
    C:WINDOWSPrefetchJUSCHED.EXE-29EED084.pf moved successfully.
    C:WINDOWSPrefetchLADS.EXE-06335087.pf moved successfully.
    C:WINDOWSPrefetchLOGONUI.EXE-0AF22957.pf moved successfully.
    C:WINDOWSPrefetchMBR.EXE-313604BE.pf moved successfully.
    C:WINDOWSPrefetchMBRCHECK.EXE-2B10ECF1.pf moved successfully.
    C:WINDOWSPrefetchMPCMDRUN.EXE-1E628E9C.pf moved successfully.
    C:WINDOWSPrefetchMPSIGSTUB.EXE-1D30D19B.pf moved successfully.
    C:WINDOWSPrefetchMSHTA.EXE-331DF029.pf moved successfully.
    C:WINDOWSPrefetchMSIEXEC.EXE-2F8A8CAE.pf moved successfully.
    C:WINDOWSPrefetchMSMPENG.EXE-053C8CA0.pf moved successfully.
    C:WINDOWSPrefetchMSMSGS.EXE-2B6052DE.pf moved successfully.
    C:WINDOWSPrefetchMSSECES.EXE-14257906.pf moved successfully.
    C:WINDOWSPrefetchNOTEPAD.EXE-336351A9.pf moved successfully.
    C:WINDOWSPrefetchNSLOOKUP.EXE-160B1221.pf moved successfully.
    C:WINDOWSPrefetchNTOSBOOT-B00DFAAD.pf moved successfully.
    C:WINDOWSPrefetchOSPPSVC.EXE-307F45D2.pf moved successfully.
    C:WINDOWSPrefetchOTM.EXE-3790DD77.pf moved successfully.
    C:WINDOWSPrefetchOUTLOOK.EXE-0454B3E2.pf moved successfully.
    C:WINDOWSPrefetchPERMIS.EXE-22BB8390.pf moved successfully.
    C:WINDOWSPrefetchPV.EXE-215F4419.pf moved successfully.
    C:WINDOWSPrefetchREGSVR32.EXE-25EEFE2F.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-132C8EAC.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-13E2ECEC.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-147710F4.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-1BC55A4F.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-1BC69D2D.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-3EAF638B.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-416F1D64.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-451FC2C0.pf moved successfully.
    C:WINDOWSPrefetchRUNDLL32.EXE-4984B0FE.pf moved successfully.
    C:WINDOWSPrefetchSCHTASKS.EXE-0CBF6A11.pf moved successfully.
    C:WINDOWSPrefetchSEARCH_PROTECT.EXE-2CC42F38.pf moved successfully.
    C:WINDOWSPrefetchSETUP.EXE-393E66AE.pf moved successfully.
    C:WINDOWSPrefetchSETUP_PDD0.EXE-0190A0C9.pf moved successfully.
    C:WINDOWSPrefetchSETUP_WM.EXE-3135CBD6.pf moved successfully.
    C:WINDOWSPrefetchSETUP_WM.EXE-33C67984.pf moved successfully.
    C:WINDOWSPrefetchSKYPE.EXE-30AE1A60.pf moved successfully.
    C:WINDOWSPrefetchSMAX4PNP.EXE-381239AF.pf moved successfully.
    C:WINDOWSPrefetchSOL.EXE-1C0C14EB.pf moved successfully.
    C:WINDOWSPrefetchSPOOLSV.EXE-282F76A7.pf moved successfully.
    C:WINDOWSPrefetchSSSTARS.SCR-2D6FC20D.pf moved successfully.
    C:WINDOWSPrefetchSUBINACL.EXE-17974576.pf moved successfully.
    C:WINDOWSPrefetchTASKMGR.EXE-20256C55.pf moved successfully.
    C:WINDOWSPrefetchUN-USBFIX.EXE-3896FACC.pf moved successfully.
    C:WINDOWSPrefetchUPDATER.EXE-0E835CED.pf moved successfully.
    C:WINDOWSPrefetchUPDATETASK.EXE-154F922C.pf moved successfully.
    C:WINDOWSPrefetchUSBFIX.EXE-003240E9.pf moved successfully.
    C:WINDOWSPrefetchUSBFIX[1].EXE-03418A10.pf moved successfully.
    C:WINDOWSPrefetchUSBFIX[1].EXE-081666FC.pf moved successfully.
    C:WINDOWSPrefetchUSBFIX[1].EXE-0E8F9782.pf moved successfully.
    C:WINDOWSPrefetchUSBFIX[1].EXE-0FA1222D.pf moved successfully.
    C:WINDOWSPrefetchUSBFIX[1].EXE-2AE615A2.pf moved successfully.
    C:WINDOWSPrefetchVERCLSID.EXE-3667BD89.pf moved successfully.
    C:WINDOWSPrefetchWINWORD.EXE-14C9B39E.pf moved successfully.
    C:WINDOWSPrefetchWLLOGINPROXY.EXE-2D4B6027.pf moved successfully.
    C:WINDOWSPrefetchWMIADAP.EXE-2DF425B2.pf moved successfully.
    C:WINDOWSPrefetchWMIPRVSE.EXE-28F301A9.pf moved successfully.
    C:WINDOWSPrefetchWMPLAYER.EXE-18DDEF9D.pf moved successfully.
    C:WINDOWSPrefetchWMPLAYER.EXE-18DDEFA1.pf moved successfully.
    C:WINDOWSPrefetchWMPLAYER.EXE-18DDEFA2.pf moved successfully.
    C:WINDOWSPrefetchWSCRIPT.EXE-32960AB9.pf moved successfully.
    C:WINDOWSPrefetchWUAUCLT.EXE-399A8E72.pf moved successfully.
    C:WINDOWSPrefetchZHPDIAG.EXE-021B7932.pf moved successfully.
    C:WINDOWSPrefetchZHPDIAG2.EXE-118B494F.pf moved successfully.
    C:WINDOWSPrefetchZHPDIAG2.TMP-3A1CB463.pf moved successfully.
    C:WINDOWSPrefetchZHPFIX.EXE-0BB68D6A.pf moved successfully.
    C:WINDOWSPrefetchZHPHEP.EXE-025A0224.pf moved successfully.
    C:WINDOWSPrefetchZHPHEP.EXE-07C98D09.pf moved successfully.
    LoadLibrary failed for C:Documents and SettingsdellApplication Datadell-wchelper.dll
    C:Documents and SettingsdellApplication Datadell-wchelper.dll moved successfully.
    File/Folder C:Documents and SettingsdellApplication Data*.exe not found.
    File/Folder C:Documents and SettingsdellApplication DataPublic not found.
    C:Documents and SettingsdellApplication Datadellv3.4.2.2.vbs moved successfully.
    C:Documents and SettingsdellLocal SettingsApplication DataIntel(TM)7z.exe moved

    successfully.
    File/Folder C:Documents and SettingsdellLocal SettingsApplication Data*.vbs not found.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USERSoftwareÀ classé deleted successfully.
    Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\8jusched

    deleted successfully.
    Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun\Intel(R)Bl4

    deleted successfully.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\jusched7

    deleted successfully.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\Intel(R)Bl

    deleted successfully.
    Registry value

    HKEY_USERSS-1-5-21-1957994488-152049171-725345543-1003SoftwareMicrosoftWindowsCurrentVe

    rsionPoliciesExplorerrun\8jusched not found.
    Registry value

    HKEY_USERSS-1-5-21-1957994488-152049171-725345543-1003SoftwareMicrosoftWindowsCurrentVe

    rsionPoliciesExplorerrun\Intel(R)Bl4 not found.
    Registry value

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun\9jusched

    not found.
    Registry value

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun\Intel(R)

    Bl5 deleted successfully.
    Registry value

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun\9jusched

    not found.
    Registry value

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun\Intel(R)B

    l5 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: dell
    ->Temp folder emptied: 275239955 bytes
    ->Temporary Internet Files folder emptied: 753141084 bytes
    ->FireFox cache emptied: 1718955 bytes
    ->Flash cache emptied: 9991 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3695393 bytes

    User: NetworkService
    ->Temp folder emptied: 3507278 bytes
    ->Temporary Internet Files folder emptied: 1162139 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2134506 bytes
    %systemroot%System32 .tmp files removed: 774656 bytes
    %systemroot%System32dllcache .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 366275657 bytes
    %systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 391250578

    bytes
    %systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder

    emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.716,00 mb

    OTM by OldTimer – Version 3.1.21.0 log created on 11052013_182649

    Files moved on Reboot…

    Registry entries deleted on Reboot…

    Anonyme
    Nombre d'articles : 0

    Impec :bravo1:

    • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisi l’option Scanner
      2. Choisi l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Acceptes les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
    Miaka
    Participant
    Nombre d'articles : 15

    merci pour le suivi

    voici le rapport:

    # AdwCleaner v3.011 – Rapport créé le 05/11/2013 à 19:56:01
    # Mis à jour le 03/11/2013 par Xplode
    # Système d’exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d’utilisateur : dell – ADM-E6577662901
    # Exécuté depuis : C:Documents and SettingsdellBureauadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Documents and SettingsAll UsersApplication DataAsk
    Dossier Supprimé : C:Documents and SettingsAll UsersApplication DataBabylon
    Dossier Supprimé : C:Documents and SettingsAll UsersApplication Databoost_interprocess
    Dossier Supprimé : C:Program FilesAmazon Browser Bar
    Dossier Supprimé : C:Program FilesMyPC Backup
    Dossier Supprimé : C:Program FilesSearch Results Toolbar
    Dossier Supprimé : C:Documents and SettingsNetworkServiceLocal SettingsApplication DataAmazon Browser Bar
    Dossier Supprimé : C:Documents and SettingsdellLocal SettingsApplication DataBabylon
    Dossier Supprimé : C:Documents and SettingsdellApplication DataBabylon
    Dossier Supprimé : C:Documents and SettingsdellApplication Datailividtoolbarguid
    Dossier Supprimé : C:Documents and SettingsdellApplication Datasearchresultstb
    Dossier Supprimé : C:Documents and SettingsdellApplication DataSystweak
    Dossier Supprimé : C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultilividtoolbarguid
    Fichier Supprimé : C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultExtensions{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    Fichier Supprimé : C:Program FilesMozilla FirefoxExtensions{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    Fichier Supprimé : C:WINDOWSsystem32roboot.exe
    Fichier Supprimé : C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.default.autoreg
    Fichier Supprimé : C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsAskcom.xml
    Fichier Supprimé : C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsbingp.xml
    Fichier Supprimé : C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsSearch_Results.xml
    Fichier Supprimé : C:Program FilesMozilla FirefoxsearchpluginsSearch_Results.xml

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerMenuExt&Search
    Clé Supprimée : HKLMSOFTWAREClassesAppIDBrowserConnection.dll
    Clé Supprimée : HKLMSOFTWAREClassesApplicationsilividsetup.exe
    Clé Supprimée : HKLMSOFTWAREClassesBrowserConnection.Loader
    Clé Supprimée : HKLMSOFTWAREClassesBrowserConnection.Loader.1
    Clé Supprimée : HKLMSOFTWAREClassesiLividIEHelper.DNSGuard
    Clé Supprimée : HKLMSOFTWAREClassesiLividIEHelper.DNSGuard.1
    Clé Supprimée : HKLMSOFTWAREClassesProd.cap
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho.1
    Valeur Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [DataMngr]
    Clé Supprimée : HKLMSOFTWAREClassesAppID{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{F34C9277-6577-4DFF-B2D7-7D58092F272F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F34C9277-6577-4DFF-B2D7-7D58092F272F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{04D2B915-19FF-41E9-994D-95DC898BEA43}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EA582743-9076-4178-9AA6-7393FDF4D5CE}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F34C9277-6577-4DFF-B2D7-7D58092F272F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F443A627-5009-4323-9C1D-7FD598D0D712}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{5D79F641-C168-40DF-A32F-BACEA7509E75}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C98D5B61-B0EA-4D48-9839-1079D352D880}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EA582743-9076-4178-9AA6-7393FDF4D5CE}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{F34C9277-6577-4DFF-B2D7-7D58092F272F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{F443A627-5009-4323-9C1D-7FD598D0D712}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{F34C9277-6577-4DFF-B2D7-7D58092F272F}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{F34C9277-6577-4DFF-B2D7-7D58092F272F}]
    Valeur Supprimée : HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList [C:Program FilesSearch Results ToolbarDatamngrSRTOOL~1dtUser.exe]
    Clé Supprimée : HKCUSoftwareAlexa Internet
    Clé Supprimée : HKCUSoftwareAPN DTX
    Clé Supprimée : HKCUSoftwareConduit
    Clé Supprimée : HKCUSoftwareDataMngr
    Clé Supprimée : HKCUSoftwareDataMngr_Toolbar
    Clé Supprimée : HKCUSoftwaredistromatic
    Clé Supprimée : HKCUSoftwareilivid
    Clé Supprimée : HKCUSoftwareilividtoolbarguid
    Clé Supprimée : HKCUSoftwaresystweak
    Clé Supprimée : HKLMSoftwareConduit
    Clé Supprimée : HKLMSoftwareDataMngr
    Clé Supprimée : HKLMSoftwareiLividSRTB
    Clé Supprimée : HKLMSoftwaresystweak
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilividtoolbarguid
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSearch Results Toolbar
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheilividtoolbarguid
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyPC Backup
    Donnée Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – C:PROGRA~1SEARCH~1Datamngrdatamngr.dll
    Donnée Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – C:PROGRA~1SEARCH~1DatamngrIEBHO.dll

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v8.0.6001.18702

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]

    -\ Mozilla Firefox v

    [ Fichier : C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultprefs.js ]

    Ligne Supprimée : user_pref(“browser.startup.homepage”, “hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ff_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_db6fb654a5e24b488ee8d41c07358dd4_39_1006_20130[…]
    Ligne Supprimée : user_pref(“browser.search.defaultengine”, “Ask.com”);
    Ligne Supprimée : user_pref(“extensions.asktb.ff-original-keyword-url”, “hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ff_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_db6fb654a5e24b488ee8d41c07358d[…]
    Ligne Supprimée : user_pref(“keyword.URL”, “hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ff_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_db6fb654a5e24b488ee8d41c07358dd4_39_1006_20130330_BE_ff_ab_[…]

    *************************

    AdwCleaner[R0].txt – [10016 octets] – [05/11/2013 19:45:10]
    AdwCleaner[S0].txt – [9886 octets] – [05/11/2013 19:56:01]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [9946 octets] ##########

    Anonyme
    Nombre d'articles : 0

    merci pour le suivi

    ;)

    • Télécharge Malwarebytes’ Anti-Malware et installe le.
    • Lance Malwarebytes’ Anti-Malware.
    • Clique sur l’onglet “Mises à jours” puis sur “Rechercher des mises à jours”.
    • Clique sur l’onglet “Recherche”, coche “éxécuter un examen rapide” puis clic sur Rechercher.

    A la fin de l’analyse, si MBAM n’a rien trouvé :

    • Clique sur OK, le rapport s’ouvre spontanément.

    Si des menaces ont été détectées :

    • Clique sur OK puis “Afficher les résultats”.
    • Coches toutes les cases.
    • Choisis l’option “Supprimer la sélection”.

    • Si MBAM demande le redémarrage de Windows : Clique sur “Oui”.
    • Une fois le PC redémarré, le rapport se trouve dans l’onglet “Rapports/Logs”.
    • Sinon le rapport s’ouvre automatiquement après la suppression.
    • Post le rapport dans ta prochaine réponse.
    Miaka
    Participant
    Nombre d'articles : 15

    voici le rapport, merci
    ps: est-ce que je peux désinstaller tous les pgms car le pc devient très lent de nouveau…?
    merci d’avance

    Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.11.05.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    dell :: ADM-E6577662901 [administrateur]

    Protection: Activé

    5/11/2013 21:32:28
    mbam-log-2013-11-05 (21-32-28).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 190976
    Temps écoulé: 10 minute(s), 50 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 1
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 2
    C:Documents and SettingsAll UsersDocumentsBabylon9_setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsdellApplication Datadell-wchelper.dll (Trojan.Agent.Gen) -> Mis en quarantaine et supprimé avec succès.

    (fin)

    Anonyme
    Nombre d'articles : 0

    ps: est-ce que je peux désinstaller tous les pgms car le pc devient très lent de nouveau…?

    Pas encore , refais un scan ZHPdiag et post le nouveau rapport stp

    Miaka
    Participant
    Nombre d'articles : 15

    Bonjour,
    Merci pour votre patience..

    ~ Rapport de ZHPDiag v2013.11.6.9 – Nicolas Coolman (6/11/2013)
    ~ Lancé par dell (6/11/2013 11:54:10)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows XP Professional Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client FR-FR Language Pack v2.1.1116.0

    —\ Logiciels d’optimisation du système
    CCleaner =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 ActiveX

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 758 MB (21% free)
    System Restore: Activé (Enable)
    System drive C: has 19 GB (51%) free of 37 GB

    —\ Mode de connexion au système
    ~ Computer Name: ADM-E6577662901
    ~ User Name: dell
    ~ All Users Names: SUPPORT_388945a0, HelpAssistant, dell, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and SettingsdellApplication DataZHP
    ~ %AppData% : C:Documents and SettingsdellApplication Data
    ~ %Desktop% : C:Documents and SettingsdellBureau
    ~ %Favorites% : C:Documents and SettingsdellFavoris
    ~ %LocalAppData% : C:Documents and SettingsdellLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsdellMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 19 Go of 37 Go)
    D: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
    ~ Security Center: 42 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.13/04/2008 – 19:34:04.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.F8DD21FC65131E064FBF11F01E4F4BFD] – (.Microsoft Corporation – Internet Extensions for Win32.) (.23/09/2013 – 19:23:33.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.13/04/2008 – 19:34:30.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 11:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 12:14:22.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 11:40:48.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.13/04/2008 – 18:57:40.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 9:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 11:41:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 11:57:16.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 12:19:44.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 12:21:02.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 12:15:54.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/04/2008 – 19:09:42.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 12:19:44.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 11:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 18:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.13/04/2008 – 18:56:06.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/25
    ~ Mes musiques (My Musics) : 2/4
    ~ Mes Videos (My Videos) : 0/0
    ~ Mes Favoris (My Favorites) : 1/34
    ~ Mes Documents (My Documents) : 2/35
    ~ Mon Bureau (My Desktop) : 2/14
    ~ Menu demarrer (Programs) : 1/29
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.0A7F86657755ADA92C57E597BF5151F7] – (.Microsoft Corporation – Antimalware Service Executable.) — c:Program FilesMicrosoft Security ClientMsMpEng.exe [22208] [PID.1080]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.396]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.840]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.304]
    [MD5.E89028D8068170E606AA0996D457AAA3] – (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe [85470352] [PID.3300]
    [MD5.2D894EDBC9348BD01168AF0D062BEEB1] – (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe [21223942] [PID.972]
    [MD5.10247C15D999CC116C87DA36BD0AD64D] – (.Analog Devices, Inc. – SMax4PNP MFC Application.) — C:Program FilesAnalog DevicesCoresmax4pnp.exe [1404928] [PID.2916]
    [MD5.DDE4A991F26179573D2CFA7A093F56FA] – (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe [163840] [PID.3264]
    [MD5.EAF47A526B911B0961D3FECEB442E0C4] – (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe [135168] [PID.3524]
    [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] – (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe [1695232] [PID.2760]
    [MD5.E05E86D484CDA786CAA97B750F243DDC] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [20474528] [PID.2432]
    [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [638816] [PID.1824]
    [MD5.E85885654C2E05ED6EEF9DDE0E4880C4] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8179712] [PID.1060]
    ~ Processes Running: Scanned in 00mn 08s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultprefs.js
    M3 – MFPP: Plugins – [dell] — C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultsearchpluginsamazon.xml
    ~ Firefox Browser: 8 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = cd.feuvert.be;
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [AllUsers]: MSN.lnk . (.Microsoft Corporation – Win32 Cabinet Self-Extractor.) — C:Program FilesMSNMSNCoreFilesInstallmsnsusii.exe =>.Microsoft Corporation
    O4 – GSProgram [dell]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
    ~ Global Startup: 7 Legitimates Filtered in 01mn 15s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – HKLM..Run: [SoundMAXPnP] . (.Analog Devices, Inc. – SMax4PNP MFC Application.) — C:Program FilesAnalog DevicesCoresmax4pnp.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKLM..Run: [KernelFaultCheck] Clé orpheline
    O4 – HKLM..Run: [Intel(R)Bl] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKLM..Run: [jusched7] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKCU..Run: [Intel(R)Bl4] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKCU..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKLM..policiesExplorerRun: [jusched9] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKLM..policiesExplorerRun: [Intel(R)Bl5] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKCU..policiesExplorerRun: [jusched9] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    O4 – HKCU..policiesExplorerRun: [Intel(R)Bl5] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-18..Run: [DWQueuedReporting] . (.Microsoft Corporation – Watson Subscriber for SENS Network Notifica.) — C:Program FilesFichiers communsMicrosoft SharedDWDWTRIG20.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [Intel(R)Bl4] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
    ~ Application: Scanned in 00mn 01s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~4Office14ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Notes &liées OneNote – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~4Office14ONBTTN~1.dll =>.Microsoft Corporation
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/xml – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: WgaLogon . (.Microsoft Corporation – Notifications Windows Genuine Advantage.) — C:WINDOWSsystem32WgaLogon.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: (MBAMService) . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    O23 – Service: Skype Updater (SkypeUpdate) . (.Skype Technologies – Skype Updater Service.) – C:Program FilesSkypeUpdaterUpdater.exe
    ~ Services: 4 Legitimates Filtered in 00mn 11s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: (no name) – {X1A25B25-0C22-13AW-1V25-L5HMUV12V36O} . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
    ~ Active Setup: 22 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwarePoussin]
    [HKCUSoftwareÀ classé]
    [HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
    [HKLMSoftwareDe Boeck & Larcier S.A.]
    ~ Key Software: 101 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 8/04/2005 – 3:16:43 – [0,027] –H-D C:Documents and SettingsdellApplication Data842810B
    ~ Program Folder: 105 Legitimates Filtered in 00mn 21s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F76868188B955ACF92B41089C7FDF1B1] – 1/11/2013 – 15:48:06 —A- . (…) — C:WINDOWSwmsetup.log [3050]
    O44 – LFC:[MD5.59C6F6D7843521AADB43A82E3B94B064] – 2/11/2013 – 19:09:05 —A- . (…) — C:WINDOWSpLsd.dat [93102]
    O44 – LFC:[MD5.44697312B74BDD433CC3763579E4F06B] – 27/10/2013 – 23:20:07 —A- . (…) — C:WINDOWSpermis.ini [82]
    O44 – LFC:[MD5.6F544ECDE31A1AD9FFD3AB3294CD3465] – 6/11/2013 – 9:14:20 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.B08E952DC68D68DFFA3907232826CEAA] – 6/11/2013 – 9:14:28 —A- . (…) — C:WINDOWSwiadebug.log [441]
    ~ Files: 20 Legitimates Filtered in 00mn 19s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.045CA94556CCDA700309075E82FACA90] – 5/11/2013 – 18:33:27 —A- – C:WINDOWSPrefetchOTM.EXE-3790DD77.pf
    O45 – LFCP:[MD5.B44494E2B91320DAD8445F790704D095] – 5/11/2013 – 18:33:38 —A- – C:WINDOWSPrefetchDATAMN~1.EXE-0B977BB4.pf
    O45 – LFCP:[MD5.32AB13F47215E1BD78B1698FBFF91629] – 6/11/2013 – 9:19:49 —A- – C:WINDOWSPrefetchINTEL(R)BL.EXE-2D0670F3.pf
    O45 – LFCP:[MD5.F4E814B89F7809A68F749305D5893870] – 6/11/2013 – 9:21:07 —A- – C:WINDOWSPrefetchINTEL(R)BL.EXE-35B8F253.pf
    ~ Prefetcher: 60 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~1MICROS~4Office14GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.E6F53D6C0DEA3D375362265E175CA638] – 24/02/2010 – 11:22:10 —A- . (.Protect Software GmbH – ProtectDisc x64/x86 Hybrid Driver.) — C:WINDOWSsystem32Driversacedrv11.sys [185472]
    O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 5/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    ~ Drivers: 5 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 3/11/2013 – 11:58:56 —A- . (…) — C:Documents and SettingsdellRecentUsbFix [Scan 2] ADM-E6577662901.lnk [612]
    O61 – LFC: 3/11/2013 – 11:58:56 —A- . (…) — C:Documents and SettingsdellRecentUsbFix [Scan 3] ADM-E6577662901.lnk [612]
    O61 – LFC: 4/11/2013 – 11:57:15 —A- . (…) — C:Documents and SettingsdellApplication DataMicrosoftMedia Player0B3338C.wpl [355]
    O61 – LFC: 4/11/2013 – 11:58:02 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftMedia PlayerCurrentDatabase_59R.wmdb [1900544]
    O61 – LFC: 4/11/2013 – 11:58:02 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftMedia Playerwmpfolders.wmdb [430]
    O61 – LFC: 4/11/2013 – 11:58:07 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataMicrosoftWindows Media9.0WMSDKNS.XML [13846]
    O61 – LFC: 4/11/2013 – 11:58:53 —A- . (…) — C:Documents and SettingsdellRecentCheb Hindi 2012 – Nekhdam Clandestin.lnk [393]
    O61 – LFC: 4/11/2013 – 11:58:53 —A- . (…) — C:Documents and SettingsdellRecentCheb Hindi Best Of 2013 – Sahabha Alamha Lamour.lnk [436]
    O61 – LFC: 4/11/2013 – 11:58:53 —A- . (…) — C:Documents and SettingsdellRecentCheb el Omari 2010.lnk [321]
    O61 – LFC: 4/11/2013 – 11:58:53 —A- . (…) — C:Documents and SettingsdellRecentcheb el hendi 2013 datni mp3.lnk [361]
    O61 – LFC: 4/11/2013 – 11:58:53 —A- . (…) — C:Documents and SettingsdellRecentcheb hindi nediha gawria 2012.lnk [369]
    O61 – LFC: 4/11/2013 – 11:58:54 —A- . (…) — C:Documents and SettingsdellRecentEl Hindi 2011 – Merga Had Chira.lnk [372]
    O61 – LFC: 4/11/2013 – 11:58:54 —A- . (…) — C:Documents and SettingsdellRecentlhbitri 2007.lnk [297]
    O61 – LFC: 4/11/2013 – 11:58:56 —A- . (…) — C:Documents and SettingsdellRecentUsbFix [Scan 1] ADM-E6577662901.lnk [612]
    O61 – LFC: 5/11/2013 – 11:56:56 –H– . (…) — C:Documents and SettingsdellApplication Data842810B5-11-2013 [28039]
    O61 – LFC: 5/11/2013 – 11:56:58 —A- . (…) — C:Documents and SettingsdellApplication DataGoogleLocal Search Historygoogle%2Eweb.w [0]
    O61 – LFC: 5/11/2013 – 11:56:58 —A- . (…) — C:Documents and SettingsdellApplication Datadellv3.4.2.2.vbs [808]
    O61 – LFC: 5/11/2013 – 11:56:58 –H– . (…) — C:Documents and SettingsdellApplication Datadell-wchelper.dll [154283]
    O61 – LFC: 5/11/2013 – 11:57:18 —A- . (…) — C:Documents and SettingsdellApplication DataMozillaFirefoxProfiles5lzax1qx.defaultprefs.js [1849]
    O61 – LFC: 5/11/2013 – 11:57:39 —A- . (…) — C:Documents and SettingsdellApplication DataZHPZHPDiag.txt [42620] =>.Nicolas Coolman
    O61 – LFC: 5/11/2013 – 11:57:39 —A- . (…) — C:Documents and SettingsdellBureauadwcleaner.exe [1073258]
    O61 – LFC: 5/11/2013 – 11:57:39 —A- . (…) — C:Documents and SettingsdellBureaumbam-log-2013-11-05 (21-32-28).txt [2934]
    O61 – LFC: 5/11/2013 – 11:57:48 —A- . (…) — C:Documents and SettingsdellFavorisLa doudoune longue wow.url [1048]
    O61 – LFC: 5/11/2013 – 11:57:49 —A- . (…) — C:Documents and SettingsdellFavorisManteau long – A vendre €25 à Mettet 2ememain.be.url [4600]
    O61 – LFC: 5/11/2013 – 11:57:49 —A- . (…) — C:Documents and SettingsdellFavorisPC BANKINGPC BANKING FORTIS BANQUE.url [1088]
    O61 – LFC: 5/11/2013 – 11:57:49 —A- . (…) — C:Documents and SettingsdellFavorisParka capuche amovible SOFT GREY La Redoute.url [1059]
    O61 – LFC: 5/11/2013 – 11:57:49 —A- . (…) — C:Documents and SettingsdellFavorisTELECHARGER.url [596]
    O61 – LFC: 5/11/2013 – 11:57:50 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataGoogleToolbar Cache7.5.4601.54frtranslate_element.js.content [2381]
    O61 – LFC: 5/11/2013 – 11:57:50 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataGoogleToolbar Cache7.5.4601.54frtranslate_languages.json.content [1497]
    O61 – LFC: 5/11/2013 – 11:57:50 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataGoogleToolbarmetrics_15328146919.xml [5405]
    O61 – LFC: 5/11/2013 – 11:57:50 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataGoogleToolbarmetrics_3081481753.xml [7135]
    O61 – LFC: 5/11/2013 – 11:58:53 —A- . (…) — C:Documents and SettingsdellRecent11052013_182649.log.lnk [420]
    O61 – LFC: 5/11/2013 – 11:58:53 —A- . (…) — C:Documents and SettingsdellRecentAdele – Someone Like You.lnk [345]
    O61 – LFC: 5/11/2013 – 11:58:54 —A- . (…) — C:Documents and SettingsdellRecentmbam-log-2013-11-05 (21-32-28).lnk [585]
    O61 – LFC: 5/11/2013 – 11:58:55 —A- . (…) — C:Documents and SettingsdellRecentMOUNIR (E).lnk [185]
    O61 – LFC: 5/11/2013 – 11:58:55 —A- . (…) — C:Documents and SettingsdellRecentmounir.lnk [249]
    O61 – LFC: 5/11/2013 – 11:58:56 —A- . (…) — C:Documents and SettingsdellRecentwill.i.am – Heartbreaker ft. Cheryl Cole.lnk [409]
    O61 – LFC: 5/11/2013 – 11:58:57 —A- . (…) — C:Documents and SettingsdellRecent_____ _____ ______ (_____ ___ ______).lnk [473]
    O61 – LFC: 6/11/2013 – 11:56:56 –H– . (…) — C:Documents and SettingsdellApplication Data842810B6-11-2013 [188]
    O61 – LFC: 6/11/2013 – 11:57:39 —A- . (…) — C:Documents and SettingsdellApplication DataZHPLog.txt [44581] =>.Nicolas Coolman
    O61 – LFC: 6/11/2013 – 11:57:39 —A- . (…) — C:Documents and SettingsdellApplication DataZHPTestsZHPDiag.txt [3172] =>.Nicolas Coolman
    O61 – LFC: 6/11/2013 – 11:57:40 —A- . (…) — C:Documents and SettingsdellBureauZHPDiag.lnk [1523] =>.Nicolas Coolman
    O61 – LFC: 6/11/2013 – 11:57:40 —A- . (…) — C:Documents and SettingsdellBureauZHPFix.lnk [1628] =>.Nicolas Coolman
    O61 – LFC: 6/11/2013 – 11:57:49 -SHA- . (…) — C:Documents and SettingsdellIECompatCacheindex.dat [65536]
    O61 – LFC: 6/11/2013 – 11:57:49 -SHA- . (…) — C:Documents and SettingsdellIETldCacheindex.dat [262144]
    O61 – LFC: 6/11/2013 – 11:57:50 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataGoogleToolbar DNS datadata [460]
    O61 – LFC: 6/11/2013 – 11:57:50 —A- . (…) — C:Documents and SettingsdellLocal SettingsApplication DataGoogleToolbarmetrics_30663584894.xml [17028]
    O61 – LFC: 6/11/2013 – 11:58:53 -SHA- . (…) — C:Documents and SettingsdellPrivacIEindex.dat [9158656]
    ~ 6 Fichiers temporaires (Temporary files)
    ~ 237 Fichiers cookies (Cookies files)
    ~ Files: 374 Legitimates Filtered in 02mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    O63 – Logiciel: OTM – (.OldTimer.)
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 9 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] A144FA10FAB840C1BBB3C125047CF88B [DefaultScope] – (Amazon) – http://www.amazon.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {78539862-2E3B-4F4E-AA81-2E42695902C1} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    O69 – SBI: SearchScopes [HKCU] {FEC05A40-4F72-4D7B-8066-6CE05F5FF1C2} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.A9220115BF8D64017F66887732304B24] [SPRF][5/11/2013] (…) — C:Documents and SettingsdellBureauadwcleaner.exe [1073258]
    ~ Files: 3 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.A20F87C59CDD86A1BB68D2058F2C5263] [WIS][16/05/2013] (.Google Inc. – Google Toolbar for Internet Explorer.) — C:WindowsInstaller137058.msi [24064] =>Toolbar.Google
    ~ WIS: 48 Legitimates Filtered in 00mn 07s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 9/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Auto 16/05/2013 136176 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/05/2013 136176 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/05/2013 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    SS – | Auto 5/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    ~ Services: Scanned in 00mn 10s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by dell at 6/11/2013 12:00:10

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceHarddisk0DR0[0x82FAEAB8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 12 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by dell at 6/11/2013 12:00:12

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 12989 – (6/11/2013)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 1

    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
    [HKLMSoftwareClassesInterface{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}] =>Adware.Bandoo
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    C:WindowsInstaller137058.msi =>Toolbar.Google^
    ~ Additionnel Scan: 163397 Items scanned in 00mn 35s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype” onclick=”window.open(this.href);return false; =>Toolbar.Skype
    ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    ~ MSI: 4 link(s) detected in 00mn 35s

    ~ 1138 Legitimates filtered by white list
    End of the scan (480 lines in 06mn 38s)(0)

    Anonyme
    Nombre d'articles : 0

    Ton infection se relance :(

    Exécute usbFix avec tes clé usb connecté et choisi Vacciner , ensuite :

    • Séléctionne et copie le script suivant :

      Script ZHPFix
      O4 – HKLM..Run: [Intel(R)Bl] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
      O4 – HKLM..Run: [jusched7] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
      O4 – HKCU..Run: [Intel(R)Bl4] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
      O4 – HKCU..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
      O4 – HKLM..policiesExplorerRun: [jusched9] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
      O4 – HKLM..policiesExplorerRun: [Intel(R)Bl5] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
      O4 – HKCU..policiesExplorerRun: [jusched9] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
      O4 – HKCU..policiesExplorerRun: [Intel(R)Bl5] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
      O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [Intel(R)Bl4] . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
      O4 – HKUSS-1-5-21-1957994488-152049171-725345543-1003..Run: [8jusched] . (.Intel Corporation – Intel Corporation.) — C:UsersPublicjusched.exe
      O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
      O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
      O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
      O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
      O40 – ASIC: (no name) – {X1A25B25-0C22-13AW-1V25-L5HMUV12V36O} . (.Java(TM) Scheduler – Java(TM) Scheduler.) — C:UsersPublicIntel(R)Bl.exe
      [HKCUSoftwareÀ classé]
      [HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
      C:Documents and SettingsdellApplication Data842810B
      [HKLMSoftwareClassesInterface{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}]

      EmptyCLSID
      Emptytemp
      EmptyFlash
      Firewallraz
      ShortcutFix

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
    Miaka
    Participant
    Nombre d'articles : 15

    re-bjr,

    je n’arrive pas à héberger le document dans sosupload, est-ce grave?
    ils proposent le bouton vert “héberger” pour les images mais pas pour les docs ?!

    voici le rapport, merci

    Rapport de ZHPFix 2013.11.4.1 par Nicolas Coolman, Update du 03/11/2013
    Fichier d’export Registre :
    Run by dell at 6/11/2013 16:14:46
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Corbeille vidée (00mn 03s)
    Réparation des raccourcis navigateur

    ========== Clés du Registre ==========
    SUPPRIMÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    SUPPRIMÉ: CLSID ASIC: SOFTWAREMicrosoftActive SetupInstalled Components{X1A25B25-0C22-13AW-1V25-L5HMUV12V36O}
    SUPPRIMÉ: HKCUSoftwareÀ classé
    SUPPRIMÉ: HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“
    SUPPRIMÉ: HKLMSoftwareClassesInterface{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}

    ========== Valeurs du Registre ==========
    SUPPRIMÉ RunValue: Intel(R)Bl
    SUPPRIMÉ RunValue: jusched7
    SUPPRIMÉ RunValue: Intel(R)Bl4
    SUPPRIMÉ RunValue: 8jusched
    SUPPRIMÉ RunValue: jusched9
    SUPPRIMÉ RunValue: Intel(R)Bl5
    SUPPRIMÉ: Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}
    SUPPRIMÉ: Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}
    SUPPRIMÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    SUPPRIMÉ: FirewallRaz (SP) : %windir%system32sessmgr.exe
    SUPPRIMÉ: FirewallRaz (SP) : %windir%Network Diagnosticxpnetdiag.exe
    SUPPRIMÉ: FirewallRaz (SP) : C:Program FilesWindows LiveMessengerwlcsdk.exe
    SUPPRIMÉ: FirewallRaz (SP) : C:Program FilesWindows LiveMessengermsnmsgr.exe
    SUPPRIMÉ: FirewallRaz (DP) : %windir%system32sessmgr.exe
    SUPPRIMÉ: FirewallRaz (DP) : %windir%Network Diagnosticxpnetdiag.exe
    SUPPRIMÉ: FirewallRaz (DP) : C:Program FilesWindows LiveMessengerwlcsdk.exe
    SUPPRIMÉ: FirewallRaz (DP) : C:Program FilesWindows LiveMessengermsnmsgr.exe
    Aucune valeur présente dans la clé d’exception du registre (FirewallRaz)

    ========== Dossiers ==========
    Aucun dossiers CLSID Local utilisateur vide
    SUPPRIMÉS Temporaires Windows (3) (0 octets)
    SUPPRIMÉS Flash Cookies (1) (0 octets)

    ========== Fichiers ==========
    SUPPRIMÉ Redémarrage: c:userspublicintel(r)bl.exe
    SUPPRIMÉ Redémarrage: c:userspublicjusched.exe
    SUPPRIMÉS Temporaires Windows (0) (0 octets)
    SUPPRIMÉS Flash Cookies (0) (0 octets)

    ========== Récapitulatif ==========
    8 : Clés du Registre
    18 : Valeurs du Registre
    3 : Dossiers
    4 : Fichiers

    End of clean in 00mn 10s

    ========== Chemin de fichier rapport ==========
    C:Documents and SettingsdellApplication DataZHPZHPFix[R1].txt – 6/11/2013 16:14:49 [2621]

15 sujets de 1 à 15 (sur un total de 31)
  • Vous devez être connecté pour répondre à ce sujet.