Répondre à : HELP ME ! merci 2016-09-08T13:13:10+00:00
Photo du profil de titi7511titi7511
Participant
Nombre d'articles : 3

: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/939
~ Mes musiques (My Musics) : 0/90
~ Mes Videos (My Videos) : 0/8
~ Mes Favoris (My Favorites) : 0/175
~ Mes Documents (My Documents) : 0/13726
~ Mon Bureau (My Desktop) : 0/7
~ Menu demarrer (Programs) : 0/25
~ Hidden Files: Scanned in 00mn 04s

—\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.1212]
[MD5.6E81310512F5D2FA908ABC76CCCADED4] – (.Orange – Executable Orange Inside.) — C:UsersthierryAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe [1526272] [PID.2512]
[MD5.BB4CEE22CFE1C259F5C4279349EB879C] – (.Orange – Assistance Livebox.) — C:Program Files (x86)OrangeAssistance LiveboxAssistanceLivebox.exe [149824] [PID.2524]
[MD5.D6D36A01E927480C19333C5A7FB8DE49] – (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe [525248] [PID.2532]
[MD5.D565CAB5D617B563CF0DD4C19AA172CA] – (.Trusteer Ltd. – RapportService.) — C:Program Files (x86)TrusteerRapportbinRapportService.exe [2476312] [PID.2992]
[MD5.554A50B5310E702029D3A675459108FF] – (.Hewlett-Packard – hpsysdrv.) — C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe [62768] [PID.892]
[MD5.AF49D1C79EA49A7833017F290EE63B82] – (.Safer-Networking Ltd. – Spybot – Search & Destroy tray access.) — C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe [5624784] [PID.3240]
[MD5.9EDFB86FAA07BFED3C3D00211FAB6D82] – (.Orange – Assistance Livebox.) — C:Program Files (x86)OrangeAssistance LiveboxdistST2.exe [13446464] [PID.4492]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [844752] [PID.4560]
[MD5.A7766D3BCB614BC77AA06579D84AE8ED] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8153600] [PID.5292]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1456]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.1480]
[MD5.9D519AAA21E622DF7DF27041E0917499] – (.Pas de propriétaire – DedicarzService.) — C:Program Files (x86)OrangeAssistance LiveboxdedicarzDedicarzService.exe [1966960] [PID.1624]
[MD5.7FE34FD5652C54BDA8D2DF8AC92E833A] – (.ESET – ESET Service.) — C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe [1341664] [PID.1680]
[MD5.108333981C841EB0FF198AA5DFCF3D3B] – (.Hewlett-Packard Company – LightScribe Service.) — c:Program Files (x86)Common FilesLightScribeLSSrvc.exe [73728] [PID.1764]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.1804]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.1824]
[MD5.95AA9E165C7DE1B64A11E8B18E91E499] – (.Safer-Networking Ltd. – Spybot-S&D 2 Scanner Service.) — C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe [1817560] [PID.1924]
[MD5.D31398D4BB4907B517B6E784C2100C4A] – (.Safer-Networking Ltd. – Spybot-S&D 2 Background update service.) — C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe [1033688] [PID.2844]
[MD5.6AE8E702D1027A9627DDE2B77BB9992B] – (.Safer-Networking Ltd. – Windows Security Center integration..) — C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe [171928] [PID.2068]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersthierryAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Googleu00A0Drive v.6.3 (Activé)
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Googleu00A0Wallet v.0.0.5.0 (Activé)
~ Google Browser: 18 Legitimates Filtered in 00mn 24s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
O4 – GSDesktop [Public]: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk . (.Panasonic Corporation – PHOTOfunSTUDIO.) — C:Program Files (x86)PanasonicPHOTOfunSTUDIO 6.1 HD LitePHOTOfunSTUDIO.exe
O4 – GSDesktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. – Start Center.) — C:Program Files (x86)Spybot – Search & Destroy 2SDWelcome.exe
O4 – GSProgram [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program Files (x86)EasyBits For KidsezSecShield.exe =>.EasyBits Software AS
O4 – GSProgram [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. – Start Center.) — C:Program Files (x86)Spybot – Search & Destroy 2SDWelcome.exe
O4 – GSQuickLaunch [thierry]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [thierry]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [thierry]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [thierry]: HP MediaSmart.lnk . (…) — C:Program Files (x86)Hewlett-PackardHP MediaSmartSmartMenu.exe (.not file.)
O4 – GSProgram [thierry]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [thierry]: Orange Player.lnk . (.Microsoft Corporation – Microsoft Silverlight Out-of-Browser Launch.) — C:Program Files (x86)Microsoft Silverlightsllauncher.exe
O4 – GSSystemTools [thierry]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [thierry]: Assistance Livebox.lnk . (.Orange – Assistance Livebox.) — C:Program Files (x86)OrangeAssistance LiveboxAssistanceLivebox.exe
O4 – GSDesktop [thierry]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [thierry]: Orange Player.lnk . (.Microsoft Corporation – Microsoft Silverlight Out-of-Browser Launch.) — C:Program Files (x86)Microsoft Silverlightsllauncher.exe
~ Global Startup: 64 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [SmartMenu] . (.Pas de propriétaire – SmartMenu.) — C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
O4 – HKLM..Run: [egui] . (.ESET – ESET Main GUI.) — C:Program FilesESETESET NOD32 Antivirusegui.exe
O4 – HKCU..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
O4 – HKCU..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersthierryAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
O4 – HKLM..Wow6432NodeRun: [hpsysdrv] . (.Hewlett-Packard – hpsysdrv.) — c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe =>.Hewlett-Packard Co
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [Easybits Recovery] . (.EasyBits Software AS – Pas de description.) — C:Program Files (x86)EasyBits For KidsezRecover.exe =>.EasyBits Software AS
O4 – HKLM..Wow6432NodeRun: [UpdatePRCShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program Files (x86)Hewlett-PackardRecoveryMUITransferMUIStartMenu.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [SDTray] . (.Safer-Networking Ltd. – Spybot – Search & Destroy tray access.) — C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe
O4 – HKUSS-1-5-18..Run: [Advanced SystemCare 6] C:Program Files (x86)IObitAdvanced SystemCare 6ASCTray.exe (.not file.)
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-3188404215-1029565783-2515373074-1001..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
O4 – HKUSS-1-5-21-3188404215-1029565783-2515373074-1001..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersthierryAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{EB523EB0-B4AE-4CF0-9232-1731889E5EAE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{EB523EB0-B4AE-4CF0-9232-1731889E5EAE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{EB523EB0-B4AE-4CF0-9232-1731889E5EAE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire – DedicarzService.) – C:Program Files (x86)OrangeAssistance LiveboxdedicarzDedicarzService.exe
O23 – Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. – Windows Security Center integration..) – C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe
~ Services: 15 Legitimates Filtered in 00mn 08s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{1B66E3C7-E513-45A5-83F9-DAB9D99892C6}] (…) — E:autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1DCD7425-47EB-4887-B952-ADB7837972A8}] (…) — J:iTunesSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5FF80F11-96DF-4F02-8681-DA17BC7F7A87}] (…) — C:UsersthierryDocumentswindow media player 11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ECD64A93-C961-4427-91CD-F42E07EE09CB}] (…) — C:Program Files (x86)HerculesTunes ExplorerHTunesExplorerWireless.exe (.not file.) [0]
~ Scheduled Task: 32 Legitimates Filtered in 00mn 04s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareATrader]
[HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
~ Key Software: 179 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 28/09/2013 – 18:17:55 – [0] —-D C:Program Files (x86)ActiveTraderFR
O43 – CFD: 06/11/2011 – 19:02:35 – [6,428] —-D C:Program Files (x86)ActiveTraderFR4
O43 – CFD: 25/07/2013 – 08:25:26 – [0] –H-D C:ProgramData{ADCBF7A8-716E-4B21-AF03-E3F11C06C309}
O43 – CFD: 25/07/2013 – 08:25:26 – [0] —-D C:ProgramData{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 – CFD: 25/07/2013 – 08:25:26 – [0] -SH-D C:ProgramData{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 – CFD: 25/07/2013 – 08:25:26 – [0] —-D C:ProgramData{C585085B-79A8-423C-B04B-77DD30E9C195}
O43 – CFD: 25/07/2013 – 08:25:26 – [0] -SH-D C:ProgramData{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
~ Program Folder: 215 Legitimates Filtered in 00mn 07s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.49A033AB60A0C8D51400DDFD4AB613AB] – 31/10/2013 – 15:35:06 —A- . (…) — C:UsbFix [Clean 1] TITI7511.txt [7928]
~ Files: 30 Legitimates Filtered in 00mn 14s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{0c06802c-2903-11e3-87e7-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{13fcfab7-28d8-11e3-86b0-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{4e2989fa-28ed-11e3-9027-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{4e298a0a-28ed-11e3-9027-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{4e91d3ce-7740-11e2-8bdb-e0cb4e1e09bd}AutoRuncommand. (…) — F:KODAK_Camera_Setup_App.exe (.not file.)
O51 – MPSK:{57ef99c2-c4a9-11e0-943b-e0cb4e1e09bd}AutoRuncommand. (…) — J:LaunchU3.exe (.not file.)
O51 – MPSK:{7315f262-2844-11e3-9048-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{7315f27b-2844-11e3-9048-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{8090ed2d-290a-11e3-82d7-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{8d395c22-d05b-11e2-9ee5-e0cb4e1e09bd}AutoRuncommand. (…) — F:DVAP.exe (.not file.)
O51 – MPSK:{9e70a74e-406b-11e3-b0b7-e0cb4e1e09bd}AutoRuncommand. (…) — F:SFR.exe (.not file.)
O51 – MPSK:{e24c72d7-2859-11e3-b09e-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
O51 – MPSK:{f1dc5f8b-2918-11e3-8c1a-e0cb4e1e09bd}AutoRuncommand. (…) — F:AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.2285B31039611D509F6120D691CA661F] – 29/05/2012 – 15:53:30 —A- . (.Windows (R) Codename Longhorn DDK provider – hpvhd 64bit support driver.) — C:WindowsSystem32Driverscpqdfw.sys [27456]
~ Drivers: 20 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 01/11/2013 – 14:06:19 —A- . (…) — C:UsersthierryAppDataLocalGoogleChromeUser DataLocal State [47120]
O61 – LFC: 01/11/2013 – 14:06:35 —A- . (…) — C:UsersthierryAppDataRoamingfr.orange.assistanceliveboxLocal StoreALB.db [9216] =>.Orange Corporation
O61 – LFC: 01/11/2013 – 14:06:39 —A- . (…) — C:UsersthierryAppDataRoamingZHPLog.txt [189908] =>.Nicolas Coolman
O61 – LFC: 01/11/2013 – 14:06:39 —A- . (…) — C:UsersthierryAppDataRoamingZHPTestsZHPDiag.txt [2910] =>.Nicolas Coolman
O61 – LFC: 29/10/2013 – 14:06:19 —A- . (…) — C:UsersthierryAppDataLocalGoogleChromeUser DataFirst Run [0]
O61 – LFC: 29/10/2013 – 14:06:19 —A- . (…) — C:UsersthierryAppDataLocalGoogleChromeUser Datafr-FR-3-0.bdic [1074744]
O61 – LFC: 29/10/2013 – 14:06:35 —A- . (…) — C:UsersthierryAppDataRoamingDVAP.set [131]
O61 – LFC: 29/10/2013 – 14:06:38 —A- . (…) — C:UsersthierryAppDataRoamingSFRSFR Gestionnaire de connexions208103588482422.sms [73]
O61 – LFC: 29/10/2013 – 14:06:39 —A- . (…) — C:UsersthierryAppDataRoamingZHPZHPFix[R1].txt [1065] =>.Nicolas Coolman
O61 – LFC: 29/10/2013 – 14:06:39 —A- . (…) — C:UsersthierryAppDataRoamingZHPZHPFix[R2].txt [1295] =>.Nicolas Coolman
O61 – LFC: 29/10/2013 – 14:06:39 —A- . (…) — C:UsersthierryAppDataRoamingZHPZHPFix[R3].txt [1537] =>.Nicolas Coolman
O61 – LFC: 29/10/2013 – 14:06:41 —A- . (…) — C:UsersthierryDocumentscc_20131029_115226.reg [8312]
O61 – LFC: 29/10/2013 – 14:09:32 —A- . (…) — C:UsersthierryDownloadsadwcleaner.exe [1060070]
O61 – LFC: 30/10/2013 – 14:09:32 —A- . (…) — C:UsersthierryDownloadsadblock_plus-2.2.3-tb+an+sm+fx.xpi [817280]
O61 – LFC: 31/10/2013 – 14:06:39 —A- . (…) — C:UsersthierryAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 31/10/2013 – 14:06:39 —A- . (…) — C:UsersthierryAppDataRoamingZHPZHPDiag.txt [34114] =>.Nicolas Coolman
O61 – LFC: 31/10/2013 – 14:09:31 —A- . (…) — C:UsersthierryDocumentsZHPDiag.txt [38941] =>.Nicolas Coolman
O61 – LFC: 31/10/2013 – 14:09:32 —A- . (…) — C:UsersthierryDownloads229620-20131025152114_mbam-log-2013-10-25 (15-01-57).txt.zip [7604]
O61 – LFC: 31/10/2013 – 14:09:32 —A- . (…) — C:UsersthierryDownloads229620-20131025152649_ZHPDiag.txt.zip [19103] =>.Nicolas Coolman
O61 – LFC: 31/10/2013 – 14:09:32 —A- . (…) — C:UsersthierryDownloadsadwcleaner (1).exe [1060070]
~ 22 Fichiers temporaires (Temporary files)
~ Files: 665 Legitimates Filtered in 03mn 44s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
O63 – Logiciel: RSIT – (.random/random.)
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {05B0CC17-0486-4F44-A9BE-BFD415475B67} – (Yahoo! Search) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {4C167EDB-7AE7-4222-B04E-12575D6F8CB4} – (Kelkoo) – http://fr.kelkoopartners.net” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} – (Orange) – http://r.orange.fr” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {9A79C488-F6D7-432F-9EA2-EE03872CAB7B} – (AOL Recherche) – http://slirsredirect.search.aol.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {AF3137AE-64CB-403B-B7A1-810B04317FB0} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {E821FC28-296B-48BE-8355-A8D056E94990} – (Yahoo!) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUS.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUSS-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersthierryAppDataLocalTempQuarantine.exe [344355]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (…) — C:WindowsDownloaded Program Filesbdcore.dll [32]
[MD5.2B1C4C87EB20ADDBA59DCA975E28DFFB] [SPRF][05/01/2009] (…) — C:WindowsDownloaded Program Filesipsupd.dll [741376]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (…) — C:WindowsDownloaded Program Fileslibfn.dll [32]
~ Files: 7 Legitimates Filtered in 00mn 00s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 10/07/1658 0 | (ACDaemon) . (…) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 16/05/2009 203264 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 10/06/2013 1966960 | (Dedicarz Service) . (…) – C:Program Files (x86)OrangeAssistance LiveboxdedicarzDedicarzService.exe
SR – | Auto 21/03/2013 1341664 | (ekrn) . (.ESET.) – C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) – C:WindowsSystem32svchost.exe
SS – | Auto 23/06/2010 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 23/06/2010 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Demand 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
SS – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
SS – | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 18/05/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – c:Program Files (x86)Common FilesLightScribeLSSrvc.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
SS – | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) – C:Program Files (x86)OrangeOrangeUpdateServiceOUCore.exe
SS – | Demand 11/06/2009 23536 | (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) . (.PC-Doctor, Inc..) – c:program filespc-doctor for windowspcdsrvc_x64.pkms
SS – | Auto 10/09/2013 1435928 | (RapportMgmtService) . (.Trusteer Ltd..) – C:Program Files (x86)TrusteerRapportbinRapportMgmtService.exe
SR – | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) – C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe
SR – | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) – C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe
SR – | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) – C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 25s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by thierry at 01/11/2013 14:11:09
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by thierry at 01/11/2013 14:11:11

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12965 – (30/10/2013)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLMSoftwareWow6432NodeGoogleChromeExtensionshbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio
[HKLMSoftwareWow6432NodeGoogleChromeExtensionspfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLMSoftwareWow6432NodeGoogleChromeExtensionsmhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:ProgramDataSoftware =>Adware.Boxore
C:UsersthierryAppDataLocalSoftware =>Adware.Boxore
C:UsersthierryAppDataLocalTempGoogleToolbarInstaller1.log =>Toolbar.Babylon
~ Additionnel Scan: 309968 Items scanned in 00mn 46s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio” onclick=”window.open(this.href);return false; =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ MSI: 5 link(s) detected in 00mn 46s

~ 2016 Legitimates filtered by white list
End of the scan (484 lines in 07mn 13s)(0)