FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Aide à la désinfection (pages publicitaires, moteur de recherche remplacé, redirections, virus...).
Règles du forum : Entraide concernant la désinfection et la sécurité informatique : en cas de publicités intempestives, pop-up, redirections, logiciels indésirables, ralentissements suspects, virus, etc.
Une désinfection complète vous sera assurée : désinfection, sécurisation, puis prévention.
Seuls les helpers (personnes qualifiées et formées à la désinfection) ainsi que le staff sont autorisés à apporter leur aide dans cette section.
Merci également de prendre connaissance de la charte générale du forum.
  • Avatar du membre
#43400
Hello ! J'ai besoin d'un coup de main.

Je viens de récupérer un pc et de remarquer qu'il était infesté par le trojan win32 sirefef. En checkant comment l'enlever, j'ai vu qu'il était assez dangereux... et comme je n'ai pas trop la fibre informatique, me voici.

Voici un diagnostic de mon pc réalisé avec ZHPDiag : Rapport.

Help !
Merci d'avance !
#43414
Bonjour,,

Bonjour,et,

Bienvenu sur ce Forum, je vais essayer de résoudre ton problème.

- N'ouvre pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre)


je suis volontaire et je peut traiter plusieurs sujets donc, si je mets du temps à te répondre, ne t'inquiètes pas , je ne t'oublie pas.

Surtout il faudra suivre la procédure indiquée jusqu'au bout ,sinon ce qu'on a fait n'aura servi à rien.


Même si si tu penses que ton PC est réparé,il ne faut pas partir,tant que je ne le t'aurais pas dit,car il pourrait rester des infections!


A faire durant cette désinfection

Ne pas utiliser,installer et/ ou désinstaller aucun programme ,a part ceux que je te proposerait a à chaque étape de notre désinfection


A chaque fois que je te donnerais de nouvelles instructions

Lis bien la totalité de mon message et imprime le si nécessaire afin de bien suivre les instructions

Tu devras « Toujours télécharger et enregistrer ces outils Directement sur ton bureau

Penses également à désactiver tous tes programmes de protection au début de chaque nouvelle demande d’utilisation d’un outil, et de les réactiver à la fin

Tels que Antivirus/pare –Feu/Spybot

Pour Spybot:


"Important" : Situ as Spybot,donc "TeaTimer" supprime le il est obsolète

tuto de désinstallation icihttp://forum.telecharger.01net.com/telecharger/utilitaires/tuto--desinstaller-spybot-searchdestroy-733/messages-1.html


Tu devras procéder dans l’ordre donné ,pour des manipulations demandées

De plus ne fais aucune restauration de ton système tant que je ne te l’aurais pas demandé

N’hésites pas à demander des explications si nécessaire

Puis

Tu est infecté par des adwares attrapés en téléchargeant gratuitement un ou des logiciels. Cette gratuité n'est pas en réalité gratuite ,il y a une contrepartie qui est de recevoir des pubilicités afin de se rémunérer.Il faut toujours bien lire les Conditions Générales d'utilisation ou sont indiquées justement que tu acceptes de recevoir ces pubs en téléchargeant le logiciel.
Il est plus que conseillé de lire cet article concernant ces pratiques:

http://forum.malekal.com/pctuto-tuto4pc ... 33439.html

Il y a aussi plusieurs barres d'outils uinutiles que tu as dû installé en même temps qu'un autre programme gratuit ou payant d'ailleurs. Faire attention de bien décocher une case avant de cliquer sur suivant pour ne pas installer ces barres d'outils.
Ces barres modifient les navigateurs WEB. D'une façon générale, installer une barre d'outils est inutile et cela ne fait que ralentir ton PC. Pour confirmer mes dires lis donc ce qui suit ci-dessous
Les Toolbars ce n'est pas obligatoires

Tu vas donc faire ce qui suit stp.

Télécharge AdwCleaner
( d'Xplode ) sur ton bureau.

cet outil est utile pour supprimer :
Les "adware" ( programmes publicitaires )
Les "PUP/LPI" ( programmes potentiellement indésirables )
Les "toolbar" ( barres d'outil greffées au navigateur )
Les "hijacker" ( détournement de la page de démarrage )


Si tu utilises Avira et son Webguard, Appuie simultanément sur les touches "Alt + A" de manière à ce qu'il ne supprime pas la toolbar Ask, ce qui aurait pour effet de désactiver le webguard d'Avira


Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt


Aide en vidéo ici : http://www.youtube.com/watch?v=vOa47SdO ... e=youtu.be

Ensuite:


[*] Télécharge MalwareBytes Free



[*]-- Lance le programme d'installation et laisse toi guider..
(installe le avec ces paramètres par défaut)

[*]Branche toutes tes sources de données sans les lancer (clefs usb,disque sexterne etc ..)

[*] Tuto de l'installation Ici

[*] Tuto également ici:réalisé par Danakil ICI

[*] Fais la mise à jour du logiciel (elle se fait normalement à l'installation)


NB : Si un message s'affiche signalant qu'il manque COMCTL32.OCX (ce qui est peu probable),
alors le télécharger ici COMCTL32.OCX ; et faire les mises à jour (cliquer sur "Mises à jour" puis "Recherche de mises à jour")

[*] Lance une analyse complète en cliquant sur "Exécuter un examen complet"

[*] Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"

[*] L'analyse peut durer un bon moment.....

[*] Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"

[*] Vérifie que tout est bien coché et clique sur "Supprimer la sélection" = et ensuite sur "OK"

[*] Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée

A voir ?

si au reboot , ton pc reste figé

il faut faire la combinaison des touches suivantes ==

ctrl+ alt+ suppr
dans le gestinonnaire de taches
nouvelle tache
taper explorer.exe
entrée


!!! Ne pas vider la quarantaine de MBAM sans avis !!!

ET:


• Télécharge Ici : http://general-changelog-team.fr/fr/out ... bfix[b]sur ton Bureau[/b].
. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
• Lance USBFix (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit -- Exécuter en temps qu'administrateur).
• Au menu principal, clique sur "Recherche"
• Laisse travailler l'outil
• A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)

Aide en images :

ici . http://security-domain.be/tutoriel_usbfix.php

Dans l'attente de te lire
#43439
Hello !

Merci pour ton aide

J'ai bien lu tes instructions et voici les différents rapports que tu m'as demandés.

1/ AdwCleaner :

# AdwCleaner v2.115 - Rapport créé le 29/03/2013 à 10:28:57
# Mis à jour le 17/03/2013 par Xplode
# Système d'exploitation : Windows 7 Starter (32 bits)
# Nom d'utilisateur : Laude - LAUDE-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Laude\Desktop\AdwCleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files\Common Files\spigot
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\Users\Laude\AppData\Local\Conduit
Dossier Supprimé : C:\Users\Laude\AppData\Local\Giant Savings Extension
Dossier Supprimé : C:\Users\Laude\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Dossier Supprimé : C:\Users\Laude\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Dossier Supprimé : C:\Users\Laude\AppData\Local\PackageAware
Dossier Supprimé : C:\Users\Laude\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\Laude\AppData\LocalLow\pdfforge
Dossier Supprimé : C:\Users\Laude\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\Laude\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\jetpack
Dossier Supprimé : C:\Users\Work\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\Work\AppData\LocalLow\Vuze_Remote
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Fichier Supprimé : C:\Users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\searchplugins\delta.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\9538cd1b635ed12
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\pdfforge
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\delta LTD
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.7600.17256

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119370tl=4- ... 4bd66a6a78 -- hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (fr)

Fichier : C:\Users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\prefs.js

C:\Users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\user.js ... Supprimé !

Supprimée : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119370tl=4-8873-8580-18[...]
Supprimée : user_pref("avg.install.userSPSettings", "Delta Search");
Supprimée : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119370tl=4-8873-8580-1800[...]
Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", true);
Supprimée : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119370tl=4-8[...]
Supprimée : user_pref("extensions.delta.admin", false);
Supprimée : user_pref("extensions.delta.aflt", "babsst");
Supprimée : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Supprimée : user_pref("extensions.delta.autoRvrt", "false");
Supprimée : user_pref("extensions.delta.dfltLng", "en");
Supprimée : user_pref("extensions.delta.excTlbr", false);
Supprimée : user_pref("extensions.delta.id", "beb8291c0000000000001a4bd66a6a78");
Supprimée : user_pref("extensions.delta.instlDay", "15761");
Supprimée : user_pref("extensions.delta.instlRef", "sst");
Supprimée : user_pref("extensions.delta.newTab", false);
Supprimée : user_pref("extensions.delta.prdct", "delta");
Supprimée : user_pref("extensions.delta.prtnrId", "delta");
Supprimée : user_pref("extensions.delta.rvrt", "false");
Supprimée : user_pref("extensions.delta.smplGrp", "none");
Supprimée : user_pref("extensions.delta.tlbrId", "base");
Supprimée : user_pref("extensions.delta.tlbrSrchUrl", "");
Supprimée : user_pref("extensions.delta.vrsn", "1.8.10.0");
Supprimée : user_pref("extensions.delta.vrsnTs", "1.8.10.020:16:56");
Supprimée : user_pref("extensions.delta.vrsni", "1.8.10.0");

Fichier : C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\6tu5ju40.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\Laude\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [339 octets] - [29/03/2013 10:28:30]
AdwCleaner[S2].txt - [6864 octets] - [29/03/2013 10:28:57]

########## EOF - C:\AdwCleaner[S2].txt - [6924 octets] ##########



2/ MBAM :

Rapport 1 - sans les clés usb (ne les ayant pas utilisées depuis un moment, je ne les trouvais plus.

Malwarebytes Anti-Malware (Essai) 1.70.0.1100
http://www.malwarebytes.org

Version de la base de données: v2013.03.29.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Laude :: LAUDE-PC [administrateur]

Protection: Activé

29/03/2013 10:43:59
mbam-log-2013-03-29 (10-43-59).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 322915
Temps écoulé: 1 heure(s), 39 minute(s), 17 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 1
C:\Users\Laude\AppData\Roaming\dscap.dll (Trojan.Medfos.VRX) - Suppression au redémarrage.

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dscap (Trojan.Medfos.VRX) - Données: rundll32.exe "C:\Users\Laude\AppData\Roaming\dscap.dll",PszAllocA - Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) - Mauvais: (C:\$Recycle.Bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\n.) Bon: (shell32.dll) - Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 12
C:\Users\Laude\AppData\Roaming\dscap.dll (Trojan.Medfos.VRX) - Suppression au redémarrage.
C:\$RECYCLE.BIN\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\n (Trojan.0Access) - Suppression au redémarrage.
C:\$RECYCLE.BIN\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\U\00000004.@ (Trojan.0Access) - Mis en quarantaine et supprimé avec succès.
C:\$RECYCLE.BIN\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\U\00000008.@ (Trojan.0Access) - Mis en quarantaine et supprimé avec succès.
C:\$RECYCLE.BIN\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\U\000000cb.@ (Trojan.0Access) - Mis en quarantaine et supprimé avec succès.
C:\$RECYCLE.BIN\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\U\80000000.@ (Trojan.0Access) - Mis en quarantaine et supprimé avec succès.
C:\Users\Laude\AppData\Local\Temp\msimg32.dll (Rootkit.0Access.ED) - Mis en quarantaine et supprimé avec succès.
C:\Users\Laude\AppData\Local\Temp\B7CE.tmp (Malware.Packer.SGX5) - Mis en quarantaine et supprimé avec succès.
C:\Users\Laude\AppData\Local\Temp\exsomnwarc.exe (Rootkit.0Access.ED) - Mis en quarantaine et supprimé avec succès.
C:\Users\Laude\AppData\Roaming\skype.dat (Malware.Packer.SGX5) - Mis en quarantaine et supprimé avec succès.
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) - Mis en quarantaine et supprimé avec succès.
C:\Users\Laude\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) - Mis en quarantaine et supprimé avec succès.

(fin)

Rapport 2 - les clés usb (je les ai retrouvées !)

alwarebytes Anti-Malware (Essai) 1.70.0.1100
http://www.malwarebytes.org

Version de la base de données: v2013.03.29.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Laude :: LAUDE-PC [administrateur]

Protection: Activé

29/03/2013 12:35:48
mbam-log-2013-03-29 (12-35-48).txt

Type d'examen: Examen complet (E:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 223001
Temps écoulé: 14 minute(s), 8 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)




3/ USBFix :

A############################## | UsbFix V 7.119 | [Recherche]

Utilisateur: Laude (Administrateur) # LAUDE-PC
Mis à jour le 27/03/2013 par El Desaparecido
Lancé à 12:51:27 | 29/03/2013

Site Web: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: ASUSTeK Computer INC. (1005PE) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1667)
RAM - [Total : 1014 | Free : 317]
BIOS: BIOS Date: 01/04/10 15:54:41 Ver: 08.00.12
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Starter (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) - Disque fixe # 100 Go (39 Go libre(s) - 39%) [] # NTFS
D:\ - Disque fixe # 123 Go (119 Go libre(s) - 97%) [] # NTFS
E:\ - Disque amovible # 2 Go (28 Mo libre(s) - 1%) [USB AUDE] # FAT32
F:\ - Disque amovible # 2 Go (904 Mo libre(s) - 47%) [STORE N GO] # FAT

################## | Processus Actif |

C:\windows\system32\csrss.exe (376)
C:\windows\system32\wininit.exe (432)
C:\windows\system32\csrss.exe (440)
C:\windows\system32\services.exe (488)
C:\windows\system32\lsass.exe (504)
C:\windows\system32\lsm.exe (512)
C:\windows\system32\winlogon.exe (540)
C:\windows\system32\svchost.exe (668)
C:\windows\system32\svchost.exe (744)
C:\windows\System32\svchost.exe (808)
C:\windows\System32\svchost.exe (872)
C:\windows\system32\svchost.exe (904)
C:\windows\system32\svchost.exe (1048)
C:\windows\system32\svchost.exe (1220)
C:\windows\system32\svchost.exe (1344)
C:\windows\System32\spoolsv.exe (1512)
C:\windows\system32\taskhost.exe (1624)
C:\windows\system32\Dwm.exe (1692)
C:\windows\Explorer.EXE (1724)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1920)
C:\Windows\System32\AsusService.exe (1940)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1964)
C:\windows\system32\ChgService.exe (1988)
C:\windows\system32\svchost.exe (2036)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (400)
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (660)
C:\windows\System32\svchost.exe (896)
C:\windows\System32\svchost.exe (1132)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1188)
C:\windows\system32\svchost.exe (1180)
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (1444)
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (1792)
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (2540)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2552)
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (2620)
C:\Windows\AsScrPro.exe (2716)
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (2736)
C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe (2784)
C:\Program Files\ASUS\LivCam\LivCam.exe (2792)
C:\Windows\System32\hkcmd.exe (2820)
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (2832)
C:\Windows\System32\igfxpers.exe (2840)
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (2848)
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (2856)
C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (3156)
C:\Windows\system32\igfxsrvc.exe (3208)
C:\windows\system32\wbem\wmiprvse.exe (3248)
C:\Users\Laude\AppData\Roaming\Dropbox\bin\Dropbox.exe (3272)
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3284)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3008)
C:\windows\system32\SearchIndexer.exe (3500)
C:\Program Files\Windows Media Player\wmpnetwk.exe (884)
C:\Program Files\Mozilla Firefox\firefox.exe (2296)
C:\windows\System32\svchost.exe (4064)
C:\Program Files\Mozilla Firefox\plugin-container.exe (3756)
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (2324)
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (2996)
C:\Windows\system32\WUDFHost.exe (3328)
C:\windows\system32\svchost.exe (1580)
C:\UsbFix\Go.exe (2172)
C:\windows\system32\wbem\wmiprvse.exe (4024)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [HotkeyMon] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
HKLM\SOFTWARE | Run : [HotkeyService] - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
HKLM\SOFTWARE | Run : [SuperHybridEngine] - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
HKLM\SOFTWARE | Run : [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
HKLM\SOFTWARE | Run : [LiveUpdate] - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
HKLM\SOFTWARE | Run : [SynAsusAcpi] - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
HKLM\SOFTWARE | Run : [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe
HKLM\SOFTWARE | Run : [EeeSplendidAgent] - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
HKLM\SOFTWARE | Run : [LivCam] - "C:\Program Files\ASUS\LivCam\LivCam.exe"
HKLM\SOFTWARE | Run : [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [EfficientDiary] -
HKLM\SOFTWARE | Run : [AutorunRemover.exe] - C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
HKLM\SOFTWARE | RunOnce : [AvgUninstallURL] - cmd.exe /c start http://www.avg.fr/fr.special-uninstalla ... =10.0.1416
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-203128393-3956500998-1032276984-1000\SOFTWARE | Run : [EPSON SX420W Series] - C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\windows\TEMP\E_S2F36.tmp" /EF "HKCU"
HKU\S-1-5-21-203128393-3956500998-1032276984-1000\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Éléments infectieux |


################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\E
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{62fca72e-fe0f-11e0-b582-001e101f63cf}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b3f56a56-fdd7-11e0-b5bd-806e6f6e6963}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b3f56bde-fdd7-11e0-b5bd-1c4bd604e844}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{c70c6579-ffaa-11e0-b599-1c4bd604e844}
Shell\AutoRun\Command = E:\AutoRun.exe



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://sosvirus.org |





Voilà voilà. J'attends de tes news et tes instructions pour la suite.
ps : Aucun anti-virus ne tourne pr le moment sur mon pc. Peux-tu m'en conseiller un?
A bientôt !
#43465
Bonsoir,

Relance UsbFix

qui est sur ton Bureau.

Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
◦Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
◦Double-cliquez sur "UsbFix.exe".
◦Cliquez sur [Suppression].
◦Laissez travailler l'outil.
◦L'analyse va alors commencer puis un rapport s'affichera à la fin du scan.

Postes le moi stp

Puis, bien qu'il ne soi plus mis à jour:

élécharge AD-Remover (de C_XX) sur ton bureau :

ou ici : http://security-domain.be/download/AD-Remover.html


Déconnecte toi et ferme toutes applications en cours

Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
Double clique sur l'icône Ad-remover située sur ton bureau
Au menu principal choisis l'option "Scanner"( recherche)
Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


A te Lire
#43644
Rapport d'Ad-Remover :

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.sosvirus.net

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) - Lancé à 20:52:41 le 31/03/2013, Mode normal

Microsoft Windows 7 Édition Starter (X86)
Laude@LAUDE-PC (ASUSTeK Computer INC. 1005PE)

============== RECHERCHE ==============



Clé trouvée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [19.0.2 (fr)] ****

HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} (G Data BankGuard)

-- C:\Users\Laude\AppData\Roaming\Mozilla\FireFox\Profiles\bpeh77sb.default --
Prefs.js - browser.download.lastDir, C:\\Users\\Laude\\Desktop
Prefs.js - browser.startup.homepage_override.buildID, 20130307023931
Prefs.js - browser.startup.homepage_override.mstone, 19.0.2
Prefs.js - privacy.popups.showBrowserMessage, false

-- C:\Users\Work\AppData\Roaming\Mozilla\FireFox\Profiles\6tu5ju40.default --
Prefs.js - browser.startup.homepage_override.buildID, 20120614114901
Prefs.js - browser.startup.homepage_override.mstone, 13.0.1

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://asus.msn.com
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.google.com
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Users\Laude\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\Laude\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{11111111-1111-1111-1111-110211181110} - C:\Program Files\Giant Savings Extension\Giant Savings Extension.exe (x)
HKLM_ElevationPolicy\{21111111-1111-1111-1111-110211181110} - C:\Program Files\Giant Savings Extension\Giant Savings Extension-bg.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKLM_ElevationPolicy\{C8D05139-D04A-44A1-822E-6E3737CC880B} - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (x)
HKLM_ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5} - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (x)
HKLM_ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5} - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe (x)
HKLM_Extensions\{5067A26B-1337-4436-8AFE-EE169C2DA79F} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 31/03/2013 20:52:46 (3768 Octet(s))

Fin à: 20:55:15, 31/03/2013

============== E.O.F ==============


Question : le trojan peut-il bloquer mon accès au net? Pcq depuis plusieurs jours mon pc peine à se connecter et aucun autre ordi utilisant le réseau n'a le même problème.

Dans l'attente de ton prochain post
#43658
Relance (ou retélécharge) AD-Remover (de C_XX) sur ton Bureau.
Déconnecte toi et ferme toutes les applications en cours
• Double-clique sur l'icône AD-Remover
• Au menu principal, clique sur "Nettoyer"
• Confirme le lancement de l'analyse et laisse l'outil travailler
• Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Attention pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.

Tuto : http://www.commentcamarche.net/faq/8343 ... iver-l-uac

Pour un antivirus gratuit tu peut installer Avast8 ici: http://www.avast.com/fr-fr/index

A te lire
#43673
Rapport de nettoyage Ad-Remover :



======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.sosvirus.net

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) - Lancé à 22:09:45 le 31/03/2013, Mode normal

Microsoft Windows 7 Édition Starter (X86)
Laude@LAUDE-PC (ASUSTeK Computer INC. 1005PE)

============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [19.0.2 (fr)] ****

HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} (G Data BankGuard)

-- C:\Users\Laude\AppData\Roaming\Mozilla\FireFox\Profiles\bpeh77sb.default --
Prefs.js - browser.download.lastDir, C:\\Users\\Laude\\Desktop
Prefs.js - browser.startup.homepage_override.buildID, 20130307023931
Prefs.js - browser.startup.homepage_override.mstone, 19.0.2
Prefs.js - privacy.popups.showBrowserMessage, false

-- C:\Users\Work\AppData\Roaming\Mozilla\FireFox\Profiles\6tu5ju40.default --
Prefs.js - browser.startup.homepage_override.buildID, 20120614114901
Prefs.js - browser.startup.homepage_override.mstone, 13.0.1

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Users\Laude\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\Laude\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{11111111-1111-1111-1111-110211181110} - C:\Program Files\Giant Savings Extension\Giant Savings Extension.exe (x)
HKLM_ElevationPolicy\{21111111-1111-1111-1111-110211181110} - C:\Program Files\Giant Savings Extension\Giant Savings Extension-bg.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A2C4A926-ABA8-4983-817F-4EB832F995DA} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKLM_ElevationPolicy\{C8D05139-D04A-44A1-822E-6E3737CC880B} - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (x)
HKLM_ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5} - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (x)
HKLM_ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5} - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe (x)
HKLM_Extensions\{5067A26B-1337-4436-8AFE-EE169C2DA79F} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 31/03/2013 22:09:51 (4012 Octet(s))
C:\Ad-Report-SCAN[1].txt - 31/03/2013 20:52:46 (3906 Octet(s))

Fin à: 22:11:48, 31/03/2013

============== E.O.F ==============
#43690
STP

Fais également ceci:

Télécharges sur le Bureau Roguekiller ICI
et pas ailleurs.


http://up.sur-la-toile.com/4Z2Y


• Quitte tous les programmes en cours.
• Sous Vista/Seven , clic droit - lancer en tant qu'administrateur

• Sinon lance simplement RogueKiller.exe

Après le préscan cliques sur scan
Le scan fini cliques sur rapport

• Un rapport s'ouvrira (RKreport[1].txt qui se trouve également à côté de l'exécutable),
Copies/colles ce rapport.
#43697
Voici le rapport Rogue Killer :

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion- ... ntees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Laude [Droits d'admin]
Mode : Recherche -- Date : 31/03/2013 22:56:25
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) - TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) - TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) - TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) - TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) - TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\@ [-] -- TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\U -- TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\L -- TROUVÉ

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
-- C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] 77f6f9c4d6d3c27a629e9d87f9003de6
[BSP] 442f648a45215a2d5dc77f77a8b0eb62 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 102400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 125815 Mo
2 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 467386368 | Size: 10240 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 488357888 | Size: 16 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine :
RKreport[1]_S_31032013_225625.txt


Et oui, je lance UsbFix en tant qu'admin...
#43702
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion- ... ntees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Laude [Droits d'admin]
Mode : Suppression -- Date : 31/03/2013 23:09:55
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) - REMPLACÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) - REMPLACÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) - REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) - REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) - REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\@ [-] -- SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\U -- SUPPRIMÉ
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\L\00000004.@ [-] -- SUPPRIMÉ
[Del.Parent][FILE] 76603ac3 : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\L\76603ac3 [-] -- SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-203128393-3956500998-1032276984-1000\$62e18e16742a73434ddbda3b03f3baf7\L -- SUPPRIMÉ

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
-- C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] 77f6f9c4d6d3c27a629e9d87f9003de6
[BSP] 442f648a45215a2d5dc77f77a8b0eb62 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 102400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 125815 Mo
2 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 467386368 | Size: 10240 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 488357888 | Size: 16 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine :
RKreport[1]_S_31032013_225625.txt ; RKreport[2]_S_31032013_230825.txt ; RKreport[3]_D_31032013_230955.txt
#43704
On a bien travaillé


Maintenant

Supprime le rapport de zhpDiagImage qui est sur ton bureau



Puis, Tu relance ZhpDiag par double clic sur son icône Image qui est sur ton bureau


Dans sa fenêtre qui va s'afficher

Double clic sur la flèche verte Image
Afin de le mettre à jour


Et ensuite relance l'analyse comme tu l'as fais une première fois ,et poste moi aussi son rapport .

Bon courage et à te lire
#43710
Et voici le rapport ZHPDiag !

Rapport de ZHPDiag v2013.3.30.114 par Nicolas Coolman, Update du 30/03/2013
Run by Laude at 31/03/2013 23:28:41
State : Version à jour.
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Starter Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : YCJVG
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (24% free)
System Restore: Activé (Enable)
System drive C: has 39 GB (38%) free of 100 GB

---\\ Logged in mode
~ Computer Name: LAUDE-PC
~ User Name: Laude
~ All Users Names: Work, Laude, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Laude\AppData\Roaming\
~ %Desktop% : C:\Users\Laude\Desktop\
~ %Favorites% : C:\Users\Laude\Favorites\
~ %LocalAppData% : C:\Users\Laude\AppData\Local\
~ %StartMenu% : C:\Users\Laude\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 39 Go of 100 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 119 Go of 123 Go)



---\\ Security Center Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CC60CC36EF22880D349988211965C892] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/02/2013 - 17:16:46.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.6/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2471
~ Mes musiques (My Musics) : 1/919
~ Mes Videos (My Videos) : 1/42
~ Mes Favoris (My Favorites) : 1/253
~ Mes Documents (My Documents) : 3/3446
~ Mon Bureau (My Desktop) : 7/78
~ Menu demarrer (Programs) : 1/69
~ Hidden Files: Scanned in 00mn 15s



---\\ Processus lancés
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1596]
[MD5.C4FB2613D3C75364BB159B9C23A00E7A] - (...) -- C:\Windows\System32\AsusService.exe [219136] [PID.1644]
[MD5.13F2E3BF60FC1EB4E02912582C0B1E3E] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [582944] [PID.1676]
[MD5.2B1187FA3D235DFEE886F6C430454234] - (...) -- C:\windows\system32\ChgService.exe [135168] [PID.1724]
[MD5.1ACAA67676E9E7BDA5E0C41B6E0DECAF] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184] [PID.1824]
[MD5.916B8954AC3E06DC9E898AFFB41F3FB6] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344] [PID.1876]
[MD5.7548066DF68A8A1A56B043359F915F37] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.324]
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.1320]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2512]
[MD5.778B2333591E9D28063D491456DA18BE] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512] [PID.2520]
[MD5.822E6029CE5B3EBF31016860E81E2415] - (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240] [PID.2628]
[MD5.CA682FCA3221FD85075335F297CA5188] - (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424] [PID.2664]
[MD5.DB086B277728B8E01466744060B7AB42] - (...) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [803304] [PID.2672]
[MD5.710AB764FEAC87B4EB4BE3A6A5480BD0] - (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328] [PID.2724]
[MD5.A0DA0920E2C1DB9ECB644F661E78F27A] - (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688] [PID.2736]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.2904]
[MD5.6C47BA8962EB602E6FC9103FFB2596B9] - (...) -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960] [PID.3032]
[MD5.42EDE889D64D0C4F86B5403BAEEB02E0] - (.ASUSTek - SM37X HotKey Tool.) -- C:\Program Files\ASUS\LivCam\LivCam.exe [284160] [PID.3076]
[MD5.E327C3E38A6C0C176D7AE89D30E24EF4] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3356]
[MD5.A34DBFD1757548234CC8F441A51A7EDC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.3540]
[MD5.54204168C188E5104349FFCBC334036E] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.3600]
[MD5.0863A1574696B903C1FC3D4DD3CC6549] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3984]
[MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.3008]
[MD5.5E118E606E2AF56419A699210DFCF450] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Laude\AppData\Roaming\Dropbox\bin\Dropbox.exe [29106336] [PID.4028]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.2820]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.3228]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.1052]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.3864]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\windows\system32\sppsvc.exe [3179520] [PID.3624]
[MD5.0051240D50ABE7922727B1E3385DF512] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6264832] [PID.3576]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Laude\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\prefs.js
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_30 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = aboutnoadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = aboutsecurityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Clé orpheline
~ BHO: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyMon] . (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] . (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [Eee Docking] . (.Pas de propriétaire - Eee Docking Application.) -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKLM\..\Run: [LiveUpdate] . (...) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SynAsusAcpi] . (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] . (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [EeeSplendidAgent] . (...) -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
O4 - HKLM\..\Run: [LivCam] . (.ASUSTek - SM37X HotKey Tool.) -- C:\Program Files\ASUS\LivCam\LivCam.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files\ASUS\APRP\APRP.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [EfficientDiary] Clé orpheline
O4 - HKLM\..\Run: [AutorunRemover.exe] . (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe
O4 - HKCU\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-203128393-3956500998-1032276984-1000\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.exe
O4 - HKUS\S-1-5-21-203128393-3956500998-1032276984-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Program Files\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\TaskBar: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (4).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer (2).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer (4).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player (2).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player (3).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player (4).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\windows\system32\eudcedit.exe
O4 - GS\SendTo: Bluetooth File Transfer.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe
O4 - GS\Desktop: EyeSpeak 3.lnk . (...) -- C:\VPSL\EyeSpeak\VPSLUserApp.exe (.not file.)
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\Laude\AppData\Roaming\Spotify\spotify.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
~ Global Startup: Scanned in 00mn 01s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (.not file.)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} -- Clé orpheline
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Asus Launcher Service (AsusService) . (...) - C:\Windows\System32\AsusService.exe
O23 - Service: Change Modem Device Service (Change Modem Device Service) . (...) - C:\windows\system32\ChgService.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: 7 Legitimates Scanned in 00mn 16s



---\\ Enumération Active Desktop MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{B207D1AA-11BE-4083-A7F9-6BFEE79370E2}] (...) -- C:\Program Files\AVAST Software\Avast\aswRundll.exe (.not file.) [0]
~ Scheduled Task: 7 Legitimates Scanned in 00mn 05s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 13 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AsUpIO) . (...) - C:\Windows\System32\drivers\AsUpIO.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
~ Drivers: 63 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Autorun Virus Remover 3.1 - (.Autorun Remover.) [HKLM] -- Autorun Virus Remover_is1
O42 - Logiciel: Efficient Diary 3.10 - (.Efficient Software.) [HKLM] -- Efficient Diary_is1
O42 - Logiciel: Hotkey Service - (.AsusTek Computer.) [HKLM] -- {71C0E38E-09F2-4386-9977-404D4F6640CD}
O42 - Logiciel: Java(TM) 6 Update 30 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216030FF}
O42 - Logiciel: LiveUpdate - (.Asus.) [HKLM] -- {38E5A3B1-ADF1-47E0-8024-76310A30EB36}
O42 - Logiciel: Super Hybrid Engine - (.AsusTek Computer.) [HKLM] -- {88F08F98-12BC-4613-81A2-8F9B88CFC73E}
~ Logic: 87 Legitimates Scanned in 00mn 01s



---\\ HKCU HKLM Software Keys
[HKCU\Software\3M]
[HKCU\Software\BBL]
[HKCU\Software\BlokkerBEFR]
[HKCU\Software\SystemSafe]
[HKCU\Software\WM61 Application]
[HKCU\Software\WebEx]
[HKLM\Software\3M]
[HKLM\Software\PC Manager]
[HKLM\Software\SystemSafe]
~ Key Software: 156 Legitimates Scanned in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/02/2013 - 21:26:38 - [12,122] ----D C:\Program Files\AutorunRemover
O43 - CFD: 6/01/2010 - 23:53:25 - [0,000] ----D C:\Program Files\EBI
O43 - CFD: 30/01/2013 - 17:44:39 - [21,132] ----D C:\Program Files\Efficient Diary
O43 - CFD: 19/01/2012 - 21:40:35 - [0,007] ----D C:\ProgramData\AVG10
O43 - CFD: 2/03/2011 - 23:00:15 - [0,328] ----D C:\ProgramData\Comodo
O43 - CFD: 6/01/2010 - 23:53:32 - [0] ----D C:\ProgramData\EBI
O43 - CFD: 3/09/2010 - 15:22:31 - [0,145] ----D C:\ProgramData\FileCure
O43 - CFD: 6/01/2010 - 23:53:32 - [0] ----D C:\ProgramData\RSMR
O43 - CFD: 31/01/2013 - 16:11:20 - [39,556] ----D C:\ProgramData\WebEx
O43 - CFD: 25/02/2013 - 23:33:19 - [0,010] ----D C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
O43 - CFD: 7/07/2011 - 11:35:21 - [0] -SH-D C:\Users\Laude\AppData\Roaming\.#
O43 - CFD: 20/07/2010 - 18:49:43 - [0,026] ----D C:\Users\Laude\AppData\Roaming\3M
O43 - CFD: 25/02/2013 - 23:21:25 - [3,913] ----D C:\Users\Laude\AppData\Roaming\Azureus
O43 - CFD: 30/01/2013 - 17:45:10 - [0,002] ----D C:\Users\Laude\AppData\Roaming\Efficient Diary
O43 - CFD: 31/01/2013 - 16:11:40 - [0,183] ----D C:\Users\Laude\AppData\Roaming\webex
O43 - CFD: 16/12/2010 - 19:09:40 - [0,109] ----D C:\Users\Laude\AppData\Local\Blokker Service Photo
~ Program Folder: 175 Legitimates Scanned in 00mn 39s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7D7CB244981D17EF54E21D00B4A091BA] - 31/03/2013 - 21:35:14 ---A- . (...) -- C:\Windows\ntbtlog.txt [1974400]
O44 - LFC:[MD5.C8EBCBB4227E64954354FEB6A61ACD3C] - 31/03/2013 - 21:24:14 ---A- . (...) -- C:\UsbFix [Clean 4] LAUDE-PC.txt [5904]
O44 - LFC:[MD5.FBFC7D54D8C4DDE35A8A421BD58F5B63] - 31/03/2013 - 21:11:48 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [4216]
O44 - LFC:[MD5.69725A1D59EA998AC1D8EE42AF4A9423] - 31/03/2013 - 19:55:15 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [3906]
O44 - LFC:[MD5.1E9E0F8A5AC11BD8C9E9163DF013ADD5] - 31/03/2013 - 17:29:54 ---A- . (...) -- C:\UsbFix [Clean 2] LAUDE-PC.txt [6756]
O44 - LFC:[MD5.AF058DA70FAAFCD95AFECF5BC1C80162] - 30/03/2013 - 15:56:30 ---A- . (...) -- C:\UsbFix [Clean 1] LAUDE-PC.txt [6295]
O44 - LFC:[MD5.7CA48AE9A6DD783230CFA5318D08149C] - 30/03/2013 - 15:55:21 ---A- . (...) -- C:\UsbFix [Scan 2] LAUDE-PC.txt [7995]
O44 - LFC:[MD5.C6B09EAB4B8A9CD388B8B79E45202362] - 29/03/2013 - 12:56:10 ---A- . (...) -- C:\UsbFix [Scan 1] LAUDE-PC.txt [8034]
O44 - LFC:[MD5.87F8BD64B87FFE16EF8A220040ABDB13] - 29/03/2013 - 10:29:38 ---A- . (...) -- C:\AdwCleaner[S2].txt [6993]
O44 - LFC:[MD5.312115ADEAACE40732F26655311B4E1D] - 29/03/2013 - 10:28:30 ---A- . (...) -- C:\AdwCleaner[S1].txt [339]
~ Files: 41 Legitimates Scanned in 00mn 06s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{62fca72e-fe0f-11e0-b582-001e101f63cf}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{b3f56a56-fdd7-11e0-b5bd-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{b3f56bde-fdd7-11e0-b5bd-1c4bd604e844}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{c70c6579-ffaa-11e0-b599-1c4bd604e844}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\egui [Key] . (...) -- C:\Program Files\ESET\ESET Smart Security\egui.exe (.not file.)
~ SMSR Keys: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 6/07/2009 - C:\Windows\System32\drivers\AsUpIO.sys - AsUpIO (AsUpIO) .(...) - LEGACY_ASUPIO
O64 - Services: CurCS - 25/02/2013 - C:\windows\system32\drivers\efavdrv.sys (efavdrv) .(.ESET - ESET Helper driver.) - LEGACY_EFAVDRV
~ Legacy: 87 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Laude - bpeh77sb.default] user_pref("extensions.crossrider.bic", "13d12ca293e132b2dffdd3f13b8da97b");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {1E909603-A8D2-4935-BBEA-951627F94AB4} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 30 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.850FF033A5E28039B8886EF816381076] [SPRF][20/07/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.7B1CCF92FCBF56B8B5B4F7A90BB1C28C] [SPRF][20/09/2011] (...) -- C:\Users\Laude\AppData\Local\PC Manager Prof.dat [100]
[MD5.4177542B29ADFECD68F19881EAD41958] [SPRF][31/03/2013] (...) -- C:\Users\Laude\AppData\Local\Temp\dump.dat [1576960]
[MD5.2FF9B590342C62748885D459D082295F] [SPRF][20/03/2013] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 11.0 r1.) -- C:\Users\Laude\AppData\Local\Temp\InstallFlashPlayer.exe [89248]
[MD5.3AE0F11F3D91179443113CAB0F94F944] [SPRF][25/02/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Laude\AppData\Local\Temp\uninst1.exe [372736]
[MD5.3D8EAA89CC4B9734E50EEA0F486DDBFF] [SPRF][16/12/2010] (...) -- C:\Users\Laude\AppData\Roaming\mdbu.bin [19]
[MD5.7CAFF04B9DF4DB1D9C44D08CCA5A4E60] [SPRF][26/10/2010] (...) -- C:\Users\Laude\AppData\Roaming\wklnhst.dat [100]
[MD5.EC4961D7E0F6ACEF4E8446E062048D88] [SPRF][29/03/2013] (...) -- C:\Users\Laude\Desktop\AdwCleaner.exe [609993]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][29/03/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\Laude\Desktop\mbam-setup-1.70.0.1100.exe [10156344]
[MD5.7631C1E707B6FD51A158E765A2AAAFAD] [SPRF][28/03/2013] (.Microsoft Corporation - Microsoft Support Emergency Response Tool.) -- C:\Users\Laude\Desktop\msert.exe [81655448]
[MD5.1CD51AE9BCEAC9F0CEE159821A1817B8] [SPRF][31/03/2013] (...) -- C:\Users\Laude\Desktop\RogueKiller.exe [816128]
[MD5.24E2A902EAF35D02DF63786C57DE60A2] [SPRF][29/03/2013] (.El Desaparecido - SosVirus.org - UsbFix - Remove malware from yours drive!.) -- C:\Users\Laude\Desktop\UsbFix.exe [1024206]
[MD5.5FAB3F189D61A8A61E7BDE2513F72261] [SPRF][31/03/2013] (.El Desaparecido - SosVirus.org - UsbFix - Remove malware from yours drive!.) -- C:\Users\Laude\Desktop\UsbFix2.exe [1024813]
~ Files: Scanned in 00mn 01s



---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 152 Legitimates Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11349 - (30/03/2013)
Clés trouvées (Keys found) : 27
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Classes\AppID\{937936af-28ca-4973-b8ae-f250406149a2}] =Adware.BHO
[HKLM\Software\Classes\TypeLib\{937936af-28ca-4973-b8ae-f250406149a2}] =Adware.BHO
[HKLM\Software\Classes\Installer\Features\07C72D7F5F099B941B88A031C3C03E35] =Toolbar.Agent
[HKLM\Software\Classes\Installer\Products\07C72D7F5F099B941B88A031C3C03E35] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07C72D7F5F099B941B88A031C3C03E35] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7D27C70-90F5-49B9-B188-0A133C0CE353}] =Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}] =Adware.VidSaver
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =PUP.Dealio
[HKLM\Software\Classes\ToolBand.EasyHideBtn] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.EasyHideBtn.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.Localizer] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.Localizer.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighter] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighter.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SkypeIEHelper] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SkypeIEHelper.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SNameProxy] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SNameProxy.1] =Toolbar.Agent
C:\Users\Laude\AppData\Local\Temp\uninst1.exe =Toolbar.Babylon
~ Additionnel: Scanned in 01mn 33s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "1B3A5E831FDA0E7408426713A003BE63" . (.LiveUpdate.) -- C:\Windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\ARPPRODUCTICON.exe
O90 - PUC: "3AAC9E57633BD93458BFC7B7A2ACA161" . (.LivCam.) -- C:\Windows\Installer\{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}\ARPPRODUCTICON.exe
~ Update Products: 115 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 219136 | (AsusService) . (...) - C:\Windows\System32\AsusService.exe
SR - | Auto 3/08/2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 135168 | (Change Modem Device Service) . (...) - C:\windows\system32\ChgService.exe
SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 5/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



End of the scan (669 lines in 03mn 39s)(0)
#43746
Bonjour ,et bon Dimanche de pâques ,

En premier Mets à jour Java ici: http://www.java.com/fr/download/installed.jsp

Puis une question stp: Que fais'tu avec le P2P Azureus ???

Sache ceci: http://forum.malekal.com/les-dangers-pe ... t3208.html

Lis également ceci source de ralentissement et d'infections : http://forum.malekal.com/les-toolbars-e ... t6173.html

TU me diras si tu es d'accord de supprimer Azureus par la suite ??

Maintenant fais ce qui suit:

Attention , se Script a étais spécialement crée en fonction des infections présente sur se pc , il ne doit être en aucun cas utiliser/reproduit sur un autre ordinateur





* Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )



-------------------------------------------

SysRestore
O69 - SBI: prefs.js [Laude - bpeh77sb.default] user_pref("extensions.crossrider.bic", "13d12ca293e132b2dffdd3f13b8da97b");
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost. [MD5.3AE0F11F3D91179443113CAB0F94F944] [SPRF][25/02/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Laude\AppData\Local\Temp\uninst1.exe [372736] [HKLM\Software\Classes\AppID\{937936af-28ca-4973-b8ae-f250406149a2}]
[HKLM\Software\Classes\TypeLib\{937936af-28ca-4973-b8ae-f250406149a2}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] C:\Users\Laude\AppData\Local\Temp\uninst1.exe
O4 - HKLM\..\Run: [EfficientDiary] Clé orpheline
O4 - GS\Desktop: EyeSpeak 3.lnk . (...) -- C:\VPSL\EyeSpeak\VPSLUserApp.exe (.not file.)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
O44 - LFC:[MD5.FBFC7D54D8C4DDE35A8A421BD58F5B63] - 31/03/2013 - 21:11:48 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [4216]
O44 - LFC:[MD5.69725A1D59EA998AC1D8EE42AF4A9423] - 31/03/2013 - 19:55:15 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [3906]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
[HKLM\Software\Classes\Installer\Features\07C72D7F5F099B941B88A031C3C03E35]
[HKLM\Software\Classes\Installer\Products\07C72D7F5F099B941B88A031C3C03E35] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07C72D7F5F099B941B88A031C3C03E35] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7D27C70-90F5-49B9-B188-0A133C0CE353}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKLM\Software\Classes\ToolBand.EasyHideBtn] [HKLM\Software\Classes\ToolBand.EasyHideBtn.1] [HKLM\Software\Classes\ToolBand.Localizer] [HKLM\Software\Classes\ToolBand.Localizer.1] [HKLM\Software\Classes\ToolBand.NameHighlighter] [HKLM\Software\Classes\ToolBand.NameHighlighter.1] [HKLM\Software\Classes\ToolBand.NameHighlighterStatistics] [HKLM\Software\Classes\ToolBand.NameHighlighterStatistics.1] [HKLM\Software\Classes\ToolBand.SkypeIEHelper] [HKLM\Software\Classes\ToolBand.SkypeIEHelper.1] [HKLM\Software\Classes\ToolBand.SNameProxy]
[HKLM\Software\Classes\ToolBand.SNameProxy.1]
ProxyFix ..
EmptyTemp
EmptyFlash
FrewallRaz


-------------------------------------------

Puis Lance ZHPFix depuis le raccourci du bureau .par un Double clique (clique droit pour VISTA/7) sur son icône Image présente sur ton bureau



* Une fois l'outil ZHPFix ouvert , clique sur ce bouton :Image



* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .



Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.




les lignes ci-dessus sont celles qui doivent apparaître dans la fenêtre de ZHPFix. Si ce n'est pas le cas, ne surtout pas cliquer sur le bouton GO.
Il faut veiller à bien copier les lignes.






* Clique sur ce bouton Image pour lancer le nettoyage



N.B.Il arrive que l'outil que tu vas utiliser ferme le processus "explorer.exe".
Il est possible qu'après son exécution, ton bureau reste sans icône et sans barre des tâches.


Pas de panique !! il suffit de relancer explorer.exe



Pour cela, tu presseras simultanément ctrl+alt+suppr pour ouvrir le gestionnaire de tâches


Une fois dans le gestionnaire, tu cliqueras sur "fichier" et sur "nouvelle tâche"


Dans le champ de saisie, tu taperas explorer.exe et tu cliqueras sur OK
Tout redeviendra normal

Puis pour une dernière vérification




Supprime le rapport de zhpDiagImage qui est sur ton bureau



Puis, Tu relance ZhpDiag par double clic sur son icône Image qui est sur ton bureau


Dans sa fenêtre qui va s'afficher

Double clic sur la flèche verte Image
Afin de le mettre à jour


Et ensuite relance l'analyse comme tu l'as fais une première fois ,et poste moi aussi son rapport .

J'attend deux rapports merci

Bon courage et à te lire





Bon courage et à te lire

#43756
Pour Azureus : ca fait un moment qu'il est installé et qu'il n'a pas été utilisé. Ce pc a toujours été un pc "communautaire" donc ça a du être installé par qqun pr du téléchargement je suppose. Je suis tout-à-fait d'acc de le supprimer proprement

Pour les rapports, comme tu ne l'as pas précisé, je suppose que tu veux dans un premier temps le rapport de nettoyage? Le voici :

Nettoyage :

Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-1-04-2013-12-05-08.txt
Run by Laude at 1/04/2013 12:05:03
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit (Build 7600)

Corbeille vidée

========== Clé(s) du Registre ==========
SUPPRIME Key: HKLM\Software\Classes\TypeLib\{937936af-28ca-4973-b8ae-f250406149a2}
SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}
SUPPRIME Key: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SUPPRIME Key: HKLM\Software\Classes\Installer\Features\07C72D7F5F099B941B88A031C3C03E35
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SUPPRIME Key: HKLM\Software\Classes\ToolBand.SNameProxy.1

========== Valeur(s) du Registre ==========
ABSENT IFC: [FEATURE_BROWSER_EMULATION4] [SPRF][25/02/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Laude\AppData\Local\Temp\uninst1.exe [372736] [HKLM\Softwa] svchost. [MD5.3AE0F11F3D91179443113CAB0F94F944] [SPRF][25/02/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Laude\AppData\Local\Temp\uninst1.exe [372736] [HKLM\Softwa
SUPPRIME RunValue: EfficientDiary
ProxyFix : Configuration proxy supprimée avec succès
SUPPRIME ProxyServer Value
SUPPRIME ProxyEnable Value
SUPPRIME EnableHttp1_1 Value
SUPPRIME ProxyHttp1.1 Value
SUPPRIME ProxyOverride Value

========== Préférences navigateur ==========
SUPPRIME Mozilla Pref: user_pref("extensions.crossrider.bic", "13d12ca293e132b2dffdd3f13b8da97b");

========== Dossier(s) ==========
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies

========== Fichier(s) ==========
ABSENT File: c:\users\laude\desktop\eyespeak 3.lnk
ABSENT File: c:\vpsl\eyespeak\vpsluserapp.exe
SUPPRIME File: c:\ad-report-clean[1].txt
SUPPRIME File: c:\ad-report-scan[1].txt
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies

========== Restauration Système ==========
Point de restauration du système créé avec succès

========== Autre ==========
NON TRAITE [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] [HKLM\Softwar
NON TRAITE [HKLM\Software\Classes\Installer\Products\07C72D7F5F099B941B88A031C3C03E35] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07C72D7F5F099B941B88A031C3C03E35] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F
NON TRAITE [HKLM\Software\Classes\ToolBand.EasyHideBtn] [HKLM\Software\Classes\ToolBand.EasyHideBtn.1] [HKLM\Software\Classes\ToolBand.Localizer] [HKLM\Software\Classes\ToolBand.Localizer.1] [HKLM\Software\Classes\ToolBand.NameHighlighter] [HKLM\Software\Classes\Too
NON TRAITE FrewallRaz


========== Récapitulatif ==========
7 : Clé(s) du Registre
8 : Valeur(s) du Registre
2 : Dossier(s)
6 : Fichier(s)
1 : Préférences navigateur
1 : Restauration Système
4 : Autre


End of clean in 00mn 54s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 1/04/2013 12:05:08 [3294]


Le deuxième arrive dans la foulée.
#43759
Et le rapport ZHPDiag :

Rapport de ZHPDiag v2013.3.31.116 par Nicolas Coolman, Update du 31/03/2013
Run by Laude at 1/04/2013 12:20:09
State : Version à jour.
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Starter Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : YCJVG
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 39 GB (38%) free of 100 GB

---\\ Logged in mode
~ Computer Name: LAUDE-PC
~ User Name: Laude
~ All Users Names: Work, Laude, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Laude\AppData\Roaming\
~ %Desktop% : C:\Users\Laude\Desktop\
~ %Favorites% : C:\Users\Laude\Favorites\
~ %LocalAppData% : C:\Users\Laude\AppData\Local\
~ %StartMenu% : C:\Users\Laude\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 39 Go of 100 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 119 Go of 123 Go)



---\\ Security Center Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CC60CC36EF22880D349988211965C892] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/02/2013 - 17:16:46.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.6/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2471
~ Mes musiques (My Musics) : 1/919
~ Mes Videos (My Videos) : 1/42
~ Mes Favoris (My Favorites) : 1/253
~ Mes Documents (My Documents) : 3/14
~ Mon Bureau (My Desktop) : 7/80
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 08s



---\\ Processus lancés
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.2088]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2304]
[MD5.778B2333591E9D28063D491456DA18BE] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512] [PID.2324]
[MD5.822E6029CE5B3EBF31016860E81E2415] - (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240] [PID.2444]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.2460]
[MD5.6C47BA8962EB602E6FC9103FFB2596B9] - (...) -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960] [PID.2492]
[MD5.42EDE889D64D0C4F86B5403BAEEB02E0] - (.ASUSTek - SM37X HotKey Tool.) -- C:\Program Files\ASUS\LivCam\LivCam.exe [284160] [PID.2520]
[MD5.A34DBFD1757548234CC8F441A51A7EDC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2652]
[MD5.54204168C188E5104349FFCBC334036E] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2676]
[MD5.0863A1574696B903C1FC3D4DD3CC6549] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2836]
[MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.2860]
[MD5.5E118E606E2AF56419A699210DFCF450] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Laude\AppData\Roaming\Dropbox\bin\Dropbox.exe [29106336] [PID.2944]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.2976]
[MD5.E327C3E38A6C0C176D7AE89D30E24EF4] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3240]
[MD5.AD7E37EFF04D3B1DE2F8D78881A435BC] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe [2726912] [PID.2024]
[MD5.CC5CFE5A9C826B934DC3BE176617E182] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6306816] [PID.3580]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Laude\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\prefs.js
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.17.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.17.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.17.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = aboutnoadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = aboutsecurityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Clé orpheline
~ BHO: 7 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyMon] . (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] . (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [Eee Docking] . (.Pas de propriétaire - Eee Docking Application.) -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKLM\..\Run: [LiveUpdate] . (...) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SynAsusAcpi] . (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] . (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [EeeSplendidAgent] . (...) -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
O4 - HKLM\..\Run: [LivCam] . (.ASUSTek - SM37X HotKey Tool.) -- C:\Program Files\ASUS\LivCam\LivCam.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files\ASUS\APRP\APRP.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [AutorunRemover.exe] . (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-203128393-3956500998-1032276984-1000\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.exe
O4 - HKUS\S-1-5-21-203128393-3956500998-1032276984-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (4).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer (2).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer (4).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player (2).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player (3).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player (4).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\windows\system32\eudcedit.exe
O4 - GS\SendTo: Bluetooth File Transfer.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe
O4 - GS\Desktop: EyeSpeak 3.lnk . (...) -- C:\VPSL\EyeSpeak\VPSLUserApp.exe (.not file.)
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\Laude\AppData\Roaming\Spotify\spotify.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
~ Global Startup: Scanned in 00mn 01s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (.not file.)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} -- Clé orpheline
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9D1283D-62E1-45B3-8EC5-2FDBB14ABD41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E9D1283D-62E1-45B3-8EC5-2FDBB14ABD41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E9D1283D-62E1-45B3-8EC5-2FDBB14ABD41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Asus Launcher Service (AsusService) . (...) - C:\Windows\System32\AsusService.exe
O23 - Service: Change Modem Device Service (Change Modem Device Service) . (...) - C:\windows\system32\ChgService.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: 7 Legitimates Scanned in 00mn 22s



---\\ Enumération Active Desktop MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{B207D1AA-11BE-4083-A7F9-6BFEE79370E2}] (...) -- C:\Program Files\AVAST Software\Avast\aswRundll.exe (.not file.) [0]
~ Scheduled Task: 7 Legitimates Scanned in 00mn 05s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 13 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AsUpIO) . (...) - C:\Windows\System32\drivers\AsUpIO.sys
~ Drivers: 63 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Autorun Virus Remover 3.1 - (.Autorun Remover.) [HKLM] -- Autorun Virus Remover_is1
O42 - Logiciel: Efficient Diary 3.10 - (.Efficient Software.) [HKLM] -- Efficient Diary_is1
O42 - Logiciel: Hotkey Service - (.AsusTek Computer.) [HKLM] -- {71C0E38E-09F2-4386-9977-404D4F6640CD}
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Java(TM) 6 Update 30 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216030FF}
O42 - Logiciel: LiveUpdate - (.Asus.) [HKLM] -- {38E5A3B1-ADF1-47E0-8024-76310A30EB36}
O42 - Logiciel: Super Hybrid Engine - (.AsusTek Computer.) [HKLM] -- {88F08F98-12BC-4613-81A2-8F9B88CFC73E}
~ Logic: 88 Legitimates Scanned in 00mn 01s



---\\ HKCU HKLM Software Keys
[HKCU\Software\3M]
[HKCU\Software\BBL]
[HKCU\Software\BlokkerBEFR]
[HKCU\Software\SystemSafe]
[HKCU\Software\WM61 Application]
[HKCU\Software\WebEx]
[HKLM\Software\3M]
[HKLM\Software\PC Manager]
[HKLM\Software\SystemSafe]
~ Key Software: 157 Legitimates Scanned in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/02/2013 - 21:26:38 - [12,122] ----D C:\Program Files\AutorunRemover
O43 - CFD: 6/01/2010 - 23:53:25 - [0,000] ----D C:\Program Files\EBI
O43 - CFD: 30/01/2013 - 17:44:39 - [21,132] ----D C:\Program Files\Efficient Diary
O43 - CFD: 19/01/2012 - 21:40:35 - [0,007] ----D C:\ProgramData\AVG10
O43 - CFD: 2/03/2011 - 23:00:15 - [0,328] ----D C:\ProgramData\Comodo
O43 - CFD: 6/01/2010 - 23:53:32 - [0] ----D C:\ProgramData\EBI
O43 - CFD: 3/09/2010 - 15:22:31 - [0,145] ----D C:\ProgramData\FileCure
O43 - CFD: 6/01/2010 - 23:53:32 - [0] ----D C:\ProgramData\RSMR
O43 - CFD: 31/01/2013 - 16:11:20 - [39,556] ----D C:\ProgramData\WebEx
O43 - CFD: 20/07/2010 - 18:49:43 - [0,026] ----D C:\Users\Laude\AppData\Roaming\3M
O43 - CFD: 25/02/2013 - 23:21:25 - [3,913] ----D C:\Users\Laude\AppData\Roaming\Azureus
O43 - CFD: 30/01/2013 - 17:45:10 - [0,002] ----D C:\Users\Laude\AppData\Roaming\Efficient Diary
O43 - CFD: 31/01/2013 - 16:11:40 - [0,183] ----D C:\Users\Laude\AppData\Roaming\webex
O43 - CFD: 16/12/2010 - 19:09:40 - [0,109] ----D C:\Users\Laude\AppData\Local\Blokker Service Photo
~ Program Folder: 177 Legitimates Scanned in 00mn 11s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7D7CB244981D17EF54E21D00B4A091BA] - 31/03/2013 - 21:35:14 ---A- . (...) -- C:\Windows\ntbtlog.txt [1974400]
O44 - LFC:[MD5.C8EBCBB4227E64954354FEB6A61ACD3C] - 31/03/2013 - 21:24:14 ---A- . (...) -- C:\UsbFix [Clean 4] LAUDE-PC.txt [5904]
O44 - LFC:[MD5.1E9E0F8A5AC11BD8C9E9163DF013ADD5] - 31/03/2013 - 17:29:54 ---A- . (...) -- C:\UsbFix [Clean 2] LAUDE-PC.txt [6756]
O44 - LFC:[MD5.AF058DA70FAAFCD95AFECF5BC1C80162] - 30/03/2013 - 15:56:30 ---A- . (...) -- C:\UsbFix [Clean 1] LAUDE-PC.txt [6295]
O44 - LFC:[MD5.7CA48AE9A6DD783230CFA5318D08149C] - 30/03/2013 - 15:55:21 ---A- . (...) -- C:\UsbFix [Scan 2] LAUDE-PC.txt [7995]
O44 - LFC:[MD5.C6B09EAB4B8A9CD388B8B79E45202362] - 29/03/2013 - 12:56:10 ---A- . (...) -- C:\UsbFix [Scan 1] LAUDE-PC.txt [8034]
O44 - LFC:[MD5.87F8BD64B87FFE16EF8A220040ABDB13] - 29/03/2013 - 10:29:38 ---A- . (...) -- C:\AdwCleaner[S2].txt [6993]
O44 - LFC:[MD5.312115ADEAACE40732F26655311B4E1D] - 29/03/2013 - 10:28:30 ---A- . (...) -- C:\AdwCleaner[S1].txt [339]
~ Files: 45 Legitimates Scanned in 00mn 05s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{62fca72e-fe0f-11e0-b582-001e101f63cf}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{b3f56a56-fdd7-11e0-b5bd-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{b3f56bde-fdd7-11e0-b5bd-1c4bd604e844}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{c70c6579-ffaa-11e0-b599-1c4bd604e844}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\egui [Key] . (...) -- C:\Program Files\ESET\ESET Smart Security\egui.exe (.not file.)
~ SMSR Keys: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 6/07/2009 - C:\Windows\System32\drivers\AsUpIO.sys - AsUpIO (AsUpIO) .(...) - LEGACY_ASUPIO
O64 - Services: CurCS - 25/02/2013 - C:\windows\system32\drivers\efavdrv.sys (efavdrv) .(.ESET - ESET Helper driver.) - LEGACY_EFAVDRV
~ Legacy: 87 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {1E909603-A8D2-4935-BBEA-951627F94AB4} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 30 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.850FF033A5E28039B8886EF816381076] [SPRF][20/07/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.7B1CCF92FCBF56B8B5B4F7A90BB1C28C] [SPRF][20/09/2011] (...) -- C:\Users\Laude\AppData\Local\PC Manager Prof.dat [100]
[MD5.3D8EAA89CC4B9734E50EEA0F486DDBFF] [SPRF][16/12/2010] (...) -- C:\Users\Laude\AppData\Roaming\mdbu.bin [19]
[MD5.7CAFF04B9DF4DB1D9C44D08CCA5A4E60] [SPRF][26/10/2010] (...) -- C:\Users\Laude\AppData\Roaming\wklnhst.dat [100]
[MD5.EC4961D7E0F6ACEF4E8446E062048D88] [SPRF][29/03/2013] (...) -- C:\Users\Laude\Desktop\AdwCleaner.exe [609993]
[MD5.BC3947330CDE58AAB7E538BD204864E3] [SPRF][1/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Laude\Desktop\jxpiinstall.exe [896928]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][29/03/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\Laude\Desktop\mbam-setup-1.70.0.1100.exe [10156344]
[MD5.7631C1E707B6FD51A158E765A2AAAFAD] [SPRF][28/03/2013] (.Microsoft Corporation - Microsoft Support Emergency Response Tool.) -- C:\Users\Laude\Desktop\msert.exe [81655448]
[MD5.1CD51AE9BCEAC9F0CEE159821A1817B8] [SPRF][31/03/2013] (...) -- C:\Users\Laude\Desktop\RogueKiller.exe [816128]
[MD5.24E2A902EAF35D02DF63786C57DE60A2] [SPRF][29/03/2013] (.El Desaparecido - SosVirus.org - UsbFix - Remove malware from yours drive!.) -- C:\Users\Laude\Desktop\UsbFix.exe [1024206]
[MD5.5FAB3F189D61A8A61E7BDE2513F72261] [SPRF][31/03/2013] (.El Desaparecido - SosVirus.org - UsbFix - Remove malware from yours drive!.) -- C:\Users\Laude\Desktop\UsbFix2.exe [1024813]
~ Files: Scanned in 00mn 01s



---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 152 Legitimates Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11349 - (31/03/2013)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\AppID\{937936af-28ca-4973-b8ae-f250406149a2}] =Adware.BHO
[HKLM\Software\Classes\Installer\Products\07C72D7F5F099B941B88A031C3C03E35] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07C72D7F5F099B941B88A031C3C03E35] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7D27C70-90F5-49B9-B188-0A133C0CE353}] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =PUP.Dealio
[HKLM\Software\Classes\ToolBand.EasyHideBtn] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.EasyHideBtn.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.Localizer] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.Localizer.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighter] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighter.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SkypeIEHelper] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SkypeIEHelper.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SNameProxy] =Toolbar.Agent
~ Additionnel: Scanned in 01mn 17s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "1B3A5E831FDA0E7408426713A003BE63" . (.LiveUpdate.) -- C:\Windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\ARPPRODUCTICON.exe
O90 - PUC: "3AAC9E57633BD93458BFC7B7A2ACA161" . (.LivCam.) -- C:\Windows\Installer\{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}\ARPPRODUCTICON.exe
~ Update Products: 117 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 219136 | (AsusService) . (...) - C:\Windows\System32\AsusService.exe
SR - | Auto 3/08/2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 135168 | (Change Modem Device Service) . (...) - C:\windows\system32\ChgService.exe
SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 5/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s



End of the scan (635 lines in 02mn 56s)(0)
#43770
RE ,

Coriace il en reste

Téléchargez Defogger (de jpshortstuff) sur votre bureau puis lancez-le.
Une fenêtre apparait : cliquez sur "Disable".
Faites redémarrer l'ordinateur si l'outil vous le demande.
Note : Vous pourrez réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable".



Ré-activation
Lancez Deffoger.
Une fenêtre apparait : cliquez sur "Re-Enable".
Faites redémarrer l'ordinateur si l'outil vous le demande.



Puis :

Télécharge sur ton bureau TdssKiller de kaspersky , décompresse le et exécute le , un rapport sera crée ici:

C:\TDSSKillerVersion_Date_Time_log.txt.
(Vista/Seven -- Faire un clique droit sur tdsskiller.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".

Execute le , La fenêtre suivante va s'ouvrir :


Image



Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:


Image



Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

Si Suspicious file est indiqué, laisse l'option cochée sur Skip

Clique sur Continue puis sur Reboot now pour redémarrer le PC.

Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

Tutoriel-- http://support.kaspersky.com/viruses/so ... =208280684


A te lire ne désespère pas on va y arriver
#43776
Disable pour deffoger,puis tdsskiller
puis tu me poste le rapport

Ensuite je te ferais faire une autre analyse pur tes clefs usb

Ensuite Deffoger en mode re-enable

puis

Flash_Disinfector

Télécharger Flash_Disinfector (de sUBs) sur le Bureau :

http://download.bleepingcomputer.com/sU ... fector.exeFlash_Disinfector

Note : Ce programme risque de déclencher une alerte de l'antivirus : si c'est le cas, il faut le désactiver temporairement, c'est une fausse alerte.
Double-cliquer sur Flash_Disinfector.exe pour le lancer.
Si la clé n'est pas introduite, il sera demandé de la connecter.
Quand le message : "Plug in your flash drive clic Ok to begin disinfection" apparaîtra :
connecter les clés USB et/ou périphériques USB externes susceptibles d'avoir été infectés.
Puis cliquer sur OK
Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: "Finish"
Appuyer ensuite sur "OK", pour faire réapparaître le bureau.


Ensuite refais moi un nouveau zhpDiag
et poste moi le rapport stp

Merci de ta compréhension
#43805
rapport :

20:28:16.0436 6024 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:28:18.0511 6024 ============================================================
20:28:18.0511 6024 Current date / time: 2013/04/01 20:28:18.0511
20:28:18.0511 6024 SystemInfo:
20:28:18.0511 6024
20:28:18.0511 6024 OS Version: 6.1.7600 ServicePack: 0.0
20:28:18.0511 6024 Product type: Workstation
20:28:18.0511 6024 ComputerName: LAUDE-PC
20:28:18.0511 6024 UserName: Laude
20:28:18.0511 6024 Windows directory: C:\windows
20:28:18.0511 6024 System windows directory: C:\windows
20:28:18.0511 6024 Processor architecture: Intel x86
20:28:18.0511 6024 Number of processors: 2
20:28:18.0511 6024 Page size: 0x1000
20:28:18.0511 6024 Boot type: Normal boot
20:28:18.0511 6024 ============================================================
20:28:19.0884 6024 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:28:19.0962 6024 ============================================================
20:28:19.0962 6024 \Device\Harddisk0\DR0:
20:28:19.0962 6024 MBR partitions:
20:28:19.0962 6024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
20:28:19.0962 6024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xF5BB800
20:28:19.0962 6024 ============================================================
20:28:20.0024 6024 C: \Device\Harddisk0\DR0\Partition1
20:28:20.0055 6024 D: \Device\Harddisk0\DR0\Partition2
20:28:20.0133 6024 ============================================================
20:28:20.0133 6024 Initialize success
20:28:20.0133 6024 ============================================================
20:28:22.0411 1304 ============================================================
20:28:22.0411 1304 Scan started
20:28:22.0411 1304 Mode: Manual;
20:28:22.0411 1304 ============================================================
20:28:24.0532 1304 ================ Scan system memory ========================
20:28:24.0532 1304 Scan interrupted by user!
20:28:24.0532 1304 ================ Scan services =============================
20:28:24.0532 1304 Scan interrupted by user!
20:28:24.0532 1304 ================ Scan global ===============================
20:28:24.0532 1304 Scan interrupted by user!
20:28:24.0532 1304 ================ Scan MBR ==================================
20:28:24.0532 1304 Scan interrupted by user!
20:28:24.0532 1304 ================ Scan VBR ==================================
20:28:24.0532 1304 Scan interrupted by user!
20:28:24.0532 1304 ============================================================
20:28:24.0532 1304 Scan finished
20:28:24.0532 1304 ============================================================
20:28:24.0579 1424 Detected object count: 0
20:28:24.0579 1424 Actual detected object count: 0
20:28:32.0707 5588 ============================================================
20:28:32.0707 5588 Scan started
20:28:32.0707 5588 Mode: Manual; SigCheck; TDLFS;
20:28:32.0707 5588 ============================================================
20:28:32.0894 5588 ================ Scan system memory ========================
20:28:32.0894 5588 System memory - ok
20:28:32.0894 5588 ================ Scan services =============================
20:28:33.0066 5588 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
20:28:33.0331 5588 1394ohci - ok
20:28:33.0393 5588 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
20:28:33.0424 5588 ACPI - ok
20:28:33.0471 5588 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
20:28:33.0565 5588 AcpiPmi - ok
20:28:33.0658 5588 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:28:33.0721 5588 AdobeARMservice - ok
20:28:33.0814 5588 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:28:33.0877 5588 AdobeFlashPlayerUpdateSvc - ok
20:28:33.0939 5588 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
20:28:34.0048 5588 adp94xx - ok
20:28:34.0095 5588 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
20:28:34.0189 5588 adpahci - ok
20:28:34.0220 5588 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
20:28:34.0282 5588 adpu320 - ok
20:28:34.0360 5588 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:28:34.0501 5588 AeLookupSvc - ok
20:28:34.0563 5588 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
20:28:34.0688 5588 AFD - ok
20:28:34.0750 5588 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
20:28:34.0797 5588 agp440 - ok
20:28:34.0844 5588 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
20:28:34.0891 5588 aic78xx - ok
20:28:34.0938 5588 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
20:28:35.0031 5588 ALG - ok
20:28:35.0047 5588 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
20:28:35.0109 5588 aliide - ok
20:28:35.0140 5588 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
20:28:35.0187 5588 amdagp - ok
20:28:35.0218 5588 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
20:28:35.0265 5588 amdide - ok
20:28:35.0296 5588 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
20:28:35.0359 5588 AmdK8 - ok
20:28:35.0390 5588 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:28:35.0484 5588 AmdPPM - ok
20:28:35.0530 5588 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
20:28:35.0577 5588 amdsata - ok
20:28:35.0624 5588 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
20:28:35.0686 5588 amdsbs - ok
20:28:35.0718 5588 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
20:28:35.0764 5588 amdxata - ok
20:28:35.0796 5588 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
20:28:35.0936 5588 AppID - ok
20:28:35.0983 5588 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:28:36.0201 5588 AppIDSvc - ok
20:28:36.0232 5588 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
20:28:36.0373 5588 Appinfo - ok
20:28:36.0420 5588 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
20:28:36.0466 5588 arc - ok
20:28:36.0498 5588 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
20:28:36.0544 5588 arcsas - ok
20:28:36.0576 5588 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
20:28:36.0638 5588 AsUpIO - ok
20:28:36.0669 5588 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
20:28:36.0747 5588 AsusService ( UnsignedFile.Multi.Generic ) - warning
20:28:36.0747 5588 AsusService - detected UnsignedFile.Multi.Generic (1)
20:28:36.0794 5588 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:28:36.0966 5588 AsyncMac - ok
20:28:37.0028 5588 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
20:28:37.0075 5588 atapi - ok
20:28:37.0153 5588 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\windows\system32\DRIVERS\athr.sys
20:28:37.0309 5588 athr - ok
20:28:37.0356 5588 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:28:37.0543 5588 AudioEndpointBuilder - ok
20:28:37.0574 5588 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
20:28:37.0699 5588 Audiosrv - ok
20:28:37.0746 5588 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
20:28:37.0855 5588 AxInstSV - ok
20:28:37.0917 5588 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
20:28:38.0026 5588 b06bdrv - ok
20:28:38.0073 5588 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
20:28:38.0167 5588 b57nd60x - ok
20:28:38.0229 5588 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
20:28:38.0338 5588 BDESVC - ok
20:28:38.0385 5588 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
20:28:38.0510 5588 Beep - ok
20:28:38.0572 5588 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
20:28:38.0760 5588 BFE - ok
20:28:38.0791 5588 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:28:38.0869 5588 blbdrive - ok
20:28:38.0916 5588 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:28:39.0009 5588 bowser - ok
20:28:39.0040 5588 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
20:28:39.0118 5588 BrFiltLo - ok
20:28:39.0150 5588 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
20:28:39.0243 5588 BrFiltUp - ok
20:28:39.0306 5588 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\windows\System32\browser.dll
20:28:39.0430 5588 Browser - ok
20:28:39.0477 5588 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:28:39.0571 5588 Brserid - ok
20:28:39.0602 5588 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:28:39.0696 5588 BrSerWdm - ok
20:28:39.0727 5588 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:28:39.0805 5588 BrUsbMdm - ok
20:28:39.0836 5588 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:28:39.0898 5588 BrUsbSer - ok
20:28:39.0961 5588 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
20:28:40.0054 5588 BthEnum - ok
20:28:40.0101 5588 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
20:28:40.0179 5588 BTHMODEM - ok
20:28:40.0226 5588 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:28:40.0304 5588 BthPan - ok
20:28:40.0382 5588 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
20:28:40.0460 5588 BTHPORT - ok
20:28:40.0538 5588 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
20:28:40.0663 5588 bthserv - ok
20:28:40.0710 5588 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
20:28:40.0756 5588 BTHUSB - ok
20:28:40.0788 5588 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\windows\system32\drivers\btusbflt.sys
20:28:40.0834 5588 btusbflt - ok
20:28:40.0866 5588 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
20:28:40.0912 5588 btwaudio - ok
20:28:40.0944 5588 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\windows\system32\drivers\btwavdt.sys
20:28:40.0990 5588 btwavdt - ok
20:28:41.0115 5588 [ 13F2E3BF60FC1EB4E02912582C0B1E3E ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:28:41.0193 5588 btwdins - ok
20:28:41.0240 5588 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
20:28:41.0271 5588 btwl2cap - ok
20:28:41.0287 5588 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
20:28:41.0334 5588 btwrchid - ok
20:28:41.0396 5588 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:28:41.0521 5588 cdfs - ok
20:28:41.0583 5588 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:28:41.0646 5588 cdrom - ok
20:28:41.0692 5588 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
20:28:41.0833 5588 CertPropSvc - ok
20:28:41.0880 5588 [ 2B1187FA3D235DFEE886F6C430454234 ] Change Modem Device Service C:\windows\system32\ChgService.exe
20:28:41.0958 5588 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - warning
20:28:41.0958 5588 Change Modem Device Service - detected UnsignedFile.Multi.Generic (1)
20:28:42.0004 5588 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
20:28:42.0098 5588 circlass - ok
20:28:42.0145 5588 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
20:28:42.0207 5588 CLFS - ok
20:28:42.0285 5588 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:42.0348 5588 clr_optimization_v2.0.50727_32 - ok
20:28:42.0410 5588 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:42.0457 5588 clr_optimization_v4.0.30319_32 - ok
20:28:42.0504 5588 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:28:42.0566 5588 CmBatt - ok
20:28:42.0597 5588 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
20:28:42.0644 5588 cmdide - ok
20:28:42.0706 5588 [ BDDE322DD3E6ABBC589C5DC8A948A661 ] cmusbser C:\windows\system32\DRIVERS\cmusbser.sys
20:28:42.0784 5588 cmusbser - ok
20:28:42.0831 5588 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\windows\system32\Drivers\cng.sys
20:28:42.0972 5588 CNG - ok
20:28:43.0034 5588 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
20:28:43.0081 5588 Compbatt - ok
20:28:43.0112 5588 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:28:43.0315 5588 CompositeBus - ok
20:28:43.0346 5588 COMSysApp - ok
20:28:43.0377 5588 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
20:28:43.0440 5588 crcdisk - ok
20:28:43.0518 5588 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\windows\system32\cryptsvc.dll
20:28:43.0611 5588 CryptSvc - ok
20:28:43.0642 5588 CT_AD_U_CEFE_SERM - ok
20:28:43.0705 5588 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
20:28:43.0861 5588 DcomLaunch - ok
20:28:43.0908 5588 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
20:28:44.0064 5588 defragsvc - ok
20:28:44.0126 5588 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:28:44.0235 5588 DfsC - ok
20:28:44.0282 5588 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
20:28:44.0422 5588 Dhcp - ok
20:28:44.0454 5588 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
20:28:44.0610 5588 discache - ok
20:28:44.0672 5588 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
20:28:44.0719 5588 Disk - ok
20:28:44.0766 5588 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:28:44.0859 5588 Dnscache - ok
20:28:44.0890 5588 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
20:28:45.0062 5588 dot3svc - ok
20:28:45.0093 5588 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
20:28:45.0218 5588 DPS - ok
20:28:45.0280 5588 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:28:45.0343 5588 drmkaud - ok
20:28:45.0390 5588 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:28:45.0499 5588 DXGKrnl - ok
20:28:45.0546 5588 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
20:28:45.0717 5588 EapHost - ok
20:28:45.0873 5588 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
20:28:46.0076 5588 ebdrv - ok
20:28:46.0138 5588 [ 7D300A43A7BD8769E0F901BF9E1AE367 ] efavdrv C:\windows\system32\drivers\efavdrv.sys
20:28:46.0185 5588 efavdrv - ok
20:28:46.0232 5588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe
20:28:46.0372 5588 EFS - ok
20:28:46.0435 5588 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
20:28:46.0497 5588 elxstor - ok
20:28:46.0528 5588 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
20:28:46.0606 5588 ErrDev - ok
20:28:46.0684 5588 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
20:28:46.0809 5588 EventSystem - ok
20:28:46.0840 5588 ewusbnet - ok
20:28:46.0872 5588 ew_hwusbdev - ok
20:28:46.0918 5588 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
20:28:47.0043 5588 exfat - ok
20:28:47.0074 5588 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
20:28:47.0215 5588 fastfat - ok
20:28:47.0277 5588 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
20:28:47.0402 5588 Fax - ok
20:28:47.0433 5588 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
20:28:47.0496 5588 fdc - ok
20:28:47.0527 5588 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
20:28:47.0652 5588 fdPHost - ok
20:28:47.0698 5588 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
20:28:47.0823 5588 FDResPub - ok
20:28:47.0854 5588 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:28:47.0901 5588 FileInfo - ok
20:28:47.0932 5588 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:28:48.0057 5588 Filetrace - ok
20:28:48.0088 5588 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
20:28:48.0166 5588 flpydisk - ok
20:28:48.0213 5588 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:28:48.0276 5588 FltMgr - ok
20:28:48.0338 5588 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\windows\system32\FntCache.dll
20:28:48.0525 5588 FontCache - ok
20:28:48.0588 5588 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:28:48.0634 5588 FontCache3.0.0.0 - ok
20:28:48.0681 5588 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:28:48.0744 5588 FsDepends - ok
20:28:48.0790 5588 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
20:28:48.0837 5588 fssfltr - ok
20:28:48.0868 5588 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:28:48.0915 5588 Fs_Rec - ok
20:28:48.0962 5588 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:28:49.0040 5588 fvevol - ok
20:28:49.0071 5588 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
20:28:49.0134 5588 gagp30kx - ok
20:28:49.0180 5588 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
20:28:49.0290 5588 gpsvc - ok
20:28:49.0352 5588 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:28:49.0414 5588 gusvc - ok
20:28:49.0446 5588 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:28:49.0539 5588 hcw85cir - ok
20:28:49.0570 5588 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:28:49.0648 5588 HdAudAddService - ok
20:28:49.0680 5588 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:28:49.0758 5588 HDAudBus - ok
20:28:49.0789 5588 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
20:28:49.0836 5588 HidBatt - ok
20:28:49.0882 5588 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
20:28:49.0960 5588 HidBth - ok
20:28:50.0007 5588 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
20:28:50.0070 5588 HidIr - ok
20:28:50.0132 5588 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
20:28:50.0257 5588 hidserv - ok
20:28:50.0319 5588 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:28:50.0382 5588 HidUsb - ok
20:28:50.0428 5588 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
20:28:50.0553 5588 hkmsvc - ok
20:28:50.0600 5588 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:28:50.0725 5588 HomeGroupListener - ok
20:28:50.0787 5588 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:28:50.0865 5588 HomeGroupProvider - ok
20:28:50.0912 5588 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
20:28:50.0959 5588 HpSAMD - ok
20:28:51.0021 5588 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
20:28:51.0162 5588 HTTP - ok
20:28:51.0193 5588 huawei_enumerator - ok
20:28:51.0224 5588 hwdatacard - ok
20:28:51.0271 5588 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:28:51.0302 5588 hwpolicy - ok
20:28:51.0364 5588 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:28:51.0427 5588 i8042prt - ok
20:28:51.0520 5588 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:28:51.0598 5588 IAANTMON - ok
20:28:51.0645 5588 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
20:28:51.0708 5588 iaStor - ok
20:28:51.0754 5588 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
20:28:51.0817 5588 iaStorV - ok
20:28:51.0895 5588 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:28:52.0004 5588 idsvc - ok
20:28:52.0207 5588 [ 81F7C715528AB621C6AF58869D4B07B9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
20:28:52.0488 5588 igfx - ok
20:28:52.0566 5588 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
20:28:52.0612 5588 iirsp - ok
20:28:52.0675 5588 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
20:28:52.0862 5588 IKEEXT - ok
20:28:52.0893 5588 IntcAzAudAddService - ok
20:28:52.0940 5588 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
20:28:52.0987 5588 intelide - ok
20:28:53.0018 5588 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:28:53.0096 5588 intelppm - ok
20:28:53.0143 5588 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:28:53.0283 5588 IPBusEnum - ok
20:28:53.0314 5588 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:28:53.0439 5588 IpFilterDriver - ok
20:28:53.0486 5588 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:28:53.0673 5588 iphlpsvc - ok
20:28:53.0704 5588 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
20:28:53.0782 5588 IPMIDRV - ok
20:28:53.0829 5588 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:28:53.0938 5588 IPNAT - ok
20:28:53.0970 5588 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
20:28:54.0048 5588 IRENUM - ok
20:28:54.0079 5588 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
20:28:54.0141 5588 isapnp - ok
20:28:54.0172 5588 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
20:28:54.0235 5588 iScsiPrt - ok
20:28:54.0266 5588 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:28:54.0313 5588 kbdclass - ok
20:28:54.0344 5588 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
20:28:54.0406 5588 kbdhid - ok
20:28:54.0453 5588 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
20:28:54.0484 5588 kbfiltr - ok
20:28:54.0500 5588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe
20:28:54.0562 5588 KeyIso - ok
20:28:54.0609 5588 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:28:54.0656 5588 KSecDD - ok
20:28:54.0703 5588 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:28:54.0750 5588 KSecPkg - ok
20:28:54.0796 5588 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
20:28:54.0968 5588 KtmRm - ok
20:28:55.0015 5588 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
20:28:55.0108 5588 L1C - ok
20:28:55.0140 5588 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
20:28:55.0233 5588 LanmanServer - ok
20:28:55.0296 5588 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:28:55.0436 5588 LanmanWorkstation - ok
20:28:55.0498 5588 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:28:55.0623 5588 lltdio - ok
20:28:55.0670 5588 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
20:28:55.0826 5588 lltdsvc - ok
20:28:55.0857 5588 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
20:28:55.0982 5588 lmhosts - ok
20:28:56.0029 5588 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
20:28:56.0091 5588 LSI_FC - ok
20:28:56.0122 5588 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
20:28:56.0169 5588 LSI_SAS - ok
20:28:56.0200 5588 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
20:28:56.0247 5588 LSI_SAS2 - ok
20:28:56.0278 5588 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
20:28:56.0325 5588 LSI_SCSI - ok
20:28:56.0356 5588 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
20:28:56.0497 5588 luafv - ok
20:28:56.0559 5588 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
20:28:56.0590 5588 MBAMProtector - ok
20:28:56.0637 5588 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:28:56.0700 5588 MBAMScheduler - ok
20:28:56.0762 5588 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:28:56.0856 5588 MBAMService - ok
20:28:56.0887 5588 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
20:28:56.0934 5588 megasas - ok
20:28:56.0980 5588 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
20:28:57.0043 5588 MegaSR - ok
20:28:57.0090 5588 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
20:28:57.0246 5588 MMCSS - ok
20:28:57.0277 5588 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
20:28:57.0402 5588 Modem - ok
20:28:57.0448 5588 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:28:57.0526 5588 monitor - ok
20:28:57.0573 5588 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:28:57.0620 5588 mouclass - ok
20:28:57.0651 5588 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:28:57.0714 5588 mouhid - ok
20:28:57.0760 5588 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:28:57.0807 5588 mountmgr - ok
20:28:57.0823 5588 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
20:28:57.0885 5588 mpio - ok
20:28:57.0916 5588 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:28:58.0041 5588 mpsdrv - ok
20:28:58.0104 5588 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
20:28:58.0275 5588 MpsSvc - ok
20:28:58.0322 5588 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:28:58.0384 5588 MRxDAV - ok
20:28:58.0431 5588 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:28:58.0509 5588 mrxsmb - ok
20:28:58.0556 5588 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:28:58.0634 5588 mrxsmb10 - ok
20:28:58.0681 5588 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:28:58.0743 5588 mrxsmb20 - ok
20:28:58.0774 5588 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
20:28:58.0837 5588 msahci - ok
20:28:58.0852 5588 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
20:28:58.0899 5588 msdsm - ok
20:28:58.0946 5588 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
20:28:59.0024 5588 MSDTC - ok
20:28:59.0071 5588 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
20:28:59.0211 5588 Msfs - ok
20:28:59.0242 5588 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:28:59.0352 5588 mshidkmdf - ok
20:28:59.0383 5588 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
20:28:59.0414 5588 msisadrv - ok
20:28:59.0476 5588 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:28:59.0601 5588 MSiSCSI - ok
20:28:59.0617 5588 msiserver - ok
20:28:59.0664 5588 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:28:59.0804 5588 MSKSSRV - ok
20:28:59.0835 5588 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:28:59.0944 5588 MSPCLOCK - ok
20:28:59.0991 5588 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:29:00.0116 5588 MSPQM - ok
20:29:00.0147 5588 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:29:00.0210 5588 MsRPC - ok
20:29:00.0256 5588 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:29:00.0319 5588 mssmbios - ok
20:29:00.0350 5588 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:29:00.0459 5588 MSTEE - ok
20:29:00.0475 5588 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
20:29:00.0553 5588 MTConfig - ok
20:29:00.0584 5588 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
20:29:00.0631 5588 Mup - ok
20:29:00.0678 5588 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
20:29:00.0865 5588 napagent - ok
20:29:00.0927 5588 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:29:00.0990 5588 NativeWifiP - ok
20:29:01.0068 5588 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
20:29:01.0161 5588 NDIS - ok
20:29:01.0192 5588 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:29:01.0317 5588 NdisCap - ok
20:29:01.0348 5588 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:29:01.0473 5588 NdisTapi - ok
20:29:01.0520 5588 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:29:01.0645 5588 Ndisuio - ok
20:29:01.0676 5588 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:29:01.0816 5588 NdisWan - ok
20:29:01.0848 5588 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:29:01.0988 5588 NDProxy - ok
20:29:02.0019 5588 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:29:02.0066 5588 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:29:02.0066 5588 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:29:02.0113 5588 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:29:02.0238 5588 NetBIOS - ok
20:29:02.0269 5588 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:29:02.0394 5588 NetBT - ok
20:29:02.0425 5588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe
20:29:02.0472 5588 Netlogon - ok
20:29:02.0534 5588 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
20:29:02.0690 5588 Netman - ok
20:29:02.0737 5588 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
20:29:02.0877 5588 netprofm - ok
20:29:02.0908 5588 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:29:02.0955 5588 NetTcpPortSharing - ok
20:29:03.0033 5588 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
20:29:03.0080 5588 nfrd960 - ok
20:29:03.0111 5588 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
20:29:03.0267 5588 NlaSvc - ok
20:29:03.0298 5588 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
20:29:03.0423 5588 Npfs - ok
20:29:03.0470 5588 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
20:29:03.0595 5588 nsi - ok
20:29:03.0626 5588 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:29:03.0751 5588 nsiproxy - ok
20:29:03.0829 5588 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:29:03.0938 5588 Ntfs - ok
20:29:03.0969 5588 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
20:29:04.0110 5588 Null - ok
20:29:04.0156 5588 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
20:29:04.0203 5588 nvraid - ok
20:29:04.0234 5588 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
20:29:04.0297 5588 nvstor - ok
20:29:04.0328 5588 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
20:29:04.0390 5588 nv_agp - ok
20:29:04.0468 5588 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:29:04.0531 5588 odserv - ok
20:29:04.0562 5588 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
20:29:04.0624 5588 ohci1394 - ok
20:29:04.0656 5588 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:04.0702 5588 ose - ok
20:29:04.0749 5588 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:29:04.0858 5588 p2pimsvc - ok
20:29:04.0905 5588 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
20:29:05.0014 5588 p2psvc - ok
20:29:05.0061 5588 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
20:29:05.0139 5588 Parport - ok
20:29:05.0186 5588 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\windows\system32\drivers\partmgr.sys
20:29:05.0248 5588 partmgr - ok
20:29:05.0295 5588 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
20:29:05.0358 5588 Parvdm - ok
20:29:05.0404 5588 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
20:29:05.0514 5588 PcaSvc - ok
20:29:05.0560 5588 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
20:29:05.0607 5588 pci - ok
20:29:05.0638 5588 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
20:29:05.0685 5588 pciide - ok
20:29:05.0716 5588 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
20:29:05.0763 5588 pcmcia - ok
20:29:05.0794 5588 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
20:29:05.0841 5588 pcw - ok
20:29:05.0904 5588 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:29:06.0060 5588 PEAUTH - ok
20:29:06.0184 5588 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
20:29:06.0403 5588 pla - ok
20:29:06.0465 5588 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:29:06.0590 5588 PlugPlay - ok
20:29:06.0637 5588 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:29:06.0668 5588 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:29:06.0668 5588 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:29:06.0715 5588 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:29:06.0793 5588 PNRPAutoReg - ok
20:29:06.0840 5588 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:29:06.0902 5588 PNRPsvc - ok
20:29:06.0949 5588 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:29:07.0089 5588 PolicyAgent - ok
20:29:07.0136 5588 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
20:29:07.0308 5588 Power - ok
20:29:07.0354 5588 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:29:07.0479 5588 PptpMiniport - ok
20:29:07.0526 5588 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
20:29:07.0604 5588 Processor - ok
20:29:07.0651 5588 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\windows\system32\profsvc.dll
20:29:07.0807 5588 ProfSvc - ok
20:29:07.0838 5588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
20:29:07.0900 5588 ProtectedStorage - ok
20:29:07.0932 5588 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:29:08.0072 5588 Psched - ok
20:29:08.0166 5588 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
20:29:08.0290 5588 ql2300 - ok
20:29:08.0322 5588 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
20:29:08.0384 5588 ql40xx - ok
20:29:08.0431 5588 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
20:29:08.0524 5588 QWAVE - ok
20:29:08.0571 5588 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:29:08.0649 5588 QWAVEdrv - ok
20:29:08.0665 5588 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:29:08.0790 5588 RasAcd - ok
20:29:08.0821 5588 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:29:08.0930 5588 RasAgileVpn - ok
20:29:08.0992 5588 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
20:29:09.0133 5588 RasAuto - ok
20:29:09.0180 5588 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:29:09.0304 5588 Rasl2tp - ok
20:29:09.0367 5588 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
20:29:09.0523 5588 RasMan - ok
20:29:09.0554 5588 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:29:09.0679 5588 RasPppoe - ok
20:29:09.0710 5588 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:29:09.0819 5588 RasSstp - ok
20:29:09.0866 5588 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:29:10.0007 5588 rdbss - ok
20:29:10.0053 5588 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
20:29:10.0131 5588 rdpbus - ok
20:29:10.0178 5588 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:29:10.0303 5588 RDPCDD - ok
20:29:10.0350 5588 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:29:10.0475 5588 RDPENCDD - ok
20:29:10.0521 5588 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:29:10.0615 5588 RDPREFMP - ok
20:29:10.0677 5588 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:29:10.0771 5588 RDPWD - ok
20:29:10.0818 5588 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:29:10.0880 5588 rdyboost - ok
20:29:10.0911 5588 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
20:29:11.0036 5588 RemoteAccess - ok
20:29:11.0083 5588 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:29:11.0239 5588 RemoteRegistry - ok
20:29:11.0286 5588 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:29:11.0364 5588 RFCOMM - ok
20:29:11.0411 5588 [ B4090006A82EEB608C358AB5D37DE85A ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
20:29:11.0535 5588 RMCAST - ok
20:29:11.0598 5588 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:29:11.0723 5588 RpcEptMapper - ok
20:29:11.0754 5588 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
20:29:11.0816 5588 RpcLocator - ok
20:29:11.0847 5588 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
20:29:11.0988 5588 RpcSs - ok
20:29:12.0019 5588 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:29:12.0159 5588 rspndr - ok
20:29:12.0191 5588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe
20:29:12.0253 5588 SamSs - ok
20:29:12.0315 5588 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
20:29:12.0362 5588 sbp2port - ok
20:29:12.0409 5588 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
20:29:12.0549 5588 SCardSvr - ok
20:29:12.0596 5588 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:29:12.0705 5588 scfilter - ok
20:29:12.0768 5588 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
20:29:12.0924 5588 Schedule - ok
20:29:12.0955 5588 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
20:29:13.0064 5588 SCPolicySvc - ok
20:29:13.0095 5588 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:29:13.0220 5588 SDRSVC - ok
20:29:13.0298 5588 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:29:13.0345 5588 SeaPort - ok
20:29:13.0423 5588 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:29:13.0532 5588 secdrv - ok
20:29:13.0579 5588 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
20:29:13.0719 5588 seclogon - ok
20:29:13.0766 5588 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
20:29:13.0891 5588 SENS - ok
20:29:13.0922 5588 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
20:29:14.0000 5588 Serenum - ok
20:29:14.0031 5588 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
20:29:14.0109 5588 Serial - ok
20:29:14.0141 5588 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
20:29:14.0219 5588 sermouse - ok
20:29:14.0297 5588 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
20:29:14.0437 5588 SessionEnv - ok
20:29:14.0468 5588 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
20:29:14.0546 5588 sffdisk - ok
20:29:14.0593 5588 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
20:29:14.0671 5588 sffp_mmc - ok
20:29:14.0702 5588 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
20:29:14.0796 5588 sffp_sd - ok
20:29:14.0827 5588 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
20:29:14.0874 5588 sfloppy - ok
20:29:14.0983 5588 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
20:29:15.0170 5588 SharedAccess - ok
20:29:15.0217 5588 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:29:15.0357 5588 ShellHWDetection - ok
20:29:15.0451 5588 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
20:29:15.0498 5588 sisagp - ok
20:29:15.0545 5588 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
20:29:15.0607 5588 SiSRaid2 - ok
20:29:15.0638 5588 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
20:29:15.0685 5588 SiSRaid4 - ok
20:29:15.0716 5588 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
20:29:15.0841 5588 Smb - ok
20:29:15.0919 5588 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:29:15.0981 5588 SNMPTRAP - ok
20:29:16.0013 5588 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
20:29:16.0059 5588 spldr - ok
20:29:16.0122 5588 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\windows\System32\spoolsv.exe
20:29:16.0215 5588 Spooler - ok
20:29:16.0465 5588 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
20:29:16.0715 5588 sppsvc - ok
20:29:16.0761 5588 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:29:16.0933 5588 sppuinotify - ok
20:29:16.0980 5588 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
20:29:17.0042 5588 srv - ok
20:29:17.0089 5588 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:29:17.0167 5588 srv2 - ok
20:29:17.0198 5588 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:29:17.0292 5588 srvnet - ok
20:29:17.0323 5588 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:29:17.0495 5588 SSDPSRV - ok
20:29:17.0541 5588 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
20:29:17.0682 5588 SstpSvc - ok
20:29:17.0729 5588 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
20:29:17.0775 5588 stexstor - ok
20:29:17.0838 5588 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
20:29:17.0963 5588 StiSvc - ok
20:29:18.0337 5588 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:29:18.0415 5588 swenum - ok
20:29:18.0477 5588 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
20:29:18.0680 5588 swprv - ok
20:29:18.0743 5588 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:29:18.0821 5588 SynTP - ok
20:29:18.0883 5588 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
20:29:19.0023 5588 SysMain - ok
20:29:19.0055 5588 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
20:29:19.0117 5588 TabletInputService - ok
20:29:19.0148 5588 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
20:29:19.0289 5588 TapiSrv - ok
20:29:19.0320 5588 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
20:29:19.0460 5588 TBS - ok
20:29:19.0569 5588 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:29:19.0694 5588 Tcpip - ok
20:29:19.0757 5588 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:29:19.0835 5588 TCPIP6 - ok
20:29:19.0881 5588 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:29:19.0944 5588 tcpipreg - ok
20:29:19.0959 5588 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:29:20.0037 5588 TDPIPE - ok
20:29:20.0084 5588 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:29:20.0147 5588 TDTCP - ok
20:29:20.0193 5588 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:29:20.0303 5588 tdx - ok
20:29:20.0365 5588 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:29:20.0412 5588 TermDD - ok
20:29:20.0474 5588 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
20:29:20.0630 5588 TermService - ok
20:29:20.0693 5588 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
20:29:20.0895 5588 Themes - ok
20:29:20.0942 5588 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
20:29:21.0051 5588 THREADORDER - ok
20:29:21.0114 5588 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
20:29:21.0270 5588 TrkWks - ok
20:29:21.0332 5588 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:29:21.0426 5588 TrustedInstaller - ok
20:29:21.0473 5588 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:29:21.0597 5588 tssecsrv - ok
20:29:21.0660 5588 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:29:21.0785 5588 tunnel - ok
20:29:21.0831 5588 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
20:29:21.0863 5588 uagp35 - ok
20:29:21.0925 5588 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:29:22.0019 5588 udfs - ok
20:29:22.0097 5588 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:29:22.0175 5588 UI0Detect - ok
20:29:22.0221 5588 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
20:29:22.0284 5588 uliagpkx - ok
20:29:22.0331 5588 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:29:22.0377 5588 umbus - ok
20:29:22.0409 5588 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
20:29:22.0455 5588 UmPass - ok
20:29:22.0518 5588 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
20:29:22.0674 5588 upnphost - ok
20:29:22.0705 5588 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:29:22.0783 5588 usbccgp - ok
20:29:22.0814 5588 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
20:29:22.0892 5588 usbcir - ok
20:29:22.0923 5588 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:29:22.0986 5588 usbehci - ok
20:29:23.0017 5588 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:29:23.0079 5588 usbhub - ok
20:29:23.0111 5588 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
20:29:23.0189 5588 usbohci - ok
20:29:23.0251 5588 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:29:23.0345 5588 usbprint - ok
20:29:23.0391 5588 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:29:23.0454 5588 usbscan - ok
20:29:23.0532 5588 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:29:23.0594 5588 USBSTOR - ok
20:29:23.0657 5588 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
20:29:23.0719 5588 usbuhci - ok
20:29:23.0797 5588 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
20:29:23.0859 5588 usbvideo - ok
20:29:23.0891 5588 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
20:29:23.0969 5588 UxSms - ok
20:29:23.0984 5588 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe
20:29:24.0031 5588 VaultSvc - ok
20:29:24.0062 5588 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
20:29:24.0109 5588 vdrvroot - ok
20:29:24.0156 5588 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
20:29:24.0265 5588 vds - ok
20:29:24.0312 5588 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:29:24.0374 5588 vga - ok
20:29:24.0405 5588 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
20:29:24.0483 5588 VgaSave - ok
20:29:24.0515 5588 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
20:29:24.0546 5588 vhdmp - ok
20:29:24.0593 5588 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
20:29:24.0624 5588 viaagp - ok
20:29:24.0639 5588 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
20:29:24.0686 5588 ViaC7 - ok
20:29:24.0717 5588 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
20:29:24.0749 5588 viaide - ok
20:29:24.0780 5588 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
20:29:24.0827 5588 volmgr - ok
20:29:24.0873 5588 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:29:24.0936 5588 volmgrx - ok
20:29:25.0014 5588 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\windows\system32\drivers\volsnap.sys
20:29:25.0076 5588 volsnap - ok
20:29:25.0123 5588 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
20:29:25.0185 5588 vsmraid - ok
20:29:25.0310 5588 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
20:29:25.0451 5588 VSS - ok
20:29:25.0497 5588 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:29:25.0560 5588 vwifibus - ok
20:29:25.0607 5588 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:29:25.0685 5588 vwififlt - ok
20:29:25.0747 5588 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:29:25.0809 5588 vwifimp - ok
20:29:25.0872 5588 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
20:29:26.0012 5588 W32Time - ok
20:29:26.0075 5588 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
20:29:26.0121 5588 WacomPen - ok
20:29:26.0184 5588 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:29:26.0309 5588 WANARP - ok
20:29:26.0355 5588 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:29:26.0465 5588 Wanarpv6 - ok
20:29:26.0558 5588 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
20:29:26.0745 5588 wbengine - ok
20:29:26.0777 5588 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:29:26.0886 5588 WbioSrvc - ok
20:29:26.0933 5588 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\windows\System32\wcncsvc.dll
20:29:27.0026 5588 wcncsvc - ok
20:29:27.0057 5588 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:29:27.0245 5588 WcsPlugInService - ok
20:29:27.0323 5588 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
20:29:27.0354 5588 Wd - ok
20:29:27.0416 5588 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:29:27.0510 5588 Wdf01000 - ok
20:29:27.0588 5588 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
20:29:27.0681 5588 WdiServiceHost - ok
20:29:27.0728 5588 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
20:29:27.0791 5588 WdiSystemHost - ok
20:29:27.0837 5588 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\windows\System32\webclnt.dll
20:29:27.0931 5588 WebClient - ok
20:29:27.0962 5588 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
20:29:28.0071 5588 Wecsvc - ok
20:29:28.0103 5588 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
20:29:28.0181 5588 wercplsupport - ok
20:29:28.0227 5588 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
20:29:28.0321 5588 WerSvc - ok
20:29:28.0352 5588 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:29:28.0430 5588 WfpLwf - ok
20:29:28.0493 5588 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:29:28.0524 5588 WIMMount - ok
20:29:28.0586 5588 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:29:28.0711 5588 WinDefend - ok
20:29:28.0727 5588 WinHttpAutoProxySvc - ok
20:29:28.0805 5588 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:29:28.0898 5588 Winmgmt - ok
20:29:28.0976 5588 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
20:29:29.0257 5588 WinRM - ok
20:29:29.0397 5588 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
20:29:29.0538 5588 Wlansvc - ok
20:29:29.0600 5588 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:29:29.0678 5588 WmiAcpi - ok
20:29:29.0756 5588 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:29:29.0897 5588 wmiApSrv - ok
20:29:30.0006 5588 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:29:30.0146 5588 WMPNetworkSvc - ok
20:29:30.0193 5588 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
20:29:30.0255 5588 WPCSvc - ok
20:29:30.0287 5588 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:29:30.0349 5588 WPDBusEnum - ok
20:29:30.0396 5588 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:29:30.0505 5588 ws2ifsl - ok
20:29:30.0521 5588 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
20:29:30.0630 5588 wscsvc - ok
20:29:30.0645 5588 WSearch - ok
20:29:30.0677 5588 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:29:30.0786 5588 WudfPf - ok
20:29:30.0848 5588 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:29:30.0942 5588 WUDFRd - ok
20:29:31.0004 5588 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:29:31.0129 5588 wudfsvc - ok
20:29:31.0176 5588 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
20:29:31.0301 5588 WwanSvc - ok
20:29:31.0394 5588 ================ Scan global ===============================
20:29:31.0441 5588 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
20:29:31.0503 5588 [ 8531AAF69394EFB93BC653916C46D245 ] C:\windows\system32\winsrv.dll
20:29:31.0535 5588 [ 8531AAF69394EFB93BC653916C46D245 ] C:\windows\system32\winsrv.dll
20:29:31.0581 5588 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
20:29:31.0613 5588 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
20:29:31.0628 5588 [Global] - ok
20:29:31.0628 5588 ================ Scan MBR ==================================
20:29:31.0784 5588 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:29:32.0283 5588 \Device\Harddisk0\DR0 - ok
20:29:32.0283 5588 ================ Scan VBR ==================================
20:29:32.0299 5588 [ D46AD14A040BAF07729FBC499850B7C1 ] \Device\Harddisk0\DR0\Partition1
20:29:32.0315 5588 \Device\Harddisk0\DR0\Partition1 - ok
20:29:32.0361 5588 [ 86075E5DC416200894BEDD2286D1B8B5 ] \Device\Harddisk0\DR0\Partition2
20:29:32.0361 5588 \Device\Harddisk0\DR0\Partition2 - ok
20:29:32.0377 5588 ============================================================
20:29:32.0377 5588 Scan finished
20:29:32.0377 5588 ============================================================
20:29:32.0408 2852 Detected object count: 4
20:29:32.0408 2852 Actual detected object count: 4
20:29:39.0615 2852 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:39.0615 2852 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:39.0615 2852 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:39.0615 2852 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:39.0615 2852 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:39.0615 2852 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:39.0615 2852 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:39.0615 2852 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
#43819
Laisse tomber poud Flashdésinfector

Essaie de relancer USBFIx en mode suppression si ok postes moi le rapport

Sinon on laisse tomber


Pour désinstaller tous les outils rassures-toi on a l'outil qu'il faut



Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"


Télécharge Combofix.exe de sUBs sur ton Bureau et pas ailleurs.


http://www.donnemoilinfo.com/telecharge ... mboFix.php

Important : Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_l ... -f31s4.htm

Ferme toutes les fenêtres actives avant de lancer le scan.
Durant celui-ci, ne touche plus à ton PC tant que celui-ci ne sera pas terminé.
Il peut y avoir un redémarrage du PC afin de finaliser les suppressions.

Double clique sur combofix.exe pour le lancer et valide par OUI
* Si l'installation de la Console est demandée Valide!
* Le scan reprendra après son installation.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
*********************
Infos sur le redémarrage :
Si tu n'arrive pas à accéder au Bureau (page noire) Effectue à l'aide ton clavier un [Ctrl + Alt + Suppr] pour obtenir le Gestionnaire des tâches.
Dans le Gestionnaire Onglet 'Applications' Bouton 'Nouvelle tâche...'
Dans la fenêtre d'exécution tape explorer.exe et valide.
Cela ouvrira ton Bureau normalement.

A te lire
#43879
Hello ! Me revoilà.
USBfix fige mon pc et ne fonctionne pas. Donc j'ai abandonné.
Pour combofix, voici le rapport :

ComboFix 13-04-02.01 - Laude 02/04/2013 19:55:34.1.2 - x86
Microsoft Windows 7 Édition Starter 6.1.7600.0.1252.32.1036.18.1014.80 [GMT 2:00]
Lancé depuis: c:\users\Laude\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Laude\AppData\Roaming\.#
c:\users\Laude\Documents\~WRL1367.tmp
c:\users\Work\AppData\Local\con
c:\windows\system32\service
c:\windows\system32\service\07082010_TIS17_SfFniAU.log
c:\windows\system32\service\12082010_TIS17_PccScan.log
c:\windows\system32\service\15112010_TIS17_SfFniAU.log
c:\windows\system32\service\16082010_TIS17_SfFniAU.log
c:\windows\system32\service\19092010_TIS17_PccScan.log
c:\windows\system32\service\20072010_TIS17_SfFniAU.log
c:\windows\system32\service\21082010_TIS17_PccScan.log
c:\windows\system32\service\23082010_TIS17_PccScan.log
c:\windows\system32\service\28072010_TIS17_PccScan.log
c:\windows\system32\service\30072010_TIS17_PccScan.log
c:\windows\system32\service\30092010_TIS17_SfFniAU.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-03-02 au 2013-04-02 ))))))))))))))))))))))))))))))))))))
.
.
2013-04-02 18:10 . 2013-04-02 18:15 -------- d-----w- c:\users\Laude\AppData\Local\temp
2013-04-02 18:10 . 2013-04-02 18:10 -------- d-----w- c:\users\Work\AppData\Local\temp
2013-04-02 18:10 . 2013-04-02 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-02 17:54 . 2013-04-02 17:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33EC211A-36A7-4C12-8946-A50C454AE2AA}\offreg.dll
2013-04-02 17:49 . 2013-03-19 04:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33EC211A-36A7-4C12-8946-A50C454AE2AA}\mpengine.dll
2013-04-01 19:00 . 2013-04-01 19:00 -------- d-----w- c:\program files\PressePapier
2013-04-01 10:00 . 2013-04-01 10:00 -------- d-----w- c:\program files\Common Files\Java
2013-04-01 10:00 . 2013-04-01 09:59 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-01 09:59 . 2013-04-01 09:59 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-31 18:52 . 2013-03-31 18:52 -------- d-----w- c:\program files\Ad-Remover
2013-03-29 11:50 . 2013-04-02 16:59 -------- d-----w- C:\UsbFix
2013-03-29 09:41 . 2013-03-29 09:41 -------- d-----w- c:\users\Laude\AppData\Roaming\Malwarebytes
2013-03-29 09:41 . 2013-03-29 09:41 -------- d-----w- c:\programdata\Malwarebytes
2013-03-29 09:41 . 2013-03-29 09:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-29 09:41 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 09:41 . 2013-03-29 09:41 -------- d-----w- c:\users\Laude\AppData\Local\Programs
2013-03-28 19:03 . 2013-03-28 19:03 -------- d-----w- c:\windows\system32\MpEngineStore
2013-03-27 17:13 . 2013-04-01 10:21 -------- d-----w- C:\ZHP
2013-03-27 17:13 . 2013-04-01 10:20 -------- d-----w- c:\program files\ZHPDiag
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 09:59 . 2012-02-01 19:44 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 23:47 . 2011-11-20 09:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 23:47 . 2012-02-27 09:10 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-25 19:31 . 2013-02-25 19:31 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
2013-01-17 00:28 . 2010-07-19 20:06 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:02 . 2013-02-13 13:53 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-13 13:53 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:55 . 2013-02-13 13:53 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 04:55 . 2013-02-13 13:53 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 04:50 . 2013-02-13 13:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:46 . 2013-02-13 13:53 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 04:43 . 2013-02-13 13:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 03:00 . 2013-02-14 18:38 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:59 . 2013-02-13 13:53 271360 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:43 . 2013-02-13 13:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-03-08 22:26 . 2013-02-20 19:36 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Laude\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Laude\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Laude\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-17 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2012-07-19 1809920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Laude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Laude\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-6-19 548528]
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [x]
R3 CT_AD_U_CEFE_SERM;AD CEFE service for ports and modem;c:\windows\system32\DRIVERS\CT_AD_U_CEFE_drv.sys [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-20 23:47]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensaver - c:\windows\system32\GPhotos.scr/200
IE: Export to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E9D1283D-62E1-45B3-8EC5-2FDBB14ABD41}: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\
FF - prefs.js: network.proxy.ftp - 46.14.211.177
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 46.14.211.177
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 46.14.211.177
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 46.14.211.177
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-PressePapier - (no file)
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - 'Explorer.exe'(2320)
c:\progra~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL
c:\users\Laude\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2013-04-02 20:21:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-04-02 18:21
.
Avant-CF: 41.381.015.552 octets libres
Après-CF: 41.206.906.880 octets libres
.
- - End Of File - - 90D6CDA198C353ECBBC9032911F18FA3


Espérons qu'on vaincra cette crasse
#43894
Ok

Tu vas me refaire un ZhpDiag pour vérification stp je te remet le tuto.




Supprime le rapport de zhpDiagImage qui est sur ton bureau



Puis, Tu relance ZhpDiag par double clic sur son icône Image qui est sur ton bureau


Dans sa fenêtre qui va s'afficher

Double clic sur la flèche verte Image
Afin de le mettre à jour


Et ensuite relance l'analyse comme tu l'as fais une première fois ,et poste moi aussi son rapport .

Bon courage et à te lire
#43911
Salut !
Voici le rapport demandé :

Rapport de ZHPDiag v2013.4.2.8 par Nicolas Coolman, Update du 3/04/2013
Run by Laude at 3/04/2013 16:35:36
State : Version à jour.
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Starter Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : YCJVG
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 38 GB (38%) free of 100 GB

---\\ Logged in mode
~ Computer Name: LAUDE-PC
~ User Name: Laude
~ All Users Names: Work, Laude, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Laude\AppData\Roaming\
~ %Desktop% : C:\Users\Laude\Desktop\
~ %Favorites% : C:\Users\Laude\Favorites\
~ %LocalAppData% : C:\Users\Laude\AppData\Local\
~ %StartMenu% : C:\Users\Laude\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 38 Go of 100 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 119 Go of 123 Go)



---\\ Security Center Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CC60CC36EF22880D349988211965C892] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/02/2013 - 17:16:46.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.6/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2471
~ Mes musiques (My Musics) : 1/919
~ Mes Videos (My Videos) : 1/42
~ Mes Favoris (My Favorites) : 1/253
~ Mes Documents (My Documents) : 2/14
~ Mon Bureau (My Desktop) : 7/92
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 10s



---\\ Processus lancés
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.2612]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.3376]
[MD5.778B2333591E9D28063D491456DA18BE] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512] [PID.3420]
[MD5.822E6029CE5B3EBF31016860E81E2415] - (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240] [PID.3708]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.3836]
[MD5.6C47BA8962EB602E6FC9103FFB2596B9] - (...) -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960] [PID.3916]
[MD5.42EDE889D64D0C4F86B5403BAEEB02E0] - (.ASUSTek - SM37X HotKey Tool.) -- C:\Program Files\ASUS\LivCam\LivCam.exe [284160] [PID.4020]
[MD5.A34DBFD1757548234CC8F441A51A7EDC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2604]
[MD5.54204168C188E5104349FFCBC334036E] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2712]
[MD5.0863A1574696B903C1FC3D4DD3CC6549] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3372]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.2160]
[MD5.E327C3E38A6C0C176D7AE89D30E24EF4] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2344]
[MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.2940]
[MD5.5E118E606E2AF56419A699210DFCF450] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Laude\AppData\Roaming\Dropbox\bin\Dropbox.exe [29106336] [PID.3992]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.2292]
[MD5.95FB55B85D0AFC0962443808383C5588] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6396416] [PID.1088]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Laude\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Laude\AppData\Roaming\Mozilla\Firefox\Profiles\bpeh77sb.default\prefs.js
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Laude] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.17.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.17.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.17.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = aboutnoadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = aboutsecurityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Clé orpheline
~ BHO: 7 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyMon] . (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] . (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [Eee Docking] . (.Pas de propriétaire - Eee Docking Application.) -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKLM\..\Run: [LiveUpdate] . (...) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SynAsusAcpi] . (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] . (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [EeeSplendidAgent] . (...) -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
O4 - HKLM\..\Run: [LivCam] . (.ASUSTek - SM37X HotKey Tool.) -- C:\Program Files\ASUS\LivCam\LivCam.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files\ASUS\APRP\APRP.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [AutorunRemover.exe] . (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-203128393-3956500998-1032276984-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Laude\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (4).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer (2).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer (4).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player (2).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player (3).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player (4).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\windows\system32\eudcedit.exe
O4 - GS\SendTo: Bluetooth File Transfer.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe
O4 - GS\Desktop: EyeSpeak 3.lnk . (...) -- C:\VPSL\EyeSpeak\VPSLUserApp.exe (.not file.)
O4 - GS\Desktop: Presse Papier.lnk . (.Olivier - Pas de description.) -- C:\Program Files\PressePapier\PressePapier.exe
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\Laude\AppData\Roaming\Spotify\spotify.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
~ Global Startup: Scanned in 00mn 02s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (.not file.)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} -- Clé orpheline
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9D1283D-62E1-45B3-8EC5-2FDBB14ABD41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E9D1283D-62E1-45B3-8EC5-2FDBB14ABD41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E9D1283D-62E1-45B3-8EC5-2FDBB14ABD41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F5C9935B-5248-4E94-84A9-D1B14A2E7C8C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Asus Launcher Service (AsusService) . (...) - C:\Windows\System32\AsusService.exe
O23 - Service: Change Modem Device Service (Change Modem Device Service) . (...) - C:\windows\system32\ChgService.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: 7 Legitimates Scanned in 00mn 28s



---\\ Enumération Active Desktop MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
~ IE Control Panel: 7 Legitimates Scanned in 00mn 09s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 13 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 66 Legitimates Scanned in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Autorun Virus Remover 3.1 - (.Autorun Remover.) [HKLM] -- Autorun Virus Remover_is1
O42 - Logiciel: Efficient Diary 3.10 - (.Efficient Software.) [HKLM] -- Efficient Diary_is1
O42 - Logiciel: Hotkey Service - (.AsusTek Computer.) [HKLM] -- {71C0E38E-09F2-4386-9977-404D4F6640CD}
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Java(TM) 6 Update 30 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216030FF}
O42 - Logiciel: LiveUpdate - (.Asus.) [HKLM] -- {38E5A3B1-ADF1-47E0-8024-76310A30EB36}
O42 - Logiciel: Presse Papier Version 2.1 - (.Olivier RAVET.) [HKLM] -- Presse Papier_is1
O42 - Logiciel: Super Hybrid Engine - (.AsusTek Computer.) [HKLM] -- {88F08F98-12BC-4613-81A2-8F9B88CFC73E}
~ Logic: 92 Legitimates Scanned in 00mn 02s



---\\ HKCU HKLM Software Keys
[HKCU\Software\3M]
[HKCU\Software\BBL]
[HKCU\Software\BlokkerBEFR]
[HKCU\Software\SystemSafe]
[HKCU\Software\WM61 Application]
[HKCU\Software\WebEx]
[HKLM\Software\3M]
[HKLM\Software\PC Manager]
[HKLM\Software\SystemSafe]
~ Key Software: 165 Legitimates Scanned in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/02/2013 - 21:26:38 - [12,122] ----D C:\Program Files\AutorunRemover
O43 - CFD: 6/01/2010 - 23:53:25 - [0,000] ----D C:\Program Files\EBI
O43 - CFD: 30/01/2013 - 17:44:39 - [21,132] ----D C:\Program Files\Efficient Diary
O43 - CFD: 1/04/2013 - 21:00:37 - [1,363] ----D C:\Program Files\PressePapier
O43 - CFD: 19/01/2012 - 21:40:35 - [0,007] ----D C:\ProgramData\AVG10
O43 - CFD: 2/03/2011 - 23:00:15 - [0,328] ----D C:\ProgramData\Comodo
O43 - CFD: 6/01/2010 - 23:53:32 - [0] ----D C:\ProgramData\EBI
O43 - CFD: 3/09/2010 - 15:22:31 - [0,145] ----D C:\ProgramData\FileCure
O43 - CFD: 6/01/2010 - 23:53:32 - [0] ----D C:\ProgramData\RSMR
O43 - CFD: 31/01/2013 - 16:11:20 - [39,556] ----D C:\ProgramData\WebEx
O43 - CFD: 20/07/2010 - 18:49:43 - [0,026] ----D C:\Users\Laude\AppData\Roaming\3M
O43 - CFD: 25/02/2013 - 23:21:25 - [3,913] ----D C:\Users\Laude\AppData\Roaming\Azureus
O43 - CFD: 30/01/2013 - 17:45:10 - [0,002] ----D C:\Users\Laude\AppData\Roaming\Efficient Diary
O43 - CFD: 31/01/2013 - 16:11:40 - [0,183] ----D C:\Users\Laude\AppData\Roaming\webex
O43 - CFD: 16/12/2010 - 19:09:40 - [0,109] ----D C:\Users\Laude\AppData\Local\Blokker Service Photo
~ Program Folder: 179 Legitimates Scanned in 00mn 29s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.DA686B7F261EF13153F15064E75B746C] - 1/04/2013 - 13:35:49 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_01.04.2013_14.26.29_log.txt [254314]
O44 - LFC:[MD5.575AA700C72565737062A72AAF779C88] - 1/04/2013 - 19:32:35 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_01.04.2013_20.28.16_log.txt [130208]
O44 - LFC:[MD5.9BEABBD7748B0335B0DF1C4FDFA44A0E] - 2/04/2013 - 17:59:06 ---A- . (...) -- C:\UsbFix [Clean 3] LAUDE-PC.txt [6430]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 2/04/2013 - 19:15:06 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.D97C9107351982D2E8F4B5E563F300B5] - 2/04/2013 - 19:21:49 ---A- . (...) -- C:\ComboFix.txt [16403]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 7/11/2010 - 18:20:24 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.7D7CB244981D17EF54E21D00B4A091BA] - 31/03/2013 - 21:35:14 ---A- . (...) -- C:\Windows\ntbtlog.txt [1974400]
O44 - LFC:[MD5.C8EBCBB4227E64954354FEB6A61ACD3C] - 31/03/2013 - 21:24:14 ---A- . (...) -- C:\UsbFix [Clean 4] LAUDE-PC.txt [5904]
O44 - LFC:[MD5.1E9E0F8A5AC11BD8C9E9163DF013ADD5] - 31/03/2013 - 17:29:54 ---A- . (...) -- C:\UsbFix [Clean 2] LAUDE-PC.txt [6756]
O44 - LFC:[MD5.AF058DA70FAAFCD95AFECF5BC1C80162] - 30/03/2013 - 15:56:30 ---A- . (...) -- C:\UsbFix [Clean 1] LAUDE-PC.txt [6295]
O44 - LFC:[MD5.7CA48AE9A6DD783230CFA5318D08149C] - 30/03/2013 - 15:55:21 ---A- . (...) -- C:\UsbFix [Scan 2] LAUDE-PC.txt [7995]
O44 - LFC:[MD5.C6B09EAB4B8A9CD388B8B79E45202362] - 29/03/2013 - 12:56:10 ---A- . (...) -- C:\UsbFix [Scan 1] LAUDE-PC.txt [8034]
O44 - LFC:[MD5.87F8BD64B87FFE16EF8A220040ABDB13] - 29/03/2013 - 10:29:38 ---A- . (...) -- C:\AdwCleaner[S2].txt [6993]
O44 - LFC:[MD5.312115ADEAACE40732F26655311B4E1D] - 29/03/2013 - 10:28:30 ---A- . (...) -- C:\AdwCleaner[S1].txt [339]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 07:45:56 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\zip.exe [68096]
~ Files: 61 Legitimates Scanned in 00mn 12s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 6/07/2009 - C:\Windows\System32\drivers\AsUpIO.sys - AsUpIO (AsUpIO) .(...) - LEGACY_ASUPIO
O64 - Services: CurCS - 25/02/2013 - C:\windows\system32\drivers\efavdrv.sys (efavdrv) .(.ESET - ESET Helper driver.) - LEGACY_EFAVDRV
~ Legacy: 93 Legitimates Scanned in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {1E909603-A8D2-4935-BBEA-951627F94AB4} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.850FF033A5E28039B8886EF816381076] [SPRF][20/07/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.7B1CCF92FCBF56B8B5B4F7A90BB1C28C] [SPRF][20/09/2011] (...) -- C:\Users\Laude\AppData\Local\PC Manager Prof.dat [100]
[MD5.3D8EAA89CC4B9734E50EEA0F486DDBFF] [SPRF][16/12/2010] (...) -- C:\Users\Laude\AppData\Roaming\mdbu.bin [19]
[MD5.7CAFF04B9DF4DB1D9C44D08CCA5A4E60] [SPRF][26/10/2010] (...) -- C:\Users\Laude\AppData\Roaming\wklnhst.dat [100]
[MD5.EC4961D7E0F6ACEF4E8446E062048D88] [SPRF][29/03/2013] (...) -- C:\Users\Laude\Desktop\AdwCleaner.exe [609993]
[MD5.56103AE60801C668B4F77C1218C7D4F8] [SPRF][3/04/2013] (...) -- C:\Users\Laude\Desktop\aomwin110ea23.exe [4273488]
[MD5.A5D7C3C561145126A2C37D6898493A6C] [SPRF][2/04/2013] (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Laude\Desktop\ComboFix.exe [5046606]
[MD5.9146F21288AB749C4C729343F5F285A1] [SPRF][1/04/2013] (...) -- C:\Users\Laude\Desktop\Defogger.exe [50477]
[MD5.A37C8C8523B2027897BE24C9DEC7CF35] [SPRF][1/04/2013] (...) -- C:\Users\Laude\Desktop\Flash_Disinfector.exe [132597]
[MD5.BC3947330CDE58AAB7E538BD204864E3] [SPRF][1/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Laude\Desktop\jxpiinstall.exe [896928]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][29/03/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\Laude\Desktop\mbam-setup-1.70.0.1100.exe [10156344]
[MD5.DA501CC8D4F290D13A0EC1FF73F3F20B] [SPRF][3/04/2013] (...) -- C:\Users\Laude\Desktop\mp150win111ea13.exe [15865160]
[MD5.7631C1E707B6FD51A158E765A2AAAFAD] [SPRF][28/03/2013] (.Microsoft Corporation - Microsoft Support Emergency Response Tool.) -- C:\Users\Laude\Desktop\msert.exe [81655448]
[MD5.93F41B6EAC5EE4F69277570981232CA8] [SPRF][1/04/2013] (.Olivier RAVET - Presse Papier Setup.) -- C:\Users\Laude\Desktop\Presse Papier.exe [371397]
[MD5.1CD51AE9BCEAC9F0CEE159821A1817B8] [SPRF][31/03/2013] (...) -- C:\Users\Laude\Desktop\RogueKiller.exe [816128]
[MD5.178A34E5554DCE485E1262DDF027960C] [SPRF][1/04/2013] (.Kaspersky Lab ZAO - TDSS rootkit removing tool.) -- C:\Users\Laude\Desktop\tdsskiller.exe [2237968]
[MD5.24E2A902EAF35D02DF63786C57DE60A2] [SPRF][29/03/2013] (.El Desaparecido - SosVirus.org - UsbFix - Remove malware from yours drive!.) -- C:\Users\Laude\Desktop\UsbFix.exe [1024206]
[MD5.5FAB3F189D61A8A61E7BDE2513F72261] [SPRF][31/03/2013] (.El Desaparecido - SosVirus.org - UsbFix - Remove malware from yours drive!.) -- C:\Users\Laude\Desktop\UsbFix2.exe [1024813]
~ Files: Scanned in 00mn 05s



---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 152 Legitimates Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : v2.11367 - (3/04/2013)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\AppID\{937936af-28ca-4973-b8ae-f250406149a2}] =Adware.BHO
[HKLM\Software\Classes\Installer\Products\07C72D7F5F099B941B88A031C3C03E35] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07C72D7F5F099B941B88A031C3C03E35] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7D27C70-90F5-49B9-B188-0A133C0CE353}] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =PUP.Dealio
[HKLM\Software\Classes\ToolBand.EasyHideBtn] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.EasyHideBtn.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.Localizer] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.Localizer.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighter] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighter.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SkypeIEHelper] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SkypeIEHelper.1] =Toolbar.Agent
[HKLM\Software\Classes\ToolBand.SNameProxy] =Toolbar.Agent
~ Additionnel: Scanned in 00mn 46s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "1B3A5E831FDA0E7408426713A003BE63" . (.LiveUpdate.) -- C:\Windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\ARPPRODUCTICON.exe
O90 - PUC: "3AAC9E57633BD93458BFC7B7A2ACA161" . (.LivCam.) -- C:\Windows\Installer\{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}\ARPPRODUCTICON.exe
~ Update Products: 117 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 219136 | (AsusService) . (...) - C:\Windows\System32\AsusService.exe
SR - | Auto 3/08/2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 135168 | (Change Modem Device Service) . (...) - C:\windows\system32\ChgService.exe
SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 5/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



End of the scan (636 lines in 03mn 16s)(0)
#43925
Rassures toi on y arrivera mais sache que ton infection ,est une infection particulièrement difficile à eradiquer

Ce rapport ZhpDiag me semble inconplet

J'aimerais que tu me le transmettre à l'aide de Cjoint comme demandé dans mon Canned car il est trop important pour passer directement ,et complètememnt sur le forum

Relis et fais comme indiqué stp

Le scan terminé, clique sur l'icône en forme de disquette Image
et enregistre le fichier sur ton bureau (ZHPDiag.txt) .

-- Le rapport sera aussi sauvegardé dans ce dossier == C:\Program files\ZHPDiag

Pour poster le rapport:

-- Rend toi sur Cejoint http://www.cjoint.com/

-- Clique sur Parcourir dans la partie Joindre un fichier

-- Séléctionne le rapport ZHPdiag.txt Imagequi se trouve sur ton bureau

-- Clique ensuite sur " Créer le lien cjoint ",, Un lien va se former, copie et colle le ici STP

/!\ Héberge bien le rapport via cijoint comme demander, sinon il ne passera pas entièrement sur le site /!\


Au cas ou ,Aide d'utilisation CJoint iciaide en images

http://www.forum-entraide-informatique. ... -cjointcom


Si ZHPDiag est téléchargé à partir d'Internet Explorer 9 et que le filtre Smart Screen est activé, un message de ce type apparaître en bas de page :


ZHPDiag est totalement fiable , Il s'agit simplement du filtre SmartScreen qui n'inclut pas encore la totalité des logiciels (cela se produira également sans doute avec les autres outils qui seront téléchargés durant la désinfection).

Il faut donc cliquer sur le bouton "actions" et choisir "exécuter quand même"




si cjoint pas disponible:


http://www.toofiles.com/fr/documents-upload.html

ou :

http://pjjoint.malekal.com/

ou :

http://www.casimages.com


•Tutoriel zhpdiag, si tu n'as pas tout compris :

http://www.premiumorange.com/zeb-help-p ... pdiag.html

Tu devras donc me poster uniquement un lien

A te lire
#43942
Attention , se Script a étais spécialement crée en fonction des infections présente sur se pc , il ne doit être en aucun cas utiliser/reproduit sur un autre ordinateur


* Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )



-------------------------------------------

SysRestore
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe [HKLM\Software\Classes\AppID\{937936af-28ca-4973-b8ae-f250406149a2}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF]
O4 - GS\Desktop: EyeSpeak 3.lnk . (...) -- C:\VPSL\EyeSpeak\VPSLUserApp.exe (.not file.) [HKLM\Software\Classes\Installer\Products\07C72D7F5F099B941B88A031C3C03E35]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07C72D7F5F099B941B88A031C3C03E35] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7D27C70-90F5-49B9-B188-0A133C0CE353}] [HKLM\Software\Classes\ToolBand.EasyHideBtn]
[HKLM\Software\Classes\ToolBand.EasyHideBtn.1] [HKLM\Software\Classes\ToolBand.Localizer] [HKLM\Software\Classes\ToolBand.Localizer.1]
[HKLM\Software\Classes\ToolBand.NameHighlighter]
[HKLM\Software\Classes\ToolBand.NameHighlighter.1]
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics]
[HKLM\Software\Classes\ToolBand.NameHighlighterStatistics.1]
[HKLM\Software\Classes\ToolBand.SkypeIEHelper] [HKLM\Software\Classes\ToolBand.SkypeIEHelper.1
EmptyTemp
EmptyFlash
FrewallRaz







-------------------------------------------


Puis Lance ZHPFix depuis le raccourci du bureau .par un Double clique (clique droit pour VISTA/7) sur son icône Image présente sur ton bureau



* Une fois l'outil ZHPFix ouvert , clique sur ce bouton :Image



* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .



Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.




les lignes ci-dessus sont celles qui doivent apparaître dans la fenêtre de ZHPFix. Si ce n'est pas le cas, ne surtout pas cliquer sur le bouton GO.
Il faut veiller à bien copier les lignes.


* Clique sur ce bouton Image pour lancer le nettoyage



N.B.Il arrive que l'outil que tu vas utiliser ferme le processus "explorer.exe".
Il est possible qu'après son exécution, ton bureau reste sans icône et sans barre des tâches.


Pas de panique !! il suffit de relancer explorer.exe



Pour cela, tu presseras simultanément ctrl+alt+suppr pour ouvrir le gestionnaire de tâches


Une fois dans le gestionnaire, tu cliqueras sur "fichier" et sur "nouvelle tâche"


Dans le champ de saisie, tu taperas explorer.exe et tu cliqueras sur OK
Tout redeviendra normal



A te lire
#44001
Bonsoir,

Après analyse de ce Fix

fais ce qui suit pour supprimer le restant de ton infection

Télécharge OTM (de Old_Timer) sur le bureau :

https://www.sosvirus.net/telecharger/otm/
http://www.itxassociates.com/OT-Tools/OTM.exe

Double-clique sur OTM.exe sur le bureau

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-

:commands
[emptytemp]
- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.

On arrivera au but

A te lire
Problème de téléchargement

Bonjour Suivez les indications de KAV, si vous n'[…]

Présentation

Hello :hello: , Merci pour l'accueil

New crash game Plinko

Oh, great. Crash games are a good choice if you wa[…]

Site officiel du casino Vavada

C'est un vieux casino, ce n'est pas du tout int&ea[…]