Forum d'Entraide Informatique (FEI)

bonjour

je viens de m'inscrire chez vous, car je cherche desesperement une solution à ce satané virus ;

j'ai essayé des choses : malvare, adw cleaner, et failli acheter spyhunter , mais tout me semble truffé de pièges et de cas particuliers...

j'ai vu que des cas sont traités chez vous, alors je me tourne vers vous : j'ai windows vista, et suis plutot moyen en informatique

(si on m explique longtemps, je comprends vite ...)

voilà, alors @+, et merci de votre site

            Ptkntz

Bonjour,

N'achète surtout pas SpyHunter c'est une arnaque, il ne va rien te réparer du tout.

Fais un diagnostic de ton PC avec ZHPDiag et poste le rapport hébergé sur cjoint : http://www.forum-entraide-informatique. ... g-tutoriel

Gabriel.

bonjour, et merci de votre rapidite

je vous joint le rapport ~ Rapport de ZHPDiag v2013.9.14.26 - Nicolas Coolman (14/09/2013)
~ Lancé par Angel'Z (14/09/2013 18:33:08)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0
GCIE: Google Chrome

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner v3.27 =Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 7

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 107 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1917 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 64 GB (28%) free of 225 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-ANGELZ
~ User Name: Angel'Z
~ All Users Names: Angel'Z, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Angel'Z\AppData\Roaming\
~ %Desktop% : C:\Users\Angel'Z\Desktop\
~ %Favorites% : C:\Users\Angel'Z\Favorites\
~ %LocalAppData% : C:\Users\Angel'Z\AppData\Local\
~ %StartMenu% : C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 225 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 8 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.21A5424935A32080A58DD40F2712212C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.31/07/2013 - 10:52:44.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/853
~ Mes musiques (My Musics) : 7/516
~ Mes Videos (My Videos) : 1/36
~ Mes Favoris (My Favorites) : 1/56
~ Mes Documents (My Documents) : 1/5049
~ Mon Bureau (My Desktop) : 1/1461
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 21s



---\\ Processus lancés
[MD5.0842B8477097234D7A65BD83F6046687] - (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [6427008] [PID.1388] =Crapware.SpyHunter
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.4372]
[MD5.85B8925F1A477DF7AEC93CABBEB04F1F] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.1880]
[MD5.821F73B833C4DAEBC33C1A9A4B16BB5A] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.2008]
[MD5.882539219B40107D5BC0557E0088DD79] - (.ScanSoft, Inc. - OCR Aware (32-bit).) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [49152] [PID.2040]
[MD5.A9E1468F4959F9A4A04B90173D206B57] - (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [802304] [PID.4116]
[MD5.8E53B67FA3816E854B07C5DC66E10730] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056] [PID.5612]
[MD5.F4D37D47D8FFB01FC072D81440051CAD] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976832] [PID.6012]
[MD5.81800928E0F713DF31F3393CC26F4013] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952] [PID.1684]
[MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.1748]
[MD5.D5D8A5E87D3C32C516E5B5E2BA5B0DBF] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768] [PID.1908]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125952] [PID.1892]
[MD5.EE8DEBD2D159E7052EB0DAA5CA19FAF7] - (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe [278528] [PID.2036]
[MD5.E3A2C0BCBE14A0116F80657079A19D25] - (.Matsushita Electric Industrial Co., Ltd. - LUMIX Simple Viewer.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [57344] [PID.416]
[MD5.9E30189C814095FE0293E39AD08EF943] - (.Syntek Ltd. - Syntek Monitor Application.) -- C:\Windows\STK02N\STK02NM.exe [163840] [PID.3036]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4092]
[MD5.C81BE1B951C36E97D3DA90DA745DA5F7] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [61440] [PID.4660]
[MD5.AA9CBDCD4675A48755DDA3A73BE3E283] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757400] [PID.352]
[MD5.D0D60548015BA79AD371BA4A562E79CB] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe [815496] [PID.1028]
[MD5.D15FE044EF9776466FBA00D7FBD7B7B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7953408] [PID.6912]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.7872]
[MD5.528FEB786D2D2427C16E68F6CE53B363] - (.Enigma Software Group USA, LLC. - Service scanner interface.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432] [PID.0] =Crapware.SpyHunter
[MD5.2FE4FE6B316836AFE396851EFF6DEA6B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 187.8.) -- C:\Windows\system32\nvvsvc.exe [211560] [PID.4488]
[MD5.37F77AEBFF23A99D1BFB4F34CD2D07F2] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.4656]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.5376]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [PID.1244]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.204]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.368]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2732]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2908]
[MD5.E4C24B7ED477CBCEC20B8FA41C4025D0] - (.iolo technologies, LLC - iolo System component.) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1028464] [PID.3188]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.808]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.968]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1048]
[MD5.25EDED99A5644E1CB3DE28B27B760CCB] - (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [125952] [PID.1096]
[MD5.F620772888B6E3EDEF5C3E71E3D447F0] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92632] [PID.2104]
[MD5.CF6D9AB044DF22FB6ECCC3907DE9FD7A] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [295376] [PID.3768]
[MD5.FE56897B27ED266F9C4E7D90A0B5DA47] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3564]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [gfhdkohbepelnfckgjinfddmecpngnpb] Lyric Star v.1.111 (Activé) =Adware.AddLyrics
~ Google Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Angel'Z\AppData\Roaming\Mozilla\Firefox\Profiles\rorthpdb.default\prefs.js
M0 - MFSP: prefs.js [Angel'Z - rorthpdb.default] http://www.qvo6.com =Hijacker.Qvo6
~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy-WebPrint - [HKLM]{327C2873-E90D-4c37-AA9D-10AC9BABA46C} . (.Pas de propriétaire - Easy-WebPrint.) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =Toolbar.Google
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: EPSON Perfection V33_V330 Manuel.lnk . (...) -- C:\Program Files\epson\TpManual\EPSON Perfection V33_V330\fr\Useg\index.htm
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\WINDOWS\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Fritz6.lnk . (...) -- C:\Program Files\ChessBase\Fritz6\Fritz6.exe
O4 - GS\Desktop [Public]: LUMIX Simple Viewer.lnk . (.Matsushita Electric Industrial Co., Ltd. - LUMIX Simple Viewer.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhoebeLE.exe
O4 - GS\Desktop [Public]: Photo Impression 5.lnk . (.ArcSoft Inc. - PhotoImpression.) -- C:\Program Files\ArcSoft\PhotoImpression 5\photoimpression.exe
O4 - GS\Program [Public]: TuneUp Utilities 2009.lnk . (.TuneUp Software - TuneUp Utilities 2009 - Start Center.) -- C:\Program Files\TuneUp Utilities 2009\Integrator.exe
O4 - GS\QuickLaunch [Angel'Z]: GeoGebra.lnk . (.International GeoGebra Institute - GeoGebra.) -- C:\Program Files\GeoGebra\geogebra.exe
O4 - GS\QuickLaunch [Angel'Z]: Guitar Pro 6.lnk . (...) -- C:\Program Files\Guitar Pro 6\GuitarPro.exe
O4 - GS\QuickLaunch [Angel'Z]: Xilisoft Dailymotion Vidéo Convertisseur.lnk . (...) -- C:\Program Files\Xilisoft\Dailymotion Video Converter\DailymotionVideoConverter.exe
O4 - GS\Desktop [Angel'Z]: DiagTransfer 3.0.1.lnk . (.Alain Blaisot - Lecteur éditeur de positions d'échecs.) -- C:\Program Files\DiagTransfer\Diagram.exe
O4 - GS\Desktop [Angel'Z]: SpyHunter.lnk . (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe =Crapware.SpyHunter
O4 - GS\Desktop [Angel'Z]: System Mechanic Professional.lnk . (.iolo technologies, LLC - iolo System component.) -- C:\Program Files\iolo\Common\Lib\ioloLManager.exe
~ Global Startup: 80 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: e-Carte Bleue La Banque Postale.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - GS\Startup [Public]: LUMIX Simple Viewer.lnk . (.Matsushita Electric Industrial Co., Ltd. - LUMIX Simple Viewer.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
O4 - GS\Startup [Public]: STK02N 2.3 PNP Monitor.lnk . (.Syntek Ltd. - Syntek Monitor Application.) -- C:\Windows\STK02N\STK02NM.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] . (...) -- C:\HP\KBD\KbdStub.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] . (.ScanSoft, Inc. - OCR Aware (32-bit).) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
O4 - HKLM\..\Run: [OPSE reminder] . (...) -- C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Clé orpheline
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ((no name)) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Users\Angel'Z\AppData\Local\DProtect\eBP.dll (.not file.) =Trojan.Staser
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Enumération Active Desktop MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\LUMIXSimpleViewer\20082013\P1080715.JPG
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\LUMIXSimpleViewer\20082013\P1080715.JPG
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\Angel'Z\AppData\Roaming\iolo\) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Angel'Z.job [378]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ReclaimerUpdateXML_Angel'Z.job [374]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Angel'Z.job [384]
[MD5.C34968C46A99BBD6248D30F9F1B778C2] [APT] [BoxSoftwareUpdate] (...) -- C:\ProgramData\BoxUpdChk\updchk.exe [177152]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =Adware.Boxore
O42 - Logiciel: DiagTransfer 3.0.1 - (...) [HKLM] -- DiagTransfer 3.0.1
O42 - Logiciel: STK02N 2.3 - (.Syntek.) [HKLM] -- {E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}
~ Logic: 103 Legitimates Filtered in 00mn 00s



---\\ HKCU HKLM Software Keys
[HKCU\Software\BrowseFox] =Adware.BrowseFox
[HKCU\Software\IncrediMail]
[HKCU\Software\Linkury]
[HKLM\Software\DProtect] =Trojan.Staser
[HKLM\Software\PCTools]
[HKLM\Software\SITTELLE]
[HKLM\Software\STK02N]
[HKLM\Software\Syntek]
[HKLM\Software\WiseConvert] =Toolbar.Conduit
~ Key Software: 184 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/07/2013 - 15:22:10 - [1,184] ----D C:\Program Files\DiagTransfer
O43 - CFD: 26/04/2012 - 14:38:53 - [0,107] ----D C:\Program Files\LilyPond
O43 - CFD: 30/06/2010 - 15:50:03 - [3,624] ----D C:\Program Files\SITTELLE
O43 - CFD: 23/07/2012 - 17:59:04 - [0] ----D C:\Program Files\WiseConvert =Toolbar.Conduit
O43 - CFD: 23/08/2013 - 12:49:30 - [0,169] ----D C:\ProgramData\BoxUpdChk
O43 - CFD: 11/07/2013 - 14:54:08 - [0] ----D C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiagTransfer
O43 - CFD: 12/09/2013 - 20:23:36 - [0,004] ----D C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =Crapware.SpyHunter
~ 825 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1096 Legitimates Filtered in 00mn 55s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.56709CAFDD887B6F47057FBF926F27AD] - 14/09/2013 - 16:34:22 ---A- . (...) -- C:\WINDOWS\System32\Ikeext.etl [65536]
O44 - LFC:[MD5.9F04CD7D2B8D99E026076616CC544E33] - 11/09/2013 - 18:11:56 ---A- . (...) -- C:\WINDOWS\System32\InstallUtil.InstallLog [1576]
O44 - LFC:[MD5.71C39503D82C33543838A7D6D45C566A] - 10/09/2013 - 19:14:32 ---A- . (...) -- C:\WINDOWS\win.ini [304]
O44 - LFC:[MD5.188E68005ED62F32248032C65CB4DE96] - 03/09/2013 - 18:04:46 ---A- . (...) -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest [1870]
~ Files: 44 Legitimates Filtered in 00mn 22s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/05/2011 - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD =Crapware.SpyHunter
~ Legacy: 210 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {00568276-096E-4C27-B695-380E366A4A49} - (Yahoo! France) - http://fr.search.yahoo.com =Toolbar.Yahoo
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {58EAAF4A-22A0-45D3-AB9C-529C1268E3A4} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EC6F29018B037E2620637D8F46110B3E] [SPRF][14/09/2013] (...) -- C:\ProgramData\nvModes.dat [32061]
[MD5.6B104251D0C18E3B783BF708CA00AA30] [SPRF][14/09/2013] (...) -- C:\Users\Angel'Z\AppData\Local\Temp\Uninst.bat [642]
[MD5.8287D0E6DA60B6E9153D7EDC2C322097] [SPRF][07/09/2013] (...) -- C:\Users\Angel'Z\AppData\LocalLow\SkwConfig.bin [6876]
[MD5.1ABEC34CDC28991FE1D63CD56CE9A172] [SPRF][04/10/2012] (...) -- C:\Users\Angel'Z\AppData\Roaming\wklnhst.dat [1476]
[MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][14/09/2013] (...) -- C:\Users\Angel'Z\Desktop\AdwCleaner_1.606_En.exe [581957]
[MD5.090D5B5CED06858273366AF8EAD16AD1] [SPRF][13/11/2011] (...) -- C:\Users\Angel'Z\Desktop\x-dailymotion-video-converter-fr.exe [16868164]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D61B8E93-6A6D-418F-B4AC-303A376E6F1B}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Angel'Z\AppData\Local\DProtect\DProtectSvc.exe (.not file.) =Trojan.Staser
~ Firewall: 185 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5EC33E4FBA7A86F47A7E0FAA48FED2E9" . (.Internet Explorer Toolbar 4.9 by SweetPacks.) -- C:\Windows\Installer\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\ARPPRODUCTICON.exe =PUP.SweetIM
O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =Adware.Boxore
~ Update Products: 98 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A927205BE60B837B5CA7C3194A197EBE] [WIS][22/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\2dda8.msi [474624] =Adware.Boxore
[MD5.5E8444B77B1E765A348A4BE4670507D4] [WIS][17/12/2011] (.Linkury Inc. - Messenger Plus! Community Smartbar (Powered by Linkury Inc.).) -- C:\Windows\Installer\58f740.msi [1054208] =Hijacker.SmartBar
~ WIS: 100 Legitimates Filtered in 00mn 07s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SS - | Disabled 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 03/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/01/2012 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 01/11/2012 1028464 | (ioloSystemService) . (.iolo technologies, LLC.) - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
SR - | Demand 31/05/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16/12/2012 125952 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
SR - | Auto 30/10/2009 211560 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Demand 26/03/2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SR - | Auto 17/07/2013 770432 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =Crapware.SpyHunter
SS - | Demand 08/03/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 05/12/2012 92632 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
SS - | Disabled 27/02/2013 361288 | (TuneUp.Defrag) . (.TuneUp Software.) - C:\WINDOWS\System32\TuneUpDefragService.exe
SS - | Disabled 27/02/2013 604488 | (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software.) - C:\WINDOWS\System32\TUProgSt.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\System32\svchost.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 08s



---\\ Scan Additionnel (O88)
Database Version : 12917 - (14/09/2013)
Clés trouvées (Keys found) : 42
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 13

[HKLM\Software\Google\Chrome\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb] =Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =Adware.Boxore^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =PUP.SweetIM
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =Crapware.SpyHunter
[HKCU\Software\BlabbersToolbar] =PUP.Blabbers
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =PUP.SweetIM
[HKCU\Software\AppDataLow\Software\LyricStar] =Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =Toolbar.EasyWebPrint
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =Toolbar.EasyWebPrint
[HKLM\Software\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =Toolbar.EasyWebPrint
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =Toolbar.Google^
C:\Program Files\WiseConvert =Toolbar.Conduit^
C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =Crapware.SpyHunter^
C:\Program Files\Software =Adware.Boxore
C:\Users\Angel'Z\AppData\Local\Software =Adware.Boxore
C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =PUP.DealPly
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe =Crapware.SpyHunter^
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =Crapware.SpyHunter^
C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb =Adware.AddLyrics^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =Toolbar.Google^
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe =Crapware.SpyHunter^
[HKCU\Software\BrowseFox] =Adware.BrowseFox^
[HKLM\Software\DProtect] =Trojan.Staser^
[HKLM\Software\WiseConvert] =Toolbar.Conduit^
C:\Windows\Installer\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\ARPPRODUCTICON.exe =PUP.SweetIM^
C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =Adware.Boxore^
C:\Windows\Installer\2dda8.msi =Adware.Boxore^
C:\Windows\Installer\58f740.msi =Hijacker.SmartBar^
C:\Users\Angel'Z\Desktop\SpyHunter.lnk =Crapware.SpyHunter
~ Additionnel Scan: 375506 Items scanned in 00mn 28s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... -spyhunter =Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blo ... -addlyrics =Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blo ... acker-qvo6 =Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blo ... bar-google =Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blo ... jan-staser =Trojan.Staser
~ http://nicolascoolman.webs.com/apps/blo ... are-boxore =Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blo ... -browsefox =Adware.BrowseFox
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blo ... up-sweetim =PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blo ... r-smartbar =Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blo ... v9software =PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blo ... p-blabbers =PUP.Blabbers
~ http://nicolascoolman.webs.com/apps/blo ... lbar-tarma =Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blo ... crossrider =PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blo ... up-dealply =PUP.DealPly
~ MSI: 16 link(s) detected in 00mn 28s



~ 2124 Legitimates filtered by white list
End of the scan (573 lines in 03mn 08s)(0)
de ZHP diag

Re,

Ok, je souhaiterai bien récupérer un fichier infecté si possible.

Zippe le dossier suivant : C:\Users\Angel'Z\AppData\Local\DProtect\

Et héberge-le comme ceci : http://www.forum-entraide-informatique. ... m-tutoriel

Au passage, as-tu le rapport AdwCleaner ?

Gabriel.

je n'ai pas le fichier demandé: à partir de local, je n'ai pas de "DProtect"
par contre, je te joint le rapport de adw cleaner
http://cjoint.com/?CIowuQ0jbov


cordialement, Ptkntz

Re,

Affiche les fichiers et dossiers cachés : http://www.forum-entraide-informatique. ... -windows-7
Tu devrais voir DProtect.

Gabriel.

désolé, pourrais tu me dire comment faire pour trouver les fichiers et dossiers cachés ?


merci, Ptkntz

Re,

Tu les as affichés ?

Si oui, cherche le dossier suivant : C:\Users\Angel'Z\AppData\Local\DProtect\

Sinon, fais Windows + R (afin d'ouvrir la fenêtre Exécuter. Et tape ceci et valide par Ok : C:\Users\Angel'Z\AppData\Local\DProtect\
Cela devrait ouvrir le dossier en question.

Si tu ne trouves pas ce n'est pas très grave, on passera à la suite.

Gabriel.

non, il me donne un message comme quoi le dossier n est pas la ou deplacé ...

donc on passe à la suite

Re,

Ok, alors passe AdwCleaner en mode Nettoyer et poste le rapport.

Gabriel.

voilà, je te met le rapport adw cleaner

# AdwCleaner v1.606 - Rapport créé le 14/09/2013 à 23:09:21
# Mis à jour le 10/05/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Angel'Z - PC-DE-ANGELZ
# Exécuté depuis : C:\Users\Angel'Z\Desktop\AdwCleaner_1.606_En.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Registre - GUID] *****


***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v21.0 (fr)

Nom du profil : default
Fichier : C:\Users\Angel'Z\AppData\Roaming\Mozilla\Firefox\Profiles\rorthpdb.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [1953 octets] - [14/09/2013 14:50:58]
AdwCleaner[S1].txt - [393 octets] - [14/09/2013 14:51:13]
AdwCleaner[R2].txt - [2072 octets] - [14/09/2013 15:00:18]
AdwCleaner[S2].txt - [2145 octets] - [14/09/2013 15:01:20]
AdwCleaner[R3].txt - [1397 octets] - [14/09/2013 23:08:59]
AdwCleaner[S3].txt - [1330 octets] - [14/09/2013 23:09:21]

########## EOF - C:\AdwCleaner[S3].txt - [1458 octets] ##########

et je te dis bonne nuit, car je vais me coucher ;

à demain, merci, Ptkntz

Re,

Quelque chose de bizarre, tu as fait la version 3.003 et la suppression avec la 1.606, totalement obsolète.

Tu n'as pas fait exprès ?^^

Bonne nuit,

Gabriel.

re

non, je n'ai pas fait exprès

puis je telecharger la version recente sur un site sûr, ou l'ai-je, mais comment le trouver (vous voyez mon niveau....)

dans l'attente


cordialement, Ptkntz

pardon, ça y est, voilà le rapport avec la bonne version d adwcleaner

# AdwCleaner v3.003 - Rapport créé le 15/09/2013 à 08:35:49
# Mis à jour le 07/09/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Angel'Z - PC-DE-ANGELZ
# Exécuté depuis : C:\Users\Angel'Z\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Fichier Supprimé : C:\Users\Angel'Z\AppData\Roaming\Mozilla\Firefox\Profiles\rorthpdb.default\Extensions\firefox@browsefox.com.xpi

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\Public\Desktop\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Raccourci Désinfecté : C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Raccourci Désinfecté : C:\Users\Angel'Z\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Raccourci Désinfecté : C:\Users\Angel'Z\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Clé Supprimée : HKCU\Software\BrowseFox
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Produit Supprimé : Internet Explorer Toolbar 4.9 by SweetPacks

***** [ Navigateurs ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v21.0 (fr)

[ Fichier : C:\Users\Angel'Z\AppData\Roaming\Mozilla\Firefox\Profiles\rorthpdb.default\prefs.js ]

Ligne Supprimée : user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=butm_medium=ns ... 1379016716");
Ligne Supprimée : user_pref("browser.search.defaultenginename", "qvo6");
Ligne Supprimée : user_pref("browser.search.order.1", "qvo6");
Ligne Supprimée : user_pref("browser.search.selectedEngine", "qvo6");
Ligne Supprimée : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=butm_medium=ns ... 1379016716");

-\\ Google Chrome v

[ Fichier : C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [42960 octets] - [07/09/2013 14:34:03]
AdwCleaner[R1].txt - [23916 octets] - [11/09/2013 18:58:33]
AdwCleaner[R2].txt - [4973 octets] - [11/09/2013 19:09:05]
AdwCleaner[R3].txt - [18229 octets] - [11/09/2013 19:26:27]
AdwCleaner[R4].txt - [5939 octets] - [11/09/2013 20:04:30]
AdwCleaner[R5].txt - [5605 octets] - [15/09/2013 08:35:12]
AdwCleaner[S0].txt - [7275 octets] - [07/09/2013 14:43:29]
AdwCleaner[S1].txt - [22561 octets] - [11/09/2013 18:59:19]
AdwCleaner[S2].txt - [3202 octets] - [11/09/2013 19:10:53]
AdwCleaner[S3].txt - [16380 octets] - [11/09/2013 19:27:05]
AdwCleaner[S4].txt - [3856 octets] - [11/09/2013 20:05:05]
AdwCleaner[S5].txt - [4015 octets] - [15/09/2013 08:35:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [4075 octets] ##########
cordialement, Ptkntz

re

hallelouia !!!!!!!!!!!!!!!!

je n'ai plus ce toolbar de QVO6 au démarrage !!!!!!!!!!!!!!


bon, j'imagine qu'il y a des residus à oter ici ou là ...


en tout cas, ça bouge


gracié mille, vous êtes des bêtes !

dernière question : est ce que c 'est fini, ou il y a encore des détails à bidouiller ?


dans l'attente, @+, ptkntz

Salut,

Très bien.

Fais moi un nouveau rapport ZHPDiag.

Gabriel.

voilà le dernier rapport

~ Rapport de ZHPDiag v2013.9.14.26 - Nicolas Coolman (14/09/2013)
~ Lancé par Angel'Z (15/09/2013 13:05:00)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0
GCIE: Google Chrome

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner v3.27 =Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 7

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 107 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1917 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 72 GB (31%) free of 225 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-ANGELZ
~ User Name: Angel'Z
~ All Users Names: Angel'Z, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Angel'Z\AppData\Roaming\
~ %Desktop% : C:\Users\Angel'Z\Desktop\
~ %Favorites% : C:\Users\Angel'Z\Favorites\
~ %LocalAppData% : C:\Users\Angel'Z\AppData\Local\
~ %StartMenu% : C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 72 Go of 225 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 8 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.21A5424935A32080A58DD40F2712212C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.31/07/2013 - 10:52:44.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/854
~ Mes musiques (My Musics) : 7/516
~ Mes Videos (My Videos) : 1/36
~ Mes Favoris (My Favorites) : 1/56
~ Mes Documents (My Documents) : 1/5049
~ Mon Bureau (My Desktop) : 1/1460
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 31s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.4692]
[MD5.85B8925F1A477DF7AEC93CABBEB04F1F] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.2952]
[MD5.821F73B833C4DAEBC33C1A9A4B16BB5A] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.4228]
[MD5.882539219B40107D5BC0557E0088DD79] - (.ScanSoft, Inc. - OCR Aware (32-bit).) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [49152] [PID.4304]
[MD5.A9E1468F4959F9A4A04B90173D206B57] - (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [802304] [PID.5540]
[MD5.8E53B67FA3816E854B07C5DC66E10730] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056] [PID.480]
[MD5.F4D37D47D8FFB01FC072D81440051CAD] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976832] [PID.1840]
[MD5.81800928E0F713DF31F3393CC26F4013] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952] [PID.5568]
[MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.5416]
[MD5.D5D8A5E87D3C32C516E5B5E2BA5B0DBF] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768] [PID.6032]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125952] [PID.1800]
[MD5.EE8DEBD2D159E7052EB0DAA5CA19FAF7] - (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe [278528] [PID.1192]
[MD5.E3A2C0BCBE14A0116F80657079A19D25] - (.Matsushita Electric Industrial Co., Ltd. - LUMIX Simple Viewer.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [57344] [PID.1384]
[MD5.9E30189C814095FE0293E39AD08EF943] - (.Syntek Ltd. - Syntek Monitor Application.) -- C:\Windows\STK02N\STK02NM.exe [163840] [PID.1448]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3288]
[MD5.C81BE1B951C36E97D3DA90DA745DA5F7] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [61440] [PID.6072]
[MD5.18A2E16BCB1D76DA0A7AE666FB755D35] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe [389016] [PID.3192]
[MD5.AA9CBDCD4675A48755DDA3A73BE3E283] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757400] [PID.1184]
[MD5.D0D60548015BA79AD371BA4A562E79CB] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe [815496] [PID.3604]
[MD5.D15FE044EF9776466FBA00D7FBD7B7B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7953408] [PID.5608]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3308]
[MD5.2FE4FE6B316836AFE396851EFF6DEA6B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 187.8.) -- C:\Windows\system32\nvvsvc.exe [211560] [PID.3356]
[MD5.37F77AEBFF23A99D1BFB4F34CD2D07F2] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.3436]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.4168]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.340]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.420]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.564]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.644]
[MD5.E4C24B7ED477CBCEC20B8FA41C4025D0] - (.iolo technologies, LLC - iolo System component.) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1028464] [PID.788]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2224]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2328]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2352]
[MD5.25EDED99A5644E1CB3DE28B27B760CCB] - (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [125952] [PID.2384]
[MD5.F620772888B6E3EDEF5C3E71E3D447F0] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92632] [PID.2544]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [PID.984]
[MD5.CF6D9AB044DF22FB6ECCC3907DE9FD7A] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [295376] [PID.5420]
[MD5.FE56897B27ED266F9C4E7D90A0B5DA47] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.4164]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [gfhdkohbepelnfckgjinfddmecpngnpb] Lyric Star v.1.111 (Activé) =Adware.AddLyrics
~ Google Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Angel'Z\AppData\Roaming\Mozilla\Firefox\Profiles\rorthpdb.default\prefs.js
~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy-WebPrint - [HKLM]{327C2873-E90D-4c37-AA9D-10AC9BABA46C} . (.Pas de propriétaire - Easy-WebPrint.) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =Toolbar.Google
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: EPSON Perfection V33_V330 Manuel.lnk . (...) -- C:\Program Files\epson\TpManual\EPSON Perfection V33_V330\fr\Useg\index.htm
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\WINDOWS\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Fritz6.lnk . (...) -- C:\Program Files\ChessBase\Fritz6\Fritz6.exe
O4 - GS\Desktop [Public]: LUMIX Simple Viewer.lnk . (.Matsushita Electric Industrial Co., Ltd. - LUMIX Simple Viewer.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhoebeLE.exe
O4 - GS\Desktop [Public]: Photo Impression 5.lnk . (.ArcSoft Inc. - PhotoImpression.) -- C:\Program Files\ArcSoft\PhotoImpression 5\photoimpression.exe
O4 - GS\Program [Public]: TuneUp Utilities 2009.lnk . (.TuneUp Software - TuneUp Utilities 2009 - Start Center.) -- C:\Program Files\TuneUp Utilities 2009\Integrator.exe
O4 - GS\QuickLaunch [Angel'Z]: GeoGebra.lnk . (.International GeoGebra Institute - GeoGebra.) -- C:\Program Files\GeoGebra\geogebra.exe
O4 - GS\QuickLaunch [Angel'Z]: Guitar Pro 6.lnk . (...) -- C:\Program Files\Guitar Pro 6\GuitarPro.exe
O4 - GS\QuickLaunch [Angel'Z]: Xilisoft Dailymotion Vidéo Convertisseur.lnk . (...) -- C:\Program Files\Xilisoft\Dailymotion Video Converter\DailymotionVideoConverter.exe
O4 - GS\Desktop [Angel'Z]: DiagTransfer 3.0.1.lnk . (.Alain Blaisot - Lecteur éditeur de positions d'échecs.) -- C:\Program Files\DiagTransfer\Diagram.exe
O4 - GS\Desktop [Angel'Z]: System Mechanic Professional.lnk . (.iolo technologies, LLC - iolo System component.) -- C:\Program Files\iolo\Common\Lib\ioloLManager.exe
~ Global Startup: 80 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: e-Carte Bleue La Banque Postale.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - GS\Startup [Public]: LUMIX Simple Viewer.lnk . (.Matsushita Electric Industrial Co., Ltd. - LUMIX Simple Viewer.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
O4 - GS\Startup [Public]: STK02N 2.3 PNP Monitor.lnk . (.Syntek Ltd. - Syntek Monitor Application.) -- C:\Windows\STK02N\STK02NM.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] . (...) -- C:\HP\KBD\KbdStub.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] . (.ScanSoft, Inc. - OCR Aware (32-bit).) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
O4 - HKLM\..\Run: [OPSE reminder] . (...) -- C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-3126514150-977183771-1314257680-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Clé orpheline
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ((no name)) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Users\Angel'Z\AppData\Local\DProtect\eBP.dll (.not file.) =Trojan.Staser
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Enumération Active Desktop MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\LUMIXSimpleViewer\20082013\P1080715.JPG
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\LUMIXSimpleViewer\20082013\P1080715.JPG
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\Angel'Z\AppData\Roaming\iolo\) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Angel'Z.job [378]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ReclaimerUpdateXML_Angel'Z.job [374]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Angel'Z.job [384]
[MD5.C34968C46A99BBD6248D30F9F1B778C2] [APT] [BoxSoftwareUpdate] (...) -- C:\ProgramData\BoxUpdChk\updchk.exe [177152]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =Adware.Boxore
O42 - Logiciel: DiagTransfer 3.0.1 - (...) [HKLM] -- DiagTransfer 3.0.1
O42 - Logiciel: STK02N 2.3 - (.Syntek.) [HKLM] -- {E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}
~ Logic: 102 Legitimates Filtered in 00mn 00s



---\\ HKCU HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\Linkury]
[HKLM\Software\DProtect] =Trojan.Staser
[HKLM\Software\PCTools]
[HKLM\Software\SITTELLE]
[HKLM\Software\STK02N]
[HKLM\Software\Syntek]
[HKLM\Software\WiseConvert] =Toolbar.Conduit
~ Key Software: 183 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/07/2013 - 15:22:10 - [1,184] ----D C:\Program Files\DiagTransfer
O43 - CFD: 26/04/2012 - 14:38:53 - [0,107] ----D C:\Program Files\LilyPond
O43 - CFD: 30/06/2010 - 15:50:03 - [3,624] ----D C:\Program Files\SITTELLE
O43 - CFD: 23/07/2012 - 17:59:04 - [0] ----D C:\Program Files\WiseConvert =Toolbar.Conduit
O43 - CFD: 23/08/2013 - 12:49:30 - [0,169] ----D C:\ProgramData\BoxUpdChk
O43 - CFD: 11/07/2013 - 14:54:08 - [0] ----D C:\Users\Angel'Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiagTransfer
~ 825 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1095 Legitimates Filtered in 01mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B75428B26C61F1EB63552B23B97961EF] - 15/09/2013 - 07:37:42 ---A- . (...) -- C:\WINDOWS\System32\Ikeext.etl [65536]
O44 - LFC:[MD5.9F04CD7D2B8D99E026076616CC544E33] - 11/09/2013 - 18:11:56 ---A- . (...) -- C:\WINDOWS\System32\InstallUtil.InstallLog [1576]
O44 - LFC:[MD5.71C39503D82C33543838A7D6D45C566A] - 10/09/2013 - 19:14:32 ---A- . (...) -- C:\WINDOWS\win.ini [304]
O44 - LFC:[MD5.188E68005ED62F32248032C65CB4DE96] - 03/09/2013 - 18:04:46 ---A- . (...) -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest [1870]
~ Files: 46 Legitimates Filtered in 00mn 03s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD =Crapware.SpyHunter
~ Legacy: 209 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {00568276-096E-4C27-B695-380E366A4A49} - (Yahoo! France) - http://fr.search.yahoo.com =Toolbar.Yahoo
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {58EAAF4A-22A0-45D3-AB9C-529C1268E3A4} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EC6F29018B037E2620637D8F46110B3E] [SPRF][15/09/2013] (...) -- C:\ProgramData\nvModes.dat [32061]
[MD5.8287D0E6DA60B6E9153D7EDC2C322097] [SPRF][07/09/2013] (...) -- C:\Users\Angel'Z\AppData\LocalLow\SkwConfig.bin [6876]
[MD5.1ABEC34CDC28991FE1D63CD56CE9A172] [SPRF][04/10/2012] (...) -- C:\Users\Angel'Z\AppData\Roaming\wklnhst.dat [1476]
[MD5.090D5B5CED06858273366AF8EAD16AD1] [SPRF][13/11/2011] (...) -- C:\Users\Angel'Z\Desktop\x-dailymotion-video-converter-fr.exe [16868164]
~ Files: 5 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D61B8E93-6A6D-418F-B4AC-303A376E6F1B}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Angel'Z\AppData\Local\DProtect\DProtectSvc.exe (.not file.) =Trojan.Staser
O87 - FAEL: "{92717F8A-AE0D-43EB-815A-18312BDFA7C5}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =PUP.SweetIM
O87 - FAEL: "{CB4AEBBA-C9F8-40B5-BAF6-B7245A9CD0FB}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =PUP.SweetIM
O87 - FAEL: "{71E024BD-B6C1-4D78-891E-EF3941D3D5F6}" |In - Private - P6 - TRUE | .(...) -- C:\WINDOWS\System32\dmwu.exe (.not file.)
O87 - FAEL: "{12B3DAE6-FC90-4D1D-BFE6-DCBAFD067578}" |In - Private - P17 - TRUE | .(...) -- C:\WINDOWS\System32\dmwu.exe (.not file.)
O87 - FAEL: "{6BF768A0-D968-401F-99B9-41C1A360C777}" |In - Public - P6 - TRUE | .(...) -- C:\WINDOWS\System32\dmwu.exe (.not file.)
O87 - FAEL: "{70AD2ABB-E5D9-46EF-9FA8-3F428155620A}" |In - Public - P17 - TRUE | .(...) -- C:\WINDOWS\System32\dmwu.exe (.not file.)
O87 - FAEL: "{1C1F5627-FA11-4BE3-B7AD-1866CCE29A50}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.)
~ Firewall: 196 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5EC33E4FBA7A86F47A7E0FAA48FED2E9" . (.Internet Explorer Toolbar 4.9 by SweetPacks.) -- C:\Windows\Installer\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\ARPPRODUCTICON.exe =PUP.SweetIM
O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =Adware.Boxore
~ Update Products: 98 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A927205BE60B837B5CA7C3194A197EBE] [WIS][22/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\2dda8.msi [474624] =Adware.Boxore
[MD5.5E8444B77B1E765A348A4BE4670507D4] [WIS][17/12/2011] (.Linkury Inc. - Messenger Plus! Community Smartbar (Powered by Linkury Inc.).) -- C:\Windows\Installer\58f740.msi [1054208] =Hijacker.SmartBar
~ WIS: 99 Legitimates Filtered in 00mn 05s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SS - | Disabled 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 03/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/01/2012 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 01/11/2012 1028464 | (ioloSystemService) . (.iolo technologies, LLC.) - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
SR - | Demand 31/05/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16/12/2012 125952 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
SR - | Auto 30/10/2009 211560 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Demand 26/03/2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Demand 08/03/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 05/12/2012 92632 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
SS - | Disabled 27/02/2013 361288 | (TuneUp.Defrag) . (.TuneUp Software.) - C:\WINDOWS\System32\TuneUpDefragService.exe
SS - | Disabled 27/02/2013 604488 | (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software.) - C:\WINDOWS\System32\TUProgSt.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\System32\svchost.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Scan Additionnel (O88)
Database Version : 12917 - (14/09/2013)
Clés trouvées (Keys found) : 40
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 8

[HKLM\Software\Google\Chrome\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb] =Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =PUP.SweetIM
[HKCU\Software\BlabbersToolbar] =PUP.Blabbers
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =PUP.SweetIM
[HKCU\Software\AppDataLow\Software\LyricStar] =Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =Toolbar.EasyWebPrint
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =Toolbar.EasyWebPrint
[HKLM\Software\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =Toolbar.EasyWebPrint
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =Toolbar.Google^
C:\Program Files\WiseConvert =Toolbar.Conduit^
C:\Program Files\Software =Adware.Boxore
C:\Users\Angel'Z\AppData\Local\Software =Adware.Boxore
C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =PUP.DealPly
C:\Users\Angel'Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb =Adware.AddLyrics^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =Toolbar.Google^
[HKLM\Software\DProtect] =Trojan.Staser^
[HKLM\Software\WiseConvert] =Toolbar.Conduit^
C:\Windows\Installer\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\ARPPRODUCTICON.exe =PUP.SweetIM^
C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =Adware.Boxore^
C:\Windows\Installer\2dda8.msi =Adware.Boxore^
C:\Windows\Installer\58f740.msi =Hijacker.SmartBar^
~ Additionnel Scan: 374923 Items scanned in 00mn 26s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... -addlyrics =Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blo ... bar-google =Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blo ... jan-staser =Trojan.Staser
~ http://nicolascoolman.webs.com/apps/blo ... are-boxore =Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... -spyhunter =Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blo ... up-sweetim =PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blo ... r-smartbar =Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blo ... p-blabbers =PUP.Blabbers
~ http://nicolascoolman.webs.com/apps/blo ... lbar-tarma =Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blo ... crossrider =PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blo ... up-dealply =PUP.DealPly
~ MSI: 13 link(s) detected in 00mn 26s



~ 2131 Legitimates filtered by white list
End of the scan (561 lines in 02mn 59s)(0)
cordialement, Ptkntz

Re,

Peux-tu refaire de la manière indiquée dans le tutoriel ? http://www.forum-entraide-informatique. ... g-tutoriel
Configurer, ...

Et héberger le rapport ? http://www.forum-entraide-informatique. ... m-tutoriel

Merci,

Gabriel.

bonjour

voilà

http://cjoint.com/?CIpqaSfoJg7

@+, ptkntz

Re,

Fais ZHPFix comme ceci avec ces lignes, et poste le rapport.

Gabriel.

re désolé, on avais des invités ...

j'ai un problème avec ZHPFix : quand je vais dessus et clique sur "importer", il m'affiche :
avertissement
un triangle jaune danger
exemples
script ZHPFix (ligne obligatoire)
C:\CURRENTUSER ......

etc sur 3 lignes

qu'ai je mal fait ?

dans l'attente, @+, Ptkntz

Re,

Tu as bien ouvert ce lien : https://dl.dropboxusercontent.com/u/328 ... ptkntz.txt
Puis fais Ctrl + A et Ctrl + C ?

Gabriel.

Bonsoir,

j'ai qv06 ...MDR !!!!
J'ai lu les commentaires et j'envoie le fichier suite au lancement de ZHPFix.
Puis je avoir de l'aide SVP ?
Merci

http://cjoint.com/?3IpvjCbbtbW

voilà, ça a marché :
http://cjoinhttp://cjoint.com/?CIpvBokA4pj


@+, ptkntz

Re,

krikou1, ouvre un nouveau sujet : http://www.forum-entraide-informatique. ... e=newtopic

ptkntz, ok, encore des soucis ?

Gabriel.

ben à priori tout est bon

c'était bon, le dernier rapport avec ZHPFix ?


je voulais savoir si c'est complètement terminé maintenant ...


alors à plus

je me couche maintenant, et reverrai demain après midi

salamalekoum

ptkntz

Re,

Oui le PC est propre, mais ce n'est pas tout à fait terminé.

Il nous reste encore à finaliser, voici la procédure : http://www.forum-entraide-informatique. ... nalisation
Tiens moi au courant de ton avancée et fur et à mesure.

Bonne soirée,

Gabriel.

coucou me revoilou

merci pour la réponse

voici le rapport de security check

Results of screen317's Security Check version 0.99.73
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
TuneUp Utilities 2009
CCleaner
JavaFX 2.1.1
Java(TM) 6 Update 22
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
Mozilla Thunderbird (17.0.8)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


voilà, peux tu me dire si tout est OK


dans l'attente, merci, et @+

Ptkntz

Salut,

Il te reste à mettre Java et Firefox à jour.

Gabriel.

voilà, c'est fait

j'ai vu qu'il m'a bloqué environ une petite trentaine de programmes de demarrages, ça doit être normal

donc, maintenant, tout être bon ?


salut, @+

ptkntz

Re,

Qui t'as bloqué quoi ? ^^

Oui tout est ok, tu n'as pas de question sur la désinfection ?

Gabriel.

re,

non, mais j'ai une icone en bas à droite barré en rouge (configuration systeme) qui s est mis suite à la MAJ firefox ou je vois une liste de programmes de demarrages qui sont activés; mais ça n'a aucune incidence ...


bon, ben je crois que c'est bon

des questions, pas spécialement ; peut être y en aura t il qui viendront plus tard , j'éspère pas, ca voudra dire que tout va bien

j'ai chopé ce virus par un pote qui m a filé une USB (systême mechanic professionnal) ou j ai oublié de decocher un truc machiavelique

encore un enorme merci pour votre patience (surtout envers les néophytes), bravo à votre savoir faire

je ne comprends toujours pas quel interet il y a a créer des virus pour e******der le monde, m'enfin


encore toute ma reconnaissance, et bon courage avec tous vos "clients"


ciao, ptkntz

Re,

D'accord, pas de problème.

je ne comprends toujours pas quel interet il y a a créer des virus pour e******der le monde, m'enfinC'est pour l'argent bien souvent, à chaque installation réussie ils touchent de l'argent.

Je passe ce sujet en résolu et je le verrouille, à bientôt et bonne soirée.

Gabriel.

encore merci à toute l'équipe



bonne nuit



ptkntz

Je t'en prie, bonne nuit à toi aussi.

Gabriel.