

patrickgsxr
Membres-
Compteur de contenus
37 -
Inscription
-
Dernière visite
Tout ce qui a été posté par patrickgsxr
-
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Je ne suis pas parvenu à effectuer toutes les mises à jour avec le PSI notamment celles concernant les applications word, excel, powerpoint, outlook et apple "Z'alors" Z'abondonne pour ce soir et voici le rapport ZHPDIAG http://cjoint.com/?CHAbZTFgQnQ PS : concernant la machine, un bruit de ventilo se met en route a chaque fois que l'on demande qqch à l'ordi même sur internet DE +, quelques cochonneris doivent encore trainées car sur internet un onglet "shopping" 'souvre fréquemment et des pubs ou trucs un peu moins avouables s'affichent sur la page demandée (même sur cjoint.com) Merci pour ton aide et tout ce temps passé Je ne manqurai pas de te lire dans la journée et je me remet sur la machine demain soir de retout du bureau à+ -
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Apo, au risque de passer pour un nul, voici ce que m'indique SECUNIA - 9 applications necessitant une mise à jour - 50 applications à jour Est-il nécessaire de mettre à jour des applications que je n'utilise jamais ? je t'envoie le rapport quand tu m'auras répondu merci -
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Voici le rapport ZHPFix Rapport de ZHPFix 2013.7.20.5 par Nicolas Coolman, Update du 20/07/2013 Fichier d'export Registre : Run by céline at 25/08/2013 21:51:53 High Elevated Privileges : OK Windows XP Home Edition Service Pack 3 (Build 2600) Corbeille vidée ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Documents and Settings\céline\Bureau\SoftonicDownloader_pour_adobe-reader-x.exe SUPPRIME Memory Process: C:\Documents and Settings\céline\Bureau\SoftonicDownloader_pour_cdburnerxp-pro.exe ========== Clé(s) du Registre ========== SUPPRIME Key: HKCU\Software\BearShare SUPPRIME Key: \Software\Classes\Installer\Products\\A81E737A17150D040843D72D34240018 SUPPRIME Key: \Software\Classes\Installer\Features\A81E737A17150D040843D72D34240018 SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb} SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\430E8DB44F0E90547A3564A7E858C48D SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PriceGong SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Tuto4pc SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8 SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A SUPPRIME Key: HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC SUPPRIME Key: HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC SUPPRIME Key: HKLM\Software\Classes\AppID\Tuto4pcFrSoftonicBHO.DLL SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196} SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC ABSENT Key: HKCU\Software\BearShare SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 ========== Valeur(s) du Registre ========== SUPPRIME FirewallRaz (SP) : %windir%\system32\sessmgr.exe SUPPRIME FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (SP) : C:\Program Files\Freeplayer\vlc\vlc.exe SUPPRIME FirewallRaz (SP) : C:\Program Files\Java\jre6\bin\javaw.exe SUPPRIME FirewallRaz (SP) : C:\WINDOWS\system32\dmwu.exe SUPPRIME FirewallRaz (DP) : %windir%\system32\sessmgr.exe SUPPRIME FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Dossier(s) ========== SUPPRIME Folder: C:\Documents and Settings\céline\Application Data\OpenCandy SUPPRIME Folder: C:\Documents and Settings\céline\Application Data\wincorebsband SUPPRIME Folder: C:\Documents and Settings\céline\Local Settings\Application Data\Updater27096 SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Fichier(s) ========== SUPPRIME File: C:\Windows\Installer\12a361.msi SUPPRIME File*: c:\windows\installer\12a361.msi SUPPRIME File: C:\Windows\Installer\25be6d5.msi SUPPRIME File*: c:\windows\installer\25be6d5.msi SUPPRIME File: C:\Windows\Installer\76ab3.msi SUPPRIME File: C:\Windows\Installer\76ab9.msi SUPPRIME File: C:\Windows\Installer\cf41d4.msi SUPPRIME File*: c:\windows\installer\cf41d4.msi ABSENT Folder/File: c:\documents and settings\céline\application data\opencandy ABSENT Folder/File: c:\documents and settings\céline\local settings\application data\updater27096 ABSENT Folder/File: c:\documents and settings\céline\application data\wincorebsband SUPPRIME File: C:\WINDOWS\Installer\{A737E18A-5171-40D0-8034-7DD243420081}\icon.ico ABSENT Folder/File: c:\windows\installer\12a361.msi ABSENT Folder/File: c:\windows\installer\25be6d5.msi ABSENT Folder/File: c:\windows\installer\76ab3.msi ABSENT Folder/File: c:\windows\installer\76ab9.msi ABSENT Folder/File: c:\windows\installer\cf41d4.msi SUPPRIME File: c:\documents and settings\céline\bureau\softonicdownloader_pour_adobe-reader-x.exe SUPPRIME File: c:\documents and settings\céline\bureau\softonicdownloader_pour_cdburnerxp-pro.exe ABSENT Folder/File: c:\documents and settings\céline\bureau\softonicdownloader_pour_adobe-reader-x.exe ABSENT Folder/File: c:\documents and settings\céline\bureau\softonicdownloader_pour_cdburnerxp-pro.exe SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Récapitulatif ========== 2 : Processus mémoire 20 : Clé(s) du Registre 8 : Valeur(s) du Registre 5 : Dossier(s) 23 : Fichier(s) End of clean in 00mn 12s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 25/08/2013 21:51:53 [5329] Voici maintenant le contenu de logESET C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application C:\AdwCleaner\Quarantine\C\Program Files\Webplayer setup\LollipopInstaller_kreapixel_14650.exe.vir a variant of Win32/Adware.Lollipop.A application C:\Documents and Settings\céline\Bureau\cdbxp_setup_4.3.8.2474.exe Win32/OpenCandy application @+ Pat -
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Bonjour Apo, voici le dernier rapport ZHPdiag http://cjoint.com/?CHzvxiqnTM1 -
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Désolé pour l'examen complet (je ne suis vraiment pas doué) En effet il me semble que c'est un peu + rapide Question j'ai -adobe air - adobe flash player active x - adobe reader X (10.1.7) - adobe schockwave flashplayer 11.5 je dois désinstaller les 4 ou seulement le 3ème (adobe reader X) ? -
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Voila le rappert ZHPdiag http://cjoint.com/?CHyviQRtxdA -
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Tout d'abord le rapport SFT http://cjoint.com/?CHyuld8xgLv puis le rapport MBAM http://cjoint.com/?CHyu1vn0pCU -
PC lent ayant besoin d'un nettoyage
patrickgsxr a répondu à un(e) sujet de patrickgsxr dans Analyses et éradication malwares
Mmerci de prendre mon probleme en charge voici le rapport JRT http://cjoint.com/?CHyuld8xgLv puis voici le rapport adwcleaner # AdwCleaner v3.001 - Rapport créé le 24/08/2013 à 20:03:59 # Mis à jour le 24/08/2013 par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits) # Nom d'utilisateur : céline - DOM-ME6JN5Z52DM # Exécuté depuis : C:\Documents and Settings\céline\Bureau\adwcleaner.exe # Option : Nettoyer ***** [ Services ] ***** ***** [ Fichiers / Dossiers ] ***** Dossier Supprimé : C:\Program Files\iMesh Dossier Supprimé : C:\Program Files\Music Toolbar Dossier Supprimé : C:\Documents and Settings\céline\IECompatCache ***** [ Raccourcis ] ***** ***** [ Registre ] ***** Valeur Supprimée : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Produit Supprimé : VAFPlayer Produit Supprimé : IMinent Toolbar Produit Supprimé : Software Update Helper ***** [ Navigateurs ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v [ Fichier : C:\Documents and Settings\céline\Application Data\Mozilla\Firefox\Profiles\profile\prefs.js ] ************************* AdwCleaner[R0].txt - [11368 octets] - [22/08/2013 21:46:53] AdwCleaner[R1].txt - [1008 octets] - [22/08/2013 23:10:13] AdwCleaner[R2].txt - [1509 octets] - [24/08/2013 20:02:42] AdwCleaner[s0].txt - [11347 octets] - [22/08/2013 21:48:29] AdwCleaner[s1].txt - [1069 octets] - [22/08/2013 23:12:14] AdwCleaner[s2].txt - [1352 octets] - [24/08/2013 20:03:59] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1412 octets] ########## -
PC lent ayant besoin d'un nettoyage
patrickgsxr a posté un sujet dans Analyses et éradication malwares
Bonjour à tous, mon PC est lent et à besoin d'un bon nettoyage Merci d'avance pour votre aide En pièce jointe le rapport ZHPDiag http://cjoint.com/?CHysZSBanVX -
Merci pour ces infos je vais mettre en pratique tes instructions dès mon retour à la maison bonne journée
-
Bonsoir, en complément de mon précédent message, veuillez trouver le rapport zhpdiag Merci d'avance ~ Rapport de ZHPDiag v2013.8.22.302 - Nicolas Coolman (22/08/2013) ~ Lancé par céline (22/08/2013 23:23:31) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : Problème connexion internet ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 (Defaut) GCIE: Google Chrome v29.0.1547.57 ---\\ Informations sur les produits Windows ~ Langage: Français Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système avast! Free Antivirus v8.0.1489.0 ---\\ Logiciels d'optimisation du système CCleaner v3.09 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 ActiveX Adobe Reader X Java 7 Update 17 ---\\ Informations sur le système ~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1983 MB (66% free) System Restore: Activé (Enable) System drive C: has 63 GB (68%) free of 91 GB ---\\ Mode de connexion au système ~ Computer Name: DOM-ME6JN5Z52DM ~ User Name: céline ~ All Users Names: SUPPORT_388945a0, HelpAssistant, céline, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\céline\Application Data\ ~ %Desktop% : C:\Documents and Settings\céline\Bureau\ ~ %Favorites% : C:\Documents and Settings\céline\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\céline\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\céline\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C:\ Hard drive, Flash drive, Thumb drive (Free 63 Go of 91 Go) D:\ Floppy drive, Flash card reader, USB Key (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Hard drive, Flash drive, Thumb drive (Free 90 Go of 91 Go) I:\ CD-ROM drive (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 30 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.E1948293F7CBC38987270432935D8D05] - (.Microsoft Corporation - Internet Extensions for Win32.) (.26/07/2013 - 03:47:15.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/697 ~ Mes musiques (My Musics) : 1/58 ~ Mes Videos (My Videos) : 2/9 ~ Mes Favoris (My Favorites) : 1/101 ~ Mes Documents (My Documents) : 10/5230 ~ Mon Bureau (My Desktop) : 0/87 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 00mn 08s ---\\ Processus lancés au démarrage du système [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1108] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968] [PID.2036] [MD5.3E969344E6767B50B6B6560A8E6A2E36] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508624] [PID.140] [MD5.01D92A226791867F2DED688F25271905] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400] [PID.136] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.188] [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\MSMSGS.exe [1695232] [PID.212] [MD5.2A1B86B8C58DBD0519DD0381C27A26F4] - (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392] [PID.308] [MD5.F22A31E864800E2B3E7388334FB5B5AB] - (.PC Accelerate - Accelerate your PC!.) -- C:\Program Files\PC Accelerate\PCAccelerate.exe [648192] [PID.316] [MD5.12133C6195D0A801F57E27CCFC79D20F] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768] [PID.332] [MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.352] [MD5.3F3A26E471CCCB3CFFCA68F0C052F35F] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIIKE.exe [249440] [PID.364] [MD5.A21770C6A8E6DA47DDCD87863604E957] - (.Silicon Integrated Systems Corporation - SiS Compatible Super VGA Tray Application.) -- C:\WINDOWS\system32\sistray.exe [262144] [PID.496] [MD5.018857EAD9A077A56AEDFC0E5EF7A24A] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.932] [MD5.E9EFCB47B90FD5498695BB7FEFD36CAE] - (.Seiko Epson Corporation - Epson Scanner Service (32bit).) -- C:\WINDOWS\system32\EscSvc.exe [122000] [PID.1304] [MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.1604] [MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1484] [MD5.0407143F2BBC1A5DD5B518AC0704FCBF] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92632] [PID.1812] [MD5.A9ACC4B9730B6D5B0BB2BFFDC53F0812] - (.Canon Inc. - Canon Camera Access Library 8.) -- C:\Program Files\Canon\CAL\CALMAIN.exe [86606] [PID.2020] [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe [638816] [PID.1232] [MD5.CE96981BE55AC1B7910B32DD6BB1E376] - (.IGraal - IGraal Helper for Internet Explorer.) -- C:\Program Files\iGraal\iGraalHelper.exe [963344] [PID.2332] [MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java Update Checker.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe [507312] [PID.1424] [MD5.4ADFF37E77F0ABD1D886B07F3A021C5A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7857664] [PID.1140] [MD5.B800EEC15851597405784126C407188C] - (.Microsoft Corporation - wpffontcache_v0400.exe.) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856] [PID.2544] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2688] [MD5.8BA7C024070F2B7FDD98ED8A4BA41789] - (.Microsoft Corporation - PresentationFontCache.exe.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104] [PID.3228] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\céline\Application Data\Mozilla\Firefox\Profiles\profile\prefs.js ~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: iGraal BHO - {240373D3-4199-4F41-BB4D-15D5B830C82D} . (.iGraal - iGraal BHO.) -- C:\Program Files\iGraal\iGraalBHO.dll ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: iGraal Toolbar - [HKLM]{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} . (.iGraal - iGraal Toolbar.) -- C:\Program Files\iGraal\iGraalToolbar.dll O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [Nikon Message Center 2] . (.Nikon Corporation - Nikon Message Center 2.) -- C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\MSMSGS.exe O4 - HKCU\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [KiesHelper] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\KiesHelper.exe O4 - HKCU\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [PCAccelerate] . (.PC Accelerate - Accelerate your PC!.) -- C:\Program Files\PC Accelerate\PCAccelerate.exe O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIIKE.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe (.not file.) O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\MSMSGS.exe O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [KiesHelper] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\KiesHelper.exe O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [PCAccelerate] . (.PC Accelerate - Accelerate your PC!.) -- C:\Program Files\PC Accelerate\PCAccelerate.exe O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKUS\S-1-5-21-1708537768-1177238915-682003330-1004\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIIKE.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\xlicons.exe O4 - GS\Programs: Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\outicon.exe O4 - GS\Programs: Microsoft Picture It! Express 2001.lnk . (.Microsoft Corporation - Picture It! 2001.) -- C:\Program Files\Microsoft Picture It! PhotoPub\pip.exe O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\pptico.exe O4 - GS\Programs: Microsoft Word.lnk . (...) -- C:\WINDOWS\Installer\{0002040C-78E1-11D2-B60F-006097C998E7}\wordicon.exe O4 - GS\Programs: MSN Explorer.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: iGraal - {0FB6492F-7FED-4446-9863-992806E1C419} . (...) -- C:\Program Files\iGraal\iGraalButton.dll O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{A9A258ED-9097-4BE1-9050-78F257FE91AC}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{A9A258ED-9097-4BE1-9050-78F257FE91AC}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{A9A258ED-9097-4BE1-9050-78F257FE91AC}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS3\Services\Tcpip\..\{A9A258ED-9097-4BE1-9050-78F257FE91AC}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Titr_HJT34=Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: NMSAccess (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Services: 9 Legitimates Filtered in 00mn 08s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\céline\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\céline\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: PC Accelerate - (.PC Accelerate.) [HKLM] -- PC Accelerate_is1 O42 - Logiciel: SiS Audio Driver - (...) [HKLM] -- SiS7012 ~ Logic: 106 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AppDataLow\Software\iGraal] [HKCU\Software\BearShare] =>PUP.BearShare [HKCU\Software\IncrediMail] [HKCU\Software\Keys] [HKCU\Software\PrintKey2000] [HKCU\Software\Printkey-Pro] [HKCU\Software\grep] [HKCU\Software\libiconv] [HKCU\Software\vhosts] [HKLM\Software\Ambience] [HKLM\Software\Analog Swirl] [HKLM\Software\Applause and Laugher] [HKLM\Software\IncrediMail] [HKLM\Software\iGraal-32] ~ Key Software: 191 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 12/07/2012 - 23:39:42 - [0] ----D C:\Program Files\GUM108.tmp O43 - CFD: 23/12/2012 - 20:06:57 - [4,936] ----D C:\Program Files\iGraal O43 - CFD: 06/10/2012 - 16:17:23 - [2,022] ----D C:\Program Files\PC Accelerate O43 - CFD: 12/10/2012 - 23:35:39 - [0,830] ----D C:\Program Files\PrintKey 2000 Fr O43 - CFD: 23/03/2012 - 16:16:30 - [0,004] ----D C:\Documents and Settings\All Users\Application Data\1E1E4 O43 - CFD: 08/10/2012 - 19:31:54 - [0,024] ----D C:\Documents and Settings\céline\Application Data\PC Accelerate O43 - CFD: 23/03/2012 - 16:43:04 - [0] ----D C:\Documents and Settings\céline\Application Data\wincorebsband O43 - CFD: 02/03/2013 - 19:38:05 - [0,197] ----D C:\Documents and Settings\céline\Local Settings\Application Data\Updater27096 =>PUP.CrossRider O43 - CFD: 23/12/2012 - 20:06:57 - [0,001] ----D C:\Documents and Settings\céline\Menu Démarrer\Programmes\iGraal ~ Program Folder: 179 Legitimates Filtered in 00mn 30s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.923F4960695A04081507FD914DD05D80] - 22/08/2013 - 22:14:25 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.174BFD4945620C65BD98E6F99C94E77F] - 22/08/2013 - 22:14:24 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.9E5CEEE85C6E78B3DC4B4F83BCF6E98C] - 15/08/2013 - 18:51:01 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [36882] ~ Files: 16 Legitimates Filtered in 00mn 32s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Freeplayer\vlc\vlc.exe" [Disabled] .(...) -- C:\Program Files\Freeplayer\vlc\vlc.exe (.not file.) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dmwu.exe" [Enabled] .(...) -- C:\WINDOWS\system32\dmwu.exe (.not file.) ~ Keys Export: 13 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.F8A6018193BE629B8EA4C5D7B2452B70] - 16/09/2004 - 13:26:40 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ADFUUD.SYS [12634] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 17 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {121C2AFA-5607-4EF8-BB88-4B70C8130715} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {66FBF2F4-CB24-4CE4-9881-E54716089285} - (Search) - http://start.funmoods.com =>PUP.Funmoods O69 - SBI: SearchScopes [HKCU] {6DD9AC51-42B2-4739-BCA5-DD8DA1219E10} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][11/01/2011] (...) -- C:\Documents and Settings\céline\Application Data\ivopu.exe [0] [MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][11/01/2011] (...) -- C:\Documents and Settings\céline\Application Data\rmnut.exe [0] [MD5.6BB172EF7DD31EC30D7BDC9AED22D40D] [sPRF][08/01/2011] (.Canneverbe Limited - CDBurnerXP.) -- C:\Documents and Settings\céline\Bureau\cdbxp_setup_4.3.8.2474.exe [4770043] [MD5.4427139FEA60AFE96D47FF223B16685D] [sPRF][08/01/2011] (.DriverBoost - This installer database contains the logic and data required t.) -- C:\Documents and Settings\céline\Bureau\DriverBoostPro_Setup.exe [1047648] [MD5.B1DC2C9E6D9D06A2EDB6F7471D4DE812] [sPRF][08/01/2011] (...) -- C:\Documents and Settings\céline\Bureau\epson324850eu.exe [12313088] [MD5.249BA6733123F871F1857D9583217BFC] [sPRF][01/12/2012] (...) -- C:\Documents and Settings\céline\Bureau\FSViewerSetup46.exe [5384321] [MD5.E54A4BADEC89B4AE89AB2BEDAA86D373] [sPRF][02/01/2012] (.International GeoGebra Institute - GeoGebra Installer.) -- C:\Documents and Settings\céline\Bureau\geogebra_geogebra_4.0.16.0_francais_14087.exe [11653424] [MD5.92D1142C4BD725303A0CD58A59A3F8E3] [sPRF][22/03/2012] (.Samsung Electronics Co., Ltd. - Samsung Kies Installer 2.0.) -- C:\Documents and Settings\céline\Bureau\Kies_2.1.1.11124_17_6.exe [92945152] [MD5.3843AA0776549DA474E1A3AED77B0835] [sPRF][08/01/2011] (...) -- C:\Documents and Settings\céline\Bureau\pdmaker.exe [27155368] [MD5.C42932CACA9725AA501785ACC6C91519] [sPRF][09/01/2011] (...) -- C:\Documents and Settings\céline\Bureau\SoftonicDownloader_pour_adobe-reader-x.exe [293192] =>Toolbar.Conduit [MD5.6ED809E3EEBF2D743F2318D37F4376CC] [sPRF][08/01/2011] (...) -- C:\Documents and Settings\céline\Bureau\SoftonicDownloader_pour_cdburnerxp-pro.exe [293192] =>Toolbar.Conduit [MD5.632E0CE38FBCADEAAE28077F4C9C45D5] [sPRF][21/10/2010] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.1 r102.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2827728] ~ Files: Scanned in 00mn 09s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "47790AB27F4360A4C8E76BE944BCE90B" . (.DriverBoost.) -- C:\WINDOWS\Installer\{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}\ARPPRODUCTICON.exe O90 - PUC: "7DE8F1098E31FE347B83F28EB95088BE" . (.Camera Access Library.) -- C:\WINDOWS\Installer\{901F8ED7-13E8-43EF-B738-2FE89B0588EB}\ARPPRODUCTICON.exe O90 - PUC: "A81E737A17150D040843D72D34240018" . (.Software Updater.) -- C:\WINDOWS\Installer\{A737E18A-5171-40D0-8034-7DD243420081}\icon.ico =>PUP.Eorezo O90 - PUC: "B1CD741B3B948634A810A59D99C25DD8" . (.MovieEdit Task.) -- C:\WINDOWS\Installer\{B147DC1B-49B3-4368-8A01-5AD9992CD58D}\ARPPRODUCTICON.exe ~ Update Products: 52 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.68565D96D93262571E879E439ECAACA0] [WIS][21/09/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\12a361.msi [24576] =>Adware.Boxore [MD5.88D9E06D11B0C65AD8AEC3E7A18F3A08] [WIS][20/02/2011] (.DriverBoost - DriverBoost.) -- C:\Windows\Installer\1cc8956.msi [2467840] [MD5.5297FAE4BDF1CCABC063FE282BE1D727] [WIS][03/05/2013] (.Tuguu SL - .) -- C:\Windows\Installer\25be6d5.msi [2316288] =>PUP.VAFPlayer [MD5.7CB5DC3DFF260EE8B0895566436FC0C9] [WIS][08/01/2011] (.Canon - PhotoStitch.) -- C:\Windows\Installer\3200c5.msi [1016320] [MD5.BF961FDAD55F0BA4FE209B90EE53D644] [WIS][08/01/2011] (.Canon - Canon ZoomBrowser EX.) -- C:\Windows\Installer\3200cb.msi [929280] [MD5.FBB77551CC686E78574B60B8A3769120] [WIS][08/01/2011] (.Canon Information Systems Research Australi - Canon PhotoRecord.) -- C:\Windows\Installer\3200cf.msi [935936] [MD5.FE74348EDD63FA519E4C607C483E763D] [WIS][08/01/2011] (.Canon - Canon Camera Access Library.) -- C:\Windows\Installer\3200de.msi [3583488] [MD5.F618F2B216978D0D795D6B246A108380] [WIS][08/01/2011] (.Canon - Camera Window 6.0 MC.) -- C:\Windows\Installer\3200e3.msi [1472000] [MD5.7FEDD9DA7B7FE5D3D01ACDE5769D669F] [WIS][08/01/2011] (.Canon - Camera Window 6.0 DVC.) -- C:\Windows\Installer\3200ec.msi [1453056] [MD5.F5441E21F8798B66806C3EB3E07C352E] [WIS][08/01/2011] (.Canon - Canon Camera Support Core Library.) -- C:\Windows\Installer\3200fb.msi [3594240] [MD5.805F2EBD54332350941381C120DFDA71] [WIS][08/01/2011] (.Canon - Camera Window 5.4 DVC.) -- C:\Windows\Installer\320100.msi [1374208] [MD5.B0D270E1F020CB54825AB0429BD515F1] [WIS][08/01/2011] (.Canon - Camera Window 5.3 DS.) -- C:\Windows\Installer\320109.msi [1370112] [MD5.77B08DBB0397AAF2CC358C521B8B2E11] [WIS][08/01/2011] (.Canon - CANON iMAGE GATEWAY Task.) -- C:\Windows\Installer\320112.msi [1099264] [MD5.7D52AF14305D5B304D6431C0536C2F75] [WIS][08/01/2011] (.Canon Inc. - Internet Library for ZoomBrowser EX.) -- C:\Windows\Installer\32011b.msi [1178624] [MD5.23A40803421AFE2BDDA1C3A70A3237DB] [WIS][08/01/2011] (.Canon - RAW Image Task 1.2.) -- C:\Windows\Installer\320124.msi [1593344] [MD5.A4372F1C0F95BA63550615697A50B476] [WIS][08/01/2011] (.Canon - MovieEdit Task.) -- C:\Windows\Installer\32012d.msi [1468928] [MD5.B71D9683D9E8D2C82AD156AB2573236D] [WIS][07/04/2012] (.Iminent - Iminent.) -- C:\Windows\Installer\76ab3.msi [1476608] =>Adware.IMBooster [MD5.0DD454DDF99A9F63CD21B388827003BC] [WIS][07/04/2012] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\76ab9.msi [206336] =>Adware.IMBooster [MD5.CB19498A13AF79CBBFFA2AF5CB10F978] [WIS][12/04/2012] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\cf41d4.msi [880640] =>Adware.Boxore [MD5.750FB35E096984B9C086E6FFC3C0B85A] [WIS][10/10/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\f57c0.msi [24064] =>Toolbar.Google ~ WIS: 58 Legitimates Filtered in 00mn 08s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe SS - | Demand 21/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 16/10/2010 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Auto 02/06/2005 86606 | (CCALib8) . (.Canon Inc..) - C:\Program Files\Canon\CAL\CALMAIN.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 11/12/2011 122000 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\WINDOWS\system32\EscSvc.exe SS - | Auto 27/05/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 27/05/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/10/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Demand 13/12/2010 820008 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 03/04/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 04/03/2010 71096 | (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe SR - | Auto 28/08/2012 92632 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Services: Scanned in 00mn 08s ---\\ Scan Additionnel (O88) Database Version : v2.12862 - (22/08/2013) Clés trouvées (Keys found) : 35 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 11 [HKLM\Software\Classes\Interface\{6deee498-08cc-43f0-bca0-dbb5a25c9501}] =>Trojan.FakeAlert [HKLM\Software\Classes\TypeLib\{84c94803-b5ec-4491-b2be-7b113e013b77}] =>Trojan.FakeAlert [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb}] =>Trojan.FakeAlert [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb}] =>Trojan.FakeAlert [HKLM\Software\Classes\CLSID\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb}] =>Trojan.FakeAlert [HKLM\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\430E8DB44F0E90547A3564A7E858C48D] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PriceGong] =>Adware.PriceGong [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Tuto4pc] =>PUP.Eorezo [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster [HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC] =>PUP.VAFPlayer [HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC] =>PUP.VAFPlayer [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC] =>PUP.VAFPlayer [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC] =>PUP.VAFPlayer [HKLM\Software\Classes\AppID\Tuto4pcFrSoftonicBHO.DLL] =>Spyware.AgenceExclusive [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ C:\Documents and Settings\céline\Local Settings\Application Data\Updater27096 =>PUP.CrossRider^ C:\Program Files\Software =>Adware.Boxore C:\Documents and Settings\All Users\Application Data\Software =>Adware.Boxore C:\Documents and Settings\céline\Application Data\wincorebsband =>PUP.iMesh C:\Documents and Settings\céline\Local Settings\Application Data\Software =>Adware.Boxore C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^ [HKCU\Software\BearShare] =>PUP.BearShare^ C:\Documents and Settings\céline\Bureau\SoftonicDownloader_pour_adobe-reader-x.exe =>Toolbar.Conduit^ C:\Documents and Settings\céline\Bureau\SoftonicDownloader_pour_cdburnerxp-pro.exe =>Toolbar.Conduit^ C:\WINDOWS\Installer\{A737E18A-5171-40D0-8034-7DD243420081}\icon.ico =>PUP.Eorezo^ C:\Windows\Installer\12a361.msi =>Adware.Boxore^ C:\Windows\Installer\25be6d5.msi =>PUP.VAFPlayer^ C:\Windows\Installer\76ab3.msi =>Adware.IMBooster^ C:\Windows\Installer\76ab9.msi =>Adware.IMBooster^ C:\Windows\Installer\cf41d4.msi =>Adware.Boxore^ C:\Windows\Installer\f57c0.msi =>Toolbar.Google^ ~ Additionnel Scan: 245568 Items scanned in 00mn 44s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/30392620-pup-vafplayer =>PUP.VAFPlayer ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive ~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh ~ MSI: 14 link(s) detected in 00mn 44s ~ 885 Legitimates filtered by white list End of the scan (558 lines in 02mn 40s)(0)