bonjours a vous toutes et tous et merci d avance pour vos aides !!

alors je m explique j ai de temps en temps ma souris qui ce fige et donc je ne sais plus rien faire ni clavier souris et je doit faire un reboot et sa redemarre nickel et ceci m arrive je vais dire une fois tout les deux jours et rien que quand je surfe sur le net je n ai jamais eu de soucis quand je joue a certain jeux (gametwist )

et de temps en temps j ai eu ecran bleu et redemarrage d un coup alors j ai eu hier soir ecran bleu avec toujours les inscriptions et j ai du rebooter le pc

j ai scanner avec avast en mode sans echec adccleaner je ne vois pas grand chose enfin je n y connai pas grand chose a l informatique ;-)

donc j ai regarder sur le forum j ai vu que je n etait pas le seul a avoir ce soucis donc je me suis permis de dl les programme que vous avez demandés

donc voici mes rapports

merci d avance

dsl pc qui vient de planter donc je referais le rapport en fin d apres midi

merci

pff et bien des soucis je n arrive pas a mettre les rapport ici quand je veux publier sa me dit ceci

Request object error 'ASP 0104 : 80004005'

Operation not Allowed

/inc_haut.asp, line 46

?????????????

merci pour me diriger ;-)

revoici je teste pour voir si je sai smetre les rapport

donc pour Whocrased

Welcome to WhoCrashed (HOME EDITION) v 5.00

---

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...

---

Home Edition Notice

---

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which allows you to perform more thorough and detailed analysis. It also offers a range of additional features such as remote analysis on remote directories and remote computers on the network.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.

---

System Information (local)

---

computer name: FILOU-PC
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
Hardware: ASUSTeK Computer INC., P7P55D
CPU: GenuineIntel Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 4292927488 total
VM: 2147352576, free: 1929613312

---

Crash Dump Analysis

---

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Fri 15/11/2013 13:54:57 GMT your computer crashed
crash dump file: C:\Windows\Minidump\111513-19936-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0x101 (0x31, 0x0, 0xFFFFF88002F63180, 0x2)
Error: CLOCK_WATCHDOG_TIMEOUT
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 31/10/2013 08:10:54 GMT your computer crashed
crash dump file: C:\Windows\Minidump\103113-16411-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0x101 (0x31, 0x0, 0xFFFFF88002F63180, 0x2)
Error: CLOCK_WATCHDOG_TIMEOUT
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an expected clock interrupt on a secondary processor, in a multi-processor system, was not received within the allocated interval.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

---

Conclusion

---

2 crash dumps have been found and analyzed. No offending third party drivers have been found. Consider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

voici Malwarebytes

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.11.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
filou
FILOU-PC [administrateur]

Protection: Désactivé

20/11/2013 13:04:42
rapport walmarebits MBAM-log-2013-11-20 (14-21-36).txt

Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 400713
Temps écoulé: 42 minute(s), 54 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 14
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll.vir (PUP.Optional.Delta) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll.vir (PUP.Optional.Delta) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe.vir (PUP.Optional.Delta) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll.vir (PUP.Optional.Delta) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll.vir (PUP.Optional.Delta) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Users\filou\AppData\Local\Conduit\CT2724431\IncrediMail_MediaBar_Francais_2AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Users\filou\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir (PUP.Optional.Babylon.A) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Users\filou\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Aucune action effectuée.
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir (PUP.Optional.PCPerformer.A) -> Aucune action effectuée.
C:\Users\filou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZTNIRD\Setup[1].exe (PUP.Optional.Glindorus.A) -> Aucune action effectuée.
C:\Users\filou\AppData\Local\Updater21810\Updater21810.exe (PUP.Optional.GiantSavings.A) -> Aucune action effectuée.
C:\Users\filou\Desktop\PROGR DIFFE\PC_Optimizer_Pro_6.5.2.4_softarchive.net.rar (PUP.Hacktool.Patcher) -> Aucune action effectuée.
C:\Users\filou\Desktop\PROGR DIFFE\Spybot.exe (PUP.Optional.InstallCore) -> Aucune action effectuée.
C:\Users\filou\Downloads\Malwarebytes%20Anti-Malware.exe (PUP.Optional.Firseria) -> Aucune action effectuée.

(fin)

voici le Adwcleaner

# AdwCleaner v3.012 - Rapport créé le 20/11/2013 à 12:52:59

# Mis à jour le 11/11/2013 par Xplode

# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

# Nom d'utilisateur : filou - FILOU-PC

# Exécuté depuis : C:\Users\filou\Desktop\PROGR DIFFE\adwcleaner.exe

# Option : Scanner

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Fichier Présent : C:\Users\filou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage

Fichier Présent : C:\Users\filou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Présente : HKCU\Software\glindorus

Clé Présente : HKCU\Software\IM

Clé Présente : HKCU\Software\Uniblue

Clé Présente : HKCU\Software\WEDLMNGR

Clé Présente : [x64] HKCU\Software\glindorus

Clé Présente : [x64] HKCU\Software\IM

Clé Présente : [x64] HKCU\Software\Uniblue

Clé Présente : [x64] HKCU\Software\WEDLMNGR

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Clé Présente : HKLM\Software\glindorus

Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v25.0.1 (fr)

[ Fichier : C:\Users\filou\AppData\Roaming\Mozilla\Firefox\Profiles\z5y4hcs9.default\prefs.js ]

-\\ Google Chrome v31.0.1650.57

[ Fichier : C:\Users\filou\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Trouvée : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [42871 octets] - [31/10/2013 09:14:46]

AdwCleaner[R1].txt - [1554 octets] - [31/10/2013 09:18:53]

AdwCleaner[R2].txt - [1657 octets] - [04/11/2013 17:21:24]

AdwCleaner[R3].txt - [2057 octets] - [20/11/2013 12:52:59]

AdwCleaner[S0].txt - [40435 octets] - [31/10/2013 09:15:45]

AdwCleaner[S1].txt - [1619 octets] - [31/10/2013 09:19:42]

AdwCleaner[S2].txt - [1731 octets] - [04/11/2013 17:21:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2298 octets] ##########

voici le dernier

~ Rapport de ZHPDiag v2013.11.20.42 - Nicolas Coolman (20/11/2013)
~ Lancé par filou (20/11/2013 19:38:53)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : YPGYY
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v1.6.2

---\\ Logiciels d'optimisation du système
CCleaner v3.00 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 20 GB (19%) free of 100 GB

---\\ Mode de connexion au système
~ Computer Name: FILOU-PC
~ User Name: filou
~ All Users Names: UpdatusUser, HomeGroupUser$, filou, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\filou\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\filou\AppData\Roaming\
~ %Desktop% : C:\Users\filou\Desktop\
~ %Favorites% : C:\Users\filou\Favorites\
~ %LocalAppData% : C:\Users\filou\AppData\Local\
~ %StartMenu% : C:\Users\filou\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 20 Go of 100 Go)
D: Hard drive, Flash drive, Thumb drive (Free 420 Go of 831 Go)
E: CD-ROM drive (Free 0 Go of 3 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/361
~ Mes musiques (My Musics) : 1/12
~ Mes Favoris (My Favorites) : 1/86
~ Mes Documents (My Documents) : 1/998
~ Mon Bureau (My Desktop) : 1/2462
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.41666A20C22EC32A1EF15BD6C5AD5922] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [6060032] [PID.2928]
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088] [PID.2740]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3184]
[MD5.E7118D7A8A500C0478A01988234EE997] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe [8093056] [PID.3932]
[MD5.9225A1067BC2858575B9787BB3ECC4FD] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe [145184] [PID.1164]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3952]
[MD5.4A5946CF3E24DBFAAB97346A29B9A81A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8260096] [PID.2788]
[MD5.A9D26626BEADF5A0641BF6B5095EF309] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.876]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.528]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1196]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1776]
[MD5.798A87B2D7AD73B16B7CD968C5D1F18F] - (.ASUSTeK Computer Inc. - AsSysCtr Application.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112] [PID.1800]
[MD5.6163664C7E9CD110AF70180C126C3FDC] - (.Microsoft Corporation - BCM SQL Startup Service.) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [30312] [PID.1824]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1920]
[MD5.B90E093E7A7250906F1054418B5339C0] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.1108]
[MD5.AFADA8B97BE3C9398DC6C770409C3544] - (.Pas de propriétaire - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040] [PID.1684]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.1644]
[MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944] [PID.2064]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.2828]
[MD5.1C46C27E9F1938B9589859C70450D275] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2358656] [PID.2920]
[MD5.0765EE4A7A0D6609BF91CA2E4700E885] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.2968]
[MD5.AA130938A27BB80A8B6438EF83232275] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256] [PID.2904]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\filou\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.google.com
G2 - GCE: Preference [User Data\Default] [ejhfomhehcinmhgnlhdpghklkjgppdmn] AT_RatchetClank_v2 v.3 (Activé)
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.0.7.2 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [halffneccaebicfdfajnbfgpglahfgoe] Giant Savings Extension v.1.25.59, (Activé) =>Adware.VidSaver
~ Google Browser: 17 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\filou\AppData\Roaming\Mozilla\Firefox\Profiles\z5y4hcs9.default\prefs.js
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files (x86)\eMule\emule.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HTC Sync.lnk . (...) -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PS3 Media Server.lnk . (.PS3 Media Server - PS3 Media Server.) -- C:\Program Files (x86)\PS3 Media Server\PMS.exe
O4 - GS\Desktop [Public]: Songr.lnk . (.Xamasoft - Songr.) -- C:\Program Files (x86)\Songr\Songr.exe
O4 - GS\Program [Public]: FreeRide Games.lnk - Clé orpheline
O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Songr.lnk . (.Xamasoft - Songr.) -- C:\Program Files (x86)\Songr\Songr.exe
O4 - GS\QuickLaunch [filou]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [filou]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\QuickLaunch [filou]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [filou]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\TaskBar [filou]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [filou]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [filou]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [filou]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [filou]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
~ Global Startup: 85 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DependencyCheck] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-302058679-2511711659-3227527414-1004\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-302058679-2511711659-3227527414-1004\..\RunOnce: [DependencyCheck] Clé orpheline
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{84DAFC78-9B75-46E8-AA35-0F8BC3F4102D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{84DAFC78-9B75-46E8-AA35-0F8BC3F4102D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{84DAFC78-9B75-46E8-AA35-0F8BC3F4102D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{197BD831-C770-4F7C-B3B0-3D5CB5A086C7}] (...) -- E:\98Driver\InstMsiW.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3288AF3F-8E8A-436D-99CD-E771F6087F84}] (...) -- C:\Remote Programs\Farm Frenzy 3 - American Pie\GPlrLanc.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3B6FB3E0-EC81-434E-8080-18758529CF3D}] (...) -- C:\Users\filou\Desktop\jeux\patch\call_of_duty_la_grande_offensive_bonus_pack_1_multi-langues_13634.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5FFB800F-3B7F-4E19-99D0-D41D06D8B6A0}] (...) -- C:\Users\filou\Downloads\TIVKT507A-Vista-x86-V2.2.0.2616.exe (.not file.) [0]
[MD5.2D3CEB42C4ACE986E825B79A70D45780] [APT] [{672BD1EE-350D-467E-82D8-594591341594}] (...) -- E:\setup\rsrc\Autorun.exe [45056]
[MD5.00000000000000000000000000000000] [APT] [{A2CEB7CA-6820-4F16-961F-4073D1AF2A2B}] (...) -- E:\98Driver\InstMsiA.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ABBFBE99-CE3D-4288-B467-68D5A91B4669}] (...) -- E:\98Driver\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B4348A3E-E2B5-4B46-932E-F266E9CBCAEA}] (...) -- C:\Remote Programs\Jewel Quest 3\GPlrLanc.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B5F59DD9-8C0C-4DBA-A22E-61C2F46434CE}] (...) -- C:\Users\filou\Downloads\screenshot-captor_screenshot_captor_2.96.02_anglais_18193.exe (.not file.) [0]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: Capture My Screen 1.03 - (.Namtuk.) [HKLM][64Bits] -- CMS_is1
O42 - Logiciel: Dinosaure Screensaver - (...) [HKLM][64Bits] -- Dinosaure Screensaver
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail
O42 - Logiciel: Video To MP3 - (...) [HKCU][64Bits] -- Video To MP3
~ Logic: 174 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\2.6.1694.246]
[HKCU\Software\EA Play]
[HKCU\Software\IncrediMail]
[HKCU\Software\zombie_sox3r]
[HKLM\Software\Wow6432Node\EA Play]
[HKLM\Software\Wow6432Node\NEOACT]
[HKLM\Software\Wow6432Node\iWin]
~ Key Software: 255 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/02/2011 - 15:46:56 - [1781,932] ----D C:\Program Files (x86)\EA Play
O43 - CFD: 3/04/2011 - 12:54:50 - [13,490] ----D C:\Program Files (x86)\FoxTabVideo2Mp3Converter =>Adware.FoxtabVideoConverter
O43 - CFD: 4/09/2011 - 14:48:12 - [26,505] ----D C:\Program Files (x86)\IncrediMail
O43 - CFD: 30/10/2013 - 13:15:00 - [0] ----D C:\Program Files (x86)\SaveShare =>Adware.SaveShare
O43 - CFD: 22/10/2013 - 17:49:24 - [11,017] ----D C:\ProgramData\FreeRide Games
O43 - CFD: 4/09/2011 - 14:49:33 - [0] ----D C:\ProgramData\IM
O43 - CFD: 4/09/2011 - 14:48:12 - [6,703] ----D C:\ProgramData\IncrediMail
O43 - CFD: 27/08/2013 - 21:14:03 - [3,340] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 28/03/2011 - 16:19:06 - [0] RSH-D C:\Users\filou\AppData\Roaming\explorer
O43 - CFD: 8/09/2011 - 18:06:54 - [511,997] ----D C:\Users\filou\AppData\Local\IM
O43 - CFD: 4/03/2013 - 19:39:53 - [0,209] ----D C:\Users\filou\AppData\Local\Updater21810 =>PUP.CrossRider
O43 - CFD: 23/10/2011 - 17:48:20 - [0] ----D C:\Users\filou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carom3D
~ 522 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 799 Legitimates Filtered in 00mn 17s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.C00066AAECD81E2BB67735BEBF3DD274] - 20/11/2013 - 12:43:02 ---A- - C:\Windows\Prefetch\IMLPP.EXE-C9266A11.pf
O45 - LFCP:[MD5.610CA7F150AF9AFD589156CB93E84663] - 20/11/2013 - 14:42:56 ---A- - C:\Windows\Prefetch\PMS.EXE-1948C362.pf
O45 - LFCP:[MD5.FD70A330F8DF13697661BB8086CFD7D8] - 31/10/2013 - 09:10:32 ---A- - C:\Windows\Prefetch\RUNNE.EXE-29F6C06B.pf
O45 - LFCP:[MD5.30A8FC9E61396864251A1E34CE443E1D] - 31/10/2013 - 09:10:32 ---A- - C:\Windows\Prefetch\SETCLEAN.EXE-F8D3E6FD.pf
O45 - LFCP:[MD5.3C3D6983F2451A2079D91677F86291D0] - 31/10/2013 - 09:10:37 ---A- - C:\Windows\Prefetch\SETPOINT6.61.15_SMART.EXE-350443C6.pf
~ Prefetcher: 75 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0e18f692-3749-11e0-9c4d-20cf304c4243}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
O51 - MPSK:{ecf693cf-f970-11df-a5a7-806e6f6e6963}\AutoRun\command. (...) -- E:\Setup\rsrc\autorun.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\DATAMNGR [Key] . (...) -- C:\Program Files (x86)\WIA6EB~1\Datamngr\DATAMN~1.exe (.not file.) =>PUP.Datamngr
O53 - SMSR:HKLM\...\startupreg\Exetender_148 [Key] . (...) -- C:\Program Files (x86)\FreeRide Games\GPlayer.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\GAINWARD [Key] . (...) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HBLiteSA [Key] . (...) -- C:\Program Files (x86)\HBLite\bin\11.0.384.0\HBLiteSA.exe (.not file.) =>Adware.HotBar
O53 - SMSR:HKLM\...\startupreg\HTC Sync Loader [Key] . (.Pas de propriétaire - HTC UPCT Loader.) -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
O53 - SMSR:HKLM\...\startupreg\Magentic [Key] . (...) -- C:\Program Files (x86)\Magentic\bin\Magentic.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (...) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe (.not file.) =>Toolbar.AVGSearch
~ SMSR Keys: 32 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.19B006B181E3875FD254F7B67ACF1E7C] - 16/07/2009 - 04:38:40 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [15416]
O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 4/01/2008 - 12:34:42 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 17/11/2013 - 19:40:29 ---A- . (...) -- C:\Users\filou\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57]
O61 - LFC: 17/11/2013 - 19:40:29 ---A- . (...) -- C:\Users\filou\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [8837]
O61 - LFC: 18/11/2013 - 19:40:11 ---A- . (...) -- C:\Users\filou\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [263468]
O61 - LFC: 18/11/2013 - 19:40:11 ---A- . (...) -- C:\Users\filou\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 18/11/2013 - 19:40:15 ---A- . (...) -- C:\Users\filou\AppData\Local\Google\Chrome\User Data\Local State [116703]
O61 - LFC: 19/11/2013 - 19:40:48 ---A- . (...) -- C:\Users\filou\Downloads\The.Attack.2012.MULTi.720p.BluRay.x264.mkv [5041968890]
O61 - LFC: 20/11/2013 - 19:40:15 ---A- . (...) -- C:\Users\filou\AppData\Local\Google\Toolbar\broker_metrics.xml [3599]
O61 - LFC: 20/11/2013 - 19:40:16 ---A- . (...) -- C:\Users\filou\AppData\Local\IM\DomainsFavicons\mutsoc.be.ico [1406]
O61 - LFC: 20/11/2013 - 19:40:16 ---A- . (...) -- C:\Users\filou\AppData\Local\IM\content.xml [24002]
O61 - LFC: 20/11/2013 - 19:40:43 ---A- . (...) -- C:\Users\filou\AppData\Roaming\ZHP\Log.txt [41934] =>.Nicolas Coolman
O61 - LFC: 20/11/2013 - 19:40:43 ---A- . (...) -- C:\Users\filou\AppData\Roaming\ZHP\TestsZHPDiag.txt [2851] =>.Nicolas Coolman
O61 - LFC: 20/11/2013 - 19:40:43 ---A- . (...) -- C:\Users\filou\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 20/11/2013 - 19:40:43 ---A- . (...) -- C:\Users\filou\AppData\Roaming\ZHP\ZHPDiag.txt [271523] =>.Nicolas Coolman
O61 - LFC: 20/11/2013 - 19:40:48 ---A- . (...) -- C:\Users\filou\Downloads\MaConfigx64_4_6_0_1(1).exe [4369280]
O61 - LFC: 20/11/2013 - 19:40:48 ---A- . (...) -- C:\Users\filou\Downloads\MaConfigx64_4_6_0_1.exe [4369280]
O61 - LFC: 20/11/2013 - 19:40:48 ---A- . (...) -- C:\Users\filou\Downloads\MaConfigx64_7_1_1_0.exe [5819160]
~ 23 Fichiers temporaires (Temporary files)
~ Files: 218 Legitimates Filtered in 00mn 37s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <Opera.HTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera\Opera.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - () - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.8958C2B5D4B44B2E6F805ABD6EDB419C] [SPRF][5/10/2011] (...) -- C:\Users\filou\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [58]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (...) -- C:\Users\filou\AppData\Local\Temp\Quarantine.exe [350377]
[MD5.4AC340C0C0E1DF9BFBF78192CCB27B4D] [SPRF][28/03/2011] (...) -- C:\Users\filou\AppData\Roaming\filoulog.dat [10739]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{4F703C03-AD96-41CA-8FA8-D5355386B385}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{E76A5F44-BAA8-4795-B0AE-63990790F9AD}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{C59EFB7C-731A-4608-BDE4-2BFD78BB62F0}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{8A340C56-8DD0-4E51-BF25-DA538C0C76C3}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{E81CB7E4-6158-4F8A-B8E8-C51F3232028B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{05F825C5-8375-48FF-B94F-5F53413EB6AA}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{FA007E0E-8895-4B1B-9550-D337CFD3BE38}" | In - Public - P6 - FALSE | .(.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\filou\AppData\Local\IM\Runtime\IncrediMail_Install.exe
O87 - FAEL: "{7A729886-FD10-4BB5-87C7-2DE745FFDC83}" | In - Public - P17 - FALSE | .(.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\filou\AppData\Local\IM\Runtime\IncrediMail_Install.exe
O87 - FAEL: "{19333328-5A1F-4616-A479-CEC62300C8BA}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{B75B0231-AE69-4F54-BDF9-9787085BE12D}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{6BB270F4-6475-4933-8125-386885153D06}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{F47495EE-4C0F-49BA-886F-391185B41C7D}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{A6792684-0F82-4F2A-80A8-BF156688F5BA}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{91F6D7F7-4BDE-460E-BE75-7A2B7DCD29BD}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
~ Firewall: 311 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe
~ Update Products: 181 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.E4998D930DCD77ACEB8690DEBE386D0B] [WIS][28/01/2013] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\294a538.msi [2837504]
[MD5.AEC14B0FF54875FB3C961B92F356D9F8] [WIS][28/06/2012] (.TuneUp Software - TuneUp Utilities 2011.) -- C:\Windows\Installer\3f751.msi [18454528]
~ WIS: 186 Legitimates Filtered in 00mn 17s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 8/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 19/08/2009 90112 | (AsSysCtrlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
SS - | Demand 22/10/2013 69120 | (Boonty Games) . (.BOONTY.) - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
SS - | Auto 24/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 25/10/2013 2768208 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 20/07/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 27/10/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 23/03/2012 87040 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 23/10/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 30/08/2011 2358656 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 13/12/2011 2028864 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by filou at 20/11/2013 19:41:24
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by filou at 20/11/2013 19:41:26

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12996 - (20/11/2013)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 0

[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Google\Chrome\Extensions\halffneccaebicfdfajnbfgpglahfgoe] =>Adware.VidSaver^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR] =>PUP.Datamngr^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\HBLiteSA] =>Adware.HotBar^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\vProt] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater] =>Hijacker.BabSolution
[HKLM\Software\Wow6432Node\iwin] =>Adware.iWinArcade
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly
[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder
[HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Users\filou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Users\filou\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe =>Adware.VidSaver^
C:\Program Files (x86)\FoxTabVideo2Mp3Converter =>Adware.FoxtabVideoConverter^
C:\Program Files (x86)\SaveShare =>Adware.SaveShare^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\filou\AppData\Local\Updater21810 =>PUP.CrossRider^
C:\ProgramData\FreeRide Games =>Toolbar.FreeRide
~ Additionnel Scan: 306399 Items scanned in 00mn 42s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/34139798-adware-foxtabvideoconverter =>Adware.FoxtabVideoConverter
~ http://nicolascoolman.webs.com/apps/blog/show/31929570-adware-saveshare =>Adware.SaveShare
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/26834113-adware-hotbar =>Adware.Hotbar
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder =>PUP.MediaFinder
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ MSI: 12 link(s) detected in 00mn 42s



~ 2346 Legitimates filtered by white list
End of the scan (549 lines in 03mn 16s)(0)

merci si faut encore autre chose comme analise demandé j essayerai de le faire ;-)

Modifié par filou_eric le 20/11/2013 19:44

Bonjour Filou_eric

Ce n'est pas le bon forum ,

Cliques sur ce symbole , en haut du message, et demande à la modération de replacer ton sujet dans le forum Sécurité, où un membre du Groupe Sécurité viendra s'occuper de ton souci.

**NB. Supprime le post que tu as mis dans le forum "les mains dans le cambouis " à 12h11 car ce n'est pas non plus le bon forum ......et de ttes façons, il fait doublon avec celui-ci .

Modifié par beorcs le 22/11/2013 14:15

ok merci et encore dsl ;-(

et supprimer l autre message

Modifié par filou_eric le 22/11/2013 17:49