boxore aide elimination
Hors ligneTibv Le 06/04/2013 à 00:57 Profil de Tibv Configuration de Tibv

bonjour

 

j'aimerai etre aidé pour une éliminiation d'un boxore resistant 

 

avant de vous contacter j'avais plusieur malware, j'ai réalisé adcleaner, rogue, mbam, eset ca a permis d'en elimner pour la plus part  mais il rest toujourscela 

 

 
 
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/23
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/22
~ Hidden Files:  Scanned in 00mn 00s
 
 
 
---\\ Processus lancés
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe   [291608] [PID.3724]
[MD5.2FD32328C48D021E680D11E8EE8C68A0] - (.MSI - Super-Charger.) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe   [502288] [PID.3900]
[MD5.2859EBC065D2E1CCC94161CE28BAC085] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [770560] [PID.3820]
[MD5.BDB7D97012F9B3102DB72AA76A24942A] - (.ESET - ESET Online Scanner container.) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe   [546944] [PID.4596]
[MD5.CE0D0B11986FD2C0247AE88A59B36A6E] - (...) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe   [579904] [PID.4800]
[MD5.B0BF698030DB6561393AE753C6D3F936] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [1312720] [PID.5000]
[MD5.CC94B2146C58DBD29976AEE9F841E2BA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [6471680] [PID.4400]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe   [383264] [PID.928]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65192] [PID.1848]
[MD5.D22982C269775BCBDDA8A0F82A9ADE9E] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe   [161560] [PID.1932]
[MD5.C72ADF8436182E12B1B7E04390CE4C5B] - (.MSI - Super-Charger Service.) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe   [138768] [PID.2012]
[MD5.C5A75EB48E2344ABDC162BDA79E16841] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe   [130384] [PID.736]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [277784] [PID.3980]
[MD5.4789E020D2617046862D1790FC235FF6] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe   [1260320] [PID.1336]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe   [363800] [PID.3460]
~ Processes Running:  Scanned in 00mn 00s
 
 
 
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Thibault\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser:  Scanned in 00mn 00s
 
 
 
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
~ Firefox Browser:  Scanned in 00mn 00s
 
 
 
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser:  Scanned in 00mn 00s
 
 
 
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s
 
 
 
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s
 
 
 
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
 
 
 
---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 2 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 
O4 - HKCU\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe 
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe 
O4 - HKLM\..\Wow6432Node\Run: [Super-Charger] . (.MSI - Super-Charger.) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-2165407781-3816458425-4243028323-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-21-2165407781-3816458425-4243028323-1001\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
~ Application:  Scanned in 00mn 00s
 
 
 
---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
~ Global Startup:  Scanned in 00mn 00s
 
 
 
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 8 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2619B656-BAEC-4644-AF5C-7556961053E2}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{2619B656-BAEC-4644-AF5C-7556961053E2}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{2619B656-BAEC-4644-AF5C-7556961053E2}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain:  Scanned in 00mn 00s
 
 
 
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s
 
 
 
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Liste des services NT non Microsoft et non désactivés (O23)
~ Services: 12 Legitimates Scanned in 00mn 05s
 
 
 
---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
 
 
 
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Tâches planifiées en automatique (O39)
~ IE Control Panel: 8 Legitimates Scanned in 00mn 02s
 
 
 
---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver:  (MpFilter) . (.Microsoft Corporation - Microsoft antimalware file system filter dr.) - C:\Windows\System32\DRIVERS\MpFilter.sys
~ Drivers: 63 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Ventrilo Client - (.Flagship Industries, Inc..) [HKLM][64Bits] -- {789289CA-F73A-4A16-A331-54D498CE069F}
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 64 Legitimates Scanned in 00mn 00s
 
 
 
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitTorrent]
[HKCU\Software\Ventrilo]
[HKLM\Software\Wow6432Node\Software]
~ Key Software: 104 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/03/2013 - 22:37:03 - [0] ----D C:\Program Files (x86)\Software
O43 - CFD: 29/03/2013 - 17:30:49 - [5,471] ----D C:\Program Files (x86)\Ventrilo
O43 - CFD: 05/04/2013 - 22:19:11 - [0,001] ----D C:\Program Files (x86)\VentSrv
O43 - CFD: 29/03/2013 - 22:37:03 - [0] ----D C:\ProgramData\Software
O43 - CFD: 30/03/2013 - 15:09:02 - [1,776] ----D C:\Users\Thibault\AppData\Roaming\uTorrent
O43 - CFD: 29/03/2013 - 17:50:54 - [0,005] ----D C:\Users\Thibault\AppData\Roaming\Ventrilo
O43 - CFD: 29/03/2013 - 17:27:36 - [0] ----D C:\Users\Thibault\AppData\Local\Software
~ Program Folder: 98 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5A962AED8DAA4B083FF2B76E4F2007FA] - 05/04/2013 - 22:24:36 ---A- . (...) -- C:\AdwCleaner[R2].txt   [1024]
O44 - LFC:[MD5.56D17A25DEADE33AF91AF46FA547D2FA] - 05/04/2013 - 21:47:34 ---A- . (...) -- C:\AdwCleaner[S1].txt   [11873]
O44 - LFC:[MD5.C40201815B4963840A0DD8DDA9DB752D] - 05/04/2013 - 21:45:03 ---A- . (...) -- C:\AdwCleaner[R1].txt   [12087]
O44 - LFC:[MD5.0D17AC7F81F6575AAB879DFC98339385] - 05/04/2013 - 20:45:58 ---A- . (...) -- C:\Windows\IE10_main.log   [68650]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 05/04/2013 - 19:12:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf   [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 05/04/2013 - 19:12:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf   [25185]
O44 - LFC:[MD5.8D0944E48D8F8F1FDFE9653A6E155807] - 29/03/2013 - 16:30:49 ---A- . (...) -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini   [268]
O44 - LFC:[MD5.E47DB23A383B953EA7E7D8F6CF1377D7] - 29/03/2013 - 09:25:17 RSHAD . (.Pas de propriétaire - Intel® Manageability Engine Firmware Dynami.) -- C:\Windows\System32\Drivers\IntelMEFWVer.dll   [15128]
O44 - LFC:[MD5.3178007B036609EFB1D4465EE66AC44B] - 29/03/2013 - 09:07:21 ---A- . (...) -- C:\Windows\IE9_main.log   [8767]
O44 - LFC:[MD5.AD281172AAAE5E84B3A0ED58943C628D] - 29/03/2013 - 09:05:58 ---A- . (...) -- C:\Windows\DirectX.log   [199]
O44 - LFC:[MD5.6214D9EE2FB115B78EC261612CE9FA44] - 29/03/2013 - 09:02:27 ---A- . (...) -- C:\Windows\DtcInstall.log   [2790]
O44 - LFC:[MD5.AF698F1704158237D8DECB34FE3CC3E9] - 29/03/2013 - 09:02:26 ---A- . (...) -- C:\Windows\TSSysprep.log   [1355]
O44 - LFC:[MD5.EE49391D201E2A6F185736E11BD625F7] - 26/02/2013 - 00:32:08 ---A- . (...) -- C:\Windows\SysNative\nvinfo.pb   [17266]
O44 - LFC:[MD5.EE49391D201E2A6F185736E11BD625F7] - 26/02/2013 - 00:32:08 RSHAD . (...) -- C:\Windows\System32\nvinfo.pb   [17266]
O44 - LFC:[MD5.E1168203EB1B7A6F220F27BB5682CC16] - 18/01/2013 - 16:00:11 ---A- . (...) -- C:\Windows\SysNative\nvcoproc.bin   [2953448]
O44 - LFC:[MD5.E1168203EB1B7A6F220F27BB5682CC16] - 18/01/2013 - 16:00:11 RSHAD . (...) -- C:\Windows\System32\nvcoproc.bin   [2953448]
O44 - LFC:[MD5.1153AC6E133AA849853DFD407B086B80] - 30/11/2012 - 00:15:43 ---A- . (...) -- C:\Windows\SysNative\locale.nls   [420064]
O44 - LFC:[MD5.1153AC6E133AA849853DFD407B086B80] - 30/11/2012 - 00:15:43 ---A- . (...) -- C:\Windows\System32\locale.nls   [420064]
O44 - LFC:[MD5.646EE25DAF0A743D4473B210AF0AA440] - 03/02/2012 - 11:16:40 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT   [227876]
~ Files: 701 Legitimates Scanned in 00mn 07s
 
 
 
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
~ Drivers:  Scanned in 00mn 00s
 
 
 
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/04/2013 - 08:06:06 ---A- C:\Users\Thibault\Downloads\mbam-setup-1.70.0.1100.exe   [10156344]
O61 - LFC: 05/04/2013 - 08:06:16 ---A- C:\Users\Thibault\Downloads\mbam-setup-1.70.0.1100 (1).exe   [10156344]
O61 - LFC: 05/04/2013 - 17:35:10 ---A- C:\Users\Thibault\Downloads\ZHPDiag2 (1).exe   [5524649]
O61 - LFC: 05/04/2013 - 17:54:25 ---A- C:\Users\Thibault\Downloads\ZHPDiag2 (2).exe   [5524649]
O61 - LFC: 05/04/2013 - 18:34:06 ---A- C:\Users\Thibault\Downloads\ZHPDiag2 (3).exe   [5524649]
O61 - LFC: 05/04/2013 - 21:12:37 ---A- C:\Users\Thibault\Links\Desktop.lnk   [493]
O61 - LFC: 05/04/2013 - 21:12:37 ---A- C:\Users\Thibault\Links\Downloads.lnk   [956]
O61 - LFC: 05/04/2013 - 21:12:37 ---A- C:\Users\Thibault\Links\RecentPlaces.lnk   [383]
O61 - LFC: 05/04/2013 - 21:12:39 ---A- C:\Users\Thibault\AppData\Local\GDIPFONTCACHEV1.DAT   [70688]
O61 - LFC: 05/04/2013 - 21:31:19 ---A- C:\Users\Thibault\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [267550]
O61 - LFC: 05/04/2013 - 21:42:05 ---A- C:\Users\Thibault\Downloads\adwcleaner.exe   [613083]
O61 - LFC: 05/04/2013 - 21:58:44 ---A- C:\Users\Thibault\Downloads\SFT.exe   [843645]
O61 - LFC: 05/04/2013 - 21:58:57 ---A- C:\Users\Thibault\Downloads\Non confirmé 554010.crdownload   [438695]
O61 - LFC: 05/04/2013 - 22:05:35 ---A- C:\Users\Thibault\Downloads\Non confirmé 343386.crdownload   [376028]
O61 - LFC: 05/04/2013 - 22:12:54 ---A- C:\Users\Thibault\Downloads\RogueKillerX64.exe   [791040]
O61 - LFC: 05/04/2013 - 22:27:48 ---A- C:\Users\Thibault\AppData\Roaming\mbam.context.scan   [42]
O61 - LFC: 05/04/2013 - 22:33:27 ---A- C:\Users\Thibault\Downloads\esetsmartinstaller_enu.exe   [2347384]
O61 - LFC: 05/04/2013 - 23:47:44 ---A- C:\Users\Thibault\AppData\Local\Google\Chrome\User Data\Local State   [26337]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 100 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s
 
 
 
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 28/12/2011 - C:\Windows\system32\drivers\afd.sys (AFD)  .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\clfs.sys (CLFS)  .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - 24/08/2012 - C:\Windows\System32\Drivers\cng.sys (CNG)  .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\fvevol.sys (fvevol)  .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy)  .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio)  .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - 14/12/2012 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector)  .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb20)  .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\netbt.sys (NetBT)  .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched)  .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr)  .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv)  .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\vga.sys (VgaSave)  .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\drivers\volsnap.sys (volsnap)  .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\rascfg.dll (Wanarpv6)  .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6
~ Legacy: 107 Legitimates Scanned in 00mn 00s
 
 
 
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys:  Scanned in 00mn 00s
 
 
 
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s
 
 
 
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {BC752150-6C42-4C76-8097-334BA1BD7A89} - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s
 
 
 
---\\ Crack & Keygen Files (O82)
D:\rappatriement ordinateur central\NEW_VOLUME\dl\KeyGen Software License Key Generator 1.1.rar
~ Files:  Scanned in 00mn 22s
 
 
 
---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
 
 
 
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.394EA0490D4A382627D5D3951633DE16] [SPRF][31/12/2010] (.Microsoft Corporation - Windows Setup API.) -- C:\Users\Thibault\AppData\Local\Temp\devcon64.exe   [86880]
[MD5.8E031053C8062A4C1CD36DAB44E78DFB] [SPRF][05/04/2013] (...) -- C:\Users\Thibault\AppData\Local\Temp\dump.dat   [1265664]
[MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF][28/10/2006] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\Thibault\AppData\Local\Temp\ose00000.exe   [145184]
[MD5.C9D180FF94E1970AC08BBD81073ECA89] [SPRF][30/03/2013] (.Orbmu2k - NVIDIA Inspector.) -- C:\Users\Thibault\Desktop\nvidiaInspector.exe   [581632]
~ Files:  Scanned in 00mn 00s
 
 
 
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{968C3BCC-1EAD-4B49-8954-EF633C11F947}C:\program files (x86)\ventsrv\ventrilo_srv.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ventsrv\ventrilo_srv.exe (.not file.)
O87 - FAEL: "UDP Query User{ECC3389A-12D3-468A-9CAE-2C664D61A056}C:\program files (x86)\ventsrv\ventrilo_srv.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ventsrv\ventrilo_srv.exe (.not file.)
O87 - FAEL: "{789D886F-B2A8-4BF2-A4E9-257320491B3A}" | In - Private - P6 - TRUE | .(.Flagship Industries, Inc. - Ventrilo Client Program.) -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe
O87 - FAEL: "{53E74318-1B2C-4EAF-A60E-51CB4E9FF2DF}" | In - Private - P17 - TRUE | .(.Flagship Industries, Inc. - Ventrilo Client Program.) -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe
O87 - FAEL: "{D600CEED-FCD0-4445-87C7-397D2DBE9614}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\torrent\uTorrent.exe
O87 - FAEL: "{A4F59351-6FB4-4866-AD2B-9ACFBE73CAEC}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- D:\torrent\uTorrent.exe
~ Firewall: 215 Legitimates Scanned in 00mn 01s
 
 
 
---\\ Scan Additionnel (O88)
Database Version : v2.11417 - (04/04/2013)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 3
Fichiers trouvés  (Files found) : 0
 
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
C:\Program Files (x86)\Software   =>Adware.Boxore
C:\ProgramData\Software   =>Adware.Boxore
C:\Users\Thibault\AppData\Local\Software   =>Adware.Boxore
~ Additionnel:  Scanned in 00mn 17s
 
 
 
---\\ Product Upgrade Codes (O90)
~ Update Products: 76 Legitimates Scanned in 00mn 00s
 
 
 
j'ai ZHPfix mais je sais pas pour le script 
 
 
pouvez vous m'aider ?
Vous avez résolu votre problème avec VIC ? Faites-le savoir sur les réseaux sociaux !
Vulgarisation-informatique.com
Cours en informatique & tutoriels