clé USB qui crée des raccourcis 2013-11-23T10:33:55+00:00

Dépannage Informatique : clé USB qui crée des raccourcis

  • Auteur
    Messages
  • Estelle27
    Nombre d'articles : 0

    Bonjour,

    Comme beaucoup de personnes, j’ai ma clé USB qui transforme mes fichiers en raccourcis.
    J’ai donc lancé MalwareBytes Anti-Malware et USBfix. Voilà les 2 rapports.

    Merci pour l’aide que vous pourrez m’apporter

    ############################## | UsbFix V 7.152 | [Suppression]

    Utilisateur: Estelle (Administrateur) # ESTELLE-HP
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 01:18:42 | 23/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (1651)
    CPU: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
    RAM -> [Total : 6092 | Free : 4268]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 31.0.1650.57
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Avira Desktop [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 683 Go (341 Go libre(s) – 50%) [] # NTFS
    D: -> Disque fixe # 15 Go (1 Go libre(s) – 9%) [RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> Disque fixe # 466 Go (136 Go libre(s) – 29%) [My Passport] # NTFS
    G: -> Disque amovible # 4 Go (4 Go libre(s) – 98%) [TRANSCEND] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe (ID: 860 |ParentID: 588)
    Stoppé! C:Windowssystem32atiesrxx.exe (ID: 972 |ParentID: 588)
    Stoppé! C:Program FilesIDTWDMSTacSV64.exe (ID: 1040 |ParentID: 588)
    Stoppé! C:Windowssystem32Hpservice.exe (ID: 1372 |ParentID: 588)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 1420 |ParentID: 476)
    Stoppé! C:Windowssystem32atieclxx.exe (ID: 1496 |ParentID: 972)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1732 |ParentID: 588)
    Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1884 |ParentID: 588)
    Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 2020 |ParentID: 588)
    Stoppé! C:Program FilesIDTWDMAESTSr64.exe (ID: 1068 |ParentID: 588)
    Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1220 |ParentID: 588)
    Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1336 |ParentID: 588)
    Stoppé! C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1824 |ParentID: 588)
    Stoppé! C:WindowsSysWOW64bgsvcgen.exe (ID: 2076 |ParentID: 588)
    Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID: 2112 |ParentID: 588)
    Stoppé! C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe (ID: 2168 |ParentID: 588)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (ID: 2292 |ParentID: 588)
    Stoppé! C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 2340 |ParentID: 588)
    Stoppé! C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2416 |ParentID: 588)
    Stoppé! C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2440 |ParentID: 588)
    Stoppé! C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (ID: 2480 |ParentID: 588)
    Stoppé! C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe (ID: 2648 |ParentID: 588)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2716 |ParentID: 588)
    Stoppé! C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (ID: 2740 |ParentID: 588)
    Stoppé! C:Windowssystem32taskhost.exe (ID: 2904 |ParentID: 588)
    Stoppé! C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe (ID: 3016 |ParentID: 588)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3056 |ParentID: 2716)
    Stoppé! C:WindowsExplorer.EXE (ID: 1256 |ParentID: 3004)
    Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 3676 |ParentID: 1220)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID: 4268 |ParentID: 1256)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 4284 |ParentID: 1256)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 4308 |ParentID: 1256)
    Stoppé! C:Program FilesApoint2KApoint.exe (ID: 4348 |ParentID: 1256)
    Stoppé! C:Program FilesIDTWDMsttray64.exe (ID: 4364 |ParentID: 1256)
    Stoppé! C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 4372 |ParentID: 1256)
    Stoppé! C:Program Files (x86)Bluetooth SuiteAthBtTray.exe (ID: 4408 |ParentID: 1256)
    Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 4420 |ParentID: 1256)
    Stoppé! C:WindowsSystem32StikyNot.exe (ID: 4432 |ParentID: 1256)
    Stoppé! C:Program Files (x86)SamsungKiesKies.exe (ID: 4532 |ParentID: 1256)
    Stoppé! C:Program Files (x86)SamsungKiesKiesAirMessage.exe (ID: 4640 |ParentID: 1256)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4692 |ParentID: 588)
    Stoppé! C:Program FilesApoint2KApMsgFwd.exe (ID: 4760 |ParentID: 4348)
    Stoppé! C:Program Files (x86)Common FilesPanasonicPHOTOfunSTUDIO AutoStartAutoStartupService.exe (ID: 4928 |ParentID: 1256)
    Stoppé! C:Program FilesApoint2KApntex.exe (ID: 4964 |ParentID: 4948)
    Stoppé! C:Windowssystem32conhost.exe (ID: 4988 |ParentID: 560)
    Stoppé! C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe (ID: 5072 |ParentID: 1256)
    Stoppé! C:Program FilesMicrosoft OfficeOffice14ONENOTEM.EXE (ID: 5096 |ParentID: 1256)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 3220 |ParentID: 4652)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe (ID: 3140 |ParentID: 4652)
    Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID: 4224 |ParentID: 4652)
    Stoppé! C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe (ID: 1816 |ParentID: 4652)
    Stoppé! C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID: 4232 |ParentID: 4652)
    Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID: 4132 |ParentID: 588)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe (ID: 4844 |ParentID: 4652)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (ID: 1176 |ParentID: 4652)
    Stoppé! C:Program Files (x86)iTunesiTunesHelper.exe (ID: 4252 |ParentID: 4652)
    Stoppé! C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe (ID: 4124 |ParentID: 4652)
    Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 4196 |ParentID: 4652)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 5244 |ParentID: 544)
    Stoppé! C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (ID: 5480 |ParentID: 5244)
    Stoppé! C:Program FilesiPodbiniPodService.exe (ID: 5644 |ParentID: 588)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 6040 |ParentID: 588)
    Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3196 |ParentID: 4048)
    Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 3124 |ParentID: 588)
    Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 5252 |ParentID: 3196)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID: 3880 |ParentID: 588)
    Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 5180 |ParentID: 588)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5524 |ParentID: 588)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 6124 |ParentID: 588)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 6916 |ParentID: 588)
    Stoppé! C:Program Files (x86)HP SimplePass 2011TouchControl.exe (ID: 6380 |ParentID: 860)
    Stoppé! C:Program Files (x86)HP SimplePass 2011BioMonitor.exe (ID: 6160 |ParentID: 772)
    Stoppé! C:Windowssystem32taskhost.exe (ID: 3972 |ParentID: 588)
    Stoppé! C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (ID: 7320 |ParentID: 772)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7444 |ParentID: 476)
    Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4492 |ParentID: 1256)
    Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 5388 |ParentID: 4492)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 6540 |ParentID: 5388)
    Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe (ID: 7720 |ParentID: 6540)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [] –
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
    04 – HKLMSOFTWARE | Run : [WD Drive Unlocker] – C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe
    04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    04 – HKLMSOFTWARE | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWARE | Run : [WD Quick View] – C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [] –
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
    04 – HKLMSOFTWAREwow6432Node | Run : [WD Drive Unlocker] – C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [HPOSD] – C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
    04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [WD Quick View] – C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [EA Core] – “C:Program Files (x86)Electronic ArtsEADMCore.exe” -silent
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [MobileDocuments] – C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe Run
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [cacaoweb] – “C:UsersEstelleAppDataRoamingcacaowebcacaoweb.exe” -noplayer
    04 – HKUS-1-5-21-3579483987-74944699-2884554317-1000SOFTWARE | Run : [Bubble Dock] – “C:UsersEstelleAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Supprimé! D:uninstall.exe
    Supprimé! G:Base avocat1.lnk
    Supprimé! D:desktop.ini
    Supprimé! G:iTunesHelper.vbe

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : 44DC14692C600A9ED93BA3A353BDC7B8 -> G:iTunesHelper.vbe

    ################## | Comparaison MD5 |

    ################## | Registre |

    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
    Supprimé! HKUS-1-5-21-3579483987-74944699-2884554317-1000Software….Mountpoints2F
    Supprimé! HKUS-1-5-21-3579483987-74944699-2884554317-1000Software….Mountpoints2{76685295-0654-11e2-994a-68a3c4f624a2}

    ################## | Listing |

    [26/02/2012 – 13:25:03 | SHD ] C:$Recycle.Bin
    [24/08/2011 – 15:16:11 | N | 2006] C:aqua_bitmap.cpp
    [07/04/2011 – 19:53:43 | SHD ] C:boot
    [21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
    [15/11/2013 – 11:03:42 | SHD ] C:Config.Msi
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [22/11/2013 – 19:41:18 | ASH | 4790833152] C:hiberfil.sys
    [17/06/2011 – 23:52:27 | D ] C:HP
    [17/06/2011 – 23:38:03 | D ] C:Intel
    [13/07/2013 – 22:04:54 | D ] C:Kreapixel
    [07/09/2011 – 13:19:43 | RHD ] C:MSOCache
    [10/09/2013 – 18:21:23 | D ] C:opticon_driver
    [22/11/2013 – 19:41:22 | ASH | 6387777536] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [10/09/2013 – 18:22:08 | D ] C:Program Files
    [19/11/2013 – 08:01:51 | D ] C:Program Files (x86)
    [19/11/2013 – 08:01:51 | HD ] C:ProgramData
    [24/08/2011 – 11:11:10 | SHD ] C:Recovery
    [25/05/2013 – 12:28:02 | D ] C:SWSetup
    [19/11/2013 – 17:50:16 | SHD ] C:System Volume Information
    [24/08/2011 – 11:11:16 | D ] C:SYSTEM.SAV
    [24/05/2013 – 21:57:28 | D ] C:Temp
    [29/08/2011 – 14:23:53 | D ] C:TVO
    [23/11/2013 – 01:26:12 | D ] C:UsbFix
    [23/11/2013 – 01:26:15 | A | 15992] C:UsbFix [Clean 2] ESTELLE-HP.txt
    [31/12/2011 – 13:07:57 | N | 237] C:user.js
    [24/08/2011 – 11:10:17 | RD ] C:Users
    [20/09/2013 – 08:56:51 | D ] C:Windows
    [24/08/2011 – 11:12:18 | SHD ] D:$RECYCLE.BIN
    [15/06/2011 – 12:04:34 | N | 10124] D:21_pro.png
    [06/06/2011 – 20:07:12 | N | 23105] D:58tuto02.jpg
    [19/02/2004 – 01:14:16 | N | 1719] D:about.html
    [27/08/2011 – 13:48:20 | N | 12946] D:basis.xml
    [14/05/2011 – 12:48:34 | N | 12156] D:bookmark_256.png
    [24/08/2011 – 11:12:15 | RASHD ] D:boot
    [14/07/2009 – 19:39:00 | RASH | 383562] D:bootmgr
    [09/10/2006 – 15:07:00 | N | 56374] D:ButtonHuge.bmp
    [12/11/2006 – 14:42:02 | N | 165942] D:ButtonHuge24.bmp
    [15/06/2011 – 12:10:24 | N | 3313] D:c1.png
    [15/06/2011 – 12:10:38 | N | 3143] D:c2.png
    [09/08/2011 – 13:54:12 | N | 18486] D:demo_logo.bmp
    [09/08/2011 – 13:54:12 | N | 4662] D:demo_logo.bmp_16.bmp
    [15/06/2011 – 12:08:06 | N | 3842] D:dice.png
    [19/02/2004 – 01:14:16 | N | 519] D:error.html
    [09/08/2011 – 00:25:44 | N | 1147] D:facebook.png
    [15/06/2011 – 00:37:44 | N | 1086] D:facebooklay.png
    [24/08/2011 – 11:12:15 | D ] D:FactoryUpdate
    [27/08/2011 – 10:46:15 | N | 97566] D:favicon.ico
    [22/08/2011 – 18:44:52 | N | 1996] D:fb.png
    [25/08/2011 – 17:52:28 | N | 2093] D:football.png
    [25/08/2011 – 17:49:02 | N | 1763] D:gaming_pad (1).png
    [22/08/2011 – 17:58:24 | N | 3267] D:gaming_pad.png
    [09/08/2011 – 00:27:46 | N | 4473] D:google_youtube.png
    [24/08/2011 – 11:12:15 | D ] D:hp
    [23/01/2012 – 17:01:02 | N | 20] D:HPSF_Rep.txt
    [15/11/2012 – 14:33:28 | N | 8] D:HP_WSD.dat
    [19/02/2004 – 01:14:16 | N | 96822] D:icons.bmp
    [11/06/2011 – 20:27:32 | N | 1524] D:icon_news.jpg
    [15/06/2011 – 12:05:32 | N | 3883] D:kpat.png
    [15/06/2011 – 12:06:24 | N | 4429] D:kpat2.png
    [15/06/2011 – 11:39:46 | N | 3307] D:label_new_blue.png
    [15/06/2011 – 11:39:32 | N | 3565] D:label_new_red.png
    [13/06/2011 – 21:27:40 | N | 2482] D:littlelogo.png
    [22/08/2011 – 18:07:56 | N | 1836] D:little_tv (1).png
    [22/08/2011 – 18:07:16 | N | 3476] D:little_tv.png
    [25/08/2011 – 14:19:14 | N | 15606] D:log.bmp
    [24/08/2011 – 16:36:16 | N | 6966] D:log.bmp_24.bmp
    [09/08/2011 – 14:18:16 | N | 8214] D:log.bmp_30.bmp
    [24/08/2011 – 16:37:28 | N | 12342] D:log.bmp_32.bmp
    [24/08/2011 – 16:35:14 | N | 50754] D:log.bmp_65.bmp
    [24/08/2011 – 16:35:40 | N | 76854] D:log.bmp_80.bmp
    [25/08/2011 – 14:19:14 | N | 86754] D:log.bmp_85.bmp
    [24/08/2011 – 16:37:48 | N | 97254] D:log.bmp_90.bmp
    [08/08/2011 – 17:49:44 | N | 2780] D:logotool.png
    [22/08/2011 – 18:39:56 | N | 6269] D:logotoolbar.png
    [24/08/2011 – 16:40:40 | N | 3990] D:logotooool.png
    [08/08/2011 – 17:54:30 | N | 1590] D:loupe.png
    [07/09/2006 – 16:49:26 | N | 43702] D:Master.bmp
    [23/05/2011 – 21:40:36 | N | 8616] D:megaupload.png
    [08/08/2011 – 23:47:58 | N | 1738] D:meteo.png
    [09/08/2011 – 00:48:58 | N | 1346] D:money.png
    [25/08/2011 – 17:49:38 | N | 1710] D:movie.png
    [15/06/2011 – 12:14:32 | N | 2856] D:movies.png
    [15/06/2011 – 12:09:44 | N | 3592] D:p1.png
    [15/06/2011 – 12:09:58 | N | 3220] D:p2.png
    [09/08/2011 – 00:53:42 | N | 1277] D:play.png
    [24/08/2011 – 11:12:15 | RSHD ] D:preload
    [24/08/2011 – 16:39:12 | N | 1707] D:rechercherh.png
    [24/08/2011 – 11:12:15 | RSD ] D:recovery
    [15/06/2011 – 01:00:46 | N | 1112] D:refre.png
    [15/06/2011 – 01:00:18 | N | 2273] D:refresh.png
    [24/08/2011 – 11:12:15 | D ] D:RM_Reserve
    [23/05/2011 – 22:45:28 | N | 3669] D:search_button_format_bing.png
    [27/08/2011 – 13:48:30 | N | 1052] D:seeearch.crc
    [09/08/2011 – 00:56:24 | N | 2891] D:sims2_1.png
    [08/08/2011 – 23:39:08 | N | 5893] D:social_youtube.png
    [29/08/2007 – 13:52:58 | N | 488] D:start.html
    [15/06/2011 – 00:28:38 | N | 2611] D:STREAM1.png
    [15/06/2011 – 00:31:36 | N | 2642] D:STREAM2.png
    [19/11/2013 – 17:50:16 | SHD ] D:System Volume Information
    [03/09/2007 – 17:54:22 | N | 323584] D:tbhelper.dll
    [25/08/2011 – 17:50:08 | N | 2115] D:tv.png
    [15/06/2011 – 00:52:58 | N | 1086] D:tweet.png
    [22/08/2011 – 18:45:14 | N | 2110] D:twii.png
    [09/08/2011 – 00:26:10 | N | 1265] D:twitter.png
    [15/06/2011 – 12:14:54 | N | 2786] D:v1.png
    [15/06/2011 – 12:15:08 | N | 2380] D:v2.png
    [27/08/2011 – 10:46:15 | N | 40] D:version.txt
    [08/08/2011 – 23:43:18 | N | 1555] D:video.png
    [15/06/2011 – 00:57:30 | N | 893] D:weather.png
    [22/08/2011 – 18:45:26 | N | 1866] D:you.png
    [09/08/2011 – 00:28:40 | N | 2195] D:youtube (1).png
    [09/08/2011 – 00:28:12 | N | 1107] D:youtube.png
    [31/12/2012 – 15:45:48 | SHD ] F:$RECYCLE.BIN
    [12/10/2008 – 04:42:36 | N | 734906368] F:1965 James Bond Thunderball.avi
    [14/12/2008 – 00:54:20 | N | 725242088] F:1976 Taxi Driver – Martin Scorses.avi
    [12/10/2008 – 03:15:56 | N | 757753856] F:1983 Un fauteuil pour deux – John Landis.avi
    [12/10/2008 – 00:50:10 | N | 736268288] F:1985 La Couleur Pourpre – Steven Spielberg.avi
    [11/11/2008 – 07:59:00 | N | 731551744] F:1985 Les Goonies – Richard Donner.avi
    [15/11/2008 – 22:07:52 | N | 731378870] F:1985 Subway – Luc Besson.avi
    [10/11/2008 – 03:38:30 | N | 799203328] F:1986 Le Maitre De Guerre – Clint Eastwood – FR.avi
    [13/06/2010 – 03:51:34 | N | 1492258816] F:1986 Out of Africa – Robert Redford .avi
    [15/11/2008 – 15:34:36 | N | 725630976] F:1986 Top Gun – Tony Scott.avi
    [09/11/2008 – 13:05:40 | N | 732112896] F:1988 Hairspray – John Waters.avi
    [13/10/2008 – 17:36:18 | N | 733997056] F:1992 Conte d’hiver – Eric Rohmer.avi
    [12/06/2010 – 04:02:10 | N | 735504384] F:1992 Cuisine Et Dépendance – Philippe Muyl.avi
    [15/11/2008 – 02:10:34 | N | 736581632] F:1992 Singles – Cameron Crowe.avi
    [08/04/2011 – 11:10:46 | N | 749182976] F:1993 L’odeur De La Papaye Verte – Tran Anh Hung VOST.avi
    [12/10/2008 – 04:55:10 | N | 731412480] F:1993 Le Temps De L’innocence – Martin Scorsese.avi
    [10/11/2008 – 05:18:26 | N | 738746368] F:1993 Meurtre Mysterieux A Manhattan – Woody Allen Vost Fr.avi
    [10/10/2008 – 06:42:48 | N | 735084544] F:1994 L’impasse – Brian De Palma.avi
    [11/11/2008 – 17:38:24 | N | 734085120] F:1994 Muriel’s Wedding – P.J. Hogan.avi
    [13/11/2008 – 00:35:22 | N | 731360812] F:1994 Quatre mariages et un enterrement – Mike Newell.avi
    [11/11/2008 – 20:10:34 | N | 735117312] F:1995 Bienvenue dans l’age ingrat (Welcome to the Dollhouse) – Todd Solondz Vost.avi
    [11/11/2008 – 16:53:04 | N | 705200128] F:1995 Leaving Las Vegas – Mike Figgis.AVI
    [13/11/2008 – 07:47:46 | N | 1455339520] F:1995 Nixon – Oliver Stone.avi
    [10/11/2008 – 09:53:32 | N | 735057920] F:1995 Petits Meurtres Entre Amis – Danny Boyle.avi
    [10/10/2008 – 12:49:38 | N | 730984184] F:1995 Sur la Route de Madison – Clint Eastwood.avi
    [16/11/2008 – 01:51:04 | N | 736024576] F:1995 Usual Suspect – Bryan Singer.avi
    [13/10/2008 – 19:11:26 | N | 734009344] F:1996 conte d’ete – eric.rohmer.avi
    [10/10/2008 – 11:37:28 | N | 731072512] F:1997 Jackie Brown – Quentin Tarantino.avi
    [09/10/2008 – 18:20:38 | N | 1457764352] F:1997 La ligne verte Franck Daranbon.avi
    [15/11/2008 – 22:14:08 | N | 731961850] F:1997 Le Cinquième Element – Luc Besson.avi
    [11/11/2008 – 10:44:24 | N | 733106176] F:1997 The Game – David Fincher.avi
    [15/11/2008 – 18:23:02 | N | 772274176] F:1997 Tout le Monde Dit I Love You – Woody Allen – Vost.avi
    [19/10/2008 – 15:37:02 | N | 1370088234] F:1998 Conte d’automne – Eric Rohmer.avi
    [10/10/2008 – 07:27:52 | N | 739042304] F:1998 L’homme qui murmurait a l’oreille des chevaux – Robert Redford.avi
    [10/10/2008 – 21:47:52 | N | 724367360] F:1999 Le Talentueux Mr Ripley – Anthony Minghella.avi
    [10/10/2008 – 08:16:18 | N | 743622144] F:1999 Tout Sur Ma Mère – Pedro.Almodovar.avi
    [11/10/2008 – 03:03:06 | N | 734402918] F:1999 Un Plan Simple – Sam Raimi.avi
    [30/05/2008 – 09:17:50 | N | 733954048] F:2001 Le Fabuleux Destin d’amelie Poulain.avi
    [08/10/2008 – 21:56:12 | N | 734932992] F:2002 Bloody Sunday.avi
    [10/10/2008 – 10:47:14 | N | 828805120] F:2003 Big Fish – Tim Burton.avi
    [25/07/2010 – 10:15:22 | N | 732358656] F:2003 L’effet papillon – Eric Bress.avi
    [10/11/2008 – 03:49:16 | N | 735612068] F:2003 La Vie Et Tout Le Reste – Woody Allen – Fr.avi
    [13/10/2008 – 02:04:40 | N | 737447936] F:2004 A History of Violence.avi
    [06/10/2008 – 09:06:52 | N | 734388224] F:2004 A Tout de Suite – Benoit Jacquot.avi
    [10/10/2008 – 15:54:28 | N | 731207936] F:2004 Collateral Fr.avi
    [10/10/2008 – 11:22:32 | N | 738096166] F:2004 Collision.avi
    [25/07/2010 – 01:03:36 | N | 746315776] F:2004 Eternal sunshine of the spotless mind – Michel Gondry.avi
    [07/10/2004 – 18:02:34 | N | 542756864] F:2004 Farenheit 9 11 – Michael Moore.avi
    [27/07/2008 – 11:01:20 | N | 728714480] F:2004 Mystic River Clin Eastwood.avi
    [10/10/2008 – 18:59:56 | N | 733181122] F:2004 Retour À Cold Mountain – Anthony Minghella.avi
    [15/07/2008 – 01:34:36 | N | 731039744] F:2005 Les poupees russes.avi
    [05/10/2008 – 18:50:16 | N | 732583936] F:2005 Va Vis et Deviens Radu Mihaileanu.avi
    [25/07/2010 – 02:27:24 | N | 732811264] F:2006 Black Book – Paul Verhoeven.avi
    [26/07/2010 – 20:36:46 | N | 734040064] F:2006 Blood Diamond – Edward Zwick.avi
    [25/12/2008 – 08:58:10 | N | 733655040] F:2006 Lady Chatterley – Pascale Ferran.avi
    [03/06/2007 – 03:16:32 | N | 1467834368] F:2006 Pirates des caraibes Le secret du coffre maudit.AVI
    [05/10/2008 – 20:27:08 | N | 734871478] F:2007 Je vais bien ne t’en fait pas – Philippe Lioret.avi
    [23/07/2010 – 17:50:30 | N | 731881472] F:2007 No Country For Old Men – Frères Cohen.avi
    [24/11/2008 – 00:40:04 | N | 731383808] F:2007 Persepolis – dessins animés.avi
    [19/07/2008 – 21:44:26 | N | 1458599936] F:2007 Pirates des Caraïbes 3 ‘Jusqu’au bout du Monde’.avi
    [24/01/2010 – 22:16:30 | N | 722792448] F:2008 A bord du Darjeeling- limited – Wes Anderson.avi
    [23/07/2010 – 03:21:42 | N | 735172608] F:2008 Le premier jour du reste de ta vie – Rémi Bezançon.avi
    [01/04/2009 – 17:15:18 | N | 731467776] F:2008 Paris – Klapisch.CD1.avi
    [01/04/2009 – 20:38:08 | N | 731856896] F:2008 Paris – Klapisch.CD2.avi
    [24/01/2010 – 01:57:48 | N | 728854528] F:2008 Seraphine – Provost Martin.avi
    [24/01/2010 – 01:32:22 | N | 733822976] F:2008 There Will Be Blood – Paul Thomas Anderson.avi
    [27/06/2012 – 05:37:42 | D ] F:Extras
    [27/06/2012 – 05:37:42 | D ] F:Locale
    [27/06/2012 – 05:37:42 | D ] F:My Passport Apps for Mac
    [29/12/2012 – 15:13:43 | D ] F:Patricia
    [22/12/2012 – 13:07:43 | SHD ] F:System Volume Information
    [27/06/2012 – 05:37:46 | D ] F:User Manuals
    [27/06/2012 – 05:37:50 | D ] F:WD Apps for Windows
    [12/04/2012 – 01:13:19 | N | 4207520] F:WD Apps Setup.exe
    [22/12/2012 – 13:50:20 | D ] F:WD SmartWare.swstor
    [22/11/2013 – 18:26:30 | N | 749568] G:Base avocat1.accdb
    [22/11/2013 – 17:41:08 | N | 64] G:Base avocat1.laccdb

    ################## | Vaccin |

    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    Quand j’ai allumé mon ordinateur ce matin, j’ai eu un truc CHRDSK (je ne me rappelle plus exactement du nom) avec 3 étapes. Je sais pas si ça vous parle… siffle

    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.11.23.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Estelle :: ESTELLE-HP [administrateur]

    23/11/2013 08:51:34
    mbam-log-2013-11-23 (08-51-34).txt

    Type d’examen: Examen complet (C:|D:|F:|G:|)
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 568898
    Temps écoulé: 2 heure(s), 29 minute(s), 55 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 2
    HKCUSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 3
    HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Bubble Dock (PUP.Optional.BubbleDock.A) -> Données: “C:UsersEstelleAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Données: {2B31BE13-C3A9-11E1-B3B6-68A3C4F624A2} -> Mis en quarantaine et supprimé avec succès.
    HKLMSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Données: {2B31BE13-C3A9-11E1-B3B6-68A3C4F624A2} -> Mis en quarantaine et supprimé avec succès.

    Elément(s) de données du Registre détecté(s): 1
    HKCUSOFTWAREPoliciesMicrosoftInternet Explorercontrol panel|HomePage (PUM.Hijack.HomePageControl) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

    Dossier(s) détecté(s): 1
    C:UsersEstelleAppDataRoamingBabylon (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.

    Fichier(s) détecté(s): 4
    C:Program Files (x86)MaxTVCommonhstart.exe (PUP.HiddenStart.H) -> Mis en quarantaine et supprimé avec succès.
    C:UsersEstelleDocumentsEstelleest.durandLogicielsmini-KMS_Activator_v1.052mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Mis en quarantaine et supprimé avec succès.
    C:WindowsInstaller38456e.msi (PUP.HiddenStart.H) -> Mis en quarantaine et supprimé avec succès.
    C:UsersEstelleAppDataRoamingBabylonlog_file.txt (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.

    (fin)

  • lilidurhone
    Nombre d'articles : 0

    Hello

    C’est moi qui vais te prendre en charge 😉

    Quand j’ai allumé mon ordinateur ce matin, j’ai eu un truc CHRDSK (je ne me rappelle plus exactement du nom) avec 3 étapes. Je sais pas si ça vous parle… siffle

    Oui c’est un checkdisc cela veut dire que windows a réparé certains secteurs défectueux 😉

    Nous allons réalisé un diagnostic

    Téléchargez et enregistrez ZHPDiag => https://www.sosvirus.net/telecharger/zhpdiag/” onclick=”window.open(this.href);return false; sur votre ordinateur.
    Cliquez ensuite sur le fichier téléchargé pour exécuter l’installation du logiciel.
    Laissez vous guider lors de l’installation en laissant les réglages par défaut, n’oubliez pas de cocher la case “raccourci bureau“.
    Suite à ces actions, deux raccourcis bureau sont présents. (ZHPFix, ZHPDiag)

    Pour exécuter une analyse compléte, cliquez sur l’icône bureau “ZHPDiag” représentant un “parchemin“.
    Dans l’interface du logiciel, cliquez sur le bouton “Configurer” pour accéder aux réglages.
    Cliquez ensuite sur bouton “Loupe +” en bas à gauche, pour lancer un Diagnostic Full options

    L’analyse s’effectue, patientez quelques minutes pendant le travail de l’outil indiqué par “Traitement en cours…”.

    Il arrive parfois que le programme affiche un message “Ne répond pas“, attendez qu’il le fasse.
    Le blocage étant le plus souvent “temporaire”…patientez

    A l’issue de l’analyse le rapport va s’ouvrir dans le bloc note
    Vous pouvez poster ce rapport par copier/coller et fermer le programme.
    Le rapport ZHPDiag.txt sera aussi sur votre bureau.
    En cas de nécessité, il est sauvegardé dans C:UsernomxxxAppDataRoamingZHPZHPDiag.txt

    Rappel pour poster par copier/coller

    Vérifier dans le bloc notes (Notepad) > Format , que “Retour automatique à la ligne” soit décoché.
    Mettre le curseur de la souris sur le rapport ouvert
    Appuyer simultanément sur les touches CTRL et A pour tout sélectionner (surligné en bleu en général) et relâcher les touches.
    Appuyer simultanément sur les touches CTRL et C pour copier le contenu du rapport dans le presse-papier de Windows et relâcher les touches.
    Ouvrir une réponse dans votre sujet sur le forum qui vous aide ou en créer un, y pointer le curseur de la souris.
    Appuyer simultanément sur les touches CTRL et V pour coller le contenu du presse-papier.

    Si le rapport est trop lourd alors hébergez le afin d’y accéder => https://antimalware.top/” onclick=”window.open(this.href);return false;

  • Estelle27
    Nombre d'articles : 0

    Merci

    Voilà le rapport. En tous cas lancer Malwarebytes n’a pas fait de mal vu tout ce qu’il a détecté.

    ~ Rapport de ZHPDiag v2013.11.22.46 – Nicolas Coolman (22/11/2013)
    ~ Lancé par Estelle (23/11/2013 16:11:59)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC):

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 25.0.1 (Defaut)
    GCIE: Google Chrome v31.0.1650.57

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 0
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Avira Free Antivirus v13.0.0.4042
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 6091 MB (65% free)
    System Restore: Activé (Enable)
    System drive C: has 344 GB (50%) free of 683 GB

    —\ Mode de connexion au système
    ~ Computer Name: ESTELLE-HP
    ~ User Name: Estelle
    ~ All Users Names: HomeGroupUser$, Estelle, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersEstelleAppDataRoamingZHP
    ~ %AppData% : C:UsersEstelleAppDataRoaming
    ~ %Desktop% : C:UsersEstelleDesktop
    ~ %Favorites% : C:UsersEstelleFavorites
    ~ %LocalAppData% : C:UsersEstelleAppDataLocal
    ~ %StartMenu% : C:UsersEstelleAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 344 Go of 683 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 15 Go)
    E: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Internet Extensions for Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/31168
    ~ Mes musiques (My Musics) : 3/8074
    ~ Mes Videos (My Videos) : 1/140
    ~ Mes Favoris (My Favorites) : 1/20
    ~ Mes Documents (My Documents) : 1/11758
    ~ Mon Bureau (My Desktop) : 1/8
    ~ Menu demarrer (Programs) : 1/40
    ~ Hidden Files: Scanned in 00mn 24s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.3708]
    [MD5.2CF497C586D50F7D402BEC33156E0AF4] – (.HP – TouchControl.) — C:Program Files (x86)HP SimplePass 2011TouchControl.exe [642888] [PID.3928]
    [MD5.7D6D810C7A6B7A37F9F61687AFC5F9A0] – (.HP – BioMonitor.) — C:Program Files (x86)HP SimplePass 2011BioMonitor.exe [142664] [PID.3948]
    [MD5.801F7511D25FDDB3544BD724A8D775C2] – (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe [1564528] [PID.4512]
    [MD5.760ACD103FFB86AD65DC41CDEB08ABCF] – (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe [578560] [PID.4704]
    [MD5.19A12C6577311463640FE8216D645803] – (.Panasonic Corporation – AutoStartService.) — C:Program Files (x86)Common FilesPanasonicPHOTOfunSTUDIO AutoStartAutoStartupService.exe [172544] [PID.4784]
    [MD5.B35614C0A2E4A89CCEBD7AB6EF18DBAA] – (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper.) — C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe [977408] [PID.5020]
    [MD5.F96C73D7D525174B80CFD865A5D7E083] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.1148]
    [MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1343904] [PID.4892]
    [MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe [347192] [PID.5008]
    [MD5.610FA1C3EBDD079C86C32EEF213733FC] – (.Western Digital – WD Drive Auto Unlock.) — C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe [1687968] [PID.1184]
    [MD5.6ED26E255607F4BA8812E62E496C35ED] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe [311152] [PID.4276]
    [MD5.BC6390A6736A5F4A048AC75168DD7869] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [574008] [PID.4872]
    [MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.4364]
    [MD5.A9F9D081518AC03A51C1195986076F42] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.5228]
    [MD5.31E3CDEABD9F89AED78C08A391D6A7D2] – (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe [5537136] [PID.5320]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.5412]
    [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program Files (x86)CyberLinkYouCamYCMMirage.exe [136488] [PID.5244]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.5252]
    [MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.2488]
    [MD5.CEED3CE0035F55A08EEEC34B5804723C] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.3764]
    [MD5.06BC146E6C2E881A7235A142BA877B82] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8262144] [PID.2972]
    [MD5.2074A85A6B8F84A5A9C60B915B465FAF] – (.HP – HP Service.) — C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe [265544] [PID.840]
    [MD5.8769E2D1072B62AB071F166F03B3E3DC] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program Files (x86)AviraAntiVir Desktopsched.exe [84024] [PID.1880]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2016]
    [MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program Files (x86)AviraAntiVir Desktopavguard.exe [108088] [PID.1268]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.1320]
    [MD5.ACC9C8C560C567FAD6F79C977AB2EA09] – (.B.H.A Corporation – B’s Recorder GOLD Service Library.) — C:WindowsSysWOW64bgsvcgen.exe [145504] [PID.2060]
    [MD5.491CE9B6321FB74E4B37AF2C47F98434] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [26680] [PID.2320]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2380]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2400]
    [MD5.A1688A4FB2EC49D040C027EF6DC7A87B] – (.pdfforge GbR – PDF Architect Helper Service.) — C:Program Files (x86)PDF ArchitectHelperService.exe [1324104] [PID.2436]
    [MD5.E23FF9B2F8EEAB2BDDA681C21C48E843] – (.pdfforge GbR – PDF Architect Conversion Service.) — C:Program Files (x86)PDF ArchitectConversionService.exe [795208] [PID.2476]
    [MD5.74610A05087FC64150ECCE327E09AC5B] – (.Western Digital Technologies, Inc. – WD Drive Service.) — C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe [270704] [PID.2728]
    [MD5.28B051B78471FC290C1790623D5908E1] – (.Atheros – Atheros Coex Service Application.) — C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe [158880] [PID.2812]
    [MD5.DEE16AB97AFB535329D0D0BE3F5929CE] – (.Western Digital Technologies, Inc. – WD Backup Engine.) — C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe [1042808] [PID.2868]
    [MD5.E79A8E33BD136D14BAE1FA20EB2EF124] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.3716]
    [MD5.C463A25F01C6237295917417C5E9E344] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.2724]
    [MD5.3A1ECEF8D49FC1A786A6CCD5A86A8878] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.3924]
    [MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1001376] [PID.5260]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
    ~ Google Browser: 16 Legitimates Filtered in 00mn 01s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultprefs.js
    M3 – MFPP: Plugins – [Estelle] — C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultsearchpluginssweetim.xml =>PUP.SweetIM
    M3 – MFPP: Plugins – [Estelle] — C:Program Files (x86)Mozilla FireFoxsearchpluginsbabylon.xml =>PUP.Babylon
    ~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.babylon.com” onclick=”window.open(this.href);return false; =>PUP.Babylon
    R0 – HKCUSOFTWAREPoliciesMicrosoftInternet ExplorerMain,Start Page = http://seeearch.com” onclick=”window.open(this.href);return false; =>PUP.StartSearch
    ~ IE Browser: 16 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation – Windows 7 Upgrade Advisor.) — C:Program Files (x86)Microsoft Windows 7 Upgrade AdvisorWindowsUpgradeAdvisor.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Estelle]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Estelle]: hpDST.lnk . (.Hewlett-Packard Company – Setup Manager.) — C:Program Files (x86)Hewlett-PackardSetup ManagerhpDST.exe
    O4 – GSTaskBar [Estelle]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Estelle]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Estelle]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSendTo [Estelle]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote.) — C:Program Files (x86)EvernoteEvernoteEvernote.exe
    O4 – GSDesktop [Estelle]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [Estelle]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    ~ Global Startup: 74 Legitimates Filtered in 00mn 05s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: PHOTOfunSTUDIO 5.1 HD Edition.lnk . (.Panasonic Corporation – AutoStartService.) — C:Program Files (x86)Common FilesPanasonicPHOTOfunSTUDIO AutoStartAutoStartupService.exe
    O4 – GSStartup [Estelle]: EvernoteClipper.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper.) — C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe
    O4 – GSStartup [Estelle]: OneNote 2010 – Capture d’écran et lancement.lnk . (…) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe (.not file.)
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [Apoint] . (.Alps Electric Co., Ltd. – Alps Pointing-device Driver.) — C:Program FilesApoint2KApoint.exe
    O4 – HKLM..Run: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program FilesMicrosoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio TPE.) — C:Program FilesIDTWDMsttray64.exe
    O4 – HKLM..Run: [AtherosBtStack] . (.Atheros Communications – Serveur Stack Bluetooth.) — C:Program Files (x86)Bluetooth SuiteBtvStack.exe
    O4 – HKLM..Run: [AthBtTray] . (.Atheros Commnucations – Bluetooth Tray.) — C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
    O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
    O4 – HKCU..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
    O4 – HKCU..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe
    O4 – HKCU..Run: [cacaoweb] C:UsersEstelleAppDataRoamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe
    O4 – HKLM..Wow6432NodeRun: [WD Drive Unlocker] . (.Western Digital – WD Drive Auto Unlock.) — C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe =>.Western Digital Technologies
    O4 – HKLM..Wow6432NodeRun: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [WD Quick View] . (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe =>.Western Digital Technologies
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [cacaoweb] C:UsersEstelleAppDataRoamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~4Office14ONBttnIE.dll (.not file.)
    O9 – Extra button: Send by Bluetooth to [64Bits] – {7815BE26-237D-41A8-A98F-F7BD75F71086} — Clé orpheline
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~4Office14ONBTTN~1.dll (.not file.)
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Site dans la Zone de confiance d’Internet Explorer (O15)
    O15 – Trusted Zone: [HKCU…Domainswww] http.consoclicker.com
    ~ IE Zone Confiance: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCCSServicesTcpip..{3D254152-1864-44F7-9B83-7D627BABEED1}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCS1ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{3D254152-1864-44F7-9B83-7D627BABEED1}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCS2ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCS2ServicesTcpip..{3D254152-1864-44F7-9B83-7D627BABEED1}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksAutoKMS.job [204]
    [MD5.00000000000000000000000000000000] [APT] [AutoKMS] (…) — C:WindowsAutoKMS.exe (.not file.) [0] =>Trojan.Keygen
    [MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (…) — C:Program Files (x86)GoforFilesGFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
    [MD5.00000000000000000000000000000000] [APT] [{9DE9C10B-ACFE-4B05-A85A-4CA63335C2DC}] (…) — C:UsersEstelleDownloadssetup_MBPDualFinance.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{DDD62423-E81B-441D-AE4C-A397FFE8DE58}] (…) — C:UsersEstelleDownloadsdotnetfx3setup.exe (.not file.) [0]
    ~ Scheduled Task: 27 Legitimates Filtered in 00mn 09s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwareYahooPartnerToolbar]
    [HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
    [HKCUSoftwarefreeTVRadio] =>Adware.SPointer
    [HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
    [HKLMSoftwareWow6432NodeBabylon] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeSimplyGen] =>Adware.PredictAd
    ~ Key Software: 236 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 29/08/2011 – 14:42:56 – [0,454] —-D C:Program Files (x86)freeTVRadio =>Adware.SPointer
    O43 – CFD: 21/11/2012 – 20:51:48 – [4,369] —-D C:Program Files (x86)MBP
    O43 – CFD: 31/12/2011 – 13:07:43 – [0] —-D C:ProgramDataBabylon =>PUP.Babylon
    O43 – CFD: 01/07/2012 – 19:18:24 – [1,069] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 01/07/2012 – 19:18:24 – [0] —-D C:ProgramDataPremium
    O43 – CFD: 29/08/2011 – 14:41:00 – [0,001] —-D C:UsersEstelleAppDataRoamingfreeTVRadio =>Adware.SPointer
    O43 – CFD: 11/05/2013 – 17:55:31 – [4,696] —-D C:UsersEstelleAppDataRoamingPanel+ =>Toolbar.Ipsos
    O43 – CFD: 31/12/2011 – 13:07:45 – [3,744] —-D C:UsersEstelleAppDataLocalBabylon =>PUP.Babylon
    O43 – CFD: 29/08/2011 – 14:42:56 – [0,201] —-D C:UsersEstelleAppDataLocalfreetvradio Air =>Adware.SPointer
    O43 – CFD: 11/05/2013 – 17:55:09 – [0,053] —-D C:UsersEstelleAppDataLocalPanel+ =>Toolbar.Ipsos
    O43 – CFD: 19/05/2013 – 18:18:14 – [0] —-D C:UsersEstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsPanel+ =>Toolbar.Ipsos
    ~ 1785 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 2072 Legitimates Filtered in 01mn 04s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.208BD18CB6DA6DE1E6119382B72940AD] – 23/11/2013 – 01:26:15 —A- . (…) — C:UsbFix [Clean 2] ESTELLE-HP.txt [27171]
    O44 – LFC:[MD5.94F0F7B8B78290D74B87DB57B9EDC55E] – 23/11/2013 – 08:12:55


    . (…) — C:bootsqm.dat [3288]
    ~ Files: 88 Legitimates Filtered in 00mn 49s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.E46FFE723F744D45D6E58A0E4066951A] – 23/11/2013 – 01:28:07 —A- – C:WindowsPrefetchRESOURCE.EXE-E971D367.pf
    O45 – LFCP:[MD5.19F837077CE17218314BE9C02DC10107] – 23/11/2013 – 01:29:49 —A- – C:WindowsPrefetchDETECT_SMARTFRIENDAWARENESS.E-48072723.pf
    O45 – LFCP:[MD5.CEA74747CB28C6990C76FE37DCB9DBD6] – 23/11/2013 – 10:25:21 —A- – C:WindowsPrefetchWDLOCKEDFILES.EXE-2ED373DB.pf
    O45 – LFCP:[MD5.893426090418B1BCA44B0FB778C18F99] – 23/11/2013 – 10:55:01 —A- – C:WindowsPrefetchHPSFDETECT.EXE-BB7BD191.pf
    O45 – LFCP:[MD5.B99685FDFF3AF93DC31BA5DE69BBE4B8] – 23/11/2013 – 12:03:35 —A- – C:WindowsPrefetchOLRSTATECHECK.EXE-FCEE3397.pf
    ~ Prefetcher: 142 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 15 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] – 09/09/2010 – 08:46:08 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x64).) — C:WindowsSystem32Driversdgderdrv.sys [20552]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 09/09/2010 – 08:43:20 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    O58 – SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] – 05/02/2013 – 09:54:40 —A- . (…) — C:WindowsSysWOW64FsUsbExDisk.Sys [37344]
    ~ Drivers: 15 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 20/11/2013 – 16:22:18 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECourscarto.docx [30476]
    O61 – LFC: 20/11/2013 – 16:22:26 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3AuditDossier d’audit DURAND LANZA PHAY(1).docx [253158]
    O61 – LFC: 21/11/2013 – 16:15:00 —A- . (…) — C:UsersEstelleAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [265087]
    O61 – LFC: 21/11/2013 – 16:15:00 —A- . (…) — C:UsersEstelleAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
    O61 – LFC: 21/11/2013 – 16:15:07 —A- . (…) — C:UsersEstelleAppDataLocalGoogleChromeUser DataLocal State [45659]
    O61 – LFC: 21/11/2013 – 16:22:26 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Auditexposé.docx [17809]
    O61 – LFC: 22/11/2013 – 16:20:22 —A- . (…) — C:UsersEstelleAppDataRoamingMicrosoftAccessAccessCache.accdb [200704]
    O61 – LFC: 22/11/2013 – 16:22:10 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursa.3s5auditNouvelle section 1.one [48346592]
    O61 – LFC: 22/11/2013 – 16:22:11 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursa.3s5SIDatabaseSI.accdb [479232]
    O61 – LFC: 22/11/2013 – 16:22:28 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3AuditPrise de note de la séance 9 audit.docx [23939]
    O61 – LFC: 22/11/2013 – 16:22:30 —A- . (.Delphine Tempère.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol4. Cuba cumbre del ALBA.doc [31744]
    O61 – LFC: 22/11/2013 – 16:22:30 —A- . (.delphine.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol4. Cuba supprime le permis de sortie.doc [72704]
    O61 – LFC: 22/11/2013 – 16:22:31 —A- . (.Delphine Tempère.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol4. Mort Chavez.doc [32768]
    O61 – LFC: 22/11/2013 – 16:22:31 —A- . (.Delphine Tempère.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol4. Petroleo Venezuela.doc [190464]
    O61 – LFC: 22/11/2013 – 16:22:31 —A- . (.Windows User.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol4. Venezuela lucha pobreza.doc [64512]
    O61 – LFC: 22/11/2013 – 16:22:31 —A- . (.delphine.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol4. Nouveaux alliés économiques.doc [1451520]
    O61 – LFC: 22/11/2013 – 16:22:32 —A- . (.Delphine Tempère.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol5. Acuerdos comerciales.ppt [839168]
    O61 – LFC: 22/11/2013 – 16:22:32 —A- . (.Delphine Tempère.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol5. CAFTA.doc [47104]
    O61 – LFC: 22/11/2013 – 16:22:32 —A- . (.Delphine Tempère.) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Espagnol5. TLCAN.doc [29696]
    O61 – LFC: 22/11/2013 – 16:22:34 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3SIBD Evaluation de contrôle continu 2013 Correction.pdf [426918]
    O61 – LFC: 22/11/2013 – 16:22:34 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3SIBD Evaluation de contrôle continu 2013.pdf [369428]
    O61 – LFC: 22/11/2013 – 16:22:35 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3SIBD.docx [2511028]
    O61 – LFC: 22/11/2013 – 16:22:35 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3TD 5-6 finance.xlsx [31389]
    O61 – LFC: 23/11/2013 – 16:21:20 —A- . (…) — C:UsersEstelleAppDataRoamingZHPLog.txt [19406] =>.Nicolas Coolman
    O61 – LFC: 23/11/2013 – 16:21:20 —A- . (…) — C:UsersEstelleAppDataRoamingZHPTestsZHPDiag.txt [2913] =>.Nicolas Coolman
    O61 – LFC: 23/11/2013 – 16:22:28 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Base avocat1.accdb [749568]
    O61 – LFC: 23/11/2013 – 16:22:32 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Explications Access.pdf [2486629]
    O61 – LFC: 23/11/2013 – 16:22:33 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3MarketingProjet marketing CENTENO DURAND LANZA.docx [314641]
    O61 – LFC: 23/11/2013 – 16:24:56 —A- . (…) — C:UsersEstelleDocumentsUsbFix [Clean 2] ESTELLE-HP.txt [27171]
    ~ 8 Fichiers temporaires (Temporary files)
    ~ Files: 222 Legitimates Filtered in 19mn 02s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [Estelle – 5u3veijt.default] user_pref(“extensions.crossrider.bic”, “13fd9d284884855d4fb941f05c34b9bd”); =>PUP.CrossRider
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] – (Search the web (Babylon)) – http://search.babylon.com” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    O69 – SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} – (Ask.com) – http://eu.ask.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {8BEB487C-C163-4184-A2C2-1DA0EB163860} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} – (Yahoo) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {d43b3890-80c7-4010-a95d-1e77b5924dc3} – (Wikipedia) – http://fr.wikipedia.org” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{C5AA0DBA-7180-4724-AA70-C0D4C4F73C24}C:windowskmsemulator.exe” |In – Private – P6 – TRUE | .(…) — C:windowskmsemulator.exe (.not file.)
    O87 – FAEL: “UDP Query User{EE06C030-48E0-43C4-AEC1-2AE83C3422C0}C:windowskmsemulator.exe” |In – Private – P17 – TRUE | .(…) — C:windowskmsemulator.exe (.not file.)
    O87 – FAEL: “{85DF2542-2B50-4AE6-AA69-797BD3B978AD}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{D22A39B3-B3DB-4476-9DE1-44F72EC21D97}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{5E7C61A0-7EF2-48BD-A0D3-C8EBE613B59F}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{2619FA99-2103-4449-A982-986FBCE06704}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{B9FAA9C3-F9CD-4997-9A1C-B7CE497B5C7C}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{F02919DF-55DA-42FC-A86D-3A67F488FEA7}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “TCP Query User{3AE7D255-DCA3-43A3-BC37-8A6283A8C303}C:usersestelleappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O87 – FAEL: “UDP Query User{A995ABB7-514E-4DC2-8E67-93D2ED919958}C:usersestelleappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    ~ Firewall: 232 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “25BD30E1BC5D83343A835E62DDD4D41B” . (.Bing Bar.) — C:WindowsInstaller{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}icon_installer_ico =>Toolbar.Bing
    O90 – PUC: “F23CE5547514D834E9A3049EB390CFC3” . (.WD Quick View.) — C:WindowsInstaller{455EC32F-4157-438D-9E3A-40E93B09FC3C}icon.ico =>.Western Digital Technologies
    ~ Update Products: 170 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SS – | Demand 19/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 24/05/2013 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMAESTSr64.exe
    SR – | Auto 14/01/2011 203776 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopsched.exe
    SR – | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavguard.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 13/10/2011 105120 | (AtherosSvc) . (.Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
    SS – | Demand 01/03/2011 183560 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBarBBSvc.exe
    SR – | Auto 15/06/2007 145504 | (bgsvcgen) . (.B.H.A Corporation.) – C:WindowsSysWOW64bgsvcgen.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 17/02/2011 265544 | (FPLService) . (.HP.) – C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Auto 25/02/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 25/02/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
    SR – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
    SR – | Auto 11/07/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
    SR – | Auto 29/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 04/03/2011 2375168 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SR – | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 23/11/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    SS – | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SR – | Auto 09/01/2013 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) – C:Program Files (x86)PDF ArchitectHelperService.exe
    SR – | Auto 09/01/2013 795208 | (PDF Architect Service) . (.pdfforge GbR.) – C:Program Files (x86)PDF ArchitectConversionService.exe
    SR – | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftBingBarSeaPort.exe
    SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SR – | Auto 24/05/2013 301568 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
    SR – | Auto 23/11/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/08/2013 1042808 | (WDBackup) . (.Western Digital Technologies, Inc..) – C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe
    SR – | Auto 14/08/2013 270704 | (WDDriveService) . (.Western Digital Technologies, Inc..) – C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 13/10/2011 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe
    ~ Services: Scanned in 00mn 44s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by Estelle at 23/11/2013 16:38:16
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Estelle at 23/11/2013 16:38:18

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 12996 – (22/11/2013)
    Clés trouvées (Keys found) : 52
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 10
    Fichiers trouvés (Files found) : 3

    [HKLMSoftwareGoogleChromeExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
    [HKLMSoftwareClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
    [HKLMSoftwareClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKLMSoftwareWow6432NodeClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKLMSoftwareClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
    [HKLMSoftwareClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKLMSoftwareWow6432NodeClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKLMSoftwareClassesAppIDescort.dll] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASMANCS] =>Toolbar.Bing
    [HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
    [HKCUSoftwarefreetvradio] =>Adware.SPointer
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKLMSoftwareWow6432NodeSimplyGen] =>Adware.PredictAd
    [HKLMSoftwareWow6432NodeMicrosoftTracingMyBabylontb_RASAPI32] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeMicrosoftTracingMyBabylontb_RASMANCS] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing
    [HKLMSoftwareClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
    [HKLMSoftwareClassesProd.cap] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
    [HKLMSoftwareClassesAppIDsecman.DLL] =>PUP.Babylon
    [HKLMSoftwareClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKCUSoftwareAppDataLowSoftwareCrossrider] =>PUP.CrossRider
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
    [HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
    [HKLMSoftwareWow6432NodeMicrosoftTracingapnstub_RASAPI32] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeMicrosoftTracingapnstub_RASMANCS] =>Toolbar.Ask
    [HKLMSoftwareClassesTBSB06155.IEToolbar] =>Toolbar.Agent
    [HKLMSoftwareClassesTBSB06155.IEToolbar.1] =>Toolbar.Agent
    [HKLMSoftwareClassesToolbar3.TBSB06155] =>Toolbar.Agent
    [HKLMSoftwareClassesToolbar3.TBSB06155.1] =>Toolbar.Agent
    [HKLMSoftwareWow6432NodeClassesTBSB06155.IEToolbar] =>Toolbar.Agent
    [HKLMSoftwareWow6432NodeClassesTBSB06155.IEToolbar.1] =>Toolbar.Agent
    [HKLMSoftwareWow6432NodeClassesToolbar3.TBSB06155] =>Toolbar.Agent
    [HKLMSoftwareWow6432NodeClassesToolbar3.TBSB06155.1] =>Toolbar.Agent
    [HKLMSoftwareWow6432NodeClassesAppIDescort.DLL] =>PUP.Funmoods
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:cacaoweb =>PUP.CacaoWeb^
    C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
    C:Program Files (x86)freeTVRadio =>Adware.SPointer^
    C:ProgramDataBabylon =>PUP.Babylon^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:UsersEstelleAppDataRoamingfreeTVRadio =>Adware.SPointer^
    C:UsersEstelleAppDataRoamingPanel+ =>Toolbar.Ipsos^
    C:UsersEstelleAppDataLocalBabylon =>PUP.Babylon^
    C:UsersEstelleAppDataLocalfreetvradio Air =>Adware.SPointer^
    C:UsersEstelleAppDataLocalPanel+ =>Toolbar.Ipsos^
    C:UsersEstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsPanel+ =>Toolbar.Ipsos^
    C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultSearchPluginssweetim.xml =>PUP.SweetIM
    [HKCUSoftwarefreeTVRadio] =>Adware.SPointer^
    [HKLMSoftwareWow6432NodeBabylon] =>PUP.Babylon^
    ~ Additionnel Scan: 433249 Items scanned in 00mn 19s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock” onclick=”window.open(this.href);return false; =>Toolbar.BubbleDock
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch” onclick=”window.open(this.href);return false; =>PUP.StartSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
    ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/33956117-toolbar-ipsos” onclick=”window.open(this.href);return false; =>Toolbar.Ipsos
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke” onclick=”window.open(this.href);return false; =>PUP.WhiteSmoke
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
    ~ MSI: 15 link(s) detected in 00mn 20s

    ~ 3568 Legitimates filtered by white list
    End of the scan (647 lines in 26mn 40s)(0)

  • lilidurhone
    Nombre d'articles : 0

    Hello

    On va s’occuper des adwares 😉

    • Télécharges Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisi l’option Scanner
      2. Clique sur Rapport
    • Copie et Colle le contenu du rapport

  • Estelle27
    Nombre d'articles : 0

    Voilà
    # AdwCleaner v3.012 – Rapport créé le 23/11/2013 à 21:06:05
    # Mis à jour le 11/11/2013 par Xplode
    # Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d’utilisateur : Estelle – ESTELLE-HP
    # Exécuté depuis : C:UsersEstelleDownloadsadwcleaner.exe
    # Option : Scanner

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Présent C:Kreapixel
    Dossier Présent C:Program Files (x86)freeTVRadio
    Dossier Présent C:Program Files (x86)myfree codec
    Dossier Présent C:Program Files (x86)Nosibay
    Dossier Présent C:ProgramDataBabylon
    Dossier Présent C:ProgramDataMicrosoftWindowsStart MenuProgramsmyfree codec
    Dossier Présent C:ProgramDataPremium
    Dossier Présent C:UsersEstelleAppDataLocalBabylon
    Dossier Présent C:UsersEstelleAppDataLocalfreetvradio Air
    Dossier Présent C:UsersEstelleAppDataRoamingfreeTVRadio
    Dossier Présent C:UsersEstelleAppDataRoaminggoforfiles
    Dossier Présent C:UsersEstelleAppDataRoamingNosibay
    Dossier Présent C:UsersEstelleAppDataRoamingpdfforge
    Fichier Présent : C:Program Files (x86)Mozilla FirefoxsearchpluginsBabylon.xml
    Fichier Présent : C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultsearchpluginsSweetIm.xml
    Fichier Présent : C:WindowsSystem32TasksGoforFilesUpdate

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Présente : HKCUSoftwareAppDataLowSoftwareCrossrider
    Clé Présente : HKCUSoftwarecacaoweb
    Clé Présente : HKCUSoftwarefreeTVRadio
    Clé Présente : HKCUSoftwareGoogleChromeExtensionsleahdjjpjmnamomgpojikeapflgbmjab
    Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallMyFreeCodec
    Clé Présente : HKCUSoftwareMyfree Codec
    Clé Présente : HKCUSoftwareNosibay
    Clé Présente : HKCUSoftwareSoftonic
    Clé Présente : HKCUSoftwareYahooPartnerToolbar
    Clé Présente : [x64] HKCUSoftwarecacaoweb
    Clé Présente : [x64] HKCUSoftwarefreeTVRadio
    Clé Présente : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Présente : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Clé Présente : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Clé Présente : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Clé Présente : [x64] HKCUSoftwareMyfree Codec
    Clé Présente : [x64] HKCUSoftwareNosibay
    Clé Présente : [x64] HKCUSoftwareSoftonic
    Clé Présente : [x64] HKCUSoftwareYahooPartnerToolbar
    Clé Présente : HKLMSoftwareBabylon
    Clé Présente : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}
    Clé Présente : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Présente : HKLMSOFTWAREClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Clé Présente : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Clé Présente : HKLMSOFTWAREClassesAppIDescort.DLL
    Clé Présente : HKLMSOFTWAREClassesAppIDsecman.DLL
    Clé Présente : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr
    Clé Présente : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr.1
    Clé Présente : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Clé Présente : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Présente : HKLMSOFTWAREClassesCLSID{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Présente : HKLMSOFTWAREClassesCLSID{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Clé Présente : HKLMSOFTWAREClassesCLSID{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Présente : HKLMSOFTWAREClassesCLSID{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Clé Présente : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}
    Clé Présente : HKLMSOFTWAREClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Présente : HKLMSOFTWAREClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}
    Clé Présente : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Présente : HKLMSOFTWAREClassesCLSID{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Clé Présente : HKLMSOFTWAREClassesCLSID{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Clé Présente : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Présente : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Présente : HKLMSOFTWAREClassesProd.cap
    Clé Présente : HKLMSOFTWAREClassesTBSB06155.IEToolbar
    Clé Présente : HKLMSOFTWAREClassesTBSB06155.IEToolbar.1
    Clé Présente : HKLMSOFTWAREClassesToolbar3.TBSB06155
    Clé Présente : HKLMSOFTWAREClassesToolbar3.TBSB06155
    Clé Présente : HKLMSOFTWAREClassesToolbar3.TBSB06155.1
    Clé Présente : HKLMSOFTWAREClassesToolbar3.TBSB06155.1
    Clé Présente : HKLMSOFTWAREClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Clé Présente : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
    Clé Présente : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
    Clé Présente : HKLMSOFTWAREMicrosoftTracingau__rasapi32
    Clé Présente : HKLMSOFTWAREMicrosoftTracingau__rasmancs
    Clé Présente : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
    Clé Présente : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32
    Clé Présente : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS
    Clé Présente : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_jlcs-internet-tv_RASAPI32
    Clé Présente : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_jlcs-internet-tv_RASMANCS
    Clé Présente : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_kastor-tv_RASAPI32
    Clé Présente : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_kastor-tv_RASMANCS
    Clé Présente : HKLMSOFTWAREMicrosoftTracingsweetim_rasapi32
    Clé Présente : HKLMSOFTWAREMicrosoftTracingsweetim_rasmancs
    Clé Présente : HKLMSOFTWAREMicrosoftTracingsweetpacksupdatemanager_rasapi32
    Clé Présente : HKLMSOFTWAREMicrosoftTracingSweetPacksUpdateManager_RASMANCS
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Présente : HKLMSoftwareMyfree Codec
    Clé Présente : HKLMSoftwareSimplyGen
    Clé Présente : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Présente : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Présente : [x64] HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clé Présente : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Clé Présente : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Clé Présente : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Valeur Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [cacaoweb]
    Valeur Présente : HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel [Homepage]
    Valeur Présente : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
    Valeur Présente : HKLMSOFTWAREMozillaFirefoxExtensions [bubbledock@nosibay.com]

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16736

    Paramètre Présent : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page] – hxxp://search.babylon.com/?AF=108988&babsrc=HP_ss&mntrId=b438d887000000000000643150a24f6c” onclick=”window.open(this.href);return false;

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultprefs.js ]

    Ligne Trouvée : user_pref(“extensions.crossrider.bic”, “13fd9d284884855d4fb941f05c34b9bd”);

    -\ Google Chrome v31.0.1650.57

    [ Fichier : C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [9629 octets] – [23/11/2013 21:06:05]

    ########## EOF – C:AdwCleanerAdwCleaner[R0].txt – [9689 octets] ##########

    Next ? ^^

  • lilidurhone
    Nombre d'articles : 0

    Hello

    La suite demain 😉

    En attendant tu peux passer à l’option “nettoyer” avec adwcleaner ;

  • Estelle27
    Nombre d'articles : 0

    Bonjour,

    J’ai fait le nettoyage 😉

  • lilidurhone
    Nombre d'articles : 0

    Hello

    Tu peux me poster le rapport?

  • Estelle27
    Nombre d'articles : 0

    J’ai pas eu de rapport à la fin du nettoyage… :what:

  • lilidurhone
    Nombre d'articles : 0

    Hello

    Il est dans C:adwcleaner

    Peux tu me refaire un zhpdiag?

  • Estelle27
    Nombre d'articles : 0

    Ah merci désolée.

    Voici le rapport d’awdcleaner :
    # AdwCleaner v3.012 – Rapport créé le 23/11/2013 à 21:57:48
    # Mis à jour le 11/11/2013 par Xplode
    # Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d’utilisateur : Estelle – ESTELLE-HP
    # Exécuté depuis : C:UsersEstelleDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Kreapixel
    Dossier Supprimé : C:ProgramDataBabylon
    Dossier Supprimé : C:ProgramDataPremium
    Dossier Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsmyfree codec
    Dossier Supprimé : C:Program Files (x86)freeTVRadio
    Dossier Supprimé : C:Program Files (x86)myfree codec
    Dossier Supprimé : C:Program Files (x86)Nosibay
    Dossier Supprimé : C:UsersEstelleAppDataLocalBabylon
    Dossier Supprimé : C:UsersEstelleAppDataLocalfreetvradio Air
    Dossier Supprimé : C:UsersEstelleAppDataRoamingfreeTVRadio
    Dossier Supprimé : C:UsersEstelleAppDataRoaminggoforfiles
    Dossier Supprimé : C:UsersEstelleAppDataRoamingNosibay
    Dossier Supprimé : C:UsersEstelleAppDataRoamingpdfforge
    Fichier Supprimé : C:Program Files (x86)Mozilla FirefoxsearchpluginsBabylon.xml
    Fichier Supprimé : C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultsearchpluginsSweetIm.xml
    Fichier Supprimé : C:WindowsSystem32TasksGoforFilesUpdate

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Valeur Supprimée : HKLMSOFTWAREMozillaFirefoxExtensions [bubbledock@nosibay.com]
    Clé Supprimée : HKCUSoftwareGoogleChromeExtensionsleahdjjpjmnamomgpojikeapflgbmjab
    Valeur Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [cacaoweb]
    Valeur Supprimée : HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel [Homepage]
    Clé Supprimée : HKLMSOFTWAREClassesAppIDescort.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppIDsecman.DLL
    Clé Supprimée : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr
    Clé Supprimée : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr.1
    Clé Supprimée : HKLMSOFTWAREClassesProd.cap
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingsweetim_rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingsweetim_rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingsweetpacksupdatemanager_rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSweetPacksUpdateManager_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesTBSB06155.IEToolbar
    Clé Supprimée : HKLMSOFTWAREClassesTBSB06155.IEToolbar.1
    Clé Supprimée : HKLMSOFTWAREClassesToolbar3.TBSB06155
    Clé Supprimée : HKLMSOFTWAREClassesToolbar3.TBSB06155.1
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_jlcs-internet-tv_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_jlcs-internet-tv_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_kastor-tv_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_kastor-tv_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Clé Supprimée : HKCUSoftwarecacaoweb
    Clé Supprimée : HKCUSoftwarefreeTVRadio
    Clé Supprimée : HKCUSoftwareMyfree Codec
    Clé Supprimée : HKCUSoftwareNosibay
    Clé Supprimée : HKCUSoftwareSoftonic
    Clé Supprimée : HKCUSoftwareYahooPartnerToolbar
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareCrossrider
    Clé Supprimée : HKLMSoftwareBabylon
    Clé Supprimée : HKLMSoftwareMyfree Codec
    Clé Supprimée : HKLMSoftwareSimplyGen
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallMyFreeCodec

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16736

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultprefs.js ]

    Ligne Supprimée : user_pref(“extensions.crossrider.bic”, “13fd9d284884855d4fb941f05c34b9bd”);

    -\ Google Chrome v31.0.1650.57

    [ Fichier : C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [9833 octets] – [23/11/2013 21:06:05]
    AdwCleaner[S0].txt – [8898 octets] – [23/11/2013 21:57:48]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [8958 octets] ##########

    Le nouveau de ZHP Diag

    ~ Rapport de ZHPDiag v2013.11.22.46 – Nicolas Coolman (22/11/2013)
    ~ Lancé par Estelle (24/11/2013 23:41:44)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC):

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 25.0.1 (Defaut)
    GCIE: Google Chrome v31.0.1650.57

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 0
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Avira Free Antivirus v13.0.0.4042
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 6091 MB (60% free)
    System Restore: Activé (Enable)
    System drive C: has 343 GB (50%) free of 683 GB

    —\ Mode de connexion au système
    ~ Computer Name: ESTELLE-HP
    ~ User Name: Estelle
    ~ All Users Names: HomeGroupUser$, Estelle, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersEstelleAppDataRoamingZHP
    ~ %AppData% : C:UsersEstelleAppDataRoaming
    ~ %Desktop% : C:UsersEstelleDesktop
    ~ %Favorites% : C:UsersEstelleFavorites
    ~ %LocalAppData% : C:UsersEstelleAppDataLocal
    ~ %StartMenu% : C:UsersEstelleAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 343 Go of 683 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
    E: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Internet Extensions for Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/31168
    ~ Mes musiques (My Musics) : 3/8074
    ~ Mes Videos (My Videos) : 1/140
    ~ Mes Favoris (My Favorites) : 1/20
    ~ Mes Documents (My Documents) : 1/11764
    ~ Mon Bureau (My Desktop) : 1/8
    ~ Menu demarrer (Programs) : 1/40
    ~ Hidden Files: Scanned in 00mn 36s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2520]
    [MD5.801F7511D25FDDB3544BD724A8D775C2] – (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe [1564528] [PID.4844]
    [MD5.760ACD103FFB86AD65DC41CDEB08ABCF] – (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe [578560] [PID.4952]
    [MD5.19A12C6577311463640FE8216D645803] – (.Panasonic Corporation – AutoStartService.) — C:Program Files (x86)Common FilesPanasonicPHOTOfunSTUDIO AutoStartAutoStartupService.exe [172544] [PID.5020]
    [MD5.B35614C0A2E4A89CCEBD7AB6EF18DBAA] – (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper.) — C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe [977408] [PID.5072]
    [MD5.F96C73D7D525174B80CFD865A5D7E083] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.4236]
    [MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1343904] [PID.4176]
    [MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe [347192] [PID.5148]
    [MD5.610FA1C3EBDD079C86C32EEF213733FC] – (.Western Digital – WD Drive Auto Unlock.) — C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe [1687968] [PID.5168]
    [MD5.6ED26E255607F4BA8812E62E496C35ED] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe [311152] [PID.5176]
    [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program Files (x86)CyberLinkYouCamYCMMirage.exe [136488] [PID.5332]
    [MD5.BC6390A6736A5F4A048AC75168DD7869] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [574008] [PID.5340]
    [MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.5360]
    [MD5.A9F9D081518AC03A51C1195986076F42] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.5464]
    [MD5.31E3CDEABD9F89AED78C08A391D6A7D2] – (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe [5537136] [PID.5488]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.5528]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.3428]
    [MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.596]
    [MD5.CEED3CE0035F55A08EEEC34B5804723C] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.4616]
    [MD5.2CF497C586D50F7D402BEC33156E0AF4] – (.HP – TouchControl.) — C:Program Files (x86)HP SimplePass 2011TouchControl.exe [642888] [PID.7428]
    [MD5.7D6D810C7A6B7A37F9F61687AFC5F9A0] – (.HP – BioMonitor.) — C:Program Files (x86)HP SimplePass 2011BioMonitor.exe [142664] [PID.4452]
    [MD5.5397E32E882C0148CEC13D9EACFB7157] – (.Microsoft Corporation – Internet Low-Mic Utility Tool.) — C:Program Files (x86)Internet ExplorerIELowutil.exe [222208] [PID.4604]
    [MD5.06BC146E6C2E881A7235A142BA877B82] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8262144] [PID.7420]
    [MD5.2074A85A6B8F84A5A9C60B915B465FAF] – (.HP – HP Service.) — C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe [265544] [PID.864]
    [MD5.8769E2D1072B62AB071F166F03B3E3DC] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program Files (x86)AviraAntiVir Desktopsched.exe [84024] [PID.1916]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2044]
    [MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program Files (x86)AviraAntiVir Desktopavguard.exe [108088] [PID.1352]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.1416]
    [MD5.ACC9C8C560C567FAD6F79C977AB2EA09] – (.B.H.A Corporation – B’s Recorder GOLD Service Library.) — C:WindowsSysWOW64bgsvcgen.exe [145504] [PID.2080]
    [MD5.491CE9B6321FB74E4B37AF2C47F98434] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [26680] [PID.2304]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2388]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2412]
    [MD5.A1688A4FB2EC49D040C027EF6DC7A87B] – (.pdfforge GbR – PDF Architect Helper Service.) — C:Program Files (x86)PDF ArchitectHelperService.exe [1324104] [PID.2440]
    [MD5.E23FF9B2F8EEAB2BDDA681C21C48E843] – (.pdfforge GbR – PDF Architect Conversion Service.) — C:Program Files (x86)PDF ArchitectConversionService.exe [795208] [PID.2480]
    [MD5.74610A05087FC64150ECCE327E09AC5B] – (.Western Digital Technologies, Inc. – WD Drive Service.) — C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe [270704] [PID.2688]
    [MD5.28B051B78471FC290C1790623D5908E1] – (.Atheros – Atheros Coex Service Application.) — C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe [158880] [PID.2792]
    [MD5.DEE16AB97AFB535329D0D0BE3F5929CE] – (.Western Digital Technologies, Inc. – WD Backup Engine.) — C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe [1042808] [PID.2928]
    [MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1001376] [PID.5680]
    [MD5.E79A8E33BD136D14BAE1FA20EB2EF124] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.7108]
    [MD5.C463A25F01C6237295917417C5E9E344] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.3288]
    [MD5.3A1ECEF8D49FC1A786A6CCD5A86A8878] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.4100]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
    ~ Google Browser: 16 Legitimates Filtered in 00mn 01s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultprefs.js
    ~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREPoliciesMicrosoftInternet ExplorerMain,Start Page = http://seeearch.com” onclick=”window.open(this.href);return false; =>PUP.StartSearch
    ~ IE Browser: 16 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation – Windows 7 Upgrade Advisor.) — C:Program Files (x86)Microsoft Windows 7 Upgrade AdvisorWindowsUpgradeAdvisor.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Estelle]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Estelle]: hpDST.lnk . (.Hewlett-Packard Company – Setup Manager.) — C:Program Files (x86)Hewlett-PackardSetup ManagerhpDST.exe
    O4 – GSTaskBar [Estelle]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Estelle]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Estelle]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSendTo [Estelle]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote.) — C:Program Files (x86)EvernoteEvernoteEvernote.exe
    O4 – GSDesktop [Estelle]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [Estelle]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    ~ Global Startup: 74 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: PHOTOfunSTUDIO 5.1 HD Edition.lnk . (.Panasonic Corporation – AutoStartService.) — C:Program Files (x86)Common FilesPanasonicPHOTOfunSTUDIO AutoStartAutoStartupService.exe
    O4 – GSStartup [Estelle]: EvernoteClipper.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper.) — C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe
    O4 – GSStartup [Estelle]: OneNote 2010 – Capture d’écran et lancement.lnk . (…) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe (.not file.)
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [Apoint] . (.Alps Electric Co., Ltd. – Alps Pointing-device Driver.) — C:Program FilesApoint2KApoint.exe
    O4 – HKLM..Run: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program FilesMicrosoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio TPE.) — C:Program FilesIDTWDMsttray64.exe
    O4 – HKLM..Run: [AtherosBtStack] . (.Atheros Communications – Serveur Stack Bluetooth.) — C:Program Files (x86)Bluetooth SuiteBtvStack.exe
    O4 – HKLM..Run: [AthBtTray] . (.Atheros Commnucations – Bluetooth Tray.) — C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
    O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
    O4 – HKCU..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
    O4 – HKCU..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe
    O4 – HKLM..Wow6432NodeRun: [WD Drive Unlocker] . (.Western Digital – WD Drive Auto Unlock.) — C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe =>.Western Digital Technologies
    O4 – HKLM..Wow6432NodeRun: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [WD Quick View] . (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe =>.Western Digital Technologies
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~4Office14ONBttnIE.dll (.not file.)
    O9 – Extra button: Send by Bluetooth to [64Bits] – {7815BE26-237D-41A8-A98F-F7BD75F71086} — Clé orpheline
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~4Office14ONBTTN~1.dll (.not file.)
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Site dans la Zone de confiance d’Internet Explorer (O15)
    O15 – Trusted Zone: [HKCU…Domainswww] http.consoclicker.com
    ~ IE Zone Confiance: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCCSServicesTcpip..{3D254152-1864-44F7-9B83-7D627BABEED1}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCS1ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{3D254152-1864-44F7-9B83-7D627BABEED1}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCS2ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCS2ServicesTcpip..{3D254152-1864-44F7-9B83-7D627BABEED1}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksAutoKMS.job [204]
    [MD5.00000000000000000000000000000000] [APT] [AutoKMS] (…) — C:WindowsAutoKMS.exe (.not file.) [0] =>Trojan.Keygen
    [MD5.00000000000000000000000000000000] [APT] [{9DE9C10B-ACFE-4B05-A85A-4CA63335C2DC}] (…) — C:UsersEstelleDownloadssetup_MBPDualFinance.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{DDD62423-E81B-441D-AE4C-A397FFE8DE58}] (…) — C:UsersEstelleDownloadsdotnetfx3setup.exe (.not file.) [0]
    ~ Scheduled Task: 27 Legitimates Filtered in 00mn 06s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
    ~ Key Software: 226 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 21/11/2012 – 20:51:48 – [4,369] —-D C:Program Files (x86)MBP
    O43 – CFD: 01/07/2012 – 19:18:24 – [1,069] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 11/05/2013 – 17:55:31 – [4,696] —-D C:UsersEstelleAppDataRoamingPanel+ =>Toolbar.Ipsos
    O43 – CFD: 11/05/2013 – 17:55:09 – [0,053] —-D C:UsersEstelleAppDataLocalPanel+ =>Toolbar.Ipsos
    O43 – CFD: 19/05/2013 – 18:18:14 – [0] —-D C:UsersEstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsPanel+ =>Toolbar.Ipsos
    ~ 1788 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 2064 Legitimates Filtered in 01mn 08s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.208BD18CB6DA6DE1E6119382B72940AD] – 23/11/2013 – 01:26:15 —A- . (…) — C:UsbFix [Clean 2] ESTELLE-HP.txt [27171]
    O44 – LFC:[MD5.94F0F7B8B78290D74B87DB57B9EDC55E] – 23/11/2013 – 08:12:55


    . (…) — C:bootsqm.dat [3288]
    ~ Files: 89 Legitimates Filtered in 00mn 42s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.E46FFE723F744D45D6E58A0E4066951A] – 23/11/2013 – 01:28:07 —A- – C:WindowsPrefetchRESOURCE.EXE-E971D367.pf
    O45 – LFCP:[MD5.19F837077CE17218314BE9C02DC10107] – 23/11/2013 – 01:29:49 —A- – C:WindowsPrefetchDETECT_SMARTFRIENDAWARENESS.E-48072723.pf
    O45 – LFCP:[MD5.CEA74747CB28C6990C76FE37DCB9DBD6] – 23/11/2013 – 10:25:21 —A- – C:WindowsPrefetchWDLOCKEDFILES.EXE-2ED373DB.pf
    O45 – LFCP:[MD5.893426090418B1BCA44B0FB778C18F99] – 23/11/2013 – 10:55:01 —A- – C:WindowsPrefetchHPSFDETECT.EXE-BB7BD191.pf
    O45 – LFCP:[MD5.B99685FDFF3AF93DC31BA5DE69BBE4B8] – 23/11/2013 – 12:03:35 —A- – C:WindowsPrefetchOLRSTATECHECK.EXE-FCEE3397.pf
    ~ Prefetcher: 141 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 15 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] – 09/09/2010 – 08:46:08 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x64).) — C:WindowsSystem32Driversdgderdrv.sys [20552]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 09/09/2010 – 08:43:20 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    O58 – SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] – 05/02/2013 – 09:54:40 —A- . (…) — C:WindowsSysWOW64FsUsbExDisk.Sys [37344]
    ~ Drivers: 15 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 24/11/2013 – 23:51:39 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3PPPdossier PPP.docx [116327]
    O61 – LFC: 24/11/2013 – 23:51:39 –HA- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3PPP~$ssier PPP.docx [162]
    O61 – LFC: 24/11/2013 – 23:51:58 –HA- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursSemestre 5PPPPPP~$PPP.docx [162]
    ~ 21 Fichiers temporaires (Temporary files)
    ~ Files: 62 Legitimates Filtered in 43mn 40s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {8BEB487C-C163-4184-A2C2-1DA0EB163860} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{C5AA0DBA-7180-4724-AA70-C0D4C4F73C24}C:windowskmsemulator.exe” |In – Private – P6 – TRUE | .(…) — C:windowskmsemulator.exe (.not file.)
    O87 – FAEL: “UDP Query User{EE06C030-48E0-43C4-AEC1-2AE83C3422C0}C:windowskmsemulator.exe” |In – Private – P17 – TRUE | .(…) — C:windowskmsemulator.exe (.not file.)
    O87 – FAEL: “{85DF2542-2B50-4AE6-AA69-797BD3B978AD}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{D22A39B3-B3DB-4476-9DE1-44F72EC21D97}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{5E7C61A0-7EF2-48BD-A0D3-C8EBE613B59F}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{2619FA99-2103-4449-A982-986FBCE06704}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{B9FAA9C3-F9CD-4997-9A1C-B7CE497B5C7C}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “{F02919DF-55DA-42FC-A86D-3A67F488FEA7}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 – FAEL: “TCP Query User{3AE7D255-DCA3-43A3-BC37-8A6283A8C303}C:usersestelleappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O87 – FAEL: “UDP Query User{A995ABB7-514E-4DC2-8E67-93D2ED919958}C:usersestelleappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    ~ Firewall: 232 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “25BD30E1BC5D83343A835E62DDD4D41B” . (.Bing Bar.) — C:WindowsInstaller{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}icon_installer_ico =>Toolbar.Bing
    O90 – PUC: “F23CE5547514D834E9A3049EB390CFC3” . (.WD Quick View.) — C:WindowsInstaller{455EC32F-4157-438D-9E3A-40E93B09FC3C}icon.ico =>.Western Digital Technologies
    ~ Update Products: 170 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SS – | Demand 19/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 24/05/2013 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMAESTSr64.exe
    SR – | Auto 14/01/2011 203776 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopsched.exe
    SR – | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavguard.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 13/10/2011 105120 | (AtherosSvc) . (.Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
    SS – | Demand 01/03/2011 183560 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBarBBSvc.exe
    SR – | Auto 15/06/2007 145504 | (bgsvcgen) . (.B.H.A Corporation.) – C:WindowsSysWOW64bgsvcgen.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 17/02/2011 265544 | (FPLService) . (.HP.) – C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Auto 25/02/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 25/02/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
    SR – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
    SR – | Auto 11/07/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
    SR – | Auto 29/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 04/03/2011 2375168 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SR – | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 23/11/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    SS – | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SR – | Auto 09/01/2013 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) – C:Program Files (x86)PDF ArchitectHelperService.exe
    SR – | Auto 09/01/2013 795208 | (PDF Architect Service) . (.pdfforge GbR.) – C:Program Files (x86)PDF ArchitectConversionService.exe
    SR – | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftBingBarSeaPort.exe
    SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SR – | Auto 24/05/2013 301568 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
    SR – | Auto 23/11/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/08/2013 1042808 | (WDBackup) . (.Western Digital Technologies, Inc..) – C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe
    SR – | Auto 14/08/2013 270704 | (WDDriveService) . (.Western Digital Technologies, Inc..) – C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 13/10/2011 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe
    ~ Services: Scanned in 00mn 43s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by Estelle at 25/11/2013 00:04:57
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Estelle at 25/11/2013 00:04:59

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 12996 – (22/11/2013)
    Clés trouvées (Keys found) : 8
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 5
    Fichiers trouvés (Files found) : 0

    [HKLMSoftwareGoogleChromeExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKLMSoftwareClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:UsersEstelleAppDataRoamingPanel+ =>Toolbar.Ipsos^
    C:UsersEstelleAppDataLocalPanel+ =>Toolbar.Ipsos^
    C:UsersEstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsPanel+ =>Toolbar.Ipsos^
    ~ Additionnel Scan: 433890 Items scanned in 00mn 27s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock” onclick=”window.open(this.href);return false; =>Toolbar.BubbleDock
    ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch” onclick=”window.open(this.href);return false; =>PUP.StartSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/33956117-toolbar-ipsos” onclick=”window.open(this.href);return false; =>Toolbar.Ipsos
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
    ~ MSI: 6 link(s) detected in 00mn 27s

    ~ 3386 Legitimates filtered by white list
    End of the scan (537 lines in 36mn 15s)(0)

  • lilidurhone
    Nombre d'articles : 0

    Hello

    On va utiliser Zhpfix

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

      Script ZHPFix
      R0 - HKCUSOFTWAREPoliciesMicrosoftInternet ExplorerMain,Start Page = http://seeearch.com =>PUP.StartSearch
      G2 - GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
      O39 - APT:Automatic Planified Task - C:WindowsTasksAutoKMS.job [204]
      [MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:WindowsAutoKMS.exe (.not file.) [0] =>Trojan.Keygen
      [MD5.00000000000000000000000000000000] [APT] [{9DE9C10B-ACFE-4B05-A85A-4CA63335C2DC}] (...) -- C:UsersEstelleDownloadssetup_MBPDualFinance.exe (.not file.) [0]
      [MD5.00000000000000000000000000000000] [APT] [{DDD62423-E81B-441D-AE4C-A397FFE8DE58}] (...) -- C:UsersEstelleDownloadsdotnetfx3setup.exe (.not file.) [0]
      [HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
      O87 - FAEL: "TCP Query User{C5AA0DBA-7180-4724-AA70-C0D4C4F73C24}C:windowskmsemulator.exe" |In - Private - P6 - TRUE | .(...) -- C:windowskmsemulator.exe (.not file.)
      O87 - FAEL: "UDP Query User{EE06C030-48E0-43C4-AEC1-2AE83C3422C0}C:windowskmsemulator.exe" |In - Private - P17 - TRUE | .(...) -- C:windowskmsemulator.exe (.not file.)
      O87 - FAEL: "{85DF2542-2B50-4AE6-AA69-797BD3B978AD}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
      O87 - FAEL: "{D22A39B3-B3DB-4476-9DE1-44F72EC21D97}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
      O87 - FAEL: "{5E7C61A0-7EF2-48BD-A0D3-C8EBE613B59F}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
      O87 - FAEL: "{2619FA99-2103-4449-A982-986FBCE06704}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
      O87 - FAEL: "{B9FAA9C3-F9CD-4997-9A1C-B7CE497B5C7C}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
      O87 - FAEL: "{F02919DF-55DA-42FC-A86D-3A67F488FEA7}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
      O87 - FAEL: "TCP Query User{3AE7D255-DCA3-43A3-BC37-8A6283A8C303}C:usersestelleappdataroamingcacaowebcacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
      O87 - FAEL: "UDP Query User{A995ABB7-514E-4DC2-8E67-93D2ED919958}C:usersestelleappdataroamingcacaowebcacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
      [HKLMSoftwareGoogleChromeExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
      [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing
      [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
      [HKLMSoftwareClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
      [HKLMSoftwareClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
      [HKLMSoftwareWow6432NodeClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
      [HKLMSoftwareWow6432NodeClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
      C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
      C:ProgramDataInstallMate =>PUP.Tarma^
      C:UsersEstelleAppDataRoamingPanel+ =>Toolbar.Ipsos^
      C:UsersEstelleAppDataLocalPanel+ =>Toolbar.Ipsos^
      C:UsersEstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsPanel+ =>Toolbar.Ipsos^
      Sysrestore
      Emptytemp

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • Estelle27
    Nombre d'articles : 0

    Bonjour
    [url]
    https://antimalware.top/log/SosUpload.b412d69f07282c9c1ed2a04805677e70.txt” onclick=”window.open(this.href);return false;[/url]

  • lilidurhone
    Nombre d'articles : 0

    Bien

    Il faudrait que tu mettes à jour IE via windows update

    Pourrais tu me faire un zhpdiag?

  • Estelle27
    Nombre d'articles : 0

    ~ Rapport de ZHPDiag v2013.11.26.56 – Nicolas Coolman (26/11/2013)
    ~ Lancé par Estelle (26/11/2013 21:55:40)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC):

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16428
    MFIE: Mozilla Firefox 25.0.1 (Defaut)
    GCIE: Google Chrome v31.0.1650.57

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 0
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Avira Free Antivirus v13.0.0.4042
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 6091 MB (58% free)
    System Restore: Activé (Enable)
    System drive C: has 344 GB (50%) free of 683 GB

    —\ Mode de connexion au système
    ~ Computer Name: ESTELLE-HP
    ~ User Name: Estelle
    ~ All Users Names: HomeGroupUser$, Estelle, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersEstelleAppDataRoamingZHP
    ~ %AppData% : C:UsersEstelleAppDataRoaming
    ~ %Desktop% : C:UsersEstelleDesktop
    ~ %Favorites% : C:UsersEstelleFavorites
    ~ %LocalAppData% : C:UsersEstelleAppDataLocal
    ~ %StartMenu% : C:UsersEstelleAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 344 Go of 683 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 15 Go)
    E: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.E6CB36B85BE59095337427E853A5B65A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.26/11/2013 – 21:42:42.) — C:WindowsSystem32wininet.dll [2332160]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 02s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/31168
    ~ Mes musiques (My Musics) : 3/8074
    ~ Mes Videos (My Videos) : 1/140
    ~ Mes Favoris (My Favorites) : 1/20
    ~ Mes Documents (My Documents) : 1/11764
    ~ Mon Bureau (My Desktop) : 1/9
    ~ Menu demarrer (Programs) : 1/40
    ~ Hidden Files: Scanned in 01mn 58s

    —\ Processus lancés
    [MD5.2CF497C586D50F7D402BEC33156E0AF4] – (.HP – TouchControl.) — C:Program Files (x86)HP SimplePass 2011TouchControl.exe [642888] [PID.2448]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2240]
    [MD5.7D6D810C7A6B7A37F9F61687AFC5F9A0] – (.HP – BioMonitor.) — C:Program Files (x86)HP SimplePass 2011BioMonitor.exe [142664] [PID.4188]
    [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program Files (x86)CyberLinkYouCamYCMMirage.exe [136488] [PID.4964]
    [MD5.801F7511D25FDDB3544BD724A8D775C2] – (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe [1564528] [PID.5104]
    [MD5.760ACD103FFB86AD65DC41CDEB08ABCF] – (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe [578560] [PID.328]
    [MD5.F96C73D7D525174B80CFD865A5D7E083] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284440] [PID.3808]
    [MD5.19A12C6577311463640FE8216D645803] – (.Panasonic Corporation – AutoStartService.) — C:Program Files (x86)Common FilesPanasonicPHOTOfunSTUDIO AutoStartAutoStartupService.exe [172544] [PID.1268]
    [MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1343904] [PID.1256]
    [MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe [347192] [PID.4564]
    [MD5.610FA1C3EBDD079C86C32EEF213733FC] – (.Western Digital – WD Drive Auto Unlock.) — C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe [1687968] [PID.4468]
    [MD5.6ED26E255607F4BA8812E62E496C35ED] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe [311152] [PID.580]
    [MD5.BC6390A6736A5F4A048AC75168DD7869] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [574008] [PID.4868]
    [MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.4808]
    [MD5.A9F9D081518AC03A51C1195986076F42] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.4376]
    [MD5.31E3CDEABD9F89AED78C08A391D6A7D2] – (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe [5537136] [PID.116]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.2040]
    [MD5.B35614C0A2E4A89CCEBD7AB6EF18DBAA] – (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper.) — C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe [977408] [PID.1736]
    [MD5.9E237EB754D86D63B1E39AD3D97292FA] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8253952] [PID.6072]
    [MD5.2074A85A6B8F84A5A9C60B915B465FAF] – (.HP – HP Service.) — C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe [265544] [PID.856]
    [MD5.8769E2D1072B62AB071F166F03B3E3DC] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program Files (x86)AviraAntiVir Desktopsched.exe [84024] [PID.1788]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1912]
    [MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program Files (x86)AviraAntiVir Desktopavguard.exe [108088] [PID.1988]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2008]
    [MD5.ACC9C8C560C567FAD6F79C977AB2EA09] – (.B.H.A Corporation – B’s Recorder GOLD Service Library.) — C:WindowsSysWOW64bgsvcgen.exe [145504] [PID.1300]
    [MD5.491CE9B6321FB74E4B37AF2C47F98434] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [26680] [PID.2056]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2140]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2164]
    [MD5.A1688A4FB2EC49D040C027EF6DC7A87B] – (.pdfforge GbR – PDF Architect Helper Service.) — C:Program Files (x86)PDF ArchitectHelperService.exe [1324104] [PID.2196]
    [MD5.E23FF9B2F8EEAB2BDDA681C21C48E843] – (.pdfforge GbR – PDF Architect Conversion Service.) — C:Program Files (x86)PDF ArchitectConversionService.exe [795208] [PID.2296]
    [MD5.74610A05087FC64150ECCE327E09AC5B] – (.Western Digital Technologies, Inc. – WD Drive Service.) — C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe [270704] [PID.2488]
    [MD5.28B051B78471FC290C1790623D5908E1] – (.Atheros – Atheros Coex Service Application.) — C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe [158880] [PID.2564]
    [MD5.DEE16AB97AFB535329D0D0BE3F5929CE] – (.Western Digital Technologies, Inc. – WD Backup Engine.) — C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe [1042808] [PID.2772]
    [MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1001376] [PID.4344]
    [MD5.E79A8E33BD136D14BAE1FA20EB2EF124] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.5112]
    [MD5.C463A25F01C6237295917417C5E9E344] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.676]
    [MD5.3A1ECEF8D49FC1A786A6CCD5A86A8878] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.6884]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultPreferences
    ~ Google Browser: 15 Legitimates Filtered in 00mn 00s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersEstelleAppDataRoamingMozillaFirefoxProfiles5u3veijt.defaultprefs.js
    ~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREPoliciesMicrosoftInternet ExplorerMain,Start Page = http://seeearch.com” onclick=”window.open(this.href);return false; =>PUP.StartSearch
    ~ IE Browser: 14 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation – Windows 7 Upgrade Advisor.) — C:Program Files (x86)Microsoft Windows 7 Upgrade AdvisorWindowsUpgradeAdvisor.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Estelle]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Estelle]: hpDST.lnk . (.Hewlett-Packard Company – Setup Manager.) — C:Program Files (x86)Hewlett-PackardSetup ManagerhpDST.exe
    O4 – GSTaskBar [Estelle]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Estelle]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [Estelle]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSendTo [Estelle]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote.) — C:Program Files (x86)EvernoteEvernoteEvernote.exe
    O4 – GSDesktop [Estelle]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [Estelle]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    ~ Global Startup: 74 Legitimates Filtered in 00mn 05s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: PHOTOfunSTUDIO 5.1 HD Edition.lnk . (.Panasonic Corporation – AutoStartService.) — C:Program Files (x86)Common FilesPanasonicPHOTOfunSTUDIO AutoStartAutoStartupService.exe
    O4 – GSStartup [Estelle]: EvernoteClipper.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper.) — C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe
    O4 – GSStartup [Estelle]: OneNote 2010 – Capture d’écran et lancement.lnk . (…) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe (.not file.)
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [Apoint] . (.Alps Electric Co., Ltd. – Alps Pointing-device Driver.) — C:Program FilesApoint2KApoint.exe
    O4 – HKLM..Run: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program FilesMicrosoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio TPE.) — C:Program FilesIDTWDMsttray64.exe
    O4 – HKLM..Run: [AtherosBtStack] . (.Atheros Communications – Serveur Stack Bluetooth.) — C:Program Files (x86)Bluetooth SuiteBtvStack.exe
    O4 – HKLM..Run: [AthBtTray] . (.Atheros Commnucations – Bluetooth Tray.) — C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
    O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
    O4 – HKCU..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
    O4 – HKCU..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe
    O4 – HKLM..Wow6432NodeRun: [WD Drive Unlocker] . (.Western Digital – WD Drive Auto Unlock.) — C:Program Files (x86)Western DigitalWD AppsWDDriveAutoUnlock.exe =>.Western Digital Technologies
    O4 – HKLM..Wow6432NodeRun: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
    O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [WD Quick View] . (.Western Digital Technologies, Inc. – WD Quick View.) — C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe =>.Western Digital Technologies
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
    O4 – HKUSS-1-5-21-3579483987-74944699-2884554317-1000..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program Files (x86)SamsungKiesKiesAirMessage.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~4Office14ONBttnIE.dll (.not file.)
    O9 – Extra button: Send by Bluetooth to [64Bits] – {7815BE26-237D-41A8-A98F-F7BD75F71086} — Clé orpheline
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~4Office14ONBTTN~1.dll (.not file.)
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Site dans la Zone de confiance d’Internet Explorer (O15)
    O15 – Trusted Zone: [HKCU…Domainswww] http.consoclicker.com
    ~ IE Zone Confiance: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCCSServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCS1ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCS1ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCS2ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpNameServer = 172.16.0.1
    O17 – HKLMSystemCS2ServicesTcpip..{1B134068-27E1-4105-B044-B362370A5477}: DhcpDomain = suitesetudes.carrevillon
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 172.16.0.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 21/11/2012 – 20:51:48 – [4,369] —-D C:Program Files (x86)MBP
    ~ 1791 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 2063 Legitimates Filtered in 02mn 43s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.208BD18CB6DA6DE1E6119382B72940AD] – 23/11/2013 – 01:26:15 —A- . (…) — C:UsbFix [Clean 2] ESTELLE-HP.txt [27171]
    O44 – LFC:[MD5.94F0F7B8B78290D74B87DB57B9EDC55E] – 23/11/2013 – 08:12:55


    . (…) — C:bootsqm.dat [3288]
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 26/11/2013 – 21:42:42 —A- . (…) — C:WindowsSysNativeieuinit.inf [16284]
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 26/11/2013 – 21:42:42 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
    O44 – LFC:[MD5.D65BCD72C8E175913C7235F0CCAF2DEA] – 26/11/2013 – 21:46:57 —A- . (…) — C:WindowsIE11_main.log [9768]
    O44 – LFC:[MD5.E66795BB801F22A6C1DB2DB5D49D0E6F] – 26/11/2013 – 22:00:47 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [31472]
    O44 – LFC:[MD5.E66795BB801F22A6C1DB2DB5D49D0E6F] – 26/11/2013 – 22:00:47 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [31472]
    O44 – LFC:[MD5.E66795BB801F22A6C1DB2DB5D49D0E6F] – 26/11/2013 – 22:00:47 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [31472]
    O44 – LFC:[MD5.E66795BB801F22A6C1DB2DB5D49D0E6F] – 26/11/2013 – 22:00:47 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [31472]
    ~ Files: 176 Legitimates Filtered in 01mn 04s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.E46FFE723F744D45D6E58A0E4066951A] – 23/11/2013 – 01:28:07 —A- – C:WindowsPrefetchRESOURCE.EXE-E971D367.pf
    O45 – LFCP:[MD5.19F837077CE17218314BE9C02DC10107] – 23/11/2013 – 01:29:49 —A- – C:WindowsPrefetchDETECT_SMARTFRIENDAWARENESS.E-48072723.pf
    O45 – LFCP:[MD5.CEA74747CB28C6990C76FE37DCB9DBD6] – 23/11/2013 – 10:25:21 —A- – C:WindowsPrefetchWDLOCKEDFILES.EXE-2ED373DB.pf
    O45 – LFCP:[MD5.893426090418B1BCA44B0FB778C18F99] – 23/11/2013 – 10:55:01 —A- – C:WindowsPrefetchHPSFDETECT.EXE-BB7BD191.pf
    O45 – LFCP:[MD5.B99685FDFF3AF93DC31BA5DE69BBE4B8] – 23/11/2013 – 12:03:35 —A- – C:WindowsPrefetchOLRSTATECHECK.EXE-FCEE3397.pf
    ~ Prefetcher: 141 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 15 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] – 09/09/2010 – 08:46:08 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x64).) — C:WindowsSystem32Driversdgderdrv.sys [20552]
    O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:[MD5.84DFFAD6904D29DAA208D28C0C00A8A6] – 04/04/2008 – 12:48:30 —A- . (.OPTO ELECTRONICS CO.,LTD. – Interface USB Library.) — C:WindowsSystem32Driversoptousb.sys [22656]
    O58 – SDL:[MD5.1B30BF9F42D6AC7CE27B8DC83F4B5913] – 04/04/2008 – 12:48:30 —A- . (.OPTO ELECTRONICS CO.,LTD. – USB Virtual Serial Port Driver.) — C:WindowsSystem32Driversoptovcm.sys [31744]
    O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:[MD5.EBA98394A7D58F7552C52192BD8FA7E6] – 24/05/2013 – 21:27:51 —A- . (.IDT, Inc. – IDT PC Audio TPE.) — C:WindowsSystem32Driversstwrt64.sys [528384]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 09/09/2010 – 08:43:20 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSystem32DriversTFsExDisk.sys [16392]
    O58 – SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] – 13/12/2012 – 13:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    O58 – SDL:[MD5.CE4B6956E4E12492715A53076E58761F] – 09/09/2010 – 08:43:20 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    O58 – SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] – 05/02/2013 – 09:54:40 —A- . (…) — C:WindowsSysWOW64FsUsbExDisk.Sys [37344]
    ~ Drivers: 15 Legitimates Filtered in 00mn 38s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 23/11/2013 – 22:11:01 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Base avocat1.accdb [749568]
    O61 – LFC: 23/11/2013 – 22:11:05 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3Explications Access.pdf [2486629]
    O61 – LFC: 23/11/2013 – 22:13:23 —A- . (…) — C:UsersEstelleDocumentsUsbFix [Clean 2] ESTELLE-HP.txt [27171]
    O61 – LFC: 23/11/2013 – 22:13:24 —A- . (…) — C:UsersEstelleDownloadsadwcleaner.exe [1085542]
    O61 – LFC: 25/11/2013 – 22:09:57 —A- . (…) — C:UsersEstelleAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
    O61 – LFC: 25/11/2013 – 22:09:57 —A- . (…) — C:UsersEstelleAppDataRoamingZHPZHPDiag.txt [45096] =>.Nicolas Coolman
    O61 – LFC: 25/11/2013 – 22:11:06 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3MarketingProjet marketing CENTENO DURAND LANZA.docx [1271702]
    O61 – LFC: 25/11/2013 – 22:11:06 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3PPPdossier PPP.docx [457717]
    O61 – LFC: 26/11/2013 – 22:02:54 —A- . (…) — C:UsersEstelleAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [267514]
    O61 – LFC: 26/11/2013 – 22:02:54 —A- . (…) — C:UsersEstelleAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
    O61 – LFC: 26/11/2013 – 22:03:04 —A- . (…) — C:UsersEstelleAppDataLocalGoogleChromeUser DataLocal State [45832]
    O61 – LFC: 26/11/2013 – 22:09:57 —A- . (…) — C:UsersEstelleAppDataRoamingZHPLog.txt [41771] =>.Nicolas Coolman
    O61 – LFC: 26/11/2013 – 22:09:57 —A- . (…) — C:UsersEstelleAppDataRoamingZHPTestsZHPDiag.txt [2913] =>.Nicolas Coolman
    O61 – LFC: 26/11/2013 – 22:09:57 —A- . (…) — C:UsersEstelleAppDataRoamingZHPZHPExportRegistry-26-11-2013-16-20-59.txt [1846840] =>.Nicolas Coolman
    O61 – LFC: 26/11/2013 – 22:09:57 —A- . (…) — C:UsersEstelleAppDataRoamingZHPZHPFixQuarantine.txt [662] =>.Nicolas Coolman
    O61 – LFC: 26/11/2013 – 22:09:57 —A- . (…) — C:UsersEstelleAppDataRoamingZHPZHPFix[R1].txt [2945] =>.Nicolas Coolman
    O61 – LFC: 26/11/2013 – 22:10:43 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursa.3s5auditNouvelle section 1.one [48346592]
    O61 – LFC: 26/11/2013 – 22:10:59 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3A short history of North American integration.docx [48838]
    O61 – LFC: 26/11/2013 – 22:11:06 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3MarketingCENTENO DURAND LANZA PP projet.pptx [705762]
    O61 – LFC: 26/11/2013 – 22:11:06 —A- . (…) — C:UsersEstelleDocumentsEstelleEcoleEstelleLyonIAECoursL3MarketingProjet marketing CENTENO DURAND LANZA groupe 354 final.docx [1502742]
    ~ 7 Fichiers temporaires (Temporary files)
    ~ Files: 449 Legitimates Filtered in 19mn 14s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {8BEB487C-C163-4184-A2C2-1DA0EB163860} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “F23CE5547514D834E9A3049EB390CFC3” . (.WD Quick View.) — C:WindowsInstaller{455EC32F-4157-438D-9E3A-40E93B09FC3C}icon.ico =>.Western Digital Technologies
    ~ Update Products: 169 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 19/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 01/03/2011 183560 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBarBBSvc.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Auto 25/02/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 25/02/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe

    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 24/05/2013 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMAESTSr64.exe
    SR – | Auto 14/01/2011 203776 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopsched.exe
    SR – | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavguard.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 13/10/2011 105120 | (AtherosSvc) . (.Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
    SR – | Auto 15/06/2007 145504 | (bgsvcgen) . (.B.H.A Corporation.) – C:WindowsSysWOW64bgsvcgen.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 17/02/2011 265544 | (FPLService) . (.HP.) – C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe
    SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
    SR – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
    SR – | Auto 11/07/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
    SR – | Auto 29/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 04/03/2011 2375168 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SR – | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 23/11/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    SR – | Auto 09/01/2013 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) – C:Program Files (x86)PDF ArchitectHelperService.exe
    SR – | Auto 09/01/2013 795208 | (PDF Architect Service) . (.pdfforge GbR.) – C:Program Files (x86)PDF ArchitectConversionService.exe
    SR – | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftBingBarSeaPort.exe
    SR – | Auto 24/05/2013 301568 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
    SR – | Auto 23/11/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/08/2013 1042808 | (WDBackup) . (.Western Digital Technologies, Inc..) – C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe
    SR – | Auto 14/08/2013 270704 | (WDDriveService) . (.Western Digital Technologies, Inc..) – C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 13/10/2011 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe

    ~ Services: Scanned in 00mn 56s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by Estelle at 26/11/2013 22:25:44
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Estelle at 26/11/2013 22:25:46

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13000 – (26/11/2013)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 0

    ~ Additionnel Scan: 431825 Items scanned in 00mn 19s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch” onclick=”window.open(this.href);return false; =>PUP.StartSearch
    ~ MSI: 1 link(s) detected in 00mn 19s

    ~ 3841 Legitimates filtered by white list
    End of the scan (511 lines in 30mn 26s)(0)

  • lilidurhone
    Nombre d'articles : 0

    Hello

    • Télécharge Junkware Removal Tool Download (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool Download, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  • Estelle27
    Nombre d'articles : 0
  • lilidurhone
    Nombre d'articles : 0

    Hello

    Plus de souci?

  • Estelle27
    Nombre d'articles : 0

    Bonjour

    Tout semble bon. Merci beaucoup 🙂
    Par contre j’ai une dernière question : j’ai attrapé ce virus via l’ordinateur d’une association à l’université et celui-ci est utilisé par un grand nombre d’étudiants qui ont été infestés eux aussi. Si j’utilise la fonction “Vacciner” d’USBfix, je serai immunisée ou pas ?

  • lilidurhone
    Nombre d'articles : 0

    Oui c est bon en faisant suppression tu as été immunisé

    Je te donne la procédure ce soir 🙂

    1)Nettoyage des fichiers temporaires

    • Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
    • Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    2)Désinstallation des outils de désinfection

    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche la case suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

  • Estelle27
    Nombre d'articles : 0

    Ok cool
    https://antimalware.top/log/SosUpload.60a17ee3ceff3d08a9664a7f4540808f.txt
    ~ Suppression des outils de désinfection …

    Supprimé : C:USBFix
    Supprimé : C:AdwCleaner
    Supprimé : C:UsersEstelleAppDataRoamingZHP
    Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsZHP
    Supprimé : C:Program Files (x86)ZHPDiag
    Supprimé : C:PhysicalDisk0_MBR.bin
    Supprimé : C:UsbFix [Clean 2] ESTELLE-HP.txt
    Supprimé : C:UsersEstelleDesktopJRT.txt
    Supprimé : C:UsersEstelleDesktopSFTGC.txt
    Supprimé : C:UsersEstelleDesktopUsbFix Faire un Don.lnk
    Supprimé : C:UsersEstelleDesktopZHPDiag.lnk
    Supprimé : C:UsersEstelleDesktopZHPDiag.txt
    Supprimé : C:UsersEstelleDesktopZHPFix.lnk
    Supprimé : C:UsersEstelleDesktopZHPFixReport.txt
    Supprimé : C:UsersEstelleDownloadsadwcleaner.exe
    Supprimé : C:UsersEstelleDownloadsJRT.exe
    Supprimé : C:UsersEstelleDownloadsSFTGC.exe
    Supprimé : C:UsersEstelleDownloadsUsbFix.exe
    Supprimé : C:UsersEstelleDownloadsZHPDiag2.exe
    Supprimée : HKCUSoftwareUSBFix
    Supprimée : HKLMSOFTWAREAdwCleaner
    Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallUSBFix
    Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallZHPDiag_is1

    ~ Purge de la restauration système …

    Supprimé : RP #343 [Windows Update | 11/12/2013 14:34:38]
    Supprimé : RP #344 [Windows Update | 11/15/2013 09:30:24]
    Supprimé : RP #345 [Windows Update | 11/19/2013 16:49:58]
    Supprimé : RP #346 [Windows Update | 11/26/2013 15:08:52]
    Supprimé : RP #347 [ZHPFix Restore System Point | 11/26/2013 15:20:37]
    Supprimé : RP #348 [Windows Update | 11/26/2013 20:39:36]
    Supprimé : RP #349 [Windows Update | 11/27/2013 12:10:26]
    Supprimé : RP #350 [WD SmartWare Installer | 11/28/2013 13:34:02]
    Supprimé : RP #351 [WD SmartWare Installer | 11/28/2013 13:37:49]

    Nouveau point de restauration créé !

    ########## – EOF – ##########

    Des conseils pour mon ordinateur sinon ?

  • lilidurhone
    Nombre d'articles : 0

    Hello

    Oui 🙂

    [fin2desinf:3of8o6ud][/fin2desinf:3of8o6ud]

    Si tu as pas d’autres questions je passe en résolu 😉

Le sujet ‘clé USB qui crée des raccourcis’ est fermé à de nouvelles réponses.