Fichier clés usb transformé en raccourcis 2014-05-23T11:14:01+00:00
  • Auteur
    Messages
  • marinezer
    Participant
    Post count: 15

    Bonjour,

    Je reviens vers vous pour un problème que j’avais eu il y a quelque mois mais qui revient..
    En effet, sur une de mes clés usb tout mes fichiers se sont transformés en raccourcis.
    Comme j’avais déjà été accompagnée sur ce forum la première fois, j’ai essayé de résoudre le problème moi même.
    J’avais encore dans ma bécane le logiciel usb fixer j’ai essayé de régler d’analyser mais rien n’y fait .

    Voilà est-ce que quelqu’un pourrais me dépanner :)

    Merci d’avance

    Cordialement

  • buckhulk
    Participant
    Post count: 2391

    bonjour marinezer

    J'avais encore dans ma bécane le logiciel usb fixer j'ai essayé de régler d'analyser mais rien n'y fait . 

    normal , comme dit avant ( je suppose) les logiciel de désinfection ne sont pas à garder sur le PC car ils sont très vite obsolette !

    passe celui-ci :

    USBFix

    Télécharge : UsbFix par El Desaparecido sur ton Bureau.

    A / Si ton antivirus affiche une alerte, ignore-la et désactive l’antivirus temporairement. Tous les Antivirus

    B / Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    C / Double clique sur UsbFix.exe.
    D / Valide en cliquant sur Appliquer.
    E / UsbFix se relancera pour prendre
    F / UsbFix se relancera pour prendre en compte tes réglages.
    G / Clique sur Nettoyage.

    H / Laisse travailler l’outil, ton bureau ne sera pas accessible durant la phase de nettoyage.
    I / À la fin du scan, un rapport va s’afficher, poste-le dans ta prochaine réponse sur le forum.

    1 / Le rapport est aussi sauvegardé à la racine du disque système.
    ( C:UsbFixLogUsbFix [Clean 1] Nom de l’ordinateur.txt ).

    ( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller )

    2 / ->> Tutoriel (aide) en images sur le site de l’auteur.

    ensuite fait moi un ZHPDiag pour vérification
    :merci2:

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    a + ;)

  • marinezer
    Participant
    Post count: 15

    Bonjour,

    Merci de ta réponse aussi rapide, je t’envoie déjà mon rapport après analyse avec usb fixe je t’envoie le reste dans mon prochain message.
    ############################## | UsbFix V 7.171 | [Nettoyage]

    Utilisateur: marine (Administrateur) # PC-DE-MARINE
    Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
    Lancé à 14:27:31 | 23/05/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    PC: eMachines (HM50-YK )
    CPU: AMD Athlon(tm) Processor TF-20
    RAM -> [Total : 1789 Mo| Free : 789 Mo]
    Bios: eMachines
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 8.0.6001.19088
    WB: Google Chrome : 34.0.1847.137

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall [Enabled]

    C: (%SystemDrive%) -> Disque fixe # 136 Go (15 Go libre(s) – 11%) [OS] # NTFS
    D: -> CD-ROM
    F: -> Disque amovible # 7 Go (7 Go libre(s) – 98%) [USB DISK] # FAT32

    ################## | Processus Stoppés |

    C:WindowsSystem32Ati2evxx.exe (ID: 1088|ParentID: 696)
    C:WindowsSystem32SLsvc.exe (ID: 1296|ParentID: 696)
    C:WindowsSystem32Ati2evxx.exe (ID: 1536|ParentID: 1088|SYSTEM)
    C:WindowsSystem32spoolsv.exe (ID: 2016|ParentID: 696|SYSTEM)
    C:WindowsSystem32taskeng.exe (ID: 116|ParentID: 1184|SYSTEM)
    C:Windowsexplorer.exe (ID: 540|ParentID: 296|marine)
    C:Program FilesWindows DefenderMSASCui.exe (ID: 528|ParentID: 540|marine)
    C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 268|ParentID: 540|marine)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2068|ParentID: 540|marine)
    C:Program FilesCanonQuick MenuCNQMMAIN.EXE (ID: 2088|ParentID: 540|marine)
    C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 2144|ParentID: 540|marine)
    C:Program FileseMachineseMachines Power ManagementePowerSvc.exe (ID: 2496|ParentID: 696|SYSTEM)
    C:Program FilesCanonIJPLMijplmsvc.exe (ID: 2532|ParentID: 696|SYSTEM)
    C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe (ID: 2588|ParentID: 696|SYSTEM)
    C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe (ID: 2644|ParentID: 696|SYSTEM)
    C:WindowsSystem32taskeng.exe (ID: 3160|ParentID: 1184|marine)
    C:WindowsSystem32alg.exe (ID: 3608|ParentID: 696|SERVICE LOCAL)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4012|ParentID: 696|SERVICE RÉSEAU)
    C:UsersmarineAppDataLocalTempRtkBtMnt.exe (ID: 2552|ParentID: 268|marine)
    C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe (ID: 852|ParentID: 696|SERVICE LOCAL)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3880|ParentID: 2068|marine)
    C:Program FilesCanonQuick MenuCNQMUPDT.EXE (ID: 1248|ParentID: 2088|marine)
    C:Program FilesCanonQuick MenuCNQMSWCS.EXE (ID: 3124|ParentID: 2088|marine)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3712|ParentID: 540|marine)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2152|ParentID: 3712|marine)
    C:WindowsSystem32WUDFHost.exe (ID: 1680|ParentID: 1168|SERVICE LOCAL)
    C:WindowsSystem32taskeng.exe (ID: 5252|ParentID: 1184|marine)
    C:WindowsSystem32sdclt.exe (ID: 5284|ParentID: 5252|marine)
    C:WindowsSystem32wuauclt.exe (ID: 5648|ParentID: 1184|marine)
    C:Program FilesMicrosoft OfficeOffice12WINWORD.EXE (ID: 5232|ParentID: 540|marine)

    ################## | Autorun |

    F:MEMOIRE.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:guide d’entretien ME (gs).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:guide d’entretien ME (gs) (1).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:ISAP2.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:ISAP3 (2).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:ECRIT MEMOIRE noémie.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:Intro mémoire.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:ISAP.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:autoévalution troisième année.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:le_code_de_deontologie.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:blog-referent.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:fonction_referent.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:fp referent educatif ASE Montbeliard.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:SKMBT_C20313112515180.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:dossierthematique_theoriedelattachement_5.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:coopérer avec les parents en protection de l’enfance 1.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:ISIC format DPP.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:MEMOIRE ME Mai (gs).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
    F:Projet de recherche.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)

    ################## | Recherche générique |

    Supprimé! F:Intel(R)Service.vbs
    Supprimé! F:ISAP.lnk
    Supprimé! F:guide d’entretien ME (gs).lnk
    Supprimé! F:guide d’entretien ME (gs) (1).lnk
    Supprimé! F:autoévalution troisième année.lnk
    Supprimé! F:ISAP2.lnk
    Supprimé! F:ISAP3 (2).lnk
    Supprimé! F:Intro mémoire.lnk
    Supprimé! F:ECRIT MEMOIRE noémie.lnk
    Supprimé! F:MEMOIRE.lnk
    Supprimé! F:blog-referent.lnk
    Supprimé! F:le_code_de_deontologie.lnk
    Supprimé! F:fonction_referent.lnk
    Supprimé! F:Itinéraire d’un assistant familial – Accueil UFNAFAAM.lnk
    Supprimé! F:fp referent educatif ASE Montbeliard.lnk
    Supprimé! F:SKMBT_C20313112515180.lnk
    Supprimé! F:dossierthematique_theoriedelattachement_5.lnk
    Supprimé! F:coopérer avec les parents en protection de l’enfance 1.lnk
    Supprimé! F:ISIC format DPP.lnk
    Supprimé! F:MEMOIRE ME Mai (gs).lnk
    Supprimé! F:Projet de recherche.lnk

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] Explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32Userinit.exe,
    04 – HKCU..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
    04 – HKLM..Run : [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
    04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLM..Run : [CanonQuickMenu] C:Program FilesCanonQuick MenuCNQMMAIN.EXE /logon
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-179234166-31584988-549877916-1000..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [26/12/2012 – 19:01:55 | N | 0 Ko] – C:SetSearchAndHomepageInBrowserLog.txt
    [22/10/2013 – 20:17:47 | N | 12 Ko] – C:UsbFix [Scan 1] PC-DE-MARINE.txt
    [22/10/2013 – 21:03:27 | N | 21 Ko] – C:UsbFix [Clean 1] PC-DE-MARINE.txt
    [20/05/2014 – 09:24:55 | N | 7 Ko] – C:UsbFix [Scan 2] PC-DE-MARINE.txt
    [20/05/2014 – 10:14:59 | N | 7 Ko] – C:UsbFix [Scan 3] PC-DE-MARINE.txt
    [18/09/2006 – 23:43:37 | N | 0 Ko] – C:config.sys
    [19/05/2010 – 15:28:12 | N | 0 Ko] – C:MSDOS.SYS
    [19/05/2010 – 15:28:12 | N | 0 Ko] – C:IO.SYS
    [23/05/2014 – 12:53:29 | ASH | 2139520 Ko] – C:pagefile.sys
    [03/03/2009 – 15:16:33 | N | 2 Ko] – C:RHDSetup.log
    [10/10/2009 – 12:41:20 | SHD] – C:$Recycle.Bin
    [18/09/2006 – 23:43:36 | N | 0 Ko] – C:autoexec.bat
    [03/03/2009 – 22:29:27 | RAS | 8 Ko] – C:BOOTSECT.BAK
    [02/11/2006 – 14:59:44 | SHD] – C:Documents and Settings
    [21/01/2008 – 04:34:29 | RASH | 325 Ko] – C:bootmgr
    [21/01/2008 – 04:43:50 | D] – C:PerfLogs
    [03/03/2009 – 15:19:20 | RHD] – C:MSOCache
    [03/03/2009 – 22:29:26 | SHD] – C:Boot
    [18/06/2009 – 07:48:35 | D] – C:book
    [06/10/2009 – 22:40:17 | D] – C:ACERSW
    [06/10/2009 – 22:41:19 | D] – C:ACER
    [10/10/2009 – 12:40:47 | D] – C:Users
    [19/05/2010 – 15:29:17 | D] – C:Westwood
    [30/11/2010 – 17:38:04 | D] – C:2a907a25565162a10b6a96
    [07/12/2010 – 16:55:33 | D] – C:Boonty
    [24/03/2013 – 17:11:38 | D] – C:NVIDIA
    [27/03/2013 – 19:27:34 | D] – C:Microsoft Office 2007 Pro FR – V12 Final (Access, Excel, Word, Outlook, PowerPoint, Publisher, InfoPath) + N
    [07/04/2013 – 12:30:29 | N | 0 Ko] – C:END
    [02/08/2013 – 15:46:05 | HD] – C:ProgramData
    [08/12/2013 – 19:36:04 | D] – C:Temp
    [13/03/2014 – 09:04:44 | D] – C:e93c007d3cd84f2b076d
    [10/05/2014 – 14:00:31 | D] – C:Program Files
    [23/05/2014 – 12:55:15 | D] – C:Windows
    [23/05/2014 – 13:04:35 | SHD] – C:System Volume Information
    [23/05/2014 – 14:27:08 | D] – C:UsbFix

    ################## | F: – Disque USB (FAT32) |

    [11/04/2014 – 13:26:04 | N | 74 Ko] – F:le_code_de_deontologie.pdf
    [16/04/2014 – 06:27:54 | N | 142 Ko] – F:fonction_referent.pdf
    [16/04/2014 – 06:30:22 | N | 107 Ko] – F:fp referent educatif ASE Montbeliard.PDF
    [17/04/2014 – 08:22:28 | N | 18002 Ko] – F:SKMBT_C20313112515180.pdf
    [17/04/2014 – 11:52:18 | N | 2124 Ko] – F:dossierthematique_theoriedelattachement_5.pdf
    [17/04/2014 – 12:17:08 | N | 267 Ko] – F:coopérer avec les parents en protection de l’enfance 1.pdf
    [01/04/2014 – 16:50:58 | N | 14 Ko] – F:ECRIT MEMOIRE noémie.odt
    [20/01/2014 – 22:29:10 | N | 31 Ko] – F:ISAP.docx
    [04/02/2014 – 20:45:20 | N | 14 Ko] – F:guide d’entretien ME (gs).docx
    [06/02/2014 – 10:27:22 | N | 14 Ko] – F:guide d’entretien ME (gs) (1).docx
    [14/03/2014 – 08:34:42 | N | 35 Ko] – F:ISAP2.docx
    [31/03/2014 – 23:04:06 | N | 34 Ko] – F:ISAP3 (2).docx
    [31/03/2014 – 23:29:48 | N | 26 Ko] – F:autoévalution troisième année.docx
    [22/04/2014 – 15:42:40 | N | 40 Ko] – F:ISIC format DPP.docx
    [30/04/2014 – 10:33:02 | N | 78 Ko] – F:MEMOIRE ME Mai (gs).docx
    [04/05/2014 – 14:20:48 | N | 27 Ko] – F:Intro mémoire.docx
    [07/05/2014 – 12:26:20 | N | 18 Ko] – F:Projet de recherche.docx
    [07/05/2014 – 12:26:30 | N | 81 Ko] – F:MEMOIRE.docx
    [11/04/2014 – 11:25:22 | N | 129 Ko] – F:blog-referent.doc
    [04/06/2013 – 15:06:06 | D] – F:Fiches DC4 + mémoire ass3
    [19/10/2013 – 18:39:14 | D] – F:théorie isap
    [19/10/2013 – 18:39:14 | D] – F:mémoire
    [20/10/2013 – 22:29:12 | D] – F:Données territoire stage
    [12/01/2014 – 21:01:46 | D] – F:ISIC
    [18/02/2014 – 16:06:14 | D] – F:politique sociale
    [20/03/2014 – 11:51:16 | D] – F:dossier info
    [24/03/2014 – 14:32:58 | D] – F:retranscription mémoire
    [01/04/2014 – 16:51:14 | SHD] – F:System Volume Information
    [08/05/2014 – 17:09:12 | D] – F:Memoire finalisé
    [19/05/2014 – 13:21:30 | D] – F:MEMOIRE IMPRIMEUR

    ################## | Vaccin |

    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

  • marinezer
    Participant
    Post count: 15

    Voici le rapport de zhpdiag, j’espère je ne me suis pas trompée dans les manipulations:

    ~ Rapport de ZHPDiag v2014.5.23.72 – Nicolas Coolman (23/05/2014)
    ~ Lancé par marine (23/05/2014 14:36:20)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Désactivée par l’utilisateur
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.19088
    GCIE: Google Chrome v34.0.1847.137 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Vista (TM) Home Basic, 32-bit Service Pack 1 (Build 6001)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Vista, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 8QXTR
    Windows License : OK
    Windows Automatic Updates : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2013

    —\ Logiciels d’optimisation du système
    CCleaner v3.22

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 13 Plugin
    Adobe Reader 9.5.5 – Français

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 124 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1789 MB (43% free)
    System Restore: Activé (Enable)
    System drive C: has 15 GB (10%) free of 136 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-DE-MARINE
    ~ User Name: marine
    ~ All Users Names: marine, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersmarineAppDataRoamingZHP
    ~ %AppData% : C:UsersmarineAppDataRoaming
    ~ %Desktop% : C:UsersmarineDesktop
    ~ %Favorites% : C:UsersmarineFavorites
    ~ %LocalAppData% : C:UsersmarineAppDataLocal
    ~ %StartMenu% : C:UsersmarineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 15 Go of 136 Go)
    D: CD-ROM drive (Free 0 Go of 0 Go)
    F: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] FirewallOverride: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN] CheckedValue: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyComputer: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyDocs: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyMusic: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyPics: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowPrinters: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowControlPanel: OK
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowNetConn: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: OK
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
    [HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWindows] Load: OK
    [HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : OK
    ~ Security Center: 47 Scanned in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] – (.Microsoft Corporation – Explorateur Windows.) (.29/10/2008 – 07:29:41.) — C:WindowsExplorer.exe [2927104]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:33:13.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.DE4685DE5130039FA63DA66C0F72F787] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.28/05/2011 – 07:08:58.) — C:WindowsSystem32wininet.dll [916480]
    [MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/01/2008 – 03:34:38.) — C:WindowsSystem32Winlogon.exe [314880]
    [MD5.48EB99503533C27AC6135648E5474457] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:16:42.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.2D9C903DC76A66813D350A562DE40ED9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.21/01/2008 – 03:32:21.) — C:Windowssystem32Driversatapi.sys [21560]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:33:23.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/01/2008 – 03:32:23.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.A3E9FA213F443AC77C7746119D13FEEC] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:24:14.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.C87B1EE051C0464491C1A7B03FA0BC99] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/01/2008 – 03:32:47.) — C:Windowssystem32DriversHDAudBus.sys [53760]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:32:45.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:34:06.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 13:49:35.) — C:Windowssystem32DriversMRxSmb.sys [105984]
    [MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] – (.Microsoft Corporation – MBT Transport driver.) (.21/01/2008 – 03:34:49.) — C:Windowssystem32DriversnetBT.sys [184320]
    [MD5.B4EFFE29EB4F15538FD8A9681108492D] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.21/01/2008 – 03:33:23.) — C:Windowssystem32Driversntfs.sys [1081912]
    [MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:34:44.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.FBC0BACD9C3D7F6956853F64A66E252D] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.21/01/2008 – 03:32:22.) — C:Windowssystem32Driversrdpdr.sys [248832]
    [MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] – (.Microsoft Corporation – SMB Transport driver.) (.21/01/2008 – 03:34:49.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.D09276B1FAB033CE1D40DCBDF303D10F] – (.Microsoft Corporation – TDI Translation Driver.) (.21/01/2008 – 03:34:42.) — C:Windowssystem32Driverstdx.sys [71680]
    [MD5.D8B4A53DD2769F226B3EB374374987C9] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/01/2008 – 03:32:47.) — C:Windowssystem32Driversvolsnap.sys [227896]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/1632
    ~ Mes musiques (My Musics) : 1/5292
    ~ Mes Videos (My Videos) : 1/7
    ~ Mes Favoris (My Favorites) : 1/31
    ~ Mes Documents (My Documents) : 2/395
    ~ Mon Bureau (My Desktop) : 12/1094
    ~ Menu demarrer (Programs) : 1/24
    ~ Hidden Files: Scanned in 00mn 04s

    —\ Processus lancés
    [MD5.CC42F104172B4A62793083D380867317] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1660]
    [MD5.FA18468460906465C6A181904F5B706B] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3774312] [PID.2096]
    [MD5.31C68B3012C6E94DAC381B31E3A4F0D5] – (…) — C:UsbFixUsbFix.exe [1662976] [PID.3304]
    [MD5.DCF3E3EDF5109EE8BC02FE6E1F045795] – (.Microsoft Corporation – wpffontcache_v0400.exe.) — C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [753504] [PID.3368]
    [MD5.A1545B731579895D8CC44FC0481C1192] – (.Microsoft Corporation – Service de la passerelle de la couche Appli.) — C:WindowsSystem32alg.exe [59392] [PID.5016]
    [MD5.0BA91E1358AD25236863039BB2609A2E] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [2623488] [PID.192]
    [MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.4816]
    [MD5.345B1798395CEA9C178AFF1784FA2A37] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [841032] [PID.308]
    [MD5.2BE28172DB7CB4C3AB8AC061D5420316] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7877120] [PID.2444]
    [MD5.F96EBC5A624349D81DCC7600A3C5DC43] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.5116]
    [MD5.5DAF7081A4BB112FA3F1915819330A3E] – (…) — C:Program FilesZHPDiagpv.exe [61440] [PID.0]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] None
    G0 – GCSP: Preference [User DataDefault][HomePage] http://www.delta-search.com” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    G2 – GCE: Preference [User DataDefault] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] GoogleDrive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.20 (Activé)
    G2 – GCE: Preference [User DataDefault] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [hakpajgggjjcjmidfbnnncnbaihjneaj] 01NET.com Main v.10.15.0.62, (Désactivé)
    G2 – GCE: Preference [User DataDefault] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.8.0.1483, (Désactivé)
    G2 – GCE: Preference [User DataDefault] [janmfndmohbaaoocpcgfbghioojoakjg] plugin v.0.2 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
    G2 – GCE: Preference [User DataDefault] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)

    —\ Liste des dossiers d’extension Google Chrome
    G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [GoogleDrive]
    G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [YouTube]
    G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [Recherche Google]
    G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsjanmfndmohbaaoocpcgfbghioojoakjg [plugin]
    G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp [Bubble Dock] =>PUP.BubbleDock
    G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
    G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [Gmail]
    ~ Google Lines Browser: 27 Scanned in 00mn 35s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultprefs.js
    C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultuser.js
    M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsbabylon.xml =>PUP.Babylon
    M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsconduit.xml
    M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsdelta.xml =>Toolbar.DeltaSearch
    M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsfissa.xml =>PUP.OfferBox
    M2 – MFEP: prefs.js [marine – dwt984hb.default{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (..)
    M2 – MFEP: prefs.js [marine – dwt984hb.default{f531b93a-b50b-4ff1-8288-404c881ac4da}] [] 01NET.com Main v10.15.0.62 (..)
    P2 – FPN: [HKLM] [@adobe.com/FlashPlayer] – (…) — C:Windowssystem32MacromedFlashNPSWF32_13_0_0_214.dll
    P2 – FPN: [HKLM] [@adobe.com/ShockwavePlayer] – (.Adobe Systems, Inc. – Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) — C:Windowssystem32AdobeDirectornp32dsw.dll
    P2 – FPN: [HKLM] [@canon.com/EPPEX] – (.CANON INC. – CANON iMAGE GATEWAY Album Plugin Utility Module for IJ.) — C:Program FilesCanonMy Image GardenAddOnCIGnpmigfpi.dll
    P2 – FPN: [HKLM] [@java.com/DTPlugin,version=10.17.2] – (.Oracle Corporation – NPRuntime Script Plug-in Library for Java(TM) Deploy.) — C:Windowssystem32npDeployJava1.dll
    P2 – FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] – (. Microsoft Corporation – 5.1.30214.0.) — c:Program FilesMicrosoft Silverlight5.1.30214.0npctrl.dll
    P2 – FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] – (.Microsoft Corporation – NPWLPG.) — C:Program FilesWindows LivePhoto GalleryNPWLPG.dll
    P2 – FPN: [HKLM] [@microsoft.com/WPF,version=3.5] – (.Microsoft Corporation – Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) — c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll
    P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=3] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
    P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=9] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
    P2 – FPN: [HKLM] [Adobe Reader] – (.Adobe Systems Inc. – Adobe PDF Plug-In For Firefox and Netscape “9.5.5”.) — C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll
    ~ Firefox Browser: 16 Scanned in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.delta-search.com” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.emachines.com” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.emachines.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://start.facemoods.com” onclick=”window.open(this.href);return false; =>Adware.Facemoods
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm” onclick=”window.open(this.href);return false;
    R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. – Adobe PDF Plug-In For Firefox and Netscape “9.5.5”.) (No version) — (.not file.)
    ~ IE Browser: 16 Scanned in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated – Adobe PDF Helper for Internet Explorer.) — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 – BHO: Bubble Dock SurfMatch – {23AF19F7-1D5B-442c-B14C-3D1081953C94} . (.Nosibay – Bubble Dock.) — C:Program FilesNosibayBubble DockextensionsaxSurfMatch.dll =>PUP.BubbleDock
    O2 – BHO: Canon Easy-WebPrint EX BHO – {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} . (.CANON INC. – Easy-WebPrint EX.) — C:Program FilesCanonEasy-WebPrint EXewpexbho.dll
    O2 – BHO: avast! Online Security – {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
    O2 – BHO: Programme d’aide de l’Assistant de connexion Windows Live – {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation – WindowsLiveLogin.dll.) — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
    O2 – BHO: OfferBox – {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited – OfferBox.) — C:Program FilesOfferBoxOfferBoxBHO.dll =>PUP.OfferBox
    ~ BHO: 12 Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Canon Easy-WebPrint EX – [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. – Easy-WebPrint EX.) — C:Program FilesCanonEasy-WebPrint EXewpexhlp.dll
    O3 – Toolbar: avast! Online Security – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [Public]: Navigateur OfferBox.lnk . (…) — C:Program FilesOfferBoxOfferBoxLauncher.exe (.not file.) =>PUP.OfferBox
    O4 – GSDesktop [marine]: UsbFix Faire un Don.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.usbfix.net” onclick=”window.open(this.href);return false;
    ~ Global Startup: 2 Scanned in 00mn 02s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – HD Audio Control Panel.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 – HKLM..Run: [CanonQuickMenu] . (.CANON INC. – Canon Quick Menu.) — C:Program FilesCanonQuick MenuCNQMMAIN.exe
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-21-179234166-31584988-549877916-1000..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office12ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Winsock hijacker (Layered Service Provider) (O10)
    O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Network Location Awareness 2.) — C:Windowssystem32NLAapi.dll
    O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – Fournisseur Shim d’affectation de noms de messagerie.) — C:Windowssystem32napinsp.dll
    O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000004Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000005Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:Windowssystem32mswsock.dll =>.Microsoft Corporation
    O10 – WLSP:00000000006Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:Windowssystem32winrnr.dll
    ~ Winsock: 6 Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{A0BC4DBD-58A7-4130-A090-C545E1346EC4}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{A0BC4DBD-58A7-4130-A090-C545E1346EC4}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation – Contrôleur de site Web.) — C:WindowsSystem32webcheck.dll
    ~ SSODL: 1 Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: (Ati External Event Utility) . (.ATI Technologies Inc. – ATI External Event Utility EXE Module.) – C:WindowsSystem32Ati2evxx.exe
    O23 – Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software – avast! Service.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    O23 – Service: Acer ePower Service (ePowerSvc) . (.Acer Incorporated – ePowerSvc.) – C:Program FileseMachineseMachines Power ManagementePowerSvc.exe
    O23 – Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. – Programme d’installation de Google.) – C:Program FilesGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O23 – Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) . (.Pas de propriétaire – Inkjet Printer/Scanner/Fax Extended Survey.) – C:Program FilesCanonIJPLMIJPLMSVC.exe
    O23 – Service: IviRegMgr (IviRegMgr) . (.InterVideo – RegMgr Module.) – C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
    O23 – Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) . (.NewTech Infosystems, Inc. – NTI Backup Now 5 SchedulerSvc NT Service.) – C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
    ~ Services: 7 Scanned in 00mn 07s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Default MHTML Editor: Last – .(…) – (.not file.)
    ~ Desktop Component: 4 Scanned in 00mn 00s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (autocheck autochk *) – File not found
    ~ BEX: 1 Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.09E7C37DF4A911C8A9AA8BF88ACD10AA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) — C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe [257712]
    [MD5.F82F374417148CF545221DD88876219F] [APT] [avast! Emergency Update] (.AVAST Software.) — C:Program FilesAVAST SoftwareAvastAvastEmUpdate.exe [783728]
    [MD5.45C26D4AF94C4D2335B5960F1D9BCC7D] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) — C:Program FilesCCleanerCCleaner.exe [3113312]
    [MD5.00000000000000000000000000000000] [APT] [DealPly] (…) — C:UsersmarineAppDataRoamingDealPlyUPDATE~1UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
    [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] [APT] [Programme de mise … jour en ligne de Adobe] (.Adobe Systems Incorporated.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [958576]
    [MD5.00000000000000000000000000000000] [APT] [{0388B60A-FD86-4965-A6D8-BD603D98D97B}] (…) — D:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{C23350A9-5CC7-49E0-9A25-1FFAFBB1F117}] (…) — C:UsersmarineDownloadsavira_antivirus_personal_fr.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{E54B1257-89D9-41FF-9112-D93E87C7F150}] (…) — D:setup.exe (.not file.) [0]
    [MD5.6F271837B6819CFD49EB242D3799993C] [APT] [Burn Notification] (…) — C:Program FileseMachineseMachines Recovery ManagementNotificationCenterNotification.exe [667648]
    O39 – APT: Adobe Flash Player Updater – (.Adobe Systems Incorporated.) — C:WindowsTasksAdobe Flash Player Updater.job [1002]
    O39 – APT: Adobe Flash Player Updater – (.Adobe Systems Incorporated.) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineCore.job [1052]
    O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1052]
    O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineUA.job [1056]
    O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1056]
    ~ Scheduled Task: 17 Scanned in 00mn 04s

  • marinezer
    Participant
    Post count: 15

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: Microsoft Windows Media Player – >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Internet Explorer – >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation – Utilitaire d’initialisation d’Internet Explorer par utilisateur.) — C:Windowssystem32ie4uinit.exe
    O40 – ASIC: Browser Customizations – >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation – Personnalisation d’IEAK.) — C:Windowssystem32iedkcs32.dll
    O40 – ASIC: Microsoft Windows Media Player 11.0 – {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Windows Media Player Extension.) — C:WindowsSystem32wmpdxm.dll =>.Microsoft Corporation
    O40 – ASIC: Themes Setup – {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation – API Windows Theme.) — C:WindowsSystem32themeui.dll
    O40 – ASIC: Microsoft Windows Mail 7 – {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation – Windows Mail.) — C:Program FilesWindows MailWinMail.exe =>.Microsoft Corporation
    O40 – ASIC: Browsing Enhancements – {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation – Extension Shell dossier FTP Microsoft Internet Explorer..) — C:WindowsSystem32msieftp.dll
    O40 – ASIC: Microsoft Windows Media Player – {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Windows Desktop Update – {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WindowsSystem32shell32.dll
    O40 – ASIC: Internet Explorer – {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation – Utilitaire d’initialisation d’Internet Explorer par utilisateur.) — C:Windowssystem32ie4uinit.exe
    O40 – ASIC: (no name) – {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation – Microsoft .NET IE SECURITY REGISTRATION.) — C:Windowssystem32mscories.dll
    O40 – ASIC: Google Chrome – {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplication34.0.1847.137Installerchrmstp.exe
    O40 – ASIC: Shockwave Flash Object – {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. – Adobe Flash Player 13.0 r0.) — C:Windowssystem32MacromedFlashFlash32_13_0_0_214.ocx
    ~ Active Setup: 13 Scanned in 00mn 00s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (AFD) . (.Microsoft Corporation – Ancillary Function Driver for WinSock.) – C:Windowssystem32driversafd.sys
    O41 – Driver: (AswRdr) . (.AVAST Software – avast! TDI Redirect Driver.) – C:Windowssystem32driversaswRdr.sys
    O41 – Driver: (aswSnx) . (.AVAST Software – avast! Virtualization Driver.) – C:Windowssystem32driversaswSnx.sys
    O41 – Driver: (aswSP) . (.AVAST Software – avast! self protection module.) – C:Windowssystem32driversaswSP.sys
    O41 – Driver: (aswTdi) . (.AVAST Software – avast! TDI Filter Driver.) – C:Windowssystem32driversaswTdi.sys
    O41 – Driver: (cdrom) . (.Microsoft Corporation – SCSI CD-ROM Driver.) – C:WindowsSystem32DRIVERScdrom.sys
    O41 – Driver: C:WindowsSystem32driversdfsc.sys (DfsC) . (.Microsoft Corporation – DFS Namespace Client Driver.) – C:WindowsSystem32Driversdfsc.sys
    O41 – Driver: (DritekPortIO) . (.Dritek System Inc. – General Port I/O.) – C:Program FilesLAUNCH~1DPortIO.sys
    O41 – Driver: (i8042prt) . (.Microsoft Corporation – Pilote de port i8042.) – C:WindowsSystem32DRIVERSi8042prt.sys
    O41 – Driver: (kbdclass) . (.Microsoft Corporation – Pilote de la classe Clavier.) – C:WindowsSystem32DRIVERSkbdclass.sys
    O41 – Driver: (mouclass) . (.Microsoft Corporation – Pilote de la classe Souris.) – C:WindowsSystem32DRIVERSmouclass.sys
    O41 – Driver: (NetBIOS) . (.Microsoft Corporation – NetBIOS interface driver.) – C:WindowsSystem32DRIVERSnetbios.sys
    O41 – Driver: (netbt) . (.Microsoft Corporation – MBT Transport driver.) – C:WindowsSystem32DRIVERSnetbt.sys
    O41 – Driver: (nsiproxy) . (.Microsoft Corporation – NSI Proxy.) – C:WindowsSystem32driversnsiproxy.sys
    O41 – Driver: C:WindowsSystem32driverspacer.sys (PSched) . (.Microsoft Corporation – Planificateur de paquets QoS.) – C:WindowsSystem32DRIVERSpacer.sys
    O41 – Driver: (RasAcd) . (.Microsoft Corporation – RAS Automatic Connection Driver.) – C:WindowsSystem32DRIVERSrasacd.sys
    O41 – Driver: (rdbss) . (.Microsoft Corporation – Redirected Drive Buffering SubSystem Driver.) – C:WindowsSystem32DRIVERSrdbss.sys
    O41 – Driver: (RDPCDD) . (.Microsoft Corporation – RDP Miniport.) – C:WindowsSystem32DRIVERSRDPCDD.sys
    O41 – Driver: (RDPENCDD) . (.Microsoft Corporation – RDP Miniport.) – C:WindowsSystem32driversrdpencdd.sys
    O41 – Driver: C:WindowsSystem32tcpipcfg.dll (Smb) . (.Microsoft Corporation – SMB Transport driver.) – C:WindowsSystem32DRIVERSsmb.sys
    O41 – Driver: C:WindowsSystem32tcpipcfg.dll (tdx) . (.Microsoft Corporation – TDI Translation Driver.) – C:WindowsSystem32DRIVERStdx.sys
    O41 – Driver: (TermDD) . (.Microsoft Corporation – Terminal Server Driver.) – C:WindowsSystem32DRIVERStermdd.sys
    O41 – Driver: (VgaSave) . (.Microsoft Corporation – VGA/Super VGA Video Driver.) – C:Windowssystem32driversvga.sys
    O41 – Driver: (Wanarpv6) . (.Microsoft Corporation – MS Remote Access and Routing ARP Driver.) – C:WindowsSystem32DRIVERSwanarp.sys
    ~ Drivers: 48 Scanned in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: 32 Bit HP CIO Components Installer – (.Hewlett-Packard.) [HKLM] — {F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    O42 – Logiciel: Adobe Flash Player 13 ActiveX – (.Adobe Systems Incorporated.) [HKLM] — Adobe Flash Player ActiveX
    O42 – Logiciel: Adobe Flash Player 13 Plugin – (.Adobe Systems Incorporated.) [HKLM] — Adobe Flash Player Plugin
    O42 – Logiciel: Adobe Reader 9.5.5 – Français – (.Adobe Systems Incorporated.) [HKLM] — {AC76BA86-7AD7-1036-7B44-A95000000001}
    O42 – Logiciel: Adobe Shockwave Player 11.5 – (.Adobe Systems, Inc..) [HKLM] — Adobe Shockwave Player
    O42 – Logiciel: Apple Software Update – (.Apple Inc..) [HKLM] — {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
    O42 – Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver – (.Atheros Communications Inc..) [HKLM] — {3108C217-BE83-42E4-AE9E-A56A2A92E549}
    O42 – Logiciel: CCleaner – (.Piriform.) [HKLM] — CCleaner
    O42 – Logiciel: Canon Easy-WebPrint EX – (…) [HKLM] — Easy-WebPrint EX
    O42 – Logiciel: Canon IJ Scan Utility – (.‪Canon Inc.‬.) [HKLM] — Canon_IJ_Scan_Utility
    O42 – Logiciel: Canon Inkjet Printer/Scanner/Fax Extended Survey Program – (.Canon Inc..) [HKLM] — CANONIJPLM100
    O42 – Logiciel: Canon MG2200 series MP Drivers – (.Canon Inc..) [HKLM] — {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series
    O42 – Logiciel: Canon MG2200 series On-screen Manual – (.Canon Inc..) [HKLM] — Canon MG2200 series On-screen Manual
    O42 – Logiciel: Canon My Image Garden – (.Canon Inc..) [HKLM] — Canon My Image Garden
    O42 – Logiciel: Canon My Image Garden Design Files – (.Canon Inc..) [HKLM] — Canon My Image Garden Design Files
    O42 – Logiciel: Canon My Printer – (.Canon Inc..) [HKLM] — CanonMyPrinter
    O42 – Logiciel: Canon Quick Menu – (.Canon Inc..) [HKLM] — CanonQuickMenu
    O42 – Logiciel: Enregistrement utilisateur de Canon MG2200 series – (.Canon Inc.‎.) [HKLM] — Enregistrement utilisateur de Canon MG2200 series =>.Canon Inc
    O42 – Logiciel: Google Chrome – (.Google Inc..) [HKLM] — Google Chrome
    O42 – Logiciel: Google Update Helper – (.Google Inc..) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    O42 – Logiciel: InterActual Player – (…) [HKLM] — InterActual Player
    O42 – Logiciel: InterVideo WinDVD 8 – (.InterVideo Inc..) [HKLM] — InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}
    O42 – Logiciel: JDownloader 0.9 – (.AppWork GmbH.) [HKLM] — 5513-1208-7298-9440
    O42 – Logiciel: Junk Mail filter update – (.Microsoft Corporation.) [HKLM] — {8E5233E1-7495-44FB-8DEB-4BE906D59619}
    O42 – Logiciel: Launch Manager – (.eMachines.) [HKLM] — LManager
    O42 – Logiciel: LauncherMA – (.Micro Application.) [HKLM] — {C06EFB22-B5DB-46C5-9215-BCB5C19C0858}
    O42 – Logiciel: MSVCRT – (.Microsoft.) [HKLM] — {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    O42 – Logiciel: MSXML 4.0 SP2 (KB954430) – (.Microsoft Corporation.) [HKLM] — {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    O42 – Logiciel: MSXML 4.0 SP2 (KB973688) – (.Microsoft Corporation.) [HKLM] — {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    O42 – Logiciel: Microsoft Choice Guard – (.Microsoft Corporation.) [HKLM] — {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    O42 – Logiciel: Microsoft Silverlight – (.Microsoft Corporation.) [HKLM] — {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 – Logiciel: Microsoft WSE 3.0 Runtime – (.Microsoft Corp..) [HKLM] — {E3E71D07-CD27-46CB-8448-16D4FB29AA13}
    O42 – Logiciel: Microsoft Works – (.Microsoft Corporation.) [HKLM] — {0214A441-A4AB-43A8-8DEF-2F73C5364673}
    O42 – Logiciel: MyTomTom 3.2.0.802 – (.TomTom.) [HKLM] — MyTomTom
    O42 – Logiciel: NTI Backup Now 5 – (.NewTech Infosystems.) [HKLM] — InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}
    O42 – Logiciel: NTI Media Maker 8 – (.NewTech Infosystems.) [HKLM] — InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}
    O42 – Logiciel: OpenOffice.org 3.3 – (.OpenOffice.org.) [HKLM] — {7E0610A2-E336-40B3-B685-C4905E97EC9A}
    O42 – Logiciel: QuickTime – (.Apple Inc..) [HKLM] — {EB900AF8-CC61-4E15-871B-98D1EA3E8025}
    O42 – Logiciel: Realtek High Definition Audio Driver – (.Realtek Semiconductor Corp..) [HKLM] — {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
    O42 – Logiciel: Realtek USB 2.0 Card Reader – (.Realtek Semiconductor Corp..) [HKLM] — {DC24971E-1946-445D-8A82-CE685433FA7D}
    O42 – Logiciel: Synaptics Pointing Device Driver – (.Synaptics.) [HKLM] — SynTPDeinstKey
    O42 – Logiciel: VLC media player 0.9.9 – (.VideoLAN Team.) [HKLM] — VLC media player =>.VideoLAN
    O42 – Logiciel: Video Web Camera – (.SuYin.) [HKLM] — {A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}
    O42 – Logiciel: Visual Studio C++ 10.0 Runtime – (.TomTom International B.V..) [HKLM] — {4412F224-3849-4461-A3E9-DEEF8D252790}
    O42 – Logiciel: Windows Media Player Firefox Plugin – (.Microsoft Corp.) [HKLM] — {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} =>.Microsoft Corporation
    O42 – Logiciel: avast! Free Antivirus v9.0.2013 – (.Avast Software.) [HKLM] — avast
    O42 – Logiciel: eMachines Power Management – (.eMachines.) [HKLM] — {3DB0448D-AD82-4923-B305-D001E521A964}
    O42 – Logiciel: eMachines Recovery Management – (.Acer Incorporated.) [HKLM] — {7F811A54-5A09-4579-90E1-C93498E230D9}
    O42 – Logiciel: eMachines ScreenSaver – (.eMachines.) [HKLM] — eMachines Screensaver
    ~ Logic: 33 Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftware5353dc8bb339e544] =>Hijacker.Eazel
    [HKCUSoftwareALWIL Software]
    [HKCUSoftwareATI Technologies Inc.]
    [HKCUSoftwareATI]
    [HKCUSoftwareAVAST Software]
    [HKCUSoftwareAdobe]
    [HKCUSoftwareAppDataLowSoftwareAdobe]
    [HKCUSoftwareAppDataLowSoftwareCanon]
    [HKCUSoftwareAppDataLowSoftwareConduitSearchScopes]
    [HKCUSoftwareAppDataLowSoftwareConduit] =>Toolbar.Conduit
    [HKCUSoftwareAppDataLowSoftwareDivX]
    [HKCUSoftwareAppDataLowSoftwareJavaSoft]
    [HKCUSoftwareAppDataLowSoftwareSimplytech]
    [HKCUSoftwareAppDataLowSoftwareSmartbar] =>Hijacker.SmartBar
    [HKCUSoftwareAppDataLow]
    [HKCUSoftwareApple Computer, Inc.]
    [HKCUSoftwareApple Inc.]
    [HKCUSoftwareAudacity]
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution
    [HKCUSoftwareBrother]
    [HKCUSoftwareCanonBJ]
    [HKCUSoftwareCanon]
    [HKCUSoftwareClasses]
    [HKCUSoftwareClients]
    [HKCUSoftwareConduit] =>Toolbar.Conduit
    [HKCUSoftwareDataMngr] =>PUP.Datamngr
    [HKCUSoftwareDataPulse Singapore]
    [HKCUSoftwareDevNet]
    [HKCUSoftwareDivXNetworks]
    [HKCUSoftwareElectronic Arts]
    [HKCUSoftwareFarm Mania 2]
    [HKCUSoftwareFissaSearch] =>PUP.OfferBox
    [HKCUSoftwareFreeCompressor]
    [HKCUSoftwareGoogle]
    [HKCUSoftwareHewlett-Packard]
    [HKCUSoftwareIADirectShow]
    [HKCUSoftwareIM Providers]
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKCUSoftwareIntel]
    [HKCUSoftwareInterActual Technologies]
    [HKCUSoftwareInterVideo]
    [HKCUSoftwareJEDI-VCL]
    [HKCUSoftwareLocal AppWizard-Generated Applications]
    [HKCUSoftwareMacromedia]
    [HKCUSoftwareMacrovision]
    [HKCUSoftwareMozillaPlugins]
    [HKCUSoftwareNero]
    [HKCUSoftwareNetscape]
    [HKCUSoftwareNewTech Infosystems]
    [HKCUSoftwareNosibay]
    [HKCUSoftwareODBC]
    [HKCUSoftwareOberon]
    [HKCUSoftwareOfferBox] =>PUP.OfferBox
    [HKCUSoftwareOpenOffice.org]
    [HKCUSoftwarePiriform]
    [HKCUSoftwarePolicies]
    [HKCUSoftwarePopCap]
    [HKCUSoftwareRealtek]
    [HKCUSoftwareSFR]
    [HKCUSoftwareSandlot Games]
    [HKCUSoftwareSkypeRS]
    [HKCUSoftwareSkype]
    [HKCUSoftwareSoftware]
    [HKCUSoftwareSonix]
    [HKCUSoftwareSony Corporation]
    [HKCUSoftwareSynaptics]
    [HKCUSoftwareTeam17SoftwareLTD]
    [HKCUSoftwareTeamViewer]
    [HKCUSoftwareTeleCharger]
    [HKCUSoftwareTomTom]
    [HKCUSoftwareTrolltech]
    [HKCUSoftwareTuneUp]
    [HKCUSoftwareUsbFix]
    [HKCUSoftwareVB and VBA Program Settings]
    [HKCUSoftwareVSO]
    [HKCUSoftwareWildTangent]
    [HKCUSoftwareWindows Live Writer]
    [HKCUSoftwareZebHelpProcess Helper]
    [HKCUSoftwareacer]
    [HKCUSoftwareej-technologies]
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKCUSoftwaremozilla]
    [HKLMSoftwareALWIL Software]
    [HKLMSoftwareAMD]
    [HKLMSoftwareATI Technologies]
    [HKLMSoftwareATI]
    [HKLMSoftwareAVAST Software]
    [HKLMSoftwareAcer Incorporated]
    [HKLMSoftwareAcer]
    [HKLMSoftwareAdobe]
    [HKLMSoftwareAppDataLow]
    [HKLMSoftwareApple Computer, Inc.]
    [HKLMSoftwareApple Inc.]
    [HKLMSoftwareAtheros Communications Inc.]
    [HKLMSoftwareBabylon] =>PUP.Babylon
    [HKLMSoftwareBig Fish Games]
    [HKLMSoftwareBoonty]
    [HKLMSoftwareBoxore] =>Adware.Boxore
    [HKLMSoftwareBroadCom]
    [HKLMSoftwareBrowserChoice]
    [HKLMSoftwareCanon]
    [HKLMSoftwareClasses]
    [HKLMSoftwareClients]
    [HKLMSoftwareCompal]
    [HKLMSoftwareConduit] =>Toolbar.Conduit
    [HKLMSoftwareCyberlink]
    [HKLMSoftwareDataMngr] =>PUP.Datamngr
    [HKLMSoftwareDigital River]
    [HKLMSoftwareDivXNetworks]
    [HKLMSoftwareDivX]
    [HKLMSoftwareDomaIQ] =>Adware.DomaIQ
    [HKLMSoftwareElectronic Arts]
    [HKLMSoftwareGEAR Software]
    [HKLMSoftwareGamesBarSetup] =>Adware.GamesBar
    [HKLMSoftwareGateway]
    [HKLMSoftwareGoogle]
    [HKLMSoftwareHP]
    [HKLMSoftwareHewlett-Packard]
    [HKLMSoftwareId]
    [HKLMSoftwareInstalledOptions]
    [HKLMSoftwareIntel]
    [HKLMSoftwareInterActual Technologies]
    [HKLMSoftwareInterVideo]
    [HKLMSoftwareJavaSoft]
    [HKLMSoftwareJreMetrics]
    [HKLMSoftwareLicenses]
    [HKLMSoftwareMacromedia]
    [HKLMSoftwareMaxis]
    [HKLMSoftwareMozillaPlugins]
    [HKLMSoftwareMozilla]
    [HKLMSoftwareMpath]
    [HKLMSoftwareNero]
    [HKLMSoftwareNewTech Infosystems]
    [HKLMSoftwareODBC]
    [HKLMSoftwareOemSetup]
    [HKLMSoftwareOfferBox] =>PUP.OfferBox
    [HKLMSoftwareOpenOffice.org]
    [HKLMSoftwarePiriform]
    [HKLMSoftwarePolicies]
    [HKLMSoftwareRealtek Semiconductor Corp.]
    [HKLMSoftwareRealtek]
    [HKLMSoftwareRegisteredApplications]
    [HKLMSoftwareSFR]
    [HKLMSoftwareSRS Labs]
    [HKLMSoftwareSecureDigitalServices]
    [HKLMSoftwareSkype]
    [HKLMSoftwareSuYin]
    [HKLMSoftwareSynaptics]
    [HKLMSoftwareTarma Installer] =>PUP.Tarma
    [HKLMSoftwareTeamViewer]
    [HKLMSoftwareTomTom]
    [HKLMSoftwareTrymedia Systems] =>Adware.Trymedia
    [HKLMSoftwareTuneUp]
    [HKLMSoftwareVSO]
    [HKLMSoftwareVideoLAN]
    [HKLMSoftwareWOW6432Node]
    [HKLMSoftwareWaves Audio]
    [HKLMSoftwareWise Solutions]
    [HKLMSoftwareeMachines]
    [HKLMSoftwareej-technologies]
    [HKLMSoftwaremozilla.org]
    ~ Key Software: 245 Scanned in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 10/03/2014 – 12:08:15 – [] —-D C:Program FilesAdobe
    O43 – CFD: 28/02/2010 – 21:40:55 – [] —-D C:Program FilesAlwil Software
    O43 – CFD: 05/01/2012 – 20:34:40 – [] —-D C:Program FilesApple Software Update =>.Apple Inc
    O43 – CFD: 18/06/2009 – 07:34:15 – [] —-D C:Program FilesATI
    O43 – CFD: 18/06/2009 – 07:35:31 – [] —-D C:Program FilesATI Technologies
    O43 – CFD: 25/10/2009 – 15:17:59 – [] —-D C:Program FilesAudacity
    O43 – CFD: 24/03/2013 – 17:22:44 – [] —-D C:Program FilesAVAST Software
    O43 – CFD: 07/12/2010 – 16:59:49 – [] —-D C:Program FilesBoontyGames
    O43 – CFD: 06/01/2013 – 16:29:28 – [] —-D C:Program FilesCanon
    O43 – CFD: 06/01/2013 – 16:02:39 – [] –H-D C:Program FilesCanonBJ
    O43 – CFD: 30/08/2012 – 01:02:22 – [] —-D C:Program FilesCCleaner
    O43 – CFD: 15/05/2014 – 21:16:12 – [] —-D C:Program FilesCommon Files
    O43 – CFD: 07/04/2013 – 12:35:27 – [] —-D C:Program FilesConduit
    O43 – CFD: 24/03/2011 – 20:52:47 – [] —-D C:Program FilesDivX
    O43 – CFD: 30/08/2012 – 01:00:46 – [] —-D C:Program FilesElectronic Arts
    O43 – CFD: 06/10/2009 – 22:40:19 – [] —-D C:Program FileseMachines
    O43 – CFD: 06/10/2009 – 22:38:54 – [] -SH-D C:Program FilesFichiers communs
    O43 – CFD: 24/03/2011 – 20:49:27 – [] —-D C:Program FilesFreeCompressor
    O43 – CFD: 18/02/2013 – 21:13:21 – [] —-D C:Program FilesGoogle
    O43 – CFD: 02/01/2013 – 16:04:59 – [] —-D C:Program FilesHP
    O43 – CFD: 08/12/2013 – 19:35:07 – [] –H-D C:Program FilesInstallShield Installation Information
    O43 – CFD: 18/01/2010 – 20:55:06 – [] —-D C:Program FilesInterActual
    O43 – CFD: 18/09/2011 – 20:40:10 – [] —-D C:Program FilesInternet Explorer
    O43 – CFD: 18/06/2009 – 07:47:26 – [] —-D C:Program FilesInterVideo
    O43 – CFD: 11/09/2011 – 16:56:52 – [] —-D C:Program FilesJDownloader
    O43 – CFD: 18/06/2009 – 07:42:57 – [] —-D C:Program FilesLaunch Manager
    O43 – CFD: 08/08/2011 – 18:45:08 – [] —-D C:Program FilesMicro Application
    O43 – CFD: 01/03/2010 – 00:48:37 – [] —-D C:Program FilesMicrosoft
    O43 – CFD: 29/03/2013 – 10:08:23 – [] —-D C:Program FilesMicrosoft Games
    O43 – CFD: 27/03/2013 – 19:37:41 – [] —-D C:Program FilesMicrosoft Office
    O43 – CFD: 03/03/2009 – 15:41:41 – [] —-D C:Program FilesMicrosoft Office Suite Activation Assistant
    O43 – CFD: 13/03/2014 – 20:01:07 – [] —-D C:Program FilesMicrosoft Silverlight
    O43 – CFD: 03/03/2009 – 15:40:06 – [] —-D C:Program FilesMicrosoft SQL Server Compact Edition
    O43 – CFD: 27/03/2013 – 19:38:37 – [] —-D C:Program FilesMicrosoft Visual Studio
    O43 – CFD: 27/03/2013 – 19:32:36 – [] —-D C:Program FilesMicrosoft Visual Studio 8
    O43 – CFD: 10/10/2012 – 20:17:53 – [] —-D C:Program FilesMicrosoft Works
    O43 – CFD: 19/01/2011 – 12:34:38 – [] —-D C:Program FilesMicrosoft WSE
    O43 – CFD: 30/11/2010 – 17:35:41 – [] —-D C:Program FilesMicrosoft.NET
    O43 – CFD: 11/09/2010 – 06:26:51 – [] —-D C:Program FilesMovie Maker
    O43 – CFD: 07/04/2013 – 12:34:31 – [] —-D C:Program FilesMozilla Firefox
    O43 – CFD: 26/05/2010 – 14:49:38 – [] —-D C:Program FilesMplayer
    O43 – CFD: 27/03/2013 – 19:39:14 – [] —-D C:Program FilesMSBuild
    O43 – CFD: 31/01/2013 – 21:38:25 – [] —-D C:Program FilesMSECache
    O43 – CFD: 03/03/2009 – 14:51:26 – [0] —-D C:Program FilesMSXML 4.0
    O43 – CFD: 27/12/2012 – 20:27:00 – [] —-D C:Program FilesMyTomTom 3
    O43 – CFD: 30/05/2012 – 06:39:13 – [] —-D C:Program FilesNero
    O43 – CFD: 08/12/2013 – 19:35:09 – [] —-D C:Program FilesNETGEAR
    O43 – CFD: 03/03/2009 – 15:44:06 – [] —-D C:Program FilesNewTech Infosystems
    O43 – CFD: 28/05/2013 – 19:20:55 – [] —-D C:Program FilesNosibay
    O43 – CFD: 01/03/2011 – 10:08:46 – [] —-D C:Program FilesOberon Media
    O43 – CFD: 28/09/2011 – 20:08:37 – [] —-D C:Program FilesOfferBox =>PUP.OfferBox
    O43 – CFD: 30/01/2012 – 18:38:24 – [] —-D C:Program FilesOpenOffice.org 3
    O43 – CFD: 15/11/2010 – 16:31:11 – [] —-D C:Program Filesorange
    O43 – CFD: 02/01/2013 – 16:07:03 – [0] —-D C:Program FilesProtected Search =>Spyware.ProtectedSearch
    O43 – CFD: 11/09/2010 – 07:36:33 – [] —-D C:Program FilesQuickTime
    O43 – CFD: 03/03/2009 – 15:15:42 – [] —-D C:Program FilesRealtek
    O43 – CFD: 02/11/2006 – 14:35:51 – [] —-D C:Program FilesReference Assemblies
    O43 – CFD: 04/02/2013 – 18:59:54 – [] —-D C:Program FilesSFR
    O43 – CFD: 04/06/2013 – 20:20:11 – [] —-D C:Program FilesSoftware
    O43 – CFD: 18/06/2009 – 07:43:54 – [] —-D C:Program FilesSynaptics
    O43 – CFD: 03/03/2009 – 15:16:33 – [0] –H-D C:Program FilesTemp
    O43 – CFD: 27/12/2012 – 20:27:04 – [] —-D C:Program FilesTomTom International B.V
    O43 – CFD: 02/11/2006 – 14:58:18 – [0] –H-D C:Program FilesUninstall Information
    O43 – CFD: 28/05/2013 – 19:37:47 – [] —-D C:Program FilesUninstaller
    O43 – CFD: 08/10/2009 – 09:44:18 – [] —-D C:Program FilesVideoLAN
    O43 – CFD: 10/09/2012 – 06:23:42 – [] —-D C:Program FilesVSO
    O43 – CFD: 17/06/2013 – 04:56:56 – [] —-D C:Program FilesWebgameplay setup
    O43 – CFD: 21/01/2008 – 04:47:45 – [] —-D C:Program FilesWindows Calendar
    O43 – CFD: 21/01/2008 – 04:47:42 – [] —-D C:Program FilesWindows Collaboration
    O43 – CFD: 21/01/2008 – 04:47:37 – [] —-D C:Program FilesWindows Defender
    O43 – CFD: 02/05/2013 – 10:16:06 – [] —-D C:Program FilesWindows Live
    O43 – CFD: 03/03/2009 – 15:38:14 – [] —-D C:Program FilesWindows Live SkyDrive
    O43 – CFD: 11/09/2011 – 17:50:37 – [] —-D C:Program FilesWindows Mail =>.Microsoft Corporation
    O43 – CFD: 19/10/2010 – 12:36:04 – [] —-D C:Program FilesWindows Media Player =>.Microsoft Corporation
    O43 – CFD: 06/10/2009 – 22:38:54 – [] —-D C:Program FilesWindows NT
    O43 – CFD: 21/01/2008 – 04:47:42 – [] —-D C:Program FilesWindows Photo Gallery
    O43 – CFD: 21/01/2008 – 04:47:44 – [] —-D C:Program FilesWindows Sidebar
    O43 – CFD: 23/05/2014 – 14:36:17 – [] —-D C:Program FilesZHPDiag =>.Nicolas Coolman
    O43 – CFD: 10/03/2014 – 12:08:30 – [] —-D C:Program FilesCommon FilesAdobe
    O43 – CFD: 06/01/2013 – 16:15:15 – [] —-D C:Program FilesCommon FilesCANON
    O43 – CFD: 15/05/2014 – 21:16:12 – [] —-D C:Program FilesCommon FilesDESIGNER
    O43 – CFD: 02/09/2012 – 22:58:45 – [] —-D C:Program FilesCommon FilesHewlett-Packard
    O43 – CFD: 02/09/2012 – 23:01:24 – [] —-D C:Program FilesCommon FilesHP
    O43 – CFD: 11/09/2011 – 16:54:25 – [] —-D C:Program FilesCommon Filesi4j_jres
    O43 – CFD: 30/10/2009 – 14:58:52 – [] —-D C:Program FilesCommon FilesInstallShield
    O43 – CFD: 18/06/2009 – 07:47:25 – [] —-D C:Program FilesCommon FilesInterVideo
    O43 – CFD: 29/03/2013 – 21:05:36 – [] —-D C:Program FilesCommon Filesmicrosoft shared
    O43 – CFD: 24/03/2011 – 20:52:43 – [] —-D C:Program FilesCommon FilesPX Storage Engine
    O43 – CFD: 02/11/2006 – 13:18:33 – [] —-D C:Program FilesCommon FilesServices
    O43 – CFD: 02/11/2006 – 13:18:33 – [] —-D C:Program FilesCommon FilesSpeechEngines
    O43 – CFD: 30/12/2009 – 11:52:59 – [0] —-D C:Program FilesCommon FilesSWF Studio
    O43 – CFD: 30/03/2013 – 21:03:57 – [] —-D C:Program FilesCommon FilesSystem
    O43 – CFD: 03/03/2009 – 15:36:44 – [] —-D C:Program FilesCommon FilesWindows Live
    O43 – CFD: 11/06/2013 – 09:29:15 – [] —-D C:ProgramData188F1432-103A-4ffb-80F1-36B633C5C9E1
    O43 – CFD: 10/03/2014 – 12:08:46 – [] —-D C:ProgramDataAdobe
    O43 – CFD: 05/01/2012 – 20:34:12 – [] —-D C:ProgramDataApple
    O43 – CFD: 05/01/2012 – 20:36:21 – [] —-D C:ProgramDataApple Computer
    O43 – CFD: 02/11/2006 – 14:59:44 – [] -SH-D C:ProgramDataApplication Data
    O43 – CFD: 18/06/2009 – 07:40:20 – [] —-D C:ProgramDataATI
    O43 – CFD: 17/11/2013 – 22:30:21 – [] —-D C:ProgramDataAVAST Software
    O43 – CFD: 06/03/2013 – 12:06:27 – [0] —-D C:ProgramDataBabylon =>PUP.Babylon
    O43 – CFD: 02/01/2013 – 15:59:12 – [0] —-D C:ProgramDataBig Fish Games
    O43 – CFD: 06/10/2009 – 22:38:54 – [] -SH-D C:ProgramDataBureau
    O43 – CFD: 06/01/2013 – 16:06:01 – [] –H-D C:ProgramDataCanonBJ
    O43 – CFD: 06/01/2013 – 16:33:30 – [] –H-D C:ProgramDataCanonIJEGV
    O43 – CFD: 13/06/2013 – 23:00:13 – [] –H-D C:ProgramDataCanonIJMIG
    O43 – CFD: 09/04/2013 – 15:48:09 – [] –H-D C:ProgramDataCanonIJMyPrinter
    O43 – CFD: 04/05/2014 – 14:22:31 – [] —-D C:ProgramDataCanonIJPLM
    O43 – CFD: 06/01/2013 – 16:33:51 – [] –H-D C:ProgramDataCanonIJQuickMenu
    O43 – CFD: 06/01/2013 – 20:27:32 – [] –H-D C:ProgramDataCanonIJScan
    O43 – CFD: 06/01/2013 – 16:15:04 – [] —-D C:ProgramDataCanonIJWSpt
    O43 – CFD: 02/11/2006 – 14:59:44 – [] -SH-D C:ProgramDataDesktop
    O43 – CFD: 24/03/2011 – 20:52:51 – [] —-D C:ProgramDataDivX
    O43 – CFD: 02/11/2006 – 14:59:44 – [] -SH-D C:ProgramDataDocuments
    O43 – CFD: 25/02/2012 – 11:45:30 – [] —-D C:ProgramDataEA Core
    O43 – CFD: 25/02/2012 – 11:42:51 – [] —-D C:ProgramDataElectronic Arts
    O43 – CFD: 06/10/2009 – 22:38:54 – [] -SH-D C:ProgramDataFavoris
    O43 – CFD: 02/11/2006 – 14:59:44 – [] -SH-D C:ProgramDataFavorites
    O43 – CFD: 02/08/2013 – 15:46:05 – [] —-D C:ProgramDataGogii
    O43 – CFD: 30/12/2009 – 21:23:30 – [] —-D C:ProgramDataGoogle
    O43 – CFD: 02/09/2012 – 22:54:31 – [] —-D C:ProgramDataHewlett-Packard
    O43 – CFD: 26/12/2012 – 18:44:02 – [] —-D C:ProgramDataHP
    O43 – CFD: 16/10/2009 – 18:56:58 – [] —-D C:ProgramDataInterAction studios
    O43 – CFD: 09/10/2009 – 21:12:23 – [] —-D C:ProgramDataInterVideo
    O43 – CFD: 06/10/2009 – 22:38:54 – [] -SH-D C:ProgramDataMenu Démarrer
    O43 – CFD: 30/10/2009 – 14:58:05 – [] —-D C:ProgramDataMicro Application
    O43 – CFD: 07/04/2013 – 12:02:10 – [] -S–D C:ProgramDataMicrosoft
    O43 – CFD: 15/05/2014 – 21:22:33 – [] —-D C:ProgramDataMicrosoft Help
    O43 – CFD: 06/10/2009 – 22:38:54 – [] -SH-D C:ProgramDataModèles
    O43 – CFD: 29/01/2011 – 15:37:18 – [] —-D C:ProgramDataMumboJumbo
    O43 – CFD: 13/04/2012 – 21:40:06 – [] —-D C:ProgramDataNero
    O43 – CFD: 30/12/2009 – 21:25:33 – [] —-D C:ProgramDataNorton
    O43 – CFD: 03/03/2009 – 15:45:56 – [] —-D C:ProgramDataNortonInstaller
    O43 – CFD: 15/01/2011 – 12:18:57 – [] —-D C:ProgramDataOberon Media
    O43 – CFD: 27/02/2012 – 17:20:37 – [0] —-D C:ProgramDataOrigin
    O43 – CFD: 03/01/2013 – 18:43:16 – [] —-D C:ProgramDataPlayrix Entertainment
    O43 – CFD: 01/03/2011 – 10:09:23 – [] —-D C:ProgramDataPopCap Games
    O43 – CFD: 01/08/2013 – 16:17:00 – [] —-D C:ProgramDataregid.1986-12.com.adobe
    O43 – CFD: 10/01/2011 – 15:15:31 – [] —-D C:ProgramDataSandlot Games
    O43 – CFD: 15/06/2013 – 11:04:04 – [] —-D C:ProgramDataSkype
    O43 – CFD: 02/11/2006 – 14:59:44 – [] -SH-D C:ProgramDataStart Menu
    O43 – CFD: 01/04/2013 – 23:49:49 – [] —-D C:ProgramDataSun
    O43 – CFD: 24/03/2013 – 16:01:06 – [] —-D C:ProgramDataTarma Installer =>PUP.Tarma
    O43 – CFD: 28/12/2012 – 17:10:01 – [0] —AD C:ProgramDataTEMP
    O43 – CFD: 02/11/2006 – 14:59:44 – [] -SH-D C:ProgramDataTemplates
    O43 – CFD: 24/08/2013 – 12:28:07 – [] —-D C:ProgramDataTrymedia =>Adware.Trymedia
    O43 – CFD: 05/10/2011 – 21:17:16 – [] —-D C:ProgramDataTuneUp Software
    O43 – CFD: 23/10/2009 – 21:43:53 – [] —-D C:ProgramDataValusoft
    O43 – CFD: 31/05/2012 – 21:50:57 – [] —-D C:ProgramDataVSO
    O43 – CFD: 02/09/2012 – 23:12:33 – [] —-D C:ProgramDataWEBREG
    O43 – CFD: 06/04/2013 – 16:06:39 – [] —-D C:ProgramDataWildTangent
    O43 – CFD: 11/09/2011 – 22:06:09 – [] —-D C:ProgramDataWindowsSearch
    O43 – CFD: 15/06/2013 – 10:34:12 – [0] —-D C:ProgramDataWinZip
    O43 – CFD: 05/10/2011 – 20:52:30 – [] -SH-D C:ProgramData{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    O43 – CFD: 05/01/2012 – 20:38:34 – [] —-D C:ProgramData{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    O43 – CFD: 03/08/2013 – 22:26:57 – [] —-D C:UsersmarineAppDataRoamingAdobe
    O43 – CFD: 05/01/2012 – 20:44:05 – [] —-D C:UsersmarineAppDataRoamingApple Computer
    O43 – CFD: 06/10/2009 – 22:42:19 – [] —-D C:UsersmarineAppDataRoamingATI
    O43 – CFD: 17/11/2013 – 23:27:02 – [] —-D C:UsersmarineAppDataRoamingAVAST Software
    O43 – CFD: 06/03/2013 – 12:06:25 – [] —-D C:UsersmarineAppDataRoamingBabylon =>PUP.Babylon
    O43 – CFD: 29/05/2012 – 19:03:32 – [] R—D C:UsersmarineAppDataRoamingBrother
    O43 – CFD: 13/01/2013 – 16:33:55 – [] —-D C:UsersmarineAppDataRoamingCanon
    O43 – CFD: 24/03/2013 – 16:55:31 – [] —-D C:UsersmarineAppDataRoamingDealPly =>PUP.DealPly
    O43 – CFD: 24/03/2011 – 00:59:05 – [] —-D C:UsersmarineAppDataRoamingDivX
    O43 – CFD: 12/10/2012 – 10:36:32 – [] —-D C:UsersmarineAppDataRoamingdvdcss
    O43 – CFD: 16/11/2010 – 15:42:06 – [] —-D C:UsersmarineAppDataRoamingFarm Mania 2
    O43 – CFD: 24/03/2011 – 18:47:56 – [] —-D C:UsersmarineAppDataRoamingfreeCompressor
    O43 – CFD: 18/11/2009 – 09:12:01 – [] —-D C:UsersmarineAppDataRoamingGoogle
    O43 – CFD: 24/10/2009 – 14:36:43 – [] —-D C:UsersmarineAppDataRoaminggtk-2.0
    O43 – CFD: 08/01/2011 – 17:11:06 – [] —-D C:UsersmarineAppDataRoamingHotdogHotshot
    O43 – CFD: 06/10/2009 – 22:41:45 – [] —-D C:UsersmarineAppDataRoamingIdentities
    O43 – CFD: 19/07/2013 – 16:21:38 – [] —-D C:UsersmarineAppDataRoamingImageFix_656408
    O43 – CFD: 08/12/2013 – 13:56:51 – [] —-D C:UsersmarineAppDataRoamingInstallShield
    O43 – CFD: 06/10/2009 – 23:18:35 – [] —-D C:UsersmarineAppDataRoamingInterVideo
    O43 – CFD: 16/10/2009 – 13:19:26 – [] —-D C:UsersmarineAppDataRoamingMacromedia
    O43 – CFD: 30/10/2009 – 17:28:30 – [] —-D C:UsersmarineAppDataRoamingMagic Academy
    O43 – CFD: 01/09/2013 – 14:35:05 – [] -S–D C:UsersmarineAppDataRoamingMicrosoft
    O43 – CFD: 23/09/2010 – 18:56:46 – [] —-D C:UsersmarineAppDataRoamingMozilla
    O43 – CFD: 13/04/2012 – 21:36:54 – [] —-D C:UsersmarineAppDataRoamingNero
    O43 – CFD: 29/05/2013 – 06:00:57 – [0] —-D C:UsersmarineAppDataRoamingNosibay =>PUP.BubbleDock
    O43 – CFD: 29/05/2011 – 10:46:18 – [] —-D C:UsersmarineAppDataRoamingOfferBox =>PUP.OfferBox
    O43 – CFD: 30/01/2012 – 18:42:43 – [] —-D C:UsersmarineAppDataRoamingOpenOffice.org
    O43 – CFD: 25/02/2012 – 11:43:11 – [] —-D C:UsersmarineAppDataRoamingOrigin
    O43 – CFD: 07/09/2011 – 21:41:59 – [0] —-D C:UsersmarineAppDataRoamingPeerNetworking
    O43 – CFD: 16/10/2009 – 13:19:26 – [] —-D C:UsersmarineAppDataRoamingPlayFirst
    O43 – CFD: 15/06/2013 – 11:03:48 – [] —-D C:UsersmarineAppDataRoamingSkype
    O43 – CFD: 20/11/2010 – 19:17:16 – [] —-D C:UsersmarineAppDataRoamingTeamViewer
    O43 – CFD: 21/10/2009 – 09:46:36 – [] —-D C:UsersmarineAppDataRoamingTemplate
    O43 – CFD: 22/02/2010 – 12:44:58 – [] —-D C:UsersmarineAppDataRoamingTMInc
    O43 – CFD: 21/10/2011 – 23:23:08 – [] —-D C:UsersmarineAppDataRoamingTuneUp Software
    O43 – CFD: 23/10/2009 – 21:43:53 – [] —-D C:UsersmarineAppDataRoamingValusoft
    O43 – CFD: 07/09/2011 – 04:18:05 – [] —-D C:UsersmarineAppDataRoamingvlc
    O43 – CFD: 31/05/2012 – 21:50:57 – [] —-D C:UsersmarineAppDataRoamingVSO
    O43 – CFD: 24/10/2009 – 15:09:31 – [0] —-D C:UsersmarineAppDataRoamingWindows Live Writer
    O43 – CFD: 03/01/2013 – 18:38:47 – [0] —-D C:UsersmarineAppDataRoamingWinRAR
    O43 – CFD: 15/11/2010 – 16:32:06 – [] —-D C:UsersmarineAppDataRoamingYoudaGames
    O43 – CFD: 23/05/2014 – 14:37:40 – [] —-D C:UsersmarineAppDataRoamingZHP =>.Nicolas Coolman
    O43 – CFD: 06/10/2009 – 22:42:28 – [0] —-D C:UsersmarineAppDataLocalAcer ePower Management V4
    O43 – CFD: 10/03/2014 – 12:05:52 – [] —-D C:UsersmarineAppDataLocalAdobe
    O43 – CFD: 11/09/2010 – 07:33:44 – [] —-D C:UsersmarineAppDataLocalApple
    O43 – CFD: 05/01/2012 – 20:42:06 – [] —-D C:UsersmarineAppDataLocalApple Computer
    O43 – CFD: 06/10/2009 – 22:39:14 – [] -SH-D C:UsersmarineAppDataLocalApplication Data
    O43 – CFD: 06/10/2009 – 22:42:19 – [] —-D C:UsersmarineAppDataLocalATI
    O43 – CFD: 07/04/2013 – 19:49:40 – [0] —-D C:UsersmarineAppDataLocalConduit
    O43 – CFD: 07/04/2013 – 12:35:05 – [] —-D C:UsersmarineAppDataLocalCRE
    O43 – CFD: 17/11/2013 – 10:27:23 – [] —-D C:UsersmarineAppDataLocalFacebook
    O43 – CFD: 24/03/2011 – 20:51:01 – [] —-D C:UsersmarineAppDataLocalfreecompressor Air
    O43 – CFD: 18/02/2013 – 21:11:03 – [] —-D C:UsersmarineAppDataLocalGoogle
    O43 – CFD: 06/10/2009 – 22:39:14 – [] -SH-D C:UsersmarineAppDataLocalHistorique
    O43 – CFD: 02/01/2013 – 16:05:23 – [0] —-D C:UsersmarineAppDataLocalLollipop =>Adware.Lollipop
    O43 – CFD: 13/05/2013 – 14:01:03 – [] —-D C:UsersmarineAppDataLocalMicrosoft
    O43 – CFD: 24/10/2009 – 13:18:38 – [] —-D C:UsersmarineAppDataLocalMicrosoft Games
    O43 – CFD: 30/01/2012 – 18:27:36 – [] —-D C:UsersmarineAppDataLocalMicrosoft Help
    O43 – CFD: 23/09/2010 – 18:56:23 – [] —-D C:UsersmarineAppDataLocalMozilla
    O43 – CFD: 18/01/2010 – 19:28:58 – [] —-D C:UsersmarineAppDataLocalNewTech Infosystems
    O43 – CFD: 28/12/2012 – 16:09:52 – [] —-D C:UsersmarineAppDataLocalOberon Games
    O43 – CFD: 04/02/2013 – 19:07:32 – [] —-D C:UsersmarineAppDataLocalSFR
    O43 – CFD: 28/05/2013 – 19:14:20 – [] —-D C:UsersmarineAppDataLocalSoftware
    O43 – CFD: 23/05/2014 – 14:37:24 – [] —-D C:UsersmarineAppDataLocalTemp
    O43 – CFD: 06/10/2009 – 22:39:14 – [] -SH-D C:UsersmarineAppDataLocalTemporary Internet Files
    O43 – CFD: 27/12/2012 – 20:27:50 – [] —-D C:UsersmarineAppDataLocalTomTom
    O43 – CFD: 05/10/2011 – 21:42:34 – [] —-D C:UsersmarineAppDataLocalVirtualStore
    O43 – CFD: 24/10/2009 – 15:09:32 – [] —-D C:UsersmarineAppDataLocalWindows Live Writer
    O43 – CFD: 21/01/2008 – 04:56:27 – [] R—D C:UsersmarineAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
    O43 – CFD: 06/10/2009 – 22:41:54 – [] R—D C:UsersmarineAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
    O43 – CFD: 24/03/2011 – 20:50:48 – [0] —-D C:UsersmarineAppDataRoamingMicrosoftWindowsStart MenuProgramsJeux sur Orange.fr
    O43 – CFD: 21/01/2008 – 04:56:27 – [] R—D C:UsersmarineAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
    O43 – CFD: 30/04/2010 – 08:52:30 – [] —-D C:UsersmarineAppDataRoamingMicrosoftWindowsStart MenuProgramsMaxis
    O43 – CFD: 22/10/2013 – 20:57:20 – [] R—D C:UsersmarineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
    ~ Program Folder: 229 Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.545C16DA74C51050F80A8C18BABF130F] – 15/05/2014 – 08:45:23 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WindowsSystem32FlashPlayerApp.exe [692400]
    O44 – LFC:[MD5.23B9EB53778D5EE128E4803039099A1D] – 15/05/2014 – 08:45:23 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WindowsSystem32FlashPlayerCPLApp.cpl [70832]
    O44 – LFC:[MD5.F541298E463FA96F128629E799352E60] – 15/05/2014 – 20:17:44 —A- . (.Microsoft Corporation – Outil de suppression de logiciels malveilla.) — C:WindowsSystem32mrt.exe [90547776]
    O44 – LFC:[MD5.7297C5CEF41C23E3D740198CC1EC2E6F] – 20/05/2014 – 08:24:55


    . (…) — C:UsbFix [Scan 2] PC-DE-MARINE.txt [7671]
    O44 – LFC:[MD5.651C79C4F298DB210D3A5E4C728203E0] – 20/05/2014 – 09:14:59


    . (…) — C:UsbFix [Scan 3] PC-DE-MARINE.txt [7591]
    O44 – LFC:[MD5.A85E1AAAB5DF4653EF896315F68B6FE1] – 20/05/2014 – 10:16:55 —A- . (…) — C:WindowsSystem32PerfStringBackup.INI [1495948]
    O44 – LFC:[MD5.A215E8D2402FBAB093A99ED7FC7A36B1] – 20/05/2014 – 10:16:55 —A- . (…) — C:WindowsSystem32perfc009.dat [104070]
    O44 – LFC:[MD5.518CE8FB8D306FC76B8208D8FE0F0AB2] – 20/05/2014 – 10:16:55 —A- . (…) — C:WindowsSystem32perfc00C.dat [126626]
    O44 – LFC:[MD5.995EBE80EB9372F7044485DCAB0C88CE] – 20/05/2014 – 10:16:55 —A- . (…) — C:WindowsSystem32perfh009.dat [595996]
    O44 – LFC:[MD5.5BBCB122FE957C7AB042B23B4837FBDA] – 20/05/2014 – 10:16:55 —A- . (…) — C:WindowsSystem32perfh00C.dat [679042]
    O44 – LFC:[MD5.3E1FC05AF921B61530E27FC3F57ED4D1] – 23/05/2014 – 11:53:36 -S-A- . (…) — C:Windowsbootstat.dat [67584]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 23/05/2014 – 11:55:15 —A- . (…) — C:Windowssetupact.log [0]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 23/05/2014 – 11:55:15 —A- . (…) — C:Windowssetuperr.log [0]
    O44 – LFC:[MD5.0112A534E1F47CF9B76DC3351B3BFE0F] – 23/05/2014 – 13:37:35 —A- . (…) — C:WindowsWindowsUpdate.log [1969451]
    ~ Files: 14 Scanned in 00mn 08s

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WindowsSystem32schannel.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
    ~ LSA: 7 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Volume Manager Extension Driver.) — C:WindowsSystem32Driversvolmgrx.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (.Microsoft Corporation – RDP Miniport.) — C:WindowsSystem32Driversrdpencdd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Volume Manager Extension Driver.) — C:WindowsSystem32Driversvolmgrx.sys
    ~ CSB: 13 Scanned in 00mn 00s

    —\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.l3acm”=”C:WindowsSystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    O52 – TDSD: Drivers32″vidc.cvid”=”iccvid.dll” . (.Radius Inc. – Codec Cinepak®.) — C:WindowsSystem32iccvid.dll
    O52 – TDSD: Drivers32″vidc.VP60″=”C:Windowssystem32vp6vfw.dll” . (.On2.com – VP6 VIDEO FOR WINDOWS CODEC.) — C:Windowssystem32vp6vfw.dll
    O52 – TDSD: Drivers32″vidc.VP61″=”C:Windowssystem32vp6vfw.dll” . (.On2.com – VP6 VIDEO FOR WINDOWS CODEC.) — C:Windowssystem32vp6vfw.dll
    O52 – TDSD: drivers.desc”C:WindowsSystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    O52 – TDSD: drivers.desc”vp6vfw.dll”=”EA VP6 Codec” . (.On2.com – VP6 VIDEO FOR WINDOWS CODEC.) — C:WindowsSystem32vp6vfw.dll
    ~ TDSD: 6 Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAcer ePower Management [Key] . (.Acer Incorporated – ePowerTray.) — C:Program FileseMachineseMachines Power ManagementePowerTray.exe
    O53 – SMSR:HKLM…startupregAdobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O53 – SMSR:HKLM…startupregGoogle Desktop Search [Key] . (…) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe (.not file.)
    O53 – SMSR:HKLM…startupregiTunesHelper [Key] . (…) — C:Program FilesiTunesiTunesHelper.exe (.not file.)
    O53 – SMSR:HKLM…startupregMyTomTomSA.exe [Key] . (.TomTom – MyTomTom.) — C:Program FilesMyTomTom 3MyTomTomSA.exe
    O53 – SMSR:HKLM…startupreguTorrent [Key] . (…) — C:Program FilesuTorrentuTorrent.exe (.not file.) =>P2P.µTorrent
    O53 – SMSR:HKLM…startupregWarReg_PopUp [Key] . (.eMachines – WR_PopUp.) — C:Program FileseMachinesWR_PopUpWarReg_PopUp.exe
    ~ SMSR Keys: 7 Scanned in 00mn 00s

  • marinezer
    Participant
    Post count: 15

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – TS Single Sign On Security Package.) — C:WindowsSystem32credssp.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – TS Single Sign On Security Package.) — C:WindowsSystem32credssp.dll
    ~ MSCP: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorAdmin”=2
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorUser”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableInstallerDetection”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableSecureUIAPaths”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableVirtualization”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “ValidateAdminCodeSignatures”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “scforceoption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 16 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveTypeAutoRun”=0
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveAutoRun”=3
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveAutoRun”=3
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveTypeAutoRun”=0
    ~ MWPE Keys: 4 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:21/01/2008 – 03:32:46 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [422968]
    O58 – SDL:21/01/2008 – 03:32:51 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [300600]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.Adaptec, Inc. – Adaptec LH Ultra160 Driver (x86).) — C:WindowsSystem32Driversadpu160m.sys [101432]
    O58 – SDL:21/01/2008 – 03:32:53 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver.) — C:WindowsSystem32Driversadpu320.sys [149560]
    O58 – SDL:04/01/2009 – 01:41:00 —A- . (.Advanced Micro Devices, Inc – AMD AHCI Compatible Controller Driver for Windows family.) — C:WindowsSystem32Driversahcix86s.sys [183312]
    O58 – SDL:21/01/2008 – 03:32:21 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [17464]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [79416]
    O58 – SDL:21/01/2008 – 03:32:50 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [79928]
    O58 – SDL:31/10/2013 – 07:46:14 —A- . (.AVAST Software – avast! Filtering TDI driver.) — C:WindowsSystem32DriversaswFW.sys [104752]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! File System Minifilter for Windows 2003/Vista.) — C:WindowsSystem32DriversaswMonFlt.sys [67824]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! TDI Redirect Driver.) — C:WindowsSystem32DriversaswRdr.sys [54832]
    O58 – SDL:17/11/2013 – 21:54:25 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32DriversaswSnx.sys [775952]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32DriversaswSP.sys [410784]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! TDI Filter Driver.) — C:WindowsSystem32DriversaswTdi.sys [57672]
    O58 – SDL:29/12/2013 – 17:42:28 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180248] =>.ALWIL Software
    O58 – SDL:04/11/2008 – 06:13:32 —A- . (.Atheros Communications, Inc. – Atheros Extensible Wireless LAN device driver.) — C:WindowsSystem32Driversathr.sys [952320]
    O58 – SDL:04/01/2009 – 01:41:00 —A- . (.ATI Technologies Inc. – ATI Radeon Kernel Mode Driver.) — C:WindowsSystem32Driversatikmdag.sys [4172288]
    O58 – SDL:04/01/2009 – 01:42:00 —A- . (.ATI Technologies Inc. – ATI PCIE Driver for ATI PCIE chipset.) — C:WindowsSystem32DriversAtiPcie.sys [14352]
    O58 – SDL:02/11/2006 – 09:24:45 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [13568]
    O58 – SDL:02/11/2006 – 09:24:46 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [5248]
    O58 – SDL:02/11/2006 – 09:25:24 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [71808]
    O58 – SDL:02/11/2006 – 09:24:44 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [62336]
    O58 – SDL:02/11/2006 – 09:24:44 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [12160]
    O58 – SDL:02/11/2006 – 09:24:47 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [11904]
    O58 – SDL:21/01/2008 – 03:32:21 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [19000]
    O58 – SDL:02/11/2006 – 10:50:11 —A- . (.Adaptec, Inc. – Adaptec Ultra SCSI miniport.) — C:WindowsSystem32Driversdjsvs.sys [71272]
    O58 – SDL:02/11/2006 – 14:29:38 —A- . (.Dritek System Inc. – Dritek PS2 Keyboard Filter Driver.) — C:WindowsSystem32DriversDKbFltr.sys [21264]
    O58 – SDL:21/01/2008 – 03:32:50 —A- . (.Intel Corporation – Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) — C:WindowsSystem32DriversE1G60I32.sys [118784]
    O58 – SDL:21/01/2008 – 03:32:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [342584]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.Hewlett-Packard Company – Smart Array Storport Driver.) — C:WindowsSystem32DriversHpCISSs.sys [40504]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver (base).) — C:WindowsSystem32DriversiaStorV.sys [235064]
    O58 – SDL:02/11/2006 – 10:50:17 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [41576]
    O58 – SDL:02/11/2006 – 10:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
    O58 – SDL:02/11/2006 – 10:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
    O58 – SDL:15/01/2009 – 04:03:14 —A- . (.Atheros Communications, Inc. – Atheros L1c PCI-E Gigabit Ethernet Controller.) — C:WindowsSystem32DriversL1C60x86.sys [49664]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.LSI Logic – LSI Logic Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [96312]
    O58 – SDL:21/01/2008 – 03:32:51 —A- . (.LSI Logic – LSI Logic Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [89656]
    O58 – SDL:21/01/2008 – 03:32:48 —A- . (.LSI Logic – LSI Logic Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [96312]
    O58 – SDL:21/01/2008 – 03:32:53 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) — C:WindowsSystem32Driversmegasas.sys [31288]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [386616]
    O58 – SDL:02/11/2006 – 10:49:59 —A- . (.LSI Logic Corporation – MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) — C:WindowsSystem32DriversMraid35x.sys [33384]
    O58 – SDL:02/11/2006 – 10:50:19 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [45160]
    O58 – SDL:30/01/2008 – 10:52:06 —A- . (.NewTech Infosystems, Inc. – NTI CD-ROM Filter Driver.) — C:WindowsSystem32DriversNTIDrvr.sys [14848]
    O58 – SDL:02/11/2006 – 08:36:50 —A- . (.N-trig Innovative Technologies – Pilote intégré de digitalisateur de tablette N-trig.) — C:WindowsSystem32Driversntrigdigi.sys [20608]
    O58 – SDL:21/01/2008 – 03:32:47 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [102968]
    O58 – SDL:21/01/2008 – 03:32:47 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [45112]
    O58 – SDL:21/01/2008 – 03:32:50 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1122360]
    O58 – SDL:02/11/2006 – 10:50:35 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [106088]
    O58 – SDL:17/04/2007 – 19:09:28 —A- . (.InterVideo – regi driver.) — C:WindowsSystem32Driversregi.sys [11032]
    O58 – SDL:13/01/2009 – 12:15:18 —A- . (.Realtek Semiconductor Corp. – Realtek(r) High Definition Audio Function Driver.) — C:WindowsSystem32DriversRTKVHDA.sys [2304928]
    O58 – SDL:15/01/2009 – 23:00:30 —A- . (.Realtek Semiconductor Corp. – Realtek USB Mass Storage Driver for Vista.) — C:WindowsSystem32DriversRTSTOR.sys [61440]
    O58 – SDL:02/11/2006 – 07:37:21 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [20480]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [74808]
    O58 – SDL:02/11/2006 – 10:50:05 —A- . (.LSI Logic – LSI Logic 8XX SCSI Miniport Driver.) — C:WindowsSystem32Driverssymc8xx.sys [35944]
    O58 – SDL:02/11/2006 – 10:49:56 —A- . (.LSI Logic – LSI Logic Hi-Perf SCSI Miniport Driver.) — C:WindowsSystem32Driverssym_hi.sys [31848]
    O58 – SDL:02/11/2006 – 10:50:03 —A- . (.LSI Logic – LSI Logic Ultra160 SCSI Miniport Driver.) — C:WindowsSystem32Driverssym_u3.sys [34920]
    O58 – SDL:09/01/2009 – 02:48:16 —A- . (.Synaptics, Inc. – Synaptics Touchpad Driver.) — C:WindowsSystem32DriversSynTP.sys [204976]
    O58 – SDL:30/01/2008 – 10:51:50 —A- . (.NewTech Infosystems Corporation – NTI CDROM Filter Driver.) — C:WindowsSystem32DriversUBHelper.sys [13824]
    O58 – SDL:21/01/2008 – 03:32:45 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [238648]
    O58 – SDL:02/11/2006 – 10:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
    O58 – SDL:21/01/2008 – 03:32:21 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [20024]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [130616]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbmdm6k.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Corporation. – USB NDIS Miniport Driver.) — C:WindowsSystem32DriversZTEusbnet.sys [114688]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbnmea.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbnmeaext.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbnmeaext2.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbser6k.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbvoice.sys [105088]
    O58 – SDL:02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 86 Scanned in 00mn 31s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (…) — C:UsersmarineAppDataRoamingAdobeAcrobat9.0UserCache.bin [90791]
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:UsersmarineAppDataLocalTemp~nsu.tmpAu_.exe [133700]
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:UsersmarineDownloadsUsbFix.exe [3051000]
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (.Nicolas Coolman.) — C:UsersmarineDownloadsZHPDiag2.exe [6780575] =>.Nicolas Coolman
    ~ 4 Fichiers temporaires (Temporary files)
    ~ 8 Fichiers cookies (Cookies files)
    ~ Files: 4 Scanned in 00mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswMonFlt.sys (aswMonFlt) .(.AVAST Software – avast! File System Minifilter for Windows 2.) – LEGACY_ASWMONFLT
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswRdr.sys (aswRdr) .(.AVAST Software – avast! TDI Redirect Driver.) – LEGACY_ASWRDR
    O64 – Services: CurCS – 17/11/2013 – C:WindowsSystem32DriversaswRvrt.sys (aswRvrt) .(…) – LEGACY_ASWRVRT
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswSnx.sys (aswSnx) .(.AVAST Software – avast! Virtualization Driver.) – LEGACY_ASWSNX
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswSP.sys (aswSP) .(.AVAST Software – avast! self protection module.) – LEGACY_ASWSP
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswTdi.sys (aswTdi) .(.AVAST Software – avast! TDI Filter Driver.) – LEGACY_ASWTDI
    O64 – Services: CurCS – 29/12/2013 – C:WindowsSystem32DriversaswVmm.sys (aswVmm) .(…) – LEGACY_ASWVMM
    O64 – Services: CurCS – 02/11/2006 – C:Program FilesLAUNCH~1DPortIO.sys (DritekPortIO) .(.Dritek System Inc. – General Port I/O.) – LEGACY_DRITEKPORTIO
    O64 – Services: CurCS – 17/04/2007 – C:WindowsSystem32driversregi.sys (regi) .(.InterVideo – regi driver.) – LEGACY_REGI
    O64 – Services: CurCS – 02/11/2006 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
    ~ Legacy: 86 Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WindowsSystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
    O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
    O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
    ~ FASS Keys: 12 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsconduit.xml
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“browser.search.defaultthis.engineName”, “01NET.com Main Customized Web Search”);
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“browser.search.defaulturl”, “http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&CUI=UN94251443328045185&UM=2&Sear[…]
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.Fissa.Uninstall.lastRunTime”, “Thu, 24 Mar 2011 19:01:06 GMT”); =>PUP.OfferBox
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.Fissa.lastRunTime”, “Thu, 24 Mar 2011 18:19:05 GMT”); =>PUP.OfferBox
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.DNSErrUrl”, “http://start.facemoods.com/?a=ddrnw&f=5”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.aflt”, “_#ddrnw”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.dfltSrch”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.dfltSrchPrvdr”, “Facemoods Search”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.dnsErr”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.fcmdVrsn”, “1.2.7.5.4”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.firstRun”, false); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.first_time”, false); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.hmpg”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.hmpgUrl”, “http://start.facemoods.com/?a=ddrnw”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.id”, “_#8e2b759500000000000000235adde7f9”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.instlDay”, “_#15228”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.mntz”, “”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.newTab”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.newTabUrl”, “http://start.facemoods.com/?a=ddrnw&f=2”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.prtnrId”, “_#facemoods.com”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.searchProviderAdded”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.sid”, “_#e68f29f66ffd4b03b45c7e9e240fefca”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.tlbrSrchUrl”, “http://start.facemoods.com/?a=ddrnw&f=3”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.update”, “_#v1.4.0”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.vrsn”, “_#1.4.17.11”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“smartbar.conduitSearchAddressUrlList”, “http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN9[…] =>Hijacker.SmartBar
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – () – http://search.live.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} – (Web Search) – http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Delta Search) – http://www.delta-search.com” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {b9508593-ae5f-42a4-a513-126644af3685} – (iadah) – http://www.iadah.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {BC48935D-0C66-4AF5-B14D-CD1548EA82D3} [DefaultScope] – (01NET.com Main Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {F00A3CE5-6DA9-49BC-826F-86C9D16E53A1} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [24576]
    O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [62976]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [247808]
    O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [40448]
    O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [40448]
    O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [125952]
    O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [574464]
    O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [438272]
    O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [314368]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [90624]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [260608]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [68608]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [47104]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [288256]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [242688]
    O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes Terminal Server.) — C:WindowsSystem32termsrv.dll [448512]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [1929952]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [758272]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [247808]
    O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [190464]
    O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [19968]
    O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [33280]
    O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [111616]
    O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [45056]
    O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [153600]
    O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [57344]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [161792]
    O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [603648]
    O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service de configuration des services Terminal Server.) — C:WindowsSystem32sessenv.dll [84992]
    O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [81920]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [68096]
    ~ Services: 31 Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][30/05/2012] (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:UsersmarineAppDataRoamingpcouffin.sys [47360]
    [MD5.457F9A510E4E9BD04E27D356511D0EB8] [SPRF][02/02/2013] (…) — C:UsersmarineAppDataRoamingwklnhst.dat [3554]
    [MD5.53DDA20538126954A415C797BC0A63C7] [SPRF][29/06/2012] (.Adobe Systems, Inc. – Adobe Flash Player 10.1 r52.) — C:UsersmarineDesktopWebGameplay.exe [5484987]
    ~ Files: 3 Scanned in 00mn 00s

    —\ Export de clés de registre aléatoires (O91)
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version=”2.6.1095.52″ =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version=”2.6.1125.80″ =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544] =>PUP.Babylon^
    ~ Export Key Software: Scanned in 00mn 00s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}] (Bubble Dock SurfMatch) =>PUP.BubbleDock
    [HKCRCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] (OfferBox) =>PUP.OfferBox
    ~ BCK: 4771 Scanned in 00mn 16s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 04/01/2009 724992 | (Ati External Event Utility) . (.ATI Technologies Inc..) – C:WindowsSystem32Ati2evxx.exe
    SS – | Auto 06/02/2009 653856 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FileseMachineseMachines Power ManagementePowerSvc.exe
    SS – | Auto 18/02/2013 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 18/02/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Auto 28/03/2012 140456 | (IJPLMSVC) . (…) – C:Program FilesCanonIJPLMIJPLMSVC.exe
    SS – | Auto 04/01/2007 112152 | (IviRegMgr) . (.InterVideo.) – C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
    SS – | Demand 23/09/2008 50424 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) – C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
    SS – | Auto 23/09/2008 144632 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) – C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
    SR – | Auto 24/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 21/01/2008 21504 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 18s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by marine at 23/05/2014 14:39:22
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys ndis.sys athr.sys win32k.sys
    C:Windowssystem32DRIVERSahcix86s.sys Advanced Micro Devices, Inc AMD AHCI Compatible Controller
    C:Windowssystem32DRIVERSathr.sys Atheros Communications, Inc. Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter
    1 ntkrnlpa!IofCallDriver[0x828D8FEF] >> DeviceHarddisk0DR0[0x8639DAA0]
    3 CLASSPNP[0x87FA4745] >> ntkrnlpa!IofCallDriver[0x828D8FEF] >> [0x84AC0360]
    5 acpi[0x806136A0] >> ntkrnlpa!IofCallDriver[0x828D8FEF] >> Device0000067[0x859B8C90]
    kernel: MBR read successfully
    user & kernel MBR OK
    error: Read Ressources système insuffisantes pour terminer le service demandé.
    ~ MBR: 16 Scanned in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by marine at 23/05/2014 14:39:24
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13029 – (23/05/2014)
    Clés trouvées (Keys found) : 46
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 19
    Fichiers trouvés (Files found) : 15

    [HKLMSoftwareGoogleChromeExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{23AF19F7-1D5B-442C-B14C-3D1081953C94}] =>PUP.BubbleDock^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>PUP.OfferBox^
    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupreguTorrent] =>P2P.µTorrent^
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}] =>Adware.Facemoods
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{4a1b5397-2a80-4f7d-af70-327d9e2103c6}] =>Toolbar.Agent
    [HKLMSoftwareClassesAppID{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKLMSoftwareClassesAppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKLMSoftwareClassesCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheOfferBox Browser] =>PUP.OfferBox
    [HKLMSoftwareClassesOfferBox.OfferBoxServer] =>PUP.OfferBox
    [HKLMSoftwareClassesOfferBox.OfferBoxServer.1] =>PUP.OfferBox
    [HKLMSoftwareGoogleChromeExtensionsbjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox
    [HKLMSoftwareBoxore] =>Adware.Boxore
    [HKCUSoftwareAppDataLowSoftwareConduitSearchScopes] =>Toolbar.Conduit
    [HKCUSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareDataMngr] =>Adware.Bandoo
    [HKCUSoftwareFissaSearch] =>PUP.OfferBox
    [HKCUSoftwarefreeCompressor] =>Adware.SPointer
    [HKLMSoftwareGamesBarSetup] =>Adware.GamesBar
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKCUSoftwareOfferBox] =>PUP.OfferBox
    [HKLMSoftwareOfferBox] =>PUP.OfferBox
    [HKLMSoftwareTarma Installer] =>PUP.Tarma
    [HKLMSoftwareClassesProd.cap] =>PUP.Babylon
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKCUAppEventsSchemesAppsExplorerNavigatingOld_Current] =>PUP.MediaFinder
    [HKLMSoftwareClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
    [HKLMSoftwareClassesToolbar.CT3285358] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSoftwareMozillaFirefoxExtensions]:offerboxffx@offerbox.com =>PUP.OfferBox
    C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
    C:Program FilesOfferBox =>PUP.OfferBox^
    C:Program FilesProtected Search =>Spyware.ProtectedSearch^
    C:ProgramDataBabylon =>PUP.Babylon^
    C:ProgramDataTarma Installer =>PUP.Tarma^
    C:ProgramDataTrymedia =>Adware.Trymedia^
    C:UsersmarineAppDataRoamingBabylon =>PUP.Babylon^
    C:UsersmarineAppDataRoamingDealPly =>PUP.DealPly^
    C:UsersmarineAppDataRoamingNosibay =>PUP.BubbleDock^
    C:UsersmarineAppDataRoamingOfferBox =>PUP.OfferBox^
    C:UsersmarineAppDataLocalLollipop =>Adware.Lollipop^
    C:Program FilesConduit =>Toolbar.Conduit
    C:Program FilesFreeCompressor =>Adware.SPointer
    C:Program FilesSoftware =>Adware.Boxore
    C:Program FilesWebgameplay setup =>Toolbar.Agent
    C:UsersmarineAppDataRoamingFreeCompressor =>Adware.SPointer
    C:UsersmarineAppDataLocalConduit =>Toolbar.Conduit
    C:UsersmarineAppDataLocalSoftware =>Adware.Boxore
    C:UsersmarineAppDataLocalLowConduit =>Toolbar.Conduit
    C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultSearchPluginsconduit.xml =>Toolbar.Conduit
    C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultSearchPluginsfissa.xml =>PUP.OfferBox
    [HKCUSoftwareAppDataLowSoftwareConduit] =>Toolbar.Conduit^
    [HKCUSoftwareAppDataLowSoftwareSmartbar] =>Hijacker.SmartBar^
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKCUSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareBabylon] =>PUP.Babylon^
    [HKLMSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareDomaIQ] =>Adware.DomaIQ^
    [HKLMSoftwareTrymedia Systems] =>Adware.Trymedia^
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel^
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel^
    [HKCUSoftware5353dc8bb339e544] =>PUP.Babylon^^
    [HKCRCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}] (Bubble Dock SurfMatch) =>PUP.BubbleDock^
    [HKCRCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] (OfferBox) =>PUP.OfferBox^
    ~ Additionnel Scan: 248352 Items scanned in 00mn 47s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    http://nicolascoolman.fr/pup-bubbledock” onclick=”window.open(this.href);return false; =>PUP.BubbleDock
    http://nicolascoolman.fr/pup-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
    http://nicolascoolman.fr/pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
    http://nicolascoolman.fr/pup-certifiedtoolbar” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    http://nicolascoolman.fr/adware-facemoods” onclick=”window.open(this.href);return false; =>Adware.Facemoods
    http://nicolascoolman.fr/pup-dealply” onclick=”window.open(this.href);return false; =>PUP.DealPly
    http://nicolascoolman.fr/hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
    http://nicolascoolman.fr/toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    http://nicolascoolman.fr/hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
    http://nicolascoolman.fr/hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
    http://nicolascoolman.fr/pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    http://nicolascoolman.fr/adware-installcore” onclick=”window.open(this.href);return false; =>Adware.InstallCore
    http://nicolascoolman.fr/adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
    http://nicolascoolman.fr/adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    http://nicolascoolman.fr/adware-domaiq” onclick=”window.open(this.href);return false; =>Adware.DomaIQ
    http://nicolascoolman.fr/26808625-adware-gamesbar” onclick=”window.open(this.href);return false; =>Adware.GamesBar
    http://nicolascoolman.fr/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.fr/adware-trymedia” onclick=”window.open(this.href);return false; =>Adware.Trymedia
    http://nicolascoolman.fr/spyware-protectedsearch” onclick=”window.open(this.href);return false; =>Spyware.ProtectedSearch
    http://nicolascoolman.fr/adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
    http://nicolascoolman.fr/adware-iwinarcade” onclick=”window.open(this.href);return false; =>Adware.iWinArcade
    http://nicolascoolman.fr/adware-bullseyetoolbar” onclick=”window.open(this.href);return false; =>Adware.BullseyeToolbar
    http://nicolascoolman.fr/adware-yontoo” onclick=”window.open(this.href);return false; =>Adware.Yontoo
    http://nicolascoolman.fr/adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    http://nicolascoolman.fr/28445531-pup-mediafinder” onclick=”window.open(this.href);return false; =>PUP.MediaFinder
    ~ MSI: 26 link(s) detected in 00mn 00s

    End of the scan (1417 lines in 03mn 59s)(0)

  • buckhulk
    Participant
    Post count: 2391

    salut pour USBFix c’est bon mais pour ZHPDiag il faut héberger le rapport :

    :merci2:

  • marinezer
    Participant
    Post count: 15

    Désolé je n’avais pas compris, ça doit être bon là :

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – TS Single Sign On Security Package.) — C:WindowsSystem32credssp.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – TS Single Sign On Security Package.) — C:WindowsSystem32credssp.dll
    ~ MSCP: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorAdmin”=2
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorUser”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableInstallerDetection”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableSecureUIAPaths”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableVirtualization”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “ValidateAdminCodeSignatures”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “scforceoption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 16 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveTypeAutoRun”=0
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveAutoRun”=3
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveAutoRun”=3
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveTypeAutoRun”=0
    ~ MWPE Keys: 4 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:21/01/2008 – 03:32:46 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [422968]
    O58 – SDL:21/01/2008 – 03:32:51 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [300600]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.Adaptec, Inc. – Adaptec LH Ultra160 Driver (x86).) — C:WindowsSystem32Driversadpu160m.sys [101432]
    O58 – SDL:21/01/2008 – 03:32:53 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver.) — C:WindowsSystem32Driversadpu320.sys [149560]
    O58 – SDL:04/01/2009 – 01:41:00 —A- . (.Advanced Micro Devices, Inc – AMD AHCI Compatible Controller Driver for Windows family.) — C:WindowsSystem32Driversahcix86s.sys [183312]
    O58 – SDL:21/01/2008 – 03:32:21 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [17464]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [79416]
    O58 – SDL:21/01/2008 – 03:32:50 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [79928]
    O58 – SDL:31/10/2013 – 07:46:14 —A- . (.AVAST Software – avast! Filtering TDI driver.) — C:WindowsSystem32DriversaswFW.sys [104752]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! File System Minifilter for Windows 2003/Vista.) — C:WindowsSystem32DriversaswMonFlt.sys [67824]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! TDI Redirect Driver.) — C:WindowsSystem32DriversaswRdr.sys [54832]
    O58 – SDL:17/11/2013 – 21:54:25 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32DriversaswSnx.sys [775952]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32DriversaswSP.sys [410784]
    O58 – SDL:24/02/2014 – 18:42:35 —A- . (.AVAST Software – avast! TDI Filter Driver.) — C:WindowsSystem32DriversaswTdi.sys [57672]
    O58 – SDL:29/12/2013 – 17:42:28 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180248] =>.ALWIL Software
    O58 – SDL:04/11/2008 – 06:13:32 —A- . (.Atheros Communications, Inc. – Atheros Extensible Wireless LAN device driver.) — C:WindowsSystem32Driversathr.sys [952320]
    O58 – SDL:04/01/2009 – 01:41:00 —A- . (.ATI Technologies Inc. – ATI Radeon Kernel Mode Driver.) — C:WindowsSystem32Driversatikmdag.sys [4172288]
    O58 – SDL:04/01/2009 – 01:42:00 —A- . (.ATI Technologies Inc. – ATI PCIE Driver for ATI PCIE chipset.) — C:WindowsSystem32DriversAtiPcie.sys [14352]
    O58 – SDL:02/11/2006 – 09:24:45 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [13568]
    O58 – SDL:02/11/2006 – 09:24:46 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [5248]
    O58 – SDL:02/11/2006 – 09:25:24 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [71808]
    O58 – SDL:02/11/2006 – 09:24:44 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [62336]
    O58 – SDL:02/11/2006 – 09:24:44 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [12160]
    O58 – SDL:02/11/2006 – 09:24:47 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [11904]
    O58 – SDL:21/01/2008 – 03:32:21 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [19000]
    O58 – SDL:02/11/2006 – 10:50:11 —A- . (.Adaptec, Inc. – Adaptec Ultra SCSI miniport.) — C:WindowsSystem32Driversdjsvs.sys [71272]
    O58 – SDL:02/11/2006 – 14:29:38 —A- . (.Dritek System Inc. – Dritek PS2 Keyboard Filter Driver.) — C:WindowsSystem32DriversDKbFltr.sys [21264]
    O58 – SDL:21/01/2008 – 03:32:50 —A- . (.Intel Corporation – Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) — C:WindowsSystem32DriversE1G60I32.sys [118784]
    O58 – SDL:21/01/2008 – 03:32:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [342584]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.Hewlett-Packard Company – Smart Array Storport Driver.) — C:WindowsSystem32DriversHpCISSs.sys [40504]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver (base).) — C:WindowsSystem32DriversiaStorV.sys [235064]
    O58 – SDL:02/11/2006 – 10:50:17 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [41576]
    O58 – SDL:02/11/2006 – 10:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
    O58 – SDL:02/11/2006 – 10:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
    O58 – SDL:15/01/2009 – 04:03:14 —A- . (.Atheros Communications, Inc. – Atheros L1c PCI-E Gigabit Ethernet Controller.) — C:WindowsSystem32DriversL1C60x86.sys [49664]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.LSI Logic – LSI Logic Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [96312]
    O58 – SDL:21/01/2008 – 03:32:51 —A- . (.LSI Logic – LSI Logic Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [89656]
    O58 – SDL:21/01/2008 – 03:32:48 —A- . (.LSI Logic – LSI Logic Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [96312]
    O58 – SDL:21/01/2008 – 03:32:53 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) — C:WindowsSystem32Driversmegasas.sys [31288]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [386616]
    O58 – SDL:02/11/2006 – 10:49:59 —A- . (.LSI Logic Corporation – MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) — C:WindowsSystem32DriversMraid35x.sys [33384]
    O58 – SDL:02/11/2006 – 10:50:19 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [45160]
    O58 – SDL:30/01/2008 – 10:52:06 —A- . (.NewTech Infosystems, Inc. – NTI CD-ROM Filter Driver.) — C:WindowsSystem32DriversNTIDrvr.sys [14848]
    O58 – SDL:02/11/2006 – 08:36:50 —A- . (.N-trig Innovative Technologies – Pilote intégré de digitalisateur de tablette N-trig.) — C:WindowsSystem32Driversntrigdigi.sys [20608]
    O58 – SDL:21/01/2008 – 03:32:47 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [102968]
    O58 – SDL:21/01/2008 – 03:32:47 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [45112]
    O58 – SDL:21/01/2008 – 03:32:50 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1122360]
    O58 – SDL:02/11/2006 – 10:50:35 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [106088]
    O58 – SDL:17/04/2007 – 19:09:28 —A- . (.InterVideo – regi driver.) — C:WindowsSystem32Driversregi.sys [11032]
    O58 – SDL:13/01/2009 – 12:15:18 —A- . (.Realtek Semiconductor Corp. – Realtek(r) High Definition Audio Function Driver.) — C:WindowsSystem32DriversRTKVHDA.sys [2304928]
    O58 – SDL:15/01/2009 – 23:00:30 —A- . (.Realtek Semiconductor Corp. – Realtek USB Mass Storage Driver for Vista.) — C:WindowsSystem32DriversRTSTOR.sys [61440]
    O58 – SDL:02/11/2006 – 07:37:21 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [20480]
    O58 – SDL:21/01/2008 – 03:32:52 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [74808]
    O58 – SDL:02/11/2006 – 10:50:05 —A- . (.LSI Logic – LSI Logic 8XX SCSI Miniport Driver.) — C:WindowsSystem32Driverssymc8xx.sys [35944]
    O58 – SDL:02/11/2006 – 10:49:56 —A- . (.LSI Logic – LSI Logic Hi-Perf SCSI Miniport Driver.) — C:WindowsSystem32Driverssym_hi.sys [31848]
    O58 – SDL:02/11/2006 – 10:50:03 —A- . (.LSI Logic – LSI Logic Ultra160 SCSI Miniport Driver.) — C:WindowsSystem32Driverssym_u3.sys [34920]
    O58 – SDL:09/01/2009 – 02:48:16 —A- . (.Synaptics, Inc. – Synaptics Touchpad Driver.) — C:WindowsSystem32DriversSynTP.sys [204976]
    O58 – SDL:30/01/2008 – 10:51:50 —A- . (.NewTech Infosystems Corporation – NTI CDROM Filter Driver.) — C:WindowsSystem32DriversUBHelper.sys [13824]
    O58 – SDL:21/01/2008 – 03:32:45 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [238648]
    O58 – SDL:02/11/2006 – 10:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
    O58 – SDL:21/01/2008 – 03:32:21 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [20024]
    O58 – SDL:21/01/2008 – 03:32:49 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [130616]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbmdm6k.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Corporation. – USB NDIS Miniport Driver.) — C:WindowsSystem32DriversZTEusbnet.sys [114688]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbnmea.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbnmeaext.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbnmeaext2.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbser6k.sys [105088]
    O58 – SDL:26/09/2011 – 11:04:02 —A- . (.ZTE Inc. – USB Modem/Serial Device Driver.) — C:WindowsSystem32DriversZTEusbvoice.sys [105088]
    O58 – SDL:02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 86 Scanned in 00mn 31s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (…) — C:UsersmarineAppDataRoamingAdobeAcrobat9.0UserCache.bin [90791]
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:UsersmarineAppDataLocalTemp~nsu.tmpAu_.exe [133700]
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:UsersmarineDownloadsUsbFix.exe [3051000]
    O61 – LFC: 23/05/2014 – 14:38:28 —A- . (.Nicolas Coolman.) — C:UsersmarineDownloadsZHPDiag2.exe [6780575] =>.Nicolas Coolman
    ~ 4 Fichiers temporaires (Temporary files)
    ~ 8 Fichiers cookies (Cookies files)
    ~ Files: 4 Scanned in 00mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswMonFlt.sys (aswMonFlt) .(.AVAST Software – avast! File System Minifilter for Windows 2.) – LEGACY_ASWMONFLT
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswRdr.sys (aswRdr) .(.AVAST Software – avast! TDI Redirect Driver.) – LEGACY_ASWRDR
    O64 – Services: CurCS – 17/11/2013 – C:WindowsSystem32DriversaswRvrt.sys (aswRvrt) .(…) – LEGACY_ASWRVRT
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswSnx.sys (aswSnx) .(.AVAST Software – avast! Virtualization Driver.) – LEGACY_ASWSNX
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswSP.sys (aswSP) .(.AVAST Software – avast! self protection module.) – LEGACY_ASWSP
    O64 – Services: CurCS – 24/02/2014 – C:Windowssystem32driversaswTdi.sys (aswTdi) .(.AVAST Software – avast! TDI Filter Driver.) – LEGACY_ASWTDI
    O64 – Services: CurCS – 29/12/2013 – C:WindowsSystem32DriversaswVmm.sys (aswVmm) .(…) – LEGACY_ASWVMM
    O64 – Services: CurCS – 02/11/2006 – C:Program FilesLAUNCH~1DPortIO.sys (DritekPortIO) .(.Dritek System Inc. – General Port I/O.) – LEGACY_DRITEKPORTIO
    O64 – Services: CurCS – 17/04/2007 – C:WindowsSystem32driversregi.sys (regi) .(.InterVideo – regi driver.) – LEGACY_REGI
    O64 – Services: CurCS – 02/11/2006 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
    ~ Legacy: 86 Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WindowsSystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
    O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
    O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
    ~ FASS Keys: 12 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsconduit.xml
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“browser.search.defaultthis.engineName”, “01NET.com Main Customized Web Search”);
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“browser.search.defaulturl”, “http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&CUI=UN94251443328045185&UM=2&Sear[…]
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.Fissa.Uninstall.lastRunTime”, “Thu, 24 Mar 2011 19:01:06 GMT”); =>PUP.OfferBox
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.Fissa.lastRunTime”, “Thu, 24 Mar 2011 18:19:05 GMT”); =>PUP.OfferBox
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.DNSErrUrl”, “http://start.facemoods.com/?a=ddrnw&f=5”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.aflt”, “_#ddrnw”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.dfltSrch”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.dfltSrchPrvdr”, “Facemoods Search”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.dnsErr”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.fcmdVrsn”, “1.2.7.5.4”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.firstRun”, false); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.first_time”, false); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.hmpg”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.hmpgUrl”, “http://start.facemoods.com/?a=ddrnw”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.id”, “_#8e2b759500000000000000235adde7f9”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.instlDay”, “_#15228”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.mntz”, “”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.newTab”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.newTabUrl”, “http://start.facemoods.com/?a=ddrnw&f=2”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.prtnrId”, “_#facemoods.com”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.searchProviderAdded”, true); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.sid”, “_#e68f29f66ffd4b03b45c7e9e240fefca”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.tlbrSrchUrl”, “http://start.facemoods.com/?a=ddrnw&f=3”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.update”, “_#v1.4.0”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“extensions.facemoods.vrsn”, “_#1.4.17.11”); =>Adware.Facemoods
    O69 – SBI: prefs.js [marine – dwt984hb.default] user_pref(“smartbar.conduitSearchAddressUrlList”, “http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN9[…] =>Hijacker.SmartBar
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – () – http://search.live.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} – (Web Search) – http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Delta Search) – http://www.delta-search.com” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {b9508593-ae5f-42a4-a513-126644af3685} – (iadah) – http://www.iadah.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {BC48935D-0C66-4AF5-B14D-CD1548EA82D3} [DefaultScope] – (01NET.com Main Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {F00A3CE5-6DA9-49BC-826F-86C9D16E53A1} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [24576]
    O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [62976]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [247808]
    O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [40448]
    O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [40448]
    O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [125952]
    O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [574464]
    O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [438272]
    O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [314368]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [90624]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [260608]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [68608]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [47104]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [288256]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [242688]
    O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes Terminal Server.) — C:WindowsSystem32termsrv.dll [448512]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [1929952]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [758272]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [247808]
    O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [190464]
    O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [19968]
    O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [33280]
    O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [111616]
    O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [45056]
    O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [153600]
    O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [57344]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [161792]
    O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [603648]
    O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service de configuration des services Terminal Server.) — C:WindowsSystem32sessenv.dll [84992]
    O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [81920]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [68096]
    ~ Services: 31 Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][30/05/2012] (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:UsersmarineAppDataRoamingpcouffin.sys [47360]
    [MD5.457F9A510E4E9BD04E27D356511D0EB8] [SPRF][02/02/2013] (…) — C:UsersmarineAppDataRoamingwklnhst.dat [3554]
    [MD5.53DDA20538126954A415C797BC0A63C7] [SPRF][29/06/2012] (.Adobe Systems, Inc. – Adobe Flash Player 10.1 r52.) — C:UsersmarineDesktopWebGameplay.exe [5484987]
    ~ Files: 3 Scanned in 00mn 00s

    —\ Export de clés de registre aléatoires (O91)
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version=”2.6.1095.52″ =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version=”2.6.1125.80″ =>Hijacker.Eazel
    [HKCUSoftware5353dc8bb339e544] =>PUP.Babylon^
    ~ Export Key Software: Scanned in 00mn 00s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}] (Bubble Dock SurfMatch) =>PUP.BubbleDock
    [HKCRCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] (OfferBox) =>PUP.OfferBox
    ~ BCK: 4771 Scanned in 00mn 16s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 04/01/2009 724992 | (Ati External Event Utility) . (.ATI Technologies Inc..) – C:WindowsSystem32Ati2evxx.exe
    SS – | Auto 06/02/2009 653856 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FileseMachineseMachines Power ManagementePowerSvc.exe
    SS – | Auto 18/02/2013 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 18/02/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Auto 28/03/2012 140456 | (IJPLMSVC) . (…) – C:Program FilesCanonIJPLMIJPLMSVC.exe
    SS – | Auto 04/01/2007 112152 | (IviRegMgr) . (.InterVideo.) – C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
    SS – | Demand 23/09/2008 50424 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) – C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
    SS – | Auto 23/09/2008 144632 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) – C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
    SR – | Auto 24/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 21/01/2008 21504 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 18s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by marine at 23/05/2014 14:39:22
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys ndis.sys athr.sys win32k.sys
    C:Windowssystem32DRIVERSahcix86s.sys Advanced Micro Devices, Inc AMD AHCI Compatible Controller
    C:Windowssystem32DRIVERSathr.sys Atheros Communications, Inc. Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter
    1 ntkrnlpa!IofCallDriver[0x828D8FEF] >> DeviceHarddisk0DR0[0x8639DAA0]
    3 CLASSPNP[0x87FA4745] >> ntkrnlpa!IofCallDriver[0x828D8FEF] >> [0x84AC0360]
    5 acpi[0x806136A0] >> ntkrnlpa!IofCallDriver[0x828D8FEF] >> Device0000067[0x859B8C90]
    kernel: MBR read successfully
    user & kernel MBR OK
    error: Read Ressources système insuffisantes pour terminer le service demandé.
    ~ MBR: 16 Scanned in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by marine at 23/05/2014 14:39:24
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13029 – (23/05/2014)
    Clés trouvées (Keys found) : 46
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 19
    Fichiers trouvés (Files found) : 15

    [HKLMSoftwareGoogleChromeExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{23AF19F7-1D5B-442C-B14C-3D1081953C94}] =>PUP.BubbleDock^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>PUP.OfferBox^
    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupreguTorrent] =>P2P.µTorrent^
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}] =>Adware.Facemoods
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{4a1b5397-2a80-4f7d-af70-327d9e2103c6}] =>Toolbar.Agent
    [HKLMSoftwareClassesAppID{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKLMSoftwareClassesAppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKLMSoftwareClassesCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheOfferBox Browser] =>PUP.OfferBox
    [HKLMSoftwareClassesOfferBox.OfferBoxServer] =>PUP.OfferBox
    [HKLMSoftwareClassesOfferBox.OfferBoxServer.1] =>PUP.OfferBox
    [HKLMSoftwareGoogleChromeExtensionsbjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox
    [HKLMSoftwareBoxore] =>Adware.Boxore
    [HKCUSoftwareAppDataLowSoftwareConduitSearchScopes] =>Toolbar.Conduit
    [HKCUSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareDataMngr] =>Adware.Bandoo
    [HKCUSoftwareFissaSearch] =>PUP.OfferBox
    [HKCUSoftwarefreeCompressor] =>Adware.SPointer
    [HKLMSoftwareGamesBarSetup] =>Adware.GamesBar
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKCUSoftwareOfferBox] =>PUP.OfferBox
    [HKLMSoftwareOfferBox] =>PUP.OfferBox
    [HKLMSoftwareTarma Installer] =>PUP.Tarma
    [HKLMSoftwareClassesProd.cap] =>PUP.Babylon
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKCUAppEventsSchemesAppsExplorerNavigatingOld_Current] =>PUP.MediaFinder
    [HKLMSoftwareClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
    [HKLMSoftwareClassesToolbar.CT3285358] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSoftwareMozillaFirefoxExtensions]:offerboxffx@offerbox.com =>PUP.OfferBox
    C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
    C:Program FilesOfferBox =>PUP.OfferBox^
    C:Program FilesProtected Search =>Spyware.ProtectedSearch^
    C:ProgramDataBabylon =>PUP.Babylon^
    C:ProgramDataTarma Installer =>PUP.Tarma^
    C:ProgramDataTrymedia =>Adware.Trymedia^
    C:UsersmarineAppDataRoamingBabylon =>PUP.Babylon^
    C:UsersmarineAppDataRoamingDealPly =>PUP.DealPly^
    C:UsersmarineAppDataRoamingNosibay =>PUP.BubbleDock^
    C:UsersmarineAppDataRoamingOfferBox =>PUP.OfferBox^
    C:UsersmarineAppDataLocalLollipop =>Adware.Lollipop^
    C:Program FilesConduit =>Toolbar.Conduit
    C:Program FilesFreeCompressor =>Adware.SPointer
    C:Program FilesSoftware =>Adware.Boxore
    C:Program FilesWebgameplay setup =>Toolbar.Agent
    C:UsersmarineAppDataRoamingFreeCompressor =>Adware.SPointer
    C:UsersmarineAppDataLocalConduit =>Toolbar.Conduit
    C:UsersmarineAppDataLocalSoftware =>Adware.Boxore
    C:UsersmarineAppDataLocalLowConduit =>Toolbar.Conduit
    C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultSearchPluginsconduit.xml =>Toolbar.Conduit
    C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultSearchPluginsfissa.xml =>PUP.OfferBox
    [HKCUSoftwareAppDataLowSoftwareConduit] =>Toolbar.Conduit^
    [HKCUSoftwareAppDataLowSoftwareSmartbar] =>Hijacker.SmartBar^
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKCUSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareBabylon] =>PUP.Babylon^
    [HKLMSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareDomaIQ] =>Adware.DomaIQ^
    [HKLMSoftwareTrymedia Systems] =>Adware.Trymedia^
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel^
    [HKCUSoftware5353dc8bb339e544history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel^
    [HKCUSoftware5353dc8bb339e544] =>PUP.Babylon^^
    [HKCRCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}] (Bubble Dock SurfMatch) =>PUP.BubbleDock^
    [HKCRCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] (OfferBox) =>PUP.OfferBox^
    ~ Additionnel Scan: 248352 Items scanned in 00mn 47s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    http://nicolascoolman.fr/pup-bubbledock” onclick=”window.open(this.href);return false; =>PUP.BubbleDock
    http://nicolascoolman.fr/pup-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
    http://nicolascoolman.fr/pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
    http://nicolascoolman.fr/pup-certifiedtoolbar” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
    http://nicolascoolman.fr/adware-facemoods” onclick=”window.open(this.href);return false; =>Adware.Facemoods
    http://nicolascoolman.fr/pup-dealply” onclick=”window.open(this.href);return false; =>PUP.DealPly
    http://nicolascoolman.fr/hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
    http://nicolascoolman.fr/toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    http://nicolascoolman.fr/hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
    http://nicolascoolman.fr/hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
    http://nicolascoolman.fr/pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    http://nicolascoolman.fr/adware-installcore” onclick=”window.open(this.href);return false; =>Adware.InstallCore
    http://nicolascoolman.fr/adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
    http://nicolascoolman.fr/adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    http://nicolascoolman.fr/adware-domaiq” onclick=”window.open(this.href);return false; =>Adware.DomaIQ
    http://nicolascoolman.fr/26808625-adware-gamesbar” onclick=”window.open(this.href);return false; =>Adware.GamesBar
    http://nicolascoolman.fr/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.fr/adware-trymedia” onclick=”window.open(this.href);return false; =>Adware.Trymedia
    http://nicolascoolman.fr/spyware-protectedsearch” onclick=”window.open(this.href);return false; =>Spyware.ProtectedSearch
    http://nicolascoolman.fr/adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
    http://nicolascoolman.fr/adware-iwinarcade” onclick=”window.open(this.href);return false; =>Adware.iWinArcade
    http://nicolascoolman.fr/adware-bullseyetoolbar” onclick=”window.open(this.href);return false; =>Adware.BullseyeToolbar
    http://nicolascoolman.fr/adware-yontoo” onclick=”window.open(this.href);return false; =>Adware.Yontoo
    http://nicolascoolman.fr/adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    http://nicolascoolman.fr/28445531-pup-mediafinder” onclick=”window.open(this.href);return false; =>PUP.MediaFinder
    ~ MSI: 26 link(s) detected in 00mn 00s

    End of the scan (1417 lines in 03mn 59s)(0)

  • buckhulk
    Participant
    Post count: 2391

    tu as Adobe Reader pas à jour et Flash Player non plus :

    Adobe Reader décocher McAfee

    Flash Player choisir ta version

    java

    Désolé je n'avais pas compris, ça doit être bon là :

    toujours pas !

    Certains rapports sont beaucoup trop long pour être mis sur les forums donc pour les trasmettre il suffit de les “héberger” sur un site spécialisé !

    voici comment faire :

    mais déjà tu peux commencer par paser Adwcleaner , JRT , Shortcut_Modile et Malwarebytes et un nouveau ZHPDiag :
    Donc 5 rapports dans ta prochaine réponse !

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    _____________________________________________________

    • Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    _________________________________________________________

    • Désactive ton antivirus sinon l’outil ne pourra pas travailler convenablement.
    • Télécharge Shortcut_Module sur ton bureau.

      Note : Enregistrer votre travail avant de continuer !

    • Lance Shortcut_Module,
    • Clic sur Nettoyer

      Note : Patiente le temps du scan

    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : “Supprimer le proxy
    • Héberge le rapport C:Shortcut_Module_date_heure.txt sur https://antimalware.top/” onclick=”window.open(this.href);return false; puis donne le lien obtenu

    _____________________________________________________________

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware Premium”
    • Clic sur Mettre à jour (à droite, au centre)
    • Clic sur Examen (en haut)
    • Sélectionne Examen “Menaces”
    • Clic sur Examiner maintenant

    • A la fin du scan clic sur Tout mettre en quarantaine !
    • Clic sur Copier dans le Presse-papiers
    • Un rapport va s’ouvrir. Copie/Colle son contenue dans ta prochaine réponse.

    et donc un nbouveau ZHPDiag !
    :merci2:

  • marinezer
    Participant
    Post count: 15

    http://cjoint.com/?0ExqEOyBV2Y” onclick=”window.open(this.href);return false;
    AH AH je crois avoir réussi cette fois, bon maintenant que j’y arrive je fais le reste. Désolé j’ai du mal mais moi et l’informatique ça fait deux…

  • marinezer
    Participant
    Post count: 15

    # AdwCleaner v3.210 – Rapport créé le 23/05/2014 à 16:36:14
    # Mis à jour le 19/05/2014 par Xplode
    # Système d’exploitation : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
    # Nom d’utilisateur : marine – PC-DE-MARINE
    # Exécuté depuis : C:UsersmarineDownloadsadwcleaner_3.210.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataBabylon
    Dossier Supprimé : C:ProgramDataTarma Installer
    Dossier Supprimé : C:ProgramDataTrymedia
    Dossier Supprimé : C:Program FilesConduit
    Dossier Supprimé : C:Program FilesFreeCompressor
    Dossier Supprimé : C:Program FilesNosibay
    Dossier Supprimé : C:Program FilesOfferBox
    Dossier Supprimé : C:Program FilesProtected Search
    Dossier Supprimé : C:Program FilesUninstaller
    Dossier Supprimé : C:UsersmarineAppDataLocalConduit
    Dossier Supprimé : C:UsersmarineAppDataLocalFreeCompressor Air
    Dossier Supprimé : C:UsersmarineAppDataLocallollipop
    Dossier Supprimé : C:UsersmarineAppDataLocalLowConduit
    Dossier Supprimé : C:UsersmarineAppDataLocalLowSimplyTech
    Dossier Supprimé : C:UsersmarineAppDataRoamingBabylon
    Dossier Supprimé : C:UsersmarineAppDataRoamingDealPly
    Dossier Supprimé : C:UsersmarineAppDataRoamingFreeCompressor
    Dossier Supprimé : C:UsersmarineAppDataRoamingNosibay
    Dossier Supprimé : C:UsersmarineAppDataRoamingOfferBox
    Dossier Supprimé : C:UsersmarineAppDataLocalSoftware
    Dossier Supprimé : C:Program FilesSoftware
    Dossier Supprimé : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultExtensions{f531b93a-b50b-4ff1-8288-404c881ac4da}
    Fichier Supprimé : C:END
    Fichier Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsNavigateur OfferBox.lnk
    Fichier Supprimé : C:Program FilesCommon Filesplugin.crx
    Fichier Supprimé : C:UsersmarineAppDataRoamingBubble Dock.boostrap.log
    Fichier Supprimé : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultbProtector_extensions.rdf
    Fichier Supprimé : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsBabylon.xml
    Fichier Supprimé : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsConduit.xml
    Fichier Supprimé : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsdelta.xml
    Fichier Supprimé : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsFissa.xml
    Fichier Supprimé : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultuser.js
    Fichier Supprimé : C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_app.mam.conduit.com_0.localstorage-journal
    Fichier Supprimé : C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_search.conduit.com_0.localstorage-journal
    Fichier Supprimé : C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_www.wajam.com_0.localstorage-journal
    Fichier Supprimé : C:WindowsSystem32TasksDealply
    Fichier Supprimé : C:WindowsSystem32TasksProtectedSearch

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Valeur Supprimée : HKCUSoftwareMozillaFirefoxExtensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
    Valeur Supprimée : HKLMSOFTWAREMozillaFirefoxExtensions [bubbledock@nosibay.com]
    Valeur Supprimée : HKLMSOFTWAREMozillaFirefoxExtensions [offerboxffx@offerbox.com]
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsbjeikeheijdjdfjbmknpefojickbkmom
    Clé Supprimée : HKCUSoftwareGoogleChromeExtensionshakpajgggjjcjmidfbnnncnbaihjneaj
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionshakpajgggjjcjmidfbnnncnbaihjneaj
    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{A5CC369E-0DE3-4408-9F28-A13186386B62}
    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{A5CC369E-0DE3-4408-9F28-A13186386B62}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Clé Supprimée : HKLMSOFTWAREClassesAppIDWLXQuickTimeShellExt.DLL
    Clé Supprimée : HKLMSOFTWAREClassesNosibay.SurfMatch
    Clé Supprimée : HKLMSOFTWAREClassesNosibay.SurfMatch.1
    Clé Supprimée : HKLMSOFTWAREClassesOfferBox.OfferBoxServer
    Clé Supprimée : HKLMSOFTWAREClassesOfferBox.OfferBoxServer.1
    Clé Supprimée : HKLMSOFTWAREClassesProd.cap
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs [bProtectTabs]
    Clé Supprimée : HKCUSoftware5353dc8bb339e544
    Clé Supprimée : HKLMSOFTWAREClassesToolbar.CT3285358
    Clé Supprimée : HKLMSOFTWAREClassesAppID{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{4A1B5397-2A80-4F7D-AF70-327D9E2103C6}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{64182481-4F71-486B-A045-B233BD0DA8FC}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442C-B14C-3D1081953C94}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{64182481-4F71-486B-A045-B233BD0DA8FC}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0D7562AE-8EF6-416D-A838-AB665251703A}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Clé Supprimée : HKCUSoftwareBabSolution
    Clé Supprimée : HKCUSoftwareConduit
    Clé Supprimée : HKCUSoftwareDataMngr
    Clé Supprimée : HKCUSoftwareFissaSearch
    Clé Supprimée : HKCUSoftwareFreeCompressor
    Clé Supprimée : HKCUSoftwareInstallCore
    Clé Supprimée : HKCUSoftwarelollipop
    Clé Supprimée : HKCUSoftwareNosibay
    Clé Supprimée : HKCUSoftwareOfferbox
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareConduit
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareConduitSearchScopes
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwaresimplytech
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareSmartBar
    Clé Supprimée : HKLMSoftwareBabylon
    Clé Supprimée : HKLMSoftwareBoxore
    Clé Supprimée : HKLMSoftwareConduit
    Clé Supprimée : HKLMSoftwareDataMngr
    Clé Supprimée : HKLMSoftwareDomaIQ
    Clé Supprimée : HKLMSoftwareGamesBarSetup
    Clé Supprimée : HKLMSoftwareOfferbox
    Clé Supprimée : HKLMSoftwareTarma Installer
    Clé Supprimée : HKLMSoftwareTrymedia Systems
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCachelollipop
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheOfferbox Browser
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8121C32A9C319F4CB0C11FF059552A4
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v8.0.6001.19088

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Search Bar]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Default_Page_URL]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Default_Page_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Bar]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearch [Start Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearch [Start Default_Page_URL]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearch [Default_Search_URL]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearch [Search Bar]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearch [Search Page]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerAboutURls [bProtectTabs]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearch [SearchAssistant]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearch [Start Page]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearch [Start Default_Page_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearch [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearch [Search Bar]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearch [Search Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearchUrl [(Default)]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearchUrl [(Default)]

    -\ Mozilla Firefox v

    [ Fichier : C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultprefs.js ]

    Ligne Supprimée : user_pref(“CT3285358.FF19Solved”, “true”);
    Ligne Supprimée : user_pref(“CT3285358.UserID”, “UN94251443328045185”);
    Ligne Supprimée : user_pref(“CT3285358.addressUrlXPETakeover”, “true”);
    Ligne Supprimée : user_pref(“CT3285358.autoDisableScopes”, -1);
    Ligne Supprimée : user_pref(“CT3285358.browser.search.defaultthis.engineName”, “true”);
    Ligne Supprimée : user_pref(“CT3285358.defaultSearchXPETakeover”, “true”);
    Ligne Supprimée : user_pref(“CT3285358.installDate”, “7/4/2013 12:33:44”);
    Ligne Supprimée : user_pref(“CT3285358.installerVersion”, “1.3.7.3”);
    Ligne Supprimée : user_pref(“CT3285358.keyword”, “true”);
    Ligne Supprimée : user_pref(“Smartbar.SearchFromAddressBarSavedUrl”, “”);
    Ligne Supprimée : user_pref(“browser.search.defaultthis.engineName”, “01NET.com Main Customized Web Search”);
    Ligne Supprimée : user_pref(“browser.search.defaulturl”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&CUI=UN94251443328045185&UM=2&SearchSource=3&q={searchTerms}”);
    Ligne Supprimée : user_pref(“extensions.Fissa.Uninstall.lastRunTime”, “Thu, 24 Mar 2011 19:01:06 GMT”);
    Ligne Supprimée : user_pref(“extensions.Fissa.lastRunTime”, “Thu, 24 Mar 2011 18:19:05 GMT”);
    Ligne Supprimée : user_pref(“extensions.facemoods.DNSErrUrl”, “hxxp://start.facemoods.com/?a=ddrnw&f=5”);
    Ligne Supprimée : user_pref(“extensions.facemoods.aflt”, “_#ddrnw”);
    Ligne Supprimée : user_pref(“extensions.facemoods.dfltSrch”, true);
    Ligne Supprimée : user_pref(“extensions.facemoods.dfltSrchPrvdr”, “Facemoods Search”);
    Ligne Supprimée : user_pref(“extensions.facemoods.dnsErr”, true);
    Ligne Supprimée : user_pref(“extensions.facemoods.fcmdVrsn”, “1.2.7.5.4”);
    Ligne Supprimée : user_pref(“extensions.facemoods.firstRun”, false);
    Ligne Supprimée : user_pref(“extensions.facemoods.first_time”, false);
    Ligne Supprimée : user_pref(“extensions.facemoods.hmpg”, true);
    Ligne Supprimée : user_pref(“extensions.facemoods.hmpgUrl”, “hxxp://start.facemoods.com/?a=ddrnw”);
    Ligne Supprimée : user_pref(“extensions.facemoods.id”, “_#8e2b759500000000000000235adde7f9”);
    Ligne Supprimée : user_pref(“extensions.facemoods.instlDay”, “_#15228”);
    Ligne Supprimée : user_pref(“extensions.facemoods.mntz”, “”);
    Ligne Supprimée : user_pref(“extensions.facemoods.newTab”, true);
    Ligne Supprimée : user_pref(“extensions.facemoods.newTabUrl”, “hxxp://start.facemoods.com/?a=ddrnw&f=2”);
    Ligne Supprimée : user_pref(“extensions.facemoods.prtnrId”, “_#facemoods.com”);
    Ligne Supprimée : user_pref(“extensions.facemoods.searchProviderAdded”, true);
    Ligne Supprimée : user_pref(“extensions.facemoods.sid”, “_#e68f29f66ffd4b03b45c7e9e240fefca”);
    Ligne Supprimée : user_pref(“extensions.facemoods.tlbrSrchUrl”, “hxxp://start.facemoods.com/?a=ddrnw&f=3”);
    Ligne Supprimée : user_pref(“extensions.facemoods.update”, “_#v1.4.0”);
    Ligne Supprimée : user_pref(“extensions.facemoods.vrsn”, “_#1.4.17.11”);
    Ligne Supprimée : user_pref(“extensions.wrc.SearchRules.ask.com.style”, “.WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(“I[…]
    Ligne Supprimée : user_pref(“extensions.wrc.SearchRules.ask.com.url”, “^hxxp(s)?\:\/\/(.+\.)?ask\.com\/.*”);
    Ligne Supprimée : user_pref(“extensions.wrc.SearchRules.rambler.ru.style”, “.WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(“IMAGE”) right no-repeat}”);
    Ligne Supprimée : user_pref(“smartbar.conduitSearchAddressUrlList”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN94251443328045185&UM=2&q=”);
    Ligne Supprimée : user_pref(“smartbar.originalSearchAddressUrl”, “”);
    Ligne Supprimée : user_pref(“smartbar.originalSearchEngine”, “Google”);

    -\ Google Chrome v34.0.1847.137

    [ Fichier : C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Search Provider] : hxxp://search.conduit.com/Results.aspx?q=” onclick=”window.open(this.href);return false;{searchTerms}&SearchSource=49&cui=UN22107624022178817&ctid=CT3285358&UM=2
    Supprimée [Search Provider] : hxxp://www.delta-search.com/?q=” onclick=”window.open(this.href);return false;{searchTerms}&affID=119370&babsrc=SP_ss&mntrId=8E2B00235ADDE7F9
    Supprimée [Homepage] : hxxp://www.delta-search.com/?affID=120518&tt=gc_&babsrc=HP_ss&mntrId=8E2B00235ADDE7F9″ onclick=”window.open(this.href);return false;
    Supprimée [Extension] : hakpajgggjjcjmidfbnnncnbaihjneaj

    *************************

    AdwCleaner[R0].txt – [17140 octets] – [23/05/2014 16:34:29]
    AdwCleaner[S0].txt – [15735 octets] – [23/05/2014 16:36:14]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [15796 octets] ##########

  • buckhulk
    Participant
    Post count: 2391

    puisque tu ne te sers ni de cjoint ni de SosUpload , au moins met tes rapports entre les balises “loupe à coté du drapeau dans le ligne des bbcode !
    :merci2:

    je viens de voir :

    http://cjoint.com/?0ExqEOyBV2Y
    AH AH je crois avoir réussi cette fois, bon maintenant que j'y arrive je fais le reste. Désolé j'ai du mal mais moi et l'informatique ça fait deux...

    :content: :content: :bravo1:

  • marinezer
    Participant
    Post count: 15

    Le lien pour jrt : http://cjoint.com/?3Exq46bNkql” onclick=”window.open(this.href);return false;

  • buckhulk
    Participant
    Post count: 2391

    :super: :P:

  • marinezer
    Participant
    Post count: 15

    Le lien pour sosvirus: http://cjoint.com/?3ExrW0Grp2f” onclick=”window.open(this.href);return false;

  • marinezer
    Participant
    Post count: 15

    Rapport malware:

    Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l’examen: 23/05/2014
    Heure de l’examen: 17:55:00
    Fichier journal: Malwarebytes Anti-Malware.txt
    Administrateur: Oui

    Version: 2.00.2.1012
    Base de données Malveillants: v2014.05.23.09
    Base de données Rootkits: v2014.05.21.01
    Licence: Gratuite
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Self-protection: Désactivé(e)

    Système d’exploitation: Windows Vista Service Pack 1
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: marine

    Type d’examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 266547
    Temps écoulé: 19 min, 6 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Heuristics: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0
    (No malicious items detected)

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 1
    PUP.Optional.SearchCertifiedTB.A, HKUS-1-5-21-179234166-31584988-549877916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERSEARCHURI|(Default), http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q=” onclick=”window.open(this.href);return false;%s, Bon: (http://www.google.com” onclick=”window.open(this.href);return false;), Mauvais: (http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q=” onclick=”window.open(this.href);return false;%s),Remplacé,[95404e068dee96a096c779dd46becb35]

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 0
    (No malicious items detected)

    Secteurs physiques: 0
    (No malicious items detected)

    (end)

  • marinezer
    Participant
    Post count: 15

    et voilà le lien pour le rapport de zb : http://cjoint.com/?3ExsB2xhRLS” onclick=”window.open(this.href);return false;

    Je peux supprimer tout les logiciels? parce que là mon ordinateur est à bout de souffle .. ^^

  • buckhulk
    Participant
    Post count: 2391
    Je peux supprimer tout les logiciels? parce que là mon ordinateur est à bout de souffle .. 

    ne t’inquiétes pas , tout sera supprimé quand la désinfect sera finie .

    Il manque le rapport de Shortcut_Module ?

  • buckhulk
    Participant
    Post count: 2391

    Adobe Reader toujours pas à jour .

    voici un script :

    • Séléctionne et copie le script suivant :

      Script ZHPFix
      ShortcutFix
      [MD5.00000000000000000000000000000000] [APT] [{0388B60A-FD86-4965-A6D8-BD603D98D97B}] (...) -- D:SETUP.exe (.not file.) [0] => Existe aussi en malware DELF-CA.Troj
      [MD5.00000000000000000000000000000000] [APT] [{C23350A9-5CC7-49E0-9A25-1FFAFBB1F117}] (...) -- C:UsersmarineDownloadsavira_antivirus_personal_fr.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{E54B1257-89D9-41FF-9112-D93E87C7F150}] (...) -- D:setup.exe (.not file.) [0] => Existe aussi en malware DELF-CA.Troj
      O42 - Logiciel: Adobe Reader 9.5.5 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A95000000001} => Adobe Reader 9
      [HKLMSoftwareId]
      O43 - CFD: 07/12/2010 - 16:59:49 - [] ----D C:Program FilesBoontyGames => Boonty Game
      O43 - CFD: 17/06/2013 - 04:56:56 - [] ----D C:Program FilesWebgameplay setup => Toolbar.Agent
      O53 - SMSR:HKLM...startupreguTorrent [Key] . (...) -- C:Program FilesuTorrentuTorrent.exe (.not file.) =>P2P.µTorrent
      O69 - SBI: SearchScopes [HKCU] {b9508593-ae5f-42a4-a513-126644af3685} - (iadah) - http://www.iadah.com => Toolbar.Iadah
      [MD5.53DDA20538126954A415C797BC0A63C7] [SPRF][29/06/2012] (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r52.) -- C:UsersmarineDesktopWebGameplay.exe [5484987] => Adobe Inc*
      [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupreguTorrent] =>P2P.µTorrent^
      [HKCUAppEventsSchemesAppsExplorerNavigatingOld_Current] =>PUP.MediaFinder
      C:Program FilesWebgameplay setup =>Toolbar.Agent
      ProxyFix
      EmptyPrefetch
      EmptyFlash
      SysRestore
      FirewallRAZ
      EmptyTemp
    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO


      exemple :

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

    Normalement cela doit aller mieux ??

    explique s’il te plait .
    :merci2:

  • marinezer
    Participant
    Post count: 15

    Il me semble que je l’ai mis plus haut mais au cas où je te redonne le lien de shortcut : http://cjoint.com/?3ExtAApuuj1” onclick=”window.open(this.href);return false;

  • marinezer
    Participant
    Post count: 15

    J’ai ZPH diag et non ZPH fix est-ce que ça change quelque chose? car moi au lieu d’importer j’ai rechercher..

  • buckhulk
    Participant
    Post count: 2391
    J'ai ZPH diag et non ZPH fix est-ce que ça change quelque chose? car moi au lieu d'importer j'ai rechercher.

    Ha oui :(

    ZHPFix c’est l’icone en forme de seringue , ZHPDiag c’est l’icone en forme de parchemin !

    Le script il va dans ZHPFix (la seringue )

    comment va l’ordi aussi après le script ??

  • marinezer
    Participant
    Post count: 15

    Bonjour,

    Voilà le dernier rapport demandé :) : http://cjoint.com/?3EyofTQPDkA” onclick=”window.open(this.href);return false;

    Pour la clés j’ai de nouveaux tout mes documents impec merci :) faut-il que je fasse encore quelque chose?

  • buckhulk
    Participant
    Post count: 2391
    Pour la clés j'ai de nouveaux tout mes documents impec merci :) faut-il que je fasse encore quelque chose?

    non pour moi c’est terminé si pour toi ça va !

    [fin2desinf:2d52z4qb][/fin2desinf:2d52z4qb]

    [diapo2:2d52z4qb][/diapo2:2d52z4qb]

    :bye: bon Week-End

  • marinezer
    Participant
    Post count: 15

    Idem pour moi :)

    Je te remercie pour le temps que tu as passé à tout m’expliquer et surtout ta patience …

    Merci beaucoup en tout cas :D

  • buckhulk
    Participant
    Post count: 2391

    à ton service…. ;)

Le sujet ‘Fichier clés usb transformé en raccourcis’ est fermé à de nouvelles réponses.