ordi infesté 2013-10-25T21:46:32+00:00

Dépannage Informatique : ordi infesté

  • Auteur
    Messages
  • le canard
    Nombre d'articles : 0

    Bonjour,

    Mon ordi est infesté depuis quelques jours et les symptômes sont les suivants : changement de barre d’outil par défaut, ordi lent au démarrage et en recherche internet, présence de pop-up régulier, insertion en 1er résultats de pages de lien non pertinents (pub voir lien sans rapport avec la recherche) et changement de page vers des sites marchands.

    J’ai effectué les recommandations du site et voici les rapports :
    [spoiler:1kh9w6pv]# AdwCleaner v3.010 – Rapport créé le 25/10/2013 à 21:48:28
    # Mis à jour le 20/10/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Pierre – PIERRE-VAIO
    # Exécuté depuis : C:UsersPierreDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : DatamngrCoordinator
    [#] Service Supprimé : dqupdate
    [#] Service Supprimé : dqupdatem
    [#] Service Supprimé : Update SaltarSmart

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataAsk
    Dossier Supprimé : C:ProgramDataBabylon
    Dossier Supprimé : C:ProgramDataDSearchLink
    Dossier Supprimé : C:ProgramDataPartner
    Dossier Supprimé : C:ProgramDataVisualBee
    Dossier Supprimé : C:Program Files (x86)Ask.com
    Dossier Supprimé : C:Program Files (x86)Complitly
    Dossier Supprimé : C:Program Files (x86)Duuqu
    Dossier Supprimé : C:Program Files (x86)FrameFox
    Dossier Supprimé : C:Program Files (x86)Movies Toolbar
    Dossier Supprimé : C:Program Files (x86)MyPC Backup
    Dossier Supprimé : C:Program Files (x86)optimizer pro
    Dossier Supprimé : C:Program Files (x86)SaltarSmart
    Dossier Supprimé : C:Windowsinstaller{86d4b82a-abed-442a-be86-96357b70f4fe}
    Dossier Supprimé : C:UsersPierreAppDataLocalDuuqu
    Dossier Supprimé : C:UsersPierreAppDataLocalilividmoviestoolbardla
    Dossier Supprimé : C:UsersPierreAppDataLocalvisualbeeexe
    Dossier Supprimé : C:UsersPierreAppDataLocalTempAskSearch
    Dossier Supprimé : C:UsersPierreAppDataLocalTempBabylonToolbar
    Dossier Supprimé : C:UsersPierreAppDataLocalTempboost_interprocess
    Dossier Supprimé : C:UsersPierreAppDataLocalLowAskToolbar
    Dossier Supprimé : C:UsersPierreAppDataLocalLowBabylonToolbar
    Dossier Supprimé : C:UsersPierreAppDataLocalLowDelta
    Dossier Supprimé : C:UsersPierreAppDataLocalLowilividmoviestoolbardla
    Dossier Supprimé : C:UsersPierreAppDataLocalLowsearchresultstb
    Dossier Supprimé : C:UsersPierreAppDataRoamingBabylon
    Dossier Supprimé : C:UsersPierreAppDataRoamingComplitly
    Dossier Supprimé : C:UsersPierreDocumentsoptimizer pro
    Dossier Supprimé : C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionschdboodilddefglllfoimeceomkpmkbi
    Dossier Supprimé : C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsdlfienamagdnkekbbbocojppncdambda
    Fichier Supprimé : C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultLocal Storagechrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
    Fichier Supprimé : C:WindowsTasksDuuquUpdateTaskMachineCore.job
    Fichier Supprimé : C:WindowsSystem32TasksDuuquUpdateTaskMachineCore
    Fichier Supprimé : C:WindowsTasksDuuquUpdateTaskMachineUA.job
    Fichier Supprimé : C:WindowsSystem32TasksDuuquUpdateTaskMachineUA

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionschdboodilddefglllfoimeceomkpmkbi
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsdlfienamagdnkekbbbocojppncdambda
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionskiplfnciaokpcennlkldkdaeaaomamof
    Clé Supprimée : HKLMSOFTWAREClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Clé Supprimée : HKLMSOFTWAREClassesAppIDComplitly.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppIDGenericAskToolbar.DLL
    Clé Supprimée : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr
    Clé Supprimée : HKLMSOFTWAREClassesbbylntlbr.bbylntlbrHlpr.1
    Clé Supprimée : HKLMSOFTWAREClassesGenericAskToolbar.ToolbarWnd
    Clé Supprimée : HKLMSOFTWAREClassesGenericAskToolbar.ToolbarWnd.1
    Clé Supprimée : HKLMSOFTWAREClassesProd.cap
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho.1
    Clé Supprimée : HKLMSOFTWAREClassesSearchQUIEHelper.DNSGuard
    Clé Supprimée : HKLMSOFTWAREClassesSearchQUIEHelper.DNSGuard.1
    Clé Supprimée : HKLMSOFTWAREClassesSuggestMeYes.SuggestMeYesBHO
    Clé Supprimée : HKLMSOFTWAREClassesSuggestMeYes.SuggestMeYesBHO.1
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskInstallChecker_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskInstallChecker_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingaskpartnercobrandingtool_rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingaskpartnercobrandingtool_rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingsweetimsetup_rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingsweetimsetup_rasmancs
    Valeur Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [ApnUpdater]
    Valeur Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun [FrameFox Extensions]
    Clé Supprimée : HKLMSOFTWAREMozillaPlugins@www.duuqu.com/omaha/tools//Duuqu Update;version=3
    Clé Supprimée : HKLMSOFTWAREMozillaPlugins@www.duuqu.com/omaha/tools//Duuqu Update;version=9
    Valeur Supprimée : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x64]
    Valeur Supprimée : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x86]
    Valeur Supprimée : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x64]
    Valeur Supprimée : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x86]
    Clé Supprimée : HKLMSOFTWAREf0dcdce26fe514
    Clé Supprimée : HKLMSOFTWAREClassesAppID{442F13BC-2031-42D5-9520-437F65271153}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{B47AD5D8-9D04-4F7B-8776-35EA5892F138}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{6C434537-053E-486D-B62A-160059D9D456}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D4027C7F-154A-4066-A1AD-4243D8127440}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{B47AD5D8-9D04-4F7B-8776-35EA5892F138}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerExtensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{B47AD5D8-9D04-4F7B-8776-35EA5892F138}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{6C434537-053E-486D-B62A-160059D9D456}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Clé Supprimée : HKCUSoftwareAPN DTX
    Clé Supprimée : HKCUSoftwareAPN
    Clé Supprimée : HKCUSoftwareAsk.com
    Clé Supprimée : HKCUSoftwareBabSolution
    Clé Supprimée : HKCUSoftwareComplitly
    Clé Supprimée : HKCUSoftwareDataMngr
    [#] Clé Supprimée : HKCUSoftwareDataMngr_Toolbar
    Clé Supprimée : HKCUSoftwareDelta
    Clé Supprimée : HKCUSoftwareDuuqu
    Clé Supprimée : HKCUSoftwareilivid
    Clé Supprimée : HKCUSoftwareilividmoviestoolbardla
    Clé Supprimée : HKCUSoftwareSaltarSmart
    Clé Supprimée : HKCUSoftwaretorch
    Clé Supprimée : HKCUSoftwarevisualbee
    Clé Supprimée : HKCUSoftwareYahooPartnerToolbar
    Clé Supprimée : HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareAskToolbar
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareCrossrider
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareilividmoviestoolbardla
    Clé Supprimée : HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F}
    Clé Supprimée : HKLMSoftware{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Clé Supprimée : HKLMSoftwareAPN
    Clé Supprimée : HKLMSoftwareAskToolbar
    Clé Supprimée : HKLMSoftwareBabylon
    Clé Supprimée : HKLMSoftwareDataMngr
    Clé Supprimée : HKLMSoftwareDelta
    Clé Supprimée : HKLMSoftwareDeviceVM
    Clé Supprimée : HKLMSoftwareDuuqu
    Clé Supprimée : HKLMSoftwareSaltarSmart
    Clé Supprimée : HKLMSoftwareSimplyGen
    Clé Supprimée : HKLMSoftwaretorch
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{33ECC890-C480-4124-B95B-BA36E025B120}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilividmoviestoolbardlaIE
    Clé Supprimée : [x64] HKLMSOFTWAREDeviceVM
    Clé Supprimée : [x64] HKLMSOFTWAREDomaIQ
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSaltarSmart
    Donnée Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – c:progra~2movies~1datamngrmgrldr.dll
    Donnée Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – c:progra~3wincertwin32c~1.dll
    Donnée Supprimée : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – C:PROGRA~3WincertWIN64C~1.DLL
    Donnée Supprimée : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – C:PROGRA~2MOVIES~1Datamngrx64mgrldr.dll
    Clé Supprimée : HKLMSoftwareClassesInstallerFeaturesA28B4D68DEBAA244EB686953B7074FEF
    Clé Supprimée : HKLMSoftwareClassesInstallerProductsA28B4D68DEBAA244EB686953B7074FEF

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16521

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]

    -\ Google Chrome v29.0.1547.76

    [ Fichier : C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée : homepage
    Supprimée : search_url
    Supprimée : keyword
    Supprimée : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt – [17764 octets] – [25/10/2013 21:46:44]
    AdwCleaner[S0].txt – [16552 octets] – [25/10/2013 21:48:28]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [16613 octets] ##########[/spoiler:1kh9w6pv]

  • 2011N2
    Participant
    Nombre d'articles : 27

    Bonjour,

    Téléchargez et enregistrez ZHPDiag => https://www.sosvirus.net/telecharger/zhpdiag/” onclick=”window.open(this.href);return false; sur votre ordinateur.
    Cliquez ensuite sur le fichier téléchargé pour exécuter l’installation du logiciel.
    Laissez vous guider lors de l’installation en laissant les réglages par défaut, n’oubliez pas de cocher la case “raccourci bureau“.
    Suite à ces actions, deux raccourcis bureau sont présents. (ZHPFix, ZHPDiag)

    Pour exécuter une analyse compléte, cliquez sur l’icône bureau “ZHPDiag” représentant un “parchemin“.
    Dans l’interface du logiciel, cliquez sur le bouton “Configurer” pour accéder aux réglages.
    Cliquez ensuite sur bouton “Loupe +” en bas à gauche, pour lancer un Diagnostic Full options

    L’analyse s’effectue, patientez quelques minutes pendant le travail de l’outil indiqué par “Traitement en cours…”.

    Il arrive parfois que le programme affiche un message “Ne répond pas“, attendez qu’il le fasse.
    Le blocage étant le plus souvent “temporaire”…patientez

    A l’issue de l’analyse le rapport va s’ouvrir dans le bloc note
    Vous pouvez poster ce rapport par copier/coller et fermer le programme.
    Le rapport ZHPDiag.txt sera aussi sur votre bureau.
    En cas de nécessité, il est sauvegardé dans C:UsernomxxxAppDataRoamingZHPZHPDiag.txt

    Rappel pour poster par copier/coller

    Vérifier dans le bloc notes (Notepad) > Format , que “Retour automatique à la ligne” soit décoché.
    Mettre le curseur de la souris sur le rapport ouvert
    Appuyer simultanément sur les touches CTRL et A pour tout sélectionner (surligné en bleu en général) et relâcher les touches.
    Appuyer simultanément sur les touches CTRL et C pour copier le contenu du rapport dans le presse-papier de Windows et relâcher les touches.
    Ouvrir une réponse dans votre sujet sur le forum qui vous aide ou en créer un, y pointer le curseur de la souris.
    Appuyer simultanément sur les touches CTRL et V pour coller le contenu du presse-papier.

    Si le rapport est trop lourd alors hébergez le afin d’y accéder

    Rendez vous sur Sosupload
    Aide: Clique ici

    Gabriel.

  • Le canard
    Nombre d'articles : 0

    http://cjoint.com/?0JzxZjtTxhW” onclick=”window.open(this.href);return false;

    [spoiler:4pnhjyqj]~ Rapport de ZHPDiag v2013.10.24.63 – Nicolas Coolman (24/10/2013)
    ~ Lancé par Pierre (25/10/2013 22:35:47)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16521
    GCIE: Google Chrome v29.0.1547.76 (Defaut)
    GCIE: Google Chrome Frame v29.0.1547.76 (Defaut)
    OBIE: Safari v5.34.57.2

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : CGKHQ
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v8.0.1497.0
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 10 Plugin
    Adobe Reader X
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3950 MB (44% free)
    System Restore: Activé (Enable)
    System drive C: has 285 GB (62%) free of 455 GB

    —\ Mode de connexion au système
    ~ Computer Name: PIERRE-VAIO
    ~ User Name: Pierre
    ~ All Users Names: Pierre, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersPierreAppDataRoamingZHP
    ~ %AppData% : C:UsersPierreAppDataRoaming
    ~ %Desktop% : C:UsersPierreDesktop
    ~ %Favorites% : C:UsersPierreFavorites
    ~ %LocalAppData% : C:UsersPierreAppDataLocal
    ~ %StartMenu% : C:UsersPierreAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 285 Go of 455 Go)
    D: Floppy drive, Flash card reader, USB Key (Not Inserted)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.69F1D418B4C4EC23033D598E4CBC6B73] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.19/06/2013 – 14:01:18.) — C:WindowsSystem32wininet.dll [2240512]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.1C7857B62DE5994A75B054A9FD4C3825] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:24.) — C:Windowssystem32DriversAFD.sys [498688]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 09s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/674
    ~ Mes musiques (My Musics) : 1/491
    ~ Mes Favoris (My Favorites) : 1/53
    ~ Mes Documents (My Documents) : 2/56
    ~ Mon Bureau (My Desktop) : 3/3276
    ~ Menu demarrer (Programs) : 1/22
    ~ Hidden Files: Scanned in 00mn 50s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2452]
    [MD5.EF4BF6AB09A06867104DAC48DF35E779] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284696] [PID.3204]
    [MD5.6C72E91639AA9D190CDA13D389FE7827] – (.Sony Corporation – Pas de description.) — C:Program Files (x86)SONYISB UtilityISBMgr.exe [320880] [PID.3452]
    [MD5.F81BB17F053CCF309C49107B0B09F2DA] – (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SONYPMBPMBVolumeWatcher.exe [597792] [PID.2836]
    [MD5.F6EA75A95BE7580273F6F4437E58A508] – (.Sony Corporation – Marketing Tools.) — C:Program Files (x86)SONYMarketing ToolsMarketingTools.exe [26624] [PID.3864]
    [MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [4858968] [PID.744]
    [MD5.E4401CF27225C1D6E664E86195978562] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152544] [PID.3836]
    [MD5.569E547273C25B019054A12A40400ECE] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [11318784] [PID.4640]
    [MD5.4B723F33D7331F20E06F3A2FD76EC1D5] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [11312128] [PID.4316]
    [MD5.2859EBC065D2E1CCC94161CE28BAC085] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770560] [PID.3424]
    [MD5.BB4F6465EEB9ACAA5C60C36983740219] – (.Google Inc. – Google Toolbar Broker.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe [310352] [PID.4460] =>Toolbar.Google
    [MD5.5397E32E882C0148CEC13D9EACFB7157] – (.Microsoft Corporation – Internet Low-Mic Utility Tool.) — C:Program Files (x86)Internet ExplorerIELowutil.exe [222208] [PID.6620]
    [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.7028] =>Toolbar.Google
    [MD5.4D96F6F7508BDF46771262EEEA505F98] – (.Sony of America Corporation – VaioCare Window Listener Application.) — C:Program FilesSonyVAIO Carelistener.exe [81016] [PID.1332]
    [MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe [887432] [PID.6256]
    [MD5.B93FFCF1D42AE4613CDFF7450F7D4199] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8128512] [PID.1468]
    [MD5.9330941C8F6DF417F6DBBE998DB6687E] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [46808] [PID.1336]
    [MD5.626A24ED1228580B9518C01930936DF9] – (.Google Inc. – Programme d'installation de Google.) — C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [133104] [PID.1932]
    [MD5.A5299D04ED225D64CF07A568A3E1BF8C] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55184] [PID.2008]
    [MD5.5460828F8951D310B42B442877603B8D] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.2332]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2372]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2392]
    [MD5.627FA58ADC043704F9D14CA44340956F] – (.Sony Corporation – Device Information Provider.) — C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe [360224] [PID.2480]
    [MD5.63F6D08C54D5B3C1B12A6172032055C7] – (.ArcSoft, Inc. – MgiSvr.) — C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe [104960] [PID.2684]
    [MD5.6B31C9CB94927DBEEB62E15275F4CC54] – (.Sony Corporation – VAIO Event Service (Service Module).) — C:Program Files (x86)SONYVAIO Event ServiceVESMgr.exe [205168] [PID.2744]
    [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] – (.Microsoft Corporation – COM Surrogate.) — C:WindowsSysWOW64DllHost.exe [7168] [PID.2196]
    [MD5.7CD368DFF5D7D4BA9F8F46F31EA8877D] – (.Sony Corporation – VAIO Event Service(Service Sub Module).) — C:Program Files (x86)SONYVAIO Event ServiceVESMgrSub.exe [112488] [PID.2852]
    [MD5.10E212BFB7EAB152A64C1AAEC2F7F4E0] – (.Sony Corporation – VCM Intelligent Analyzing Manager.) — C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [529776] [PID.2940]
    [MD5.7A88CFD3FE99F2C9B95A6E2A08B96E14] – (.Sony Corporation – VCM Intelligent Network Service Manager.) — C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe [386416] [PID.2980]
    [MD5.D8BEF4AC1EAC809DBDBD441D6CFF6C4C] – (.Sony Corporation – VAIO Entertainment Database Service.) — C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe [206336] [PID.3484]
    [MD5.CC800D2D9FD467542BAC7C186C4774AD] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.3184]
    [MD5.6A740F5FF3246C3BE3DD317299EFC88E] – (.Sony Corporation – VAIO Content Folder Watcher.) — C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe [642416] [PID.1060]
    [MD5.C5A75EB48E2344ABDC162BDA79E16841] – (.Microsoft Corporation – .NET Runtime Optimization Service.) — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [130384] [PID.6664]
    [MD5.9E89C2D6945389270DE067CE51FF7425] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2320920] [PID.5564]
    [MD5.D347D3ABE070AA09C22FC37121555D52] – (.Sony Corporation – VAIOCare.) — C:Program FilesSonyVAIO CareVCService.exe [44736] [PID.6576]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1356]
    ~ Processes Running: Scanned in 00mn 12s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] http://www.google.com” onclick=”window.open(this.href);return false;
    G2 – GCE: Preference [User DataDefault] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.21.56092, (Désactivé) =>Adware.Bandoo
    G2 – GCE: Preference [User DataDefault] [chdboodilddefglllfoimeceomkpmkbi] SaltarSmart v.1.0.0 (Activé) =>PUP.SaltarSmart
    G2 – GCE: Preference [User DataDefault] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Extension v.5.3.0.7550 (Désactivé)
    ~ Google Browser: 13 Legitimates Filtered in 00mn 20s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = preserve
    ~ IE Browser: 16 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{FA4C2D53-205F-4245-9717-F3761154824D}SafariIco.exe
    O4 – GSQuickLaunch [Pierre]: Apple Safari.lnk . (…) — C:WindowsInstaller{FA4C2D53-205F-4245-9717-F3761154824D}SafariIco.exe
    O4 – GSQuickLaunch [Pierre]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Pierre]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSProgram [Pierre]: Create Amazing Presentations.lnk – Clé orpheline
    ~ Global Startup: 67 Legitimates Filtered in 00mn 12s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: Bluetooth.lnk . (…) — C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe (.not file.)
    O4 – GSStartup [Pierre]: OpenOffice.org 3.2.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Apoint] C:Program Files (x86)ApointApoint.exe (.not file.)
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjusched.exe =>.Oracle Corporation
    O4 – HKCU..Run: [RegistryBooster] C:Program Files (x86)UniblueRegistryBoosterlauncher.exe (.not file.)
    O4 – HKCU..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKCU..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [ISBMgr.exe] . (.Sony Corporation – Pas de description.) — C:Program Files (x86)SonyISB UtilityISBMgr.exe
    O4 – HKLM..Wow6432NodeRun: [PMBVolumeWatcher] . (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
    O4 – HKLM..Wow6432NodeRun: [MarketingTools] . (.Sony Corporation – Marketing Tools.) — C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [RegistryBooster] C:Program Files (x86)UniblueRegistryBoosterlauncher.exe (.not file.)
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    ~ Application: Scanned in 00mn 01s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 [64Bits] – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Util SaltarSmart (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe (.not file.) =>PUP.SaltarSmart
    O23 – Service: VAIO Entertainment Database Service (VzCdbSvc) . (.Sony Corporation – VAIO Entertainment Database Service.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
    ~ Services: 23 Legitimates Filtered in 00mn 28s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{6349EAA0-7E30-40DC-9783-08462CE24A99}] (…) — C:UsersPierreDesktopopen office.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{9FC8BC47-EAC3-43CB-89AB-51EAAB3B983C}] (…) — E:autorun.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [Launch Application] (…) — C:Program FilesSONYVAIO Update CommonShellexeProxy.exe (.not file.) [0]
    ~ Scheduled Task: 34 Legitimates Filtered in 00mn 38s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareWow6432NodeVBMZ]
    ~ Key Software: 173 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 24/09/2012 – 18:18:28 – [0] —-D C:Program Files (x86)GUM318B.tmp
    O43 – CFD: 22/12/2010 – 17:51:40 – [0] —-D C:Program Files (x86)LimeWire
    O43 – CFD: 03/06/2011 – 11:23:25 – [1,325] —-D C:Program Files (x86)Shareaza
    O43 – CFD: 25/10/2013 – 21:48:28 – [0,019] —-D C:ProgramDataDatamngr =>PUP.Datamngr
    O43 – CFD: 03/06/2011 – 11:23:21 – [0,092] —-D C:UsersPierreAppDataRoamingShareaza
    O43 – CFD: 31/10/2010 – 12:52:11 – [0] —-D C:UsersPierreAppDataLocalShareaza
    ~ Program Folder: 178 Legitimates Filtered in 03mn 58s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.42E457CA221EFE73CB07585251B3FB07] – 24/10/2013 – 20:23:42 —A- . (…) — C:WindowsIE10_main.log [149336]
    O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [22704]
    O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [22704]
    O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [22704]
    O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [22704]
    ~ Files: 46 Legitimates Filtered in 01mn 13s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.1FDC331F69590A732DFF987F3C466BEC] – 01/10/2013 – 19:51:31 —A- – C:WindowsPrefetchWBCBATTERYCARE.EXE-DF7B7EEA.pf
    O45 – LFCP:[MD5.37F4BBD83A67BCBB60CB9C1F7B4854A0] – 19/10/2013 – 22:14:57 —A- – C:WindowsPrefetchADMLOAD.EXE-BC3F26C0.pf
    O45 – LFCP:[MD5.BC0B688FD86A734B3311CD299F68ACC9] – 24/10/2013 – 20:15:22 —A- – C:WindowsPrefetchVCMIALZMGR.EXE-40E91E41.pf
    O45 – LFCP:[MD5.4CD6842BA9F85A3AE966D97CAF24E9CB] – 24/10/2013 – 20:16:45 —A- – C:WindowsPrefetchVCSYSTRAY.EXE-6744AB5E.pf
    O45 – LFCP:[MD5.9D87E91C243BA43D1D3607697E1805DE] – 25/09/2013 – 20:49:21 —A- – C:WindowsPrefetchCOM.APPLE.WINDOWSCONTACTS.CLI-FDA196F1.pf
    O45 – LFCP:[MD5.8E4F792CEE11B51F339636E48D5D8D70] – 25/09/2013 – 20:49:30 —A- – C:WindowsPrefetchSYNCUIHANDLER.EXE-328587BA.pf
    O45 – LFCP:[MD5.E4D4334DF59C6F475197B7BBD47A05BF] – 25/09/2013 – 21:03:34 —A- – C:WindowsPrefetchMINGLER.EXE-D8BD2F63.pf
    O45 – LFCP:[MD5.37D9A86C5A6B0825625BD93856361BF3] – 25/10/2013 – 20:37:53 —A- – C:WindowsPrefetchVCMINSMGR.EXE-F1F81419.pf
    O45 – LFCP:[MD5.E0E1CFFABF963BC426027AE2EB935327] – 25/10/2013 – 20:37:58 —A- – C:WindowsPrefetchVSNSERVICE.EXE-F4985EFC.pf
    O45 – LFCP:[MD5.EFA5303768905FB4E41D9702000CC13A] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVESMGRSUB.EXE-E0B47857.pf
    O45 – LFCP:[MD5.59FEA2A340808194F060459129BF59E5] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVZCDBSVC.EXE-AB953ACE.pf
    O45 – LFCP:[MD5.CA6AD61474611DC2ABCCD5A3879E9E0C] – 25/10/2013 – 20:39:35 —A- – C:WindowsPrefetchAPVFB.EXE-2F577785.pf
    ~ Prefetcher: 122 Legitimates Filtered in 00mn 06s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – bitguard.exe – tasklist.exe =>PUP.BitGuard
    O50 – IFEO:Image File Execution Options – bprotect.exe – tasklist.exe
    O50 – IFEO:Image File Execution Options – browserdefender.exe – tasklist.exe =>Hijacker.Eazel
    O50 – IFEO:Image File Execution Options – browserprotect.exe – tasklist.exe =>Hijacker.Eazel
    ~ IFEO: Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{1f2609f7-d0b6-11df-ae8d-0024bec45d8a}AutoRuncommand. (…) — G:AutoRunCardDetector.exe (.not file.)
    O51 – MPSK:{856390f8-e80a-11df-979d-0024bec45d8a}AutoRuncommand. (…) — G:LaunchU3.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] – 30/08/2013 – 08:48:10 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
    ~ Drivers: 16 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 25/10/2013 – 22:45:47 —A- . (…) — C:UsersPierreAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_languages.json.content [1497]
    O61 – LFC: 25/10/2013 – 23:00:21 —A- . (…) — C:UsersPierreAppDataRoamingGoogleLocal Search Historygoogle%2Eweb.w [63452]
    O61 – LFC: 25/10/2013 – 23:00:35 —A- . (…) — C:UsersPierreAppDataRoamingZHPLog.txt [18908] =>.Nicolas Coolman
    O61 – LFC: 25/10/2013 – 23:00:35 —A- . (…) — C:UsersPierreAppDataRoamingZHPTestsZHPDiag.txt [2884] =>.Nicolas Coolman
    O61 – LFC: 25/10/2013 – 23:00:44 —A- . (…) — C:UsersPierreDownloadsadwcleaner.exe [1060070]
    ~ 6 Fichiers temporaires (Temporary files)
    ~ Files: 32 Legitimates Filtered in 16mn 38s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program Files (x86)SafariSafari.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.7ABE2BE30B5AFFBE8BD09B9EEF5C6961] [SPRF][14/06/2011] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][29/12/2010] (…) — C:UsersPierreAppDataLocalTemp5abciw0t.dll [0]
    [MD5.F59F192D75396538912A87A5A8447E70] [SPRF][24/09/2012] (.Ask.com – AskStub Application.) — C:UsersPierreAppDataLocalTempApnStub.exe [357032]
    [MD5.709DC78EA9EFBDA2226AE93080ABC80A] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempapnuserid.dat [16]
    [MD5.85D8CE590AD8981CA2C8286F79F59954] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempappid.dat [3]
    [MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempBackupSetup.exe [10355400]
    [MD5.4599E1CF12B415B88EC4D6473559523E] [SPRF][09/10/2010] (…) — C:UsersPierreAppDataLocalTempEADB875.exe [212992]
    [MD5.9495FF73014B8A17BD4798911AD097FA] [SPRF][20/09/2011] (…) — C:UsersPierreAppDataLocalTempExtract.bat [87]
    [MD5.4D8BA2E4CDF22E8AE6EDA93133CAA84D] [SPRF][14/06/2011] (…) — C:UsersPierreAppDataLocalTempGoogleChromeInstaller.exe [579976]
    [MD5.4842726AF66D7AFB8FAC1B7FEF0F5634] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempICReinstall_FLVPlayerSetup.exe [936640]
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempiojlkfmu.dll [0]
    [MD5.8525CB5D57FBB87967169BC0735BDE57] [SPRF][09/12/2011] (.Complitly – Complitly Setup.) — C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe [579904] =>Adware.PredictAd
    [MD5.538719FC10378FF4E835008B37AD2CBB] [SPRF][08/10/2010] (.Lime Wire LLC – The Fastest File Sharing Program on Earth.) — C:UsersPierreAppDataLocalTempLimeWireWin.exe [29470991]
    [MD5.7C90F77D368CABEA7B726A3758D6D761] [SPRF][07/12/2011] (.Babylon Ltd. – Babylon Client Setup.) — C:UsersPierreAppDataLocalTempMyBabylonTB.exe [919664] =>Toolbar.Babylon
    [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersPierreAppDataLocalTempQuarantine.exe [344355]
    [MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.Pas de propriétaire – SendMsg.) — C:UsersPierreAppDataLocalTempSendMsg.dll [9216]
    [MD5.107DD417BE37F067AF3139976CD93C9B] [SPRF][07/12/2011] (…) — C:UsersPierreAppDataLocalTempSetup.exe [398635]
    [MD5.39CA2C1AF7AB0621907A2606F617560B] [SPRF][19/08/2011] (…) — C:UsersPierreAppDataLocalTempSkypeSetup.exe [19505152]
    [MD5.8CB22BDD0B7BA1AB13D742E22EED8DA2] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempsysid.dat [3]
    [MD5.BDEE9D936EFB7C76DF778F45F1CF130D] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTemptrackid.dat [6]
    [MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. – Uninstaller Application.) — C:UsersPierreAppDataLocalTempuninst1.exe [340464] =>Toolbar.Babylon
    [MD5.DA52CD11B68E526DE1EC4E730FF8AAF3] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempUnipack_Installer.exe [205436]
    [MD5.02764A733C6F506C59F300929F3299C5] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe [775152] =>Adware.VisualBeeToolbar
    [MD5.E93D456A74A43DCB034B5EBF37C3E40D] [SPRF][01/10/2013] (.Rcjbxb – Lqkliucvjk.) — C:UsersPierreAppDataLocalTempVisualBeeWebext.exe [4941896] =>Adware.VisualBeeToolbar
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempwl9px5qt.dll [0]
    [MD5.287F564C6947747642013BA1F772EEB8] [SPRF][25/11/2011] (…) — C:UsersPierreAppDataLocalTemp{F3ECBB9C-587F-41E7-AA59-FD6147BEF8CF}-chrome_installer.exe [15661977]
    [MD5.3C93AE560417C3963D1FDDD843BD4ED3] [SPRF][28/09/2013] (…) — C:UsersPierreAppDataRoamingwklnhst.dat [4568]
    ~ Files: 59 Legitimates Filtered in 00mn 35s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{D0C6E0CB-51C2-4123-B145-A73FF75A6377}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)LimeWireLimeWire.exe (.not file.)
    O87 – FAEL: “{EF924709-C5C6-4A08-95A0-15290A6C1BC1}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)LimeWireLimeWire.exe (.not file.)
    O87 – FAEL: “TCP Query User{040A471F-57D0-43FE-82AD-0A40A99C7CEB}C:program files (x86)limewirelimewire.exe” |In – Public – P6 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
    O87 – FAEL: “UDP Query User{4079E5A7-34E2-45E9-A5A9-6E8CD72CF1C7}C:program files (x86)limewirelimewire.exe” |In – Public – P17 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
    O87 – FAEL: “TCP Query User{54BB10C3-4D9C-44D9-89C7-F748F2627352}C:program files (x86)shareazashareaza.exe” |In – Public – P6 – TRUE | .(…) — C:program files (x86)shareazashareaza.exe (.not file.)
    O87 – FAEL: “UDP Query User{CCC5C5FC-A21C-4138-B14B-CB4FE6B3FA46}C:program files (x86)shareazashareaza.exe” |In – Public – P17 – TRUE | .(…) — C:program files (x86)shareazashareaza.exe (.not file.)
    O87 – FAEL: “{DF8BD093-B460-4AB3-8CE1-26056611F425}” |In – Private – P6 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{79B2BD7D-6880-463A-B10F-581DFD5813B5}” |In – Private – P17 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{83E530DF-B4E3-452A-8DBC-45DC41F6739F}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
    O87 – FAEL: “{147600D2-8C3D-4AD3-9794-FD5F69D6A722}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
    ~ Firewall: 244 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “6CCF58E6290D45A488938282D471A25D” . (.SphinxIQ.) — C:WindowsInstaller{6E85FCC6-D092-4A54-8839-28284D172AD5}ARPPRODUCTICON.exe
    ~ Update Products: 160 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.5FF2B0F7835519063800D9F2DB535131] [WIS][22/08/2013] (.QwertyBox Team – FrameFox Extensions 1.0.7.0 Setup.) — C:WindowsInstaller205f38.msi [417792] =>PUP.FrameFox
    ~ WIS: 162 Legitimates Filtered in 04mn 15s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 06/02/2009 109056 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
    SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 08/10/2010 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 04/09/2009 873248 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
    SS – | Auto 11/02/2010 133104 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/02/2010 133104 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 03/09/2012 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Auto 21/11/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Demand 12/12/2012 641504 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 14/12/2009 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SR – | Auto 24/10/2009 360224 | (PMBDeviceInfoProvider) . (.Sony Corporation.) – C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe
    SS – | Demand 31/08/2009 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUPnPRenderer10.exe
    SS – | Auto 31/08/2009 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUpnpService10.exe
    SR – | Auto 29/01/2011 259192 | (SampleCollector) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCPerfService.exe
    SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 15/10/2009 120104 | (SOHCImp) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
    SS – | Demand 15/10/2009 70952 | (SOHDBSvr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe
    SS – | Demand 15/10/2009 427304 | (SOHDms) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
    SS – | Demand 15/10/2009 75048 | (SOHDs) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
    SS – | Demand 15/10/2009 91432 | (SOHPlMgr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe
    SR – | Auto 18/09/2008 104960 | (uCamMonitor) . (.ArcSoft, Inc..) – C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
    SR – | Auto 14/12/2009 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SS – | Auto 10/07/1658 0 | (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe =>PUP.SaltarSmart
    SS – | Demand 14/09/2009 69632 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzHardwareResourceManagerVzHardwareResourceManagerVzHardwareResourceManager.exe
    SR – | Auto 28/05/2010 205168 | (VAIO Event Service) . (.Sony Corporation.) – C:Program Files (x86)SONYVAIO Event ServiceVESMgr.exe
    SR – | Demand 30/11/2009 571248 | (VAIO Power Management) . (.Sony Corporation.) – C:Program FilesSonyVAIO Power ManagementSPMService.exe
    SR – | Auto 14/09/2009 642416 | (VCFw) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
    SR – | Auto 19/02/2010 529776 | (VcmIAlzMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
    SR – | Auto 19/02/2010 386416 | (VcmINSMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe
    SS – | Demand 19/02/2010 115568 | (VcmXmlIfHelper) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe
    SR – | Demand 14/02/2011 44736 | (VCService) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCService.exe
    SR – | Auto 11/08/2010 845312 | (VSNService) . (.Sony Corporation.) – C:Program FilesSonyVAIO Smart NetworkVSNService.exe
    SR – | Demand 26/10/2012 1286784 | (VUAgent) . (.Sony Corporation.) – C:Program FilesSonyVAIO UpdateVUAgent.exe
    SR – | Auto 14/09/2009 206336 | (VzCdbSvc) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 04mn 30s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Pierre at 25/10/2013 23:08:20
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Scan Additionnel (O88)
    Database Version : 12960 – (24/10/2013)
    Clés trouvées (Keys found) : 30
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 2
    Fichiers trouvés (Files found) : 17

    [HKLMSoftwareGoogleChromeExtensionsaaaaabcbmongicmdegkmmfgdickgnnob] =>Adware.Bandoo^
    [HKLMSoftwareGoogleChromeExtensionschdboodilddefglllfoimeceomkpmkbi] =>PUP.SaltarSmart^
    [HKLMSYSTEMCurrentControlSetServicesUtil SaltarSmart] =>PUP.SaltarSmart^
    [HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
    [HKLMSoftwareWow6432NodeVBMZ] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
    C:ProgramDataDatamngr =>PUP.Datamngr^
    C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsdlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd
    C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe =>Toolbar.Google^
    C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google^
    C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaaabcbmongicmdegkmmfgdickgnnob =>Adware.Bandoo^
    C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionschdboodilddefglllfoimeceomkpmkbi =>PUP.SaltarSmart^
    C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe =>Adware.PredictAd^
    C:UsersPierreAppDataLocalTempMyBabylonTB.exe =>Toolbar.Babylon^
    C:UsersPierreAppDataLocalTempuninst1.exe =>Toolbar.Babylon^
    C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe =>Adware.VisualBeeToolbar^
    C:UsersPierreAppDataLocalTempVisualBeeWebext.exe =>Adware.VisualBeeToolbar^
    C:WindowsInstaller205f38.msi =>PUP.FrameFox^
    C:UsersPierreAppDataLocalTempbabylon.jpg =>PUP.SweetIM
    C:UsersPierreAppDataLocalTempGoogleToolbarInstaller1.log =>Toolbar.Babylon
    C:UsersPierreAppDataLocalTempGoogleToolbarInstaller2.log =>Toolbar.Babylon
    C:UsersPierreAppDataLocalTemppricepeep.bmp =>Adware.PricePeep
    ~ Additionnel Scan: 403210 Items scanned in 02mn 35s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
    ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    ~ http://nicolascoolman.webs.com/apps/blog/show/33293281-pup-saltarsmart” onclick=”window.open(this.href);return false; =>PUP.SaltarSmart
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard” onclick=”window.open(this.href);return false; =>PUP.BitGuard
    ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
    ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/29058830-adware-visualbeetoolbar” onclick=”window.open(this.href);return false; =>Adware.VisualBeeToolbar
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/32789922-pup-framefox” onclick=”window.open(this.href);return false; =>PUP.FrameFox
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ MSI: 15 link(s) detected in 02mn 36s

    ~ 1361 Legitimates filtered by white list
    End of the scan (606 lines in 35mn 13s)(0)[/spoiler:4pnhjyqj]

  • 2011N2
    Participant
    Nombre d'articles : 27

    Re,

    Pourquoi as-tu fait MBAM ?
    Et supprime les éléments qu’il a détecté.

    Gabriel.

  • Le canard
    Nombre d'articles : 0

    Si des menaces ont été détectées :
    • Cliquez sur OK puis “Afficher les résultats”.
    • Choisissez l’option “Supprimer la sélection”.
    euh, c’est pas ça qu’il fallait faire ?

  • 2011N2
    Participant
    Nombre d'articles : 27

    Re,

    Si, mais le rapport que tu m’as fourni m’indique qu’aucun élément n’a été supprimé.

    Applique ce correctif =>

    Ouvre le bloc-notes
    Séléctionne et copie dedans le script

    Script ZHPFix
    G2 – GCE: Preference [User DataDefault] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.21.56092, (Désactivé) =>Adware.Bandoo
    G2 – GCE: Preference [User DataDefault] [chdboodilddefglllfoimeceomkpmkbi] SaltarSmart v.1.0.0 (Activé) =>PUP.SaltarSmart
    O23 – Service: Util SaltarSmart (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe (.not file.) =>PUP.SaltarSmart
    O43 – CFD: 25/10/2013 – 21:48:28 – [0,019] —-D C:ProgramDataDatamngr =>PUP.Datamngr
    O50 – IFEO:Image File Execution Options – bitguard.exe – tasklist.exe =>PUP.BitGuard
    O50 – IFEO:Image File Execution Options – browserdefender.exe – tasklist.exe =>Hijacker.Eazel
    O50 – IFEO:Image File Execution Options – browserprotect.exe – tasklist.exe =>Hijacker.Eazel
    [MD5.9495FF73014B8A17BD4798911AD097FA] [SPRF][20/09/2011] (…) — C:UsersPierreAppDataLocalTempExtract.bat [87] =>
    [MD5.8525CB5D57FBB87967169BC0735BDE57] [SPRF][09/12/2011] (.Complitly – Complitly Setup.) — C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe [579904] =>Adware.PredictAd
    [MD5.7C90F77D368CABEA7B726A3758D6D761] [SPRF][07/12/2011] (.Babylon Ltd. – Babylon Client Setup.) — C:UsersPierreAppDataLocalTempMyBabylonTB.exe [919664] =>Toolbar.Babylon
    [MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. – Uninstaller Application.) — C:UsersPierreAppDataLocalTempuninst1.exe [340464] =>Toolbar.Babylon
    [MD5.02764A733C6F506C59F300929F3299C5] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe [775152] =>Adware.VisualBeeToolbar
    [MD5.E93D456A74A43DCB034B5EBF37C3E40D] [SPRF][01/10/2013] (.Rcjbxb – Lqkliucvjk.) — C:UsersPierreAppDataLocalTempVisualBeeWebext.exe [4941896] =>Adware.VisualBeeToolbar
    O87 – FAEL: “{DF8BD093-B460-4AB3-8CE1-26056611F425}” |In – Private – P6 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{79B2BD7D-6880-463A-B10F-581DFD5813B5}” |In – Private – P17 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
    O87 – FAEL: “{83E530DF-B4E3-452A-8DBC-45DC41F6739F}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
    O87 – FAEL: “{147600D2-8C3D-4AD3-9794-FD5F69D6A722}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
    [MD5.5FF2B0F7835519063800D9F2DB535131] [WIS][22/08/2013] (.QwertyBox Team – FrameFox Extensions 1.0.7.0 Setup.) — C:WindowsInstaller205f38.msi [417792] =>PUP.FrameFox
    SS – | Auto 10/07/1658 0 | (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe =>PUP.SaltarSmart
    [HKLMSoftwareGoogleChromeExtensionsaaaaabcbmongicmdegkmmfgdickgnnob] =>Adware.Bandoo^
    [HKLMSoftwareGoogleChromeExtensionschdboodilddefglllfoimeceomkpmkbi] =>PUP.SaltarSmart^
    [HKLMSYSTEMCurrentControlSetServicesUtil SaltarSmart] =>PUP.SaltarSmart^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
    C:ProgramDataDatamngr =>PUP.Datamngr^
    C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsdlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd
    C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaaabcbmongicmdegkmmfgdickgnnob =>Adware.Bandoo^
    C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionschdboodilddefglllfoimeceomkpmkbi =>PUP.SaltarSmart^
    C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe =>Adware.PredictAd^
    C:UsersPierreAppDataLocalTempMyBabylonTB.exe =>Toolbar.Babylon^
    C:UsersPierreAppDataLocalTempuninst1.exe =>Toolbar.Babylon^
    C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe =>Adware.VisualBeeToolbar^
    C:UsersPierreAppDataLocalTempVisualBeeWebext.exe =>Adware.VisualBeeToolbar^
    C:WindowsInstaller205f38.msi =>PUP.FrameFox^
    C:UsersPierreAppDataLocalTempbabylon.jpg =>PUP.SweetIM
    C:UsersPierreAppDataLocalTempGoogleToolbarInstaller1.log =>Toolbar.Babylon
    C:UsersPierreAppDataLocalTempGoogleToolbarInstaller2.log =>Toolbar.Babylon
    C:UsersPierreAppDataLocalTemppricepeep.bmp =>Adware.PricePeep
    O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline => Toolbar.Avast
    [HKLMSoftwareWow6432NodeVBMZ] => Toolbar.Conduit
    [MD5.F59F192D75396538912A87A5A8447E70] [SPRF][24/09/2012] (.Ask.com – AskStub Application.) — C:UsersPierreAppDataLocalTempApnStub.exe [357032]
    [HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeVBMZ] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
    O45 – LFCP:[MD5.1FDC331F69590A732DFF987F3C466BEC] – 01/10/2013 – 19:51:31 —A- – C:WindowsPrefetchWBCBATTERYCARE.EXE-DF7B7EEA.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.37F4BBD83A67BCBB60CB9C1F7B4854A0] – 19/10/2013 – 22:14:57 —A- – C:WindowsPrefetchADMLOAD.EXE-BC3F26C0.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.BC0B688FD86A734B3311CD299F68ACC9] – 24/10/2013 – 20:15:22 —A- – C:WindowsPrefetchVCMIALZMGR.EXE-40E91E41.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.4CD6842BA9F85A3AE966D97CAF24E9CB] – 24/10/2013 – 20:16:45 —A- – C:WindowsPrefetchVCSYSTRAY.EXE-6744AB5E.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.9D87E91C243BA43D1D3607697E1805DE] – 25/09/2013 – 20:49:21 —A- – C:WindowsPrefetchCOM.APPLE.WINDOWSCONTACTS.CLI-FDA196F1.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.8E4F792CEE11B51F339636E48D5D8D70] – 25/09/2013 – 20:49:30 —A- – C:WindowsPrefetchSYNCUIHANDLER.EXE-328587BA.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.E4D4334DF59C6F475197B7BBD47A05BF] – 25/09/2013 – 21:03:34 —A- – C:WindowsPrefetchMINGLER.EXE-D8BD2F63.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.37D9A86C5A6B0825625BD93856361BF3] – 25/10/2013 – 20:37:53 —A- – C:WindowsPrefetchVCMINSMGR.EXE-F1F81419.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.E0E1CFFABF963BC426027AE2EB935327] – 25/10/2013 – 20:37:58 —A- – C:WindowsPrefetchVSNSERVICE.EXE-F4985EFC.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.EFA5303768905FB4E41D9702000CC13A] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVESMGRSUB.EXE-E0B47857.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.59FEA2A340808194F060459129BF59E5] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVZCDBSVC.EXE-AB953ACE.pf => Fichier du dossier Prefetcher
    O45 – LFCP:[MD5.CA6AD61474611DC2ABCCD5A3879E9E0C] – 25/10/2013 – 20:39:35 —A- – C:WindowsPrefetchAPVFB.EXE-2F577785.pf => Fichier du dossier Prefetcher
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][29/12/2010] (…) — C:UsersPierreAppDataLocalTemp5abciw0t.dll [0] => Empty File not necessary
    [MD5.709DC78EA9EFBDA2226AE93080ABC80A] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempapnuserid.dat [16] => Temporary file not necessary
    [MD5.85D8CE590AD8981CA2C8286F79F59954] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempappid.dat [3] => Temporary file not necessary
    [MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempBackupSetup.exe [10355400] => Temporary file not necessary
    [MD5.4599E1CF12B415B88EC4D6473559523E] [SPRF][09/10/2010] (…) — C:UsersPierreAppDataLocalTempEADB875.exe [212992] => Temporary file not necessary
    [MD5.4D8BA2E4CDF22E8AE6EDA93133CAA84D] [SPRF][14/06/2011] (…) — C:UsersPierreAppDataLocalTempGoogleChromeInstaller.exe [579976] => Temporary file not necessary
    [MD5.4842726AF66D7AFB8FAC1B7FEF0F5634] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempICReinstall_FLVPlayerSetup.exe [936640] => Temporary file not necessary
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempiojlkfmu.dll [0] => Empty File not necessary
    [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersPierreAppDataLocalTempQuarantine.exe [344355] => Temporary file not necessary
    [MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.Pas de propriétaire – SendMsg.) — C:UsersPierreAppDataLocalTempSendMsg.dll [9216] => Temporary file not necessary
    [MD5.39CA2C1AF7AB0621907A2606F617560B] [SPRF][19/08/2011] (…) — C:UsersPierreAppDataLocalTempSkypeSetup.exe [19505152] => Temporary file not necessary
    [MD5.8CB22BDD0B7BA1AB13D742E22EED8DA2] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempsysid.dat [3] => Temporary file not necessary
    [MD5.BDEE9D936EFB7C76DF778F45F1CF130D] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTemptrackid.dat [6] => Temporary file not necessary
    [MD5.DA52CD11B68E526DE1EC4E730FF8AAF3] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempUnipack_Installer.exe [205436] => Temporary file not necessary
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempwl9px5qt.dll [0] => Empty File not necessary
    [MD5.287F564C6947747642013BA1F772EEB8] [SPRF][25/11/2011] (…) — C:UsersPierreAppDataLocalTemp{F3ECBB9C-587F-41E7-AA59-FD6147BEF8CF}-chrome_installer.exe [15661977] => Temporary file not necessary
    EmptyCLSID
    Emptytemp
    EmptyFlash

    Double-clique sur le raccourci du programme “ZHPFix” qui est sur ton bureau

    Dans l’interface du logiciel qui s’est ouvert, clique sur “Importer” pour coller le Script ZHPFix

    Si le script n’est pas conforme
    Un avertissement s’affiche
    Le script doit comporter obligatoirement comme première ligne Script ZHPFix

    Si le script est conforme
    Le texte précédemment copié doit être maintenant affiché automatiquement dans l’interface de ZHPFix

    Vérifie que le script dans ZHPFix correspond aux lignes précédentes
    Clique sur le bouton « GO » pour lancer le nettoyage
    Confirme ce nettoyage en cliquant sur “OUI” dans les deux fenêtres suivantes


    Ce traitement peut durer jusqu’à plusieurs minutes avant le nettoyage proprement dit des lignes du script
    Le nettoyage s’effectue, ne touche à rien pendant cette étape, si le programme demande un redémarrage du pc fait le
    A l’issue un rapport ZHPFix.txt s’affiche dans la zone de rapport de l’interface et dans le bloc note Windows
    Le rapport est aussi sauvegardé sur le Bureau Windows et dans le dossier : CUsernomxxxAppDataRoamingZHPZHPFix.txt

    Poste le contenu de ce rapport par un copier/coller dans ta réponse sur le forum

    Ferme ZHPFix et le bloc note par la croix rouge en haut à droite des deux fenêtres

    Gabriel.

  • Le canard
    Nombre d'articles : 0

    [spoiler:1cj3mfg4]Rapport de ZHPFix 2013.10.21.17 par Nicolas Coolman, Update du 21/10/2013
    Fichier d'export Registre :
    Run by Pierre at 26/10/2013 00:26:36
    High Elevated Privileges : OK
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

    Corbeille vidée (00mn 03s)

    ========== Processus mémoire ==========
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempMyBabylonTB.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempuninst1.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempVisualBeeWebext.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempApnStub.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempBackupSetup.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempEADB875.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempGoogleChromeInstaller.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempICReinstall_FLVPlayerSetup.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempQuarantine.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempSkypeSetup.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTempUnipack_Installer.exe
    SUPPRIMÉ: Memory Process: C:UsersPierreAppDataLocalTemp{F3ECBB9C-587F-41E7-AA59-FD6147BEF8CF}-chrome_installer.exe

    ========== Modules mémoire ==========
    SUPPRIMÉ: Memory Module: C:UsersPierreAppDataLocalTemp5abciw0t.dll
    SUPPRIMÉ: Memory Module: C:UsersPierreAppDataLocalTempiojlkfmu.dll
    SUPPRIMÉ: Memory Module: C:UsersPierreAppDataLocalTempSendMsg.dll
    SUPPRIMÉ: Memory Module: C:UsersPierreAppDataLocalTempwl9px5qt.dll

    ========== Clés du Registre ==========
    SUPPRIMÉ: Service: Util SaltarSmart
    SUPPRIMÉ: O50 – IFEO:Image File Execution Options – bitguard.exe – tasklist.exe
    SUPPRIMÉ: O50 – IFEO:Image File Execution Options – browserdefender.exe – tasklist.exe
    SUPPRIMÉ: O50 – IFEO:Image File Execution Options – browserprotect.exe – tasklist.exe
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF928123A039649549966D4C29D35B1C9
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494
    SUPPRIMÉ: [HKLMSOFTWAREClassesCLSID{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
    SUPPRIMÉ: HKLMSoftwareWow6432NodeVBMZ
    SUPPRIMÉ: HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE12F736682067FDE4D1158D5940A82E
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1A24B5BB8521B03E0C8D908F5ABC0AE6
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components261F213D1F55267499B1F87D0CC3BCF7
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2B0D56C4F4C46D844A57FFED6F0D2852
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components49D4375FE41653242AEA4C969E4E65E0
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6AA0923513360135B272E8289C5F13FA
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F7467AF8F29C134CBBAB394ECCFDE96
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components741B4ADF27276464790022C965AB6DA8
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7DE196B10195F5647A2B21B761F3DE01
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components922525DCC5199162F8935747CA3D8E59
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9D4F5849367142E4685ED8C25E44C5ED
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA28B4D68DEBAA244EB686953B7074FEF
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA5875B04372C19545BEB90D4D606C472
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA876D9E80B896EC44A8620248CC79296
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB66FFAB725B92594C986DE826A867888
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBCDA179D619B91648538E3394CAC94CC
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD677B1A9671D4D4004F6F2A4469E86EA
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDD1402A9DD4215A43ABDE169A41AFA0E
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE36E114A0EAD2AD46B381D23AD69CDDF
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEF8E618DB3AEDFBB384561B5C548F65E
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFE535C35F99574E8340BFA75BF92C2

    ========== Valeurs du Registre ==========
    SUPPRIMÉ: {DF8BD093-B460-4AB3-8CE1-26056611F425}
    SUPPRIMÉ: {79B2BD7D-6880-463A-B10F-581DFD5813B5}
    SUPPRIMÉ: {83E530DF-B4E3-452A-8DBC-45DC41F6739F}
    SUPPRIMÉ: {147600D2-8C3D-4AD3-9794-FD5F69D6A722}
    SUPPRIMÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

    ========== Préférences navigateur ==========
    SUPPRIMÉ Folder Chrome: C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaaabcbmongicmdegkmmfgdickgnnob
    SUPPRIMÉ Folder Chrome: C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionschdboodilddefglllfoimeceomkpmkbi

    ========== Dossiers ==========
    Aucun dossiers CLSID Local utilisateur vide
    SUPPRIMÉS Temporaires Windows (337) (0 octets)
    SUPPRIMÉS Flash Cookies (0) (0 octets)

    ========== Fichiers ==========
    SUPPRIMÉ: c:userspierreappdatalocalgooglechromeuser datadefaultpreferences
    SUPPRIMÉ: C:UsersPierreAppDataLocalTempExtract.bat
    SUPPRIMÉ: C:WindowsInstaller205f38.msi
    SUPPRIMÉ: C:UsersPierreAppDataLocalTempbabylon.jpg
    SUPPRIMÉ: C:UsersPierreAppDataLocalTempGoogleToolbarInstaller1.log
    SUPPRIMÉ: C:UsersPierreAppDataLocalTempGoogleToolbarInstaller2.log
    SUPPRIMÉ: C:UsersPierreAppDataLocalTemppricepeep.bmp
    SUPPRIMÉ: c:windowsprefetchwbcbatterycare.exe-df7b7eea.pf
    SUPPRIMÉ: c:windowsprefetchadmload.exe-bc3f26c0.pf
    SUPPRIMÉ: c:windowsprefetchvcmialzmgr.exe-40e91e41.pf
    SUPPRIMÉ: c:windowsprefetchvcsystray.exe-6744ab5e.pf
    SUPPRIMÉ: c:windowsprefetchcom.apple.windowscontacts.cli-fda196f1.pf
    SUPPRIMÉ: c:windowsprefetchsyncuihandler.exe-328587ba.pf
    SUPPRIMÉ: c:windowsprefetchmingler.exe-d8bd2f63.pf
    SUPPRIMÉ: c:windowsprefetchvcminsmgr.exe-f1f81419.pf
    SUPPRIMÉ: c:windowsprefetchvsnservice.exe-f4985efc.pf
    SUPPRIMÉ: c:windowsprefetchvesmgrsub.exe-e0b47857.pf
    SUPPRIMÉ: c:windowsprefetchvzcdbsvc.exe-ab953ace.pf
    SUPPRIMÉ: c:windowsprefetchapvfb.exe-2f577785.pf
    SUPPRIMÉ: C:UsersPierreAppDataLocalTempapnuserid.dat
    SUPPRIMÉ: C:UsersPierreAppDataLocalTempappid.dat
    SUPPRIMÉ: C:UsersPierreAppDataLocalTempsysid.dat
    SUPPRIMÉ: C:UsersPierreAppDataLocalTemptrackid.dat
    SUPPRIMÉS Temporaires Windows (0) (0 octets)
    SUPPRIMÉS Flash Cookies (0) (0 octets)

    ========== Récapitulatif ==========
    14 : Processus mémoire
    4 : Modules mémoire
    32 : Clés du Registre
    5 : Valeurs du Registre
    3 : Dossiers
    25 : Fichiers
    2 : Préférences navigateur

    End of clean in 01mn 08s

    ========== Chemin de fichier rapport ==========
    C:UsersPierreAppDataRoamingZHPZHPFix[R1].txt – 26/10/2013 00:26:40 [8210][/spoiler:1cj3mfg4]

  • 2011N2
    Participant
    Nombre d'articles : 27

    Bonjour,

    Bien.
    Tu as MBAM (Malwarebytes) sur ton PC.
    Mets-le à jour, puis fais un examen complet sur tous les disques. Tu supprimeras tous les éléments détectés et me posteras le rapport.

    Gabriel.

  • Le canard
    Nombre d'articles : 0

    Re, voici le rapport :
    [spoiler:1dxs7enp]Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.10.26.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16521
    Pierre :: PIERRE-VAIO [administrateur]

    Protection: Activé

    26/10/2013 23:51:35
    mbam-log-2013-10-26 (23-51-35).txt

    Type d'examen: Examen complet (C:|D:|E:|F:|)
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 397767
    Temps écoulé: 1 heure(s), 41 minute(s), 26 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 1
    C:UsersPierreAppDataLocalTempCT3297966 (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.

    Fichier(s) détecté(s): 53
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrDatamngr.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrDatamngrCoordinator.exe.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrDatamngrUI.exe.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrdel_DM_DLL_nspCF37.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrdel_IEBHO_nspCF37.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrIEBHO.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrSRTOOL~1GCuninstall.exe.vir (PUP.Optional.MoviesToolBar.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrSRTOOL~1IEuninstall.exe.vir (PUP.Optional.MoviesToolBar.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrx64Datamngr.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrx64del_BHO_nspCF37.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrx64del_DM_DLL_nspCF37.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)Movies ToolbarDatamngrx64IEBHO.dll.vir (PUP.Optional.Bandoo.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)SaltarSmartSaltarSmart.Common.dll.vir (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)SaltarSmartSaltarSmartBHO.dll.vir (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)SaltarSmartupdateSaltarSmart.exe.vir (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)SaltarSmartbinutilSaltarSmart.exe.vir (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)SaltarSmartbinpluginsSaltarSmart.FFUpdate.dll.vir (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)SaltarSmartbinpluginsSaltarSmart.IEUpdate.dll.vir (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgram Files (x86)SaltarSmartupdateh5zie12r.aid.exe.vir (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCProgramDataDSearchLinkDSearchLink.exe.vir (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    C:AdwCleanerQuarantineCUsersPierreAppDataLocalTempBabylonToolbarBabylonToolbar1.5.3.17BabylonToolbar4ie.exe.vir (PUP.Optional.BabylonToolBar.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempOptimizer_Pro.exe (PUP.Optional.1ClickDownload.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785LatestBabMaint.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785LatestBExternal.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785Latestccp.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785LatestCrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785LatestDSearchLink.exe (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785LatestMntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785LatestMyDeltaTB.exe (PUP.Optional.Delta) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp57114544-BAB0-7891-A375-6FB0653CD785LatestSetup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp6EA1677B-BAB0-7891-B62E-06217B9A6507LatestBabMaint.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp6EA1677B-BAB0-7891-B62E-06217B9A6507Latestccp.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp6EA1677B-BAB0-7891-B62E-06217B9A6507LatestCrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp6EA1677B-BAB0-7891-B62E-06217B9A6507LatestMntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTemp6EA1677B-BAB0-7891-B62E-06217B9A6507LatestSetup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempbusF056CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempF41BF4EA-BAB0-7891-9D0A-E6BE43F62C16MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempPlayer_Setup.exea3ee5600e3e548e3a1b67fe90e6f6d42installer.exe (PUP.Optional.Tuguu) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempPlayer_Setup.exea3ee5600e3e548e3a1b67fe90e6f6d42Player_Setup.exe (PUP.Optional.Tuguu) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempPlayer_Setup.exea3ee5600e3e548e3a1b67fe90e6f6d42softwareDelta Babylon.exe (PUP.Optional.DeltaTB) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempPlayer_Setup.exea3ee5600e3e548e3a1b67fe90e6f6d42softwareOptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempPlayer_Setup.exea3ee5600e3e548e3a1b67fe90e6f6d42softwareSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataRoamingZHPQuarantineicreinstall_flvplayersetup.exe.VIR (PUP.Optional.InstallCore) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataRoamingZHPQuarantinevisualbeetb_yh.exe.VIR (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataRoamingZHPQuarantinevisualbeewebext.exe.VIR (PUP.Optional.CrossRider) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreDownloads4shared_Desktop_3.3.5.exe (PUP.Optional.4Shared) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreDownloadsFLVPlayerSetup.exe (PUP.Optional.InstallCore) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreDownloadsiLividSetup-r197-n-bi.exe (PUP.Optional.Vid) -> Mis en quarantaine et supprimé avec succès.
    C:ProgramDataWincertwin32cert.dll (PUP.Optional.Datamngr.A) -> Mis en quarantaine et supprimé avec succès.
    C:ProgramDataWincertwin64cert.dll (PUP.Optional.Datamngr.A) -> Mis en quarantaine et supprimé avec succès.
    C:ProgramDataWincertwin32prop.dll (PUP.Optional.Datamngr.A) -> Mis en quarantaine et supprimé avec succès.
    C:ProgramDataWincertwin64prop.dll (PUP.Optional.Datamngr.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersPierreAppDataLocalTempCT3297966ddt.csf (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.

    (fin)[/spoiler:1dxs7enp]

  • 2011N2
    Participant
    Nombre d'articles : 27

    Re,

    Bien. 🙂

    Comment se comporte le PC ?

    Fais moi un nouveau rapport ZHPDiag.

    Gabriel.

  • Le canard
    Nombre d'articles : 0

    L’ordi va bien mieux, plus de pop up incessants et mon moteur de recherche par défaut est revenu. Reste encore quelques éléments infectés mais globalement il respire enfin 🙂

    [spoiler:29xqf9kj]~ Rapport de ZHPDiag v2013.10.24.63 – Nicolas Coolman (24/10/2013)
    ~ Lancé par Pierre (27/10/2013 16:52:09)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16521
    GCIE: Google Chrome v29.0.1547.76 (Defaut)
    GCIE: Google Chrome Frame v29.0.1547.76 (Defaut)
    OBIE: Safari v5.34.57.2

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : CGKHQ
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v8.0.1497.0
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 10 Plugin
    Adobe Reader X
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3950 MB (50% free)
    System Restore: Activé (Enable)
    System drive C: has 283 GB (62%) free of 455 GB

    —\ Mode de connexion au système
    ~ Computer Name: PIERRE-VAIO
    ~ User Name: Pierre
    ~ All Users Names: Pierre, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersPierreAppDataRoamingZHP
    ~ %AppData% : C:UsersPierreAppDataRoaming
    ~ %Desktop% : C:UsersPierreDesktop
    ~ %Favorites% : C:UsersPierreFavorites
    ~ %LocalAppData% : C:UsersPierreAppDataLocal
    ~ %StartMenu% : C:UsersPierreAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 283 Go of 455 Go)
    D: Floppy drive, Flash card reader, USB Key (Not Inserted)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.69F1D418B4C4EC23033D598E4CBC6B73] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.19/06/2013 – 14:01:18.) — C:WindowsSystem32wininet.dll [2240512]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.1C7857B62DE5994A75B054A9FD4C3825] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:24.) — C:Windowssystem32DriversAFD.sys [498688]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/674
    ~ Mes musiques (My Musics) : 1/491
    ~ Mes Favoris (My Favorites) : 1/53
    ~ Mes Documents (My Documents) : 2/56
    ~ Mon Bureau (My Desktop) : 3/3279
    ~ Menu demarrer (Programs) : 1/22
    ~ Hidden Files: Scanned in 00mn 16s

    —\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2216]
    [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.2348] =>Toolbar.Google
    [MD5.EF4BF6AB09A06867104DAC48DF35E779] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284696] [PID.3924]
    [MD5.6C72E91639AA9D190CDA13D389FE7827] – (.Sony Corporation – Pas de description.) — C:Program Files (x86)SONYISB UtilityISBMgr.exe [320880] [PID.3984]
    [MD5.F81BB17F053CCF309C49107B0B09F2DA] – (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SONYPMBPMBVolumeWatcher.exe [597792] [PID.4092]
    [MD5.F6EA75A95BE7580273F6F4437E58A508] – (.Sony Corporation – Marketing Tools.) — C:Program Files (x86)SONYMarketing ToolsMarketingTools.exe [26624] [PID.3288]
    [MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [4858968] [PID.3840]
    [MD5.E4401CF27225C1D6E664E86195978562] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152544] [PID.3528]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.2684]
    [MD5.569E547273C25B019054A12A40400ECE] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [11318784] [PID.4592]
    [MD5.4B723F33D7331F20E06F3A2FD76EC1D5] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [11312128] [PID.4240]
    [MD5.2859EBC065D2E1CCC94161CE28BAC085] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770560] [PID.5732]
    [MD5.BB4F6465EEB9ACAA5C60C36983740219] – (.Google Inc. – Google Toolbar Broker.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe [310352] [PID.5680] =>Toolbar.Google
    [MD5.5397E32E882C0148CEC13D9EACFB7157] – (.Microsoft Corporation – Internet Low-Mic Utility Tool.) — C:Program Files (x86)Internet ExplorerIELowutil.exe [222208] [PID.5392]
    [MD5.4D96F6F7508BDF46771262EEEA505F98] – (.Sony of America Corporation – VaioCare Window Listener Application.) — C:Program FilesSonyVAIO Carelistener.exe [81016] [PID.7800]
    [MD5.B93FFCF1D42AE4613CDFF7450F7D4199] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8128512] [PID.6128]
    [MD5.9330941C8F6DF417F6DBBE998DB6687E] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [46808] [PID.1280]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1944]
    [MD5.A5299D04ED225D64CF07A568A3E1BF8C] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55184] [PID.688]
    [MD5.5460828F8951D310B42B442877603B8D] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.1592]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.1692]
    [MD5.626A24ED1228580B9518C01930936DF9] – (.Google Inc. – Programme d'installation de Google.) — C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [133104] [PID.1904]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2124]
    [MD5.627FA58ADC043704F9D14CA44340956F] – (.Sony Corporation – Device Information Provider.) — C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe [360224] [PID.2188]
    [MD5.63F6D08C54D5B3C1B12A6172032055C7] – (.ArcSoft, Inc. – MgiSvr.) — C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe [104960] [PID.2364]
    [MD5.6B31C9CB94927DBEEB62E15275F4CC54] – (.Sony Corporation – VAIO Event Service (Service Module).) — C:Program Files (x86)SONYVAIO Event ServiceVESMgr.exe [205168] [PID.2396]
    [MD5.6A740F5FF3246C3BE3DD317299EFC88E] – (.Sony Corporation – VAIO Content Folder Watcher.) — C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe [642416] [PID.2424]
    [MD5.10E212BFB7EAB152A64C1AAEC2F7F4E0] – (.Sony Corporation – VCM Intelligent Analyzing Manager.) — C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [529776] [PID.2468]
    [MD5.7A88CFD3FE99F2C9B95A6E2A08B96E14] – (.Sony Corporation – VCM Intelligent Network Service Manager.) — C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe [386416] [PID.2584]
    [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] – (.Microsoft Corporation – COM Surrogate.) — C:WindowsSysWOW64DllHost.exe [7168] [PID.2648]
    [MD5.D8BEF4AC1EAC809DBDBD441D6CFF6C4C] – (.Sony Corporation – VAIO Entertainment Database Service.) — C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe [206336] [PID.2796]
    [MD5.CC800D2D9FD467542BAC7C186C4774AD] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.2908]
    [MD5.7CD368DFF5D7D4BA9F8F46F31EA8877D] – (.Sony Corporation – VAIO Event Service(Service Sub Module).) — C:Program Files (x86)SONYVAIO Event ServiceVESMgrSub.exe [112488] [PID.2964]
    [MD5.C5A75EB48E2344ABDC162BDA79E16841] – (.Microsoft Corporation – .NET Runtime Optimization Service.) — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [130384] [PID.5128]
    [MD5.9E89C2D6945389270DE067CE51FF7425] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2320920] [PID.5852]
    [MD5.D347D3ABE070AA09C22FC37121555D52] – (.Sony Corporation – VAIOCare.) — C:Program FilesSonyVAIO CareVCService.exe [44736] [PID.4900]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = preserve
    ~ IE Browser: 16 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{FA4C2D53-205F-4245-9717-F3761154824D}SafariIco.exe
    O4 – GSQuickLaunch [Pierre]: Apple Safari.lnk . (…) — C:WindowsInstaller{FA4C2D53-205F-4245-9717-F3761154824D}SafariIco.exe
    O4 – GSQuickLaunch [Pierre]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Pierre]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSProgram [Pierre]: Create Amazing Presentations.lnk – Clé orpheline
    ~ Global Startup: 67 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: Bluetooth.lnk . (…) — C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe (.not file.)
    O4 – GSStartup [Pierre]: OpenOffice.org 3.2.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Apoint] C:Program Files (x86)ApointApoint.exe (.not file.)
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjusched.exe =>.Oracle Corporation
    O4 – HKCU..Run: [RegistryBooster] C:Program Files (x86)UniblueRegistryBoosterlauncher.exe (.not file.)
    O4 – HKCU..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKCU..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    O4 – HKLM..Wow6432NodeRun: [ISBMgr.exe] . (.Sony Corporation – Pas de description.) — C:Program Files (x86)SonyISB UtilityISBMgr.exe
    O4 – HKLM..Wow6432NodeRun: [PMBVolumeWatcher] . (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
    O4 – HKLM..Wow6432NodeRun: [MarketingTools] . (.Sony Corporation – Marketing Tools.) — C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe
    O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [RegistryBooster] C:Program Files (x86)UniblueRegistryBoosterlauncher.exe (.not file.)
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
    O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 [64Bits] – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{6349EAA0-7E30-40DC-9783-08462CE24A99}] (…) — C:UsersPierreDesktopopen office.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{9FC8BC47-EAC3-43CB-89AB-51EAAB3B983C}] (…) — E:autorun.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [Launch Application] (…) — C:Program FilesSONYVAIO Update CommonShellexeProxy.exe (.not file.) [0]
    ~ Scheduled Task: 34 Legitimates Filtered in 00mn 07s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 24/09/2012 – 17:18:28 – [0] —-D C:Program Files (x86)GUM318B.tmp
    O43 – CFD: 22/12/2010 – 16:51:40 – [0] —-D C:Program Files (x86)LimeWire
    O43 – CFD: 03/06/2011 – 10:23:25 – [1,325] —-D C:Program Files (x86)Shareaza
    O43 – CFD: 03/06/2011 – 10:23:21 – [0,092] —-D C:UsersPierreAppDataRoamingShareaza
    O43 – CFD: 31/10/2010 – 11:52:11 – [0] —-D C:UsersPierreAppDataLocalShareaza
    ~ Program Folder: 177 Legitimates Filtered in 01mn 56s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.B71F671FDA63AA287C301951BE78D2E5] – 27/10/2013 – 12:05:40 —A- . (…) — C:WindowsIE10_main.log [151782]
    ~ Files: 17 Legitimates Filtered in 00mn 36s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.7C38A613F20A60468785EDC5F436F0FD] – 27/10/2013 – 11:59:19 —A- – C:WindowsPrefetchAPVFB.EXE-2F577785.pf
    ~ Prefetcher: 120 Legitimates Filtered in 00mn 02s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – bprotect.exe – tasklist.exe
    ~ IFEO: Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{1f2609f7-d0b6-11df-ae8d-0024bec45d8a}AutoRuncommand. (…) — G:AutoRunCardDetector.exe (.not file.)
    O51 – MPSK:{856390f8-e80a-11df-979d-0024bec45d8a}AutoRuncommand. (…) — G:LaunchU3.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] – 30/08/2013 – 08:48:10 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
    ~ Drivers: 16 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 25/10/2013 – 16:56:24 —A- . (…) — C:UsersPierreAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_languages.json.content [1497]
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPQuarantineDatamngr.DIRS-1-5-21-3189626866-2071851707-179816275-1000.cfg [17240] =>PUP.Datamngr
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPQuarantineDatamngr.DIRcoordinator.cfg [792] =>PUP.Datamngr
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPQuarantineDatamngr.DIRgeneral.cfg [2284] =>PUP.Datamngr
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPZHPDiag.txt [50967] =>.Nicolas Coolman
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPZHPExportRegistry-26-10-2013-00-26-40.txt [797768] =>.Nicolas Coolman
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPZHPFixQuarantine.txt [5748] =>.Nicolas Coolman
    O61 – LFC: 25/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPZHPFix[R1].txt [8291] =>.Nicolas Coolman
    O61 – LFC: 25/10/2013 – 17:01:17 —A- . (…) — C:UsersPierreDownloadsadwcleaner.exe [1060070]
    O61 – LFC: 26/10/2013 – 16:56:24 —A- . (…) — C:UsersPierreAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_element.js.content [2381]
    O61 – LFC: 27/10/2013 – 17:01:07 —A- . (…) — C:UsersPierreAppDataRoamingGoogleLocal Search Historygoogle%2Eweb.w [63744]
    O61 – LFC: 27/10/2013 – 17:01:12 —A- . (…) — C:UsersPierreAppDataRoamingZHPLog.txt [41060] =>.Nicolas Coolman
    O61 – LFC: 27/10/2013 – 17:01:15 —A- . (…) — C:UsersPierreAppDataRoamingZHPTestsZHPDiag.txt [2884] =>.Nicolas Coolman
    ~ 5 Fichiers temporaires (Temporary files)
    ~ Files: 44 Legitimates Filtered in 05mn 33s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program Files (x86)SafariSafari.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.7ABE2BE30B5AFFBE8BD09B9EEF5C6961] [SPRF][14/06/2011] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.538719FC10378FF4E835008B37AD2CBB] [SPRF][08/10/2010] (.Lime Wire LLC – The Fastest File Sharing Program on Earth.) — C:UsersPierreAppDataLocalTempLimeWireWin.exe [29470991]
    [MD5.107DD417BE37F067AF3139976CD93C9B] [SPRF][07/12/2011] (…) — C:UsersPierreAppDataLocalTempSetup.exe [398635]
    [MD5.3C93AE560417C3963D1FDDD843BD4ED3] [SPRF][28/09/2013] (…) — C:UsersPierreAppDataRoamingwklnhst.dat [4568]
    ~ Files: 35 Legitimates Filtered in 00mn 06s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{D0C6E0CB-51C2-4123-B145-A73FF75A6377}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)LimeWireLimeWire.exe (.not file.)
    O87 – FAEL: “{EF924709-C5C6-4A08-95A0-15290A6C1BC1}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)LimeWireLimeWire.exe (.not file.)
    O87 – FAEL: “TCP Query User{040A471F-57D0-43FE-82AD-0A40A99C7CEB}C:program files (x86)limewirelimewire.exe” |In – Public – P6 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
    O87 – FAEL: “UDP Query User{4079E5A7-34E2-45E9-A5A9-6E8CD72CF1C7}C:program files (x86)limewirelimewire.exe” |In – Public – P17 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
    O87 – FAEL: “TCP Query User{54BB10C3-4D9C-44D9-89C7-F748F2627352}C:program files (x86)shareazashareaza.exe” |In – Public – P6 – TRUE | .(…) — C:program files (x86)shareazashareaza.exe (.not file.)
    O87 – FAEL: “UDP Query User{CCC5C5FC-A21C-4138-B14B-CB4FE6B3FA46}C:program files (x86)shareazashareaza.exe” |In – Public – P17 – TRUE | .(…) — C:program files (x86)shareazashareaza.exe (.not file.)
    ~ Firewall: 240 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “6CCF58E6290D45A488938282D471A25D” . (.SphinxIQ.) — C:WindowsInstaller{6E85FCC6-D092-4A54-8839-28284D172AD5}ARPPRODUCTICON.exe
    ~ Update Products: 160 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.98D4C22A5A8CCD54CDBA9365F8BC3EF9] [WIS][24/04/2013] (.Le Sphinx Développement – Sphinx iQ.) — C:WindowsInstaller1cd57c.msi [107120640]
    ~ WIS: 161 Legitimates Filtered in 00mn 45s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 06/02/2009 109056 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
    SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 08/10/2010 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 04/09/2009 873248 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
    SS – | Auto 11/02/2010 133104 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/02/2010 133104 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 03/09/2012 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Auto 21/11/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Demand 12/12/2012 641504 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 14/12/2009 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
    SR – | Auto 24/10/2009 360224 | (PMBDeviceInfoProvider) . (.Sony Corporation.) – C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe
    SS – | Demand 31/08/2009 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUPnPRenderer10.exe
    SS – | Auto 31/08/2009 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUpnpService10.exe
    SR – | Auto 29/01/2011 259192 | (SampleCollector) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCPerfService.exe
    SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 15/10/2009 120104 | (SOHCImp) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
    SS – | Demand 15/10/2009 70952 | (SOHDBSvr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe
    SS – | Demand 15/10/2009 427304 | (SOHDms) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
    SS – | Demand 15/10/2009 75048 | (SOHDs) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
    SS – | Demand 15/10/2009 91432 | (SOHPlMgr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe
    SR – | Auto 18/09/2008 104960 | (uCamMonitor) . (.ArcSoft, Inc..) – C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
    SR – | Auto 14/12/2009 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SS – | Demand 14/09/2009 69632 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzHardwareResourceManagerVzHardwareResourceManagerVzHardwareResourceManager.exe
    SR – | Auto 28/05/2010 205168 | (VAIO Event Service) . (.Sony Corporation.) – C:Program Files (x86)SONYVAIO Event ServiceVESMgr.exe
    SR – | Demand 30/11/2009 571248 | (VAIO Power Management) . (.Sony Corporation.) – C:Program FilesSonyVAIO Power ManagementSPMService.exe
    SR – | Auto 14/09/2009 642416 | (VCFw) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
    SR – | Auto 19/02/2010 529776 | (VcmIAlzMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
    SR – | Auto 19/02/2010 386416 | (VcmINSMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe
    SS – | Demand 19/02/2010 115568 | (VcmXmlIfHelper) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe
    SR – | Demand 14/02/2011 44736 | (VCService) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCService.exe
    SR – | Auto 11/08/2010 845312 | (VSNService) . (.Sony Corporation.) – C:Program FilesSonyVAIO Smart NetworkVSNService.exe
    SR – | Demand 26/10/2012 1286784 | (VUAgent) . (.Sony Corporation.) – C:Program FilesSonyVAIO UpdateVUAgent.exe
    SR – | Auto 14/09/2009 206336 | (VzCdbSvc) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 49s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Pierre at 27/10/2013 17:03:00
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Pierre at 27/10/2013 17:03:02

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 12960 – (24/10/2013)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 2

    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
    C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google^
    C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe =>Toolbar.Google^
    ~ Additionnel Scan: 400252 Items scanned in 01mn 02s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    ~ MSI: 2 link(s) detected in 01mn 02s

    ~ 1336 Legitimates filtered by white list
    End of the scan (497 lines in 11mn 56s)(0)[/spoiler:29xqf9kj]

    encore merci 🙂

  • 2011N2
    Participant
    Nombre d'articles : 27

    Bonjour,

    Désolé, je ne crois pas avoir été notifié de ta réponse par mail ou alors je suis passé à côté…

    Une dernière chose à virer puis on finaliser :

    Script ZHPFix
    O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe

    Encore pardon pour l’attente.

    Gabriel.

Le sujet ‘ordi infesté’ est fermé à de nouvelles réponses.